]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sPAPR: Introduce rtas_ldq()
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
0cac1b66 53
022c62cb 54#include "exec/memory-internal.h"
220c3ebd 55#include "exec/ram_addr.h"
67d95c15 56
b35ba30f
MT		 57#include "qemu/range.h"
58
db7b5426 59//#define DEBUG_SUBPAGE
1196be37 60
e2eef170 61#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 62/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
0d53d9fe 65RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 66
67static MemoryRegion *system_memory;
309cb471 68static MemoryRegion *system_io;
62152b8a 69
f6790af6
AK		 70AddressSpace address_space_io;
71AddressSpace address_space_memory;
2673a5da 72
0844e007 73MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 74static MemoryRegion io_mem_unassigned;
0e0df1e2 75
7bd4f430
PB		 76/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77#define RAM_PREALLOC (1 << 0)
78
dbcb8981
PB		 79/* RAM is mmap-ed with MAP_SHARED */
80#define RAM_SHARED (1 << 1)
81
62be4e3a
MT		 82/* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85#define RAM_RESIZEABLE (1 << 2)
86
e2eef170 87#endif
9fa3e853 88
bdc44640 89struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 90/* current CPU in the current thread. It is only valid inside
91 cpu_exec() */
f240eb6f 92__thread CPUState *current_cpu;
2e70f6ef 93/* 0 = Do not count executed instructions.
bf20dc07 94 1 = Precise instruction counting.
2e70f6ef 95 2 = Adaptive rate instruction counting. */
5708fc66 96int use_icount;
6a00d601 97
e2eef170 98#if !defined(CONFIG_USER_ONLY)
4346ae3e 99
1db8abb1
PB		 100typedef struct PhysPageEntry PhysPageEntry;
101
102struct PhysPageEntry {
9736e55b 103 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 104 uint32_t skip : 6;
9736e55b 105 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 106 uint32_t ptr : 26;
1db8abb1
PB		 107};
108
8b795765
MT		 109#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
110
03f49957 111/* Size of the L2 (and L3, etc) page tables. */
57271d63 112#define ADDR_SPACE_BITS 64
03f49957 113
026736ce 114#define P_L2_BITS 9
03f49957
PB		 115#define P_L2_SIZE (1 << P_L2_BITS)
116
117#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
118
119typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 120
53cb28cb 121typedef struct PhysPageMap {
79e2b9ae
PB		 122 struct rcu_head rcu;
123
53cb28cb
MA		 124 unsigned sections_nb;
125 unsigned sections_nb_alloc;
126 unsigned nodes_nb;
127 unsigned nodes_nb_alloc;
128 Node *nodes;
129 MemoryRegionSection *sections;
130} PhysPageMap;
131
1db8abb1 132struct AddressSpaceDispatch {
79e2b9ae
PB		 133 struct rcu_head rcu;
134
1db8abb1
PB		 135 /* This is a multi-level map on the physical address space.
136 * The bottom level has pointers to MemoryRegionSections.
137 */
138 PhysPageEntry phys_map;
53cb28cb 139 PhysPageMap map;
acc9d80b 140 AddressSpace *as;
1db8abb1
PB		 141};
142
90260c6c
JK		 143#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
144typedef struct subpage_t {
145 MemoryRegion iomem;
acc9d80b 146 AddressSpace *as;
90260c6c
JK		 147 hwaddr base;
148 uint16_t sub_section[TARGET_PAGE_SIZE];
149} subpage_t;
150
b41aac4f
LPF		 151#define PHYS_SECTION_UNASSIGNED 0
152#define PHYS_SECTION_NOTDIRTY 1
153#define PHYS_SECTION_ROM 2
154#define PHYS_SECTION_WATCH 3
5312bd8b 155
e2eef170 156static void io_mem_init(void);
62152b8a 157static void memory_map_init(void);
09daed84 158static void tcg_commit(MemoryListener *listener);
e2eef170 159
1ec9b909 160static MemoryRegion io_mem_watch;
6658ffb8 161#endif
fd6ce8f6 162
6d9a1304 163#if !defined(CONFIG_USER_ONLY)
d6f2ea22 164
53cb28cb 165static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 166{
53cb28cb
MA		 167 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
170 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 171 }
f7bf5461
AK		 172}
173
db94604b 174static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 175{
176 unsigned i;
8b795765 177 uint32_t ret;
db94604b
PB		 178 PhysPageEntry e;
179 PhysPageEntry *p;
f7bf5461 180
53cb28cb 181 ret = map->nodes_nb++;
db94604b 182 p = map->nodes[ret];
f7bf5461 183 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 184 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 185
186 e.skip = leaf ? 0 : 1;
187 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 188 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 189 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 190 }
f7bf5461 191 return ret;
d6f2ea22
AK		 192}
193
53cb28cb
MA		 194static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
195 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 196 int level)
f7bf5461
AK		 197{
198 PhysPageEntry *p;
03f49957 199 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 200
9736e55b 201 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 202 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 203 }
db94604b 204 p = map->nodes[lp->ptr];
03f49957 205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 206
03f49957 207 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 208 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 209 lp->skip = 0;
c19e8800 210 lp->ptr = leaf;
07f07b31
AK		 211 *index += step;
212 *nb -= step;
2999097b 213 } else {
53cb28cb 214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 215 }
216 ++lp;
f7bf5461
AK		 217 }
218}
219
ac1970fb 220static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 221 hwaddr index, hwaddr nb,
2999097b 222 uint16_t leaf)
f7bf5461 223{
2999097b 224 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 226
53cb28cb 227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 228}
229
b35ba30f
MT		 230/* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
232 */
233static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
234{
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
239
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
242 }
243
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
248 }
249
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
254 }
255 }
256
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
260 }
261
262 assert(valid_ptr < P_L2_SIZE);
263
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
267 }
268
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
276 */
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
280 }
281}
282
283static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
284{
285 DECLARE_BITMAP(compacted, nodes_nb);
286
287 if (d->phys_map.skip) {
53cb28cb 288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 289 }
290}
291
97115a8d 292static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 293 Node *nodes, MemoryRegionSection *sections)
92e873b9 294{
31ab2b4a 295 PhysPageEntry *p;
97115a8d 296 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 297 int i;
f1f6e3b8 298
9736e55b 299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 301 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 302 }
9affd6fc 303 p = nodes[lp.ptr];
03f49957 304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 305 }
b35ba30f
MT		 306
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
313 }
f3705d53
AK		 314}
315
e5548617
BS		 316bool memory_region_is_unassigned(MemoryRegion *mr)
317{
2a8e7499 318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 319 && mr != &io_mem_watch;
fd6ce8f6 320}
149f54b5 321
79e2b9ae 322/* Called from RCU critical section */
c7086b4a 323static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 324 hwaddr addr,
325 bool resolve_subpage)
9f029603 326{
90260c6c
JK		 327 MemoryRegionSection *section;
328 subpage_t *subpage;
329
53cb28cb 330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 334 }
335 return section;
9f029603
JK		 336}
337
79e2b9ae 338/* Called from RCU critical section */
90260c6c 339static MemoryRegionSection *
c7086b4a 340address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 341 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 342{
343 MemoryRegionSection *section;
965eb2fc 344 MemoryRegion *mr;
a87f3954 345 Int128 diff;
149f54b5 346
c7086b4a 347 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 348 /* Compute offset within MemoryRegionSection */
349 addr -= section->offset_within_address_space;
350
351 /* Compute offset within MemoryRegion */
352 *xlat = addr + section->offset_within_region;
353
965eb2fc 354 mr = section->mr;
b242e0e0
PB		 355
356 /* MMIO registers can be expected to perform full-width accesses based only
357 * on their address, without considering adjacent registers that could
358 * decode to completely different MemoryRegions. When such registers
359 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
360 * regions overlap wildly. For this reason we cannot clamp the accesses
361 * here.
362 *
363 * If the length is small (as is the case for address_space_ldl/stl),
364 * everything works fine. If the incoming length is large, however,
365 * the caller really has to do the clamping through memory_access_size.
366 */
965eb2fc 367 if (memory_region_is_ram(mr)) {
e4a511f8 368 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 369 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
370 }
149f54b5
PB		 371 return section;
372}
90260c6c 373
a87f3954
PB		 374static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
375{
376 if (memory_region_is_ram(mr)) {
377 return !(is_write && mr->readonly);
378 }
379 if (memory_region_is_romd(mr)) {
380 return !is_write;
381 }
382
383 return false;
384}
385
41063e1e 386/* Called from RCU critical section */
5c8a00ce
PB		 387MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
388 hwaddr *xlat, hwaddr *plen,
389 bool is_write)
90260c6c 390{
30951157
AK		 391 IOMMUTLBEntry iotlb;
392 MemoryRegionSection *section;
393 MemoryRegion *mr;
30951157
AK		 394
395 for (;;) {
79e2b9ae
PB		 396 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
397 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 398 mr = section->mr;
399
400 if (!mr->iommu_ops) {
401 break;
402 }
403
8d7b8cb9 404 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 405 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
406 | (addr & iotlb.addr_mask));
23820dbf 407 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 408 if (!(iotlb.perm & (1 << is_write))) {
409 mr = &io_mem_unassigned;
410 break;
411 }
412
413 as = iotlb.target_as;
414 }
415
fe680d0d 416 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 417 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 418 *plen = MIN(page, *plen);
a87f3954
PB		 419 }
420
30951157
AK		 421 *xlat = addr;
422 return mr;
90260c6c
JK		 423}
424
79e2b9ae 425/* Called from RCU critical section */
90260c6c 426MemoryRegionSection *
9d82b5a7
PB		 427address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
428 hwaddr *xlat, hwaddr *plen)
90260c6c 429{
30951157 430 MemoryRegionSection *section;
9d82b5a7
PB		 431 section = address_space_translate_internal(cpu->memory_dispatch,
432 addr, xlat, plen, false);
30951157
AK		 433
434 assert(!section->mr->iommu_ops);
435 return section;
90260c6c 436}
5b6dd868 437#endif
fd6ce8f6 438
b170fce3 439#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 440
441static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 442{
259186a7 443 CPUState *cpu = opaque;
a513fe19 444
5b6dd868
BS		 445 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
446 version_id is increased. */
259186a7 447 cpu->interrupt_request &= ~0x01;
c01a71c1 448 tlb_flush(cpu, 1);
5b6dd868
BS		 449
450 return 0;
a513fe19 451}
7501267e 452
6c3bff0e
PD		 453static int cpu_common_pre_load(void *opaque)
454{
455 CPUState *cpu = opaque;
456
adee6424 457 cpu->exception_index = -1;
6c3bff0e
PD		 458
459 return 0;
460}
461
462static bool cpu_common_exception_index_needed(void *opaque)
463{
464 CPUState *cpu = opaque;
465
adee6424 466 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 467}
468
469static const VMStateDescription vmstate_cpu_common_exception_index = {
470 .name = "cpu_common/exception_index",
471 .version_id = 1,
472 .minimum_version_id = 1,
5cd8cada 473 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 474 .fields = (VMStateField[]) {
475 VMSTATE_INT32(exception_index, CPUState),
476 VMSTATE_END_OF_LIST()
477 }
478};
479
bac05aa9
AS		 480static bool cpu_common_crash_occurred_needed(void *opaque)
481{
482 CPUState *cpu = opaque;
483
484 return cpu->crash_occurred;
485}
486
487static const VMStateDescription vmstate_cpu_common_crash_occurred = {
488 .name = "cpu_common/crash_occurred",
489 .version_id = 1,
490 .minimum_version_id = 1,
491 .needed = cpu_common_crash_occurred_needed,
492 .fields = (VMStateField[]) {
493 VMSTATE_BOOL(crash_occurred, CPUState),
494 VMSTATE_END_OF_LIST()
495 }
496};
497
1a1562f5 498const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 499 .name = "cpu_common",
500 .version_id = 1,
501 .minimum_version_id = 1,
6c3bff0e 502 .pre_load = cpu_common_pre_load,
5b6dd868 503 .post_load = cpu_common_post_load,
35d08458 504 .fields = (VMStateField[]) {
259186a7
AF		 505 VMSTATE_UINT32(halted, CPUState),
506 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 507 VMSTATE_END_OF_LIST()
6c3bff0e 508 },
5cd8cada
JQ		 509 .subsections = (const VMStateDescription*[]) {
510 &vmstate_cpu_common_exception_index,
bac05aa9 511 &vmstate_cpu_common_crash_occurred,
5cd8cada 512 NULL
5b6dd868
BS		 513 }
514};
1a1562f5 515
5b6dd868 516#endif
ea041c0e 517
38d8f5c8 518CPUState *qemu_get_cpu(int index)
ea041c0e 519{
bdc44640 520 CPUState *cpu;
ea041c0e 521
bdc44640 522 CPU_FOREACH(cpu) {
55e5c285 523 if (cpu->cpu_index == index) {
bdc44640 524 return cpu;
55e5c285 525 }
ea041c0e 526 }
5b6dd868 527
bdc44640 528 return NULL;
ea041c0e
FB		 529}
530
09daed84
EI		 531#if !defined(CONFIG_USER_ONLY)
532void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
533{
534 /* We only support one address space per cpu at the moment. */
535 assert(cpu->as == as);
536
537 if (cpu->tcg_as_listener) {
538 memory_listener_unregister(cpu->tcg_as_listener);
539 } else {
540 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
541 }
542 cpu->tcg_as_listener->commit = tcg_commit;
543 memory_listener_register(cpu->tcg_as_listener, as);
544}
545#endif
546
b7bca733
BR		 547#ifndef CONFIG_USER_ONLY
548static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
549
550static int cpu_get_free_index(Error **errp)
551{
552 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
553
554 if (cpu >= MAX_CPUMASK_BITS) {
555 error_setg(errp, "Trying to use more CPUs than max of %d",
556 MAX_CPUMASK_BITS);
557 return -1;
558 }
559
560 bitmap_set(cpu_index_map, cpu, 1);
561 return cpu;
562}
563
564void cpu_exec_exit(CPUState *cpu)
565{
566 if (cpu->cpu_index == -1) {
567 /* cpu_index was never allocated by this @cpu or was already freed. */
568 return;
569 }
570
571 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
572 cpu->cpu_index = -1;
573}
574#else
575
576static int cpu_get_free_index(Error **errp)
577{
578 CPUState *some_cpu;
579 int cpu_index = 0;
580
581 CPU_FOREACH(some_cpu) {
582 cpu_index++;
583 }
584 return cpu_index;
585}
586
587void cpu_exec_exit(CPUState *cpu)
588{
589}
590#endif
591
4bad9e39 592void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 593{
b170fce3 594 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 595 int cpu_index;
b7bca733 596 Error *local_err = NULL;
5b6dd868 597
291135b5
EH		 598#ifndef CONFIG_USER_ONLY
599 cpu->as = &address_space_memory;
600 cpu->thread_id = qemu_get_thread_id();
601 cpu_reload_memory_map(cpu);
602#endif
603
5b6dd868
BS		 604#if defined(CONFIG_USER_ONLY)
605 cpu_list_lock();
606#endif
b7bca733
BR		 607 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
608 if (local_err) {
609 error_propagate(errp, local_err);
610#if defined(CONFIG_USER_ONLY)
611 cpu_list_unlock();
612#endif
613 return;
5b6dd868 614 }
bdc44640 615 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 616#if defined(CONFIG_USER_ONLY)
617 cpu_list_unlock();
618#endif
e0d47944
AF		 619 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
620 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
621 }
5b6dd868 622#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 623 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 624 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 625 assert(cc->vmsd == NULL);
e0d47944 626 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 627#endif
b170fce3
AF		 628 if (cc->vmsd != NULL) {
629 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
630 }
ea041c0e
FB		 631}
632
94df27fd 633#if defined(CONFIG_USER_ONLY)
00b941e5 634static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 635{
636 tb_invalidate_phys_page_range(pc, pc + 1, 0);
637}
638#else
00b941e5 639static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 640{
e8262a1b
MF		 641 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
642 if (phys != -1) {
09daed84 643 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 644 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 645 }
1e7855a5 646}
c27004ec 647#endif
d720b93d 648
c527ee8f 649#if defined(CONFIG_USER_ONLY)
75a34036 650void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 651
652{
653}
654
3ee887e8
PM		 655int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
656 int flags)
657{
658 return -ENOSYS;
659}
660
661void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
662{
663}
664
75a34036 665int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 666 int flags, CPUWatchpoint **watchpoint)
667{
668 return -ENOSYS;
669}
670#else
6658ffb8 671/* Add a watchpoint. */
75a34036 672int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 673 int flags, CPUWatchpoint **watchpoint)
6658ffb8 674{
c0ce998e 675 CPUWatchpoint *wp;
6658ffb8 676
05068c0d 677 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 678 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 679 error_report("tried to set invalid watchpoint at %"
680 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 681 return -EINVAL;
682 }
7267c094 683 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 684
685 wp->vaddr = addr;
05068c0d 686 wp->len = len;
a1d1bb31
AL		 687 wp->flags = flags;
688
2dc9f411 689 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 690 if (flags & BP_GDB) {
691 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
692 } else {
693 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
694 }
6658ffb8 695
31b030d4 696 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 697
698 if (watchpoint)
699 *watchpoint = wp;
700 return 0;
6658ffb8
PB		 701}
702
a1d1bb31 703/* Remove a specific watchpoint. */
75a34036 704int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 705 int flags)
6658ffb8 706{
a1d1bb31 707 CPUWatchpoint *wp;
6658ffb8 708
ff4700b0 709 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 710 if (addr == wp->vaddr && len == wp->len
6e140f28 711 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 712 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 713 return 0;
714 }
715 }
a1d1bb31 716 return -ENOENT;
6658ffb8
PB		 717}
718
a1d1bb31 719/* Remove a specific watchpoint by reference. */
75a34036 720void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 721{
ff4700b0 722 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 723
31b030d4 724 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 725
7267c094 726 g_free(watchpoint);
a1d1bb31
AL		 727}
728
729/* Remove all matching watchpoints. */
75a34036 730void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 731{
c0ce998e 732 CPUWatchpoint *wp, *next;
a1d1bb31 733
ff4700b0 734 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 735 if (wp->flags & mask) {
736 cpu_watchpoint_remove_by_ref(cpu, wp);
737 }
c0ce998e 738 }
7d03f82f 739}
05068c0d
PM		 740
741/* Return true if this watchpoint address matches the specified
742 * access (ie the address range covered by the watchpoint overlaps
743 * partially or completely with the address range covered by the
744 * access).
745 */
746static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
747 vaddr addr,
748 vaddr len)
749{
750 /* We know the lengths are non-zero, but a little caution is
751 * required to avoid errors in the case where the range ends
752 * exactly at the top of the address space and so addr + len
753 * wraps round to zero.
754 */
755 vaddr wpend = wp->vaddr + wp->len - 1;
756 vaddr addrend = addr + len - 1;
757
758 return !(addr > wpend || wp->vaddr > addrend);
759}
760
c527ee8f 761#endif
7d03f82f 762
a1d1bb31 763/* Add a breakpoint. */
b3310ab3 764int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 765 CPUBreakpoint **breakpoint)
4c3a88a2 766{
c0ce998e 767 CPUBreakpoint *bp;
3b46e624 768
7267c094 769 bp = g_malloc(sizeof(*bp));
4c3a88a2 770
a1d1bb31
AL		 771 bp->pc = pc;
772 bp->flags = flags;
773
2dc9f411 774 /* keep all GDB-injected breakpoints in front */
00b941e5 775 if (flags & BP_GDB) {
f0c3c505 776 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 777 } else {
f0c3c505 778 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 779 }
3b46e624 780
f0c3c505 781 breakpoint_invalidate(cpu, pc);
a1d1bb31 782
00b941e5 783 if (breakpoint) {
a1d1bb31 784 *breakpoint = bp;
00b941e5 785 }
4c3a88a2 786 return 0;
4c3a88a2
FB		 787}
788
a1d1bb31 789/* Remove a specific breakpoint. */
b3310ab3 790int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 791{
a1d1bb31
AL		 792 CPUBreakpoint *bp;
793
f0c3c505 794 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 795 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 796 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 797 return 0;
798 }
7d03f82f 799 }
a1d1bb31 800 return -ENOENT;
7d03f82f
EI		 801}
802
a1d1bb31 803/* Remove a specific breakpoint by reference. */
b3310ab3 804void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 805{
f0c3c505
AF		 806 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
807
808 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 809
7267c094 810 g_free(breakpoint);
a1d1bb31
AL		 811}
812
813/* Remove all matching breakpoints. */
b3310ab3 814void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 815{
c0ce998e 816 CPUBreakpoint *bp, *next;
a1d1bb31 817
f0c3c505 818 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 819 if (bp->flags & mask) {
820 cpu_breakpoint_remove_by_ref(cpu, bp);
821 }
c0ce998e 822 }
4c3a88a2
FB		 823}
824
c33a346e
FB		 825/* enable or disable single step mode. EXCP_DEBUG is returned by the
826 CPU loop after each instruction */
3825b28f 827void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 828{
ed2803da
AF		 829 if (cpu->singlestep_enabled != enabled) {
830 cpu->singlestep_enabled = enabled;
831 if (kvm_enabled()) {
38e478ec 832 kvm_update_guest_debug(cpu, 0);
ed2803da 833 } else {
ccbb4d44 834 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 835 /* XXX: only flush what is necessary */
bbd77c18 836 tb_flush(cpu);
e22a25c9 837 }
c33a346e 838 }
c33a346e
FB		 839}
840
a47dddd7 841void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 842{
843 va_list ap;
493ae1f0 844 va_list ap2;
7501267e
FB		 845
846 va_start(ap, fmt);
493ae1f0 847 va_copy(ap2, ap);
7501267e
FB		 848 fprintf(stderr, "qemu: fatal: ");
849 vfprintf(stderr, fmt, ap);
850 fprintf(stderr, "\n");
878096ee 851 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 852 if (qemu_log_enabled()) {
853 qemu_log("qemu: fatal: ");
854 qemu_log_vprintf(fmt, ap2);
855 qemu_log("\n");
a0762859 856 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 857 qemu_log_flush();
93fcfe39 858 qemu_log_close();
924edcae 859 }
493ae1f0 860 va_end(ap2);
f9373291 861 va_end(ap);
fd052bf6
RV		 862#if defined(CONFIG_USER_ONLY)
863 {
864 struct sigaction act;
865 sigfillset(&act.sa_mask);
866 act.sa_handler = SIG_DFL;
867 sigaction(SIGABRT, &act, NULL);
868 }
869#endif
7501267e
FB		 870 abort();
871}
872
0124311e 873#if !defined(CONFIG_USER_ONLY)
0dc3f44a 874/* Called from RCU critical section */
041603fe
PB		 875static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
876{
877 RAMBlock *block;
878
43771539 879 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 880 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 881 goto found;
882 }
0dc3f44a 883 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 884 if (addr - block->offset < block->max_length) {
041603fe
PB		 885 goto found;
886 }
887 }
888
889 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
890 abort();
891
892found:
43771539
PB		 893 /* It is safe to write mru_block outside the iothread lock. This
894 * is what happens:
895 *
896 * mru_block = xxx
897 * rcu_read_unlock()
898 * xxx removed from list
899 * rcu_read_lock()
900 * read mru_block
901 * mru_block = NULL;
902 * call_rcu(reclaim_ramblock, xxx);
903 * rcu_read_unlock()
904 *
905 * atomic_rcu_set is not needed here. The block was already published
906 * when it was placed into the list. Here we're just making an extra
907 * copy of the pointer.
908 */
041603fe
PB		 909 ram_list.mru_block = block;
910 return block;
911}
912
a2f4d5be 913static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 914{
9a13565d 915 CPUState *cpu;
041603fe 916 ram_addr_t start1;
a2f4d5be
JQ		 917 RAMBlock *block;
918 ram_addr_t end;
919
920 end = TARGET_PAGE_ALIGN(start + length);
921 start &= TARGET_PAGE_MASK;
d24981d3 922
0dc3f44a 923 rcu_read_lock();
041603fe
PB		 924 block = qemu_get_ram_block(start);
925 assert(block == qemu_get_ram_block(end - 1));
1240be24 926 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 927 CPU_FOREACH(cpu) {
928 tlb_reset_dirty(cpu, start1, length);
929 }
0dc3f44a 930 rcu_read_unlock();
d24981d3
JQ		 931}
932
5579c7f3 933/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 934bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
935 ram_addr_t length,
936 unsigned client)
1ccde1cb 937{
03eebc9e
SH		 938 unsigned long end, page;
939 bool dirty;
940
941 if (length == 0) {
942 return false;
943 }
f23db169 944
03eebc9e
SH		 945 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
946 page = start >> TARGET_PAGE_BITS;
947 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
948 page, end - page);
949
950 if (dirty && tcg_enabled()) {
a2f4d5be 951 tlb_reset_dirty_range_all(start, length);
5579c7f3 952 }
03eebc9e
SH		 953
954 return dirty;
1ccde1cb
FB		 955}
956
79e2b9ae 957/* Called from RCU critical section */
bb0e627a 958hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 959 MemoryRegionSection *section,
960 target_ulong vaddr,
961 hwaddr paddr, hwaddr xlat,
962 int prot,
963 target_ulong *address)
e5548617 964{
a8170e5e 965 hwaddr iotlb;
e5548617
BS		 966 CPUWatchpoint *wp;
967
cc5bea60 968 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 969 /* Normal RAM. */
970 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 971 + xlat;
e5548617 972 if (!section->readonly) {
b41aac4f 973 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 974 } else {
b41aac4f 975 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 976 }
977 } else {
0b8e2c10
PM		 978 AddressSpaceDispatch *d;
979
980 d = atomic_rcu_read(&section->address_space->dispatch);
981 iotlb = section - d->map.sections;
149f54b5 982 iotlb += xlat;
e5548617
BS		 983 }
984
985 /* Make accesses to pages with watchpoints go via the
986 watchpoint trap routines. */
ff4700b0 987 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 988 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 989 /* Avoid trapping reads of pages with a write breakpoint. */
990 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 991 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 992 *address |= TLB_MMIO;
993 break;
994 }
995 }
996 }
997
998 return iotlb;
999}
9fa3e853
FB		 1000#endif /* defined(CONFIG_USER_ONLY) */
1001
e2eef170 1002#if !defined(CONFIG_USER_ONLY)
8da3ff18 1003
c227f099 1004static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1005 uint16_t section);
acc9d80b 1006static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1007
a2b257d6
IM		 1008static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1009 qemu_anon_ram_alloc;
91138037
MA		 1010
1011/*
1012 * Set a custom physical guest memory alloator.
1013 * Accelerators with unusual needs may need this. Hopefully, we can
1014 * get rid of it eventually.
1015 */
a2b257d6 1016void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1017{
1018 phys_mem_alloc = alloc;
1019}
1020
53cb28cb
MA		 1021static uint16_t phys_section_add(PhysPageMap *map,
1022 MemoryRegionSection *section)
5312bd8b 1023{
68f3f65b
PB		 1024 /* The physical section number is ORed with a page-aligned
1025 * pointer to produce the iotlb entries. Thus it should
1026 * never overflow into the page-aligned value.
1027 */
53cb28cb 1028 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1029
53cb28cb
MA		 1030 if (map->sections_nb == map->sections_nb_alloc) {
1031 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1032 map->sections = g_renew(MemoryRegionSection, map->sections,
1033 map->sections_nb_alloc);
5312bd8b 1034 }
53cb28cb 1035 map->sections[map->sections_nb] = *section;
dfde4e6e 1036 memory_region_ref(section->mr);
53cb28cb 1037 return map->sections_nb++;
5312bd8b
AK		 1038}
1039
058bc4b5
PB		 1040static void phys_section_destroy(MemoryRegion *mr)
1041{
dfde4e6e
PB		 1042 memory_region_unref(mr);
1043
058bc4b5
PB		 1044 if (mr->subpage) {
1045 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1046 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1047 g_free(subpage);
1048 }
1049}
1050
6092666e 1051static void phys_sections_free(PhysPageMap *map)
5312bd8b 1052{
9affd6fc
PB		 1053 while (map->sections_nb > 0) {
1054 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1055 phys_section_destroy(section->mr);
1056 }
9affd6fc
PB		 1057 g_free(map->sections);
1058 g_free(map->nodes);
5312bd8b
AK		 1059}
1060
ac1970fb 1061static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1062{
1063 subpage_t *subpage;
a8170e5e 1064 hwaddr base = section->offset_within_address_space
0f0cb164 1065 & TARGET_PAGE_MASK;
97115a8d 1066 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1067 d->map.nodes, d->map.sections);
0f0cb164
AK		 1068 MemoryRegionSection subsection = {
1069 .offset_within_address_space = base,
052e87b0 1070 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1071 };
a8170e5e 1072 hwaddr start, end;
0f0cb164 1073
f3705d53 1074 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1075
f3705d53 1076 if (!(existing->mr->subpage)) {
acc9d80b 1077 subpage = subpage_init(d->as, base);
3be91e86 1078 subsection.address_space = d->as;
0f0cb164 1079 subsection.mr = &subpage->iomem;
ac1970fb 1080 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1081 phys_section_add(&d->map, &subsection));
0f0cb164 1082 } else {
f3705d53 1083 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1084 }
1085 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1086 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1087 subpage_register(subpage, start, end,
1088 phys_section_add(&d->map, section));
0f0cb164
AK		 1089}
1090
1091
052e87b0
PB		 1092static void register_multipage(AddressSpaceDispatch *d,
1093 MemoryRegionSection *section)
33417e70 1094{
a8170e5e 1095 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1096 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1097 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1098 TARGET_PAGE_BITS));
dd81124b 1099
733d5ef5
PB		 1100 assert(num_pages);
1101 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1102}
1103
ac1970fb 1104static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1105{
89ae337a 1106 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1107 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1108 MemoryRegionSection now = *section, remain = *section;
052e87b0 1109 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1110
733d5ef5
PB		 1111 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1112 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1113 - now.offset_within_address_space;
1114
052e87b0 1115 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1116 register_subpage(d, &now);
733d5ef5 1117 } else {
052e87b0 1118 now.size = int128_zero();
733d5ef5 1119 }
052e87b0
PB		 1120 while (int128_ne(remain.size, now.size)) {
1121 remain.size = int128_sub(remain.size, now.size);
1122 remain.offset_within_address_space += int128_get64(now.size);
1123 remain.offset_within_region += int128_get64(now.size);
69b67646 1124 now = remain;
052e87b0 1125 if (int128_lt(remain.size, page_size)) {
733d5ef5 1126 register_subpage(d, &now);
88266249 1127 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1128 now.size = page_size;
ac1970fb 1129 register_subpage(d, &now);
69b67646 1130 } else {
052e87b0 1131 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1132 register_multipage(d, &now);
69b67646 1133 }
0f0cb164
AK		 1134 }
1135}
1136
62a2744c
SY		 1137void qemu_flush_coalesced_mmio_buffer(void)
1138{
1139 if (kvm_enabled())
1140 kvm_flush_coalesced_mmio_buffer();
1141}
1142
b2a8658e
UD		 1143void qemu_mutex_lock_ramlist(void)
1144{
1145 qemu_mutex_lock(&ram_list.mutex);
1146}
1147
1148void qemu_mutex_unlock_ramlist(void)
1149{
1150 qemu_mutex_unlock(&ram_list.mutex);
1151}
1152
e1e84ba0 1153#ifdef __linux__
c902760f
MT		 1154
1155#include <sys/vfs.h>
1156
1157#define HUGETLBFS_MAGIC 0x958458f6
1158
fc7a5800 1159static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1160{
1161 struct statfs fs;
1162 int ret;
1163
1164 do {
9742bf26 1165 ret = statfs(path, &fs);
c902760f
MT		 1166 } while (ret != 0 && errno == EINTR);
1167
1168 if (ret != 0) {
fc7a5800
HT		 1169 error_setg_errno(errp, errno, "failed to get page size of file %s",
1170 path);
9742bf26 1171 return 0;
c902760f
MT		 1172 }
1173
1174 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1175 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1176
1177 return fs.f_bsize;
1178}
1179
04b16653
AW		 1180static void *file_ram_alloc(RAMBlock *block,
1181 ram_addr_t memory,
7f56e740
PB		 1182 const char *path,
1183 Error **errp)
c902760f
MT		 1184{
1185 char *filename;
8ca761f6
PF		 1186 char *sanitized_name;
1187 char *c;
557529dd 1188 void *area = NULL;
c902760f 1189 int fd;
557529dd 1190 uint64_t hpagesize;
fc7a5800 1191 Error *local_err = NULL;
c902760f 1192
fc7a5800
HT		 1193 hpagesize = gethugepagesize(path, &local_err);
1194 if (local_err) {
1195 error_propagate(errp, local_err);
f9a49dfa 1196 goto error;
c902760f 1197 }
a2b257d6 1198 block->mr->align = hpagesize;
c902760f
MT		 1199
1200 if (memory < hpagesize) {
557529dd
HT		 1201 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1202 "or larger than huge page size 0x%" PRIx64,
1203 memory, hpagesize);
1204 goto error;
c902760f
MT		 1205 }
1206
1207 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1208 error_setg(errp,
1209 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1210 goto error;
c902760f
MT		 1211 }
1212
8ca761f6 1213 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1214 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1215 for (c = sanitized_name; *c != '\0'; c++) {
1216 if (*c == '/')
1217 *c = '_';
1218 }
1219
1220 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1221 sanitized_name);
1222 g_free(sanitized_name);
c902760f
MT		 1223
1224 fd = mkstemp(filename);
1225 if (fd < 0) {
7f56e740
PB		 1226 error_setg_errno(errp, errno,
1227 "unable to create backing store for hugepages");
e4ada482 1228 g_free(filename);
f9a49dfa 1229 goto error;
c902760f
MT		 1230 }
1231 unlink(filename);
e4ada482 1232 g_free(filename);
c902760f 1233
9284f319 1234 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1235
1236 /*
1237 * ftruncate is not supported by hugetlbfs in older
1238 * hosts, so don't bother bailing out on errors.
1239 * If anything goes wrong with it under other filesystems,
1240 * mmap will fail.
1241 */
7f56e740 1242 if (ftruncate(fd, memory)) {
9742bf26 1243 perror("ftruncate");
7f56e740 1244 }
c902760f 1245
dbcb8981
PB		 1246 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1247 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1248 fd, 0);
c902760f 1249 if (area == MAP_FAILED) {
7f56e740
PB		 1250 error_setg_errno(errp, errno,
1251 "unable to map backing store for hugepages");
9742bf26 1252 close(fd);
f9a49dfa 1253 goto error;
c902760f 1254 }
ef36fa14
MT		 1255
1256 if (mem_prealloc) {
38183310 1257 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1258 }
1259
04b16653 1260 block->fd = fd;
c902760f 1261 return area;
f9a49dfa
MT		 1262
1263error:
1264 if (mem_prealloc) {
81b07353 1265 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1266 exit(1);
1267 }
1268 return NULL;
c902760f
MT		 1269}
1270#endif
1271
0dc3f44a 1272/* Called with the ramlist lock held. */
d17b5288 1273static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1274{
1275 RAMBlock *block, *next_block;
3e837b2c 1276 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1277
49cd9ac6
SH		 1278 assert(size != 0); /* it would hand out same offset multiple times */
1279
0dc3f44a 1280 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1281 return 0;
0d53d9fe 1282 }
04b16653 1283
0dc3f44a 1284 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1285 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1286
62be4e3a 1287 end = block->offset + block->max_length;
04b16653 1288
0dc3f44a 1289 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1290 if (next_block->offset >= end) {
1291 next = MIN(next, next_block->offset);
1292 }
1293 }
1294 if (next - end >= size && next - end < mingap) {
3e837b2c 1295 offset = end;
04b16653
AW		 1296 mingap = next - end;
1297 }
1298 }
3e837b2c
AW		 1299
1300 if (offset == RAM_ADDR_MAX) {
1301 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1302 (uint64_t)size);
1303 abort();
1304 }
1305
04b16653
AW		 1306 return offset;
1307}
1308
652d7ec2 1309ram_addr_t last_ram_offset(void)
d17b5288
AW		 1310{
1311 RAMBlock *block;
1312 ram_addr_t last = 0;
1313
0dc3f44a
MD		 1314 rcu_read_lock();
1315 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1316 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1317 }
0dc3f44a 1318 rcu_read_unlock();
d17b5288
AW		 1319 return last;
1320}
1321
ddb97f1d
JB		 1322static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1323{
1324 int ret;
ddb97f1d
JB		 1325
1326 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1327 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1328 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1329 if (ret) {
1330 perror("qemu_madvise");
1331 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1332 "but dump_guest_core=off specified\n");
1333 }
1334 }
1335}
1336
0dc3f44a
MD		 1337/* Called within an RCU critical section, or while the ramlist lock
1338 * is held.
1339 */
20cfe881 1340static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1341{
20cfe881 1342 RAMBlock *block;
84b89d78 1343
0dc3f44a 1344 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1345 if (block->offset == addr) {
20cfe881 1346 return block;
c5705a77
AK		 1347 }
1348 }
20cfe881
HT		 1349
1350 return NULL;
1351}
1352
ae3a7047 1353/* Called with iothread lock held. */
20cfe881
HT		 1354void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1355{
ae3a7047 1356 RAMBlock *new_block, *block;
20cfe881 1357
0dc3f44a 1358 rcu_read_lock();
ae3a7047 1359 new_block = find_ram_block(addr);
c5705a77
AK		 1360 assert(new_block);
1361 assert(!new_block->idstr[0]);
84b89d78 1362
09e5ab63
AL		 1363 if (dev) {
1364 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1365 if (id) {
1366 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1367 g_free(id);
84b89d78
CM		 1368 }
1369 }
1370 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1371
0dc3f44a 1372 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1373 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1374 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1375 new_block->idstr);
1376 abort();
1377 }
1378 }
0dc3f44a 1379 rcu_read_unlock();
c5705a77
AK		 1380}
1381
ae3a7047 1382/* Called with iothread lock held. */
20cfe881
HT		 1383void qemu_ram_unset_idstr(ram_addr_t addr)
1384{
ae3a7047 1385 RAMBlock *block;
20cfe881 1386
ae3a7047
MD		 1387 /* FIXME: arch_init.c assumes that this is not called throughout
1388 * migration. Ignore the problem since hot-unplug during migration
1389 * does not work anyway.
1390 */
1391
0dc3f44a 1392 rcu_read_lock();
ae3a7047 1393 block = find_ram_block(addr);
20cfe881
HT		 1394 if (block) {
1395 memset(block->idstr, 0, sizeof(block->idstr));
1396 }
0dc3f44a 1397 rcu_read_unlock();
20cfe881
HT		 1398}
1399
8490fc78
LC		 1400static int memory_try_enable_merging(void *addr, size_t len)
1401{
75cc7f01 1402 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1403 /* disabled by the user */
1404 return 0;
1405 }
1406
1407 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1408}
1409
62be4e3a
MT		 1410/* Only legal before guest might have detected the memory size: e.g. on
1411 * incoming migration, or right after reset.
1412 *
1413 * As memory core doesn't know how is memory accessed, it is up to
1414 * resize callback to update device state and/or add assertions to detect
1415 * misuse, if necessary.
1416 */
1417int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1418{
1419 RAMBlock *block = find_ram_block(base);
1420
1421 assert(block);
1422
129ddaf3
MT		 1423 newsize = TARGET_PAGE_ALIGN(newsize);
1424
62be4e3a
MT		 1425 if (block->used_length == newsize) {
1426 return 0;
1427 }
1428
1429 if (!(block->flags & RAM_RESIZEABLE)) {
1430 error_setg_errno(errp, EINVAL,
1431 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1432 " in != 0x" RAM_ADDR_FMT, block->idstr,
1433 newsize, block->used_length);
1434 return -EINVAL;
1435 }
1436
1437 if (block->max_length < newsize) {
1438 error_setg_errno(errp, EINVAL,
1439 "Length too large: %s: 0x" RAM_ADDR_FMT
1440 " > 0x" RAM_ADDR_FMT, block->idstr,
1441 newsize, block->max_length);
1442 return -EINVAL;
1443 }
1444
1445 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1446 block->used_length = newsize;
58d2707e
PB		 1447 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1448 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1449 memory_region_set_size(block->mr, newsize);
1450 if (block->resized) {
1451 block->resized(block->idstr, newsize, block->host);
1452 }
1453 return 0;
1454}
1455
ef701d7b 1456static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1457{
e1c57ab8 1458 RAMBlock *block;
0d53d9fe 1459 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1460 ram_addr_t old_ram_size, new_ram_size;
1461
1462 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1463
b2a8658e 1464 qemu_mutex_lock_ramlist();
9b8424d5 1465 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1466
1467 if (!new_block->host) {
1468 if (xen_enabled()) {
9b8424d5
MT		 1469 xen_ram_alloc(new_block->offset, new_block->max_length,
1470 new_block->mr);
e1c57ab8 1471 } else {
9b8424d5 1472 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1473 &new_block->mr->align);
39228250 1474 if (!new_block->host) {
ef701d7b
HT		 1475 error_setg_errno(errp, errno,
1476 "cannot set up guest memory '%s'",
1477 memory_region_name(new_block->mr));
1478 qemu_mutex_unlock_ramlist();
1479 return -1;
39228250 1480 }
9b8424d5 1481 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1482 }
c902760f 1483 }
94a6b54f 1484
dd631697
LZ		 1485 new_ram_size = MAX(old_ram_size,
1486 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1487 if (new_ram_size > old_ram_size) {
1488 migration_bitmap_extend(old_ram_size, new_ram_size);
1489 }
0d53d9fe
MD		 1490 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1491 * QLIST (which has an RCU-friendly variant) does not have insertion at
1492 * tail, so save the last element in last_block.
1493 */
0dc3f44a 1494 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1495 last_block = block;
9b8424d5 1496 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1497 break;
1498 }
1499 }
1500 if (block) {
0dc3f44a 1501 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1502 } else if (last_block) {
0dc3f44a 1503 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1504 } else { /* list is empty */
0dc3f44a 1505 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1506 }
0d6d3c87 1507 ram_list.mru_block = NULL;
94a6b54f 1508
0dc3f44a
MD		 1509 /* Write list before version */
1510 smp_wmb();
f798b07f 1511 ram_list.version++;
b2a8658e 1512 qemu_mutex_unlock_ramlist();
f798b07f 1513
2152f5ca
JQ		 1514 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1515
1516 if (new_ram_size > old_ram_size) {
1ab4c8ce 1517 int i;
ae3a7047
MD		 1518
1519 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1520 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1521 ram_list.dirty_memory[i] =
1522 bitmap_zero_extend(ram_list.dirty_memory[i],
1523 old_ram_size, new_ram_size);
1524 }
2152f5ca 1525 }
9b8424d5 1526 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1527 new_block->used_length,
1528 DIRTY_CLIENTS_ALL);
94a6b54f 1529
a904c911
PB		 1530 if (new_block->host) {
1531 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1532 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1533 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1534 if (kvm_enabled()) {
1535 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1536 }
e1c57ab8 1537 }
6f0437e8 1538
94a6b54f
PB		 1539 return new_block->offset;
1540}
e9a1ab19 1541
0b183fc8 1542#ifdef __linux__
e1c57ab8 1543ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1544 bool share, const char *mem_path,
7f56e740 1545 Error **errp)
e1c57ab8
PB		 1546{
1547 RAMBlock *new_block;
ef701d7b
HT		 1548 ram_addr_t addr;
1549 Error *local_err = NULL;
e1c57ab8
PB		 1550
1551 if (xen_enabled()) {
7f56e740
PB		 1552 error_setg(errp, "-mem-path not supported with Xen");
1553 return -1;
e1c57ab8
PB		 1554 }
1555
1556 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1557 /*
1558 * file_ram_alloc() needs to allocate just like
1559 * phys_mem_alloc, but we haven't bothered to provide
1560 * a hook there.
1561 */
7f56e740
PB		 1562 error_setg(errp,
1563 "-mem-path not supported with this accelerator");
1564 return -1;
e1c57ab8
PB		 1565 }
1566
1567 size = TARGET_PAGE_ALIGN(size);
1568 new_block = g_malloc0(sizeof(*new_block));
1569 new_block->mr = mr;
9b8424d5
MT		 1570 new_block->used_length = size;
1571 new_block->max_length = size;
dbcb8981 1572 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1573 new_block->host = file_ram_alloc(new_block, size,
1574 mem_path, errp);
1575 if (!new_block->host) {
1576 g_free(new_block);
1577 return -1;
1578 }
1579
ef701d7b
HT		 1580 addr = ram_block_add(new_block, &local_err);
1581 if (local_err) {
1582 g_free(new_block);
1583 error_propagate(errp, local_err);
1584 return -1;
1585 }
1586 return addr;
e1c57ab8 1587}
0b183fc8 1588#endif
e1c57ab8 1589
62be4e3a
MT		 1590static
1591ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1592 void (*resized)(const char*,
1593 uint64_t length,
1594 void *host),
1595 void *host, bool resizeable,
ef701d7b 1596 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1597{
1598 RAMBlock *new_block;
ef701d7b
HT		 1599 ram_addr_t addr;
1600 Error *local_err = NULL;
e1c57ab8
PB		 1601
1602 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1603 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1604 new_block = g_malloc0(sizeof(*new_block));
1605 new_block->mr = mr;
62be4e3a 1606 new_block->resized = resized;
9b8424d5
MT		 1607 new_block->used_length = size;
1608 new_block->max_length = max_size;
62be4e3a 1609 assert(max_size >= size);
e1c57ab8
PB		 1610 new_block->fd = -1;
1611 new_block->host = host;
1612 if (host) {
7bd4f430 1613 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1614 }
62be4e3a
MT		 1615 if (resizeable) {
1616 new_block->flags |= RAM_RESIZEABLE;
1617 }
ef701d7b
HT		 1618 addr = ram_block_add(new_block, &local_err);
1619 if (local_err) {
1620 g_free(new_block);
1621 error_propagate(errp, local_err);
1622 return -1;
1623 }
1624 return addr;
e1c57ab8
PB		 1625}
1626
62be4e3a
MT		 1627ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1628 MemoryRegion *mr, Error **errp)
1629{
1630 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1631}
1632
ef701d7b 1633ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1634{
62be4e3a
MT		 1635 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1636}
1637
1638ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1639 void (*resized)(const char*,
1640 uint64_t length,
1641 void *host),
1642 MemoryRegion *mr, Error **errp)
1643{
1644 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1645}
1646
1f2e98b6
AW		 1647void qemu_ram_free_from_ptr(ram_addr_t addr)
1648{
1649 RAMBlock *block;
1650
b2a8658e 1651 qemu_mutex_lock_ramlist();
0dc3f44a 1652 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1653 if (addr == block->offset) {
0dc3f44a 1654 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1655 ram_list.mru_block = NULL;
0dc3f44a
MD		 1656 /* Write list before version */
1657 smp_wmb();
f798b07f 1658 ram_list.version++;
43771539 1659 g_free_rcu(block, rcu);
b2a8658e 1660 break;
1f2e98b6
AW		 1661 }
1662 }
b2a8658e 1663 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1664}
1665
43771539
PB		 1666static void reclaim_ramblock(RAMBlock *block)
1667{
1668 if (block->flags & RAM_PREALLOC) {
1669 ;
1670 } else if (xen_enabled()) {
1671 xen_invalidate_map_cache_entry(block->host);
1672#ifndef _WIN32
1673 } else if (block->fd >= 0) {
1674 munmap(block->host, block->max_length);
1675 close(block->fd);
1676#endif
1677 } else {
1678 qemu_anon_ram_free(block->host, block->max_length);
1679 }
1680 g_free(block);
1681}
1682
c227f099 1683void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1684{
04b16653
AW		 1685 RAMBlock *block;
1686
b2a8658e 1687 qemu_mutex_lock_ramlist();
0dc3f44a 1688 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1689 if (addr == block->offset) {
0dc3f44a 1690 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1691 ram_list.mru_block = NULL;
0dc3f44a
MD		 1692 /* Write list before version */
1693 smp_wmb();
f798b07f 1694 ram_list.version++;
43771539 1695 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1696 break;
04b16653
AW		 1697 }
1698 }
b2a8658e 1699 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1700}
1701
cd19cfa2
HY		 1702#ifndef _WIN32
1703void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1704{
1705 RAMBlock *block;
1706 ram_addr_t offset;
1707 int flags;
1708 void *area, *vaddr;
1709
0dc3f44a 1710 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1711 offset = addr - block->offset;
9b8424d5 1712 if (offset < block->max_length) {
1240be24 1713 vaddr = ramblock_ptr(block, offset);
7bd4f430 1714 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1715 ;
dfeaf2ab
MA		 1716 } else if (xen_enabled()) {
1717 abort();
cd19cfa2
HY		 1718 } else {
1719 flags = MAP_FIXED;
3435f395 1720 if (block->fd >= 0) {
dbcb8981
PB		 1721 flags |= (block->flags & RAM_SHARED ?
1722 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1723 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1724 flags, block->fd, offset);
cd19cfa2 1725 } else {
2eb9fbaa
MA		 1726 /*
1727 * Remap needs to match alloc. Accelerators that
1728 * set phys_mem_alloc never remap. If they did,
1729 * we'd need a remap hook here.
1730 */
1731 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1732
cd19cfa2
HY		 1733 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1734 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1735 flags, -1, 0);
cd19cfa2
HY		 1736 }
1737 if (area != vaddr) {
f15fbc4b
AP		 1738 fprintf(stderr, "Could not remap addr: "
1739 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1740 length, addr);
1741 exit(1);
1742 }
8490fc78 1743 memory_try_enable_merging(vaddr, length);
ddb97f1d 1744 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1745 }
cd19cfa2
HY		 1746 }
1747 }
1748}
1749#endif /* !_WIN32 */
1750
a35ba7be
PB		 1751int qemu_get_ram_fd(ram_addr_t addr)
1752{
ae3a7047
MD		 1753 RAMBlock *block;
1754 int fd;
a35ba7be 1755
0dc3f44a 1756 rcu_read_lock();
ae3a7047
MD		 1757 block = qemu_get_ram_block(addr);
1758 fd = block->fd;
0dc3f44a 1759 rcu_read_unlock();
ae3a7047 1760 return fd;
a35ba7be
PB		 1761}
1762
3fd74b84
DM		 1763void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1764{
ae3a7047
MD		 1765 RAMBlock *block;
1766 void *ptr;
3fd74b84 1767
0dc3f44a 1768 rcu_read_lock();
ae3a7047
MD		 1769 block = qemu_get_ram_block(addr);
1770 ptr = ramblock_ptr(block, 0);
0dc3f44a 1771 rcu_read_unlock();
ae3a7047 1772 return ptr;
3fd74b84
DM		 1773}
1774
1b5ec234 1775/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1776 * This should not be used for general purpose DMA. Use address_space_map
1777 * or address_space_rw instead. For local memory (e.g. video ram) that the
1778 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1779 *
1780 * By the time this function returns, the returned pointer is not protected
1781 * by RCU anymore. If the caller is not within an RCU critical section and
1782 * does not hold the iothread lock, it must have other means of protecting the
1783 * pointer, such as a reference to the region that includes the incoming
1784 * ram_addr_t.
1b5ec234
PB		 1785 */
1786void *qemu_get_ram_ptr(ram_addr_t addr)
1787{
ae3a7047
MD		 1788 RAMBlock *block;
1789 void *ptr;
1b5ec234 1790
0dc3f44a 1791 rcu_read_lock();
ae3a7047
MD		 1792 block = qemu_get_ram_block(addr);
1793
1794 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1795 /* We need to check if the requested address is in the RAM
1796 * because we don't want to map the entire memory in QEMU.
1797 * In that case just map until the end of the page.
1798 */
1799 if (block->offset == 0) {
ae3a7047 1800 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1801 goto unlock;
0d6d3c87 1802 }
ae3a7047
MD		 1803
1804 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1805 }
ae3a7047
MD		 1806 ptr = ramblock_ptr(block, addr - block->offset);
1807
0dc3f44a
MD		 1808unlock:
1809 rcu_read_unlock();
ae3a7047 1810 return ptr;
dc828ca1
PB		 1811}
1812
38bee5dc 1813/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1814 * but takes a size argument.
0dc3f44a
MD		 1815 *
1816 * By the time this function returns, the returned pointer is not protected
1817 * by RCU anymore. If the caller is not within an RCU critical section and
1818 * does not hold the iothread lock, it must have other means of protecting the
1819 * pointer, such as a reference to the region that includes the incoming
1820 * ram_addr_t.
ae3a7047 1821 */
cb85f7ab 1822static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1823{
ae3a7047 1824 void *ptr;
8ab934f9
SS		 1825 if (*size == 0) {
1826 return NULL;
1827 }
868bb33f 1828 if (xen_enabled()) {
e41d7c69 1829 return xen_map_cache(addr, *size, 1);
868bb33f 1830 } else {
38bee5dc 1831 RAMBlock *block;
0dc3f44a
MD		 1832 rcu_read_lock();
1833 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1834 if (addr - block->offset < block->max_length) {
1835 if (addr - block->offset + *size > block->max_length)
1836 *size = block->max_length - addr + block->offset;
ae3a7047 1837 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1838 rcu_read_unlock();
ae3a7047 1839 return ptr;
38bee5dc
SS		 1840 }
1841 }
1842
1843 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1844 abort();
38bee5dc
SS		 1845 }
1846}
1847
7443b437 1848/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1849 * (typically a TLB entry) back to a ram offset.
1850 *
1851 * By the time this function returns, the returned pointer is not protected
1852 * by RCU anymore. If the caller is not within an RCU critical section and
1853 * does not hold the iothread lock, it must have other means of protecting the
1854 * pointer, such as a reference to the region that includes the incoming
1855 * ram_addr_t.
1856 */
1b5ec234 1857MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1858{
94a6b54f
PB		 1859 RAMBlock *block;
1860 uint8_t *host = ptr;
ae3a7047 1861 MemoryRegion *mr;
94a6b54f 1862
868bb33f 1863 if (xen_enabled()) {
0dc3f44a 1864 rcu_read_lock();
e41d7c69 1865 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1866 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1867 rcu_read_unlock();
ae3a7047 1868 return mr;
712c2b41
SS		 1869 }
1870
0dc3f44a
MD		 1871 rcu_read_lock();
1872 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1873 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1874 goto found;
1875 }
1876
0dc3f44a 1877 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1878 /* This case append when the block is not mapped. */
1879 if (block->host == NULL) {
1880 continue;
1881 }
9b8424d5 1882 if (host - block->host < block->max_length) {
23887b79 1883 goto found;
f471a17e 1884 }
94a6b54f 1885 }
432d268c 1886
0dc3f44a 1887 rcu_read_unlock();
1b5ec234 1888 return NULL;
23887b79
PB		 1889
1890found:
1891 *ram_addr = block->offset + (host - block->host);
ae3a7047 1892 mr = block->mr;
0dc3f44a 1893 rcu_read_unlock();
ae3a7047 1894 return mr;
e890261f 1895}
f471a17e 1896
a8170e5e 1897static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1898 uint64_t val, unsigned size)
9fa3e853 1899{
52159192 1900 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1901 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1902 }
0e0df1e2
AK		 1903 switch (size) {
1904 case 1:
1905 stb_p(qemu_get_ram_ptr(ram_addr), val);
1906 break;
1907 case 2:
1908 stw_p(qemu_get_ram_ptr(ram_addr), val);
1909 break;
1910 case 4:
1911 stl_p(qemu_get_ram_ptr(ram_addr), val);
1912 break;
1913 default:
1914 abort();
3a7d929e 1915 }
58d2707e
PB		 1916 /* Set both VGA and migration bits for simplicity and to remove
1917 * the notdirty callback faster.
1918 */
1919 cpu_physical_memory_set_dirty_range(ram_addr, size,
1920 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1921 /* we remove the notdirty callback only if the code has been
1922 flushed */
a2cd8c85 1923 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1924 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1925 }
9fa3e853
FB		 1926}
1927
b018ddf6
PB		 1928static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1929 unsigned size, bool is_write)
1930{
1931 return is_write;
1932}
1933
0e0df1e2 1934static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1935 .write = notdirty_mem_write,
b018ddf6 1936 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1937 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1938};
1939
0f459d16 1940/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1941static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1942{
93afeade
AF		 1943 CPUState *cpu = current_cpu;
1944 CPUArchState *env = cpu->env_ptr;
06d55cc1 1945 target_ulong pc, cs_base;
0f459d16 1946 target_ulong vaddr;
a1d1bb31 1947 CPUWatchpoint *wp;
06d55cc1 1948 int cpu_flags;
0f459d16 1949
ff4700b0 1950 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1951 /* We re-entered the check after replacing the TB. Now raise
1952 * the debug interrupt so that is will trigger after the
1953 * current instruction. */
93afeade 1954 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1955 return;
1956 }
93afeade 1957 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1958 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1959 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1960 && (wp->flags & flags)) {
08225676
PM		 1961 if (flags == BP_MEM_READ) {
1962 wp->flags |= BP_WATCHPOINT_HIT_READ;
1963 } else {
1964 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1965 }
1966 wp->hitaddr = vaddr;
66b9b43c 1967 wp->hitattrs = attrs;
ff4700b0
AF		 1968 if (!cpu->watchpoint_hit) {
1969 cpu->watchpoint_hit = wp;
239c51a5 1970 tb_check_watchpoint(cpu);
6e140f28 1971 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1972 cpu->exception_index = EXCP_DEBUG;
5638d180 1973 cpu_loop_exit(cpu);
6e140f28
AL		 1974 } else {
1975 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 1976 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 1977 cpu_resume_from_signal(cpu, NULL);
6e140f28 1978 }
06d55cc1 1979 }
6e140f28
AL		 1980 } else {
1981 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1982 }
1983 }
1984}
1985
6658ffb8
PB		 1986/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1987 so these check for a hit then pass through to the normal out-of-line
1988 phys routines. */
66b9b43c
PM		 1989static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1990 unsigned size, MemTxAttrs attrs)
6658ffb8 1991{
66b9b43c
PM		 1992 MemTxResult res;
1993 uint64_t data;
1994
1995 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 1996 switch (size) {
66b9b43c
PM		 1997 case 1:
1998 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1999 break;
2000 case 2:
2001 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2002 break;
2003 case 4:
2004 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2005 break;
1ec9b909
AK		 2006 default: abort();
2007 }
66b9b43c
PM		 2008 *pdata = data;
2009 return res;
6658ffb8
PB		 2010}
2011
66b9b43c
PM		 2012static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2013 uint64_t val, unsigned size,
2014 MemTxAttrs attrs)
6658ffb8 2015{
66b9b43c
PM		 2016 MemTxResult res;
2017
2018 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2019 switch (size) {
67364150 2020 case 1:
66b9b43c 2021 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2022 break;
2023 case 2:
66b9b43c 2024 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2025 break;
2026 case 4:
66b9b43c 2027 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2028 break;
1ec9b909
AK		 2029 default: abort();
2030 }
66b9b43c 2031 return res;
6658ffb8
PB		 2032}
2033
1ec9b909 2034static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2035 .read_with_attrs = watch_mem_read,
2036 .write_with_attrs = watch_mem_write,
1ec9b909 2037 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2038};
6658ffb8 2039
f25a49e0
PM		 2040static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2041 unsigned len, MemTxAttrs attrs)
db7b5426 2042{
acc9d80b 2043 subpage_t *subpage = opaque;
ff6cff75 2044 uint8_t buf[8];
5c9eb028 2045 MemTxResult res;
791af8c8 2046
db7b5426 2047#if defined(DEBUG_SUBPAGE)
016e9d62 2048 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2049 subpage, len, addr);
db7b5426 2050#endif
5c9eb028
PM		 2051 res = address_space_read(subpage->as, addr + subpage->base,
2052 attrs, buf, len);
2053 if (res) {
2054 return res;
f25a49e0 2055 }
acc9d80b
JK		 2056 switch (len) {
2057 case 1:
f25a49e0
PM		 2058 *data = ldub_p(buf);
2059 return MEMTX_OK;
acc9d80b 2060 case 2:
f25a49e0
PM		 2061 *data = lduw_p(buf);
2062 return MEMTX_OK;
acc9d80b 2063 case 4:
f25a49e0
PM		 2064 *data = ldl_p(buf);
2065 return MEMTX_OK;
ff6cff75 2066 case 8:
f25a49e0
PM		 2067 *data = ldq_p(buf);
2068 return MEMTX_OK;
acc9d80b
JK		 2069 default:
2070 abort();
2071 }
db7b5426
BS		 2072}
2073
f25a49e0
PM		 2074static MemTxResult subpage_write(void *opaque, hwaddr addr,
2075 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2076{
acc9d80b 2077 subpage_t *subpage = opaque;
ff6cff75 2078 uint8_t buf[8];
acc9d80b 2079
db7b5426 2080#if defined(DEBUG_SUBPAGE)
016e9d62 2081 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2082 " value %"PRIx64"\n",
2083 __func__, subpage, len, addr, value);
db7b5426 2084#endif
acc9d80b
JK		 2085 switch (len) {
2086 case 1:
2087 stb_p(buf, value);
2088 break;
2089 case 2:
2090 stw_p(buf, value);
2091 break;
2092 case 4:
2093 stl_p(buf, value);
2094 break;
ff6cff75
PB		 2095 case 8:
2096 stq_p(buf, value);
2097 break;
acc9d80b
JK		 2098 default:
2099 abort();
2100 }
5c9eb028
PM		 2101 return address_space_write(subpage->as, addr + subpage->base,
2102 attrs, buf, len);
db7b5426
BS		 2103}
2104
c353e4cc 2105static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2106 unsigned len, bool is_write)
c353e4cc 2107{
acc9d80b 2108 subpage_t *subpage = opaque;
c353e4cc 2109#if defined(DEBUG_SUBPAGE)
016e9d62 2110 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2111 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2112#endif
2113
acc9d80b 2114 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2115 len, is_write);
c353e4cc
PB		 2116}
2117
70c68e44 2118static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2119 .read_with_attrs = subpage_read,
2120 .write_with_attrs = subpage_write,
ff6cff75
PB		 2121 .impl.min_access_size = 1,
2122 .impl.max_access_size = 8,
2123 .valid.min_access_size = 1,
2124 .valid.max_access_size = 8,
c353e4cc 2125 .valid.accepts = subpage_accepts,
70c68e44 2126 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2127};
2128
c227f099 2129static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2130 uint16_t section)
db7b5426
BS		 2131{
2132 int idx, eidx;
2133
2134 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2135 return -1;
2136 idx = SUBPAGE_IDX(start);
2137 eidx = SUBPAGE_IDX(end);
2138#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2139 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2140 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2141#endif
db7b5426 2142 for (; idx <= eidx; idx++) {
5312bd8b 2143 mmio->sub_section[idx] = section;
db7b5426
BS		 2144 }
2145
2146 return 0;
2147}
2148
acc9d80b 2149static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2150{
c227f099 2151 subpage_t *mmio;
db7b5426 2152
7267c094 2153 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2154
acc9d80b 2155 mmio->as = as;
1eec614b 2156 mmio->base = base;
2c9b15ca 2157 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2158 NULL, TARGET_PAGE_SIZE);
b3b00c78 2159 mmio->iomem.subpage = true;
db7b5426 2160#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2161 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2162 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2163#endif
b41aac4f 2164 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2165
2166 return mmio;
2167}
2168
a656e22f
PC		 2169static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2170 MemoryRegion *mr)
5312bd8b 2171{
a656e22f 2172 assert(as);
5312bd8b 2173 MemoryRegionSection section = {
a656e22f 2174 .address_space = as,
5312bd8b
AK		 2175 .mr = mr,
2176 .offset_within_address_space = 0,
2177 .offset_within_region = 0,
052e87b0 2178 .size = int128_2_64(),
5312bd8b
AK		 2179 };
2180
53cb28cb 2181 return phys_section_add(map, &section);
5312bd8b
AK		 2182}
2183
9d82b5a7 2184MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2185{
79e2b9ae
PB		 2186 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2187 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2188
2189 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2190}
2191
e9179ce1
AK		 2192static void io_mem_init(void)
2193{
1f6245e5 2194 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2195 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2196 NULL, UINT64_MAX);
2c9b15ca 2197 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2198 NULL, UINT64_MAX);
2c9b15ca 2199 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2200 NULL, UINT64_MAX);
e9179ce1
AK		 2201}
2202
ac1970fb 2203static void mem_begin(MemoryListener *listener)
00752703
PB		 2204{
2205 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2206 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2207 uint16_t n;
2208
a656e22f 2209 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2210 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2211 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2212 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2213 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2214 assert(n == PHYS_SECTION_ROM);
a656e22f 2215 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2216 assert(n == PHYS_SECTION_WATCH);
00752703 2217
9736e55b 2218 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2219 d->as = as;
2220 as->next_dispatch = d;
2221}
2222
79e2b9ae
PB		 2223static void address_space_dispatch_free(AddressSpaceDispatch *d)
2224{
2225 phys_sections_free(&d->map);
2226 g_free(d);
2227}
2228
00752703 2229static void mem_commit(MemoryListener *listener)
ac1970fb 2230{
89ae337a 2231 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2232 AddressSpaceDispatch *cur = as->dispatch;
2233 AddressSpaceDispatch *next = as->next_dispatch;
2234
53cb28cb 2235 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2236
79e2b9ae 2237 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2238 if (cur) {
79e2b9ae 2239 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2240 }
9affd6fc
PB		 2241}
2242
1d71148e 2243static void tcg_commit(MemoryListener *listener)
50c1e149 2244{
182735ef 2245 CPUState *cpu;
117712c3
AK		 2246
2247 /* since each CPU stores ram addresses in its TLB cache, we must
2248 reset the modified entries */
2249 /* XXX: slow ! */
bdc44640 2250 CPU_FOREACH(cpu) {
33bde2e1
EI		 2251 /* FIXME: Disentangle the cpu.h circular files deps so we can
2252 directly get the right CPU from listener. */
2253 if (cpu->tcg_as_listener != listener) {
2254 continue;
2255 }
76e5c76f 2256 cpu_reload_memory_map(cpu);
117712c3 2257 }
50c1e149
AK		 2258}
2259
ac1970fb
AK		 2260void address_space_init_dispatch(AddressSpace *as)
2261{
00752703 2262 as->dispatch = NULL;
89ae337a 2263 as->dispatch_listener = (MemoryListener) {
ac1970fb 2264 .begin = mem_begin,
00752703 2265 .commit = mem_commit,
ac1970fb
AK		 2266 .region_add = mem_add,
2267 .region_nop = mem_add,
2268 .priority = 0,
2269 };
89ae337a 2270 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2271}
2272
6e48e8f9
PB		 2273void address_space_unregister(AddressSpace *as)
2274{
2275 memory_listener_unregister(&as->dispatch_listener);
2276}
2277
83f3c251
AK		 2278void address_space_destroy_dispatch(AddressSpace *as)
2279{
2280 AddressSpaceDispatch *d = as->dispatch;
2281
79e2b9ae
PB		 2282 atomic_rcu_set(&as->dispatch, NULL);
2283 if (d) {
2284 call_rcu(d, address_space_dispatch_free, rcu);
2285 }
83f3c251
AK		 2286}
2287
62152b8a
AK		 2288static void memory_map_init(void)
2289{
7267c094 2290 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2291
57271d63 2292 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2293 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2294
7267c094 2295 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2296 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2297 65536);
7dca8043 2298 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2299}
2300
2301MemoryRegion *get_system_memory(void)
2302{
2303 return system_memory;
2304}
2305
309cb471
AK		 2306MemoryRegion *get_system_io(void)
2307{
2308 return system_io;
2309}
2310
e2eef170
PB		 2311#endif /* !defined(CONFIG_USER_ONLY) */
2312
13eb76e0
FB		 2313/* physical memory access (slow version, mainly for debug) */
2314#if defined(CONFIG_USER_ONLY)
f17ec444 2315int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2316 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2317{
2318 int l, flags;
2319 target_ulong page;
53a5960a 2320 void * p;
13eb76e0
FB		 2321
2322 while (len > 0) {
2323 page = addr & TARGET_PAGE_MASK;
2324 l = (page + TARGET_PAGE_SIZE) - addr;
2325 if (l > len)
2326 l = len;
2327 flags = page_get_flags(page);
2328 if (!(flags & PAGE_VALID))
a68fe89c 2329 return -1;
13eb76e0
FB		 2330 if (is_write) {
2331 if (!(flags & PAGE_WRITE))
a68fe89c 2332 return -1;
579a97f7 2333 /* XXX: this code should not depend on lock_user */
72fb7daa 2334 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2335 return -1;
72fb7daa
AJ		 2336 memcpy(p, buf, l);
2337 unlock_user(p, addr, l);
13eb76e0
FB		 2338 } else {
2339 if (!(flags & PAGE_READ))
a68fe89c 2340 return -1;
579a97f7 2341 /* XXX: this code should not depend on lock_user */
72fb7daa 2342 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2343 return -1;
72fb7daa 2344 memcpy(buf, p, l);
5b257578 2345 unlock_user(p, addr, 0);
13eb76e0
FB		 2346 }
2347 len -= l;
2348 buf += l;
2349 addr += l;
2350 }
a68fe89c 2351 return 0;
13eb76e0 2352}
8df1cd07 2353
13eb76e0 2354#else
51d7a9eb 2355
845b6214 2356static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2357 hwaddr length)
51d7a9eb 2358{
e87f7778
PB		 2359 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2360 /* No early return if dirty_log_mask is or becomes 0, because
2361 * cpu_physical_memory_set_dirty_range will still call
2362 * xen_modified_memory.
2363 */
2364 if (dirty_log_mask) {
2365 dirty_log_mask =
2366 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2367 }
2368 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2369 tb_invalidate_phys_range(addr, addr + length);
2370 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2371 }
e87f7778 2372 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2373}
2374
23326164 2375static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2376{
e1622f4b 2377 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2378
2379 /* Regions are assumed to support 1-4 byte accesses unless
2380 otherwise specified. */
23326164
RH		 2381 if (access_size_max == 0) {
2382 access_size_max = 4;
2383 }
2384
2385 /* Bound the maximum access by the alignment of the address. */
2386 if (!mr->ops->impl.unaligned) {
2387 unsigned align_size_max = addr & -addr;
2388 if (align_size_max != 0 && align_size_max < access_size_max) {
2389 access_size_max = align_size_max;
2390 }
82f2563f 2391 }
23326164
RH		 2392
2393 /* Don't attempt accesses larger than the maximum. */
2394 if (l > access_size_max) {
2395 l = access_size_max;
82f2563f 2396 }
6554f5c0 2397 l = pow2floor(l);
23326164
RH		 2398
2399 return l;
82f2563f
PB		 2400}
2401
4840f10e 2402static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2403{
4840f10e
JK		 2404 bool unlocked = !qemu_mutex_iothread_locked();
2405 bool release_lock = false;
2406
2407 if (unlocked && mr->global_locking) {
2408 qemu_mutex_lock_iothread();
2409 unlocked = false;
2410 release_lock = true;
2411 }
125b3806 2412 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2413 if (unlocked) {
2414 qemu_mutex_lock_iothread();
2415 }
125b3806 2416 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2417 if (unlocked) {
2418 qemu_mutex_unlock_iothread();
2419 }
125b3806 2420 }
4840f10e
JK		 2421
2422 return release_lock;
125b3806
PB		 2423}
2424
5c9eb028
PM		 2425MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2426 uint8_t *buf, int len, bool is_write)
13eb76e0 2427{
149f54b5 2428 hwaddr l;
13eb76e0 2429 uint8_t *ptr;
791af8c8 2430 uint64_t val;
149f54b5 2431 hwaddr addr1;
5c8a00ce 2432 MemoryRegion *mr;
3b643495 2433 MemTxResult result = MEMTX_OK;
4840f10e 2434 bool release_lock = false;
3b46e624 2435
41063e1e 2436 rcu_read_lock();
13eb76e0 2437 while (len > 0) {
149f54b5 2438 l = len;
5c8a00ce 2439 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2440
13eb76e0 2441 if (is_write) {
5c8a00ce 2442 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2443 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2444 l = memory_access_size(mr, l, addr1);
4917cf44 2445 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2446 potential bugs */
23326164
RH		 2447 switch (l) {
2448 case 8:
2449 /* 64 bit write access */
2450 val = ldq_p(buf);
3b643495
PM		 2451 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2452 attrs);
23326164
RH		 2453 break;
2454 case 4:
1c213d19 2455 /* 32 bit write access */
c27004ec 2456 val = ldl_p(buf);
3b643495
PM		 2457 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2458 attrs);
23326164
RH		 2459 break;
2460 case 2:
1c213d19 2461 /* 16 bit write access */
c27004ec 2462 val = lduw_p(buf);
3b643495
PM		 2463 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2464 attrs);
23326164
RH		 2465 break;
2466 case 1:
1c213d19 2467 /* 8 bit write access */
c27004ec 2468 val = ldub_p(buf);
3b643495
PM		 2469 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2470 attrs);
23326164
RH		 2471 break;
2472 default:
2473 abort();
13eb76e0 2474 }
2bbfa05d 2475 } else {
5c8a00ce 2476 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2477 /* RAM case */
5579c7f3 2478 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2479 memcpy(ptr, buf, l);
845b6214 2480 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2481 }
2482 } else {
5c8a00ce 2483 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2484 /* I/O case */
4840f10e 2485 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2486 l = memory_access_size(mr, l, addr1);
23326164
RH		 2487 switch (l) {
2488 case 8:
2489 /* 64 bit read access */
3b643495
PM		 2490 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2491 attrs);
23326164
RH		 2492 stq_p(buf, val);
2493 break;
2494 case 4:
13eb76e0 2495 /* 32 bit read access */
3b643495
PM		 2496 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2497 attrs);
c27004ec 2498 stl_p(buf, val);
23326164
RH		 2499 break;
2500 case 2:
13eb76e0 2501 /* 16 bit read access */
3b643495
PM		 2502 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2503 attrs);
c27004ec 2504 stw_p(buf, val);
23326164
RH		 2505 break;
2506 case 1:
1c213d19 2507 /* 8 bit read access */
3b643495
PM		 2508 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2509 attrs);
c27004ec 2510 stb_p(buf, val);
23326164
RH		 2511 break;
2512 default:
2513 abort();
13eb76e0
FB		 2514 }
2515 } else {
2516 /* RAM case */
5c8a00ce 2517 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2518 memcpy(buf, ptr, l);
13eb76e0
FB		 2519 }
2520 }
4840f10e
JK		 2521
2522 if (release_lock) {
2523 qemu_mutex_unlock_iothread();
2524 release_lock = false;
2525 }
2526
13eb76e0
FB		 2527 len -= l;
2528 buf += l;
2529 addr += l;
2530 }
41063e1e 2531 rcu_read_unlock();
fd8aaa76 2532
3b643495 2533 return result;
13eb76e0 2534}
8df1cd07 2535
5c9eb028
PM		 2536MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2537 const uint8_t *buf, int len)
ac1970fb 2538{
5c9eb028 2539 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2540}
2541
5c9eb028
PM		 2542MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2543 uint8_t *buf, int len)
ac1970fb 2544{
5c9eb028 2545 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2546}
2547
2548
a8170e5e 2549void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2550 int len, int is_write)
2551{
5c9eb028
PM		 2552 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2553 buf, len, is_write);
ac1970fb
AK		 2554}
2555
582b55a9
AG		 2556enum write_rom_type {
2557 WRITE_DATA,
2558 FLUSH_CACHE,
2559};
2560
2a221651 2561static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2562 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2563{
149f54b5 2564 hwaddr l;
d0ecd2aa 2565 uint8_t *ptr;
149f54b5 2566 hwaddr addr1;
5c8a00ce 2567 MemoryRegion *mr;
3b46e624 2568
41063e1e 2569 rcu_read_lock();
d0ecd2aa 2570 while (len > 0) {
149f54b5 2571 l = len;
2a221651 2572 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2573
5c8a00ce
PB		 2574 if (!(memory_region_is_ram(mr) ||
2575 memory_region_is_romd(mr))) {
b242e0e0 2576 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2577 } else {
5c8a00ce 2578 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2579 /* ROM/RAM case */
5579c7f3 2580 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2581 switch (type) {
2582 case WRITE_DATA:
2583 memcpy(ptr, buf, l);
845b6214 2584 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2585 break;
2586 case FLUSH_CACHE:
2587 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2588 break;
2589 }
d0ecd2aa
FB		 2590 }
2591 len -= l;
2592 buf += l;
2593 addr += l;
2594 }
41063e1e 2595 rcu_read_unlock();
d0ecd2aa
FB		 2596}
2597
582b55a9 2598/* used for ROM loading : can write in RAM and ROM */
2a221651 2599void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2600 const uint8_t *buf, int len)
2601{
2a221651 2602 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2603}
2604
2605void cpu_flush_icache_range(hwaddr start, int len)
2606{
2607 /*
2608 * This function should do the same thing as an icache flush that was
2609 * triggered from within the guest. For TCG we are always cache coherent,
2610 * so there is no need to flush anything. For KVM / Xen we need to flush
2611 * the host's instruction cache at least.
2612 */
2613 if (tcg_enabled()) {
2614 return;
2615 }
2616
2a221651
EI		 2617 cpu_physical_memory_write_rom_internal(&address_space_memory,
2618 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2619}
2620
6d16c2f8 2621typedef struct {
d3e71559 2622 MemoryRegion *mr;
6d16c2f8 2623 void *buffer;
a8170e5e
AK		 2624 hwaddr addr;
2625 hwaddr len;
c2cba0ff 2626 bool in_use;
6d16c2f8
AL		 2627} BounceBuffer;
2628
2629static BounceBuffer bounce;
2630
ba223c29 2631typedef struct MapClient {
e95205e1 2632 QEMUBH *bh;
72cf2d4f 2633 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2634} MapClient;
2635
38e047b5 2636QemuMutex map_client_list_lock;
72cf2d4f
BS		 2637static QLIST_HEAD(map_client_list, MapClient) map_client_list
2638 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2639
e95205e1
FZ		 2640static void cpu_unregister_map_client_do(MapClient *client)
2641{
2642 QLIST_REMOVE(client, link);
2643 g_free(client);
2644}
2645
33b6c2ed
FZ		 2646static void cpu_notify_map_clients_locked(void)
2647{
2648 MapClient *client;
2649
2650 while (!QLIST_EMPTY(&map_client_list)) {
2651 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2652 qemu_bh_schedule(client->bh);
2653 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2654 }
2655}
2656
e95205e1 2657void cpu_register_map_client(QEMUBH *bh)
ba223c29 2658{
7267c094 2659 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2660
38e047b5 2661 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2662 client->bh = bh;
72cf2d4f 2663 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2664 if (!atomic_read(&bounce.in_use)) {
2665 cpu_notify_map_clients_locked();
2666 }
38e047b5 2667 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2668}
2669
38e047b5 2670void cpu_exec_init_all(void)
ba223c29 2671{
38e047b5
FZ		 2672 qemu_mutex_init(&ram_list.mutex);
2673 memory_map_init();
2674 io_mem_init();
2675 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2676}
2677
e95205e1 2678void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2679{
2680 MapClient *client;
2681
e95205e1
FZ		 2682 qemu_mutex_lock(&map_client_list_lock);
2683 QLIST_FOREACH(client, &map_client_list, link) {
2684 if (client->bh == bh) {
2685 cpu_unregister_map_client_do(client);
2686 break;
2687 }
ba223c29 2688 }
e95205e1 2689 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2690}
2691
2692static void cpu_notify_map_clients(void)
2693{
38e047b5 2694 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2695 cpu_notify_map_clients_locked();
38e047b5 2696 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2697}
2698
51644ab7
PB		 2699bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2700{
5c8a00ce 2701 MemoryRegion *mr;
51644ab7
PB		 2702 hwaddr l, xlat;
2703
41063e1e 2704 rcu_read_lock();
51644ab7
PB		 2705 while (len > 0) {
2706 l = len;
5c8a00ce
PB		 2707 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2708 if (!memory_access_is_direct(mr, is_write)) {
2709 l = memory_access_size(mr, l, addr);
2710 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2711 return false;
2712 }
2713 }
2714
2715 len -= l;
2716 addr += l;
2717 }
41063e1e 2718 rcu_read_unlock();
51644ab7
PB		 2719 return true;
2720}
2721
6d16c2f8
AL		 2722/* Map a physical memory region into a host virtual address.
2723 * May map a subset of the requested range, given by and returned in *plen.
2724 * May return NULL if resources needed to perform the mapping are exhausted.
2725 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2726 * Use cpu_register_map_client() to know when retrying the map operation is
2727 * likely to succeed.
6d16c2f8 2728 */
ac1970fb 2729void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2730 hwaddr addr,
2731 hwaddr *plen,
ac1970fb 2732 bool is_write)
6d16c2f8 2733{
a8170e5e 2734 hwaddr len = *plen;
e3127ae0
PB		 2735 hwaddr done = 0;
2736 hwaddr l, xlat, base;
2737 MemoryRegion *mr, *this_mr;
2738 ram_addr_t raddr;
6d16c2f8 2739
e3127ae0
PB		 2740 if (len == 0) {
2741 return NULL;
2742 }
38bee5dc 2743
e3127ae0 2744 l = len;
41063e1e 2745 rcu_read_lock();
e3127ae0 2746 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2747
e3127ae0 2748 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2749 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2750 rcu_read_unlock();
e3127ae0 2751 return NULL;
6d16c2f8 2752 }
e85d9db5
KW		 2753 /* Avoid unbounded allocations */
2754 l = MIN(l, TARGET_PAGE_SIZE);
2755 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2756 bounce.addr = addr;
2757 bounce.len = l;
d3e71559
PB		 2758
2759 memory_region_ref(mr);
2760 bounce.mr = mr;
e3127ae0 2761 if (!is_write) {
5c9eb028
PM		 2762 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2763 bounce.buffer, l);
8ab934f9 2764 }
6d16c2f8 2765
41063e1e 2766 rcu_read_unlock();
e3127ae0
PB		 2767 *plen = l;
2768 return bounce.buffer;
2769 }
2770
2771 base = xlat;
2772 raddr = memory_region_get_ram_addr(mr);
2773
2774 for (;;) {
6d16c2f8
AL		 2775 len -= l;
2776 addr += l;
e3127ae0
PB		 2777 done += l;
2778 if (len == 0) {
2779 break;
2780 }
2781
2782 l = len;
2783 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2784 if (this_mr != mr || xlat != base + done) {
2785 break;
2786 }
6d16c2f8 2787 }
e3127ae0 2788
d3e71559 2789 memory_region_ref(mr);
41063e1e 2790 rcu_read_unlock();
e3127ae0
PB		 2791 *plen = done;
2792 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2793}
2794
ac1970fb 2795/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2796 * Will also mark the memory as dirty if is_write == 1. access_len gives
2797 * the amount of memory that was actually read or written by the caller.
2798 */
a8170e5e
AK		 2799void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2800 int is_write, hwaddr access_len)
6d16c2f8
AL		 2801{
2802 if (buffer != bounce.buffer) {
d3e71559
PB		 2803 MemoryRegion *mr;
2804 ram_addr_t addr1;
2805
2806 mr = qemu_ram_addr_from_host(buffer, &addr1);
2807 assert(mr != NULL);
6d16c2f8 2808 if (is_write) {
845b6214 2809 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2810 }
868bb33f 2811 if (xen_enabled()) {
e41d7c69 2812 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2813 }
d3e71559 2814 memory_region_unref(mr);
6d16c2f8
AL		 2815 return;
2816 }
2817 if (is_write) {
5c9eb028
PM		 2818 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2819 bounce.buffer, access_len);
6d16c2f8 2820 }
f8a83245 2821 qemu_vfree(bounce.buffer);
6d16c2f8 2822 bounce.buffer = NULL;
d3e71559 2823 memory_region_unref(bounce.mr);
c2cba0ff 2824 atomic_mb_set(&bounce.in_use, false);
ba223c29 2825 cpu_notify_map_clients();
6d16c2f8 2826}
d0ecd2aa 2827
a8170e5e
AK		 2828void *cpu_physical_memory_map(hwaddr addr,
2829 hwaddr *plen,
ac1970fb
AK		 2830 int is_write)
2831{
2832 return address_space_map(&address_space_memory, addr, plen, is_write);
2833}
2834
a8170e5e
AK		 2835void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2836 int is_write, hwaddr access_len)
ac1970fb
AK		 2837{
2838 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2839}
2840
8df1cd07 2841/* warning: addr must be aligned */
50013115
PM		 2842static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2843 MemTxAttrs attrs,
2844 MemTxResult *result,
2845 enum device_endian endian)
8df1cd07 2846{
8df1cd07 2847 uint8_t *ptr;
791af8c8 2848 uint64_t val;
5c8a00ce 2849 MemoryRegion *mr;
149f54b5
PB		 2850 hwaddr l = 4;
2851 hwaddr addr1;
50013115 2852 MemTxResult r;
4840f10e 2853 bool release_lock = false;
8df1cd07 2854
41063e1e 2855 rcu_read_lock();
fdfba1a2 2856 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2857 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2858 release_lock |= prepare_mmio_access(mr);
125b3806 2859
8df1cd07 2860 /* I/O case */
50013115 2861 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2862#if defined(TARGET_WORDS_BIGENDIAN)
2863 if (endian == DEVICE_LITTLE_ENDIAN) {
2864 val = bswap32(val);
2865 }
2866#else
2867 if (endian == DEVICE_BIG_ENDIAN) {
2868 val = bswap32(val);
2869 }
2870#endif
8df1cd07
FB		 2871 } else {
2872 /* RAM case */
5c8a00ce 2873 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2874 & TARGET_PAGE_MASK)
149f54b5 2875 + addr1);
1e78bcc1
AG		 2876 switch (endian) {
2877 case DEVICE_LITTLE_ENDIAN:
2878 val = ldl_le_p(ptr);
2879 break;
2880 case DEVICE_BIG_ENDIAN:
2881 val = ldl_be_p(ptr);
2882 break;
2883 default:
2884 val = ldl_p(ptr);
2885 break;
2886 }
50013115
PM		 2887 r = MEMTX_OK;
2888 }
2889 if (result) {
2890 *result = r;
8df1cd07 2891 }
4840f10e
JK		 2892 if (release_lock) {
2893 qemu_mutex_unlock_iothread();
2894 }
41063e1e 2895 rcu_read_unlock();
8df1cd07
FB		 2896 return val;
2897}
2898
50013115
PM		 2899uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2900 MemTxAttrs attrs, MemTxResult *result)
2901{
2902 return address_space_ldl_internal(as, addr, attrs, result,
2903 DEVICE_NATIVE_ENDIAN);
2904}
2905
2906uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2907 MemTxAttrs attrs, MemTxResult *result)
2908{
2909 return address_space_ldl_internal(as, addr, attrs, result,
2910 DEVICE_LITTLE_ENDIAN);
2911}
2912
2913uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2914 MemTxAttrs attrs, MemTxResult *result)
2915{
2916 return address_space_ldl_internal(as, addr, attrs, result,
2917 DEVICE_BIG_ENDIAN);
2918}
2919
fdfba1a2 2920uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2921{
50013115 2922 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2923}
2924
fdfba1a2 2925uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2926{
50013115 2927 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2928}
2929
fdfba1a2 2930uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2931{
50013115 2932 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2933}
2934
84b7b8e7 2935/* warning: addr must be aligned */
50013115
PM		 2936static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2937 MemTxAttrs attrs,
2938 MemTxResult *result,
2939 enum device_endian endian)
84b7b8e7 2940{
84b7b8e7
FB		 2941 uint8_t *ptr;
2942 uint64_t val;
5c8a00ce 2943 MemoryRegion *mr;
149f54b5
PB		 2944 hwaddr l = 8;
2945 hwaddr addr1;
50013115 2946 MemTxResult r;
4840f10e 2947 bool release_lock = false;
84b7b8e7 2948
41063e1e 2949 rcu_read_lock();
2c17449b 2950 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2951 false);
2952 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 2953 release_lock |= prepare_mmio_access(mr);
125b3806 2954
84b7b8e7 2955 /* I/O case */
50013115 2956 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 2957#if defined(TARGET_WORDS_BIGENDIAN)
2958 if (endian == DEVICE_LITTLE_ENDIAN) {
2959 val = bswap64(val);
2960 }
2961#else
2962 if (endian == DEVICE_BIG_ENDIAN) {
2963 val = bswap64(val);
2964 }
84b7b8e7
FB		 2965#endif
2966 } else {
2967 /* RAM case */
5c8a00ce 2968 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2969 & TARGET_PAGE_MASK)
149f54b5 2970 + addr1);
1e78bcc1
AG		 2971 switch (endian) {
2972 case DEVICE_LITTLE_ENDIAN:
2973 val = ldq_le_p(ptr);
2974 break;
2975 case DEVICE_BIG_ENDIAN:
2976 val = ldq_be_p(ptr);
2977 break;
2978 default:
2979 val = ldq_p(ptr);
2980 break;
2981 }
50013115
PM		 2982 r = MEMTX_OK;
2983 }
2984 if (result) {
2985 *result = r;
84b7b8e7 2986 }
4840f10e
JK		 2987 if (release_lock) {
2988 qemu_mutex_unlock_iothread();
2989 }
41063e1e 2990 rcu_read_unlock();
84b7b8e7
FB		 2991 return val;
2992}
2993
50013115
PM		 2994uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2995 MemTxAttrs attrs, MemTxResult *result)
2996{
2997 return address_space_ldq_internal(as, addr, attrs, result,
2998 DEVICE_NATIVE_ENDIAN);
2999}
3000
3001uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3002 MemTxAttrs attrs, MemTxResult *result)
3003{
3004 return address_space_ldq_internal(as, addr, attrs, result,
3005 DEVICE_LITTLE_ENDIAN);
3006}
3007
3008uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3009 MemTxAttrs attrs, MemTxResult *result)
3010{
3011 return address_space_ldq_internal(as, addr, attrs, result,
3012 DEVICE_BIG_ENDIAN);
3013}
3014
2c17449b 3015uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3016{
50013115 3017 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3018}
3019
2c17449b 3020uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3021{
50013115 3022 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3023}
3024
2c17449b 3025uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3026{
50013115 3027 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3028}
3029
aab33094 3030/* XXX: optimize */
50013115
PM		 3031uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3032 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3033{
3034 uint8_t val;
50013115
PM		 3035 MemTxResult r;
3036
3037 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3038 if (result) {
3039 *result = r;
3040 }
aab33094
FB		 3041 return val;
3042}
3043
50013115
PM		 3044uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3045{
3046 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3047}
3048
733f0b02 3049/* warning: addr must be aligned */
50013115
PM		 3050static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3051 hwaddr addr,
3052 MemTxAttrs attrs,
3053 MemTxResult *result,
3054 enum device_endian endian)
aab33094 3055{
733f0b02
MT		 3056 uint8_t *ptr;
3057 uint64_t val;
5c8a00ce 3058 MemoryRegion *mr;
149f54b5
PB		 3059 hwaddr l = 2;
3060 hwaddr addr1;
50013115 3061 MemTxResult r;
4840f10e 3062 bool release_lock = false;
733f0b02 3063
41063e1e 3064 rcu_read_lock();
41701aa4 3065 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3066 false);
3067 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3068 release_lock |= prepare_mmio_access(mr);
125b3806 3069
733f0b02 3070 /* I/O case */
50013115 3071 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3072#if defined(TARGET_WORDS_BIGENDIAN)
3073 if (endian == DEVICE_LITTLE_ENDIAN) {
3074 val = bswap16(val);
3075 }
3076#else
3077 if (endian == DEVICE_BIG_ENDIAN) {
3078 val = bswap16(val);
3079 }
3080#endif
733f0b02
MT		 3081 } else {
3082 /* RAM case */
5c8a00ce 3083 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3084 & TARGET_PAGE_MASK)
149f54b5 3085 + addr1);
1e78bcc1
AG		 3086 switch (endian) {
3087 case DEVICE_LITTLE_ENDIAN:
3088 val = lduw_le_p(ptr);
3089 break;
3090 case DEVICE_BIG_ENDIAN:
3091 val = lduw_be_p(ptr);
3092 break;
3093 default:
3094 val = lduw_p(ptr);
3095 break;
3096 }
50013115
PM		 3097 r = MEMTX_OK;
3098 }
3099 if (result) {
3100 *result = r;
733f0b02 3101 }
4840f10e
JK		 3102 if (release_lock) {
3103 qemu_mutex_unlock_iothread();
3104 }
41063e1e 3105 rcu_read_unlock();
733f0b02 3106 return val;
aab33094
FB		 3107}
3108
50013115
PM		 3109uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3110 MemTxAttrs attrs, MemTxResult *result)
3111{
3112 return address_space_lduw_internal(as, addr, attrs, result,
3113 DEVICE_NATIVE_ENDIAN);
3114}
3115
3116uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3117 MemTxAttrs attrs, MemTxResult *result)
3118{
3119 return address_space_lduw_internal(as, addr, attrs, result,
3120 DEVICE_LITTLE_ENDIAN);
3121}
3122
3123uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3124 MemTxAttrs attrs, MemTxResult *result)
3125{
3126 return address_space_lduw_internal(as, addr, attrs, result,
3127 DEVICE_BIG_ENDIAN);
3128}
3129
41701aa4 3130uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3131{
50013115 3132 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3133}
3134
41701aa4 3135uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3136{
50013115 3137 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3138}
3139
41701aa4 3140uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3141{
50013115 3142 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3143}
3144
8df1cd07
FB		 3145/* warning: addr must be aligned. The ram page is not masked as dirty
3146 and the code inside is not invalidated. It is useful if the dirty
3147 bits are used to track modified PTEs */
50013115
PM		 3148void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3149 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3150{
8df1cd07 3151 uint8_t *ptr;
5c8a00ce 3152 MemoryRegion *mr;
149f54b5
PB		 3153 hwaddr l = 4;
3154 hwaddr addr1;
50013115 3155 MemTxResult r;
845b6214 3156 uint8_t dirty_log_mask;
4840f10e 3157 bool release_lock = false;
8df1cd07 3158
41063e1e 3159 rcu_read_lock();
2198a121 3160 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3161 true);
3162 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3163 release_lock |= prepare_mmio_access(mr);
125b3806 3164
50013115 3165 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3166 } else {
5c8a00ce 3167 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3168 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3169 stl_p(ptr, val);
74576198 3170
845b6214
PB		 3171 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3172 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3173 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3174 r = MEMTX_OK;
3175 }
3176 if (result) {
3177 *result = r;
8df1cd07 3178 }
4840f10e
JK		 3179 if (release_lock) {
3180 qemu_mutex_unlock_iothread();
3181 }
41063e1e 3182 rcu_read_unlock();
8df1cd07
FB		 3183}
3184
50013115
PM		 3185void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3186{
3187 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3188}
3189
8df1cd07 3190/* warning: addr must be aligned */
50013115
PM		 3191static inline void address_space_stl_internal(AddressSpace *as,
3192 hwaddr addr, uint32_t val,
3193 MemTxAttrs attrs,
3194 MemTxResult *result,
3195 enum device_endian endian)
8df1cd07 3196{
8df1cd07 3197 uint8_t *ptr;
5c8a00ce 3198 MemoryRegion *mr;
149f54b5
PB		 3199 hwaddr l = 4;
3200 hwaddr addr1;
50013115 3201 MemTxResult r;
4840f10e 3202 bool release_lock = false;
8df1cd07 3203
41063e1e 3204 rcu_read_lock();
ab1da857 3205 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3206 true);
3207 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3208 release_lock |= prepare_mmio_access(mr);
125b3806 3209
1e78bcc1
AG		 3210#if defined(TARGET_WORDS_BIGENDIAN)
3211 if (endian == DEVICE_LITTLE_ENDIAN) {
3212 val = bswap32(val);
3213 }
3214#else
3215 if (endian == DEVICE_BIG_ENDIAN) {
3216 val = bswap32(val);
3217 }
3218#endif
50013115 3219 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3220 } else {
8df1cd07 3221 /* RAM case */
5c8a00ce 3222 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3223 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3224 switch (endian) {
3225 case DEVICE_LITTLE_ENDIAN:
3226 stl_le_p(ptr, val);
3227 break;
3228 case DEVICE_BIG_ENDIAN:
3229 stl_be_p(ptr, val);
3230 break;
3231 default:
3232 stl_p(ptr, val);
3233 break;
3234 }
845b6214 3235 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3236 r = MEMTX_OK;
3237 }
3238 if (result) {
3239 *result = r;
8df1cd07 3240 }
4840f10e
JK		 3241 if (release_lock) {
3242 qemu_mutex_unlock_iothread();
3243 }
41063e1e 3244 rcu_read_unlock();
8df1cd07
FB		 3245}
3246
50013115
PM		 3247void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3248 MemTxAttrs attrs, MemTxResult *result)
3249{
3250 address_space_stl_internal(as, addr, val, attrs, result,
3251 DEVICE_NATIVE_ENDIAN);
3252}
3253
3254void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3255 MemTxAttrs attrs, MemTxResult *result)
3256{
3257 address_space_stl_internal(as, addr, val, attrs, result,
3258 DEVICE_LITTLE_ENDIAN);
3259}
3260
3261void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3262 MemTxAttrs attrs, MemTxResult *result)
3263{
3264 address_space_stl_internal(as, addr, val, attrs, result,
3265 DEVICE_BIG_ENDIAN);
3266}
3267
ab1da857 3268void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3269{
50013115 3270 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3271}
3272
ab1da857 3273void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3274{
50013115 3275 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3276}
3277
ab1da857 3278void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3279{
50013115 3280 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3281}
3282
aab33094 3283/* XXX: optimize */
50013115
PM		 3284void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3285 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3286{
3287 uint8_t v = val;
50013115
PM		 3288 MemTxResult r;
3289
3290 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3291 if (result) {
3292 *result = r;
3293 }
3294}
3295
3296void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3297{
3298 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3299}
3300
733f0b02 3301/* warning: addr must be aligned */
50013115
PM		 3302static inline void address_space_stw_internal(AddressSpace *as,
3303 hwaddr addr, uint32_t val,
3304 MemTxAttrs attrs,
3305 MemTxResult *result,
3306 enum device_endian endian)
aab33094 3307{
733f0b02 3308 uint8_t *ptr;
5c8a00ce 3309 MemoryRegion *mr;
149f54b5
PB		 3310 hwaddr l = 2;
3311 hwaddr addr1;
50013115 3312 MemTxResult r;
4840f10e 3313 bool release_lock = false;
733f0b02 3314
41063e1e 3315 rcu_read_lock();
5ce5944d 3316 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3317 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3318 release_lock |= prepare_mmio_access(mr);
125b3806 3319
1e78bcc1
AG		 3320#if defined(TARGET_WORDS_BIGENDIAN)
3321 if (endian == DEVICE_LITTLE_ENDIAN) {
3322 val = bswap16(val);
3323 }
3324#else
3325 if (endian == DEVICE_BIG_ENDIAN) {
3326 val = bswap16(val);
3327 }
3328#endif
50013115 3329 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3330 } else {
733f0b02 3331 /* RAM case */
5c8a00ce 3332 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3333 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3334 switch (endian) {
3335 case DEVICE_LITTLE_ENDIAN:
3336 stw_le_p(ptr, val);
3337 break;
3338 case DEVICE_BIG_ENDIAN:
3339 stw_be_p(ptr, val);
3340 break;
3341 default:
3342 stw_p(ptr, val);
3343 break;
3344 }
845b6214 3345 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3346 r = MEMTX_OK;
3347 }
3348 if (result) {
3349 *result = r;
733f0b02 3350 }
4840f10e
JK		 3351 if (release_lock) {
3352 qemu_mutex_unlock_iothread();
3353 }
41063e1e 3354 rcu_read_unlock();
aab33094
FB		 3355}
3356
50013115
PM		 3357void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3358 MemTxAttrs attrs, MemTxResult *result)
3359{
3360 address_space_stw_internal(as, addr, val, attrs, result,
3361 DEVICE_NATIVE_ENDIAN);
3362}
3363
3364void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3365 MemTxAttrs attrs, MemTxResult *result)
3366{
3367 address_space_stw_internal(as, addr, val, attrs, result,
3368 DEVICE_LITTLE_ENDIAN);
3369}
3370
3371void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3372 MemTxAttrs attrs, MemTxResult *result)
3373{
3374 address_space_stw_internal(as, addr, val, attrs, result,
3375 DEVICE_BIG_ENDIAN);
3376}
3377
5ce5944d 3378void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3379{
50013115 3380 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3381}
3382
5ce5944d 3383void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3384{
50013115 3385 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3386}
3387
5ce5944d 3388void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3389{
50013115 3390 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3391}
3392
aab33094 3393/* XXX: optimize */
50013115
PM		 3394void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3395 MemTxAttrs attrs, MemTxResult *result)
aab33094 3396{
50013115 3397 MemTxResult r;
aab33094 3398 val = tswap64(val);
50013115
PM		 3399 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3400 if (result) {
3401 *result = r;
3402 }
aab33094
FB		 3403}
3404
50013115
PM		 3405void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3406 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3407{
50013115 3408 MemTxResult r;
1e78bcc1 3409 val = cpu_to_le64(val);
50013115
PM		 3410 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3411 if (result) {
3412 *result = r;
3413 }
3414}
3415void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3416 MemTxAttrs attrs, MemTxResult *result)
3417{
3418 MemTxResult r;
3419 val = cpu_to_be64(val);
3420 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3421 if (result) {
3422 *result = r;
3423 }
3424}
3425
3426void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3427{
3428 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3429}
3430
3431void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3432{
3433 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3434}
3435
f606604f 3436void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3437{
50013115 3438 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3439}
3440
5e2972fd 3441/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3442int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3443 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3444{
3445 int l;
a8170e5e 3446 hwaddr phys_addr;
9b3c35e0 3447 target_ulong page;
13eb76e0
FB		 3448
3449 while (len > 0) {
3450 page = addr & TARGET_PAGE_MASK;
f17ec444 3451 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3452 /* if no physical page mapped, return an error */
3453 if (phys_addr == -1)
3454 return -1;
3455 l = (page + TARGET_PAGE_SIZE) - addr;
3456 if (l > len)
3457 l = len;
5e2972fd 3458 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3459 if (is_write) {
3460 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3461 } else {
5c9eb028
PM		 3462 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3463 buf, l, 0);
2e38847b 3464 }
13eb76e0
FB		 3465 len -= l;
3466 buf += l;
3467 addr += l;
3468 }
3469 return 0;
3470}
a68fe89c 3471#endif
13eb76e0 3472
8e4a424b
BS		 3473/*
3474 * A helper function for the _utterly broken_ virtio device model to find out if
3475 * it's running on a big endian machine. Don't do this at home kids!
3476 */
98ed8ecf
GK		 3477bool target_words_bigendian(void);
3478bool target_words_bigendian(void)
8e4a424b
BS		 3479{
3480#if defined(TARGET_WORDS_BIGENDIAN)
3481 return true;
3482#else
3483 return false;
3484#endif
3485}
3486
76f35538 3487#ifndef CONFIG_USER_ONLY
a8170e5e 3488bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3489{
5c8a00ce 3490 MemoryRegion*mr;
149f54b5 3491 hwaddr l = 1;
41063e1e 3492 bool res;
76f35538 3493
41063e1e 3494 rcu_read_lock();
5c8a00ce
PB		 3495 mr = address_space_translate(&address_space_memory,
3496 phys_addr, &phys_addr, &l, false);
76f35538 3497
41063e1e
PB		 3498 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3499 rcu_read_unlock();
3500 return res;
76f35538 3501}
bd2fa51f 3502
e3807054 3503int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3504{
3505 RAMBlock *block;
e3807054 3506 int ret = 0;
bd2fa51f 3507
0dc3f44a
MD		 3508 rcu_read_lock();
3509 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3510 ret = func(block->idstr, block->host, block->offset,
3511 block->used_length, opaque);
3512 if (ret) {
3513 break;
3514 }
bd2fa51f 3515 }
0dc3f44a 3516 rcu_read_unlock();
e3807054 3517 return ret;
bd2fa51f 3518}
ec3f8c99 3519#endif
QEMU mirror