]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/pl041: Use LOG_UNIMP
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
67d95c15
AK		 62#define WANT_EXEC_OBSOLETE
63#include "exec-obsolete.h"
64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
4438c8a9 89uint8_t *code_gen_prologue;
bdaf78e0 90static uint8_t *code_gen_buffer;
f1bc0bcc 91static size_t code_gen_buffer_size;
26a5f13b 92/* threshold to flush the translated code buffer */
f1bc0bcc 93static size_t code_gen_buffer_max_size;
24ab68ac 94static uint8_t *code_gen_ptr;
fd6ce8f6 95
e2eef170 96#if !defined(CONFIG_USER_ONLY)
9fa3e853 97int phys_ram_fd;
74576198 98static int in_migration;
94a6b54f 99
85d59fef 100RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 101
102static MemoryRegion *system_memory;
309cb471 103static MemoryRegion *system_io;
62152b8a 104
0e0df1e2 105MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 106static MemoryRegion io_mem_subpage_ram;
0e0df1e2 107
e2eef170 108#endif
9fa3e853 109
9349b4f9 110CPUArchState *first_cpu;
6a00d601
FB		 111/* current CPU in the current thread. It is only valid inside
112 cpu_exec() */
9349b4f9 113DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 114/* 0 = Do not count executed instructions.
bf20dc07 115 1 = Precise instruction counting.
2e70f6ef
PB		 116 2 = Adaptive rate instruction counting. */
117int use_icount = 0;
6a00d601 118
54936004 119typedef struct PageDesc {
92e873b9 120 /* list of TBs intersecting this ram page */
fd6ce8f6 121 TranslationBlock *first_tb;
9fa3e853
FB		 122 /* in order to optimize self modifying code, we count the number
123 of lookups we do to a given page to use a bitmap */
124 unsigned int code_write_count;
125 uint8_t *code_bitmap;
126#if defined(CONFIG_USER_ONLY)
127 unsigned long flags;
128#endif
54936004
FB		 129} PageDesc;
130
41c1b1c9 131/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 132 while in user mode we want it to be based on virtual addresses. */
133#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 134#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
135# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
136#else
5cd2c5b6 137# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 138#endif
bedb69ea 139#else
5cd2c5b6 140# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 141#endif
54936004 142
5cd2c5b6
RH		 143/* Size of the L2 (and L3, etc) page tables. */
144#define L2_BITS 10
54936004
FB		 145#define L2_SIZE (1 << L2_BITS)
146
3eef53df
AK		 147#define P_L2_LEVELS \
148 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
149
5cd2c5b6 150/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 151#define V_L1_BITS_REM \
152 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
153
5cd2c5b6
RH		 154#if V_L1_BITS_REM < 4
155#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
156#else
157#define V_L1_BITS V_L1_BITS_REM
158#endif
159
5cd2c5b6
RH		 160#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
161
5cd2c5b6
RH		 162#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
163
c6d50674
SW		 164uintptr_t qemu_real_host_page_size;
165uintptr_t qemu_host_page_size;
166uintptr_t qemu_host_page_mask;
54936004 167
5cd2c5b6
RH		 168/* This is a multi-level map on the virtual address space.
169 The bottom level has pointers to PageDesc. */
170static void *l1_map[V_L1_SIZE];
54936004 171
e2eef170 172#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 173typedef struct PhysPageEntry PhysPageEntry;
174
5312bd8b
AK		 175static MemoryRegionSection *phys_sections;
176static unsigned phys_sections_nb, phys_sections_nb_alloc;
177static uint16_t phys_section_unassigned;
aa102231
AK		 178static uint16_t phys_section_notdirty;
179static uint16_t phys_section_rom;
180static uint16_t phys_section_watch;
5312bd8b 181
4346ae3e 182struct PhysPageEntry {
07f07b31
AK		 183 uint16_t is_leaf : 1;
184 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
185 uint16_t ptr : 15;
4346ae3e
AK		 186};
187
d6f2ea22
AK		 188/* Simple allocator for PhysPageEntry nodes */
189static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
190static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
191
07f07b31 192#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 193
5cd2c5b6 194/* This is a multi-level map on the physical address space.
06ef3525 195 The bottom level has pointers to MemoryRegionSections. */
07f07b31 196static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
e2eef170 200
1ec9b909 201static MemoryRegion io_mem_watch;
6658ffb8 202#endif
33417e70 203
e3db7226 204/* statistics */
e3db7226
FB		 205static int tb_flush_count;
206static int tb_phys_invalidate_count;
207
7cb69cae 208#ifdef _WIN32
4438c8a9 209static inline void map_exec(void *addr, long size)
7cb69cae
FB		 210{
211 DWORD old_protect;
212 VirtualProtect(addr, size,
213 PAGE_EXECUTE_READWRITE, &old_protect);
214
215}
216#else
4438c8a9 217static inline void map_exec(void *addr, long size)
7cb69cae 218{
4369415f 219 unsigned long start, end, page_size;
7cb69cae 220
4369415f 221 page_size = getpagesize();
7cb69cae 222 start = (unsigned long)addr;
4369415f 223 start &= ~(page_size - 1);
7cb69cae
FB		 224
225 end = (unsigned long)addr + size;
4369415f
FB		 226 end += page_size - 1;
227 end &= ~(page_size - 1);
7cb69cae
FB		 228
229 mprotect((void *)start, end - start,
230 PROT_READ | PROT_WRITE | PROT_EXEC);
231}
232#endif
233
b346ff46 234static void page_init(void)
54936004 235{
83fb7adf 236 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 237 TARGET_PAGE_SIZE */
c2b48b69
AL		 238#ifdef _WIN32
239 {
240 SYSTEM_INFO system_info;
241
242 GetSystemInfo(&system_info);
243 qemu_real_host_page_size = system_info.dwPageSize;
244 }
245#else
246 qemu_real_host_page_size = getpagesize();
247#endif
83fb7adf
FB		 248 if (qemu_host_page_size == 0)
249 qemu_host_page_size = qemu_real_host_page_size;
250 if (qemu_host_page_size < TARGET_PAGE_SIZE)
251 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 252 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 253
2e9a5713 254#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 255 {
f01576f1
JL		 256#ifdef HAVE_KINFO_GETVMMAP
257 struct kinfo_vmentry *freep;
258 int i, cnt;
259
260 freep = kinfo_getvmmap(getpid(), &cnt);
261 if (freep) {
262 mmap_lock();
263 for (i = 0; i < cnt; i++) {
264 unsigned long startaddr, endaddr;
265
266 startaddr = freep[i].kve_start;
267 endaddr = freep[i].kve_end;
268 if (h2g_valid(startaddr)) {
269 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
270
271 if (h2g_valid(endaddr)) {
272 endaddr = h2g(endaddr);
fd436907 273 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 274 } else {
275#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
276 endaddr = ~0ul;
fd436907 277 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 278#endif
279 }
280 }
281 }
282 free(freep);
283 mmap_unlock();
284 }
285#else
50a9569b 286 FILE *f;
50a9569b 287
0776590d 288 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 289
fd436907 290 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 291 if (f) {
5cd2c5b6
RH		 292 mmap_lock();
293
50a9569b 294 do {
5cd2c5b6
RH		 295 unsigned long startaddr, endaddr;
296 int n;
297
298 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
299
300 if (n == 2 && h2g_valid(startaddr)) {
301 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
302
303 if (h2g_valid(endaddr)) {
304 endaddr = h2g(endaddr);
305 } else {
306 endaddr = ~0ul;
307 }
308 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 309 }
310 } while (!feof(f));
5cd2c5b6 311
50a9569b 312 fclose(f);
5cd2c5b6 313 mmap_unlock();
50a9569b 314 }
f01576f1 315#endif
50a9569b
AZ		 316 }
317#endif
54936004
FB		 318}
319
41c1b1c9 320static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 321{
41c1b1c9
PB		 322 PageDesc *pd;
323 void **lp;
324 int i;
325
5cd2c5b6 326#if defined(CONFIG_USER_ONLY)
7267c094 327 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 328# define ALLOC(P, SIZE) \
329 do { \
330 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
331 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 332 } while (0)
333#else
334# define ALLOC(P, SIZE) \
7267c094 335 do { P = g_malloc0(SIZE); } while (0)
17e2377a 336#endif
434929bf 337
5cd2c5b6
RH		 338 /* Level 1. Always allocated. */
339 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
340
341 /* Level 2..N-1. */
342 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
343 void **p = *lp;
344
345 if (p == NULL) {
346 if (!alloc) {
347 return NULL;
348 }
349 ALLOC(p, sizeof(void *) * L2_SIZE);
350 *lp = p;
17e2377a 351 }
5cd2c5b6
RH		 352
353 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
354 }
355
356 pd = *lp;
357 if (pd == NULL) {
358 if (!alloc) {
359 return NULL;
360 }
361 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
362 *lp = pd;
54936004 363 }
5cd2c5b6
RH		 364
365#undef ALLOC
5cd2c5b6
RH		 366
367 return pd + (index & (L2_SIZE - 1));
54936004
FB		 368}
369
41c1b1c9 370static inline PageDesc *page_find(tb_page_addr_t index)
54936004 371{
5cd2c5b6 372 return page_find_alloc(index, 0);
fd6ce8f6
FB		 373}
374
6d9a1304 375#if !defined(CONFIG_USER_ONLY)
d6f2ea22 376
f7bf5461 377static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 378{
f7bf5461 379 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 380 typedef PhysPageEntry Node[L2_SIZE];
381 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 382 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
383 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 384 phys_map_nodes = g_renew(Node, phys_map_nodes,
385 phys_map_nodes_nb_alloc);
386 }
f7bf5461
AK		 387}
388
389static uint16_t phys_map_node_alloc(void)
390{
391 unsigned i;
392 uint16_t ret;
393
394 ret = phys_map_nodes_nb++;
395 assert(ret != PHYS_MAP_NODE_NIL);
396 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 397 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 398 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 399 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 400 }
f7bf5461 401 return ret;
d6f2ea22
AK		 402}
403
404static void phys_map_nodes_reset(void)
405{
406 phys_map_nodes_nb = 0;
407}
408
92e873b9 409
2999097b
AK		 410static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
411 target_phys_addr_t *nb, uint16_t leaf,
412 int level)
f7bf5461
AK		 413{
414 PhysPageEntry *p;
415 int i;
07f07b31 416 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 417
07f07b31 418 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 419 lp->ptr = phys_map_node_alloc();
420 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 421 if (level == 0) {
422 for (i = 0; i < L2_SIZE; i++) {
07f07b31 423 p[i].is_leaf = 1;
c19e8800 424 p[i].ptr = phys_section_unassigned;
4346ae3e 425 }
67c4d23c 426 }
f7bf5461 427 } else {
c19e8800 428 p = phys_map_nodes[lp->ptr];
92e873b9 429 }
2999097b 430 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 431
2999097b 432 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 433 if ((*index & (step - 1)) == 0 && *nb >= step) {
434 lp->is_leaf = true;
c19e8800 435 lp->ptr = leaf;
07f07b31
AK		 436 *index += step;
437 *nb -= step;
2999097b
AK		 438 } else {
439 phys_page_set_level(lp, index, nb, leaf, level - 1);
440 }
441 ++lp;
f7bf5461
AK		 442 }
443}
444
2999097b
AK		 445static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
446 uint16_t leaf)
f7bf5461 447{
2999097b 448 /* Wildly overreserve - it doesn't matter much. */
07f07b31 449 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 450
2999097b 451 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 452}
453
0cac1b66 454MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 455{
31ab2b4a
AK		 456 PhysPageEntry lp = phys_map;
457 PhysPageEntry *p;
458 int i;
31ab2b4a 459 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 460
07f07b31 461 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 462 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 463 goto not_found;
464 }
c19e8800 465 p = phys_map_nodes[lp.ptr];
31ab2b4a 466 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 467 }
31ab2b4a 468
c19e8800 469 s_index = lp.ptr;
31ab2b4a 470not_found:
f3705d53
AK		 471 return &phys_sections[s_index];
472}
473
e5548617
BS		 474bool memory_region_is_unassigned(MemoryRegion *mr)
475{
476 return mr != &io_mem_ram && mr != &io_mem_rom
477 && mr != &io_mem_notdirty && !mr->rom_device
478 && mr != &io_mem_watch;
479}
480
c8a706fe
PB		 481#define mmap_lock() do { } while(0)
482#define mmap_unlock() do { } while(0)
9fa3e853 483#endif
fd6ce8f6 484
4369415f 485#if defined(CONFIG_USER_ONLY)
ccbb4d44 486/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 487 user mode. It will change when a dedicated libc will be used. */
488/* ??? 64-bit hosts ought to have no problem mmaping data outside the
489 region in which the guest needs to run. Revisit this. */
4369415f
FB		 490#define USE_STATIC_CODE_GEN_BUFFER
491#endif
492
f1bc0bcc
RH		 493/* ??? Should configure for this, not list operating systems here. */
494#if (defined(__linux__) \
495 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
496 || defined(__DragonFly__) || defined(__OpenBSD__) \
497 || defined(__NetBSD__))
498# define USE_MMAP
4369415f
FB		 499#endif
500
74d590c8
RH		 501/* Minimum size of the code gen buffer. This number is randomly chosen,
502 but not so small that we can't have a fair number of TB's live. */
503#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
504
f1bc0bcc
RH		 505/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
506 indicated, this is constrained by the range of direct branches on the
507 host cpu, as used by the TCG implementation of goto_tb. */
508#if defined(__x86_64__)
509# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
510#elif defined(__sparc__)
511# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
512#elif defined(__arm__)
513# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
514#elif defined(__s390x__)
515 /* We have a +- 4GB range on the branches; leave some slop. */
516# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
517#else
518# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
519#endif
520
3d85a72f
RH		 521#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
522
523#define DEFAULT_CODE_GEN_BUFFER_SIZE \
524 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
525 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 526
527static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 528{
f1bc0bcc
RH		 529 /* Size the buffer. */
530 if (tb_size == 0) {
4369415f 531#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 532 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 533#else
f1bc0bcc
RH		 534 /* ??? Needs adjustments. */
535 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
536 static buffer, we could size this on RESERVED_VA, on the text
537 segment size of the executable, or continue to use the default. */
538 tb_size = (unsigned long)(ram_size / 4);
4369415f 539#endif
26a5f13b 540 }
f1bc0bcc
RH		 541 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
542 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 543 }
f1bc0bcc
RH		 544 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
545 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 546 }
f1bc0bcc
RH		 547 code_gen_buffer_size = tb_size;
548 return tb_size;
549}
550
551#ifdef USE_STATIC_CODE_GEN_BUFFER
552static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
553 __attribute__((aligned(CODE_GEN_ALIGN)));
554
555static inline void *alloc_code_gen_buffer(void)
556{
557 map_exec(static_code_gen_buffer, code_gen_buffer_size);
558 return static_code_gen_buffer;
559}
560#elif defined(USE_MMAP)
561static inline void *alloc_code_gen_buffer(void)
562{
563 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
564 uintptr_t start = 0;
565 void *buf;
566
567 /* Constrain the position of the buffer based on the host cpu.
568 Note that these addresses are chosen in concert with the
569 addresses assigned in the relevant linker script file. */
405def18
RH		 570# if defined(__PIE__) || defined(__PIC__)
571 /* Don't bother setting a preferred location if we're building
572 a position-independent executable. We're more likely to get
573 an address near the main executable if we let the kernel
574 choose the address. */
575# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 576 /* Force the memory down into low memory with the executable.
577 Leave the choice of exact location with the kernel. */
578 flags |= MAP_32BIT;
579 /* Cannot expect to map more than 800MB in low memory. */
580 if (code_gen_buffer_size > 800u * 1024 * 1024) {
581 code_gen_buffer_size = 800u * 1024 * 1024;
582 }
583# elif defined(__sparc__)
584 start = 0x40000000ul;
585# elif defined(__s390x__)
586 start = 0x90000000ul;
587# endif
588
589 buf = mmap((void *)start, code_gen_buffer_size,
590 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
591 return buf == MAP_FAILED ? NULL : buf;
592}
26a5f13b 593#else
f1bc0bcc
RH		 594static inline void *alloc_code_gen_buffer(void)
595{
596 void *buf = g_malloc(code_gen_buffer_size);
597 if (buf) {
598 map_exec(buf, code_gen_buffer_size);
599 }
600 return buf;
601}
602#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
603
604static inline void code_gen_alloc(size_t tb_size)
605{
606 code_gen_buffer_size = size_code_gen_buffer(tb_size);
607 code_gen_buffer = alloc_code_gen_buffer();
608 if (code_gen_buffer == NULL) {
609 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
610 exit(1);
611 }
612
4438c8a9
RH		 613 /* Steal room for the prologue at the end of the buffer. This ensures
614 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
615 from TB's to the prologue are going to be in range. It also means
616 that we don't need to mark (additional) portions of the data segment
617 as executable. */
618 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
619 code_gen_buffer_size -= 1024;
620
a884da8a
PM		 621 code_gen_buffer_max_size = code_gen_buffer_size -
622 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 623 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 624 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 625}
626
627/* Must be called before using the QEMU cpus. 'tb_size' is the size
628 (in bytes) allocated to the translation buffer. Zero means default
629 size. */
d5ab9713 630void tcg_exec_init(unsigned long tb_size)
26a5f13b 631{
26a5f13b
FB		 632 cpu_gen_init();
633 code_gen_alloc(tb_size);
634 code_gen_ptr = code_gen_buffer;
813da627 635 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 636 page_init();
9002ec79
RH		 637#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
638 /* There's no guest base to take into account, so go ahead and
639 initialize the prologue now. */
640 tcg_prologue_init(&tcg_ctx);
641#endif
26a5f13b
FB		 642}
643
d5ab9713
JK		 644bool tcg_enabled(void)
645{
646 return code_gen_buffer != NULL;
647}
648
649void cpu_exec_init_all(void)
650{
651#if !defined(CONFIG_USER_ONLY)
652 memory_map_init();
653 io_mem_init();
654#endif
655}
656
9656f324
PB		 657#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
658
e59fb374 659static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 660{
9349b4f9 661 CPUArchState *env = opaque;
9656f324 662
3098dba0
AJ		 663 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
664 version_id is increased. */
665 env->interrupt_request &= ~0x01;
9656f324
PB		 666 tlb_flush(env, 1);
667
668 return 0;
669}
e7f4eff7
JQ		 670
671static const VMStateDescription vmstate_cpu_common = {
672 .name = "cpu_common",
673 .version_id = 1,
674 .minimum_version_id = 1,
675 .minimum_version_id_old = 1,
e7f4eff7
JQ		 676 .post_load = cpu_common_post_load,
677 .fields = (VMStateField []) {
9349b4f9
AF		 678 VMSTATE_UINT32(halted, CPUArchState),
679 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 680 VMSTATE_END_OF_LIST()
681 }
682};
9656f324
PB		 683#endif
684
9349b4f9 685CPUArchState *qemu_get_cpu(int cpu)
950f1472 686{
9349b4f9 687 CPUArchState *env = first_cpu;
950f1472
GC		 688
689 while (env) {
690 if (env->cpu_index == cpu)
691 break;
692 env = env->next_cpu;
693 }
694
695 return env;
696}
697
9349b4f9 698void cpu_exec_init(CPUArchState *env)
fd6ce8f6 699{
9349b4f9 700 CPUArchState **penv;
6a00d601
FB		 701 int cpu_index;
702
c2764719
PB		 703#if defined(CONFIG_USER_ONLY)
704 cpu_list_lock();
705#endif
6a00d601
FB		 706 env->next_cpu = NULL;
707 penv = &first_cpu;
708 cpu_index = 0;
709 while (*penv != NULL) {
1e9fa730 710 penv = &(*penv)->next_cpu;
6a00d601
FB		 711 cpu_index++;
712 }
713 env->cpu_index = cpu_index;
268a362c 714 env->numa_node = 0;
72cf2d4f
BS		 715 QTAILQ_INIT(&env->breakpoints);
716 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 717#ifndef CONFIG_USER_ONLY
718 env->thread_id = qemu_get_thread_id();
719#endif
6a00d601 720 *penv = env;
c2764719
PB		 721#if defined(CONFIG_USER_ONLY)
722 cpu_list_unlock();
723#endif
b3c7724c 724#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 725 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
726 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 727 cpu_save, cpu_load, env);
728#endif
fd6ce8f6
FB		 729}
730
d1a1eb74
TG		 731/* Allocate a new translation block. Flush the translation buffer if
732 too many translation blocks or too much generated code. */
733static TranslationBlock *tb_alloc(target_ulong pc)
734{
735 TranslationBlock *tb;
736
737 if (nb_tbs >= code_gen_max_blocks ||
738 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
739 return NULL;
740 tb = &tbs[nb_tbs++];
741 tb->pc = pc;
742 tb->cflags = 0;
743 return tb;
744}
745
746void tb_free(TranslationBlock *tb)
747{
748 /* In practice this is mostly used for single use temporary TB
749 Ignore the hard cases and just back up if this TB happens to
750 be the last one generated. */
751 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
752 code_gen_ptr = tb->tc_ptr;
753 nb_tbs--;
754 }
755}
756
9fa3e853
FB		 757static inline void invalidate_page_bitmap(PageDesc *p)
758{
759 if (p->code_bitmap) {
7267c094 760 g_free(p->code_bitmap);
9fa3e853
FB		 761 p->code_bitmap = NULL;
762 }
763 p->code_write_count = 0;
764}
765
5cd2c5b6
RH		 766/* Set to NULL all the 'first_tb' fields in all PageDescs. */
767
768static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 769{
5cd2c5b6 770 int i;
fd6ce8f6 771
5cd2c5b6
RH		 772 if (*lp == NULL) {
773 return;
774 }
775 if (level == 0) {
776 PageDesc *pd = *lp;
7296abac 777 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 778 pd[i].first_tb = NULL;
779 invalidate_page_bitmap(pd + i);
fd6ce8f6 780 }
5cd2c5b6
RH		 781 } else {
782 void **pp = *lp;
7296abac 783 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 784 page_flush_tb_1 (level - 1, pp + i);
785 }
786 }
787}
788
789static void page_flush_tb(void)
790{
791 int i;
792 for (i = 0; i < V_L1_SIZE; i++) {
793 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 794 }
795}
796
797/* flush all the translation blocks */
d4e8164f 798/* XXX: tb_flush is currently not thread safe */
9349b4f9 799void tb_flush(CPUArchState *env1)
fd6ce8f6 800{
9349b4f9 801 CPUArchState *env;
0124311e 802#if defined(DEBUG_FLUSH)
ab3d1727
BS		 803 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
804 (unsigned long)(code_gen_ptr - code_gen_buffer),
805 nb_tbs, nb_tbs > 0 ?
806 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 807#endif
26a5f13b 808 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 809 cpu_abort(env1, "Internal error: code buffer overflow\n");
810
fd6ce8f6 811 nb_tbs = 0;
3b46e624 812
6a00d601
FB		 813 for(env = first_cpu; env != NULL; env = env->next_cpu) {
814 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
815 }
9fa3e853 816
8a8a608f 817 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 818 page_flush_tb();
9fa3e853 819
fd6ce8f6 820 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 821 /* XXX: flush processor icache at this point if cache flush is
822 expensive */
e3db7226 823 tb_flush_count++;
fd6ce8f6
FB		 824}
825
826#ifdef DEBUG_TB_CHECK
827
bc98a7ef 828static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 829{
830 TranslationBlock *tb;
831 int i;
832 address &= TARGET_PAGE_MASK;
99773bd4
PB		 833 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
834 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 835 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
836 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 837 printf("ERROR invalidate: address=" TARGET_FMT_lx
838 " PC=%08lx size=%04x\n",
99773bd4 839 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 840 }
841 }
842 }
843}
844
845/* verify that all the pages have correct rights for code */
846static void tb_page_check(void)
847{
848 TranslationBlock *tb;
849 int i, flags1, flags2;
3b46e624 850
99773bd4
PB		 851 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
852 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 853 flags1 = page_get_flags(tb->pc);
854 flags2 = page_get_flags(tb->pc + tb->size - 1);
855 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
856 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 857 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 858 }
859 }
860 }
861}
862
863#endif
864
865/* invalidate one TB */
866static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
867 int next_offset)
868{
869 TranslationBlock *tb1;
870 for(;;) {
871 tb1 = *ptb;
872 if (tb1 == tb) {
873 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
874 break;
875 }
876 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
877 }
878}
879
9fa3e853
FB		 880static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
881{
882 TranslationBlock *tb1;
883 unsigned int n1;
884
885 for(;;) {
886 tb1 = *ptb;
8efe0ca8
SW		 887 n1 = (uintptr_t)tb1 & 3;
888 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 889 if (tb1 == tb) {
890 *ptb = tb1->page_next[n1];
891 break;
892 }
893 ptb = &tb1->page_next[n1];
894 }
895}
896
d4e8164f
FB		 897static inline void tb_jmp_remove(TranslationBlock *tb, int n)
898{
899 TranslationBlock *tb1, **ptb;
900 unsigned int n1;
901
902 ptb = &tb->jmp_next[n];
903 tb1 = *ptb;
904 if (tb1) {
905 /* find tb(n) in circular list */
906 for(;;) {
907 tb1 = *ptb;
8efe0ca8
SW		 908 n1 = (uintptr_t)tb1 & 3;
909 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 910 if (n1 == n && tb1 == tb)
911 break;
912 if (n1 == 2) {
913 ptb = &tb1->jmp_first;
914 } else {
915 ptb = &tb1->jmp_next[n1];
916 }
917 }
918 /* now we can suppress tb(n) from the list */
919 *ptb = tb->jmp_next[n];
920
921 tb->jmp_next[n] = NULL;
922 }
923}
924
925/* reset the jump entry 'n' of a TB so that it is not chained to
926 another TB */
927static inline void tb_reset_jump(TranslationBlock *tb, int n)
928{
8efe0ca8 929 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 930}
931
41c1b1c9 932void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 933{
9349b4f9 934 CPUArchState *env;
8a40a180 935 PageDesc *p;
d4e8164f 936 unsigned int h, n1;
41c1b1c9 937 tb_page_addr_t phys_pc;
8a40a180 938 TranslationBlock *tb1, *tb2;
3b46e624 939
8a40a180
FB		 940 /* remove the TB from the hash list */
941 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
942 h = tb_phys_hash_func(phys_pc);
5fafdf24 943 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 944 offsetof(TranslationBlock, phys_hash_next));
945
946 /* remove the TB from the page list */
947 if (tb->page_addr[0] != page_addr) {
948 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
949 tb_page_remove(&p->first_tb, tb);
950 invalidate_page_bitmap(p);
951 }
952 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
953 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
954 tb_page_remove(&p->first_tb, tb);
955 invalidate_page_bitmap(p);
956 }
957
36bdbe54 958 tb_invalidated_flag = 1;
59817ccb 959
fd6ce8f6 960 /* remove the TB from the hash list */
8a40a180 961 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 962 for(env = first_cpu; env != NULL; env = env->next_cpu) {
963 if (env->tb_jmp_cache[h] == tb)
964 env->tb_jmp_cache[h] = NULL;
965 }
d4e8164f
FB		 966
967 /* suppress this TB from the two jump lists */
968 tb_jmp_remove(tb, 0);
969 tb_jmp_remove(tb, 1);
970
971 /* suppress any remaining jumps to this TB */
972 tb1 = tb->jmp_first;
973 for(;;) {
8efe0ca8 974 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 975 if (n1 == 2)
976 break;
8efe0ca8 977 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 978 tb2 = tb1->jmp_next[n1];
979 tb_reset_jump(tb1, n1);
980 tb1->jmp_next[n1] = NULL;
981 tb1 = tb2;
982 }
8efe0ca8 983 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 984
e3db7226 985 tb_phys_invalidate_count++;
9fa3e853
FB		 986}
987
988static inline void set_bits(uint8_t *tab, int start, int len)
989{
990 int end, mask, end1;
991
992 end = start + len;
993 tab += start >> 3;
994 mask = 0xff << (start & 7);
995 if ((start & ~7) == (end & ~7)) {
996 if (start < end) {
997 mask &= ~(0xff << (end & 7));
998 *tab |= mask;
999 }
1000 } else {
1001 *tab++ |= mask;
1002 start = (start + 8) & ~7;
1003 end1 = end & ~7;
1004 while (start < end1) {
1005 *tab++ = 0xff;
1006 start += 8;
1007 }
1008 if (start < end) {
1009 mask = ~(0xff << (end & 7));
1010 *tab |= mask;
1011 }
1012 }
1013}
1014
1015static void build_page_bitmap(PageDesc *p)
1016{
1017 int n, tb_start, tb_end;
1018 TranslationBlock *tb;
3b46e624 1019
7267c094 1020 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1021
1022 tb = p->first_tb;
1023 while (tb != NULL) {
8efe0ca8
SW		 1024 n = (uintptr_t)tb & 3;
1025 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1026 /* NOTE: this is subtle as a TB may span two physical pages */
1027 if (n == 0) {
1028 /* NOTE: tb_end may be after the end of the page, but
1029 it is not a problem */
1030 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1031 tb_end = tb_start + tb->size;
1032 if (tb_end > TARGET_PAGE_SIZE)
1033 tb_end = TARGET_PAGE_SIZE;
1034 } else {
1035 tb_start = 0;
1036 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1037 }
1038 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1039 tb = tb->page_next[n];
1040 }
1041}
1042
9349b4f9 1043TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1044 target_ulong pc, target_ulong cs_base,
1045 int flags, int cflags)
d720b93d
FB		 1046{
1047 TranslationBlock *tb;
1048 uint8_t *tc_ptr;
41c1b1c9
PB		 1049 tb_page_addr_t phys_pc, phys_page2;
1050 target_ulong virt_page2;
d720b93d
FB		 1051 int code_gen_size;
1052
41c1b1c9 1053 phys_pc = get_page_addr_code(env, pc);
c27004ec 1054 tb = tb_alloc(pc);
d720b93d
FB		 1055 if (!tb) {
1056 /* flush must be done */
1057 tb_flush(env);
1058 /* cannot fail at this point */
c27004ec 1059 tb = tb_alloc(pc);
2e70f6ef
PB		 1060 /* Don't forget to invalidate previous TB info. */
1061 tb_invalidated_flag = 1;
d720b93d
FB		 1062 }
1063 tc_ptr = code_gen_ptr;
1064 tb->tc_ptr = tc_ptr;
1065 tb->cs_base = cs_base;
1066 tb->flags = flags;
1067 tb->cflags = cflags;
d07bde88 1068 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1069 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1070 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1071
d720b93d 1072 /* check next page if needed */
c27004ec 1073 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1074 phys_page2 = -1;
c27004ec 1075 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1076 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1077 }
41c1b1c9 1078 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1079 return tb;
d720b93d 1080}
3b46e624 1081
77a8f1a5 1082/*
8e0fdce3
JK		 1083 * Invalidate all TBs which intersect with the target physical address range
1084 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1085 * 'is_cpu_write_access' should be true if called from a real cpu write
1086 * access: the virtual CPU will exit the current TB if code is modified inside
1087 * this TB.
77a8f1a5
AG		 1088 */
1089void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1090 int is_cpu_write_access)
1091{
1092 while (start < end) {
1093 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1094 start &= TARGET_PAGE_MASK;
1095 start += TARGET_PAGE_SIZE;
1096 }
1097}
1098
8e0fdce3
JK		 1099/*
1100 * Invalidate all TBs which intersect with the target physical address range
1101 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1102 * 'is_cpu_write_access' should be true if called from a real cpu write
1103 * access: the virtual CPU will exit the current TB if code is modified inside
1104 * this TB.
1105 */
41c1b1c9 1106void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1107 int is_cpu_write_access)
1108{
6b917547 1109 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1110 CPUArchState *env = cpu_single_env;
41c1b1c9 1111 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1112 PageDesc *p;
1113 int n;
1114#ifdef TARGET_HAS_PRECISE_SMC
1115 int current_tb_not_found = is_cpu_write_access;
1116 TranslationBlock *current_tb = NULL;
1117 int current_tb_modified = 0;
1118 target_ulong current_pc = 0;
1119 target_ulong current_cs_base = 0;
1120 int current_flags = 0;
1121#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1122
1123 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1124 if (!p)
9fa3e853 1125 return;
5fafdf24 1126 if (!p->code_bitmap &&
d720b93d
FB		 1127 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1128 is_cpu_write_access) {
9fa3e853
FB		 1129 /* build code bitmap */
1130 build_page_bitmap(p);
1131 }
1132
1133 /* we remove all the TBs in the range [start, end[ */
1134 /* XXX: see if in some cases it could be faster to invalidate all the code */
1135 tb = p->first_tb;
1136 while (tb != NULL) {
8efe0ca8
SW		 1137 n = (uintptr_t)tb & 3;
1138 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1139 tb_next = tb->page_next[n];
1140 /* NOTE: this is subtle as a TB may span two physical pages */
1141 if (n == 0) {
1142 /* NOTE: tb_end may be after the end of the page, but
1143 it is not a problem */
1144 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1145 tb_end = tb_start + tb->size;
1146 } else {
1147 tb_start = tb->page_addr[1];
1148 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1149 }
1150 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1151#ifdef TARGET_HAS_PRECISE_SMC
1152 if (current_tb_not_found) {
1153 current_tb_not_found = 0;
1154 current_tb = NULL;
2e70f6ef 1155 if (env->mem_io_pc) {
d720b93d 1156 /* now we have a real cpu fault */
2e70f6ef 1157 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1158 }
1159 }
1160 if (current_tb == tb &&
2e70f6ef 1161 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1162 /* If we are modifying the current TB, we must stop
1163 its execution. We could be more precise by checking
1164 that the modification is after the current PC, but it
1165 would require a specialized function to partially
1166 restore the CPU state */
3b46e624 1167
d720b93d 1168 current_tb_modified = 1;
618ba8e6 1169 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1170 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1171 &current_flags);
d720b93d
FB		 1172 }
1173#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1174 /* we need to do that to handle the case where a signal
1175 occurs while doing tb_phys_invalidate() */
1176 saved_tb = NULL;
1177 if (env) {
1178 saved_tb = env->current_tb;
1179 env->current_tb = NULL;
1180 }
9fa3e853 1181 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1182 if (env) {
1183 env->current_tb = saved_tb;
1184 if (env->interrupt_request && env->current_tb)
1185 cpu_interrupt(env, env->interrupt_request);
1186 }
9fa3e853
FB		 1187 }
1188 tb = tb_next;
1189 }
1190#if !defined(CONFIG_USER_ONLY)
1191 /* if no code remaining, no need to continue to use slow writes */
1192 if (!p->first_tb) {
1193 invalidate_page_bitmap(p);
d720b93d 1194 if (is_cpu_write_access) {
2e70f6ef 1195 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1196 }
1197 }
1198#endif
1199#ifdef TARGET_HAS_PRECISE_SMC
1200 if (current_tb_modified) {
1201 /* we generate a block containing just the instruction
1202 modifying the memory. It will ensure that it cannot modify
1203 itself */
ea1c1802 1204 env->current_tb = NULL;
2e70f6ef 1205 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1206 cpu_resume_from_signal(env, NULL);
9fa3e853 1207 }
fd6ce8f6 1208#endif
9fa3e853 1209}
fd6ce8f6 1210
9fa3e853 1211/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1212static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1213{
1214 PageDesc *p;
1215 int offset, b;
59817ccb 1216#if 0
a4193c8a 1217 if (1) {
93fcfe39
AL		 1218 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1219 cpu_single_env->mem_io_vaddr, len,
1220 cpu_single_env->eip,
8efe0ca8
SW		 1221 cpu_single_env->eip +
1222 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1223 }
1224#endif
9fa3e853 1225 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1226 if (!p)
9fa3e853
FB		 1227 return;
1228 if (p->code_bitmap) {
1229 offset = start & ~TARGET_PAGE_MASK;
1230 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1231 if (b & ((1 << len) - 1))
1232 goto do_invalidate;
1233 } else {
1234 do_invalidate:
d720b93d 1235 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1236 }
1237}
1238
9fa3e853 1239#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1240static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1241 uintptr_t pc, void *puc)
9fa3e853 1242{
6b917547 1243 TranslationBlock *tb;
9fa3e853 1244 PageDesc *p;
6b917547 1245 int n;
d720b93d 1246#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1247 TranslationBlock *current_tb = NULL;
9349b4f9 1248 CPUArchState *env = cpu_single_env;
6b917547
AL		 1249 int current_tb_modified = 0;
1250 target_ulong current_pc = 0;
1251 target_ulong current_cs_base = 0;
1252 int current_flags = 0;
d720b93d 1253#endif
9fa3e853
FB		 1254
1255 addr &= TARGET_PAGE_MASK;
1256 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1257 if (!p)
9fa3e853
FB		 1258 return;
1259 tb = p->first_tb;
d720b93d
FB		 1260#ifdef TARGET_HAS_PRECISE_SMC
1261 if (tb && pc != 0) {
1262 current_tb = tb_find_pc(pc);
1263 }
1264#endif
9fa3e853 1265 while (tb != NULL) {
8efe0ca8
SW		 1266 n = (uintptr_t)tb & 3;
1267 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1268#ifdef TARGET_HAS_PRECISE_SMC
1269 if (current_tb == tb &&
2e70f6ef 1270 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1271 /* If we are modifying the current TB, we must stop
1272 its execution. We could be more precise by checking
1273 that the modification is after the current PC, but it
1274 would require a specialized function to partially
1275 restore the CPU state */
3b46e624 1276
d720b93d 1277 current_tb_modified = 1;
618ba8e6 1278 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1279 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1280 &current_flags);
d720b93d
FB		 1281 }
1282#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1283 tb_phys_invalidate(tb, addr);
1284 tb = tb->page_next[n];
1285 }
fd6ce8f6 1286 p->first_tb = NULL;
d720b93d
FB		 1287#ifdef TARGET_HAS_PRECISE_SMC
1288 if (current_tb_modified) {
1289 /* we generate a block containing just the instruction
1290 modifying the memory. It will ensure that it cannot modify
1291 itself */
ea1c1802 1292 env->current_tb = NULL;
2e70f6ef 1293 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1294 cpu_resume_from_signal(env, puc);
1295 }
1296#endif
fd6ce8f6 1297}
9fa3e853 1298#endif
fd6ce8f6
FB		 1299
1300/* add the tb in the target page and protect it if necessary */
5fafdf24 1301static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1302 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1303{
1304 PageDesc *p;
4429ab44
JQ		 1305#ifndef CONFIG_USER_ONLY
1306 bool page_already_protected;
1307#endif
9fa3e853
FB		 1308
1309 tb->page_addr[n] = page_addr;
5cd2c5b6 1310 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1311 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1312#ifndef CONFIG_USER_ONLY
1313 page_already_protected = p->first_tb != NULL;
1314#endif
8efe0ca8 1315 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1316 invalidate_page_bitmap(p);
fd6ce8f6 1317
107db443 1318#if defined(TARGET_HAS_SMC) || 1
d720b93d 1319
9fa3e853 1320#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1321 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1322 target_ulong addr;
1323 PageDesc *p2;
9fa3e853
FB		 1324 int prot;
1325
fd6ce8f6
FB		 1326 /* force the host page as non writable (writes will have a
1327 page fault + mprotect overhead) */
53a5960a 1328 page_addr &= qemu_host_page_mask;
fd6ce8f6 1329 prot = 0;
53a5960a
PB		 1330 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1331 addr += TARGET_PAGE_SIZE) {
1332
1333 p2 = page_find (addr >> TARGET_PAGE_BITS);
1334 if (!p2)
1335 continue;
1336 prot |= p2->flags;
1337 p2->flags &= ~PAGE_WRITE;
53a5960a 1338 }
5fafdf24 1339 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1340 (prot & PAGE_BITS) & ~PAGE_WRITE);
1341#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1342 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1343 page_addr);
fd6ce8f6 1344#endif
fd6ce8f6 1345 }
9fa3e853
FB		 1346#else
1347 /* if some code is already present, then the pages are already
1348 protected. So we handle the case where only the first TB is
1349 allocated in a physical page */
4429ab44 1350 if (!page_already_protected) {
6a00d601 1351 tlb_protect_code(page_addr);
9fa3e853
FB		 1352 }
1353#endif
d720b93d
FB		 1354
1355#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1356}
1357
9fa3e853
FB		 1358/* add a new TB and link it to the physical page tables. phys_page2 is
1359 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1360void tb_link_page(TranslationBlock *tb,
1361 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1362{
9fa3e853
FB		 1363 unsigned int h;
1364 TranslationBlock **ptb;
1365
c8a706fe
PB		 1366 /* Grab the mmap lock to stop another thread invalidating this TB
1367 before we are done. */
1368 mmap_lock();
9fa3e853
FB		 1369 /* add in the physical hash table */
1370 h = tb_phys_hash_func(phys_pc);
1371 ptb = &tb_phys_hash[h];
1372 tb->phys_hash_next = *ptb;
1373 *ptb = tb;
fd6ce8f6
FB		 1374
1375 /* add in the page list */
9fa3e853
FB		 1376 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1377 if (phys_page2 != -1)
1378 tb_alloc_page(tb, 1, phys_page2);
1379 else
1380 tb->page_addr[1] = -1;
9fa3e853 1381
8efe0ca8 1382 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1383 tb->jmp_next[0] = NULL;
1384 tb->jmp_next[1] = NULL;
1385
1386 /* init original jump addresses */
1387 if (tb->tb_next_offset[0] != 0xffff)
1388 tb_reset_jump(tb, 0);
1389 if (tb->tb_next_offset[1] != 0xffff)
1390 tb_reset_jump(tb, 1);
8a40a180
FB		 1391
1392#ifdef DEBUG_TB_CHECK
1393 tb_page_check();
1394#endif
c8a706fe 1395 mmap_unlock();
fd6ce8f6
FB		 1396}
1397
9fa3e853
FB		 1398/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1399 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1400TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1401{
9fa3e853 1402 int m_min, m_max, m;
8efe0ca8 1403 uintptr_t v;
9fa3e853 1404 TranslationBlock *tb;
a513fe19
FB		 1405
1406 if (nb_tbs <= 0)
1407 return NULL;
8efe0ca8
SW		 1408 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1409 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1410 return NULL;
8efe0ca8 1411 }
a513fe19
FB		 1412 /* binary search (cf Knuth) */
1413 m_min = 0;
1414 m_max = nb_tbs - 1;
1415 while (m_min <= m_max) {
1416 m = (m_min + m_max) >> 1;
1417 tb = &tbs[m];
8efe0ca8 1418 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1419 if (v == tc_ptr)
1420 return tb;
1421 else if (tc_ptr < v) {
1422 m_max = m - 1;
1423 } else {
1424 m_min = m + 1;
1425 }
5fafdf24 1426 }
a513fe19
FB		 1427 return &tbs[m_max];
1428}
7501267e 1429
ea041c0e
FB		 1430static void tb_reset_jump_recursive(TranslationBlock *tb);
1431
1432static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1433{
1434 TranslationBlock *tb1, *tb_next, **ptb;
1435 unsigned int n1;
1436
1437 tb1 = tb->jmp_next[n];
1438 if (tb1 != NULL) {
1439 /* find head of list */
1440 for(;;) {
8efe0ca8
SW		 1441 n1 = (uintptr_t)tb1 & 3;
1442 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1443 if (n1 == 2)
1444 break;
1445 tb1 = tb1->jmp_next[n1];
1446 }
1447 /* we are now sure now that tb jumps to tb1 */
1448 tb_next = tb1;
1449
1450 /* remove tb from the jmp_first list */
1451 ptb = &tb_next->jmp_first;
1452 for(;;) {
1453 tb1 = *ptb;
8efe0ca8
SW		 1454 n1 = (uintptr_t)tb1 & 3;
1455 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1456 if (n1 == n && tb1 == tb)
1457 break;
1458 ptb = &tb1->jmp_next[n1];
1459 }
1460 *ptb = tb->jmp_next[n];
1461 tb->jmp_next[n] = NULL;
3b46e624 1462
ea041c0e
FB		 1463 /* suppress the jump to next tb in generated code */
1464 tb_reset_jump(tb, n);
1465
0124311e 1466 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1467 tb_reset_jump_recursive(tb_next);
1468 }
1469}
1470
1471static void tb_reset_jump_recursive(TranslationBlock *tb)
1472{
1473 tb_reset_jump_recursive2(tb, 0);
1474 tb_reset_jump_recursive2(tb, 1);
1475}
1476
1fddef4b 1477#if defined(TARGET_HAS_ICE)
94df27fd 1478#if defined(CONFIG_USER_ONLY)
9349b4f9 1479static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1480{
1481 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1482}
1483#else
1e7855a5 1484void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1485{
c227f099 1486 ram_addr_t ram_addr;
f3705d53 1487 MemoryRegionSection *section;
d720b93d 1488
06ef3525 1489 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1490 if (!(memory_region_is_ram(section->mr)
1491 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1492 return;
1493 }
f3705d53 1494 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1495 + memory_region_section_addr(section, addr);
706cd4b5 1496 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1497}
1e7855a5
MF		 1498
1499static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1500{
9d70c4b7
MF		 1501 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1502 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1503}
c27004ec 1504#endif
94df27fd 1505#endif /* TARGET_HAS_ICE */
d720b93d 1506
c527ee8f 1507#if defined(CONFIG_USER_ONLY)
9349b4f9 1508void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1509
1510{
1511}
1512
9349b4f9 1513int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1514 int flags, CPUWatchpoint **watchpoint)
1515{
1516 return -ENOSYS;
1517}
1518#else
6658ffb8 1519/* Add a watchpoint. */
9349b4f9 1520int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1521 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1522{
b4051334 1523 target_ulong len_mask = ~(len - 1);
c0ce998e 1524 CPUWatchpoint *wp;
6658ffb8 1525
b4051334 1526 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1527 if ((len & (len - 1)) || (addr & ~len_mask) ||
1528 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1529 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1530 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1531 return -EINVAL;
1532 }
7267c094 1533 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1534
1535 wp->vaddr = addr;
b4051334 1536 wp->len_mask = len_mask;
a1d1bb31
AL		 1537 wp->flags = flags;
1538
2dc9f411 1539 /* keep all GDB-injected watchpoints in front */
c0ce998e 1540 if (flags & BP_GDB)
72cf2d4f 1541 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1542 else
72cf2d4f 1543 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1544
6658ffb8 1545 tlb_flush_page(env, addr);
a1d1bb31
AL		 1546
1547 if (watchpoint)
1548 *watchpoint = wp;
1549 return 0;
6658ffb8
PB		 1550}
1551
a1d1bb31 1552/* Remove a specific watchpoint. */
9349b4f9 1553int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1554 int flags)
6658ffb8 1555{
b4051334 1556 target_ulong len_mask = ~(len - 1);
a1d1bb31 1557 CPUWatchpoint *wp;
6658ffb8 1558
72cf2d4f 1559 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1560 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1561 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1562 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1563 return 0;
1564 }
1565 }
a1d1bb31 1566 return -ENOENT;
6658ffb8
PB		 1567}
1568
a1d1bb31 1569/* Remove a specific watchpoint by reference. */
9349b4f9 1570void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1571{
72cf2d4f 1572 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1573
a1d1bb31
AL		 1574 tlb_flush_page(env, watchpoint->vaddr);
1575
7267c094 1576 g_free(watchpoint);
a1d1bb31
AL		 1577}
1578
1579/* Remove all matching watchpoints. */
9349b4f9 1580void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1581{
c0ce998e 1582 CPUWatchpoint *wp, *next;
a1d1bb31 1583
72cf2d4f 1584 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1585 if (wp->flags & mask)
1586 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1587 }
7d03f82f 1588}
c527ee8f 1589#endif
7d03f82f 1590
a1d1bb31 1591/* Add a breakpoint. */
9349b4f9 1592int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1593 CPUBreakpoint **breakpoint)
4c3a88a2 1594{
1fddef4b 1595#if defined(TARGET_HAS_ICE)
c0ce998e 1596 CPUBreakpoint *bp;
3b46e624 1597
7267c094 1598 bp = g_malloc(sizeof(*bp));
4c3a88a2 1599
a1d1bb31
AL		 1600 bp->pc = pc;
1601 bp->flags = flags;
1602
2dc9f411 1603 /* keep all GDB-injected breakpoints in front */
c0ce998e 1604 if (flags & BP_GDB)
72cf2d4f 1605 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1606 else
72cf2d4f 1607 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1608
d720b93d 1609 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1610
1611 if (breakpoint)
1612 *breakpoint = bp;
4c3a88a2
FB		 1613 return 0;
1614#else
a1d1bb31 1615 return -ENOSYS;
4c3a88a2
FB		 1616#endif
1617}
1618
a1d1bb31 1619/* Remove a specific breakpoint. */
9349b4f9 1620int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1621{
7d03f82f 1622#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1623 CPUBreakpoint *bp;
1624
72cf2d4f 1625 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1626 if (bp->pc == pc && bp->flags == flags) {
1627 cpu_breakpoint_remove_by_ref(env, bp);
1628 return 0;
1629 }
7d03f82f 1630 }
a1d1bb31
AL		 1631 return -ENOENT;
1632#else
1633 return -ENOSYS;
7d03f82f
EI		 1634#endif
1635}
1636
a1d1bb31 1637/* Remove a specific breakpoint by reference. */
9349b4f9 1638void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1639{
1fddef4b 1640#if defined(TARGET_HAS_ICE)
72cf2d4f 1641 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1642
a1d1bb31
AL		 1643 breakpoint_invalidate(env, breakpoint->pc);
1644
7267c094 1645 g_free(breakpoint);
a1d1bb31
AL		 1646#endif
1647}
1648
1649/* Remove all matching breakpoints. */
9349b4f9 1650void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1651{
1652#if defined(TARGET_HAS_ICE)
c0ce998e 1653 CPUBreakpoint *bp, *next;
a1d1bb31 1654
72cf2d4f 1655 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1656 if (bp->flags & mask)
1657 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1658 }
4c3a88a2
FB		 1659#endif
1660}
1661
c33a346e
FB		 1662/* enable or disable single step mode. EXCP_DEBUG is returned by the
1663 CPU loop after each instruction */
9349b4f9 1664void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1665{
1fddef4b 1666#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1667 if (env->singlestep_enabled != enabled) {
1668 env->singlestep_enabled = enabled;
e22a25c9
AL		 1669 if (kvm_enabled())
1670 kvm_update_guest_debug(env, 0);
1671 else {
ccbb4d44 1672 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1673 /* XXX: only flush what is necessary */
1674 tb_flush(env);
1675 }
c33a346e
FB		 1676 }
1677#endif
1678}
1679
9349b4f9 1680static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1681{
3098dba0
AJ		 1682 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1683 problem and hope the cpu will stop of its own accord. For userspace
1684 emulation this often isn't actually as bad as it sounds. Often
1685 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1686 TranslationBlock *tb;
c227f099 1687 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1688
cab1b4bd 1689 spin_lock(&interrupt_lock);
3098dba0
AJ		 1690 tb = env->current_tb;
1691 /* if the cpu is currently executing code, we must unlink it and
1692 all the potentially executing TB */
f76cfe56 1693 if (tb) {
3098dba0
AJ		 1694 env->current_tb = NULL;
1695 tb_reset_jump_recursive(tb);
be214e6c 1696 }
cab1b4bd 1697 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1698}
1699
97ffbd8d 1700#ifndef CONFIG_USER_ONLY
3098dba0 1701/* mask must never be zero, except for A20 change call */
9349b4f9 1702static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1703{
1704 int old_mask;
be214e6c 1705
2e70f6ef 1706 old_mask = env->interrupt_request;
68a79315 1707 env->interrupt_request |= mask;
3098dba0 1708
8edac960
AL		 1709 /*
1710 * If called from iothread context, wake the target cpu in
1711 * case its halted.
1712 */
b7680cb6 1713 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1714 qemu_cpu_kick(env);
1715 return;
1716 }
8edac960 1717
2e70f6ef 1718 if (use_icount) {
266910c4 1719 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1720 if (!can_do_io(env)
be214e6c 1721 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1722 cpu_abort(env, "Raised interrupt while not in I/O function");
1723 }
2e70f6ef 1724 } else {
3098dba0 1725 cpu_unlink_tb(env);
ea041c0e
FB		 1726 }
1727}
1728
ec6959d0
JK		 1729CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1730
97ffbd8d
JK		 1731#else /* CONFIG_USER_ONLY */
1732
9349b4f9 1733void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1734{
1735 env->interrupt_request |= mask;
1736 cpu_unlink_tb(env);
1737}
1738#endif /* CONFIG_USER_ONLY */
1739
9349b4f9 1740void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1741{
1742 env->interrupt_request &= ~mask;
1743}
1744
9349b4f9 1745void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1746{
1747 env->exit_request = 1;
1748 cpu_unlink_tb(env);
1749}
1750
9349b4f9 1751void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1752{
1753 va_list ap;
493ae1f0 1754 va_list ap2;
7501267e
FB		 1755
1756 va_start(ap, fmt);
493ae1f0 1757 va_copy(ap2, ap);
7501267e
FB		 1758 fprintf(stderr, "qemu: fatal: ");
1759 vfprintf(stderr, fmt, ap);
1760 fprintf(stderr, "\n");
6fd2a026 1761 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1762 if (qemu_log_enabled()) {
1763 qemu_log("qemu: fatal: ");
1764 qemu_log_vprintf(fmt, ap2);
1765 qemu_log("\n");
6fd2a026 1766 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1767 qemu_log_flush();
93fcfe39 1768 qemu_log_close();
924edcae 1769 }
493ae1f0 1770 va_end(ap2);
f9373291 1771 va_end(ap);
fd052bf6
RV		 1772#if defined(CONFIG_USER_ONLY)
1773 {
1774 struct sigaction act;
1775 sigfillset(&act.sa_mask);
1776 act.sa_handler = SIG_DFL;
1777 sigaction(SIGABRT, &act, NULL);
1778 }
1779#endif
7501267e
FB		 1780 abort();
1781}
1782
9349b4f9 1783CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1784{
9349b4f9
AF		 1785 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1786 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1787 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1788#if defined(TARGET_HAS_ICE)
1789 CPUBreakpoint *bp;
1790 CPUWatchpoint *wp;
1791#endif
1792
9349b4f9 1793 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1794
1795 /* Preserve chaining and index. */
c5be9f08
TS		 1796 new_env->next_cpu = next_cpu;
1797 new_env->cpu_index = cpu_index;
5a38f081
AL		 1798
1799 /* Clone all break/watchpoints.
1800 Note: Once we support ptrace with hw-debug register access, make sure
1801 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1802 QTAILQ_INIT(&env->breakpoints);
1803 QTAILQ_INIT(&env->watchpoints);
5a38f081 1804#if defined(TARGET_HAS_ICE)
72cf2d4f 1805 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1806 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1807 }
72cf2d4f 1808 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1809 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1810 wp->flags, NULL);
1811 }
1812#endif
1813
c5be9f08
TS		 1814 return new_env;
1815}
1816
0124311e 1817#if !defined(CONFIG_USER_ONLY)
0cac1b66 1818void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1819{
1820 unsigned int i;
1821
1822 /* Discard jump cache entries for any tb which might potentially
1823 overlap the flushed page. */
1824 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1825 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1826 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1827
1828 i = tb_jmp_cache_hash_page(addr);
1829 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1830 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1831}
1832
d24981d3
JQ		 1833static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1834 uintptr_t length)
1835{
1836 uintptr_t start1;
1837
1838 /* we modify the TLB cache so that the dirty bit will be set again
1839 when accessing the range */
1840 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1841 /* Check that we don't span multiple blocks - this breaks the
1842 address comparisons below. */
1843 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1844 != (end - 1) - start) {
1845 abort();
1846 }
1847 cpu_tlb_reset_dirty_all(start1, length);
1848
1849}
1850
5579c7f3 1851/* Note: start and end must be within the same ram block. */
c227f099 1852void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1853 int dirty_flags)
1ccde1cb 1854{
d24981d3 1855 uintptr_t length;
1ccde1cb
FB		 1856
1857 start &= TARGET_PAGE_MASK;
1858 end = TARGET_PAGE_ALIGN(end);
1859
1860 length = end - start;
1861 if (length == 0)
1862 return;
f7c11b53 1863 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1864
d24981d3
JQ		 1865 if (tcg_enabled()) {
1866 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1867 }
1ccde1cb
FB		 1868}
1869
74576198
AL		 1870int cpu_physical_memory_set_dirty_tracking(int enable)
1871{
f6f3fbca 1872 int ret = 0;
74576198 1873 in_migration = enable;
f6f3fbca 1874 return ret;
74576198
AL		 1875}
1876
e5548617
BS		 1877target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1878 MemoryRegionSection *section,
1879 target_ulong vaddr,
1880 target_phys_addr_t paddr,
1881 int prot,
1882 target_ulong *address)
1883{
1884 target_phys_addr_t iotlb;
1885 CPUWatchpoint *wp;
1886
cc5bea60 1887 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1888 /* Normal RAM. */
1889 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1890 + memory_region_section_addr(section, paddr);
e5548617
BS		 1891 if (!section->readonly) {
1892 iotlb |= phys_section_notdirty;
1893 } else {
1894 iotlb |= phys_section_rom;
1895 }
1896 } else {
1897 /* IO handlers are currently passed a physical address.
1898 It would be nice to pass an offset from the base address
1899 of that region. This would avoid having to special case RAM,
1900 and avoid full address decoding in every device.
1901 We can't use the high bits of pd for this because
1902 IO_MEM_ROMD uses these as a ram address. */
1903 iotlb = section - phys_sections;
cc5bea60 1904 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1905 }
1906
1907 /* Make accesses to pages with watchpoints go via the
1908 watchpoint trap routines. */
1909 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1910 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1911 /* Avoid trapping reads of pages with a write breakpoint. */
1912 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1913 iotlb = phys_section_watch + paddr;
1914 *address |= TLB_MMIO;
1915 break;
1916 }
1917 }
1918 }
1919
1920 return iotlb;
1921}
1922
0124311e 1923#else
edf8e2af
MW		 1924/*
1925 * Walks guest process memory "regions" one by one
1926 * and calls callback function 'fn' for each region.
1927 */
5cd2c5b6
RH		 1928
1929struct walk_memory_regions_data
1930{
1931 walk_memory_regions_fn fn;
1932 void *priv;
8efe0ca8 1933 uintptr_t start;
5cd2c5b6
RH		 1934 int prot;
1935};
1936
1937static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1938 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1939{
1940 if (data->start != -1ul) {
1941 int rc = data->fn(data->priv, data->start, end, data->prot);
1942 if (rc != 0) {
1943 return rc;
1944 }
1945 }
1946
1947 data->start = (new_prot ? end : -1ul);
1948 data->prot = new_prot;
1949
1950 return 0;
1951}
1952
1953static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1954 abi_ulong base, int level, void **lp)
5cd2c5b6 1955{
b480d9b7 1956 abi_ulong pa;
5cd2c5b6
RH		 1957 int i, rc;
1958
1959 if (*lp == NULL) {
1960 return walk_memory_regions_end(data, base, 0);
1961 }
1962
1963 if (level == 0) {
1964 PageDesc *pd = *lp;
7296abac 1965 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1966 int prot = pd[i].flags;
1967
1968 pa = base | (i << TARGET_PAGE_BITS);
1969 if (prot != data->prot) {
1970 rc = walk_memory_regions_end(data, pa, prot);
1971 if (rc != 0) {
1972 return rc;
9fa3e853 1973 }
9fa3e853 1974 }
5cd2c5b6
RH		 1975 }
1976 } else {
1977 void **pp = *lp;
7296abac 1978 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1979 pa = base | ((abi_ulong)i <<
1980 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1981 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1982 if (rc != 0) {
1983 return rc;
1984 }
1985 }
1986 }
1987
1988 return 0;
1989}
1990
1991int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1992{
1993 struct walk_memory_regions_data data;
8efe0ca8 1994 uintptr_t i;
5cd2c5b6
RH		 1995
1996 data.fn = fn;
1997 data.priv = priv;
1998 data.start = -1ul;
1999 data.prot = 0;
2000
2001 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2002 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2003 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2004 if (rc != 0) {
2005 return rc;
9fa3e853 2006 }
33417e70 2007 }
5cd2c5b6
RH		 2008
2009 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2010}
2011
b480d9b7
PB		 2012static int dump_region(void *priv, abi_ulong start,
2013 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2014{
2015 FILE *f = (FILE *)priv;
2016
b480d9b7
PB		 2017 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2018 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2019 start, end, end - start,
2020 ((prot & PAGE_READ) ? 'r' : '-'),
2021 ((prot & PAGE_WRITE) ? 'w' : '-'),
2022 ((prot & PAGE_EXEC) ? 'x' : '-'));
2023
2024 return (0);
2025}
2026
2027/* dump memory mappings */
2028void page_dump(FILE *f)
2029{
2030 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2031 "start", "end", "size", "prot");
2032 walk_memory_regions(f, dump_region);
33417e70
FB		 2033}
2034
53a5960a 2035int page_get_flags(target_ulong address)
33417e70 2036{
9fa3e853
FB		 2037 PageDesc *p;
2038
2039 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2040 if (!p)
9fa3e853
FB		 2041 return 0;
2042 return p->flags;
2043}
2044
376a7909
RH		 2045/* Modify the flags of a page and invalidate the code if necessary.
2046 The flag PAGE_WRITE_ORG is positioned automatically depending
2047 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2048void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2049{
376a7909
RH		 2050 target_ulong addr, len;
2051
2052 /* This function should never be called with addresses outside the
2053 guest address space. If this assert fires, it probably indicates
2054 a missing call to h2g_valid. */
b480d9b7
PB		 2055#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2056 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2057#endif
2058 assert(start < end);
9fa3e853
FB		 2059
2060 start = start & TARGET_PAGE_MASK;
2061 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2062
2063 if (flags & PAGE_WRITE) {
9fa3e853 2064 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2065 }
2066
2067 for (addr = start, len = end - start;
2068 len != 0;
2069 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2070 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2071
2072 /* If the write protection bit is set, then we invalidate
2073 the code inside. */
5fafdf24 2074 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2075 (flags & PAGE_WRITE) &&
2076 p->first_tb) {
d720b93d 2077 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2078 }
2079 p->flags = flags;
2080 }
33417e70
FB		 2081}
2082
3d97b40b
TS		 2083int page_check_range(target_ulong start, target_ulong len, int flags)
2084{
2085 PageDesc *p;
2086 target_ulong end;
2087 target_ulong addr;
2088
376a7909
RH		 2089 /* This function should never be called with addresses outside the
2090 guest address space. If this assert fires, it probably indicates
2091 a missing call to h2g_valid. */
338e9e6c
BS		 2092#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2093 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2094#endif
2095
3e0650a9
RH		 2096 if (len == 0) {
2097 return 0;
2098 }
376a7909
RH		 2099 if (start + len - 1 < start) {
2100 /* We've wrapped around. */
55f280c9 2101 return -1;
376a7909 2102 }
55f280c9 2103
3d97b40b
TS		 2104 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2105 start = start & TARGET_PAGE_MASK;
2106
376a7909
RH		 2107 for (addr = start, len = end - start;
2108 len != 0;
2109 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2110 p = page_find(addr >> TARGET_PAGE_BITS);
2111 if( !p )
2112 return -1;
2113 if( !(p->flags & PAGE_VALID) )
2114 return -1;
2115
dae3270c 2116 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2117 return -1;
dae3270c
FB		 2118 if (flags & PAGE_WRITE) {
2119 if (!(p->flags & PAGE_WRITE_ORG))
2120 return -1;
2121 /* unprotect the page if it was put read-only because it
2122 contains translated code */
2123 if (!(p->flags & PAGE_WRITE)) {
2124 if (!page_unprotect(addr, 0, NULL))
2125 return -1;
2126 }
2127 return 0;
2128 }
3d97b40b
TS		 2129 }
2130 return 0;
2131}
2132
9fa3e853 2133/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2134 page. Return TRUE if the fault was successfully handled. */
6375e09e 2135int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2136{
45d679d6
AJ		 2137 unsigned int prot;
2138 PageDesc *p;
53a5960a 2139 target_ulong host_start, host_end, addr;
9fa3e853 2140
c8a706fe
PB		 2141 /* Technically this isn't safe inside a signal handler. However we
2142 know this only ever happens in a synchronous SEGV handler, so in
2143 practice it seems to be ok. */
2144 mmap_lock();
2145
45d679d6
AJ		 2146 p = page_find(address >> TARGET_PAGE_BITS);
2147 if (!p) {
c8a706fe 2148 mmap_unlock();
9fa3e853 2149 return 0;
c8a706fe 2150 }
45d679d6 2151
9fa3e853
FB		 2152 /* if the page was really writable, then we change its
2153 protection back to writable */
45d679d6
AJ		 2154 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2155 host_start = address & qemu_host_page_mask;
2156 host_end = host_start + qemu_host_page_size;
2157
2158 prot = 0;
2159 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2160 p = page_find(addr >> TARGET_PAGE_BITS);
2161 p->flags |= PAGE_WRITE;
2162 prot |= p->flags;
2163
9fa3e853
FB		 2164 /* and since the content will be modified, we must invalidate
2165 the corresponding translated code. */
45d679d6 2166 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2167#ifdef DEBUG_TB_CHECK
45d679d6 2168 tb_invalidate_check(addr);
9fa3e853 2169#endif
9fa3e853 2170 }
45d679d6
AJ		 2171 mprotect((void *)g2h(host_start), qemu_host_page_size,
2172 prot & PAGE_BITS);
2173
2174 mmap_unlock();
2175 return 1;
9fa3e853 2176 }
c8a706fe 2177 mmap_unlock();
9fa3e853
FB		 2178 return 0;
2179}
9fa3e853
FB		 2180#endif /* defined(CONFIG_USER_ONLY) */
2181
e2eef170 2182#if !defined(CONFIG_USER_ONLY)
8da3ff18 2183
c04b2b78
PB		 2184#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2185typedef struct subpage_t {
70c68e44 2186 MemoryRegion iomem;
c04b2b78 2187 target_phys_addr_t base;
5312bd8b 2188 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2189} subpage_t;
2190
c227f099 2191static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2192 uint16_t section);
0f0cb164 2193static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2194static void destroy_page_desc(uint16_t section_index)
54688b1e 2195{
5312bd8b
AK		 2196 MemoryRegionSection *section = &phys_sections[section_index];
2197 MemoryRegion *mr = section->mr;
54688b1e
AK		 2198
2199 if (mr->subpage) {
2200 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2201 memory_region_destroy(&subpage->iomem);
2202 g_free(subpage);
2203 }
2204}
2205
4346ae3e 2206static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2207{
2208 unsigned i;
d6f2ea22 2209 PhysPageEntry *p;
54688b1e 2210
c19e8800 2211 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2212 return;
2213 }
2214
c19e8800 2215 p = phys_map_nodes[lp->ptr];
4346ae3e 2216 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2217 if (!p[i].is_leaf) {
54688b1e 2218 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2219 } else {
c19e8800 2220 destroy_page_desc(p[i].ptr);
54688b1e 2221 }
54688b1e 2222 }
07f07b31 2223 lp->is_leaf = 0;
c19e8800 2224 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2225}
2226
2227static void destroy_all_mappings(void)
2228{
3eef53df 2229 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2230 phys_map_nodes_reset();
54688b1e
AK		 2231}
2232
5312bd8b
AK		 2233static uint16_t phys_section_add(MemoryRegionSection *section)
2234{
2235 if (phys_sections_nb == phys_sections_nb_alloc) {
2236 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2237 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2238 phys_sections_nb_alloc);
2239 }
2240 phys_sections[phys_sections_nb] = *section;
2241 return phys_sections_nb++;
2242}
2243
2244static void phys_sections_clear(void)
2245{
2246 phys_sections_nb = 0;
2247}
2248
0f0cb164
AK		 2249static void register_subpage(MemoryRegionSection *section)
2250{
2251 subpage_t *subpage;
2252 target_phys_addr_t base = section->offset_within_address_space
2253 & TARGET_PAGE_MASK;
f3705d53 2254 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2255 MemoryRegionSection subsection = {
2256 .offset_within_address_space = base,
2257 .size = TARGET_PAGE_SIZE,
2258 };
0f0cb164
AK		 2259 target_phys_addr_t start, end;
2260
f3705d53 2261 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2262
f3705d53 2263 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2264 subpage = subpage_init(base);
2265 subsection.mr = &subpage->iomem;
2999097b
AK		 2266 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2267 phys_section_add(&subsection));
0f0cb164 2268 } else {
f3705d53 2269 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2270 }
2271 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2272 end = start + section->size - 1;
0f0cb164
AK		 2273 subpage_register(subpage, start, end, phys_section_add(section));
2274}
2275
2276
2277static void register_multipage(MemoryRegionSection *section)
33417e70 2278{
dd81124b
AK		 2279 target_phys_addr_t start_addr = section->offset_within_address_space;
2280 ram_addr_t size = section->size;
2999097b 2281 target_phys_addr_t addr;
5312bd8b 2282 uint16_t section_index = phys_section_add(section);
dd81124b 2283
3b8e6a2d 2284 assert(size);
f6f3fbca 2285
3b8e6a2d 2286 addr = start_addr;
2999097b
AK		 2287 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2288 section_index);
33417e70
FB		 2289}
2290
0f0cb164
AK		 2291void cpu_register_physical_memory_log(MemoryRegionSection *section,
2292 bool readonly)
2293{
2294 MemoryRegionSection now = *section, remain = *section;
2295
2296 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2297 || (now.size < TARGET_PAGE_SIZE)) {
2298 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2299 - now.offset_within_address_space,
2300 now.size);
2301 register_subpage(&now);
2302 remain.size -= now.size;
2303 remain.offset_within_address_space += now.size;
2304 remain.offset_within_region += now.size;
2305 }
69b67646
TH		 2306 while (remain.size >= TARGET_PAGE_SIZE) {
2307 now = remain;
2308 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2309 now.size = TARGET_PAGE_SIZE;
2310 register_subpage(&now);
2311 } else {
2312 now.size &= TARGET_PAGE_MASK;
2313 register_multipage(&now);
2314 }
0f0cb164
AK		 2315 remain.size -= now.size;
2316 remain.offset_within_address_space += now.size;
2317 remain.offset_within_region += now.size;
2318 }
2319 now = remain;
2320 if (now.size) {
2321 register_subpage(&now);
2322 }
2323}
2324
2325
c227f099 2326void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2327{
2328 if (kvm_enabled())
2329 kvm_coalesce_mmio_region(addr, size);
2330}
2331
c227f099 2332void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2333{
2334 if (kvm_enabled())
2335 kvm_uncoalesce_mmio_region(addr, size);
2336}
2337
62a2744c
SY		 2338void qemu_flush_coalesced_mmio_buffer(void)
2339{
2340 if (kvm_enabled())
2341 kvm_flush_coalesced_mmio_buffer();
2342}
2343
c902760f
MT		 2344#if defined(__linux__) && !defined(TARGET_S390X)
2345
2346#include <sys/vfs.h>
2347
2348#define HUGETLBFS_MAGIC 0x958458f6
2349
2350static long gethugepagesize(const char *path)
2351{
2352 struct statfs fs;
2353 int ret;
2354
2355 do {
9742bf26 2356 ret = statfs(path, &fs);
c902760f
MT		 2357 } while (ret != 0 && errno == EINTR);
2358
2359 if (ret != 0) {
9742bf26
YT		 2360 perror(path);
2361 return 0;
c902760f
MT		 2362 }
2363
2364 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2365 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2366
2367 return fs.f_bsize;
2368}
2369
04b16653
AW		 2370static void *file_ram_alloc(RAMBlock *block,
2371 ram_addr_t memory,
2372 const char *path)
c902760f
MT		 2373{
2374 char *filename;
2375 void *area;
2376 int fd;
2377#ifdef MAP_POPULATE
2378 int flags;
2379#endif
2380 unsigned long hpagesize;
2381
2382 hpagesize = gethugepagesize(path);
2383 if (!hpagesize) {
9742bf26 2384 return NULL;
c902760f
MT		 2385 }
2386
2387 if (memory < hpagesize) {
2388 return NULL;
2389 }
2390
2391 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2392 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2393 return NULL;
2394 }
2395
2396 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2397 return NULL;
c902760f
MT		 2398 }
2399
2400 fd = mkstemp(filename);
2401 if (fd < 0) {
9742bf26
YT		 2402 perror("unable to create backing store for hugepages");
2403 free(filename);
2404 return NULL;
c902760f
MT		 2405 }
2406 unlink(filename);
2407 free(filename);
2408
2409 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2410
2411 /*
2412 * ftruncate is not supported by hugetlbfs in older
2413 * hosts, so don't bother bailing out on errors.
2414 * If anything goes wrong with it under other filesystems,
2415 * mmap will fail.
2416 */
2417 if (ftruncate(fd, memory))
9742bf26 2418 perror("ftruncate");
c902760f
MT		 2419
2420#ifdef MAP_POPULATE
2421 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2422 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2423 * to sidestep this quirk.
2424 */
2425 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2426 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2427#else
2428 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2429#endif
2430 if (area == MAP_FAILED) {
9742bf26
YT		 2431 perror("file_ram_alloc: can't mmap RAM pages");
2432 close(fd);
2433 return (NULL);
c902760f 2434 }
04b16653 2435 block->fd = fd;
c902760f
MT		 2436 return area;
2437}
2438#endif
2439
d17b5288 2440static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2441{
2442 RAMBlock *block, *next_block;
3e837b2c 2443 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2444
2445 if (QLIST_EMPTY(&ram_list.blocks))
2446 return 0;
2447
2448 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2449 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2450
2451 end = block->offset + block->length;
2452
2453 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2454 if (next_block->offset >= end) {
2455 next = MIN(next, next_block->offset);
2456 }
2457 }
2458 if (next - end >= size && next - end < mingap) {
3e837b2c 2459 offset = end;
04b16653
AW		 2460 mingap = next - end;
2461 }
2462 }
3e837b2c
AW		 2463
2464 if (offset == RAM_ADDR_MAX) {
2465 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2466 (uint64_t)size);
2467 abort();
2468 }
2469
04b16653
AW		 2470 return offset;
2471}
2472
2473static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2474{
2475 RAMBlock *block;
2476 ram_addr_t last = 0;
2477
2478 QLIST_FOREACH(block, &ram_list.blocks, next)
2479 last = MAX(last, block->offset + block->length);
2480
2481 return last;
2482}
2483
ddb97f1d
JB		 2484static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2485{
2486 int ret;
2487 QemuOpts *machine_opts;
2488
2489 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2490 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2491 if (machine_opts &&
2492 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2493 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2494 if (ret) {
2495 perror("qemu_madvise");
2496 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2497 "but dump_guest_core=off specified\n");
2498 }
2499 }
2500}
2501
c5705a77 2502void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2503{
2504 RAMBlock *new_block, *block;
2505
c5705a77
AK		 2506 new_block = NULL;
2507 QLIST_FOREACH(block, &ram_list.blocks, next) {
2508 if (block->offset == addr) {
2509 new_block = block;
2510 break;
2511 }
2512 }
2513 assert(new_block);
2514 assert(!new_block->idstr[0]);
84b89d78 2515
09e5ab63
AL		 2516 if (dev) {
2517 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2518 if (id) {
2519 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2520 g_free(id);
84b89d78
CM		 2521 }
2522 }
2523 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2524
2525 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2526 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2527 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2528 new_block->idstr);
2529 abort();
2530 }
2531 }
c5705a77
AK		 2532}
2533
8490fc78
LC		 2534static int memory_try_enable_merging(void *addr, size_t len)
2535{
2536 QemuOpts *opts;
2537
2538 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2539 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2540 /* disabled by the user */
2541 return 0;
2542 }
2543
2544 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2545}
2546
c5705a77
AK		 2547ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2548 MemoryRegion *mr)
2549{
2550 RAMBlock *new_block;
2551
2552 size = TARGET_PAGE_ALIGN(size);
2553 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2554
7c637366 2555 new_block->mr = mr;
432d268c 2556 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2557 if (host) {
2558 new_block->host = host;
cd19cfa2 2559 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2560 } else {
2561 if (mem_path) {
c902760f 2562#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2563 new_block->host = file_ram_alloc(new_block, size, mem_path);
2564 if (!new_block->host) {
2565 new_block->host = qemu_vmalloc(size);
8490fc78 2566 memory_try_enable_merging(new_block->host, size);
6977dfe6 2567 }
c902760f 2568#else
6977dfe6
YT		 2569 fprintf(stderr, "-mem-path option unsupported\n");
2570 exit(1);
c902760f 2571#endif
6977dfe6 2572 } else {
868bb33f 2573 if (xen_enabled()) {
fce537d4 2574 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2575 } else if (kvm_enabled()) {
2576 /* some s390/kvm configurations have special constraints */
2577 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2578 } else {
2579 new_block->host = qemu_vmalloc(size);
2580 }
8490fc78 2581 memory_try_enable_merging(new_block->host, size);
6977dfe6 2582 }
c902760f 2583 }
94a6b54f
PB		 2584 new_block->length = size;
2585
f471a17e 2586 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2587
7267c094 2588 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2589 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2590 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2591 0, size >> TARGET_PAGE_BITS);
1720aeee 2592 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2593
ddb97f1d
JB		 2594 qemu_ram_setup_dump(new_block->host, size);
2595
6f0437e8
JK		 2596 if (kvm_enabled())
2597 kvm_setup_guest_memory(new_block->host, size);
2598
94a6b54f
PB		 2599 return new_block->offset;
2600}
e9a1ab19 2601
c5705a77 2602ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2603{
c5705a77 2604 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2605}
2606
1f2e98b6
AW		 2607void qemu_ram_free_from_ptr(ram_addr_t addr)
2608{
2609 RAMBlock *block;
2610
2611 QLIST_FOREACH(block, &ram_list.blocks, next) {
2612 if (addr == block->offset) {
2613 QLIST_REMOVE(block, next);
7267c094 2614 g_free(block);
1f2e98b6
AW		 2615 return;
2616 }
2617 }
2618}
2619
c227f099 2620void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2621{
04b16653
AW		 2622 RAMBlock *block;
2623
2624 QLIST_FOREACH(block, &ram_list.blocks, next) {
2625 if (addr == block->offset) {
2626 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2627 if (block->flags & RAM_PREALLOC_MASK) {
2628 ;
2629 } else if (mem_path) {
04b16653
AW		 2630#if defined (__linux__) && !defined(TARGET_S390X)
2631 if (block->fd) {
2632 munmap(block->host, block->length);
2633 close(block->fd);
2634 } else {
2635 qemu_vfree(block->host);
2636 }
fd28aa13
JK		 2637#else
2638 abort();
04b16653
AW		 2639#endif
2640 } else {
2641#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2642 munmap(block->host, block->length);
2643#else
868bb33f 2644 if (xen_enabled()) {
e41d7c69 2645 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2646 } else {
2647 qemu_vfree(block->host);
2648 }
04b16653
AW		 2649#endif
2650 }
7267c094 2651 g_free(block);
04b16653
AW		 2652 return;
2653 }
2654 }
2655
e9a1ab19
FB		 2656}
2657
cd19cfa2
HY		 2658#ifndef _WIN32
2659void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2660{
2661 RAMBlock *block;
2662 ram_addr_t offset;
2663 int flags;
2664 void *area, *vaddr;
2665
2666 QLIST_FOREACH(block, &ram_list.blocks, next) {
2667 offset = addr - block->offset;
2668 if (offset < block->length) {
2669 vaddr = block->host + offset;
2670 if (block->flags & RAM_PREALLOC_MASK) {
2671 ;
2672 } else {
2673 flags = MAP_FIXED;
2674 munmap(vaddr, length);
2675 if (mem_path) {
2676#if defined(__linux__) && !defined(TARGET_S390X)
2677 if (block->fd) {
2678#ifdef MAP_POPULATE
2679 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2680 MAP_PRIVATE;
2681#else
2682 flags |= MAP_PRIVATE;
2683#endif
2684 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2685 flags, block->fd, offset);
2686 } else {
2687 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2688 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2689 flags, -1, 0);
2690 }
fd28aa13
JK		 2691#else
2692 abort();
cd19cfa2
HY		 2693#endif
2694 } else {
2695#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2696 flags |= MAP_SHARED | MAP_ANONYMOUS;
2697 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2698 flags, -1, 0);
2699#else
2700 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2701 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2702 flags, -1, 0);
2703#endif
2704 }
2705 if (area != vaddr) {
f15fbc4b
AP		 2706 fprintf(stderr, "Could not remap addr: "
2707 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2708 length, addr);
2709 exit(1);
2710 }
8490fc78 2711 memory_try_enable_merging(vaddr, length);
ddb97f1d 2712 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2713 }
2714 return;
2715 }
2716 }
2717}
2718#endif /* !_WIN32 */
2719
dc828ca1 2720/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2721 With the exception of the softmmu code in this file, this should
2722 only be used for local memory (e.g. video ram) that the device owns,
2723 and knows it isn't going to access beyond the end of the block.
2724
2725 It should not be used for general purpose DMA.
2726 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2727 */
c227f099 2728void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2729{
94a6b54f
PB		 2730 RAMBlock *block;
2731
f471a17e
AW		 2732 QLIST_FOREACH(block, &ram_list.blocks, next) {
2733 if (addr - block->offset < block->length) {
7d82af38
VP		 2734 /* Move this entry to to start of the list. */
2735 if (block != QLIST_FIRST(&ram_list.blocks)) {
2736 QLIST_REMOVE(block, next);
2737 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2738 }
868bb33f 2739 if (xen_enabled()) {
432d268c
JN		 2740 /* We need to check if the requested address is in the RAM
2741 * because we don't want to map the entire memory in QEMU.
712c2b41 2742 * In that case just map until the end of the page.
432d268c
JN		 2743 */
2744 if (block->offset == 0) {
e41d7c69 2745 return xen_map_cache(addr, 0, 0);
432d268c 2746 } else if (block->host == NULL) {
e41d7c69
JK		 2747 block->host =
2748 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2749 }
2750 }
f471a17e
AW		 2751 return block->host + (addr - block->offset);
2752 }
94a6b54f 2753 }
f471a17e
AW		 2754
2755 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2756 abort();
2757
2758 return NULL;
dc828ca1
PB		 2759}
2760
b2e0a138
MT		 2761/* Return a host pointer to ram allocated with qemu_ram_alloc.
2762 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2763 */
2764void *qemu_safe_ram_ptr(ram_addr_t addr)
2765{
2766 RAMBlock *block;
2767
2768 QLIST_FOREACH(block, &ram_list.blocks, next) {
2769 if (addr - block->offset < block->length) {
868bb33f 2770 if (xen_enabled()) {
432d268c
JN		 2771 /* We need to check if the requested address is in the RAM
2772 * because we don't want to map the entire memory in QEMU.
712c2b41 2773 * In that case just map until the end of the page.
432d268c
JN		 2774 */
2775 if (block->offset == 0) {
e41d7c69 2776 return xen_map_cache(addr, 0, 0);
432d268c 2777 } else if (block->host == NULL) {
e41d7c69
JK		 2778 block->host =
2779 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2780 }
2781 }
b2e0a138
MT		 2782 return block->host + (addr - block->offset);
2783 }
2784 }
2785
2786 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2787 abort();
2788
2789 return NULL;
2790}
2791
38bee5dc
SS		 2792/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2793 * but takes a size argument */
8ab934f9 2794void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2795{
8ab934f9
SS		 2796 if (*size == 0) {
2797 return NULL;
2798 }
868bb33f 2799 if (xen_enabled()) {
e41d7c69 2800 return xen_map_cache(addr, *size, 1);
868bb33f 2801 } else {
38bee5dc
SS		 2802 RAMBlock *block;
2803
2804 QLIST_FOREACH(block, &ram_list.blocks, next) {
2805 if (addr - block->offset < block->length) {
2806 if (addr - block->offset + *size > block->length)
2807 *size = block->length - addr + block->offset;
2808 return block->host + (addr - block->offset);
2809 }
2810 }
2811
2812 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2813 abort();
38bee5dc
SS		 2814 }
2815}
2816
050a0ddf
AP		 2817void qemu_put_ram_ptr(void *addr)
2818{
2819 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2820}
2821
e890261f 2822int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2823{
94a6b54f
PB		 2824 RAMBlock *block;
2825 uint8_t *host = ptr;
2826
868bb33f 2827 if (xen_enabled()) {
e41d7c69 2828 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2829 return 0;
2830 }
2831
f471a17e 2832 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2833 /* This case append when the block is not mapped. */
2834 if (block->host == NULL) {
2835 continue;
2836 }
f471a17e 2837 if (host - block->host < block->length) {
e890261f
MT		 2838 *ram_addr = block->offset + (host - block->host);
2839 return 0;
f471a17e 2840 }
94a6b54f 2841 }
432d268c 2842
e890261f
MT		 2843 return -1;
2844}
f471a17e 2845
e890261f
MT		 2846/* Some of the softmmu routines need to translate from a host pointer
2847 (typically a TLB entry) back to a ram offset. */
2848ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2849{
2850 ram_addr_t ram_addr;
f471a17e 2851
e890261f
MT		 2852 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2853 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2854 abort();
2855 }
2856 return ram_addr;
5579c7f3
PB		 2857}
2858
0e0df1e2
AK		 2859static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2860 unsigned size)
e18231a3
BS		 2861{
2862#ifdef DEBUG_UNASSIGNED
2863 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2864#endif
5b450407 2865#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2866 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2867#endif
2868 return 0;
2869}
2870
0e0df1e2
AK		 2871static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2872 uint64_t val, unsigned size)
e18231a3
BS		 2873{
2874#ifdef DEBUG_UNASSIGNED
0e0df1e2 2875 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2876#endif
5b450407 2877#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2878 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2879#endif
33417e70
FB		 2880}
2881
0e0df1e2
AK		 2882static const MemoryRegionOps unassigned_mem_ops = {
2883 .read = unassigned_mem_read,
2884 .write = unassigned_mem_write,
2885 .endianness = DEVICE_NATIVE_ENDIAN,
2886};
e18231a3 2887
0e0df1e2
AK		 2888static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2889 unsigned size)
e18231a3 2890{
0e0df1e2 2891 abort();
e18231a3
BS		 2892}
2893
0e0df1e2
AK		 2894static void error_mem_write(void *opaque, target_phys_addr_t addr,
2895 uint64_t value, unsigned size)
e18231a3 2896{
0e0df1e2 2897 abort();
33417e70
FB		 2898}
2899
0e0df1e2
AK		 2900static const MemoryRegionOps error_mem_ops = {
2901 .read = error_mem_read,
2902 .write = error_mem_write,
2903 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2904};
2905
0e0df1e2
AK		 2906static const MemoryRegionOps rom_mem_ops = {
2907 .read = error_mem_read,
2908 .write = unassigned_mem_write,
2909 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2910};
2911
0e0df1e2
AK		 2912static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2913 uint64_t val, unsigned size)
9fa3e853 2914{
3a7d929e 2915 int dirty_flags;
f7c11b53 2916 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2917 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2918#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2919 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2920 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2921#endif
3a7d929e 2922 }
0e0df1e2
AK		 2923 switch (size) {
2924 case 1:
2925 stb_p(qemu_get_ram_ptr(ram_addr), val);
2926 break;
2927 case 2:
2928 stw_p(qemu_get_ram_ptr(ram_addr), val);
2929 break;
2930 case 4:
2931 stl_p(qemu_get_ram_ptr(ram_addr), val);
2932 break;
2933 default:
2934 abort();
3a7d929e 2935 }
f23db169 2936 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2937 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2938 /* we remove the notdirty callback only if the code has been
2939 flushed */
2940 if (dirty_flags == 0xff)
2e70f6ef 2941 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2942}
2943
0e0df1e2
AK		 2944static const MemoryRegionOps notdirty_mem_ops = {
2945 .read = error_mem_read,
2946 .write = notdirty_mem_write,
2947 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2948};
2949
0f459d16 2950/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2951static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2952{
9349b4f9 2953 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2954 target_ulong pc, cs_base;
2955 TranslationBlock *tb;
0f459d16 2956 target_ulong vaddr;
a1d1bb31 2957 CPUWatchpoint *wp;
06d55cc1 2958 int cpu_flags;
0f459d16 2959
06d55cc1
AL		 2960 if (env->watchpoint_hit) {
2961 /* We re-entered the check after replacing the TB. Now raise
2962 * the debug interrupt so that is will trigger after the
2963 * current instruction. */
2964 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2965 return;
2966 }
2e70f6ef 2967 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2968 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2969 if ((vaddr == (wp->vaddr & len_mask) ||
2970 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2971 wp->flags |= BP_WATCHPOINT_HIT;
2972 if (!env->watchpoint_hit) {
2973 env->watchpoint_hit = wp;
2974 tb = tb_find_pc(env->mem_io_pc);
2975 if (!tb) {
2976 cpu_abort(env, "check_watchpoint: could not find TB for "
2977 "pc=%p", (void *)env->mem_io_pc);
2978 }
618ba8e6 2979 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2980 tb_phys_invalidate(tb, -1);
2981 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2982 env->exception_index = EXCP_DEBUG;
488d6577 2983 cpu_loop_exit(env);
6e140f28
AL		 2984 } else {
2985 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2986 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2987 cpu_resume_from_signal(env, NULL);
6e140f28 2988 }
06d55cc1 2989 }
6e140f28
AL		 2990 } else {
2991 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2992 }
2993 }
2994}
2995
6658ffb8
PB		 2996/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2997 so these check for a hit then pass through to the normal out-of-line
2998 phys routines. */
1ec9b909
AK		 2999static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3000 unsigned size)
6658ffb8 3001{
1ec9b909
AK		 3002 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3003 switch (size) {
3004 case 1: return ldub_phys(addr);
3005 case 2: return lduw_phys(addr);
3006 case 4: return ldl_phys(addr);
3007 default: abort();
3008 }
6658ffb8
PB		 3009}
3010
1ec9b909
AK		 3011static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3012 uint64_t val, unsigned size)
6658ffb8 3013{
1ec9b909
AK		 3014 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3015 switch (size) {
67364150
MF		 3016 case 1:
3017 stb_phys(addr, val);
3018 break;
3019 case 2:
3020 stw_phys(addr, val);
3021 break;
3022 case 4:
3023 stl_phys(addr, val);
3024 break;
1ec9b909
AK		 3025 default: abort();
3026 }
6658ffb8
PB		 3027}
3028
1ec9b909
AK		 3029static const MemoryRegionOps watch_mem_ops = {
3030 .read = watch_mem_read,
3031 .write = watch_mem_write,
3032 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3033};
6658ffb8 3034
70c68e44
AK		 3035static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3036 unsigned len)
db7b5426 3037{
70c68e44 3038 subpage_t *mmio = opaque;
f6405247 3039 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3040 MemoryRegionSection *section;
db7b5426
BS		 3041#if defined(DEBUG_SUBPAGE)
3042 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3043 mmio, len, addr, idx);
3044#endif
db7b5426 3045
5312bd8b
AK		 3046 section = &phys_sections[mmio->sub_section[idx]];
3047 addr += mmio->base;
3048 addr -= section->offset_within_address_space;
3049 addr += section->offset_within_region;
37ec01d4 3050 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3051}
3052
70c68e44
AK		 3053static void subpage_write(void *opaque, target_phys_addr_t addr,
3054 uint64_t value, unsigned len)
db7b5426 3055{
70c68e44 3056 subpage_t *mmio = opaque;
f6405247 3057 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3058 MemoryRegionSection *section;
db7b5426 3059#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3060 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3061 " idx %d value %"PRIx64"\n",
f6405247 3062 __func__, mmio, len, addr, idx, value);
db7b5426 3063#endif
f6405247 3064
5312bd8b
AK		 3065 section = &phys_sections[mmio->sub_section[idx]];
3066 addr += mmio->base;
3067 addr -= section->offset_within_address_space;
3068 addr += section->offset_within_region;
37ec01d4 3069 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3070}
3071
70c68e44
AK		 3072static const MemoryRegionOps subpage_ops = {
3073 .read = subpage_read,
3074 .write = subpage_write,
3075 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3076};
3077
de712f94
AK		 3078static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3079 unsigned size)
56384e8b
AF		 3080{
3081 ram_addr_t raddr = addr;
3082 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3083 switch (size) {
3084 case 1: return ldub_p(ptr);
3085 case 2: return lduw_p(ptr);
3086 case 4: return ldl_p(ptr);
3087 default: abort();
3088 }
56384e8b
AF		 3089}
3090
de712f94
AK		 3091static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3092 uint64_t value, unsigned size)
56384e8b
AF		 3093{
3094 ram_addr_t raddr = addr;
3095 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3096 switch (size) {
3097 case 1: return stb_p(ptr, value);
3098 case 2: return stw_p(ptr, value);
3099 case 4: return stl_p(ptr, value);
3100 default: abort();
3101 }
56384e8b
AF		 3102}
3103
de712f94
AK		 3104static const MemoryRegionOps subpage_ram_ops = {
3105 .read = subpage_ram_read,
3106 .write = subpage_ram_write,
3107 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3108};
3109
c227f099 3110static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3111 uint16_t section)
db7b5426
BS		 3112{
3113 int idx, eidx;
3114
3115 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3116 return -1;
3117 idx = SUBPAGE_IDX(start);
3118 eidx = SUBPAGE_IDX(end);
3119#if defined(DEBUG_SUBPAGE)
0bf9e31a 3120 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3121 mmio, start, end, idx, eidx, memory);
3122#endif
5312bd8b
AK		 3123 if (memory_region_is_ram(phys_sections[section].mr)) {
3124 MemoryRegionSection new_section = phys_sections[section];
3125 new_section.mr = &io_mem_subpage_ram;
3126 section = phys_section_add(&new_section);
56384e8b 3127 }
db7b5426 3128 for (; idx <= eidx; idx++) {
5312bd8b 3129 mmio->sub_section[idx] = section;
db7b5426
BS		 3130 }
3131
3132 return 0;
3133}
3134
0f0cb164 3135static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3136{
c227f099 3137 subpage_t *mmio;
db7b5426 3138
7267c094 3139 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3140
3141 mmio->base = base;
70c68e44
AK		 3142 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3143 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3144 mmio->iomem.subpage = true;
db7b5426 3145#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3146 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3147 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3148#endif
0f0cb164 3149 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3150
3151 return mmio;
3152}
3153
5312bd8b
AK		 3154static uint16_t dummy_section(MemoryRegion *mr)
3155{
3156 MemoryRegionSection section = {
3157 .mr = mr,
3158 .offset_within_address_space = 0,
3159 .offset_within_region = 0,
3160 .size = UINT64_MAX,
3161 };
3162
3163 return phys_section_add(&section);
3164}
3165
37ec01d4 3166MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3167{
37ec01d4 3168 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3169}
3170
e9179ce1
AK		 3171static void io_mem_init(void)
3172{
0e0df1e2 3173 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3174 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3175 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3176 "unassigned", UINT64_MAX);
3177 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3178 "notdirty", UINT64_MAX);
de712f94
AK		 3179 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3180 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3181 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3182 "watch", UINT64_MAX);
e9179ce1
AK		 3183}
3184
50c1e149
AK		 3185static void core_begin(MemoryListener *listener)
3186{
54688b1e 3187 destroy_all_mappings();
5312bd8b 3188 phys_sections_clear();
c19e8800 3189 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3190 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3191 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3192 phys_section_rom = dummy_section(&io_mem_rom);
3193 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3194}
3195
3196static void core_commit(MemoryListener *listener)
3197{
9349b4f9 3198 CPUArchState *env;
117712c3
AK		 3199
3200 /* since each CPU stores ram addresses in its TLB cache, we must
3201 reset the modified entries */
3202 /* XXX: slow ! */
3203 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3204 tlb_flush(env, 1);
3205 }
50c1e149
AK		 3206}
3207
93632747
AK		 3208static void core_region_add(MemoryListener *listener,
3209 MemoryRegionSection *section)
3210{
4855d41a 3211 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3212}
3213
3214static void core_region_del(MemoryListener *listener,
3215 MemoryRegionSection *section)
3216{
93632747
AK		 3217}
3218
50c1e149
AK		 3219static void core_region_nop(MemoryListener *listener,
3220 MemoryRegionSection *section)
3221{
54688b1e 3222 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3223}
3224
93632747
AK		 3225static void core_log_start(MemoryListener *listener,
3226 MemoryRegionSection *section)
3227{
3228}
3229
3230static void core_log_stop(MemoryListener *listener,
3231 MemoryRegionSection *section)
3232{
3233}
3234
3235static void core_log_sync(MemoryListener *listener,
3236 MemoryRegionSection *section)
3237{
3238}
3239
3240static void core_log_global_start(MemoryListener *listener)
3241{
3242 cpu_physical_memory_set_dirty_tracking(1);
3243}
3244
3245static void core_log_global_stop(MemoryListener *listener)
3246{
3247 cpu_physical_memory_set_dirty_tracking(0);
3248}
3249
3250static void core_eventfd_add(MemoryListener *listener,
3251 MemoryRegionSection *section,
753d5e14 3252 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3253{
3254}
3255
3256static void core_eventfd_del(MemoryListener *listener,
3257 MemoryRegionSection *section,
753d5e14 3258 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3259{
3260}
3261
50c1e149
AK		 3262static void io_begin(MemoryListener *listener)
3263{
3264}
3265
3266static void io_commit(MemoryListener *listener)
3267{
3268}
3269
4855d41a
AK		 3270static void io_region_add(MemoryListener *listener,
3271 MemoryRegionSection *section)
3272{
a2d33521
AK		 3273 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3274
3275 mrio->mr = section->mr;
3276 mrio->offset = section->offset_within_region;
3277 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3278 section->offset_within_address_space, section->size);
a2d33521 3279 ioport_register(&mrio->iorange);
4855d41a
AK		 3280}
3281
3282static void io_region_del(MemoryListener *listener,
3283 MemoryRegionSection *section)
3284{
3285 isa_unassign_ioport(section->offset_within_address_space, section->size);
3286}
3287
50c1e149
AK		 3288static void io_region_nop(MemoryListener *listener,
3289 MemoryRegionSection *section)
3290{
3291}
3292
4855d41a
AK		 3293static void io_log_start(MemoryListener *listener,
3294 MemoryRegionSection *section)
3295{
3296}
3297
3298static void io_log_stop(MemoryListener *listener,
3299 MemoryRegionSection *section)
3300{
3301}
3302
3303static void io_log_sync(MemoryListener *listener,
3304 MemoryRegionSection *section)
3305{
3306}
3307
3308static void io_log_global_start(MemoryListener *listener)
3309{
3310}
3311
3312static void io_log_global_stop(MemoryListener *listener)
3313{
3314}
3315
3316static void io_eventfd_add(MemoryListener *listener,
3317 MemoryRegionSection *section,
753d5e14 3318 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3319{
3320}
3321
3322static void io_eventfd_del(MemoryListener *listener,
3323 MemoryRegionSection *section,
753d5e14 3324 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3325{
3326}
3327
93632747 3328static MemoryListener core_memory_listener = {
50c1e149
AK		 3329 .begin = core_begin,
3330 .commit = core_commit,
93632747
AK		 3331 .region_add = core_region_add,
3332 .region_del = core_region_del,
50c1e149 3333 .region_nop = core_region_nop,
93632747
AK		 3334 .log_start = core_log_start,
3335 .log_stop = core_log_stop,
3336 .log_sync = core_log_sync,
3337 .log_global_start = core_log_global_start,
3338 .log_global_stop = core_log_global_stop,
3339 .eventfd_add = core_eventfd_add,
3340 .eventfd_del = core_eventfd_del,
3341 .priority = 0,
3342};
3343
4855d41a 3344static MemoryListener io_memory_listener = {
50c1e149
AK		 3345 .begin = io_begin,
3346 .commit = io_commit,
4855d41a
AK		 3347 .region_add = io_region_add,
3348 .region_del = io_region_del,
50c1e149 3349 .region_nop = io_region_nop,
4855d41a
AK		 3350 .log_start = io_log_start,
3351 .log_stop = io_log_stop,
3352 .log_sync = io_log_sync,
3353 .log_global_start = io_log_global_start,
3354 .log_global_stop = io_log_global_stop,
3355 .eventfd_add = io_eventfd_add,
3356 .eventfd_del = io_eventfd_del,
3357 .priority = 0,
3358};
3359
62152b8a
AK		 3360static void memory_map_init(void)
3361{
7267c094 3362 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3363 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3364 set_system_memory_map(system_memory);
309cb471 3365
7267c094 3366 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3367 memory_region_init(system_io, "io", 65536);
3368 set_system_io_map(system_io);
93632747 3369
4855d41a
AK		 3370 memory_listener_register(&core_memory_listener, system_memory);
3371 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3372}
3373
3374MemoryRegion *get_system_memory(void)
3375{
3376 return system_memory;
3377}
3378
309cb471
AK		 3379MemoryRegion *get_system_io(void)
3380{
3381 return system_io;
3382}
3383
e2eef170
PB		 3384#endif /* !defined(CONFIG_USER_ONLY) */
3385
13eb76e0
FB		 3386/* physical memory access (slow version, mainly for debug) */
3387#if defined(CONFIG_USER_ONLY)
9349b4f9 3388int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3389 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3390{
3391 int l, flags;
3392 target_ulong page;
53a5960a 3393 void * p;
13eb76e0
FB		 3394
3395 while (len > 0) {
3396 page = addr & TARGET_PAGE_MASK;
3397 l = (page + TARGET_PAGE_SIZE) - addr;
3398 if (l > len)
3399 l = len;
3400 flags = page_get_flags(page);
3401 if (!(flags & PAGE_VALID))
a68fe89c 3402 return -1;
13eb76e0
FB		 3403 if (is_write) {
3404 if (!(flags & PAGE_WRITE))
a68fe89c 3405 return -1;
579a97f7 3406 /* XXX: this code should not depend on lock_user */
72fb7daa 3407 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3408 return -1;
72fb7daa
AJ		 3409 memcpy(p, buf, l);
3410 unlock_user(p, addr, l);
13eb76e0
FB		 3411 } else {
3412 if (!(flags & PAGE_READ))
a68fe89c 3413 return -1;
579a97f7 3414 /* XXX: this code should not depend on lock_user */
72fb7daa 3415 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3416 return -1;
72fb7daa 3417 memcpy(buf, p, l);
5b257578 3418 unlock_user(p, addr, 0);
13eb76e0
FB		 3419 }
3420 len -= l;
3421 buf += l;
3422 addr += l;
3423 }
a68fe89c 3424 return 0;
13eb76e0 3425}
8df1cd07 3426
13eb76e0 3427#else
51d7a9eb
AP		 3428
3429static void invalidate_and_set_dirty(target_phys_addr_t addr,
3430 target_phys_addr_t length)
3431{
3432 if (!cpu_physical_memory_is_dirty(addr)) {
3433 /* invalidate code */
3434 tb_invalidate_phys_page_range(addr, addr + length, 0);
3435 /* set dirty bit */
3436 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3437 }
e226939d 3438 xen_modified_memory(addr, length);
51d7a9eb
AP		 3439}
3440
c227f099 3441void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3442 int len, int is_write)
3443{
37ec01d4 3444 int l;
13eb76e0
FB		 3445 uint8_t *ptr;
3446 uint32_t val;
c227f099 3447 target_phys_addr_t page;
f3705d53 3448 MemoryRegionSection *section;
3b46e624 3449
13eb76e0
FB		 3450 while (len > 0) {
3451 page = addr & TARGET_PAGE_MASK;
3452 l = (page + TARGET_PAGE_SIZE) - addr;
3453 if (l > len)
3454 l = len;
06ef3525 3455 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3456
13eb76e0 3457 if (is_write) {
f3705d53 3458 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3459 target_phys_addr_t addr1;
cc5bea60 3460 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3461 /* XXX: could force cpu_single_env to NULL to avoid
3462 potential bugs */
6c2934db 3463 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3464 /* 32 bit write access */
c27004ec 3465 val = ldl_p(buf);
37ec01d4 3466 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3467 l = 4;
6c2934db 3468 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3469 /* 16 bit write access */
c27004ec 3470 val = lduw_p(buf);
37ec01d4 3471 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3472 l = 2;
3473 } else {
1c213d19 3474 /* 8 bit write access */
c27004ec 3475 val = ldub_p(buf);
37ec01d4 3476 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3477 l = 1;
3478 }
f3705d53 3479 } else if (!section->readonly) {
8ca5692d 3480 ram_addr_t addr1;
f3705d53 3481 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3482 + memory_region_section_addr(section, addr);
13eb76e0 3483 /* RAM case */
5579c7f3 3484 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3485 memcpy(ptr, buf, l);
51d7a9eb 3486 invalidate_and_set_dirty(addr1, l);
050a0ddf 3487 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3488 }
3489 } else {
cc5bea60
BS		 3490 if (!(memory_region_is_ram(section->mr) ||
3491 memory_region_is_romd(section->mr))) {
f1f6e3b8 3492 target_phys_addr_t addr1;
13eb76e0 3493 /* I/O case */
cc5bea60 3494 addr1 = memory_region_section_addr(section, addr);
6c2934db 3495 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3496 /* 32 bit read access */
37ec01d4 3497 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3498 stl_p(buf, val);
13eb76e0 3499 l = 4;
6c2934db 3500 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3501 /* 16 bit read access */
37ec01d4 3502 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3503 stw_p(buf, val);
13eb76e0
FB		 3504 l = 2;
3505 } else {
1c213d19 3506 /* 8 bit read access */
37ec01d4 3507 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3508 stb_p(buf, val);
13eb76e0
FB		 3509 l = 1;
3510 }
3511 } else {
3512 /* RAM case */
0a1b357f 3513 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3514 + memory_region_section_addr(section,
3515 addr));
f3705d53 3516 memcpy(buf, ptr, l);
050a0ddf 3517 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3518 }
3519 }
3520 len -= l;
3521 buf += l;
3522 addr += l;
3523 }
3524}
8df1cd07 3525
d0ecd2aa 3526/* used for ROM loading : can write in RAM and ROM */
c227f099 3527void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3528 const uint8_t *buf, int len)
3529{
3530 int l;
3531 uint8_t *ptr;
c227f099 3532 target_phys_addr_t page;
f3705d53 3533 MemoryRegionSection *section;
3b46e624 3534
d0ecd2aa
FB		 3535 while (len > 0) {
3536 page = addr & TARGET_PAGE_MASK;
3537 l = (page + TARGET_PAGE_SIZE) - addr;
3538 if (l > len)
3539 l = len;
06ef3525 3540 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3541
cc5bea60
BS		 3542 if (!(memory_region_is_ram(section->mr) ||
3543 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3544 /* do nothing */
3545 } else {
3546 unsigned long addr1;
f3705d53 3547 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3548 + memory_region_section_addr(section, addr);
d0ecd2aa 3549 /* ROM/RAM case */
5579c7f3 3550 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3551 memcpy(ptr, buf, l);
51d7a9eb 3552 invalidate_and_set_dirty(addr1, l);
050a0ddf 3553 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3554 }
3555 len -= l;
3556 buf += l;
3557 addr += l;
3558 }
3559}
3560
6d16c2f8
AL		 3561typedef struct {
3562 void *buffer;
c227f099
AL		 3563 target_phys_addr_t addr;
3564 target_phys_addr_t len;
6d16c2f8
AL		 3565} BounceBuffer;
3566
3567static BounceBuffer bounce;
3568
ba223c29
AL		 3569typedef struct MapClient {
3570 void *opaque;
3571 void (*callback)(void *opaque);
72cf2d4f 3572 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3573} MapClient;
3574
72cf2d4f
BS		 3575static QLIST_HEAD(map_client_list, MapClient) map_client_list
3576 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3577
3578void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3579{
7267c094 3580 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3581
3582 client->opaque = opaque;
3583 client->callback = callback;
72cf2d4f 3584 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3585 return client;
3586}
3587
3588void cpu_unregister_map_client(void *_client)
3589{
3590 MapClient *client = (MapClient *)_client;
3591
72cf2d4f 3592 QLIST_REMOVE(client, link);
7267c094 3593 g_free(client);
ba223c29
AL		 3594}
3595
3596static void cpu_notify_map_clients(void)
3597{
3598 MapClient *client;
3599
72cf2d4f
BS		 3600 while (!QLIST_EMPTY(&map_client_list)) {
3601 client = QLIST_FIRST(&map_client_list);
ba223c29 3602 client->callback(client->opaque);
34d5e948 3603 cpu_unregister_map_client(client);
ba223c29
AL		 3604 }
3605}
3606
6d16c2f8
AL		 3607/* Map a physical memory region into a host virtual address.
3608 * May map a subset of the requested range, given by and returned in *plen.
3609 * May return NULL if resources needed to perform the mapping are exhausted.
3610 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3611 * Use cpu_register_map_client() to know when retrying the map operation is
3612 * likely to succeed.
6d16c2f8 3613 */
c227f099
AL		 3614void *cpu_physical_memory_map(target_phys_addr_t addr,
3615 target_phys_addr_t *plen,
6d16c2f8
AL		 3616 int is_write)
3617{
c227f099 3618 target_phys_addr_t len = *plen;
38bee5dc 3619 target_phys_addr_t todo = 0;
6d16c2f8 3620 int l;
c227f099 3621 target_phys_addr_t page;
f3705d53 3622 MemoryRegionSection *section;
f15fbc4b 3623 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3624 ram_addr_t rlen;
3625 void *ret;
6d16c2f8
AL		 3626
3627 while (len > 0) {
3628 page = addr & TARGET_PAGE_MASK;
3629 l = (page + TARGET_PAGE_SIZE) - addr;
3630 if (l > len)
3631 l = len;
06ef3525 3632 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3633
f3705d53 3634 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3635 if (todo || bounce.buffer) {
6d16c2f8
AL		 3636 break;
3637 }
3638 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3639 bounce.addr = addr;
3640 bounce.len = l;
3641 if (!is_write) {
54f7b4a3 3642 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3643 }
38bee5dc
SS		 3644
3645 *plen = l;
3646 return bounce.buffer;
6d16c2f8 3647 }
8ab934f9 3648 if (!todo) {
f3705d53 3649 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3650 + memory_region_section_addr(section, addr);
8ab934f9 3651 }
6d16c2f8
AL		 3652
3653 len -= l;
3654 addr += l;
38bee5dc 3655 todo += l;
6d16c2f8 3656 }
8ab934f9
SS		 3657 rlen = todo;
3658 ret = qemu_ram_ptr_length(raddr, &rlen);
3659 *plen = rlen;
3660 return ret;
6d16c2f8
AL		 3661}
3662
3663/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3664 * Will also mark the memory as dirty if is_write == 1. access_len gives
3665 * the amount of memory that was actually read or written by the caller.
3666 */
c227f099
AL		 3667void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3668 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3669{
3670 if (buffer != bounce.buffer) {
3671 if (is_write) {
e890261f 3672 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3673 while (access_len) {
3674 unsigned l;
3675 l = TARGET_PAGE_SIZE;
3676 if (l > access_len)
3677 l = access_len;
51d7a9eb 3678 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3679 addr1 += l;
3680 access_len -= l;
3681 }
3682 }
868bb33f 3683 if (xen_enabled()) {
e41d7c69 3684 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3685 }
6d16c2f8
AL		 3686 return;
3687 }
3688 if (is_write) {
3689 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3690 }
f8a83245 3691 qemu_vfree(bounce.buffer);
6d16c2f8 3692 bounce.buffer = NULL;
ba223c29 3693 cpu_notify_map_clients();
6d16c2f8 3694}
d0ecd2aa 3695
8df1cd07 3696/* warning: addr must be aligned */
1e78bcc1
AG		 3697static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3698 enum device_endian endian)
8df1cd07 3699{
8df1cd07
FB		 3700 uint8_t *ptr;
3701 uint32_t val;
f3705d53 3702 MemoryRegionSection *section;
8df1cd07 3703
06ef3525 3704 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3705
cc5bea60
BS		 3706 if (!(memory_region_is_ram(section->mr) ||
3707 memory_region_is_romd(section->mr))) {
8df1cd07 3708 /* I/O case */
cc5bea60 3709 addr = memory_region_section_addr(section, addr);
37ec01d4 3710 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3711#if defined(TARGET_WORDS_BIGENDIAN)
3712 if (endian == DEVICE_LITTLE_ENDIAN) {
3713 val = bswap32(val);
3714 }
3715#else
3716 if (endian == DEVICE_BIG_ENDIAN) {
3717 val = bswap32(val);
3718 }
3719#endif
8df1cd07
FB		 3720 } else {
3721 /* RAM case */
f3705d53 3722 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3723 & TARGET_PAGE_MASK)
cc5bea60 3724 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3725 switch (endian) {
3726 case DEVICE_LITTLE_ENDIAN:
3727 val = ldl_le_p(ptr);
3728 break;
3729 case DEVICE_BIG_ENDIAN:
3730 val = ldl_be_p(ptr);
3731 break;
3732 default:
3733 val = ldl_p(ptr);
3734 break;
3735 }
8df1cd07
FB		 3736 }
3737 return val;
3738}
3739
1e78bcc1
AG		 3740uint32_t ldl_phys(target_phys_addr_t addr)
3741{
3742 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3743}
3744
3745uint32_t ldl_le_phys(target_phys_addr_t addr)
3746{
3747 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3748}
3749
3750uint32_t ldl_be_phys(target_phys_addr_t addr)
3751{
3752 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3753}
3754
84b7b8e7 3755/* warning: addr must be aligned */
1e78bcc1
AG		 3756static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3757 enum device_endian endian)
84b7b8e7 3758{
84b7b8e7
FB		 3759 uint8_t *ptr;
3760 uint64_t val;
f3705d53 3761 MemoryRegionSection *section;
84b7b8e7 3762
06ef3525 3763 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3764
cc5bea60
BS		 3765 if (!(memory_region_is_ram(section->mr) ||
3766 memory_region_is_romd(section->mr))) {
84b7b8e7 3767 /* I/O case */
cc5bea60 3768 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3769
3770 /* XXX This is broken when device endian != cpu endian.
3771 Fix and add "endian" variable check */
84b7b8e7 3772#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3773 val = io_mem_read(section->mr, addr, 4) << 32;
3774 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3775#else
37ec01d4
AK		 3776 val = io_mem_read(section->mr, addr, 4);
3777 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3778#endif
3779 } else {
3780 /* RAM case */
f3705d53 3781 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3782 & TARGET_PAGE_MASK)
cc5bea60 3783 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3784 switch (endian) {
3785 case DEVICE_LITTLE_ENDIAN:
3786 val = ldq_le_p(ptr);
3787 break;
3788 case DEVICE_BIG_ENDIAN:
3789 val = ldq_be_p(ptr);
3790 break;
3791 default:
3792 val = ldq_p(ptr);
3793 break;
3794 }
84b7b8e7
FB		 3795 }
3796 return val;
3797}
3798
1e78bcc1
AG		 3799uint64_t ldq_phys(target_phys_addr_t addr)
3800{
3801 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3802}
3803
3804uint64_t ldq_le_phys(target_phys_addr_t addr)
3805{
3806 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3807}
3808
3809uint64_t ldq_be_phys(target_phys_addr_t addr)
3810{
3811 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3812}
3813
aab33094 3814/* XXX: optimize */
c227f099 3815uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3816{
3817 uint8_t val;
3818 cpu_physical_memory_read(addr, &val, 1);
3819 return val;
3820}
3821
733f0b02 3822/* warning: addr must be aligned */
1e78bcc1
AG		 3823static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3824 enum device_endian endian)
aab33094 3825{
733f0b02
MT		 3826 uint8_t *ptr;
3827 uint64_t val;
f3705d53 3828 MemoryRegionSection *section;
733f0b02 3829
06ef3525 3830 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3831
cc5bea60
BS		 3832 if (!(memory_region_is_ram(section->mr) ||
3833 memory_region_is_romd(section->mr))) {
733f0b02 3834 /* I/O case */
cc5bea60 3835 addr = memory_region_section_addr(section, addr);
37ec01d4 3836 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3837#if defined(TARGET_WORDS_BIGENDIAN)
3838 if (endian == DEVICE_LITTLE_ENDIAN) {
3839 val = bswap16(val);
3840 }
3841#else
3842 if (endian == DEVICE_BIG_ENDIAN) {
3843 val = bswap16(val);
3844 }
3845#endif
733f0b02
MT		 3846 } else {
3847 /* RAM case */
f3705d53 3848 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3849 & TARGET_PAGE_MASK)
cc5bea60 3850 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3851 switch (endian) {
3852 case DEVICE_LITTLE_ENDIAN:
3853 val = lduw_le_p(ptr);
3854 break;
3855 case DEVICE_BIG_ENDIAN:
3856 val = lduw_be_p(ptr);
3857 break;
3858 default:
3859 val = lduw_p(ptr);
3860 break;
3861 }
733f0b02
MT		 3862 }
3863 return val;
aab33094
FB		 3864}
3865
1e78bcc1
AG		 3866uint32_t lduw_phys(target_phys_addr_t addr)
3867{
3868 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3869}
3870
3871uint32_t lduw_le_phys(target_phys_addr_t addr)
3872{
3873 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3874}
3875
3876uint32_t lduw_be_phys(target_phys_addr_t addr)
3877{
3878 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3879}
3880
8df1cd07
FB		 3881/* warning: addr must be aligned. The ram page is not masked as dirty
3882 and the code inside is not invalidated. It is useful if the dirty
3883 bits are used to track modified PTEs */
c227f099 3884void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3885{
8df1cd07 3886 uint8_t *ptr;
f3705d53 3887 MemoryRegionSection *section;
8df1cd07 3888
06ef3525 3889 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3890
f3705d53 3891 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3892 addr = memory_region_section_addr(section, addr);
f3705d53 3893 if (memory_region_is_ram(section->mr)) {
37ec01d4 3894 section = &phys_sections[phys_section_rom];
06ef3525 3895 }
37ec01d4 3896 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3897 } else {
f3705d53 3898 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3899 & TARGET_PAGE_MASK)
cc5bea60 3900 + memory_region_section_addr(section, addr);
5579c7f3 3901 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3902 stl_p(ptr, val);
74576198
AL		 3903
3904 if (unlikely(in_migration)) {
3905 if (!cpu_physical_memory_is_dirty(addr1)) {
3906 /* invalidate code */
3907 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3908 /* set dirty bit */
f7c11b53
YT		 3909 cpu_physical_memory_set_dirty_flags(
3910 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3911 }
3912 }
8df1cd07
FB		 3913 }
3914}
3915
c227f099 3916void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3917{
bc98a7ef 3918 uint8_t *ptr;
f3705d53 3919 MemoryRegionSection *section;
bc98a7ef 3920
06ef3525 3921 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3922
f3705d53 3923 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3924 addr = memory_region_section_addr(section, addr);
f3705d53 3925 if (memory_region_is_ram(section->mr)) {
37ec01d4 3926 section = &phys_sections[phys_section_rom];
06ef3525 3927 }
bc98a7ef 3928#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3929 io_mem_write(section->mr, addr, val >> 32, 4);
3930 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3931#else
37ec01d4
AK		 3932 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3933 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3934#endif
3935 } else {
f3705d53 3936 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3937 & TARGET_PAGE_MASK)
cc5bea60 3938 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3939 stq_p(ptr, val);
3940 }
3941}
3942
8df1cd07 3943/* warning: addr must be aligned */
1e78bcc1
AG		 3944static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3945 enum device_endian endian)
8df1cd07 3946{
8df1cd07 3947 uint8_t *ptr;
f3705d53 3948 MemoryRegionSection *section;
8df1cd07 3949
06ef3525 3950 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3951
f3705d53 3952 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3953 addr = memory_region_section_addr(section, addr);
f3705d53 3954 if (memory_region_is_ram(section->mr)) {
37ec01d4 3955 section = &phys_sections[phys_section_rom];
06ef3525 3956 }
1e78bcc1
AG		 3957#if defined(TARGET_WORDS_BIGENDIAN)
3958 if (endian == DEVICE_LITTLE_ENDIAN) {
3959 val = bswap32(val);
3960 }
3961#else
3962 if (endian == DEVICE_BIG_ENDIAN) {
3963 val = bswap32(val);
3964 }
3965#endif
37ec01d4 3966 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3967 } else {
3968 unsigned long addr1;
f3705d53 3969 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3970 + memory_region_section_addr(section, addr);
8df1cd07 3971 /* RAM case */
5579c7f3 3972 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3973 switch (endian) {
3974 case DEVICE_LITTLE_ENDIAN:
3975 stl_le_p(ptr, val);
3976 break;
3977 case DEVICE_BIG_ENDIAN:
3978 stl_be_p(ptr, val);
3979 break;
3980 default:
3981 stl_p(ptr, val);
3982 break;
3983 }
51d7a9eb 3984 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3985 }
3986}
3987
1e78bcc1
AG		 3988void stl_phys(target_phys_addr_t addr, uint32_t val)
3989{
3990 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3991}
3992
3993void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3994{
3995 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3996}
3997
3998void stl_be_phys(target_phys_addr_t addr, uint32_t val)
3999{
4000 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4001}
4002
aab33094 4003/* XXX: optimize */
c227f099 4004void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4005{
4006 uint8_t v = val;
4007 cpu_physical_memory_write(addr, &v, 1);
4008}
4009
733f0b02 4010/* warning: addr must be aligned */
1e78bcc1
AG		 4011static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4012 enum device_endian endian)
aab33094 4013{
733f0b02 4014 uint8_t *ptr;
f3705d53 4015 MemoryRegionSection *section;
733f0b02 4016
06ef3525 4017 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4018
f3705d53 4019 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4020 addr = memory_region_section_addr(section, addr);
f3705d53 4021 if (memory_region_is_ram(section->mr)) {
37ec01d4 4022 section = &phys_sections[phys_section_rom];
06ef3525 4023 }
1e78bcc1
AG		 4024#if defined(TARGET_WORDS_BIGENDIAN)
4025 if (endian == DEVICE_LITTLE_ENDIAN) {
4026 val = bswap16(val);
4027 }
4028#else
4029 if (endian == DEVICE_BIG_ENDIAN) {
4030 val = bswap16(val);
4031 }
4032#endif
37ec01d4 4033 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4034 } else {
4035 unsigned long addr1;
f3705d53 4036 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4037 + memory_region_section_addr(section, addr);
733f0b02
MT		 4038 /* RAM case */
4039 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4040 switch (endian) {
4041 case DEVICE_LITTLE_ENDIAN:
4042 stw_le_p(ptr, val);
4043 break;
4044 case DEVICE_BIG_ENDIAN:
4045 stw_be_p(ptr, val);
4046 break;
4047 default:
4048 stw_p(ptr, val);
4049 break;
4050 }
51d7a9eb 4051 invalidate_and_set_dirty(addr1, 2);
733f0b02 4052 }
aab33094
FB		 4053}
4054
1e78bcc1
AG		 4055void stw_phys(target_phys_addr_t addr, uint32_t val)
4056{
4057 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4058}
4059
4060void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4061{
4062 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4063}
4064
4065void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4066{
4067 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4068}
4069
aab33094 4070/* XXX: optimize */
c227f099 4071void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4072{
4073 val = tswap64(val);
71d2b725 4074 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4075}
4076
1e78bcc1
AG		 4077void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4078{
4079 val = cpu_to_le64(val);
4080 cpu_physical_memory_write(addr, &val, 8);
4081}
4082
4083void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4084{
4085 val = cpu_to_be64(val);
4086 cpu_physical_memory_write(addr, &val, 8);
4087}
4088
5e2972fd 4089/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4090int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4091 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4092{
4093 int l;
c227f099 4094 target_phys_addr_t phys_addr;
9b3c35e0 4095 target_ulong page;
13eb76e0
FB		 4096
4097 while (len > 0) {
4098 page = addr & TARGET_PAGE_MASK;
4099 phys_addr = cpu_get_phys_page_debug(env, page);
4100 /* if no physical page mapped, return an error */
4101 if (phys_addr == -1)
4102 return -1;
4103 l = (page + TARGET_PAGE_SIZE) - addr;
4104 if (l > len)
4105 l = len;
5e2972fd 4106 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4107 if (is_write)
4108 cpu_physical_memory_write_rom(phys_addr, buf, l);
4109 else
5e2972fd 4110 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4111 len -= l;
4112 buf += l;
4113 addr += l;
4114 }
4115 return 0;
4116}
a68fe89c 4117#endif
13eb76e0 4118
2e70f6ef
PB		 4119/* in deterministic execution mode, instructions doing device I/Os
4120 must be at the end of the TB */
20503968 4121void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4122{
4123 TranslationBlock *tb;
4124 uint32_t n, cflags;
4125 target_ulong pc, cs_base;
4126 uint64_t flags;
4127
20503968 4128 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4129 if (!tb) {
4130 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4131 (void *)retaddr);
2e70f6ef
PB		 4132 }
4133 n = env->icount_decr.u16.low + tb->icount;
20503968 4134 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4135 /* Calculate how many instructions had been executed before the fault
bf20dc07 4136 occurred. */
2e70f6ef
PB		 4137 n = n - env->icount_decr.u16.low;
4138 /* Generate a new TB ending on the I/O insn. */
4139 n++;
4140 /* On MIPS and SH, delay slot instructions can only be restarted if
4141 they were already the first instruction in the TB. If this is not
bf20dc07 4142 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4143 branch. */
4144#if defined(TARGET_MIPS)
4145 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4146 env->active_tc.PC -= 4;
4147 env->icount_decr.u16.low++;
4148 env->hflags &= ~MIPS_HFLAG_BMASK;
4149 }
4150#elif defined(TARGET_SH4)
4151 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4152 && n > 1) {
4153 env->pc -= 2;
4154 env->icount_decr.u16.low++;
4155 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4156 }
4157#endif
4158 /* This should never happen. */
4159 if (n > CF_COUNT_MASK)
4160 cpu_abort(env, "TB too big during recompile");
4161
4162 cflags = n | CF_LAST_IO;
4163 pc = tb->pc;
4164 cs_base = tb->cs_base;
4165 flags = tb->flags;
4166 tb_phys_invalidate(tb, -1);
4167 /* FIXME: In theory this could raise an exception. In practice
4168 we have already translated the block once so it's probably ok. */
4169 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4170 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4171 the first in the TB) then we end up generating a whole new TB and
4172 repeating the fault, which is horribly inefficient.
4173 Better would be to execute just this insn uncached, or generate a
4174 second new TB. */
4175 cpu_resume_from_signal(env, NULL);
4176}
4177
b3755a91
PB		 4178#if !defined(CONFIG_USER_ONLY)
4179
055403b2 4180void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4181{
4182 int i, target_code_size, max_target_code_size;
4183 int direct_jmp_count, direct_jmp2_count, cross_page;
4184 TranslationBlock *tb;
3b46e624 4185
e3db7226
FB		 4186 target_code_size = 0;
4187 max_target_code_size = 0;
4188 cross_page = 0;
4189 direct_jmp_count = 0;
4190 direct_jmp2_count = 0;
4191 for(i = 0; i < nb_tbs; i++) {
4192 tb = &tbs[i];
4193 target_code_size += tb->size;
4194 if (tb->size > max_target_code_size)
4195 max_target_code_size = tb->size;
4196 if (tb->page_addr[1] != -1)
4197 cross_page++;
4198 if (tb->tb_next_offset[0] != 0xffff) {
4199 direct_jmp_count++;
4200 if (tb->tb_next_offset[1] != 0xffff) {
4201 direct_jmp2_count++;
4202 }
4203 }
4204 }
4205 /* XXX: avoid using doubles ? */
57fec1fe 4206 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4207 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4208 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4209 cpu_fprintf(f, "TB count %d/%d\n",
4210 nb_tbs, code_gen_max_blocks);
5fafdf24 4211 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4212 nb_tbs ? target_code_size / nb_tbs : 0,
4213 max_target_code_size);
055403b2 4214 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4215 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4216 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4217 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4218 cross_page,
e3db7226
FB		 4219 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4220 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4221 direct_jmp_count,
e3db7226
FB		 4222 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4223 direct_jmp2_count,
4224 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4225 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4226 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4227 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4228 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4229 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4230}
4231
82afa586
BH		 4232/*
4233 * A helper function for the _utterly broken_ virtio device model to find out if
4234 * it's running on a big endian machine. Don't do this at home kids!
4235 */
4236bool virtio_is_big_endian(void);
4237bool virtio_is_big_endian(void)
4238{
4239#if defined(TARGET_WORDS_BIGENDIAN)
4240 return true;
4241#else
4242 return false;
4243#endif
4244}
4245
61382a50 4246#endif
76f35538
WC		 4247
4248#ifndef CONFIG_USER_ONLY
4249bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4250{
4251 MemoryRegionSection *section;
4252
4253 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4254
4255 return !(memory_region_is_ram(section->mr) ||
4256 memory_region_is_romd(section->mr));
4257}
4258#endif
Qemu copy for testing