]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qmp-event: Avoid qobject_from_jsonf("%"PRId64)
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
20bccb82
PM		 96#ifdef TARGET_PAGE_BITS_VARY
97int target_page_bits;
98bool target_page_bits_decided;
99#endif
100
bdc44640 101struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 102/* current CPU in the current thread. It is only valid inside
103 cpu_exec() */
f240eb6f 104__thread CPUState *current_cpu;
2e70f6ef 105/* 0 = Do not count executed instructions.
bf20dc07 106 1 = Precise instruction counting.
2e70f6ef 107 2 = Adaptive rate instruction counting. */
5708fc66 108int use_icount;
6a00d601 109
20bccb82
PM		 110bool set_preferred_target_page_bits(int bits)
111{
112 /* The target page size is the lowest common denominator for all
113 * the CPUs in the system, so we can only make it smaller, never
114 * larger. And we can't make it smaller once we've committed to
115 * a particular size.
116 */
117#ifdef TARGET_PAGE_BITS_VARY
118 assert(bits >= TARGET_PAGE_BITS_MIN);
119 if (target_page_bits == 0 || target_page_bits > bits) {
120 if (target_page_bits_decided) {
121 return false;
122 }
123 target_page_bits = bits;
124 }
125#endif
126 return true;
127}
128
e2eef170 129#if !defined(CONFIG_USER_ONLY)
4346ae3e 130
20bccb82
PM		 131static void finalize_target_page_bits(void)
132{
133#ifdef TARGET_PAGE_BITS_VARY
134 if (target_page_bits == 0) {
135 target_page_bits = TARGET_PAGE_BITS_MIN;
136 }
137 target_page_bits_decided = true;
138#endif
139}
140
1db8abb1
PB		 141typedef struct PhysPageEntry PhysPageEntry;
142
143struct PhysPageEntry {
9736e55b 144 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 145 uint32_t skip : 6;
9736e55b 146 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 147 uint32_t ptr : 26;
1db8abb1
PB		 148};
149
8b795765
MT		 150#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
151
03f49957 152/* Size of the L2 (and L3, etc) page tables. */
57271d63 153#define ADDR_SPACE_BITS 64
03f49957 154
026736ce 155#define P_L2_BITS 9
03f49957
PB		 156#define P_L2_SIZE (1 << P_L2_BITS)
157
158#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
159
160typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 161
53cb28cb 162typedef struct PhysPageMap {
79e2b9ae
PB		 163 struct rcu_head rcu;
164
53cb28cb
MA		 165 unsigned sections_nb;
166 unsigned sections_nb_alloc;
167 unsigned nodes_nb;
168 unsigned nodes_nb_alloc;
169 Node *nodes;
170 MemoryRegionSection *sections;
171} PhysPageMap;
172
1db8abb1 173struct AddressSpaceDispatch {
79e2b9ae
PB		 174 struct rcu_head rcu;
175
729633c2 176 MemoryRegionSection *mru_section;
1db8abb1
PB		 177 /* This is a multi-level map on the physical address space.
178 * The bottom level has pointers to MemoryRegionSections.
179 */
180 PhysPageEntry phys_map;
53cb28cb 181 PhysPageMap map;
acc9d80b 182 AddressSpace *as;
1db8abb1
PB		 183};
184
90260c6c
JK		 185#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
186typedef struct subpage_t {
187 MemoryRegion iomem;
acc9d80b 188 AddressSpace *as;
90260c6c 189 hwaddr base;
2615fabd 190 uint16_t sub_section[];
90260c6c
JK		 191} subpage_t;
192
b41aac4f
LPF		 193#define PHYS_SECTION_UNASSIGNED 0
194#define PHYS_SECTION_NOTDIRTY 1
195#define PHYS_SECTION_ROM 2
196#define PHYS_SECTION_WATCH 3
5312bd8b 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
09daed84 200static void tcg_commit(MemoryListener *listener);
e2eef170 201
1ec9b909 202static MemoryRegion io_mem_watch;
32857f4d
PM		 203
204/**
205 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
206 * @cpu: the CPU whose AddressSpace this is
207 * @as: the AddressSpace itself
208 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
209 * @tcg_as_listener: listener for tracking changes to the AddressSpace
210 */
211struct CPUAddressSpace {
212 CPUState *cpu;
213 AddressSpace *as;
214 struct AddressSpaceDispatch *memory_dispatch;
215 MemoryListener tcg_as_listener;
216};
217
6658ffb8 218#endif
fd6ce8f6 219
6d9a1304 220#if !defined(CONFIG_USER_ONLY)
d6f2ea22 221
53cb28cb 222static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 223{
101420b8 224 static unsigned alloc_hint = 16;
53cb28cb 225 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 226 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 227 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
228 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 229 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 230 }
f7bf5461
AK		 231}
232
db94604b 233static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 234{
235 unsigned i;
8b795765 236 uint32_t ret;
db94604b
PB		 237 PhysPageEntry e;
238 PhysPageEntry *p;
f7bf5461 239
53cb28cb 240 ret = map->nodes_nb++;
db94604b 241 p = map->nodes[ret];
f7bf5461 242 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 243 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 244
245 e.skip = leaf ? 0 : 1;
246 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 247 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 248 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 249 }
f7bf5461 250 return ret;
d6f2ea22
AK		 251}
252
53cb28cb
MA		 253static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
254 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 255 int level)
f7bf5461
AK		 256{
257 PhysPageEntry *p;
03f49957 258 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 259
9736e55b 260 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 261 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 262 }
db94604b 263 p = map->nodes[lp->ptr];
03f49957 264 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 265
03f49957 266 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 267 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 268 lp->skip = 0;
c19e8800 269 lp->ptr = leaf;
07f07b31
AK		 270 *index += step;
271 *nb -= step;
2999097b 272 } else {
53cb28cb 273 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 274 }
275 ++lp;
f7bf5461
AK		 276 }
277}
278
ac1970fb 279static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 280 hwaddr index, hwaddr nb,
2999097b 281 uint16_t leaf)
f7bf5461 282{
2999097b 283 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 284 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 285
53cb28cb 286 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 287}
288
b35ba30f
MT		 289/* Compact a non leaf page entry. Simply detect that the entry has a single child,
290 * and update our entry so we can skip it and go directly to the destination.
291 */
efee678d 292static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 293{
294 unsigned valid_ptr = P_L2_SIZE;
295 int valid = 0;
296 PhysPageEntry *p;
297 int i;
298
299 if (lp->ptr == PHYS_MAP_NODE_NIL) {
300 return;
301 }
302
303 p = nodes[lp->ptr];
304 for (i = 0; i < P_L2_SIZE; i++) {
305 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
306 continue;
307 }
308
309 valid_ptr = i;
310 valid++;
311 if (p[i].skip) {
efee678d 312 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 313 }
314 }
315
316 /* We can only compress if there's only one child. */
317 if (valid != 1) {
318 return;
319 }
320
321 assert(valid_ptr < P_L2_SIZE);
322
323 /* Don't compress if it won't fit in the # of bits we have. */
324 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
325 return;
326 }
327
328 lp->ptr = p[valid_ptr].ptr;
329 if (!p[valid_ptr].skip) {
330 /* If our only child is a leaf, make this a leaf. */
331 /* By design, we should have made this node a leaf to begin with so we
332 * should never reach here.
333 * But since it's so simple to handle this, let's do it just in case we
334 * change this rule.
335 */
336 lp->skip = 0;
337 } else {
338 lp->skip += p[valid_ptr].skip;
339 }
340}
341
342static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
343{
b35ba30f 344 if (d->phys_map.skip) {
efee678d 345 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 346 }
347}
348
29cb533d
FZ		 349static inline bool section_covers_addr(const MemoryRegionSection *section,
350 hwaddr addr)
351{
352 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
353 * the section must cover the entire address space.
354 */
258dfaaa 355 return int128_gethi(section->size) ||
29cb533d 356 range_covers_byte(section->offset_within_address_space,
258dfaaa 357 int128_getlo(section->size), addr);
29cb533d
FZ		 358}
359
97115a8d 360static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 361 Node *nodes, MemoryRegionSection *sections)
92e873b9 362{
31ab2b4a 363 PhysPageEntry *p;
97115a8d 364 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 365 int i;
f1f6e3b8 366
9736e55b 367 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 368 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 369 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 370 }
9affd6fc 371 p = nodes[lp.ptr];
03f49957 372 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 373 }
b35ba30f 374
29cb533d 375 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 376 return &sections[lp.ptr];
377 } else {
378 return &sections[PHYS_SECTION_UNASSIGNED];
379 }
f3705d53
AK		 380}
381
e5548617
BS		 382bool memory_region_is_unassigned(MemoryRegion *mr)
383{
2a8e7499 384 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 385 && mr != &io_mem_watch;
fd6ce8f6 386}
149f54b5 387
79e2b9ae 388/* Called from RCU critical section */
c7086b4a 389static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 390 hwaddr addr,
391 bool resolve_subpage)
9f029603 392{
729633c2 393 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 394 subpage_t *subpage;
729633c2 395 bool update;
90260c6c 396
729633c2
FZ		 397 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
398 section_covers_addr(section, addr)) {
399 update = false;
400 } else {
401 section = phys_page_find(d->phys_map, addr, d->map.nodes,
402 d->map.sections);
403 update = true;
404 }
90260c6c
JK		 405 if (resolve_subpage && section->mr->subpage) {
406 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 407 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 408 }
729633c2
FZ		 409 if (update) {
410 atomic_set(&d->mru_section, section);
411 }
90260c6c 412 return section;
9f029603
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416static MemoryRegionSection *
c7086b4a 417address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 418 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 419{
420 MemoryRegionSection *section;
965eb2fc 421 MemoryRegion *mr;
a87f3954 422 Int128 diff;
149f54b5 423
c7086b4a 424 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 425 /* Compute offset within MemoryRegionSection */
426 addr -= section->offset_within_address_space;
427
428 /* Compute offset within MemoryRegion */
429 *xlat = addr + section->offset_within_region;
430
965eb2fc 431 mr = section->mr;
b242e0e0
PB		 432
433 /* MMIO registers can be expected to perform full-width accesses based only
434 * on their address, without considering adjacent registers that could
435 * decode to completely different MemoryRegions. When such registers
436 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
437 * regions overlap wildly. For this reason we cannot clamp the accesses
438 * here.
439 *
440 * If the length is small (as is the case for address_space_ldl/stl),
441 * everything works fine. If the incoming length is large, however,
442 * the caller really has to do the clamping through memory_access_size.
443 */
965eb2fc 444 if (memory_region_is_ram(mr)) {
e4a511f8 445 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 446 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
447 }
149f54b5
PB		 448 return section;
449}
90260c6c 450
41063e1e 451/* Called from RCU critical section */
5c8a00ce
PB		 452MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
453 hwaddr *xlat, hwaddr *plen,
454 bool is_write)
90260c6c 455{
30951157
AK		 456 IOMMUTLBEntry iotlb;
457 MemoryRegionSection *section;
458 MemoryRegion *mr;
30951157
AK		 459
460 for (;;) {
79e2b9ae
PB		 461 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
462 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 463 mr = section->mr;
464
465 if (!mr->iommu_ops) {
466 break;
467 }
468
8d7b8cb9 469 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 470 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
471 | (addr & iotlb.addr_mask));
23820dbf 472 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 473 if (!(iotlb.perm & (1 << is_write))) {
474 mr = &io_mem_unassigned;
475 break;
476 }
477
478 as = iotlb.target_as;
479 }
480
fe680d0d 481 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 482 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 483 *plen = MIN(page, *plen);
a87f3954
PB		 484 }
485
30951157
AK		 486 *xlat = addr;
487 return mr;
90260c6c
JK		 488}
489
79e2b9ae 490/* Called from RCU critical section */
90260c6c 491MemoryRegionSection *
d7898cda 492address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 493 hwaddr *xlat, hwaddr *plen)
90260c6c 494{
30951157 495 MemoryRegionSection *section;
f35e44e7 496 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
d7898cda
PM		 497
498 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 499
500 assert(!section->mr->iommu_ops);
501 return section;
90260c6c 502}
5b6dd868 503#endif
fd6ce8f6 504
b170fce3 505#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 506
507static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 508{
259186a7 509 CPUState *cpu = opaque;
a513fe19 510
5b6dd868
BS		 511 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
512 version_id is increased. */
259186a7 513 cpu->interrupt_request &= ~0x01;
c01a71c1 514 tlb_flush(cpu, 1);
5b6dd868
BS		 515
516 return 0;
a513fe19 517}
7501267e 518
6c3bff0e
PD		 519static int cpu_common_pre_load(void *opaque)
520{
521 CPUState *cpu = opaque;
522
adee6424 523 cpu->exception_index = -1;
6c3bff0e
PD		 524
525 return 0;
526}
527
528static bool cpu_common_exception_index_needed(void *opaque)
529{
530 CPUState *cpu = opaque;
531
adee6424 532 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 533}
534
535static const VMStateDescription vmstate_cpu_common_exception_index = {
536 .name = "cpu_common/exception_index",
537 .version_id = 1,
538 .minimum_version_id = 1,
5cd8cada 539 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 540 .fields = (VMStateField[]) {
541 VMSTATE_INT32(exception_index, CPUState),
542 VMSTATE_END_OF_LIST()
543 }
544};
545
bac05aa9
AS		 546static bool cpu_common_crash_occurred_needed(void *opaque)
547{
548 CPUState *cpu = opaque;
549
550 return cpu->crash_occurred;
551}
552
553static const VMStateDescription vmstate_cpu_common_crash_occurred = {
554 .name = "cpu_common/crash_occurred",
555 .version_id = 1,
556 .minimum_version_id = 1,
557 .needed = cpu_common_crash_occurred_needed,
558 .fields = (VMStateField[]) {
559 VMSTATE_BOOL(crash_occurred, CPUState),
560 VMSTATE_END_OF_LIST()
561 }
562};
563
1a1562f5 564const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 565 .name = "cpu_common",
566 .version_id = 1,
567 .minimum_version_id = 1,
6c3bff0e 568 .pre_load = cpu_common_pre_load,
5b6dd868 569 .post_load = cpu_common_post_load,
35d08458 570 .fields = (VMStateField[]) {
259186a7
AF		 571 VMSTATE_UINT32(halted, CPUState),
572 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 573 VMSTATE_END_OF_LIST()
6c3bff0e 574 },
5cd8cada
JQ		 575 .subsections = (const VMStateDescription*[]) {
576 &vmstate_cpu_common_exception_index,
bac05aa9 577 &vmstate_cpu_common_crash_occurred,
5cd8cada 578 NULL
5b6dd868
BS		 579 }
580};
1a1562f5 581
5b6dd868 582#endif
ea041c0e 583
38d8f5c8 584CPUState *qemu_get_cpu(int index)
ea041c0e 585{
bdc44640 586 CPUState *cpu;
ea041c0e 587
bdc44640 588 CPU_FOREACH(cpu) {
55e5c285 589 if (cpu->cpu_index == index) {
bdc44640 590 return cpu;
55e5c285 591 }
ea041c0e 592 }
5b6dd868 593
bdc44640 594 return NULL;
ea041c0e
FB		 595}
596
09daed84 597#if !defined(CONFIG_USER_ONLY)
56943e8c 598void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 599{
12ebc9a7
PM		 600 CPUAddressSpace *newas;
601
602 /* Target code should have set num_ases before calling us */
603 assert(asidx < cpu->num_ases);
604
56943e8c
PM		 605 if (asidx == 0) {
606 /* address space 0 gets the convenience alias */
607 cpu->as = as;
608 }
609
12ebc9a7
PM		 610 /* KVM cannot currently support multiple address spaces. */
611 assert(asidx == 0 || !kvm_enabled());
09daed84 612
12ebc9a7
PM		 613 if (!cpu->cpu_ases) {
614 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 615 }
32857f4d 616
12ebc9a7
PM		 617 newas = &cpu->cpu_ases[asidx];
618 newas->cpu = cpu;
619 newas->as = as;
56943e8c 620 if (tcg_enabled()) {
12ebc9a7
PM		 621 newas->tcg_as_listener.commit = tcg_commit;
622 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 623 }
09daed84 624}
651a5bc0
PM		 625
626AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
627{
628 /* Return the AddressSpace corresponding to the specified index */
629 return cpu->cpu_ases[asidx].as;
630}
09daed84
EI		 631#endif
632
7bbc124e 633void cpu_exec_unrealizefn(CPUState *cpu)
1c59eb39 634{
9dfeca7c
BR		 635 CPUClass *cc = CPU_GET_CLASS(cpu);
636
267f685b 637 cpu_list_remove(cpu);
9dfeca7c
BR		 638
639 if (cc->vmsd != NULL) {
640 vmstate_unregister(NULL, cc->vmsd, cpu);
641 }
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
644 }
1c59eb39
BR		 645}
646
39e329e3 647void cpu_exec_initfn(CPUState *cpu)
ea041c0e 648{
56943e8c 649 cpu->as = NULL;
12ebc9a7 650 cpu->num_ases = 0;
56943e8c 651
291135b5 652#ifndef CONFIG_USER_ONLY
291135b5 653 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 654
655 /* This is a softmmu CPU object, so create a property for it
656 * so users can wire up its memory. (This can't go in qom/cpu.c
657 * because that file is compiled only once for both user-mode
658 * and system builds.) The default if no link is set up is to use
659 * the system address space.
660 */
661 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
662 (Object **)&cpu->memory,
663 qdev_prop_allow_set_link_before_realize,
664 OBJ_PROP_LINK_UNREF_ON_RELEASE,
665 &error_abort);
666 cpu->memory = system_memory;
667 object_ref(OBJECT(cpu->memory));
291135b5 668#endif
39e329e3
LV		 669}
670
ce5b1bbf 671void cpu_exec_realizefn(CPUState *cpu, Error **errp)
39e329e3
LV		 672{
673 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
291135b5 674
267f685b 675 cpu_list_add(cpu);
1bc7e522
IM		 676
677#ifndef CONFIG_USER_ONLY
e0d47944 678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 680 }
b170fce3 681 if (cc->vmsd != NULL) {
741da0d3 682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 683 }
741da0d3 684#endif
ea041c0e
FB		 685}
686
94df27fd 687#if defined(CONFIG_USER_ONLY)
00b941e5 688static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd 689{
ba051fb5
AB		 690 mmap_lock();
691 tb_lock();
94df27fd 692 tb_invalidate_phys_page_range(pc, pc + 1, 0);
ba051fb5
AB		 693 tb_unlock();
694 mmap_unlock();
94df27fd
PB		 695}
696#else
00b941e5 697static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 698{
5232e4c7
PM		 699 MemTxAttrs attrs;
700 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
701 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 702 if (phys != -1) {
ba051fb5 703 /* Locks grabbed by tb_invalidate_phys_addr */
5232e4c7 704 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 705 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 706 }
1e7855a5 707}
c27004ec 708#endif
d720b93d 709
c527ee8f 710#if defined(CONFIG_USER_ONLY)
75a34036 711void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 712
713{
714}
715
3ee887e8
PM		 716int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
717 int flags)
718{
719 return -ENOSYS;
720}
721
722void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
723{
724}
725
75a34036 726int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 727 int flags, CPUWatchpoint **watchpoint)
728{
729 return -ENOSYS;
730}
731#else
6658ffb8 732/* Add a watchpoint. */
75a34036 733int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 734 int flags, CPUWatchpoint **watchpoint)
6658ffb8 735{
c0ce998e 736 CPUWatchpoint *wp;
6658ffb8 737
05068c0d 738 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 739 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 740 error_report("tried to set invalid watchpoint at %"
741 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 742 return -EINVAL;
743 }
7267c094 744 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 745
746 wp->vaddr = addr;
05068c0d 747 wp->len = len;
a1d1bb31
AL		 748 wp->flags = flags;
749
2dc9f411 750 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 751 if (flags & BP_GDB) {
752 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
753 } else {
754 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
755 }
6658ffb8 756
31b030d4 757 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 758
759 if (watchpoint)
760 *watchpoint = wp;
761 return 0;
6658ffb8
PB		 762}
763
a1d1bb31 764/* Remove a specific watchpoint. */
75a34036 765int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 766 int flags)
6658ffb8 767{
a1d1bb31 768 CPUWatchpoint *wp;
6658ffb8 769
ff4700b0 770 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 771 if (addr == wp->vaddr && len == wp->len
6e140f28 772 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 773 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 774 return 0;
775 }
776 }
a1d1bb31 777 return -ENOENT;
6658ffb8
PB		 778}
779
a1d1bb31 780/* Remove a specific watchpoint by reference. */
75a34036 781void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 782{
ff4700b0 783 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 784
31b030d4 785 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 786
7267c094 787 g_free(watchpoint);
a1d1bb31
AL		 788}
789
790/* Remove all matching watchpoints. */
75a34036 791void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 792{
c0ce998e 793 CPUWatchpoint *wp, *next;
a1d1bb31 794
ff4700b0 795 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 796 if (wp->flags & mask) {
797 cpu_watchpoint_remove_by_ref(cpu, wp);
798 }
c0ce998e 799 }
7d03f82f 800}
05068c0d
PM		 801
802/* Return true if this watchpoint address matches the specified
803 * access (ie the address range covered by the watchpoint overlaps
804 * partially or completely with the address range covered by the
805 * access).
806 */
807static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
808 vaddr addr,
809 vaddr len)
810{
811 /* We know the lengths are non-zero, but a little caution is
812 * required to avoid errors in the case where the range ends
813 * exactly at the top of the address space and so addr + len
814 * wraps round to zero.
815 */
816 vaddr wpend = wp->vaddr + wp->len - 1;
817 vaddr addrend = addr + len - 1;
818
819 return !(addr > wpend || wp->vaddr > addrend);
820}
821
c527ee8f 822#endif
7d03f82f 823
a1d1bb31 824/* Add a breakpoint. */
b3310ab3 825int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 826 CPUBreakpoint **breakpoint)
4c3a88a2 827{
c0ce998e 828 CPUBreakpoint *bp;
3b46e624 829
7267c094 830 bp = g_malloc(sizeof(*bp));
4c3a88a2 831
a1d1bb31
AL		 832 bp->pc = pc;
833 bp->flags = flags;
834
2dc9f411 835 /* keep all GDB-injected breakpoints in front */
00b941e5 836 if (flags & BP_GDB) {
f0c3c505 837 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 838 } else {
f0c3c505 839 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 840 }
3b46e624 841
f0c3c505 842 breakpoint_invalidate(cpu, pc);
a1d1bb31 843
00b941e5 844 if (breakpoint) {
a1d1bb31 845 *breakpoint = bp;
00b941e5 846 }
4c3a88a2 847 return 0;
4c3a88a2
FB		 848}
849
a1d1bb31 850/* Remove a specific breakpoint. */
b3310ab3 851int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 852{
a1d1bb31
AL		 853 CPUBreakpoint *bp;
854
f0c3c505 855 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 856 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 857 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 858 return 0;
859 }
7d03f82f 860 }
a1d1bb31 861 return -ENOENT;
7d03f82f
EI		 862}
863
a1d1bb31 864/* Remove a specific breakpoint by reference. */
b3310ab3 865void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 866{
f0c3c505
AF		 867 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
868
869 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 870
7267c094 871 g_free(breakpoint);
a1d1bb31
AL		 872}
873
874/* Remove all matching breakpoints. */
b3310ab3 875void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 876{
c0ce998e 877 CPUBreakpoint *bp, *next;
a1d1bb31 878
f0c3c505 879 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 880 if (bp->flags & mask) {
881 cpu_breakpoint_remove_by_ref(cpu, bp);
882 }
c0ce998e 883 }
4c3a88a2
FB		 884}
885
c33a346e
FB		 886/* enable or disable single step mode. EXCP_DEBUG is returned by the
887 CPU loop after each instruction */
3825b28f 888void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 889{
ed2803da
AF		 890 if (cpu->singlestep_enabled != enabled) {
891 cpu->singlestep_enabled = enabled;
892 if (kvm_enabled()) {
38e478ec 893 kvm_update_guest_debug(cpu, 0);
ed2803da 894 } else {
ccbb4d44 895 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 896 /* XXX: only flush what is necessary */
bbd77c18 897 tb_flush(cpu);
e22a25c9 898 }
c33a346e 899 }
c33a346e
FB		 900}
901
a47dddd7 902void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 903{
904 va_list ap;
493ae1f0 905 va_list ap2;
7501267e
FB		 906
907 va_start(ap, fmt);
493ae1f0 908 va_copy(ap2, ap);
7501267e
FB		 909 fprintf(stderr, "qemu: fatal: ");
910 vfprintf(stderr, fmt, ap);
911 fprintf(stderr, "\n");
878096ee 912 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 913 if (qemu_log_separate()) {
1ee73216 914 qemu_log_lock();
93fcfe39
AL		 915 qemu_log("qemu: fatal: ");
916 qemu_log_vprintf(fmt, ap2);
917 qemu_log("\n");
a0762859 918 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 919 qemu_log_flush();
1ee73216 920 qemu_log_unlock();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617 1048 /* Normal RAM. */
e4e69794 1049 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1050 if (!section->readonly) {
b41aac4f 1051 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1052 } else {
b41aac4f 1053 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1054 }
1055 } else {
0b8e2c10
PM		 1056 AddressSpaceDispatch *d;
1057
1058 d = atomic_rcu_read(&section->address_space->dispatch);
1059 iotlb = section - d->map.sections;
149f54b5 1060 iotlb += xlat;
e5548617
BS		 1061 }
1062
1063 /* Make accesses to pages with watchpoints go via the
1064 watchpoint trap routines. */
ff4700b0 1065 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1066 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1067 /* Avoid trapping reads of pages with a write breakpoint. */
1068 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1069 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1070 *address |= TLB_MMIO;
1071 break;
1072 }
1073 }
1074 }
1075
1076 return iotlb;
1077}
9fa3e853
FB		 1078#endif /* defined(CONFIG_USER_ONLY) */
1079
e2eef170 1080#if !defined(CONFIG_USER_ONLY)
8da3ff18 1081
c227f099 1082static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1083 uint16_t section);
acc9d80b 1084static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1085
a2b257d6
IM		 1086static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1087 qemu_anon_ram_alloc;
91138037
MA		 1088
1089/*
1090 * Set a custom physical guest memory alloator.
1091 * Accelerators with unusual needs may need this. Hopefully, we can
1092 * get rid of it eventually.
1093 */
a2b257d6 1094void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1095{
1096 phys_mem_alloc = alloc;
1097}
1098
53cb28cb
MA		 1099static uint16_t phys_section_add(PhysPageMap *map,
1100 MemoryRegionSection *section)
5312bd8b 1101{
68f3f65b
PB		 1102 /* The physical section number is ORed with a page-aligned
1103 * pointer to produce the iotlb entries. Thus it should
1104 * never overflow into the page-aligned value.
1105 */
53cb28cb 1106 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1107
53cb28cb
MA		 1108 if (map->sections_nb == map->sections_nb_alloc) {
1109 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1110 map->sections = g_renew(MemoryRegionSection, map->sections,
1111 map->sections_nb_alloc);
5312bd8b 1112 }
53cb28cb 1113 map->sections[map->sections_nb] = *section;
dfde4e6e 1114 memory_region_ref(section->mr);
53cb28cb 1115 return map->sections_nb++;
5312bd8b
AK		 1116}
1117
058bc4b5
PB		 1118static void phys_section_destroy(MemoryRegion *mr)
1119{
55b4e80b
DS		 1120 bool have_sub_page = mr->subpage;
1121
dfde4e6e
PB		 1122 memory_region_unref(mr);
1123
55b4e80b 1124 if (have_sub_page) {
058bc4b5 1125 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1126 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1127 g_free(subpage);
1128 }
1129}
1130
6092666e 1131static void phys_sections_free(PhysPageMap *map)
5312bd8b 1132{
9affd6fc
PB		 1133 while (map->sections_nb > 0) {
1134 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1135 phys_section_destroy(section->mr);
1136 }
9affd6fc
PB		 1137 g_free(map->sections);
1138 g_free(map->nodes);
5312bd8b
AK		 1139}
1140
ac1970fb 1141static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1142{
1143 subpage_t *subpage;
a8170e5e 1144 hwaddr base = section->offset_within_address_space
0f0cb164 1145 & TARGET_PAGE_MASK;
97115a8d 1146 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1147 d->map.nodes, d->map.sections);
0f0cb164
AK		 1148 MemoryRegionSection subsection = {
1149 .offset_within_address_space = base,
052e87b0 1150 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1151 };
a8170e5e 1152 hwaddr start, end;
0f0cb164 1153
f3705d53 1154 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1155
f3705d53 1156 if (!(existing->mr->subpage)) {
acc9d80b 1157 subpage = subpage_init(d->as, base);
3be91e86 1158 subsection.address_space = d->as;
0f0cb164 1159 subsection.mr = &subpage->iomem;
ac1970fb 1160 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1161 phys_section_add(&d->map, &subsection));
0f0cb164 1162 } else {
f3705d53 1163 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1164 }
1165 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1166 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1167 subpage_register(subpage, start, end,
1168 phys_section_add(&d->map, section));
0f0cb164
AK		 1169}
1170
1171
052e87b0
PB		 1172static void register_multipage(AddressSpaceDispatch *d,
1173 MemoryRegionSection *section)
33417e70 1174{
a8170e5e 1175 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1176 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1177 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1178 TARGET_PAGE_BITS));
dd81124b 1179
733d5ef5
PB		 1180 assert(num_pages);
1181 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1182}
1183
ac1970fb 1184static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1185{
89ae337a 1186 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1187 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1188 MemoryRegionSection now = *section, remain = *section;
052e87b0 1189 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1190
733d5ef5
PB		 1191 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1192 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1193 - now.offset_within_address_space;
1194
052e87b0 1195 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1196 register_subpage(d, &now);
733d5ef5 1197 } else {
052e87b0 1198 now.size = int128_zero();
733d5ef5 1199 }
052e87b0
PB		 1200 while (int128_ne(remain.size, now.size)) {
1201 remain.size = int128_sub(remain.size, now.size);
1202 remain.offset_within_address_space += int128_get64(now.size);
1203 remain.offset_within_region += int128_get64(now.size);
69b67646 1204 now = remain;
052e87b0 1205 if (int128_lt(remain.size, page_size)) {
733d5ef5 1206 register_subpage(d, &now);
88266249 1207 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1208 now.size = page_size;
ac1970fb 1209 register_subpage(d, &now);
69b67646 1210 } else {
052e87b0 1211 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1212 register_multipage(d, &now);
69b67646 1213 }
0f0cb164
AK		 1214 }
1215}
1216
62a2744c
SY		 1217void qemu_flush_coalesced_mmio_buffer(void)
1218{
1219 if (kvm_enabled())
1220 kvm_flush_coalesced_mmio_buffer();
1221}
1222
b2a8658e
UD		 1223void qemu_mutex_lock_ramlist(void)
1224{
1225 qemu_mutex_lock(&ram_list.mutex);
1226}
1227
1228void qemu_mutex_unlock_ramlist(void)
1229{
1230 qemu_mutex_unlock(&ram_list.mutex);
1231}
1232
e1e84ba0 1233#ifdef __linux__
d6af99c9
HZ		 1234static int64_t get_file_size(int fd)
1235{
1236 int64_t size = lseek(fd, 0, SEEK_END);
1237 if (size < 0) {
1238 return -errno;
1239 }
1240 return size;
1241}
1242
04b16653
AW		 1243static void *file_ram_alloc(RAMBlock *block,
1244 ram_addr_t memory,
7f56e740
PB		 1245 const char *path,
1246 Error **errp)
c902760f 1247{
fd97fd44 1248 bool unlink_on_error = false;
c902760f 1249 char *filename;
8ca761f6
PF		 1250 char *sanitized_name;
1251 char *c;
056b68af 1252 void *area = MAP_FAILED;
5c3ece79 1253 int fd = -1;
d6af99c9 1254 int64_t file_size;
c902760f
MT		 1255
1256 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1257 error_setg(errp,
1258 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1259 return NULL;
c902760f
MT		 1260 }
1261
fd97fd44
MA		 1262 for (;;) {
1263 fd = open(path, O_RDWR);
1264 if (fd >= 0) {
1265 /* @path names an existing file, use it */
1266 break;
8d31d6b6 1267 }
fd97fd44
MA		 1268 if (errno == ENOENT) {
1269 /* @path names a file that doesn't exist, create it */
1270 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1271 if (fd >= 0) {
1272 unlink_on_error = true;
1273 break;
1274 }
1275 } else if (errno == EISDIR) {
1276 /* @path names a directory, create a file there */
1277 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1278 sanitized_name = g_strdup(memory_region_name(block->mr));
1279 for (c = sanitized_name; *c != '\0'; c++) {
1280 if (*c == '/') {
1281 *c = '_';
1282 }
1283 }
8ca761f6 1284
fd97fd44
MA		 1285 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1286 sanitized_name);
1287 g_free(sanitized_name);
8d31d6b6 1288
fd97fd44
MA		 1289 fd = mkstemp(filename);
1290 if (fd >= 0) {
1291 unlink(filename);
1292 g_free(filename);
1293 break;
1294 }
1295 g_free(filename);
8d31d6b6 1296 }
fd97fd44
MA		 1297 if (errno != EEXIST && errno != EINTR) {
1298 error_setg_errno(errp, errno,
1299 "can't open backing store %s for guest RAM",
1300 path);
1301 goto error;
1302 }
1303 /*
1304 * Try again on EINTR and EEXIST. The latter happens when
1305 * something else creates the file between our two open().
1306 */
8d31d6b6 1307 }
c902760f 1308
863e9621 1309 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1310 block->mr->align = block->page_size;
1311#if defined(__s390x__)
1312 if (kvm_enabled()) {
1313 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1314 }
1315#endif
fd97fd44 1316
d6af99c9
HZ		 1317 file_size = get_file_size(fd);
1318
863e9621 1319 if (memory < block->page_size) {
fd97fd44 1320 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1321 "or larger than page size 0x%zx",
1322 memory, block->page_size);
f9a49dfa 1323 goto error;
c902760f 1324 }
c902760f 1325
1775f111
HZ		 1326 if (file_size > 0 && file_size < memory) {
1327 error_setg(errp, "backing store %s size 0x%" PRIx64
1328 " does not match 'size' option 0x" RAM_ADDR_FMT,
1329 path, file_size, memory);
1330 goto error;
1331 }
1332
863e9621 1333 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1334
1335 /*
1336 * ftruncate is not supported by hugetlbfs in older
1337 * hosts, so don't bother bailing out on errors.
1338 * If anything goes wrong with it under other filesystems,
1339 * mmap will fail.
d6af99c9
HZ		 1340 *
1341 * Do not truncate the non-empty backend file to avoid corrupting
1342 * the existing data in the file. Disabling shrinking is not
1343 * enough. For example, the current vNVDIMM implementation stores
1344 * the guest NVDIMM labels at the end of the backend file. If the
1345 * backend file is later extended, QEMU will not be able to find
1346 * those labels. Therefore, extending the non-empty backend file
1347 * is disabled as well.
c902760f 1348 */
d6af99c9 1349 if (!file_size && ftruncate(fd, memory)) {
9742bf26 1350 perror("ftruncate");
7f56e740 1351 }
c902760f 1352
d2f39add
DD		 1353 area = qemu_ram_mmap(fd, memory, block->mr->align,
1354 block->flags & RAM_SHARED);
c902760f 1355 if (area == MAP_FAILED) {
7f56e740 1356 error_setg_errno(errp, errno,
fd97fd44 1357 "unable to map backing store for guest RAM");
f9a49dfa 1358 goto error;
c902760f 1359 }
ef36fa14
MT		 1360
1361 if (mem_prealloc) {
056b68af
IM		 1362 os_mem_prealloc(fd, area, memory, errp);
1363 if (errp && *errp) {
1364 goto error;
1365 }
ef36fa14
MT		 1366 }
1367
04b16653 1368 block->fd = fd;
c902760f 1369 return area;
f9a49dfa
MT		 1370
1371error:
056b68af
IM		 1372 if (area != MAP_FAILED) {
1373 qemu_ram_munmap(area, memory);
1374 }
fd97fd44
MA		 1375 if (unlink_on_error) {
1376 unlink(path);
1377 }
5c3ece79
PB		 1378 if (fd != -1) {
1379 close(fd);
1380 }
f9a49dfa 1381 return NULL;
c902760f
MT		 1382}
1383#endif
1384
0dc3f44a 1385/* Called with the ramlist lock held. */
d17b5288 1386static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1387{
1388 RAMBlock *block, *next_block;
3e837b2c 1389 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1390
49cd9ac6
SH		 1391 assert(size != 0); /* it would hand out same offset multiple times */
1392
0dc3f44a 1393 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1394 return 0;
0d53d9fe 1395 }
04b16653 1396
0dc3f44a 1397 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1398 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1399
62be4e3a 1400 end = block->offset + block->max_length;
04b16653 1401
0dc3f44a 1402 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1403 if (next_block->offset >= end) {
1404 next = MIN(next, next_block->offset);
1405 }
1406 }
1407 if (next - end >= size && next - end < mingap) {
3e837b2c 1408 offset = end;
04b16653
AW		 1409 mingap = next - end;
1410 }
1411 }
3e837b2c
AW		 1412
1413 if (offset == RAM_ADDR_MAX) {
1414 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1415 (uint64_t)size);
1416 abort();
1417 }
1418
04b16653
AW		 1419 return offset;
1420}
1421
652d7ec2 1422ram_addr_t last_ram_offset(void)
d17b5288
AW		 1423{
1424 RAMBlock *block;
1425 ram_addr_t last = 0;
1426
0dc3f44a
MD		 1427 rcu_read_lock();
1428 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1429 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1430 }
0dc3f44a 1431 rcu_read_unlock();
d17b5288
AW		 1432 return last;
1433}
1434
ddb97f1d
JB		 1435static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1436{
1437 int ret;
ddb97f1d
JB		 1438
1439 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1440 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1441 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1442 if (ret) {
1443 perror("qemu_madvise");
1444 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1445 "but dump_guest_core=off specified\n");
1446 }
1447 }
1448}
1449
422148d3
DDAG		 1450const char *qemu_ram_get_idstr(RAMBlock *rb)
1451{
1452 return rb->idstr;
1453}
1454
ae3a7047 1455/* Called with iothread lock held. */
fa53a0e5 1456void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1457{
fa53a0e5 1458 RAMBlock *block;
20cfe881 1459
c5705a77
AK		 1460 assert(new_block);
1461 assert(!new_block->idstr[0]);
84b89d78 1462
09e5ab63
AL		 1463 if (dev) {
1464 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1465 if (id) {
1466 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1467 g_free(id);
84b89d78
CM		 1468 }
1469 }
1470 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1471
ab0a9956 1472 rcu_read_lock();
0dc3f44a 1473 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1474 if (block != new_block &&
1475 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1476 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1477 new_block->idstr);
1478 abort();
1479 }
1480 }
0dc3f44a 1481 rcu_read_unlock();
c5705a77
AK		 1482}
1483
ae3a7047 1484/* Called with iothread lock held. */
fa53a0e5 1485void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1486{
ae3a7047
MD		 1487 /* FIXME: arch_init.c assumes that this is not called throughout
1488 * migration. Ignore the problem since hot-unplug during migration
1489 * does not work anyway.
1490 */
20cfe881
HT		 1491 if (block) {
1492 memset(block->idstr, 0, sizeof(block->idstr));
1493 }
1494}
1495
863e9621
DDAG		 1496size_t qemu_ram_pagesize(RAMBlock *rb)
1497{
1498 return rb->page_size;
1499}
1500
8490fc78
LC		 1501static int memory_try_enable_merging(void *addr, size_t len)
1502{
75cc7f01 1503 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1504 /* disabled by the user */
1505 return 0;
1506 }
1507
1508 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1509}
1510
62be4e3a
MT		 1511/* Only legal before guest might have detected the memory size: e.g. on
1512 * incoming migration, or right after reset.
1513 *
1514 * As memory core doesn't know how is memory accessed, it is up to
1515 * resize callback to update device state and/or add assertions to detect
1516 * misuse, if necessary.
1517 */
fa53a0e5 1518int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1519{
62be4e3a
MT		 1520 assert(block);
1521
4ed023ce 1522 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1523
62be4e3a
MT		 1524 if (block->used_length == newsize) {
1525 return 0;
1526 }
1527
1528 if (!(block->flags & RAM_RESIZEABLE)) {
1529 error_setg_errno(errp, EINVAL,
1530 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1531 " in != 0x" RAM_ADDR_FMT, block->idstr,
1532 newsize, block->used_length);
1533 return -EINVAL;
1534 }
1535
1536 if (block->max_length < newsize) {
1537 error_setg_errno(errp, EINVAL,
1538 "Length too large: %s: 0x" RAM_ADDR_FMT
1539 " > 0x" RAM_ADDR_FMT, block->idstr,
1540 newsize, block->max_length);
1541 return -EINVAL;
1542 }
1543
1544 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1545 block->used_length = newsize;
58d2707e
PB		 1546 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1547 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1548 memory_region_set_size(block->mr, newsize);
1549 if (block->resized) {
1550 block->resized(block->idstr, newsize, block->host);
1551 }
1552 return 0;
1553}
1554
5b82b703
SH		 1555/* Called with ram_list.mutex held */
1556static void dirty_memory_extend(ram_addr_t old_ram_size,
1557 ram_addr_t new_ram_size)
1558{
1559 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1560 DIRTY_MEMORY_BLOCK_SIZE);
1561 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1562 DIRTY_MEMORY_BLOCK_SIZE);
1563 int i;
1564
1565 /* Only need to extend if block count increased */
1566 if (new_num_blocks <= old_num_blocks) {
1567 return;
1568 }
1569
1570 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1571 DirtyMemoryBlocks *old_blocks;
1572 DirtyMemoryBlocks *new_blocks;
1573 int j;
1574
1575 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1576 new_blocks = g_malloc(sizeof(*new_blocks) +
1577 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1578
1579 if (old_num_blocks) {
1580 memcpy(new_blocks->blocks, old_blocks->blocks,
1581 old_num_blocks * sizeof(old_blocks->blocks[0]));
1582 }
1583
1584 for (j = old_num_blocks; j < new_num_blocks; j++) {
1585 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1586 }
1587
1588 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1589
1590 if (old_blocks) {
1591 g_free_rcu(old_blocks, rcu);
1592 }
1593 }
1594}
1595
528f46af 1596static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1597{
e1c57ab8 1598 RAMBlock *block;
0d53d9fe 1599 RAMBlock *last_block = NULL;
2152f5ca 1600 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1601 Error *err = NULL;
2152f5ca
JQ		 1602
1603 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1604
b2a8658e 1605 qemu_mutex_lock_ramlist();
9b8424d5 1606 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1607
1608 if (!new_block->host) {
1609 if (xen_enabled()) {
9b8424d5 1610 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1611 new_block->mr, &err);
1612 if (err) {
1613 error_propagate(errp, err);
1614 qemu_mutex_unlock_ramlist();
39c350ee 1615 return;
37aa7a0e 1616 }
e1c57ab8 1617 } else {
9b8424d5 1618 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1619 &new_block->mr->align);
39228250 1620 if (!new_block->host) {
ef701d7b
HT		 1621 error_setg_errno(errp, errno,
1622 "cannot set up guest memory '%s'",
1623 memory_region_name(new_block->mr));
1624 qemu_mutex_unlock_ramlist();
39c350ee 1625 return;
39228250 1626 }
9b8424d5 1627 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1628 }
c902760f 1629 }
94a6b54f 1630
dd631697
LZ		 1631 new_ram_size = MAX(old_ram_size,
1632 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1633 if (new_ram_size > old_ram_size) {
1634 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1635 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1636 }
0d53d9fe
MD		 1637 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1638 * QLIST (which has an RCU-friendly variant) does not have insertion at
1639 * tail, so save the last element in last_block.
1640 */
0dc3f44a 1641 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1642 last_block = block;
9b8424d5 1643 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1644 break;
1645 }
1646 }
1647 if (block) {
0dc3f44a 1648 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1649 } else if (last_block) {
0dc3f44a 1650 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1651 } else { /* list is empty */
0dc3f44a 1652 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1653 }
0d6d3c87 1654 ram_list.mru_block = NULL;
94a6b54f 1655
0dc3f44a
MD		 1656 /* Write list before version */
1657 smp_wmb();
f798b07f 1658 ram_list.version++;
b2a8658e 1659 qemu_mutex_unlock_ramlist();
f798b07f 1660
9b8424d5 1661 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1662 new_block->used_length,
1663 DIRTY_CLIENTS_ALL);
94a6b54f 1664
a904c911
PB		 1665 if (new_block->host) {
1666 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1667 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1668 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1669 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1670 }
94a6b54f 1671}
e9a1ab19 1672
0b183fc8 1673#ifdef __linux__
528f46af
FZ		 1674RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1675 bool share, const char *mem_path,
1676 Error **errp)
e1c57ab8
PB		 1677{
1678 RAMBlock *new_block;
ef701d7b 1679 Error *local_err = NULL;
e1c57ab8
PB		 1680
1681 if (xen_enabled()) {
7f56e740 1682 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1683 return NULL;
e1c57ab8
PB		 1684 }
1685
1686 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1687 /*
1688 * file_ram_alloc() needs to allocate just like
1689 * phys_mem_alloc, but we haven't bothered to provide
1690 * a hook there.
1691 */
7f56e740
PB		 1692 error_setg(errp,
1693 "-mem-path not supported with this accelerator");
528f46af 1694 return NULL;
e1c57ab8
PB		 1695 }
1696
4ed023ce 1697 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1698 new_block = g_malloc0(sizeof(*new_block));
1699 new_block->mr = mr;
9b8424d5
MT		 1700 new_block->used_length = size;
1701 new_block->max_length = size;
dbcb8981 1702 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1703 new_block->host = file_ram_alloc(new_block, size,
1704 mem_path, errp);
1705 if (!new_block->host) {
1706 g_free(new_block);
528f46af 1707 return NULL;
7f56e740
PB		 1708 }
1709
528f46af 1710 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1711 if (local_err) {
1712 g_free(new_block);
1713 error_propagate(errp, local_err);
528f46af 1714 return NULL;
ef701d7b 1715 }
528f46af 1716 return new_block;
e1c57ab8 1717}
0b183fc8 1718#endif
e1c57ab8 1719
62be4e3a 1720static
528f46af
FZ		 1721RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1722 void (*resized)(const char*,
1723 uint64_t length,
1724 void *host),
1725 void *host, bool resizeable,
1726 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1727{
1728 RAMBlock *new_block;
ef701d7b 1729 Error *local_err = NULL;
e1c57ab8 1730
4ed023ce
DDAG		 1731 size = HOST_PAGE_ALIGN(size);
1732 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1733 new_block = g_malloc0(sizeof(*new_block));
1734 new_block->mr = mr;
62be4e3a 1735 new_block->resized = resized;
9b8424d5
MT		 1736 new_block->used_length = size;
1737 new_block->max_length = max_size;
62be4e3a 1738 assert(max_size >= size);
e1c57ab8 1739 new_block->fd = -1;
863e9621 1740 new_block->page_size = getpagesize();
e1c57ab8
PB		 1741 new_block->host = host;
1742 if (host) {
7bd4f430 1743 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1744 }
62be4e3a
MT		 1745 if (resizeable) {
1746 new_block->flags |= RAM_RESIZEABLE;
1747 }
528f46af 1748 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1749 if (local_err) {
1750 g_free(new_block);
1751 error_propagate(errp, local_err);
528f46af 1752 return NULL;
ef701d7b 1753 }
528f46af 1754 return new_block;
e1c57ab8
PB		 1755}
1756
528f46af 1757RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1758 MemoryRegion *mr, Error **errp)
1759{
1760 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1761}
1762
528f46af 1763RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1764{
62be4e3a
MT		 1765 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1766}
1767
528f46af 1768RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1769 void (*resized)(const char*,
1770 uint64_t length,
1771 void *host),
1772 MemoryRegion *mr, Error **errp)
1773{
1774 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1775}
1776
43771539
PB		 1777static void reclaim_ramblock(RAMBlock *block)
1778{
1779 if (block->flags & RAM_PREALLOC) {
1780 ;
1781 } else if (xen_enabled()) {
1782 xen_invalidate_map_cache_entry(block->host);
1783#ifndef _WIN32
1784 } else if (block->fd >= 0) {
2f3a2bb1 1785 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1786 close(block->fd);
1787#endif
1788 } else {
1789 qemu_anon_ram_free(block->host, block->max_length);
1790 }
1791 g_free(block);
1792}
1793
f1060c55 1794void qemu_ram_free(RAMBlock *block)
e9a1ab19 1795{
85bc2a15
MAL		 1796 if (!block) {
1797 return;
1798 }
1799
b2a8658e 1800 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1801 QLIST_REMOVE_RCU(block, next);
1802 ram_list.mru_block = NULL;
1803 /* Write list before version */
1804 smp_wmb();
1805 ram_list.version++;
1806 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1807 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1808}
1809
cd19cfa2
HY		 1810#ifndef _WIN32
1811void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1812{
1813 RAMBlock *block;
1814 ram_addr_t offset;
1815 int flags;
1816 void *area, *vaddr;
1817
0dc3f44a 1818 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1819 offset = addr - block->offset;
9b8424d5 1820 if (offset < block->max_length) {
1240be24 1821 vaddr = ramblock_ptr(block, offset);
7bd4f430 1822 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1823 ;
dfeaf2ab
MA		 1824 } else if (xen_enabled()) {
1825 abort();
cd19cfa2
HY		 1826 } else {
1827 flags = MAP_FIXED;
3435f395 1828 if (block->fd >= 0) {
dbcb8981
PB		 1829 flags |= (block->flags & RAM_SHARED ?
1830 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1831 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1832 flags, block->fd, offset);
cd19cfa2 1833 } else {
2eb9fbaa
MA		 1834 /*
1835 * Remap needs to match alloc. Accelerators that
1836 * set phys_mem_alloc never remap. If they did,
1837 * we'd need a remap hook here.
1838 */
1839 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1840
cd19cfa2
HY		 1841 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1842 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1843 flags, -1, 0);
cd19cfa2
HY		 1844 }
1845 if (area != vaddr) {
f15fbc4b
AP		 1846 fprintf(stderr, "Could not remap addr: "
1847 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1848 length, addr);
1849 exit(1);
1850 }
8490fc78 1851 memory_try_enable_merging(vaddr, length);
ddb97f1d 1852 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1853 }
cd19cfa2
HY		 1854 }
1855 }
1856}
1857#endif /* !_WIN32 */
1858
1b5ec234 1859/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1860 * This should not be used for general purpose DMA. Use address_space_map
1861 * or address_space_rw instead. For local memory (e.g. video ram) that the
1862 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1863 *
49b24afc 1864 * Called within RCU critical section.
1b5ec234 1865 */
0878d0e1 1866void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1867{
3655cb9c
GA		 1868 RAMBlock *block = ram_block;
1869
1870 if (block == NULL) {
1871 block = qemu_get_ram_block(addr);
0878d0e1 1872 addr -= block->offset;
3655cb9c 1873 }
ae3a7047
MD		 1874
1875 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1876 /* We need to check if the requested address is in the RAM
1877 * because we don't want to map the entire memory in QEMU.
1878 * In that case just map until the end of the page.
1879 */
1880 if (block->offset == 0) {
49b24afc 1881 return xen_map_cache(addr, 0, 0);
0d6d3c87 1882 }
ae3a7047
MD		 1883
1884 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1885 }
0878d0e1 1886 return ramblock_ptr(block, addr);
dc828ca1
PB		 1887}
1888
0878d0e1 1889/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1890 * but takes a size argument.
0dc3f44a 1891 *
e81bcda5 1892 * Called within RCU critical section.
ae3a7047 1893 */
3655cb9c
GA		 1894static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1895 hwaddr *size)
38bee5dc 1896{
3655cb9c 1897 RAMBlock *block = ram_block;
8ab934f9
SS		 1898 if (*size == 0) {
1899 return NULL;
1900 }
e81bcda5 1901
3655cb9c
GA		 1902 if (block == NULL) {
1903 block = qemu_get_ram_block(addr);
0878d0e1 1904 addr -= block->offset;
3655cb9c 1905 }
0878d0e1 1906 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1907
1908 if (xen_enabled() && block->host == NULL) {
1909 /* We need to check if the requested address is in the RAM
1910 * because we don't want to map the entire memory in QEMU.
1911 * In that case just map the requested area.
1912 */
1913 if (block->offset == 0) {
1914 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1915 }
1916
e81bcda5 1917 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1918 }
e81bcda5 1919
0878d0e1 1920 return ramblock_ptr(block, addr);
38bee5dc
SS		 1921}
1922
422148d3
DDAG		 1923/*
1924 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1925 * in that RAMBlock.
1926 *
1927 * ptr: Host pointer to look up
1928 * round_offset: If true round the result offset down to a page boundary
1929 * *ram_addr: set to result ram_addr
1930 * *offset: set to result offset within the RAMBlock
1931 *
1932 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1933 *
1934 * By the time this function returns, the returned pointer is not protected
1935 * by RCU anymore. If the caller is not within an RCU critical section and
1936 * does not hold the iothread lock, it must have other means of protecting the
1937 * pointer, such as a reference to the region that includes the incoming
1938 * ram_addr_t.
1939 */
422148d3 1940RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1941 ram_addr_t *offset)
5579c7f3 1942{
94a6b54f
PB		 1943 RAMBlock *block;
1944 uint8_t *host = ptr;
1945
868bb33f 1946 if (xen_enabled()) {
f615f396 1947 ram_addr_t ram_addr;
0dc3f44a 1948 rcu_read_lock();
f615f396
PB		 1949 ram_addr = xen_ram_addr_from_mapcache(ptr);
1950 block = qemu_get_ram_block(ram_addr);
422148d3 1951 if (block) {
d6b6aec4 1952 *offset = ram_addr - block->offset;
422148d3 1953 }
0dc3f44a 1954 rcu_read_unlock();
422148d3 1955 return block;
712c2b41
SS		 1956 }
1957
0dc3f44a
MD		 1958 rcu_read_lock();
1959 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1960 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1961 goto found;
1962 }
1963
0dc3f44a 1964 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1965 /* This case append when the block is not mapped. */
1966 if (block->host == NULL) {
1967 continue;
1968 }
9b8424d5 1969 if (host - block->host < block->max_length) {
23887b79 1970 goto found;
f471a17e 1971 }
94a6b54f 1972 }
432d268c 1973
0dc3f44a 1974 rcu_read_unlock();
1b5ec234 1975 return NULL;
23887b79
PB		 1976
1977found:
422148d3
DDAG		 1978 *offset = (host - block->host);
1979 if (round_offset) {
1980 *offset &= TARGET_PAGE_MASK;
1981 }
0dc3f44a 1982 rcu_read_unlock();
422148d3
DDAG		 1983 return block;
1984}
1985
e3dd7493
DDAG		 1986/*
1987 * Finds the named RAMBlock
1988 *
1989 * name: The name of RAMBlock to find
1990 *
1991 * Returns: RAMBlock (or NULL if not found)
1992 */
1993RAMBlock *qemu_ram_block_by_name(const char *name)
1994{
1995 RAMBlock *block;
1996
1997 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1998 if (!strcmp(name, block->idstr)) {
1999 return block;
2000 }
2001 }
2002
2003 return NULL;
2004}
2005
422148d3
DDAG		 2006/* Some of the softmmu routines need to translate from a host pointer
2007 (typically a TLB entry) back to a ram offset. */
07bdaa41 2008ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 2009{
2010 RAMBlock *block;
f615f396 2011 ram_addr_t offset;
422148d3 2012
f615f396 2013 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 2014 if (!block) {
07bdaa41 2015 return RAM_ADDR_INVALID;
422148d3
DDAG		 2016 }
2017
07bdaa41 2018 return block->offset + offset;
e890261f 2019}
f471a17e 2020
49b24afc 2021/* Called within RCU critical section. */
a8170e5e 2022static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2023 uint64_t val, unsigned size)
9fa3e853 2024{
ba051fb5
AB		 2025 bool locked = false;
2026
52159192 2027 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
ba051fb5
AB		 2028 locked = true;
2029 tb_lock();
0e0df1e2 2030 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2031 }
0e0df1e2
AK		 2032 switch (size) {
2033 case 1:
0878d0e1 2034 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2035 break;
2036 case 2:
0878d0e1 2037 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2038 break;
2039 case 4:
0878d0e1 2040 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2041 break;
2042 default:
2043 abort();
3a7d929e 2044 }
ba051fb5
AB		 2045
2046 if (locked) {
2047 tb_unlock();
2048 }
2049
58d2707e
PB		 2050 /* Set both VGA and migration bits for simplicity and to remove
2051 * the notdirty callback faster.
2052 */
2053 cpu_physical_memory_set_dirty_range(ram_addr, size,
2054 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2055 /* we remove the notdirty callback only if the code has been
2056 flushed */
a2cd8c85 2057 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2058 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2059 }
9fa3e853
FB		 2060}
2061
b018ddf6
PB		 2062static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2063 unsigned size, bool is_write)
2064{
2065 return is_write;
2066}
2067
0e0df1e2 2068static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2069 .write = notdirty_mem_write,
b018ddf6 2070 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2071 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2072};
2073
0f459d16 2074/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2075static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2076{
93afeade 2077 CPUState *cpu = current_cpu;
568496c0 2078 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2079 CPUArchState *env = cpu->env_ptr;
06d55cc1 2080 target_ulong pc, cs_base;
0f459d16 2081 target_ulong vaddr;
a1d1bb31 2082 CPUWatchpoint *wp;
89fee74a 2083 uint32_t cpu_flags;
0f459d16 2084
ff4700b0 2085 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2086 /* We re-entered the check after replacing the TB. Now raise
2087 * the debug interrupt so that is will trigger after the
2088 * current instruction. */
93afeade 2089 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2090 return;
2091 }
93afeade 2092 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2093 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2094 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2095 && (wp->flags & flags)) {
08225676
PM		 2096 if (flags == BP_MEM_READ) {
2097 wp->flags |= BP_WATCHPOINT_HIT_READ;
2098 } else {
2099 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2100 }
2101 wp->hitaddr = vaddr;
66b9b43c 2102 wp->hitattrs = attrs;
ff4700b0 2103 if (!cpu->watchpoint_hit) {
568496c0
SF		 2104 if (wp->flags & BP_CPU &&
2105 !cc->debug_check_watchpoint(cpu, wp)) {
2106 wp->flags &= ~BP_WATCHPOINT_HIT;
2107 continue;
2108 }
ff4700b0 2109 cpu->watchpoint_hit = wp;
a5e99826
FK		 2110
2111 /* The tb_lock will be reset when cpu_loop_exit or
2112 * cpu_loop_exit_noexc longjmp back into the cpu_exec
2113 * main loop.
2114 */
2115 tb_lock();
239c51a5 2116 tb_check_watchpoint(cpu);
6e140f28 2117 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2118 cpu->exception_index = EXCP_DEBUG;
5638d180 2119 cpu_loop_exit(cpu);
6e140f28
AL		 2120 } else {
2121 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2122 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2123 cpu_loop_exit_noexc(cpu);
6e140f28 2124 }
06d55cc1 2125 }
6e140f28
AL		 2126 } else {
2127 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2128 }
2129 }
2130}
2131
6658ffb8
PB		 2132/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2133 so these check for a hit then pass through to the normal out-of-line
2134 phys routines. */
66b9b43c
PM		 2135static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2136 unsigned size, MemTxAttrs attrs)
6658ffb8 2137{
66b9b43c
PM		 2138 MemTxResult res;
2139 uint64_t data;
79ed0416
PM		 2140 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2141 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2142
2143 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2144 switch (size) {
66b9b43c 2145 case 1:
79ed0416 2146 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2147 break;
2148 case 2:
79ed0416 2149 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2150 break;
2151 case 4:
79ed0416 2152 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2153 break;
1ec9b909
AK		 2154 default: abort();
2155 }
66b9b43c
PM		 2156 *pdata = data;
2157 return res;
6658ffb8
PB		 2158}
2159
66b9b43c
PM		 2160static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2161 uint64_t val, unsigned size,
2162 MemTxAttrs attrs)
6658ffb8 2163{
66b9b43c 2164 MemTxResult res;
79ed0416
PM		 2165 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2166 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2167
2168 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2169 switch (size) {
67364150 2170 case 1:
79ed0416 2171 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2172 break;
2173 case 2:
79ed0416 2174 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2175 break;
2176 case 4:
79ed0416 2177 address_space_stl(as, addr, val, attrs, &res);
67364150 2178 break;
1ec9b909
AK		 2179 default: abort();
2180 }
66b9b43c 2181 return res;
6658ffb8
PB		 2182}
2183
1ec9b909 2184static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2185 .read_with_attrs = watch_mem_read,
2186 .write_with_attrs = watch_mem_write,
1ec9b909 2187 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2188};
6658ffb8 2189
f25a49e0
PM		 2190static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2191 unsigned len, MemTxAttrs attrs)
db7b5426 2192{
acc9d80b 2193 subpage_t *subpage = opaque;
ff6cff75 2194 uint8_t buf[8];
5c9eb028 2195 MemTxResult res;
791af8c8 2196
db7b5426 2197#if defined(DEBUG_SUBPAGE)
016e9d62 2198 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2199 subpage, len, addr);
db7b5426 2200#endif
5c9eb028
PM		 2201 res = address_space_read(subpage->as, addr + subpage->base,
2202 attrs, buf, len);
2203 if (res) {
2204 return res;
f25a49e0 2205 }
acc9d80b
JK		 2206 switch (len) {
2207 case 1:
f25a49e0
PM		 2208 *data = ldub_p(buf);
2209 return MEMTX_OK;
acc9d80b 2210 case 2:
f25a49e0
PM		 2211 *data = lduw_p(buf);
2212 return MEMTX_OK;
acc9d80b 2213 case 4:
f25a49e0
PM		 2214 *data = ldl_p(buf);
2215 return MEMTX_OK;
ff6cff75 2216 case 8:
f25a49e0
PM		 2217 *data = ldq_p(buf);
2218 return MEMTX_OK;
acc9d80b
JK		 2219 default:
2220 abort();
2221 }
db7b5426
BS		 2222}
2223
f25a49e0
PM		 2224static MemTxResult subpage_write(void *opaque, hwaddr addr,
2225 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2226{
acc9d80b 2227 subpage_t *subpage = opaque;
ff6cff75 2228 uint8_t buf[8];
acc9d80b 2229
db7b5426 2230#if defined(DEBUG_SUBPAGE)
016e9d62 2231 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2232 " value %"PRIx64"\n",
2233 __func__, subpage, len, addr, value);
db7b5426 2234#endif
acc9d80b
JK		 2235 switch (len) {
2236 case 1:
2237 stb_p(buf, value);
2238 break;
2239 case 2:
2240 stw_p(buf, value);
2241 break;
2242 case 4:
2243 stl_p(buf, value);
2244 break;
ff6cff75
PB		 2245 case 8:
2246 stq_p(buf, value);
2247 break;
acc9d80b
JK		 2248 default:
2249 abort();
2250 }
5c9eb028
PM		 2251 return address_space_write(subpage->as, addr + subpage->base,
2252 attrs, buf, len);
db7b5426
BS		 2253}
2254
c353e4cc 2255static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2256 unsigned len, bool is_write)
c353e4cc 2257{
acc9d80b 2258 subpage_t *subpage = opaque;
c353e4cc 2259#if defined(DEBUG_SUBPAGE)
016e9d62 2260 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2261 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2262#endif
2263
acc9d80b 2264 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2265 len, is_write);
c353e4cc
PB		 2266}
2267
70c68e44 2268static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2269 .read_with_attrs = subpage_read,
2270 .write_with_attrs = subpage_write,
ff6cff75
PB		 2271 .impl.min_access_size = 1,
2272 .impl.max_access_size = 8,
2273 .valid.min_access_size = 1,
2274 .valid.max_access_size = 8,
c353e4cc 2275 .valid.accepts = subpage_accepts,
70c68e44 2276 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2277};
2278
c227f099 2279static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2280 uint16_t section)
db7b5426
BS		 2281{
2282 int idx, eidx;
2283
2284 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2285 return -1;
2286 idx = SUBPAGE_IDX(start);
2287 eidx = SUBPAGE_IDX(end);
2288#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2289 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2290 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2291#endif
db7b5426 2292 for (; idx <= eidx; idx++) {
5312bd8b 2293 mmio->sub_section[idx] = section;
db7b5426
BS		 2294 }
2295
2296 return 0;
2297}
2298
acc9d80b 2299static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2300{
c227f099 2301 subpage_t *mmio;
db7b5426 2302
2615fabd 2303 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
acc9d80b 2304 mmio->as = as;
1eec614b 2305 mmio->base = base;
2c9b15ca 2306 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2307 NULL, TARGET_PAGE_SIZE);
b3b00c78 2308 mmio->iomem.subpage = true;
db7b5426 2309#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2310 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2311 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2312#endif
b41aac4f 2313 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2314
2315 return mmio;
2316}
2317
a656e22f
PC		 2318static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2319 MemoryRegion *mr)
5312bd8b 2320{
a656e22f 2321 assert(as);
5312bd8b 2322 MemoryRegionSection section = {
a656e22f 2323 .address_space = as,
5312bd8b
AK		 2324 .mr = mr,
2325 .offset_within_address_space = 0,
2326 .offset_within_region = 0,
052e87b0 2327 .size = int128_2_64(),
5312bd8b
AK		 2328 };
2329
53cb28cb 2330 return phys_section_add(map, &section);
5312bd8b
AK		 2331}
2332
a54c87b6 2333MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2334{
a54c87b6
PM		 2335 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2336 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2337 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2338 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2339
2340 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2341}
2342
e9179ce1
AK		 2343static void io_mem_init(void)
2344{
1f6245e5 2345 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2346 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2347 NULL, UINT64_MAX);
2c9b15ca 2348 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2349 NULL, UINT64_MAX);
2c9b15ca 2350 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2351 NULL, UINT64_MAX);
e9179ce1
AK		 2352}
2353
ac1970fb 2354static void mem_begin(MemoryListener *listener)
00752703
PB		 2355{
2356 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2357 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2358 uint16_t n;
2359
a656e22f 2360 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2361 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2362 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2363 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2364 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2365 assert(n == PHYS_SECTION_ROM);
a656e22f 2366 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2367 assert(n == PHYS_SECTION_WATCH);
00752703 2368
9736e55b 2369 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2370 d->as = as;
2371 as->next_dispatch = d;
2372}
2373
79e2b9ae
PB		 2374static void address_space_dispatch_free(AddressSpaceDispatch *d)
2375{
2376 phys_sections_free(&d->map);
2377 g_free(d);
2378}
2379
00752703 2380static void mem_commit(MemoryListener *listener)
ac1970fb 2381{
89ae337a 2382 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2383 AddressSpaceDispatch *cur = as->dispatch;
2384 AddressSpaceDispatch *next = as->next_dispatch;
2385
53cb28cb 2386 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2387
79e2b9ae 2388 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2389 if (cur) {
79e2b9ae 2390 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2391 }
9affd6fc
PB		 2392}
2393
1d71148e 2394static void tcg_commit(MemoryListener *listener)
50c1e149 2395{
32857f4d
PM		 2396 CPUAddressSpace *cpuas;
2397 AddressSpaceDispatch *d;
117712c3
AK		 2398
2399 /* since each CPU stores ram addresses in its TLB cache, we must
2400 reset the modified entries */
32857f4d
PM		 2401 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2402 cpu_reloading_memory_map();
2403 /* The CPU and TLB are protected by the iothread lock.
2404 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2405 * may have split the RCU critical section.
2406 */
2407 d = atomic_rcu_read(&cpuas->as->dispatch);
f35e44e7 2408 atomic_rcu_set(&cpuas->memory_dispatch, d);
32857f4d 2409 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2410}
2411
ac1970fb
AK		 2412void address_space_init_dispatch(AddressSpace *as)
2413{
00752703 2414 as->dispatch = NULL;
89ae337a 2415 as->dispatch_listener = (MemoryListener) {
ac1970fb 2416 .begin = mem_begin,
00752703 2417 .commit = mem_commit,
ac1970fb
AK		 2418 .region_add = mem_add,
2419 .region_nop = mem_add,
2420 .priority = 0,
2421 };
89ae337a 2422 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2423}
2424
6e48e8f9
PB		 2425void address_space_unregister(AddressSpace *as)
2426{
2427 memory_listener_unregister(&as->dispatch_listener);
2428}
2429
83f3c251
AK		 2430void address_space_destroy_dispatch(AddressSpace *as)
2431{
2432 AddressSpaceDispatch *d = as->dispatch;
2433
79e2b9ae
PB		 2434 atomic_rcu_set(&as->dispatch, NULL);
2435 if (d) {
2436 call_rcu(d, address_space_dispatch_free, rcu);
2437 }
83f3c251
AK		 2438}
2439
62152b8a
AK		 2440static void memory_map_init(void)
2441{
7267c094 2442 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2443
57271d63 2444 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2445 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2446
7267c094 2447 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2448 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2449 65536);
7dca8043 2450 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2451}
2452
2453MemoryRegion *get_system_memory(void)
2454{
2455 return system_memory;
2456}
2457
309cb471
AK		 2458MemoryRegion *get_system_io(void)
2459{
2460 return system_io;
2461}
2462
e2eef170
PB		 2463#endif /* !defined(CONFIG_USER_ONLY) */
2464
13eb76e0
FB		 2465/* physical memory access (slow version, mainly for debug) */
2466#if defined(CONFIG_USER_ONLY)
f17ec444 2467int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2468 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2469{
2470 int l, flags;
2471 target_ulong page;
53a5960a 2472 void * p;
13eb76e0
FB		 2473
2474 while (len > 0) {
2475 page = addr & TARGET_PAGE_MASK;
2476 l = (page + TARGET_PAGE_SIZE) - addr;
2477 if (l > len)
2478 l = len;
2479 flags = page_get_flags(page);
2480 if (!(flags & PAGE_VALID))
a68fe89c 2481 return -1;
13eb76e0
FB		 2482 if (is_write) {
2483 if (!(flags & PAGE_WRITE))
a68fe89c 2484 return -1;
579a97f7 2485 /* XXX: this code should not depend on lock_user */
72fb7daa 2486 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2487 return -1;
72fb7daa
AJ		 2488 memcpy(p, buf, l);
2489 unlock_user(p, addr, l);
13eb76e0
FB		 2490 } else {
2491 if (!(flags & PAGE_READ))
a68fe89c 2492 return -1;
579a97f7 2493 /* XXX: this code should not depend on lock_user */
72fb7daa 2494 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2495 return -1;
72fb7daa 2496 memcpy(buf, p, l);
5b257578 2497 unlock_user(p, addr, 0);
13eb76e0
FB		 2498 }
2499 len -= l;
2500 buf += l;
2501 addr += l;
2502 }
a68fe89c 2503 return 0;
13eb76e0 2504}
8df1cd07 2505
13eb76e0 2506#else
51d7a9eb 2507
845b6214 2508static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2509 hwaddr length)
51d7a9eb 2510{
e87f7778 2511 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2512 addr += memory_region_get_ram_addr(mr);
2513
e87f7778
PB		 2514 /* No early return if dirty_log_mask is or becomes 0, because
2515 * cpu_physical_memory_set_dirty_range will still call
2516 * xen_modified_memory.
2517 */
2518 if (dirty_log_mask) {
2519 dirty_log_mask =
2520 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2521 }
2522 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
ba051fb5 2523 tb_lock();
e87f7778 2524 tb_invalidate_phys_range(addr, addr + length);
ba051fb5 2525 tb_unlock();
e87f7778 2526 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2527 }
e87f7778 2528 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2529}
2530
23326164 2531static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2532{
e1622f4b 2533 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2534
2535 /* Regions are assumed to support 1-4 byte accesses unless
2536 otherwise specified. */
23326164
RH		 2537 if (access_size_max == 0) {
2538 access_size_max = 4;
2539 }
2540
2541 /* Bound the maximum access by the alignment of the address. */
2542 if (!mr->ops->impl.unaligned) {
2543 unsigned align_size_max = addr & -addr;
2544 if (align_size_max != 0 && align_size_max < access_size_max) {
2545 access_size_max = align_size_max;
2546 }
82f2563f 2547 }
23326164
RH		 2548
2549 /* Don't attempt accesses larger than the maximum. */
2550 if (l > access_size_max) {
2551 l = access_size_max;
82f2563f 2552 }
6554f5c0 2553 l = pow2floor(l);
23326164
RH		 2554
2555 return l;
82f2563f
PB		 2556}
2557
4840f10e 2558static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2559{
4840f10e
JK		 2560 bool unlocked = !qemu_mutex_iothread_locked();
2561 bool release_lock = false;
2562
2563 if (unlocked && mr->global_locking) {
2564 qemu_mutex_lock_iothread();
2565 unlocked = false;
2566 release_lock = true;
2567 }
125b3806 2568 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2569 if (unlocked) {
2570 qemu_mutex_lock_iothread();
2571 }
125b3806 2572 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2573 if (unlocked) {
2574 qemu_mutex_unlock_iothread();
2575 }
125b3806 2576 }
4840f10e
JK		 2577
2578 return release_lock;
125b3806
PB		 2579}
2580
a203ac70
PB		 2581/* Called within RCU critical section. */
2582static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2583 MemTxAttrs attrs,
2584 const uint8_t *buf,
2585 int len, hwaddr addr1,
2586 hwaddr l, MemoryRegion *mr)
13eb76e0 2587{
13eb76e0 2588 uint8_t *ptr;
791af8c8 2589 uint64_t val;
3b643495 2590 MemTxResult result = MEMTX_OK;
4840f10e 2591 bool release_lock = false;
3b46e624 2592
a203ac70 2593 for (;;) {
eb7eeb88
PB		 2594 if (!memory_access_is_direct(mr, true)) {
2595 release_lock |= prepare_mmio_access(mr);
2596 l = memory_access_size(mr, l, addr1);
2597 /* XXX: could force current_cpu to NULL to avoid
2598 potential bugs */
2599 switch (l) {
2600 case 8:
2601 /* 64 bit write access */
2602 val = ldq_p(buf);
2603 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2604 attrs);
2605 break;
2606 case 4:
2607 /* 32 bit write access */
2608 val = ldl_p(buf);
2609 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2610 attrs);
2611 break;
2612 case 2:
2613 /* 16 bit write access */
2614 val = lduw_p(buf);
2615 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2616 attrs);
2617 break;
2618 case 1:
2619 /* 8 bit write access */
2620 val = ldub_p(buf);
2621 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2622 attrs);
2623 break;
2624 default:
2625 abort();
13eb76e0
FB		 2626 }
2627 } else {
eb7eeb88 2628 /* RAM case */
0878d0e1 2629 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2630 memcpy(ptr, buf, l);
2631 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2632 }
4840f10e
JK		 2633
2634 if (release_lock) {
2635 qemu_mutex_unlock_iothread();
2636 release_lock = false;
2637 }
2638
13eb76e0
FB		 2639 len -= l;
2640 buf += l;
2641 addr += l;
a203ac70
PB		 2642
2643 if (!len) {
2644 break;
2645 }
2646
2647 l = len;
2648 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2649 }
fd8aaa76 2650
3b643495 2651 return result;
13eb76e0 2652}
8df1cd07 2653
a203ac70
PB		 2654MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2655 const uint8_t *buf, int len)
ac1970fb 2656{
eb7eeb88 2657 hwaddr l;
eb7eeb88
PB		 2658 hwaddr addr1;
2659 MemoryRegion *mr;
2660 MemTxResult result = MEMTX_OK;
eb7eeb88 2661
a203ac70
PB		 2662 if (len > 0) {
2663 rcu_read_lock();
eb7eeb88 2664 l = len;
a203ac70
PB		 2665 mr = address_space_translate(as, addr, &addr1, &l, true);
2666 result = address_space_write_continue(as, addr, attrs, buf, len,
2667 addr1, l, mr);
2668 rcu_read_unlock();
2669 }
2670
2671 return result;
2672}
2673
2674/* Called within RCU critical section. */
2675MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2676 MemTxAttrs attrs, uint8_t *buf,
2677 int len, hwaddr addr1, hwaddr l,
2678 MemoryRegion *mr)
2679{
2680 uint8_t *ptr;
2681 uint64_t val;
2682 MemTxResult result = MEMTX_OK;
2683 bool release_lock = false;
eb7eeb88 2684
a203ac70 2685 for (;;) {
eb7eeb88
PB		 2686 if (!memory_access_is_direct(mr, false)) {
2687 /* I/O case */
2688 release_lock |= prepare_mmio_access(mr);
2689 l = memory_access_size(mr, l, addr1);
2690 switch (l) {
2691 case 8:
2692 /* 64 bit read access */
2693 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2694 attrs);
2695 stq_p(buf, val);
2696 break;
2697 case 4:
2698 /* 32 bit read access */
2699 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2700 attrs);
2701 stl_p(buf, val);
2702 break;
2703 case 2:
2704 /* 16 bit read access */
2705 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2706 attrs);
2707 stw_p(buf, val);
2708 break;
2709 case 1:
2710 /* 8 bit read access */
2711 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2712 attrs);
2713 stb_p(buf, val);
2714 break;
2715 default:
2716 abort();
2717 }
2718 } else {
2719 /* RAM case */
0878d0e1 2720 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2721 memcpy(buf, ptr, l);
2722 }
2723
2724 if (release_lock) {
2725 qemu_mutex_unlock_iothread();
2726 release_lock = false;
2727 }
2728
2729 len -= l;
2730 buf += l;
2731 addr += l;
a203ac70
PB		 2732
2733 if (!len) {
2734 break;
2735 }
2736
2737 l = len;
2738 mr = address_space_translate(as, addr, &addr1, &l, false);
2739 }
2740
2741 return result;
2742}
2743
3cc8f884
PB		 2744MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2745 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2746{
2747 hwaddr l;
2748 hwaddr addr1;
2749 MemoryRegion *mr;
2750 MemTxResult result = MEMTX_OK;
2751
2752 if (len > 0) {
2753 rcu_read_lock();
2754 l = len;
2755 mr = address_space_translate(as, addr, &addr1, &l, false);
2756 result = address_space_read_continue(as, addr, attrs, buf, len,
2757 addr1, l, mr);
2758 rcu_read_unlock();
eb7eeb88 2759 }
eb7eeb88
PB		 2760
2761 return result;
ac1970fb
AK		 2762}
2763
eb7eeb88
PB		 2764MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2765 uint8_t *buf, int len, bool is_write)
2766{
2767 if (is_write) {
2768 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2769 } else {
2770 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2771 }
2772}
ac1970fb 2773
a8170e5e 2774void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2775 int len, int is_write)
2776{
5c9eb028
PM		 2777 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2778 buf, len, is_write);
ac1970fb
AK		 2779}
2780
582b55a9
AG		 2781enum write_rom_type {
2782 WRITE_DATA,
2783 FLUSH_CACHE,
2784};
2785
2a221651 2786static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2787 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2788{
149f54b5 2789 hwaddr l;
d0ecd2aa 2790 uint8_t *ptr;
149f54b5 2791 hwaddr addr1;
5c8a00ce 2792 MemoryRegion *mr;
3b46e624 2793
41063e1e 2794 rcu_read_lock();
d0ecd2aa 2795 while (len > 0) {
149f54b5 2796 l = len;
2a221651 2797 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2798
5c8a00ce
PB		 2799 if (!(memory_region_is_ram(mr) ||
2800 memory_region_is_romd(mr))) {
b242e0e0 2801 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2802 } else {
d0ecd2aa 2803 /* ROM/RAM case */
0878d0e1 2804 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2805 switch (type) {
2806 case WRITE_DATA:
2807 memcpy(ptr, buf, l);
845b6214 2808 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2809 break;
2810 case FLUSH_CACHE:
2811 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2812 break;
2813 }
d0ecd2aa
FB		 2814 }
2815 len -= l;
2816 buf += l;
2817 addr += l;
2818 }
41063e1e 2819 rcu_read_unlock();
d0ecd2aa
FB		 2820}
2821
582b55a9 2822/* used for ROM loading : can write in RAM and ROM */
2a221651 2823void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2824 const uint8_t *buf, int len)
2825{
2a221651 2826 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2827}
2828
2829void cpu_flush_icache_range(hwaddr start, int len)
2830{
2831 /*
2832 * This function should do the same thing as an icache flush that was
2833 * triggered from within the guest. For TCG we are always cache coherent,
2834 * so there is no need to flush anything. For KVM / Xen we need to flush
2835 * the host's instruction cache at least.
2836 */
2837 if (tcg_enabled()) {
2838 return;
2839 }
2840
2a221651
EI		 2841 cpu_physical_memory_write_rom_internal(&address_space_memory,
2842 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2843}
2844
6d16c2f8 2845typedef struct {
d3e71559 2846 MemoryRegion *mr;
6d16c2f8 2847 void *buffer;
a8170e5e
AK		 2848 hwaddr addr;
2849 hwaddr len;
c2cba0ff 2850 bool in_use;
6d16c2f8
AL		 2851} BounceBuffer;
2852
2853static BounceBuffer bounce;
2854
ba223c29 2855typedef struct MapClient {
e95205e1 2856 QEMUBH *bh;
72cf2d4f 2857 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2858} MapClient;
2859
38e047b5 2860QemuMutex map_client_list_lock;
72cf2d4f
BS		 2861static QLIST_HEAD(map_client_list, MapClient) map_client_list
2862 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2863
e95205e1
FZ		 2864static void cpu_unregister_map_client_do(MapClient *client)
2865{
2866 QLIST_REMOVE(client, link);
2867 g_free(client);
2868}
2869
33b6c2ed
FZ		 2870static void cpu_notify_map_clients_locked(void)
2871{
2872 MapClient *client;
2873
2874 while (!QLIST_EMPTY(&map_client_list)) {
2875 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2876 qemu_bh_schedule(client->bh);
2877 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2878 }
2879}
2880
e95205e1 2881void cpu_register_map_client(QEMUBH *bh)
ba223c29 2882{
7267c094 2883 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2884
38e047b5 2885 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2886 client->bh = bh;
72cf2d4f 2887 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2888 if (!atomic_read(&bounce.in_use)) {
2889 cpu_notify_map_clients_locked();
2890 }
38e047b5 2891 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2892}
2893
38e047b5 2894void cpu_exec_init_all(void)
ba223c29 2895{
38e047b5 2896 qemu_mutex_init(&ram_list.mutex);
20bccb82
PM		 2897 /* The data structures we set up here depend on knowing the page size,
2898 * so no more changes can be made after this point.
2899 * In an ideal world, nothing we did before we had finished the
2900 * machine setup would care about the target page size, and we could
2901 * do this much later, rather than requiring board models to state
2902 * up front what their requirements are.
2903 */
2904 finalize_target_page_bits();
38e047b5 2905 io_mem_init();
680a4783 2906 memory_map_init();
38e047b5 2907 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2908}
2909
e95205e1 2910void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2911{
2912 MapClient *client;
2913
e95205e1
FZ		 2914 qemu_mutex_lock(&map_client_list_lock);
2915 QLIST_FOREACH(client, &map_client_list, link) {
2916 if (client->bh == bh) {
2917 cpu_unregister_map_client_do(client);
2918 break;
2919 }
ba223c29 2920 }
e95205e1 2921 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2922}
2923
2924static void cpu_notify_map_clients(void)
2925{
38e047b5 2926 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2927 cpu_notify_map_clients_locked();
38e047b5 2928 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2929}
2930
51644ab7
PB		 2931bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2932{
5c8a00ce 2933 MemoryRegion *mr;
51644ab7
PB		 2934 hwaddr l, xlat;
2935
41063e1e 2936 rcu_read_lock();
51644ab7
PB		 2937 while (len > 0) {
2938 l = len;
5c8a00ce
PB		 2939 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2940 if (!memory_access_is_direct(mr, is_write)) {
2941 l = memory_access_size(mr, l, addr);
2942 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2943 return false;
2944 }
2945 }
2946
2947 len -= l;
2948 addr += l;
2949 }
41063e1e 2950 rcu_read_unlock();
51644ab7
PB		 2951 return true;
2952}
2953
6d16c2f8
AL		 2954/* Map a physical memory region into a host virtual address.
2955 * May map a subset of the requested range, given by and returned in *plen.
2956 * May return NULL if resources needed to perform the mapping are exhausted.
2957 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2958 * Use cpu_register_map_client() to know when retrying the map operation is
2959 * likely to succeed.
6d16c2f8 2960 */
ac1970fb 2961void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2962 hwaddr addr,
2963 hwaddr *plen,
ac1970fb 2964 bool is_write)
6d16c2f8 2965{
a8170e5e 2966 hwaddr len = *plen;
e3127ae0
PB		 2967 hwaddr done = 0;
2968 hwaddr l, xlat, base;
2969 MemoryRegion *mr, *this_mr;
e81bcda5 2970 void *ptr;
6d16c2f8 2971
e3127ae0
PB		 2972 if (len == 0) {
2973 return NULL;
2974 }
38bee5dc 2975
e3127ae0 2976 l = len;
41063e1e 2977 rcu_read_lock();
e3127ae0 2978 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2979
e3127ae0 2980 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2981 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2982 rcu_read_unlock();
e3127ae0 2983 return NULL;
6d16c2f8 2984 }
e85d9db5
KW		 2985 /* Avoid unbounded allocations */
2986 l = MIN(l, TARGET_PAGE_SIZE);
2987 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2988 bounce.addr = addr;
2989 bounce.len = l;
d3e71559
PB		 2990
2991 memory_region_ref(mr);
2992 bounce.mr = mr;
e3127ae0 2993 if (!is_write) {
5c9eb028
PM		 2994 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2995 bounce.buffer, l);
8ab934f9 2996 }
6d16c2f8 2997
41063e1e 2998 rcu_read_unlock();
e3127ae0
PB		 2999 *plen = l;
3000 return bounce.buffer;
3001 }
3002
3003 base = xlat;
e3127ae0
PB		 3004
3005 for (;;) {
6d16c2f8
AL		 3006 len -= l;
3007 addr += l;
e3127ae0
PB		 3008 done += l;
3009 if (len == 0) {
3010 break;
3011 }
3012
3013 l = len;
3014 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3015 if (this_mr != mr || xlat != base + done) {
3016 break;
3017 }
6d16c2f8 3018 }
e3127ae0 3019
d3e71559 3020 memory_region_ref(mr);
e3127ae0 3021 *plen = done;
0878d0e1 3022 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 3023 rcu_read_unlock();
3024
3025 return ptr;
6d16c2f8
AL		 3026}
3027
ac1970fb 3028/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3029 * Will also mark the memory as dirty if is_write == 1. access_len gives
3030 * the amount of memory that was actually read or written by the caller.
3031 */
a8170e5e
AK		 3032void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3033 int is_write, hwaddr access_len)
6d16c2f8
AL		 3034{
3035 if (buffer != bounce.buffer) {
d3e71559
PB		 3036 MemoryRegion *mr;
3037 ram_addr_t addr1;
3038
07bdaa41 3039 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3040 assert(mr != NULL);
6d16c2f8 3041 if (is_write) {
845b6214 3042 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3043 }
868bb33f 3044 if (xen_enabled()) {
e41d7c69 3045 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3046 }
d3e71559 3047 memory_region_unref(mr);
6d16c2f8
AL		 3048 return;
3049 }
3050 if (is_write) {
5c9eb028
PM		 3051 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3052 bounce.buffer, access_len);
6d16c2f8 3053 }
f8a83245 3054 qemu_vfree(bounce.buffer);
6d16c2f8 3055 bounce.buffer = NULL;
d3e71559 3056 memory_region_unref(bounce.mr);
c2cba0ff 3057 atomic_mb_set(&bounce.in_use, false);
ba223c29 3058 cpu_notify_map_clients();
6d16c2f8 3059}
d0ecd2aa 3060
a8170e5e
AK		 3061void *cpu_physical_memory_map(hwaddr addr,
3062 hwaddr *plen,
ac1970fb
AK		 3063 int is_write)
3064{
3065 return address_space_map(&address_space_memory, addr, plen, is_write);
3066}
3067
a8170e5e
AK		 3068void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3069 int is_write, hwaddr access_len)
ac1970fb
AK		 3070{
3071 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3072}
3073
8df1cd07 3074/* warning: addr must be aligned */
50013115
PM		 3075static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3076 MemTxAttrs attrs,
3077 MemTxResult *result,
3078 enum device_endian endian)
8df1cd07 3079{
8df1cd07 3080 uint8_t *ptr;
791af8c8 3081 uint64_t val;
5c8a00ce 3082 MemoryRegion *mr;
149f54b5
PB		 3083 hwaddr l = 4;
3084 hwaddr addr1;
50013115 3085 MemTxResult r;
4840f10e 3086 bool release_lock = false;
8df1cd07 3087
41063e1e 3088 rcu_read_lock();
fdfba1a2 3089 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3090 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3091 release_lock |= prepare_mmio_access(mr);
125b3806 3092
8df1cd07 3093 /* I/O case */
50013115 3094 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3095#if defined(TARGET_WORDS_BIGENDIAN)
3096 if (endian == DEVICE_LITTLE_ENDIAN) {
3097 val = bswap32(val);
3098 }
3099#else
3100 if (endian == DEVICE_BIG_ENDIAN) {
3101 val = bswap32(val);
3102 }
3103#endif
8df1cd07
FB		 3104 } else {
3105 /* RAM case */
0878d0e1 3106 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3107 switch (endian) {
3108 case DEVICE_LITTLE_ENDIAN:
3109 val = ldl_le_p(ptr);
3110 break;
3111 case DEVICE_BIG_ENDIAN:
3112 val = ldl_be_p(ptr);
3113 break;
3114 default:
3115 val = ldl_p(ptr);
3116 break;
3117 }
50013115
PM		 3118 r = MEMTX_OK;
3119 }
3120 if (result) {
3121 *result = r;
8df1cd07 3122 }
4840f10e
JK		 3123 if (release_lock) {
3124 qemu_mutex_unlock_iothread();
3125 }
41063e1e 3126 rcu_read_unlock();
8df1cd07
FB		 3127 return val;
3128}
3129
50013115
PM		 3130uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3131 MemTxAttrs attrs, MemTxResult *result)
3132{
3133 return address_space_ldl_internal(as, addr, attrs, result,
3134 DEVICE_NATIVE_ENDIAN);
3135}
3136
3137uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3138 MemTxAttrs attrs, MemTxResult *result)
3139{
3140 return address_space_ldl_internal(as, addr, attrs, result,
3141 DEVICE_LITTLE_ENDIAN);
3142}
3143
3144uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3145 MemTxAttrs attrs, MemTxResult *result)
3146{
3147 return address_space_ldl_internal(as, addr, attrs, result,
3148 DEVICE_BIG_ENDIAN);
3149}
3150
fdfba1a2 3151uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3152{
50013115 3153 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3154}
3155
fdfba1a2 3156uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3157{
50013115 3158 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3159}
3160
fdfba1a2 3161uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3162{
50013115 3163 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3164}
3165
84b7b8e7 3166/* warning: addr must be aligned */
50013115
PM		 3167static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3168 MemTxAttrs attrs,
3169 MemTxResult *result,
3170 enum device_endian endian)
84b7b8e7 3171{
84b7b8e7
FB		 3172 uint8_t *ptr;
3173 uint64_t val;
5c8a00ce 3174 MemoryRegion *mr;
149f54b5
PB		 3175 hwaddr l = 8;
3176 hwaddr addr1;
50013115 3177 MemTxResult r;
4840f10e 3178 bool release_lock = false;
84b7b8e7 3179
41063e1e 3180 rcu_read_lock();
2c17449b 3181 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3182 false);
3183 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3184 release_lock |= prepare_mmio_access(mr);
125b3806 3185
84b7b8e7 3186 /* I/O case */
50013115 3187 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3188#if defined(TARGET_WORDS_BIGENDIAN)
3189 if (endian == DEVICE_LITTLE_ENDIAN) {
3190 val = bswap64(val);
3191 }
3192#else
3193 if (endian == DEVICE_BIG_ENDIAN) {
3194 val = bswap64(val);
3195 }
84b7b8e7
FB		 3196#endif
3197 } else {
3198 /* RAM case */
0878d0e1 3199 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3200 switch (endian) {
3201 case DEVICE_LITTLE_ENDIAN:
3202 val = ldq_le_p(ptr);
3203 break;
3204 case DEVICE_BIG_ENDIAN:
3205 val = ldq_be_p(ptr);
3206 break;
3207 default:
3208 val = ldq_p(ptr);
3209 break;
3210 }
50013115
PM		 3211 r = MEMTX_OK;
3212 }
3213 if (result) {
3214 *result = r;
84b7b8e7 3215 }
4840f10e
JK		 3216 if (release_lock) {
3217 qemu_mutex_unlock_iothread();
3218 }
41063e1e 3219 rcu_read_unlock();
84b7b8e7
FB		 3220 return val;
3221}
3222
50013115
PM		 3223uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3224 MemTxAttrs attrs, MemTxResult *result)
3225{
3226 return address_space_ldq_internal(as, addr, attrs, result,
3227 DEVICE_NATIVE_ENDIAN);
3228}
3229
3230uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3231 MemTxAttrs attrs, MemTxResult *result)
3232{
3233 return address_space_ldq_internal(as, addr, attrs, result,
3234 DEVICE_LITTLE_ENDIAN);
3235}
3236
3237uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3238 MemTxAttrs attrs, MemTxResult *result)
3239{
3240 return address_space_ldq_internal(as, addr, attrs, result,
3241 DEVICE_BIG_ENDIAN);
3242}
3243
2c17449b 3244uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3245{
50013115 3246 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3247}
3248
2c17449b 3249uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3250{
50013115 3251 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3252}
3253
2c17449b 3254uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3255{
50013115 3256 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3257}
3258
aab33094 3259/* XXX: optimize */
50013115
PM		 3260uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3261 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3262{
3263 uint8_t val;
50013115
PM		 3264 MemTxResult r;
3265
3266 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3267 if (result) {
3268 *result = r;
3269 }
aab33094
FB		 3270 return val;
3271}
3272
50013115
PM		 3273uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3274{
3275 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3276}
3277
733f0b02 3278/* warning: addr must be aligned */
50013115
PM		 3279static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3280 hwaddr addr,
3281 MemTxAttrs attrs,
3282 MemTxResult *result,
3283 enum device_endian endian)
aab33094 3284{
733f0b02
MT		 3285 uint8_t *ptr;
3286 uint64_t val;
5c8a00ce 3287 MemoryRegion *mr;
149f54b5
PB		 3288 hwaddr l = 2;
3289 hwaddr addr1;
50013115 3290 MemTxResult r;
4840f10e 3291 bool release_lock = false;
733f0b02 3292
41063e1e 3293 rcu_read_lock();
41701aa4 3294 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3295 false);
3296 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3297 release_lock |= prepare_mmio_access(mr);
125b3806 3298
733f0b02 3299 /* I/O case */
50013115 3300 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3301#if defined(TARGET_WORDS_BIGENDIAN)
3302 if (endian == DEVICE_LITTLE_ENDIAN) {
3303 val = bswap16(val);
3304 }
3305#else
3306 if (endian == DEVICE_BIG_ENDIAN) {
3307 val = bswap16(val);
3308 }
3309#endif
733f0b02
MT		 3310 } else {
3311 /* RAM case */
0878d0e1 3312 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3313 switch (endian) {
3314 case DEVICE_LITTLE_ENDIAN:
3315 val = lduw_le_p(ptr);
3316 break;
3317 case DEVICE_BIG_ENDIAN:
3318 val = lduw_be_p(ptr);
3319 break;
3320 default:
3321 val = lduw_p(ptr);
3322 break;
3323 }
50013115
PM		 3324 r = MEMTX_OK;
3325 }
3326 if (result) {
3327 *result = r;
733f0b02 3328 }
4840f10e
JK		 3329 if (release_lock) {
3330 qemu_mutex_unlock_iothread();
3331 }
41063e1e 3332 rcu_read_unlock();
733f0b02 3333 return val;
aab33094
FB		 3334}
3335
50013115
PM		 3336uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3337 MemTxAttrs attrs, MemTxResult *result)
3338{
3339 return address_space_lduw_internal(as, addr, attrs, result,
3340 DEVICE_NATIVE_ENDIAN);
3341}
3342
3343uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3344 MemTxAttrs attrs, MemTxResult *result)
3345{
3346 return address_space_lduw_internal(as, addr, attrs, result,
3347 DEVICE_LITTLE_ENDIAN);
3348}
3349
3350uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3351 MemTxAttrs attrs, MemTxResult *result)
3352{
3353 return address_space_lduw_internal(as, addr, attrs, result,
3354 DEVICE_BIG_ENDIAN);
3355}
3356
41701aa4 3357uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3358{
50013115 3359 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3360}
3361
41701aa4 3362uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3363{
50013115 3364 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3365}
3366
41701aa4 3367uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3368{
50013115 3369 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3370}
3371
8df1cd07
FB		 3372/* warning: addr must be aligned. The ram page is not masked as dirty
3373 and the code inside is not invalidated. It is useful if the dirty
3374 bits are used to track modified PTEs */
50013115
PM		 3375void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3376 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3377{
8df1cd07 3378 uint8_t *ptr;
5c8a00ce 3379 MemoryRegion *mr;
149f54b5
PB		 3380 hwaddr l = 4;
3381 hwaddr addr1;
50013115 3382 MemTxResult r;
845b6214 3383 uint8_t dirty_log_mask;
4840f10e 3384 bool release_lock = false;
8df1cd07 3385
41063e1e 3386 rcu_read_lock();
2198a121 3387 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3388 true);
3389 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3390 release_lock |= prepare_mmio_access(mr);
125b3806 3391
50013115 3392 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3393 } else {
0878d0e1 3394 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3395 stl_p(ptr, val);
74576198 3396
845b6214
PB		 3397 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3398 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3399 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3400 4, dirty_log_mask);
50013115
PM		 3401 r = MEMTX_OK;
3402 }
3403 if (result) {
3404 *result = r;
8df1cd07 3405 }
4840f10e
JK		 3406 if (release_lock) {
3407 qemu_mutex_unlock_iothread();
3408 }
41063e1e 3409 rcu_read_unlock();
8df1cd07
FB		 3410}
3411
50013115
PM		 3412void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3413{
3414 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3415}
3416
8df1cd07 3417/* warning: addr must be aligned */
50013115
PM		 3418static inline void address_space_stl_internal(AddressSpace *as,
3419 hwaddr addr, uint32_t val,
3420 MemTxAttrs attrs,
3421 MemTxResult *result,
3422 enum device_endian endian)
8df1cd07 3423{
8df1cd07 3424 uint8_t *ptr;
5c8a00ce 3425 MemoryRegion *mr;
149f54b5
PB		 3426 hwaddr l = 4;
3427 hwaddr addr1;
50013115 3428 MemTxResult r;
4840f10e 3429 bool release_lock = false;
8df1cd07 3430
41063e1e 3431 rcu_read_lock();
ab1da857 3432 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3433 true);
3434 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3435 release_lock |= prepare_mmio_access(mr);
125b3806 3436
1e78bcc1
AG		 3437#if defined(TARGET_WORDS_BIGENDIAN)
3438 if (endian == DEVICE_LITTLE_ENDIAN) {
3439 val = bswap32(val);
3440 }
3441#else
3442 if (endian == DEVICE_BIG_ENDIAN) {
3443 val = bswap32(val);
3444 }
3445#endif
50013115 3446 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3447 } else {
8df1cd07 3448 /* RAM case */
0878d0e1 3449 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3450 switch (endian) {
3451 case DEVICE_LITTLE_ENDIAN:
3452 stl_le_p(ptr, val);
3453 break;
3454 case DEVICE_BIG_ENDIAN:
3455 stl_be_p(ptr, val);
3456 break;
3457 default:
3458 stl_p(ptr, val);
3459 break;
3460 }
845b6214 3461 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3462 r = MEMTX_OK;
3463 }
3464 if (result) {
3465 *result = r;
8df1cd07 3466 }
4840f10e
JK		 3467 if (release_lock) {
3468 qemu_mutex_unlock_iothread();
3469 }
41063e1e 3470 rcu_read_unlock();
8df1cd07
FB		 3471}
3472
50013115
PM		 3473void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3474 MemTxAttrs attrs, MemTxResult *result)
3475{
3476 address_space_stl_internal(as, addr, val, attrs, result,
3477 DEVICE_NATIVE_ENDIAN);
3478}
3479
3480void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3481 MemTxAttrs attrs, MemTxResult *result)
3482{
3483 address_space_stl_internal(as, addr, val, attrs, result,
3484 DEVICE_LITTLE_ENDIAN);
3485}
3486
3487void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
3489{
3490 address_space_stl_internal(as, addr, val, attrs, result,
3491 DEVICE_BIG_ENDIAN);
3492}
3493
ab1da857 3494void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3495{
50013115 3496 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3497}
3498
ab1da857 3499void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3500{
50013115 3501 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3502}
3503
ab1da857 3504void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3505{
50013115 3506 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3507}
3508
aab33094 3509/* XXX: optimize */
50013115
PM		 3510void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3511 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3512{
3513 uint8_t v = val;
50013115
PM		 3514 MemTxResult r;
3515
3516 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3517 if (result) {
3518 *result = r;
3519 }
3520}
3521
3522void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3523{
3524 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3525}
3526
733f0b02 3527/* warning: addr must be aligned */
50013115
PM		 3528static inline void address_space_stw_internal(AddressSpace *as,
3529 hwaddr addr, uint32_t val,
3530 MemTxAttrs attrs,
3531 MemTxResult *result,
3532 enum device_endian endian)
aab33094 3533{
733f0b02 3534 uint8_t *ptr;
5c8a00ce 3535 MemoryRegion *mr;
149f54b5
PB		 3536 hwaddr l = 2;
3537 hwaddr addr1;
50013115 3538 MemTxResult r;
4840f10e 3539 bool release_lock = false;
733f0b02 3540
41063e1e 3541 rcu_read_lock();
5ce5944d 3542 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3543 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3544 release_lock |= prepare_mmio_access(mr);
125b3806 3545
1e78bcc1
AG		 3546#if defined(TARGET_WORDS_BIGENDIAN)
3547 if (endian == DEVICE_LITTLE_ENDIAN) {
3548 val = bswap16(val);
3549 }
3550#else
3551 if (endian == DEVICE_BIG_ENDIAN) {
3552 val = bswap16(val);
3553 }
3554#endif
50013115 3555 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3556 } else {
733f0b02 3557 /* RAM case */
0878d0e1 3558 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3559 switch (endian) {
3560 case DEVICE_LITTLE_ENDIAN:
3561 stw_le_p(ptr, val);
3562 break;
3563 case DEVICE_BIG_ENDIAN:
3564 stw_be_p(ptr, val);
3565 break;
3566 default:
3567 stw_p(ptr, val);
3568 break;
3569 }
845b6214 3570 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3571 r = MEMTX_OK;
3572 }
3573 if (result) {
3574 *result = r;
733f0b02 3575 }
4840f10e
JK		 3576 if (release_lock) {
3577 qemu_mutex_unlock_iothread();
3578 }
41063e1e 3579 rcu_read_unlock();
aab33094
FB		 3580}
3581
50013115
PM		 3582void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3583 MemTxAttrs attrs, MemTxResult *result)
3584{
3585 address_space_stw_internal(as, addr, val, attrs, result,
3586 DEVICE_NATIVE_ENDIAN);
3587}
3588
3589void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3590 MemTxAttrs attrs, MemTxResult *result)
3591{
3592 address_space_stw_internal(as, addr, val, attrs, result,
3593 DEVICE_LITTLE_ENDIAN);
3594}
3595
3596void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3597 MemTxAttrs attrs, MemTxResult *result)
3598{
3599 address_space_stw_internal(as, addr, val, attrs, result,
3600 DEVICE_BIG_ENDIAN);
3601}
3602
5ce5944d 3603void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3604{
50013115 3605 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3606}
3607
5ce5944d 3608void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3609{
50013115 3610 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3611}
3612
5ce5944d 3613void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3614{
50013115 3615 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3616}
3617
aab33094 3618/* XXX: optimize */
50013115
PM		 3619void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3620 MemTxAttrs attrs, MemTxResult *result)
aab33094 3621{
50013115 3622 MemTxResult r;
aab33094 3623 val = tswap64(val);
50013115
PM		 3624 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3625 if (result) {
3626 *result = r;
3627 }
aab33094
FB		 3628}
3629
50013115
PM		 3630void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3631 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3632{
50013115 3633 MemTxResult r;
1e78bcc1 3634 val = cpu_to_le64(val);
50013115
PM		 3635 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3636 if (result) {
3637 *result = r;
3638 }
3639}
3640void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3641 MemTxAttrs attrs, MemTxResult *result)
3642{
3643 MemTxResult r;
3644 val = cpu_to_be64(val);
3645 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3646 if (result) {
3647 *result = r;
3648 }
3649}
3650
3651void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3652{
3653 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3654}
3655
3656void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3657{
3658 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3659}
3660
f606604f 3661void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3662{
50013115 3663 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3664}
3665
5e2972fd 3666/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3667int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3668 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3669{
3670 int l;
a8170e5e 3671 hwaddr phys_addr;
9b3c35e0 3672 target_ulong page;
13eb76e0
FB		 3673
3674 while (len > 0) {
5232e4c7
PM		 3675 int asidx;
3676 MemTxAttrs attrs;
3677
13eb76e0 3678 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3679 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3680 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3681 /* if no physical page mapped, return an error */
3682 if (phys_addr == -1)
3683 return -1;
3684 l = (page + TARGET_PAGE_SIZE) - addr;
3685 if (l > len)
3686 l = len;
5e2972fd 3687 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3688 if (is_write) {
5232e4c7
PM		 3689 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3690 phys_addr, buf, l);
2e38847b 3691 } else {
5232e4c7
PM		 3692 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3693 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3694 buf, l, 0);
2e38847b 3695 }
13eb76e0
FB		 3696 len -= l;
3697 buf += l;
3698 addr += l;
3699 }
3700 return 0;
3701}
038629a6
DDAG		 3702
3703/*
3704 * Allows code that needs to deal with migration bitmaps etc to still be built
3705 * target independent.
3706 */
3707size_t qemu_target_page_bits(void)
3708{
3709 return TARGET_PAGE_BITS;
3710}
3711
a68fe89c 3712#endif
13eb76e0 3713
8e4a424b
BS		 3714/*
3715 * A helper function for the _utterly broken_ virtio device model to find out if
3716 * it's running on a big endian machine. Don't do this at home kids!
3717 */
98ed8ecf
GK		 3718bool target_words_bigendian(void);
3719bool target_words_bigendian(void)
8e4a424b
BS		 3720{
3721#if defined(TARGET_WORDS_BIGENDIAN)
3722 return true;
3723#else
3724 return false;
3725#endif
3726}
3727
76f35538 3728#ifndef CONFIG_USER_ONLY
a8170e5e 3729bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3730{
5c8a00ce 3731 MemoryRegion*mr;
149f54b5 3732 hwaddr l = 1;
41063e1e 3733 bool res;
76f35538 3734
41063e1e 3735 rcu_read_lock();
5c8a00ce
PB		 3736 mr = address_space_translate(&address_space_memory,
3737 phys_addr, &phys_addr, &l, false);
76f35538 3738
41063e1e
PB		 3739 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3740 rcu_read_unlock();
3741 return res;
76f35538 3742}
bd2fa51f 3743
e3807054 3744int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3745{
3746 RAMBlock *block;
e3807054 3747 int ret = 0;
bd2fa51f 3748
0dc3f44a
MD		 3749 rcu_read_lock();
3750 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3751 ret = func(block->idstr, block->host, block->offset,
3752 block->used_length, opaque);
3753 if (ret) {
3754 break;
3755 }
bd2fa51f 3756 }
0dc3f44a 3757 rcu_read_unlock();
e3807054 3758 return ret;
bd2fa51f 3759}
ec3f8c99 3760#endif
QEMU mirror