]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qga: drop unused sockaddr in accept(2) call
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
20bccb82
PM		 96#ifdef TARGET_PAGE_BITS_VARY
97int target_page_bits;
98bool target_page_bits_decided;
99#endif
100
bdc44640 101struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 102/* current CPU in the current thread. It is only valid inside
103 cpu_exec() */
f240eb6f 104__thread CPUState *current_cpu;
2e70f6ef 105/* 0 = Do not count executed instructions.
bf20dc07 106 1 = Precise instruction counting.
2e70f6ef 107 2 = Adaptive rate instruction counting. */
5708fc66 108int use_icount;
6a00d601 109
20bccb82
PM		 110bool set_preferred_target_page_bits(int bits)
111{
112 /* The target page size is the lowest common denominator for all
113 * the CPUs in the system, so we can only make it smaller, never
114 * larger. And we can't make it smaller once we've committed to
115 * a particular size.
116 */
117#ifdef TARGET_PAGE_BITS_VARY
118 assert(bits >= TARGET_PAGE_BITS_MIN);
119 if (target_page_bits == 0 || target_page_bits > bits) {
120 if (target_page_bits_decided) {
121 return false;
122 }
123 target_page_bits = bits;
124 }
125#endif
126 return true;
127}
128
e2eef170 129#if !defined(CONFIG_USER_ONLY)
4346ae3e 130
20bccb82
PM		 131static void finalize_target_page_bits(void)
132{
133#ifdef TARGET_PAGE_BITS_VARY
134 if (target_page_bits == 0) {
135 target_page_bits = TARGET_PAGE_BITS_MIN;
136 }
137 target_page_bits_decided = true;
138#endif
139}
140
1db8abb1
PB		 141typedef struct PhysPageEntry PhysPageEntry;
142
143struct PhysPageEntry {
9736e55b 144 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 145 uint32_t skip : 6;
9736e55b 146 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 147 uint32_t ptr : 26;
1db8abb1
PB		 148};
149
8b795765
MT		 150#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
151
03f49957 152/* Size of the L2 (and L3, etc) page tables. */
57271d63 153#define ADDR_SPACE_BITS 64
03f49957 154
026736ce 155#define P_L2_BITS 9
03f49957
PB		 156#define P_L2_SIZE (1 << P_L2_BITS)
157
158#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
159
160typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 161
53cb28cb 162typedef struct PhysPageMap {
79e2b9ae
PB		 163 struct rcu_head rcu;
164
53cb28cb
MA		 165 unsigned sections_nb;
166 unsigned sections_nb_alloc;
167 unsigned nodes_nb;
168 unsigned nodes_nb_alloc;
169 Node *nodes;
170 MemoryRegionSection *sections;
171} PhysPageMap;
172
1db8abb1 173struct AddressSpaceDispatch {
79e2b9ae
PB		 174 struct rcu_head rcu;
175
729633c2 176 MemoryRegionSection *mru_section;
1db8abb1
PB		 177 /* This is a multi-level map on the physical address space.
178 * The bottom level has pointers to MemoryRegionSections.
179 */
180 PhysPageEntry phys_map;
53cb28cb 181 PhysPageMap map;
acc9d80b 182 AddressSpace *as;
1db8abb1
PB		 183};
184
90260c6c
JK		 185#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
186typedef struct subpage_t {
187 MemoryRegion iomem;
acc9d80b 188 AddressSpace *as;
90260c6c 189 hwaddr base;
2615fabd 190 uint16_t sub_section[];
90260c6c
JK		 191} subpage_t;
192
b41aac4f
LPF		 193#define PHYS_SECTION_UNASSIGNED 0
194#define PHYS_SECTION_NOTDIRTY 1
195#define PHYS_SECTION_ROM 2
196#define PHYS_SECTION_WATCH 3
5312bd8b 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
09daed84 200static void tcg_commit(MemoryListener *listener);
e2eef170 201
1ec9b909 202static MemoryRegion io_mem_watch;
32857f4d
PM		 203
204/**
205 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
206 * @cpu: the CPU whose AddressSpace this is
207 * @as: the AddressSpace itself
208 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
209 * @tcg_as_listener: listener for tracking changes to the AddressSpace
210 */
211struct CPUAddressSpace {
212 CPUState *cpu;
213 AddressSpace *as;
214 struct AddressSpaceDispatch *memory_dispatch;
215 MemoryListener tcg_as_listener;
216};
217
6658ffb8 218#endif
fd6ce8f6 219
6d9a1304 220#if !defined(CONFIG_USER_ONLY)
d6f2ea22 221
53cb28cb 222static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 223{
101420b8 224 static unsigned alloc_hint = 16;
53cb28cb 225 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 226 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 227 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
228 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 229 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 230 }
f7bf5461
AK		 231}
232
db94604b 233static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 234{
235 unsigned i;
8b795765 236 uint32_t ret;
db94604b
PB		 237 PhysPageEntry e;
238 PhysPageEntry *p;
f7bf5461 239
53cb28cb 240 ret = map->nodes_nb++;
db94604b 241 p = map->nodes[ret];
f7bf5461 242 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 243 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 244
245 e.skip = leaf ? 0 : 1;
246 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 247 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 248 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 249 }
f7bf5461 250 return ret;
d6f2ea22
AK		 251}
252
53cb28cb
MA		 253static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
254 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 255 int level)
f7bf5461
AK		 256{
257 PhysPageEntry *p;
03f49957 258 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 259
9736e55b 260 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 261 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 262 }
db94604b 263 p = map->nodes[lp->ptr];
03f49957 264 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 265
03f49957 266 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 267 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 268 lp->skip = 0;
c19e8800 269 lp->ptr = leaf;
07f07b31
AK		 270 *index += step;
271 *nb -= step;
2999097b 272 } else {
53cb28cb 273 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 274 }
275 ++lp;
f7bf5461
AK		 276 }
277}
278
ac1970fb 279static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 280 hwaddr index, hwaddr nb,
2999097b 281 uint16_t leaf)
f7bf5461 282{
2999097b 283 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 284 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 285
53cb28cb 286 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 287}
288
b35ba30f
MT		 289/* Compact a non leaf page entry. Simply detect that the entry has a single child,
290 * and update our entry so we can skip it and go directly to the destination.
291 */
efee678d 292static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 293{
294 unsigned valid_ptr = P_L2_SIZE;
295 int valid = 0;
296 PhysPageEntry *p;
297 int i;
298
299 if (lp->ptr == PHYS_MAP_NODE_NIL) {
300 return;
301 }
302
303 p = nodes[lp->ptr];
304 for (i = 0; i < P_L2_SIZE; i++) {
305 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
306 continue;
307 }
308
309 valid_ptr = i;
310 valid++;
311 if (p[i].skip) {
efee678d 312 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 313 }
314 }
315
316 /* We can only compress if there's only one child. */
317 if (valid != 1) {
318 return;
319 }
320
321 assert(valid_ptr < P_L2_SIZE);
322
323 /* Don't compress if it won't fit in the # of bits we have. */
324 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
325 return;
326 }
327
328 lp->ptr = p[valid_ptr].ptr;
329 if (!p[valid_ptr].skip) {
330 /* If our only child is a leaf, make this a leaf. */
331 /* By design, we should have made this node a leaf to begin with so we
332 * should never reach here.
333 * But since it's so simple to handle this, let's do it just in case we
334 * change this rule.
335 */
336 lp->skip = 0;
337 } else {
338 lp->skip += p[valid_ptr].skip;
339 }
340}
341
342static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
343{
b35ba30f 344 if (d->phys_map.skip) {
efee678d 345 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 346 }
347}
348
29cb533d
FZ		 349static inline bool section_covers_addr(const MemoryRegionSection *section,
350 hwaddr addr)
351{
352 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
353 * the section must cover the entire address space.
354 */
258dfaaa 355 return int128_gethi(section->size) ||
29cb533d 356 range_covers_byte(section->offset_within_address_space,
258dfaaa 357 int128_getlo(section->size), addr);
29cb533d
FZ		 358}
359
97115a8d 360static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 361 Node *nodes, MemoryRegionSection *sections)
92e873b9 362{
31ab2b4a 363 PhysPageEntry *p;
97115a8d 364 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 365 int i;
f1f6e3b8 366
9736e55b 367 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 368 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 369 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 370 }
9affd6fc 371 p = nodes[lp.ptr];
03f49957 372 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 373 }
b35ba30f 374
29cb533d 375 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 376 return &sections[lp.ptr];
377 } else {
378 return &sections[PHYS_SECTION_UNASSIGNED];
379 }
f3705d53
AK		 380}
381
e5548617
BS		 382bool memory_region_is_unassigned(MemoryRegion *mr)
383{
2a8e7499 384 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 385 && mr != &io_mem_watch;
fd6ce8f6 386}
149f54b5 387
79e2b9ae 388/* Called from RCU critical section */
c7086b4a 389static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 390 hwaddr addr,
391 bool resolve_subpage)
9f029603 392{
729633c2 393 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 394 subpage_t *subpage;
729633c2 395 bool update;
90260c6c 396
729633c2
FZ		 397 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
398 section_covers_addr(section, addr)) {
399 update = false;
400 } else {
401 section = phys_page_find(d->phys_map, addr, d->map.nodes,
402 d->map.sections);
403 update = true;
404 }
90260c6c
JK		 405 if (resolve_subpage && section->mr->subpage) {
406 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 407 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 408 }
729633c2
FZ		 409 if (update) {
410 atomic_set(&d->mru_section, section);
411 }
90260c6c 412 return section;
9f029603
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416static MemoryRegionSection *
c7086b4a 417address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 418 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 419{
420 MemoryRegionSection *section;
965eb2fc 421 MemoryRegion *mr;
a87f3954 422 Int128 diff;
149f54b5 423
c7086b4a 424 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 425 /* Compute offset within MemoryRegionSection */
426 addr -= section->offset_within_address_space;
427
428 /* Compute offset within MemoryRegion */
429 *xlat = addr + section->offset_within_region;
430
965eb2fc 431 mr = section->mr;
b242e0e0
PB		 432
433 /* MMIO registers can be expected to perform full-width accesses based only
434 * on their address, without considering adjacent registers that could
435 * decode to completely different MemoryRegions. When such registers
436 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
437 * regions overlap wildly. For this reason we cannot clamp the accesses
438 * here.
439 *
440 * If the length is small (as is the case for address_space_ldl/stl),
441 * everything works fine. If the incoming length is large, however,
442 * the caller really has to do the clamping through memory_access_size.
443 */
965eb2fc 444 if (memory_region_is_ram(mr)) {
e4a511f8 445 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 446 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
447 }
149f54b5
PB		 448 return section;
449}
90260c6c 450
41063e1e 451/* Called from RCU critical section */
5c8a00ce
PB		 452MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
453 hwaddr *xlat, hwaddr *plen,
454 bool is_write)
90260c6c 455{
30951157
AK		 456 IOMMUTLBEntry iotlb;
457 MemoryRegionSection *section;
458 MemoryRegion *mr;
30951157
AK		 459
460 for (;;) {
79e2b9ae
PB		 461 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
462 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 463 mr = section->mr;
464
465 if (!mr->iommu_ops) {
466 break;
467 }
468
8d7b8cb9 469 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 470 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
471 | (addr & iotlb.addr_mask));
23820dbf 472 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 473 if (!(iotlb.perm & (1 << is_write))) {
474 mr = &io_mem_unassigned;
475 break;
476 }
477
478 as = iotlb.target_as;
479 }
480
fe680d0d 481 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 482 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 483 *plen = MIN(page, *plen);
a87f3954
PB		 484 }
485
30951157
AK		 486 *xlat = addr;
487 return mr;
90260c6c
JK		 488}
489
79e2b9ae 490/* Called from RCU critical section */
90260c6c 491MemoryRegionSection *
d7898cda 492address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 493 hwaddr *xlat, hwaddr *plen)
90260c6c 494{
30951157 495 MemoryRegionSection *section;
d7898cda
PM		 496 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
497
498 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 499
500 assert(!section->mr->iommu_ops);
501 return section;
90260c6c 502}
5b6dd868 503#endif
fd6ce8f6 504
b170fce3 505#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 506
507static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 508{
259186a7 509 CPUState *cpu = opaque;
a513fe19 510
5b6dd868
BS		 511 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
512 version_id is increased. */
259186a7 513 cpu->interrupt_request &= ~0x01;
c01a71c1 514 tlb_flush(cpu, 1);
5b6dd868
BS		 515
516 return 0;
a513fe19 517}
7501267e 518
6c3bff0e
PD		 519static int cpu_common_pre_load(void *opaque)
520{
521 CPUState *cpu = opaque;
522
adee6424 523 cpu->exception_index = -1;
6c3bff0e
PD		 524
525 return 0;
526}
527
528static bool cpu_common_exception_index_needed(void *opaque)
529{
530 CPUState *cpu = opaque;
531
adee6424 532 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 533}
534
535static const VMStateDescription vmstate_cpu_common_exception_index = {
536 .name = "cpu_common/exception_index",
537 .version_id = 1,
538 .minimum_version_id = 1,
5cd8cada 539 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 540 .fields = (VMStateField[]) {
541 VMSTATE_INT32(exception_index, CPUState),
542 VMSTATE_END_OF_LIST()
543 }
544};
545
bac05aa9
AS		 546static bool cpu_common_crash_occurred_needed(void *opaque)
547{
548 CPUState *cpu = opaque;
549
550 return cpu->crash_occurred;
551}
552
553static const VMStateDescription vmstate_cpu_common_crash_occurred = {
554 .name = "cpu_common/crash_occurred",
555 .version_id = 1,
556 .minimum_version_id = 1,
557 .needed = cpu_common_crash_occurred_needed,
558 .fields = (VMStateField[]) {
559 VMSTATE_BOOL(crash_occurred, CPUState),
560 VMSTATE_END_OF_LIST()
561 }
562};
563
1a1562f5 564const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 565 .name = "cpu_common",
566 .version_id = 1,
567 .minimum_version_id = 1,
6c3bff0e 568 .pre_load = cpu_common_pre_load,
5b6dd868 569 .post_load = cpu_common_post_load,
35d08458 570 .fields = (VMStateField[]) {
259186a7
AF		 571 VMSTATE_UINT32(halted, CPUState),
572 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 573 VMSTATE_END_OF_LIST()
6c3bff0e 574 },
5cd8cada
JQ		 575 .subsections = (const VMStateDescription*[]) {
576 &vmstate_cpu_common_exception_index,
bac05aa9 577 &vmstate_cpu_common_crash_occurred,
5cd8cada 578 NULL
5b6dd868
BS		 579 }
580};
1a1562f5 581
5b6dd868 582#endif
ea041c0e 583
38d8f5c8 584CPUState *qemu_get_cpu(int index)
ea041c0e 585{
bdc44640 586 CPUState *cpu;
ea041c0e 587
bdc44640 588 CPU_FOREACH(cpu) {
55e5c285 589 if (cpu->cpu_index == index) {
bdc44640 590 return cpu;
55e5c285 591 }
ea041c0e 592 }
5b6dd868 593
bdc44640 594 return NULL;
ea041c0e
FB		 595}
596
09daed84 597#if !defined(CONFIG_USER_ONLY)
56943e8c 598void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 599{
12ebc9a7
PM		 600 CPUAddressSpace *newas;
601
602 /* Target code should have set num_ases before calling us */
603 assert(asidx < cpu->num_ases);
604
56943e8c
PM		 605 if (asidx == 0) {
606 /* address space 0 gets the convenience alias */
607 cpu->as = as;
608 }
609
12ebc9a7
PM		 610 /* KVM cannot currently support multiple address spaces. */
611 assert(asidx == 0 || !kvm_enabled());
09daed84 612
12ebc9a7
PM		 613 if (!cpu->cpu_ases) {
614 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 615 }
32857f4d 616
12ebc9a7
PM		 617 newas = &cpu->cpu_ases[asidx];
618 newas->cpu = cpu;
619 newas->as = as;
56943e8c 620 if (tcg_enabled()) {
12ebc9a7
PM		 621 newas->tcg_as_listener.commit = tcg_commit;
622 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 623 }
09daed84 624}
651a5bc0
PM		 625
626AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
627{
628 /* Return the AddressSpace corresponding to the specified index */
629 return cpu->cpu_ases[asidx].as;
630}
09daed84
EI		 631#endif
632
7bbc124e 633void cpu_exec_unrealizefn(CPUState *cpu)
1c59eb39 634{
9dfeca7c
BR		 635 CPUClass *cc = CPU_GET_CLASS(cpu);
636
267f685b 637 cpu_list_remove(cpu);
9dfeca7c
BR		 638
639 if (cc->vmsd != NULL) {
640 vmstate_unregister(NULL, cc->vmsd, cpu);
641 }
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
644 }
1c59eb39
BR		 645}
646
39e329e3 647void cpu_exec_initfn(CPUState *cpu)
ea041c0e 648{
56943e8c 649 cpu->as = NULL;
12ebc9a7 650 cpu->num_ases = 0;
56943e8c 651
291135b5 652#ifndef CONFIG_USER_ONLY
291135b5 653 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 654
655 /* This is a softmmu CPU object, so create a property for it
656 * so users can wire up its memory. (This can't go in qom/cpu.c
657 * because that file is compiled only once for both user-mode
658 * and system builds.) The default if no link is set up is to use
659 * the system address space.
660 */
661 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
662 (Object **)&cpu->memory,
663 qdev_prop_allow_set_link_before_realize,
664 OBJ_PROP_LINK_UNREF_ON_RELEASE,
665 &error_abort);
666 cpu->memory = system_memory;
667 object_ref(OBJECT(cpu->memory));
291135b5 668#endif
39e329e3
LV		 669}
670
ce5b1bbf 671void cpu_exec_realizefn(CPUState *cpu, Error **errp)
39e329e3
LV		 672{
673 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
291135b5 674
267f685b 675 cpu_list_add(cpu);
1bc7e522
IM		 676
677#ifndef CONFIG_USER_ONLY
e0d47944 678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 680 }
b170fce3 681 if (cc->vmsd != NULL) {
741da0d3 682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 683 }
741da0d3 684#endif
ea041c0e
FB		 685}
686
94df27fd 687#if defined(CONFIG_USER_ONLY)
00b941e5 688static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd 689{
ba051fb5
AB		 690 mmap_lock();
691 tb_lock();
94df27fd 692 tb_invalidate_phys_page_range(pc, pc + 1, 0);
ba051fb5
AB		 693 tb_unlock();
694 mmap_unlock();
94df27fd
PB		 695}
696#else
00b941e5 697static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 698{
5232e4c7
PM		 699 MemTxAttrs attrs;
700 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
701 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 702 if (phys != -1) {
ba051fb5 703 /* Locks grabbed by tb_invalidate_phys_addr */
5232e4c7 704 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 705 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 706 }
1e7855a5 707}
c27004ec 708#endif
d720b93d 709
c527ee8f 710#if defined(CONFIG_USER_ONLY)
75a34036 711void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 712
713{
714}
715
3ee887e8
PM		 716int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
717 int flags)
718{
719 return -ENOSYS;
720}
721
722void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
723{
724}
725
75a34036 726int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 727 int flags, CPUWatchpoint **watchpoint)
728{
729 return -ENOSYS;
730}
731#else
6658ffb8 732/* Add a watchpoint. */
75a34036 733int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 734 int flags, CPUWatchpoint **watchpoint)
6658ffb8 735{
c0ce998e 736 CPUWatchpoint *wp;
6658ffb8 737
05068c0d 738 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 739 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 740 error_report("tried to set invalid watchpoint at %"
741 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 742 return -EINVAL;
743 }
7267c094 744 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 745
746 wp->vaddr = addr;
05068c0d 747 wp->len = len;
a1d1bb31
AL		 748 wp->flags = flags;
749
2dc9f411 750 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 751 if (flags & BP_GDB) {
752 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
753 } else {
754 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
755 }
6658ffb8 756
31b030d4 757 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 758
759 if (watchpoint)
760 *watchpoint = wp;
761 return 0;
6658ffb8
PB		 762}
763
a1d1bb31 764/* Remove a specific watchpoint. */
75a34036 765int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 766 int flags)
6658ffb8 767{
a1d1bb31 768 CPUWatchpoint *wp;
6658ffb8 769
ff4700b0 770 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 771 if (addr == wp->vaddr && len == wp->len
6e140f28 772 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 773 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 774 return 0;
775 }
776 }
a1d1bb31 777 return -ENOENT;
6658ffb8
PB		 778}
779
a1d1bb31 780/* Remove a specific watchpoint by reference. */
75a34036 781void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 782{
ff4700b0 783 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 784
31b030d4 785 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 786
7267c094 787 g_free(watchpoint);
a1d1bb31
AL		 788}
789
790/* Remove all matching watchpoints. */
75a34036 791void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 792{
c0ce998e 793 CPUWatchpoint *wp, *next;
a1d1bb31 794
ff4700b0 795 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 796 if (wp->flags & mask) {
797 cpu_watchpoint_remove_by_ref(cpu, wp);
798 }
c0ce998e 799 }
7d03f82f 800}
05068c0d
PM		 801
802/* Return true if this watchpoint address matches the specified
803 * access (ie the address range covered by the watchpoint overlaps
804 * partially or completely with the address range covered by the
805 * access).
806 */
807static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
808 vaddr addr,
809 vaddr len)
810{
811 /* We know the lengths are non-zero, but a little caution is
812 * required to avoid errors in the case where the range ends
813 * exactly at the top of the address space and so addr + len
814 * wraps round to zero.
815 */
816 vaddr wpend = wp->vaddr + wp->len - 1;
817 vaddr addrend = addr + len - 1;
818
819 return !(addr > wpend || wp->vaddr > addrend);
820}
821
c527ee8f 822#endif
7d03f82f 823
a1d1bb31 824/* Add a breakpoint. */
b3310ab3 825int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 826 CPUBreakpoint **breakpoint)
4c3a88a2 827{
c0ce998e 828 CPUBreakpoint *bp;
3b46e624 829
7267c094 830 bp = g_malloc(sizeof(*bp));
4c3a88a2 831
a1d1bb31
AL		 832 bp->pc = pc;
833 bp->flags = flags;
834
2dc9f411 835 /* keep all GDB-injected breakpoints in front */
00b941e5 836 if (flags & BP_GDB) {
f0c3c505 837 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 838 } else {
f0c3c505 839 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 840 }
3b46e624 841
f0c3c505 842 breakpoint_invalidate(cpu, pc);
a1d1bb31 843
00b941e5 844 if (breakpoint) {
a1d1bb31 845 *breakpoint = bp;
00b941e5 846 }
4c3a88a2 847 return 0;
4c3a88a2
FB		 848}
849
a1d1bb31 850/* Remove a specific breakpoint. */
b3310ab3 851int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 852{
a1d1bb31
AL		 853 CPUBreakpoint *bp;
854
f0c3c505 855 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 856 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 857 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 858 return 0;
859 }
7d03f82f 860 }
a1d1bb31 861 return -ENOENT;
7d03f82f
EI		 862}
863
a1d1bb31 864/* Remove a specific breakpoint by reference. */
b3310ab3 865void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 866{
f0c3c505
AF		 867 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
868
869 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 870
7267c094 871 g_free(breakpoint);
a1d1bb31
AL		 872}
873
874/* Remove all matching breakpoints. */
b3310ab3 875void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 876{
c0ce998e 877 CPUBreakpoint *bp, *next;
a1d1bb31 878
f0c3c505 879 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 880 if (bp->flags & mask) {
881 cpu_breakpoint_remove_by_ref(cpu, bp);
882 }
c0ce998e 883 }
4c3a88a2
FB		 884}
885
c33a346e
FB		 886/* enable or disable single step mode. EXCP_DEBUG is returned by the
887 CPU loop after each instruction */
3825b28f 888void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 889{
ed2803da
AF		 890 if (cpu->singlestep_enabled != enabled) {
891 cpu->singlestep_enabled = enabled;
892 if (kvm_enabled()) {
38e478ec 893 kvm_update_guest_debug(cpu, 0);
ed2803da 894 } else {
ccbb4d44 895 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 896 /* XXX: only flush what is necessary */
bbd77c18 897 tb_flush(cpu);
e22a25c9 898 }
c33a346e 899 }
c33a346e
FB		 900}
901
a47dddd7 902void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 903{
904 va_list ap;
493ae1f0 905 va_list ap2;
7501267e
FB		 906
907 va_start(ap, fmt);
493ae1f0 908 va_copy(ap2, ap);
7501267e
FB		 909 fprintf(stderr, "qemu: fatal: ");
910 vfprintf(stderr, fmt, ap);
911 fprintf(stderr, "\n");
878096ee 912 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 913 if (qemu_log_separate()) {
93fcfe39
AL		 914 qemu_log("qemu: fatal: ");
915 qemu_log_vprintf(fmt, ap2);
916 qemu_log("\n");
a0762859 917 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 918 qemu_log_flush();
93fcfe39 919 qemu_log_close();
924edcae 920 }
493ae1f0 921 va_end(ap2);
f9373291 922 va_end(ap);
7615936e 923 replay_finish();
fd052bf6
RV		 924#if defined(CONFIG_USER_ONLY)
925 {
926 struct sigaction act;
927 sigfillset(&act.sa_mask);
928 act.sa_handler = SIG_DFL;
929 sigaction(SIGABRT, &act, NULL);
930 }
931#endif
7501267e
FB		 932 abort();
933}
934
0124311e 935#if !defined(CONFIG_USER_ONLY)
0dc3f44a 936/* Called from RCU critical section */
041603fe
PB		 937static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
938{
939 RAMBlock *block;
940
43771539 941 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 942 if (block && addr - block->offset < block->max_length) {
68851b98 943 return block;
041603fe 944 }
0dc3f44a 945 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 946 if (addr - block->offset < block->max_length) {
041603fe
PB		 947 goto found;
948 }
949 }
950
951 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
952 abort();
953
954found:
43771539
PB		 955 /* It is safe to write mru_block outside the iothread lock. This
956 * is what happens:
957 *
958 * mru_block = xxx
959 * rcu_read_unlock()
960 * xxx removed from list
961 * rcu_read_lock()
962 * read mru_block
963 * mru_block = NULL;
964 * call_rcu(reclaim_ramblock, xxx);
965 * rcu_read_unlock()
966 *
967 * atomic_rcu_set is not needed here. The block was already published
968 * when it was placed into the list. Here we're just making an extra
969 * copy of the pointer.
970 */
041603fe
PB		 971 ram_list.mru_block = block;
972 return block;
973}
974
a2f4d5be 975static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 976{
9a13565d 977 CPUState *cpu;
041603fe 978 ram_addr_t start1;
a2f4d5be
JQ		 979 RAMBlock *block;
980 ram_addr_t end;
981
982 end = TARGET_PAGE_ALIGN(start + length);
983 start &= TARGET_PAGE_MASK;
d24981d3 984
0dc3f44a 985 rcu_read_lock();
041603fe
PB		 986 block = qemu_get_ram_block(start);
987 assert(block == qemu_get_ram_block(end - 1));
1240be24 988 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 989 CPU_FOREACH(cpu) {
990 tlb_reset_dirty(cpu, start1, length);
991 }
0dc3f44a 992 rcu_read_unlock();
d24981d3
JQ		 993}
994
5579c7f3 995/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 996bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
997 ram_addr_t length,
998 unsigned client)
1ccde1cb 999{
5b82b703 1000 DirtyMemoryBlocks *blocks;
03eebc9e 1001 unsigned long end, page;
5b82b703 1002 bool dirty = false;
03eebc9e
SH		 1003
1004 if (length == 0) {
1005 return false;
1006 }
f23db169 1007
03eebc9e
SH		 1008 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1009 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1010
1011 rcu_read_lock();
1012
1013 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1014
1015 while (page < end) {
1016 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1017 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1018 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1019
1020 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1021 offset, num);
1022 page += num;
1023 }
1024
1025 rcu_read_unlock();
03eebc9e
SH		 1026
1027 if (dirty && tcg_enabled()) {
a2f4d5be 1028 tlb_reset_dirty_range_all(start, length);
5579c7f3 1029 }
03eebc9e
SH		 1030
1031 return dirty;
1ccde1cb
FB		 1032}
1033
79e2b9ae 1034/* Called from RCU critical section */
bb0e627a 1035hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1036 MemoryRegionSection *section,
1037 target_ulong vaddr,
1038 hwaddr paddr, hwaddr xlat,
1039 int prot,
1040 target_ulong *address)
e5548617 1041{
a8170e5e 1042 hwaddr iotlb;
e5548617
BS		 1043 CPUWatchpoint *wp;
1044
cc5bea60 1045 if (memory_region_is_ram(section->mr)) {
e5548617 1046 /* Normal RAM. */
e4e69794 1047 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1048 if (!section->readonly) {
b41aac4f 1049 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1050 } else {
b41aac4f 1051 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1052 }
1053 } else {
0b8e2c10
PM		 1054 AddressSpaceDispatch *d;
1055
1056 d = atomic_rcu_read(&section->address_space->dispatch);
1057 iotlb = section - d->map.sections;
149f54b5 1058 iotlb += xlat;
e5548617
BS		 1059 }
1060
1061 /* Make accesses to pages with watchpoints go via the
1062 watchpoint trap routines. */
ff4700b0 1063 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1064 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1065 /* Avoid trapping reads of pages with a write breakpoint. */
1066 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1067 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1068 *address |= TLB_MMIO;
1069 break;
1070 }
1071 }
1072 }
1073
1074 return iotlb;
1075}
9fa3e853
FB		 1076#endif /* defined(CONFIG_USER_ONLY) */
1077
e2eef170 1078#if !defined(CONFIG_USER_ONLY)
8da3ff18 1079
c227f099 1080static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1081 uint16_t section);
acc9d80b 1082static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1083
a2b257d6
IM		 1084static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1085 qemu_anon_ram_alloc;
91138037
MA		 1086
1087/*
1088 * Set a custom physical guest memory alloator.
1089 * Accelerators with unusual needs may need this. Hopefully, we can
1090 * get rid of it eventually.
1091 */
a2b257d6 1092void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1093{
1094 phys_mem_alloc = alloc;
1095}
1096
53cb28cb
MA		 1097static uint16_t phys_section_add(PhysPageMap *map,
1098 MemoryRegionSection *section)
5312bd8b 1099{
68f3f65b
PB		 1100 /* The physical section number is ORed with a page-aligned
1101 * pointer to produce the iotlb entries. Thus it should
1102 * never overflow into the page-aligned value.
1103 */
53cb28cb 1104 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1105
53cb28cb
MA		 1106 if (map->sections_nb == map->sections_nb_alloc) {
1107 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1108 map->sections = g_renew(MemoryRegionSection, map->sections,
1109 map->sections_nb_alloc);
5312bd8b 1110 }
53cb28cb 1111 map->sections[map->sections_nb] = *section;
dfde4e6e 1112 memory_region_ref(section->mr);
53cb28cb 1113 return map->sections_nb++;
5312bd8b
AK		 1114}
1115
058bc4b5
PB		 1116static void phys_section_destroy(MemoryRegion *mr)
1117{
55b4e80b
DS		 1118 bool have_sub_page = mr->subpage;
1119
dfde4e6e
PB		 1120 memory_region_unref(mr);
1121
55b4e80b 1122 if (have_sub_page) {
058bc4b5 1123 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1124 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1125 g_free(subpage);
1126 }
1127}
1128
6092666e 1129static void phys_sections_free(PhysPageMap *map)
5312bd8b 1130{
9affd6fc
PB		 1131 while (map->sections_nb > 0) {
1132 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1133 phys_section_destroy(section->mr);
1134 }
9affd6fc
PB		 1135 g_free(map->sections);
1136 g_free(map->nodes);
5312bd8b
AK		 1137}
1138
ac1970fb 1139static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1140{
1141 subpage_t *subpage;
a8170e5e 1142 hwaddr base = section->offset_within_address_space
0f0cb164 1143 & TARGET_PAGE_MASK;
97115a8d 1144 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1145 d->map.nodes, d->map.sections);
0f0cb164
AK		 1146 MemoryRegionSection subsection = {
1147 .offset_within_address_space = base,
052e87b0 1148 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1149 };
a8170e5e 1150 hwaddr start, end;
0f0cb164 1151
f3705d53 1152 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1153
f3705d53 1154 if (!(existing->mr->subpage)) {
acc9d80b 1155 subpage = subpage_init(d->as, base);
3be91e86 1156 subsection.address_space = d->as;
0f0cb164 1157 subsection.mr = &subpage->iomem;
ac1970fb 1158 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1159 phys_section_add(&d->map, &subsection));
0f0cb164 1160 } else {
f3705d53 1161 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1162 }
1163 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1164 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1165 subpage_register(subpage, start, end,
1166 phys_section_add(&d->map, section));
0f0cb164
AK		 1167}
1168
1169
052e87b0
PB		 1170static void register_multipage(AddressSpaceDispatch *d,
1171 MemoryRegionSection *section)
33417e70 1172{
a8170e5e 1173 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1174 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1175 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1176 TARGET_PAGE_BITS));
dd81124b 1177
733d5ef5
PB		 1178 assert(num_pages);
1179 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1180}
1181
ac1970fb 1182static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1183{
89ae337a 1184 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1185 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1186 MemoryRegionSection now = *section, remain = *section;
052e87b0 1187 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1188
733d5ef5
PB		 1189 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1190 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1191 - now.offset_within_address_space;
1192
052e87b0 1193 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1194 register_subpage(d, &now);
733d5ef5 1195 } else {
052e87b0 1196 now.size = int128_zero();
733d5ef5 1197 }
052e87b0
PB		 1198 while (int128_ne(remain.size, now.size)) {
1199 remain.size = int128_sub(remain.size, now.size);
1200 remain.offset_within_address_space += int128_get64(now.size);
1201 remain.offset_within_region += int128_get64(now.size);
69b67646 1202 now = remain;
052e87b0 1203 if (int128_lt(remain.size, page_size)) {
733d5ef5 1204 register_subpage(d, &now);
88266249 1205 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1206 now.size = page_size;
ac1970fb 1207 register_subpage(d, &now);
69b67646 1208 } else {
052e87b0 1209 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1210 register_multipage(d, &now);
69b67646 1211 }
0f0cb164
AK		 1212 }
1213}
1214
62a2744c
SY		 1215void qemu_flush_coalesced_mmio_buffer(void)
1216{
1217 if (kvm_enabled())
1218 kvm_flush_coalesced_mmio_buffer();
1219}
1220
b2a8658e
UD		 1221void qemu_mutex_lock_ramlist(void)
1222{
1223 qemu_mutex_lock(&ram_list.mutex);
1224}
1225
1226void qemu_mutex_unlock_ramlist(void)
1227{
1228 qemu_mutex_unlock(&ram_list.mutex);
1229}
1230
e1e84ba0 1231#ifdef __linux__
04b16653
AW		 1232static void *file_ram_alloc(RAMBlock *block,
1233 ram_addr_t memory,
7f56e740
PB		 1234 const char *path,
1235 Error **errp)
c902760f 1236{
fd97fd44 1237 bool unlink_on_error = false;
c902760f 1238 char *filename;
8ca761f6
PF		 1239 char *sanitized_name;
1240 char *c;
056b68af 1241 void *area = MAP_FAILED;
5c3ece79 1242 int fd = -1;
c902760f
MT		 1243
1244 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1245 error_setg(errp,
1246 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1247 return NULL;
c902760f
MT		 1248 }
1249
fd97fd44
MA		 1250 for (;;) {
1251 fd = open(path, O_RDWR);
1252 if (fd >= 0) {
1253 /* @path names an existing file, use it */
1254 break;
8d31d6b6 1255 }
fd97fd44
MA		 1256 if (errno == ENOENT) {
1257 /* @path names a file that doesn't exist, create it */
1258 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1259 if (fd >= 0) {
1260 unlink_on_error = true;
1261 break;
1262 }
1263 } else if (errno == EISDIR) {
1264 /* @path names a directory, create a file there */
1265 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1266 sanitized_name = g_strdup(memory_region_name(block->mr));
1267 for (c = sanitized_name; *c != '\0'; c++) {
1268 if (*c == '/') {
1269 *c = '_';
1270 }
1271 }
8ca761f6 1272
fd97fd44
MA		 1273 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1274 sanitized_name);
1275 g_free(sanitized_name);
8d31d6b6 1276
fd97fd44
MA		 1277 fd = mkstemp(filename);
1278 if (fd >= 0) {
1279 unlink(filename);
1280 g_free(filename);
1281 break;
1282 }
1283 g_free(filename);
8d31d6b6 1284 }
fd97fd44
MA		 1285 if (errno != EEXIST && errno != EINTR) {
1286 error_setg_errno(errp, errno,
1287 "can't open backing store %s for guest RAM",
1288 path);
1289 goto error;
1290 }
1291 /*
1292 * Try again on EINTR and EEXIST. The latter happens when
1293 * something else creates the file between our two open().
1294 */
8d31d6b6 1295 }
c902760f 1296
863e9621 1297 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1298 block->mr->align = block->page_size;
1299#if defined(__s390x__)
1300 if (kvm_enabled()) {
1301 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1302 }
1303#endif
fd97fd44 1304
863e9621 1305 if (memory < block->page_size) {
fd97fd44 1306 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1307 "or larger than page size 0x%zx",
1308 memory, block->page_size);
f9a49dfa 1309 goto error;
c902760f 1310 }
c902760f 1311
863e9621 1312 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1313
1314 /*
1315 * ftruncate is not supported by hugetlbfs in older
1316 * hosts, so don't bother bailing out on errors.
1317 * If anything goes wrong with it under other filesystems,
1318 * mmap will fail.
1319 */
7f56e740 1320 if (ftruncate(fd, memory)) {
9742bf26 1321 perror("ftruncate");
7f56e740 1322 }
c902760f 1323
d2f39add
DD		 1324 area = qemu_ram_mmap(fd, memory, block->mr->align,
1325 block->flags & RAM_SHARED);
c902760f 1326 if (area == MAP_FAILED) {
7f56e740 1327 error_setg_errno(errp, errno,
fd97fd44 1328 "unable to map backing store for guest RAM");
f9a49dfa 1329 goto error;
c902760f 1330 }
ef36fa14
MT		 1331
1332 if (mem_prealloc) {
056b68af
IM		 1333 os_mem_prealloc(fd, area, memory, errp);
1334 if (errp && *errp) {
1335 goto error;
1336 }
ef36fa14
MT		 1337 }
1338
04b16653 1339 block->fd = fd;
c902760f 1340 return area;
f9a49dfa
MT		 1341
1342error:
056b68af
IM		 1343 if (area != MAP_FAILED) {
1344 qemu_ram_munmap(area, memory);
1345 }
fd97fd44
MA		 1346 if (unlink_on_error) {
1347 unlink(path);
1348 }
5c3ece79
PB		 1349 if (fd != -1) {
1350 close(fd);
1351 }
f9a49dfa 1352 return NULL;
c902760f
MT		 1353}
1354#endif
1355
0dc3f44a 1356/* Called with the ramlist lock held. */
d17b5288 1357static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1358{
1359 RAMBlock *block, *next_block;
3e837b2c 1360 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1361
49cd9ac6
SH		 1362 assert(size != 0); /* it would hand out same offset multiple times */
1363
0dc3f44a 1364 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1365 return 0;
0d53d9fe 1366 }
04b16653 1367
0dc3f44a 1368 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1369 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1370
62be4e3a 1371 end = block->offset + block->max_length;
04b16653 1372
0dc3f44a 1373 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1374 if (next_block->offset >= end) {
1375 next = MIN(next, next_block->offset);
1376 }
1377 }
1378 if (next - end >= size && next - end < mingap) {
3e837b2c 1379 offset = end;
04b16653
AW		 1380 mingap = next - end;
1381 }
1382 }
3e837b2c
AW		 1383
1384 if (offset == RAM_ADDR_MAX) {
1385 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1386 (uint64_t)size);
1387 abort();
1388 }
1389
04b16653
AW		 1390 return offset;
1391}
1392
652d7ec2 1393ram_addr_t last_ram_offset(void)
d17b5288
AW		 1394{
1395 RAMBlock *block;
1396 ram_addr_t last = 0;
1397
0dc3f44a
MD		 1398 rcu_read_lock();
1399 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1400 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1401 }
0dc3f44a 1402 rcu_read_unlock();
d17b5288
AW		 1403 return last;
1404}
1405
ddb97f1d
JB		 1406static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1407{
1408 int ret;
ddb97f1d
JB		 1409
1410 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1411 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1412 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1413 if (ret) {
1414 perror("qemu_madvise");
1415 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1416 "but dump_guest_core=off specified\n");
1417 }
1418 }
1419}
1420
422148d3
DDAG		 1421const char *qemu_ram_get_idstr(RAMBlock *rb)
1422{
1423 return rb->idstr;
1424}
1425
ae3a7047 1426/* Called with iothread lock held. */
fa53a0e5 1427void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1428{
fa53a0e5 1429 RAMBlock *block;
20cfe881 1430
c5705a77
AK		 1431 assert(new_block);
1432 assert(!new_block->idstr[0]);
84b89d78 1433
09e5ab63
AL		 1434 if (dev) {
1435 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1436 if (id) {
1437 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1438 g_free(id);
84b89d78
CM		 1439 }
1440 }
1441 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1442
ab0a9956 1443 rcu_read_lock();
0dc3f44a 1444 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1445 if (block != new_block &&
1446 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1447 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1448 new_block->idstr);
1449 abort();
1450 }
1451 }
0dc3f44a 1452 rcu_read_unlock();
c5705a77
AK		 1453}
1454
ae3a7047 1455/* Called with iothread lock held. */
fa53a0e5 1456void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1457{
ae3a7047
MD		 1458 /* FIXME: arch_init.c assumes that this is not called throughout
1459 * migration. Ignore the problem since hot-unplug during migration
1460 * does not work anyway.
1461 */
20cfe881
HT		 1462 if (block) {
1463 memset(block->idstr, 0, sizeof(block->idstr));
1464 }
1465}
1466
863e9621
DDAG		 1467size_t qemu_ram_pagesize(RAMBlock *rb)
1468{
1469 return rb->page_size;
1470}
1471
8490fc78
LC		 1472static int memory_try_enable_merging(void *addr, size_t len)
1473{
75cc7f01 1474 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1475 /* disabled by the user */
1476 return 0;
1477 }
1478
1479 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1480}
1481
62be4e3a
MT		 1482/* Only legal before guest might have detected the memory size: e.g. on
1483 * incoming migration, or right after reset.
1484 *
1485 * As memory core doesn't know how is memory accessed, it is up to
1486 * resize callback to update device state and/or add assertions to detect
1487 * misuse, if necessary.
1488 */
fa53a0e5 1489int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1490{
62be4e3a
MT		 1491 assert(block);
1492
4ed023ce 1493 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1494
62be4e3a
MT		 1495 if (block->used_length == newsize) {
1496 return 0;
1497 }
1498
1499 if (!(block->flags & RAM_RESIZEABLE)) {
1500 error_setg_errno(errp, EINVAL,
1501 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1502 " in != 0x" RAM_ADDR_FMT, block->idstr,
1503 newsize, block->used_length);
1504 return -EINVAL;
1505 }
1506
1507 if (block->max_length < newsize) {
1508 error_setg_errno(errp, EINVAL,
1509 "Length too large: %s: 0x" RAM_ADDR_FMT
1510 " > 0x" RAM_ADDR_FMT, block->idstr,
1511 newsize, block->max_length);
1512 return -EINVAL;
1513 }
1514
1515 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1516 block->used_length = newsize;
58d2707e
PB		 1517 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1518 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1519 memory_region_set_size(block->mr, newsize);
1520 if (block->resized) {
1521 block->resized(block->idstr, newsize, block->host);
1522 }
1523 return 0;
1524}
1525
5b82b703
SH		 1526/* Called with ram_list.mutex held */
1527static void dirty_memory_extend(ram_addr_t old_ram_size,
1528 ram_addr_t new_ram_size)
1529{
1530 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1531 DIRTY_MEMORY_BLOCK_SIZE);
1532 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1533 DIRTY_MEMORY_BLOCK_SIZE);
1534 int i;
1535
1536 /* Only need to extend if block count increased */
1537 if (new_num_blocks <= old_num_blocks) {
1538 return;
1539 }
1540
1541 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1542 DirtyMemoryBlocks *old_blocks;
1543 DirtyMemoryBlocks *new_blocks;
1544 int j;
1545
1546 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1547 new_blocks = g_malloc(sizeof(*new_blocks) +
1548 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1549
1550 if (old_num_blocks) {
1551 memcpy(new_blocks->blocks, old_blocks->blocks,
1552 old_num_blocks * sizeof(old_blocks->blocks[0]));
1553 }
1554
1555 for (j = old_num_blocks; j < new_num_blocks; j++) {
1556 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1557 }
1558
1559 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1560
1561 if (old_blocks) {
1562 g_free_rcu(old_blocks, rcu);
1563 }
1564 }
1565}
1566
528f46af 1567static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1568{
e1c57ab8 1569 RAMBlock *block;
0d53d9fe 1570 RAMBlock *last_block = NULL;
2152f5ca 1571 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1572 Error *err = NULL;
2152f5ca
JQ		 1573
1574 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1575
b2a8658e 1576 qemu_mutex_lock_ramlist();
9b8424d5 1577 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1578
1579 if (!new_block->host) {
1580 if (xen_enabled()) {
9b8424d5 1581 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1582 new_block->mr, &err);
1583 if (err) {
1584 error_propagate(errp, err);
1585 qemu_mutex_unlock_ramlist();
39c350ee 1586 return;
37aa7a0e 1587 }
e1c57ab8 1588 } else {
9b8424d5 1589 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1590 &new_block->mr->align);
39228250 1591 if (!new_block->host) {
ef701d7b
HT		 1592 error_setg_errno(errp, errno,
1593 "cannot set up guest memory '%s'",
1594 memory_region_name(new_block->mr));
1595 qemu_mutex_unlock_ramlist();
39c350ee 1596 return;
39228250 1597 }
9b8424d5 1598 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1599 }
c902760f 1600 }
94a6b54f 1601
dd631697
LZ		 1602 new_ram_size = MAX(old_ram_size,
1603 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1604 if (new_ram_size > old_ram_size) {
1605 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1606 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1607 }
0d53d9fe
MD		 1608 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1609 * QLIST (which has an RCU-friendly variant) does not have insertion at
1610 * tail, so save the last element in last_block.
1611 */
0dc3f44a 1612 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1613 last_block = block;
9b8424d5 1614 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1615 break;
1616 }
1617 }
1618 if (block) {
0dc3f44a 1619 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1620 } else if (last_block) {
0dc3f44a 1621 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1622 } else { /* list is empty */
0dc3f44a 1623 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1624 }
0d6d3c87 1625 ram_list.mru_block = NULL;
94a6b54f 1626
0dc3f44a
MD		 1627 /* Write list before version */
1628 smp_wmb();
f798b07f 1629 ram_list.version++;
b2a8658e 1630 qemu_mutex_unlock_ramlist();
f798b07f 1631
9b8424d5 1632 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1633 new_block->used_length,
1634 DIRTY_CLIENTS_ALL);
94a6b54f 1635
a904c911
PB		 1636 if (new_block->host) {
1637 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1638 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1639 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1640 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1641 }
94a6b54f 1642}
e9a1ab19 1643
0b183fc8 1644#ifdef __linux__
528f46af
FZ		 1645RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1646 bool share, const char *mem_path,
1647 Error **errp)
e1c57ab8
PB		 1648{
1649 RAMBlock *new_block;
ef701d7b 1650 Error *local_err = NULL;
e1c57ab8
PB		 1651
1652 if (xen_enabled()) {
7f56e740 1653 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1654 return NULL;
e1c57ab8
PB		 1655 }
1656
1657 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1658 /*
1659 * file_ram_alloc() needs to allocate just like
1660 * phys_mem_alloc, but we haven't bothered to provide
1661 * a hook there.
1662 */
7f56e740
PB		 1663 error_setg(errp,
1664 "-mem-path not supported with this accelerator");
528f46af 1665 return NULL;
e1c57ab8
PB		 1666 }
1667
4ed023ce 1668 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1669 new_block = g_malloc0(sizeof(*new_block));
1670 new_block->mr = mr;
9b8424d5
MT		 1671 new_block->used_length = size;
1672 new_block->max_length = size;
dbcb8981 1673 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1674 new_block->host = file_ram_alloc(new_block, size,
1675 mem_path, errp);
1676 if (!new_block->host) {
1677 g_free(new_block);
528f46af 1678 return NULL;
7f56e740
PB		 1679 }
1680
528f46af 1681 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1682 if (local_err) {
1683 g_free(new_block);
1684 error_propagate(errp, local_err);
528f46af 1685 return NULL;
ef701d7b 1686 }
528f46af 1687 return new_block;
e1c57ab8 1688}
0b183fc8 1689#endif
e1c57ab8 1690
62be4e3a 1691static
528f46af
FZ		 1692RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1693 void (*resized)(const char*,
1694 uint64_t length,
1695 void *host),
1696 void *host, bool resizeable,
1697 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1698{
1699 RAMBlock *new_block;
ef701d7b 1700 Error *local_err = NULL;
e1c57ab8 1701
4ed023ce
DDAG		 1702 size = HOST_PAGE_ALIGN(size);
1703 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1704 new_block = g_malloc0(sizeof(*new_block));
1705 new_block->mr = mr;
62be4e3a 1706 new_block->resized = resized;
9b8424d5
MT		 1707 new_block->used_length = size;
1708 new_block->max_length = max_size;
62be4e3a 1709 assert(max_size >= size);
e1c57ab8 1710 new_block->fd = -1;
863e9621 1711 new_block->page_size = getpagesize();
e1c57ab8
PB		 1712 new_block->host = host;
1713 if (host) {
7bd4f430 1714 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1715 }
62be4e3a
MT		 1716 if (resizeable) {
1717 new_block->flags |= RAM_RESIZEABLE;
1718 }
528f46af 1719 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1720 if (local_err) {
1721 g_free(new_block);
1722 error_propagate(errp, local_err);
528f46af 1723 return NULL;
ef701d7b 1724 }
528f46af 1725 return new_block;
e1c57ab8
PB		 1726}
1727
528f46af 1728RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1729 MemoryRegion *mr, Error **errp)
1730{
1731 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1732}
1733
528f46af 1734RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1735{
62be4e3a
MT		 1736 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1737}
1738
528f46af 1739RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1740 void (*resized)(const char*,
1741 uint64_t length,
1742 void *host),
1743 MemoryRegion *mr, Error **errp)
1744{
1745 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1746}
1747
43771539
PB		 1748static void reclaim_ramblock(RAMBlock *block)
1749{
1750 if (block->flags & RAM_PREALLOC) {
1751 ;
1752 } else if (xen_enabled()) {
1753 xen_invalidate_map_cache_entry(block->host);
1754#ifndef _WIN32
1755 } else if (block->fd >= 0) {
2f3a2bb1 1756 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1757 close(block->fd);
1758#endif
1759 } else {
1760 qemu_anon_ram_free(block->host, block->max_length);
1761 }
1762 g_free(block);
1763}
1764
f1060c55 1765void qemu_ram_free(RAMBlock *block)
e9a1ab19 1766{
85bc2a15
MAL		 1767 if (!block) {
1768 return;
1769 }
1770
b2a8658e 1771 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1772 QLIST_REMOVE_RCU(block, next);
1773 ram_list.mru_block = NULL;
1774 /* Write list before version */
1775 smp_wmb();
1776 ram_list.version++;
1777 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1778 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1779}
1780
cd19cfa2
HY		 1781#ifndef _WIN32
1782void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1783{
1784 RAMBlock *block;
1785 ram_addr_t offset;
1786 int flags;
1787 void *area, *vaddr;
1788
0dc3f44a 1789 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1790 offset = addr - block->offset;
9b8424d5 1791 if (offset < block->max_length) {
1240be24 1792 vaddr = ramblock_ptr(block, offset);
7bd4f430 1793 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1794 ;
dfeaf2ab
MA		 1795 } else if (xen_enabled()) {
1796 abort();
cd19cfa2
HY		 1797 } else {
1798 flags = MAP_FIXED;
3435f395 1799 if (block->fd >= 0) {
dbcb8981
PB		 1800 flags |= (block->flags & RAM_SHARED ?
1801 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1802 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1803 flags, block->fd, offset);
cd19cfa2 1804 } else {
2eb9fbaa
MA		 1805 /*
1806 * Remap needs to match alloc. Accelerators that
1807 * set phys_mem_alloc never remap. If they did,
1808 * we'd need a remap hook here.
1809 */
1810 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1811
cd19cfa2
HY		 1812 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1813 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1814 flags, -1, 0);
cd19cfa2
HY		 1815 }
1816 if (area != vaddr) {
f15fbc4b
AP		 1817 fprintf(stderr, "Could not remap addr: "
1818 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1819 length, addr);
1820 exit(1);
1821 }
8490fc78 1822 memory_try_enable_merging(vaddr, length);
ddb97f1d 1823 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1824 }
cd19cfa2
HY		 1825 }
1826 }
1827}
1828#endif /* !_WIN32 */
1829
1b5ec234 1830/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1831 * This should not be used for general purpose DMA. Use address_space_map
1832 * or address_space_rw instead. For local memory (e.g. video ram) that the
1833 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1834 *
49b24afc 1835 * Called within RCU critical section.
1b5ec234 1836 */
0878d0e1 1837void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1838{
3655cb9c
GA		 1839 RAMBlock *block = ram_block;
1840
1841 if (block == NULL) {
1842 block = qemu_get_ram_block(addr);
0878d0e1 1843 addr -= block->offset;
3655cb9c 1844 }
ae3a7047
MD		 1845
1846 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1847 /* We need to check if the requested address is in the RAM
1848 * because we don't want to map the entire memory in QEMU.
1849 * In that case just map until the end of the page.
1850 */
1851 if (block->offset == 0) {
49b24afc 1852 return xen_map_cache(addr, 0, 0);
0d6d3c87 1853 }
ae3a7047
MD		 1854
1855 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1856 }
0878d0e1 1857 return ramblock_ptr(block, addr);
dc828ca1
PB		 1858}
1859
0878d0e1 1860/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1861 * but takes a size argument.
0dc3f44a 1862 *
e81bcda5 1863 * Called within RCU critical section.
ae3a7047 1864 */
3655cb9c
GA		 1865static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1866 hwaddr *size)
38bee5dc 1867{
3655cb9c 1868 RAMBlock *block = ram_block;
8ab934f9
SS		 1869 if (*size == 0) {
1870 return NULL;
1871 }
e81bcda5 1872
3655cb9c
GA		 1873 if (block == NULL) {
1874 block = qemu_get_ram_block(addr);
0878d0e1 1875 addr -= block->offset;
3655cb9c 1876 }
0878d0e1 1877 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1878
1879 if (xen_enabled() && block->host == NULL) {
1880 /* We need to check if the requested address is in the RAM
1881 * because we don't want to map the entire memory in QEMU.
1882 * In that case just map the requested area.
1883 */
1884 if (block->offset == 0) {
1885 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1886 }
1887
e81bcda5 1888 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1889 }
e81bcda5 1890
0878d0e1 1891 return ramblock_ptr(block, addr);
38bee5dc
SS		 1892}
1893
422148d3
DDAG		 1894/*
1895 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1896 * in that RAMBlock.
1897 *
1898 * ptr: Host pointer to look up
1899 * round_offset: If true round the result offset down to a page boundary
1900 * *ram_addr: set to result ram_addr
1901 * *offset: set to result offset within the RAMBlock
1902 *
1903 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1904 *
1905 * By the time this function returns, the returned pointer is not protected
1906 * by RCU anymore. If the caller is not within an RCU critical section and
1907 * does not hold the iothread lock, it must have other means of protecting the
1908 * pointer, such as a reference to the region that includes the incoming
1909 * ram_addr_t.
1910 */
422148d3 1911RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1912 ram_addr_t *offset)
5579c7f3 1913{
94a6b54f
PB		 1914 RAMBlock *block;
1915 uint8_t *host = ptr;
1916
868bb33f 1917 if (xen_enabled()) {
f615f396 1918 ram_addr_t ram_addr;
0dc3f44a 1919 rcu_read_lock();
f615f396
PB		 1920 ram_addr = xen_ram_addr_from_mapcache(ptr);
1921 block = qemu_get_ram_block(ram_addr);
422148d3 1922 if (block) {
d6b6aec4 1923 *offset = ram_addr - block->offset;
422148d3 1924 }
0dc3f44a 1925 rcu_read_unlock();
422148d3 1926 return block;
712c2b41
SS		 1927 }
1928
0dc3f44a
MD		 1929 rcu_read_lock();
1930 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1931 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1932 goto found;
1933 }
1934
0dc3f44a 1935 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1936 /* This case append when the block is not mapped. */
1937 if (block->host == NULL) {
1938 continue;
1939 }
9b8424d5 1940 if (host - block->host < block->max_length) {
23887b79 1941 goto found;
f471a17e 1942 }
94a6b54f 1943 }
432d268c 1944
0dc3f44a 1945 rcu_read_unlock();
1b5ec234 1946 return NULL;
23887b79
PB		 1947
1948found:
422148d3
DDAG		 1949 *offset = (host - block->host);
1950 if (round_offset) {
1951 *offset &= TARGET_PAGE_MASK;
1952 }
0dc3f44a 1953 rcu_read_unlock();
422148d3
DDAG		 1954 return block;
1955}
1956
e3dd7493
DDAG		 1957/*
1958 * Finds the named RAMBlock
1959 *
1960 * name: The name of RAMBlock to find
1961 *
1962 * Returns: RAMBlock (or NULL if not found)
1963 */
1964RAMBlock *qemu_ram_block_by_name(const char *name)
1965{
1966 RAMBlock *block;
1967
1968 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1969 if (!strcmp(name, block->idstr)) {
1970 return block;
1971 }
1972 }
1973
1974 return NULL;
1975}
1976
422148d3
DDAG		 1977/* Some of the softmmu routines need to translate from a host pointer
1978 (typically a TLB entry) back to a ram offset. */
07bdaa41 1979ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1980{
1981 RAMBlock *block;
f615f396 1982 ram_addr_t offset;
422148d3 1983
f615f396 1984 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1985 if (!block) {
07bdaa41 1986 return RAM_ADDR_INVALID;
422148d3
DDAG		 1987 }
1988
07bdaa41 1989 return block->offset + offset;
e890261f 1990}
f471a17e 1991
49b24afc 1992/* Called within RCU critical section. */
a8170e5e 1993static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1994 uint64_t val, unsigned size)
9fa3e853 1995{
ba051fb5
AB		 1996 bool locked = false;
1997
52159192 1998 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
ba051fb5
AB		 1999 locked = true;
2000 tb_lock();
0e0df1e2 2001 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2002 }
0e0df1e2
AK		 2003 switch (size) {
2004 case 1:
0878d0e1 2005 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2006 break;
2007 case 2:
0878d0e1 2008 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2009 break;
2010 case 4:
0878d0e1 2011 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2012 break;
2013 default:
2014 abort();
3a7d929e 2015 }
ba051fb5
AB		 2016
2017 if (locked) {
2018 tb_unlock();
2019 }
2020
58d2707e
PB		 2021 /* Set both VGA and migration bits for simplicity and to remove
2022 * the notdirty callback faster.
2023 */
2024 cpu_physical_memory_set_dirty_range(ram_addr, size,
2025 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2026 /* we remove the notdirty callback only if the code has been
2027 flushed */
a2cd8c85 2028 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2029 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2030 }
9fa3e853
FB		 2031}
2032
b018ddf6
PB		 2033static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2034 unsigned size, bool is_write)
2035{
2036 return is_write;
2037}
2038
0e0df1e2 2039static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2040 .write = notdirty_mem_write,
b018ddf6 2041 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2042 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2043};
2044
0f459d16 2045/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2046static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2047{
93afeade 2048 CPUState *cpu = current_cpu;
568496c0 2049 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2050 CPUArchState *env = cpu->env_ptr;
06d55cc1 2051 target_ulong pc, cs_base;
0f459d16 2052 target_ulong vaddr;
a1d1bb31 2053 CPUWatchpoint *wp;
89fee74a 2054 uint32_t cpu_flags;
0f459d16 2055
ff4700b0 2056 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2057 /* We re-entered the check after replacing the TB. Now raise
2058 * the debug interrupt so that is will trigger after the
2059 * current instruction. */
93afeade 2060 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2061 return;
2062 }
93afeade 2063 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2064 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2065 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2066 && (wp->flags & flags)) {
08225676
PM		 2067 if (flags == BP_MEM_READ) {
2068 wp->flags |= BP_WATCHPOINT_HIT_READ;
2069 } else {
2070 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2071 }
2072 wp->hitaddr = vaddr;
66b9b43c 2073 wp->hitattrs = attrs;
ff4700b0 2074 if (!cpu->watchpoint_hit) {
568496c0
SF		 2075 if (wp->flags & BP_CPU &&
2076 !cc->debug_check_watchpoint(cpu, wp)) {
2077 wp->flags &= ~BP_WATCHPOINT_HIT;
2078 continue;
2079 }
ff4700b0 2080 cpu->watchpoint_hit = wp;
a5e99826
FK		 2081
2082 /* The tb_lock will be reset when cpu_loop_exit or
2083 * cpu_loop_exit_noexc longjmp back into the cpu_exec
2084 * main loop.
2085 */
2086 tb_lock();
239c51a5 2087 tb_check_watchpoint(cpu);
6e140f28 2088 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2089 cpu->exception_index = EXCP_DEBUG;
5638d180 2090 cpu_loop_exit(cpu);
6e140f28
AL		 2091 } else {
2092 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2093 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2094 cpu_loop_exit_noexc(cpu);
6e140f28 2095 }
06d55cc1 2096 }
6e140f28
AL		 2097 } else {
2098 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2099 }
2100 }
2101}
2102
6658ffb8
PB		 2103/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2104 so these check for a hit then pass through to the normal out-of-line
2105 phys routines. */
66b9b43c
PM		 2106static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2107 unsigned size, MemTxAttrs attrs)
6658ffb8 2108{
66b9b43c
PM		 2109 MemTxResult res;
2110 uint64_t data;
79ed0416
PM		 2111 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2112 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2113
2114 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2115 switch (size) {
66b9b43c 2116 case 1:
79ed0416 2117 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2118 break;
2119 case 2:
79ed0416 2120 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2121 break;
2122 case 4:
79ed0416 2123 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2124 break;
1ec9b909
AK		 2125 default: abort();
2126 }
66b9b43c
PM		 2127 *pdata = data;
2128 return res;
6658ffb8
PB		 2129}
2130
66b9b43c
PM		 2131static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2132 uint64_t val, unsigned size,
2133 MemTxAttrs attrs)
6658ffb8 2134{
66b9b43c 2135 MemTxResult res;
79ed0416
PM		 2136 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2137 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2138
2139 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2140 switch (size) {
67364150 2141 case 1:
79ed0416 2142 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2143 break;
2144 case 2:
79ed0416 2145 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2146 break;
2147 case 4:
79ed0416 2148 address_space_stl(as, addr, val, attrs, &res);
67364150 2149 break;
1ec9b909
AK		 2150 default: abort();
2151 }
66b9b43c 2152 return res;
6658ffb8
PB		 2153}
2154
1ec9b909 2155static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2156 .read_with_attrs = watch_mem_read,
2157 .write_with_attrs = watch_mem_write,
1ec9b909 2158 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2159};
6658ffb8 2160
f25a49e0
PM		 2161static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2162 unsigned len, MemTxAttrs attrs)
db7b5426 2163{
acc9d80b 2164 subpage_t *subpage = opaque;
ff6cff75 2165 uint8_t buf[8];
5c9eb028 2166 MemTxResult res;
791af8c8 2167
db7b5426 2168#if defined(DEBUG_SUBPAGE)
016e9d62 2169 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2170 subpage, len, addr);
db7b5426 2171#endif
5c9eb028
PM		 2172 res = address_space_read(subpage->as, addr + subpage->base,
2173 attrs, buf, len);
2174 if (res) {
2175 return res;
f25a49e0 2176 }
acc9d80b
JK		 2177 switch (len) {
2178 case 1:
f25a49e0
PM		 2179 *data = ldub_p(buf);
2180 return MEMTX_OK;
acc9d80b 2181 case 2:
f25a49e0
PM		 2182 *data = lduw_p(buf);
2183 return MEMTX_OK;
acc9d80b 2184 case 4:
f25a49e0
PM		 2185 *data = ldl_p(buf);
2186 return MEMTX_OK;
ff6cff75 2187 case 8:
f25a49e0
PM		 2188 *data = ldq_p(buf);
2189 return MEMTX_OK;
acc9d80b
JK		 2190 default:
2191 abort();
2192 }
db7b5426
BS		 2193}
2194
f25a49e0
PM		 2195static MemTxResult subpage_write(void *opaque, hwaddr addr,
2196 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2197{
acc9d80b 2198 subpage_t *subpage = opaque;
ff6cff75 2199 uint8_t buf[8];
acc9d80b 2200
db7b5426 2201#if defined(DEBUG_SUBPAGE)
016e9d62 2202 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2203 " value %"PRIx64"\n",
2204 __func__, subpage, len, addr, value);
db7b5426 2205#endif
acc9d80b
JK		 2206 switch (len) {
2207 case 1:
2208 stb_p(buf, value);
2209 break;
2210 case 2:
2211 stw_p(buf, value);
2212 break;
2213 case 4:
2214 stl_p(buf, value);
2215 break;
ff6cff75
PB		 2216 case 8:
2217 stq_p(buf, value);
2218 break;
acc9d80b
JK		 2219 default:
2220 abort();
2221 }
5c9eb028
PM		 2222 return address_space_write(subpage->as, addr + subpage->base,
2223 attrs, buf, len);
db7b5426
BS		 2224}
2225
c353e4cc 2226static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2227 unsigned len, bool is_write)
c353e4cc 2228{
acc9d80b 2229 subpage_t *subpage = opaque;
c353e4cc 2230#if defined(DEBUG_SUBPAGE)
016e9d62 2231 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2232 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2233#endif
2234
acc9d80b 2235 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2236 len, is_write);
c353e4cc
PB		 2237}
2238
70c68e44 2239static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2240 .read_with_attrs = subpage_read,
2241 .write_with_attrs = subpage_write,
ff6cff75
PB		 2242 .impl.min_access_size = 1,
2243 .impl.max_access_size = 8,
2244 .valid.min_access_size = 1,
2245 .valid.max_access_size = 8,
c353e4cc 2246 .valid.accepts = subpage_accepts,
70c68e44 2247 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2248};
2249
c227f099 2250static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2251 uint16_t section)
db7b5426
BS		 2252{
2253 int idx, eidx;
2254
2255 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2256 return -1;
2257 idx = SUBPAGE_IDX(start);
2258 eidx = SUBPAGE_IDX(end);
2259#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2260 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2261 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2262#endif
db7b5426 2263 for (; idx <= eidx; idx++) {
5312bd8b 2264 mmio->sub_section[idx] = section;
db7b5426
BS		 2265 }
2266
2267 return 0;
2268}
2269
acc9d80b 2270static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2271{
c227f099 2272 subpage_t *mmio;
db7b5426 2273
2615fabd 2274 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
acc9d80b 2275 mmio->as = as;
1eec614b 2276 mmio->base = base;
2c9b15ca 2277 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2278 NULL, TARGET_PAGE_SIZE);
b3b00c78 2279 mmio->iomem.subpage = true;
db7b5426 2280#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2281 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2282 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2283#endif
b41aac4f 2284 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2285
2286 return mmio;
2287}
2288
a656e22f
PC		 2289static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2290 MemoryRegion *mr)
5312bd8b 2291{
a656e22f 2292 assert(as);
5312bd8b 2293 MemoryRegionSection section = {
a656e22f 2294 .address_space = as,
5312bd8b
AK		 2295 .mr = mr,
2296 .offset_within_address_space = 0,
2297 .offset_within_region = 0,
052e87b0 2298 .size = int128_2_64(),
5312bd8b
AK		 2299 };
2300
53cb28cb 2301 return phys_section_add(map, &section);
5312bd8b
AK		 2302}
2303
a54c87b6 2304MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2305{
a54c87b6
PM		 2306 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2307 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2308 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2309 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2310
2311 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2312}
2313
e9179ce1
AK		 2314static void io_mem_init(void)
2315{
1f6245e5 2316 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2317 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2318 NULL, UINT64_MAX);
2c9b15ca 2319 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2320 NULL, UINT64_MAX);
2c9b15ca 2321 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2322 NULL, UINT64_MAX);
e9179ce1
AK		 2323}
2324
ac1970fb 2325static void mem_begin(MemoryListener *listener)
00752703
PB		 2326{
2327 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2328 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2329 uint16_t n;
2330
a656e22f 2331 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2332 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2333 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2334 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2335 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2336 assert(n == PHYS_SECTION_ROM);
a656e22f 2337 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2338 assert(n == PHYS_SECTION_WATCH);
00752703 2339
9736e55b 2340 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2341 d->as = as;
2342 as->next_dispatch = d;
2343}
2344
79e2b9ae
PB		 2345static void address_space_dispatch_free(AddressSpaceDispatch *d)
2346{
2347 phys_sections_free(&d->map);
2348 g_free(d);
2349}
2350
00752703 2351static void mem_commit(MemoryListener *listener)
ac1970fb 2352{
89ae337a 2353 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2354 AddressSpaceDispatch *cur = as->dispatch;
2355 AddressSpaceDispatch *next = as->next_dispatch;
2356
53cb28cb 2357 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2358
79e2b9ae 2359 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2360 if (cur) {
79e2b9ae 2361 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2362 }
9affd6fc
PB		 2363}
2364
1d71148e 2365static void tcg_commit(MemoryListener *listener)
50c1e149 2366{
32857f4d
PM		 2367 CPUAddressSpace *cpuas;
2368 AddressSpaceDispatch *d;
117712c3
AK		 2369
2370 /* since each CPU stores ram addresses in its TLB cache, we must
2371 reset the modified entries */
32857f4d
PM		 2372 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2373 cpu_reloading_memory_map();
2374 /* The CPU and TLB are protected by the iothread lock.
2375 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2376 * may have split the RCU critical section.
2377 */
2378 d = atomic_rcu_read(&cpuas->as->dispatch);
2379 cpuas->memory_dispatch = d;
2380 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2381}
2382
ac1970fb
AK		 2383void address_space_init_dispatch(AddressSpace *as)
2384{
00752703 2385 as->dispatch = NULL;
89ae337a 2386 as->dispatch_listener = (MemoryListener) {
ac1970fb 2387 .begin = mem_begin,
00752703 2388 .commit = mem_commit,
ac1970fb
AK		 2389 .region_add = mem_add,
2390 .region_nop = mem_add,
2391 .priority = 0,
2392 };
89ae337a 2393 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2394}
2395
6e48e8f9
PB		 2396void address_space_unregister(AddressSpace *as)
2397{
2398 memory_listener_unregister(&as->dispatch_listener);
2399}
2400
83f3c251
AK		 2401void address_space_destroy_dispatch(AddressSpace *as)
2402{
2403 AddressSpaceDispatch *d = as->dispatch;
2404
79e2b9ae
PB		 2405 atomic_rcu_set(&as->dispatch, NULL);
2406 if (d) {
2407 call_rcu(d, address_space_dispatch_free, rcu);
2408 }
83f3c251
AK		 2409}
2410
62152b8a
AK		 2411static void memory_map_init(void)
2412{
7267c094 2413 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2414
57271d63 2415 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2416 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2417
7267c094 2418 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2419 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2420 65536);
7dca8043 2421 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2422}
2423
2424MemoryRegion *get_system_memory(void)
2425{
2426 return system_memory;
2427}
2428
309cb471
AK		 2429MemoryRegion *get_system_io(void)
2430{
2431 return system_io;
2432}
2433
e2eef170
PB		 2434#endif /* !defined(CONFIG_USER_ONLY) */
2435
13eb76e0
FB		 2436/* physical memory access (slow version, mainly for debug) */
2437#if defined(CONFIG_USER_ONLY)
f17ec444 2438int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2439 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2440{
2441 int l, flags;
2442 target_ulong page;
53a5960a 2443 void * p;
13eb76e0
FB		 2444
2445 while (len > 0) {
2446 page = addr & TARGET_PAGE_MASK;
2447 l = (page + TARGET_PAGE_SIZE) - addr;
2448 if (l > len)
2449 l = len;
2450 flags = page_get_flags(page);
2451 if (!(flags & PAGE_VALID))
a68fe89c 2452 return -1;
13eb76e0
FB		 2453 if (is_write) {
2454 if (!(flags & PAGE_WRITE))
a68fe89c 2455 return -1;
579a97f7 2456 /* XXX: this code should not depend on lock_user */
72fb7daa 2457 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2458 return -1;
72fb7daa
AJ		 2459 memcpy(p, buf, l);
2460 unlock_user(p, addr, l);
13eb76e0
FB		 2461 } else {
2462 if (!(flags & PAGE_READ))
a68fe89c 2463 return -1;
579a97f7 2464 /* XXX: this code should not depend on lock_user */
72fb7daa 2465 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2466 return -1;
72fb7daa 2467 memcpy(buf, p, l);
5b257578 2468 unlock_user(p, addr, 0);
13eb76e0
FB		 2469 }
2470 len -= l;
2471 buf += l;
2472 addr += l;
2473 }
a68fe89c 2474 return 0;
13eb76e0 2475}
8df1cd07 2476
13eb76e0 2477#else
51d7a9eb 2478
845b6214 2479static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2480 hwaddr length)
51d7a9eb 2481{
e87f7778 2482 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2483 addr += memory_region_get_ram_addr(mr);
2484
e87f7778
PB		 2485 /* No early return if dirty_log_mask is or becomes 0, because
2486 * cpu_physical_memory_set_dirty_range will still call
2487 * xen_modified_memory.
2488 */
2489 if (dirty_log_mask) {
2490 dirty_log_mask =
2491 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2492 }
2493 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
ba051fb5 2494 tb_lock();
e87f7778 2495 tb_invalidate_phys_range(addr, addr + length);
ba051fb5 2496 tb_unlock();
e87f7778 2497 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2498 }
e87f7778 2499 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2500}
2501
23326164 2502static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2503{
e1622f4b 2504 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2505
2506 /* Regions are assumed to support 1-4 byte accesses unless
2507 otherwise specified. */
23326164
RH		 2508 if (access_size_max == 0) {
2509 access_size_max = 4;
2510 }
2511
2512 /* Bound the maximum access by the alignment of the address. */
2513 if (!mr->ops->impl.unaligned) {
2514 unsigned align_size_max = addr & -addr;
2515 if (align_size_max != 0 && align_size_max < access_size_max) {
2516 access_size_max = align_size_max;
2517 }
82f2563f 2518 }
23326164
RH		 2519
2520 /* Don't attempt accesses larger than the maximum. */
2521 if (l > access_size_max) {
2522 l = access_size_max;
82f2563f 2523 }
6554f5c0 2524 l = pow2floor(l);
23326164
RH		 2525
2526 return l;
82f2563f
PB		 2527}
2528
4840f10e 2529static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2530{
4840f10e
JK		 2531 bool unlocked = !qemu_mutex_iothread_locked();
2532 bool release_lock = false;
2533
2534 if (unlocked && mr->global_locking) {
2535 qemu_mutex_lock_iothread();
2536 unlocked = false;
2537 release_lock = true;
2538 }
125b3806 2539 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2540 if (unlocked) {
2541 qemu_mutex_lock_iothread();
2542 }
125b3806 2543 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2544 if (unlocked) {
2545 qemu_mutex_unlock_iothread();
2546 }
125b3806 2547 }
4840f10e
JK		 2548
2549 return release_lock;
125b3806
PB		 2550}
2551
a203ac70
PB		 2552/* Called within RCU critical section. */
2553static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2554 MemTxAttrs attrs,
2555 const uint8_t *buf,
2556 int len, hwaddr addr1,
2557 hwaddr l, MemoryRegion *mr)
13eb76e0 2558{
13eb76e0 2559 uint8_t *ptr;
791af8c8 2560 uint64_t val;
3b643495 2561 MemTxResult result = MEMTX_OK;
4840f10e 2562 bool release_lock = false;
3b46e624 2563
a203ac70 2564 for (;;) {
eb7eeb88
PB		 2565 if (!memory_access_is_direct(mr, true)) {
2566 release_lock |= prepare_mmio_access(mr);
2567 l = memory_access_size(mr, l, addr1);
2568 /* XXX: could force current_cpu to NULL to avoid
2569 potential bugs */
2570 switch (l) {
2571 case 8:
2572 /* 64 bit write access */
2573 val = ldq_p(buf);
2574 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2575 attrs);
2576 break;
2577 case 4:
2578 /* 32 bit write access */
2579 val = ldl_p(buf);
2580 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2581 attrs);
2582 break;
2583 case 2:
2584 /* 16 bit write access */
2585 val = lduw_p(buf);
2586 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2587 attrs);
2588 break;
2589 case 1:
2590 /* 8 bit write access */
2591 val = ldub_p(buf);
2592 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2593 attrs);
2594 break;
2595 default:
2596 abort();
13eb76e0
FB		 2597 }
2598 } else {
eb7eeb88 2599 /* RAM case */
0878d0e1 2600 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2601 memcpy(ptr, buf, l);
2602 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2603 }
4840f10e
JK		 2604
2605 if (release_lock) {
2606 qemu_mutex_unlock_iothread();
2607 release_lock = false;
2608 }
2609
13eb76e0
FB		 2610 len -= l;
2611 buf += l;
2612 addr += l;
a203ac70
PB		 2613
2614 if (!len) {
2615 break;
2616 }
2617
2618 l = len;
2619 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2620 }
fd8aaa76 2621
3b643495 2622 return result;
13eb76e0 2623}
8df1cd07 2624
a203ac70
PB		 2625MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2626 const uint8_t *buf, int len)
ac1970fb 2627{
eb7eeb88 2628 hwaddr l;
eb7eeb88
PB		 2629 hwaddr addr1;
2630 MemoryRegion *mr;
2631 MemTxResult result = MEMTX_OK;
eb7eeb88 2632
a203ac70
PB		 2633 if (len > 0) {
2634 rcu_read_lock();
eb7eeb88 2635 l = len;
a203ac70
PB		 2636 mr = address_space_translate(as, addr, &addr1, &l, true);
2637 result = address_space_write_continue(as, addr, attrs, buf, len,
2638 addr1, l, mr);
2639 rcu_read_unlock();
2640 }
2641
2642 return result;
2643}
2644
2645/* Called within RCU critical section. */
2646MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2647 MemTxAttrs attrs, uint8_t *buf,
2648 int len, hwaddr addr1, hwaddr l,
2649 MemoryRegion *mr)
2650{
2651 uint8_t *ptr;
2652 uint64_t val;
2653 MemTxResult result = MEMTX_OK;
2654 bool release_lock = false;
eb7eeb88 2655
a203ac70 2656 for (;;) {
eb7eeb88
PB		 2657 if (!memory_access_is_direct(mr, false)) {
2658 /* I/O case */
2659 release_lock |= prepare_mmio_access(mr);
2660 l = memory_access_size(mr, l, addr1);
2661 switch (l) {
2662 case 8:
2663 /* 64 bit read access */
2664 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2665 attrs);
2666 stq_p(buf, val);
2667 break;
2668 case 4:
2669 /* 32 bit read access */
2670 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2671 attrs);
2672 stl_p(buf, val);
2673 break;
2674 case 2:
2675 /* 16 bit read access */
2676 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2677 attrs);
2678 stw_p(buf, val);
2679 break;
2680 case 1:
2681 /* 8 bit read access */
2682 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2683 attrs);
2684 stb_p(buf, val);
2685 break;
2686 default:
2687 abort();
2688 }
2689 } else {
2690 /* RAM case */
0878d0e1 2691 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2692 memcpy(buf, ptr, l);
2693 }
2694
2695 if (release_lock) {
2696 qemu_mutex_unlock_iothread();
2697 release_lock = false;
2698 }
2699
2700 len -= l;
2701 buf += l;
2702 addr += l;
a203ac70
PB		 2703
2704 if (!len) {
2705 break;
2706 }
2707
2708 l = len;
2709 mr = address_space_translate(as, addr, &addr1, &l, false);
2710 }
2711
2712 return result;
2713}
2714
3cc8f884
PB		 2715MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2716 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2717{
2718 hwaddr l;
2719 hwaddr addr1;
2720 MemoryRegion *mr;
2721 MemTxResult result = MEMTX_OK;
2722
2723 if (len > 0) {
2724 rcu_read_lock();
2725 l = len;
2726 mr = address_space_translate(as, addr, &addr1, &l, false);
2727 result = address_space_read_continue(as, addr, attrs, buf, len,
2728 addr1, l, mr);
2729 rcu_read_unlock();
eb7eeb88 2730 }
eb7eeb88
PB		 2731
2732 return result;
ac1970fb
AK		 2733}
2734
eb7eeb88
PB		 2735MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2736 uint8_t *buf, int len, bool is_write)
2737{
2738 if (is_write) {
2739 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2740 } else {
2741 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2742 }
2743}
ac1970fb 2744
a8170e5e 2745void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2746 int len, int is_write)
2747{
5c9eb028
PM		 2748 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2749 buf, len, is_write);
ac1970fb
AK		 2750}
2751
582b55a9
AG		 2752enum write_rom_type {
2753 WRITE_DATA,
2754 FLUSH_CACHE,
2755};
2756
2a221651 2757static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2758 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2759{
149f54b5 2760 hwaddr l;
d0ecd2aa 2761 uint8_t *ptr;
149f54b5 2762 hwaddr addr1;
5c8a00ce 2763 MemoryRegion *mr;
3b46e624 2764
41063e1e 2765 rcu_read_lock();
d0ecd2aa 2766 while (len > 0) {
149f54b5 2767 l = len;
2a221651 2768 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2769
5c8a00ce
PB		 2770 if (!(memory_region_is_ram(mr) ||
2771 memory_region_is_romd(mr))) {
b242e0e0 2772 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2773 } else {
d0ecd2aa 2774 /* ROM/RAM case */
0878d0e1 2775 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2776 switch (type) {
2777 case WRITE_DATA:
2778 memcpy(ptr, buf, l);
845b6214 2779 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2780 break;
2781 case FLUSH_CACHE:
2782 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2783 break;
2784 }
d0ecd2aa
FB		 2785 }
2786 len -= l;
2787 buf += l;
2788 addr += l;
2789 }
41063e1e 2790 rcu_read_unlock();
d0ecd2aa
FB		 2791}
2792
582b55a9 2793/* used for ROM loading : can write in RAM and ROM */
2a221651 2794void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2795 const uint8_t *buf, int len)
2796{
2a221651 2797 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2798}
2799
2800void cpu_flush_icache_range(hwaddr start, int len)
2801{
2802 /*
2803 * This function should do the same thing as an icache flush that was
2804 * triggered from within the guest. For TCG we are always cache coherent,
2805 * so there is no need to flush anything. For KVM / Xen we need to flush
2806 * the host's instruction cache at least.
2807 */
2808 if (tcg_enabled()) {
2809 return;
2810 }
2811
2a221651
EI		 2812 cpu_physical_memory_write_rom_internal(&address_space_memory,
2813 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2814}
2815
6d16c2f8 2816typedef struct {
d3e71559 2817 MemoryRegion *mr;
6d16c2f8 2818 void *buffer;
a8170e5e
AK		 2819 hwaddr addr;
2820 hwaddr len;
c2cba0ff 2821 bool in_use;
6d16c2f8
AL		 2822} BounceBuffer;
2823
2824static BounceBuffer bounce;
2825
ba223c29 2826typedef struct MapClient {
e95205e1 2827 QEMUBH *bh;
72cf2d4f 2828 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2829} MapClient;
2830
38e047b5 2831QemuMutex map_client_list_lock;
72cf2d4f
BS		 2832static QLIST_HEAD(map_client_list, MapClient) map_client_list
2833 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2834
e95205e1
FZ		 2835static void cpu_unregister_map_client_do(MapClient *client)
2836{
2837 QLIST_REMOVE(client, link);
2838 g_free(client);
2839}
2840
33b6c2ed
FZ		 2841static void cpu_notify_map_clients_locked(void)
2842{
2843 MapClient *client;
2844
2845 while (!QLIST_EMPTY(&map_client_list)) {
2846 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2847 qemu_bh_schedule(client->bh);
2848 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2849 }
2850}
2851
e95205e1 2852void cpu_register_map_client(QEMUBH *bh)
ba223c29 2853{
7267c094 2854 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2855
38e047b5 2856 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2857 client->bh = bh;
72cf2d4f 2858 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2859 if (!atomic_read(&bounce.in_use)) {
2860 cpu_notify_map_clients_locked();
2861 }
38e047b5 2862 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2863}
2864
38e047b5 2865void cpu_exec_init_all(void)
ba223c29 2866{
38e047b5 2867 qemu_mutex_init(&ram_list.mutex);
20bccb82
PM		 2868 /* The data structures we set up here depend on knowing the page size,
2869 * so no more changes can be made after this point.
2870 * In an ideal world, nothing we did before we had finished the
2871 * machine setup would care about the target page size, and we could
2872 * do this much later, rather than requiring board models to state
2873 * up front what their requirements are.
2874 */
2875 finalize_target_page_bits();
38e047b5 2876 io_mem_init();
680a4783 2877 memory_map_init();
38e047b5 2878 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2879}
2880
e95205e1 2881void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2882{
2883 MapClient *client;
2884
e95205e1
FZ		 2885 qemu_mutex_lock(&map_client_list_lock);
2886 QLIST_FOREACH(client, &map_client_list, link) {
2887 if (client->bh == bh) {
2888 cpu_unregister_map_client_do(client);
2889 break;
2890 }
ba223c29 2891 }
e95205e1 2892 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2893}
2894
2895static void cpu_notify_map_clients(void)
2896{
38e047b5 2897 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2898 cpu_notify_map_clients_locked();
38e047b5 2899 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2900}
2901
51644ab7
PB		 2902bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2903{
5c8a00ce 2904 MemoryRegion *mr;
51644ab7
PB		 2905 hwaddr l, xlat;
2906
41063e1e 2907 rcu_read_lock();
51644ab7
PB		 2908 while (len > 0) {
2909 l = len;
5c8a00ce
PB		 2910 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2911 if (!memory_access_is_direct(mr, is_write)) {
2912 l = memory_access_size(mr, l, addr);
2913 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2914 return false;
2915 }
2916 }
2917
2918 len -= l;
2919 addr += l;
2920 }
41063e1e 2921 rcu_read_unlock();
51644ab7
PB		 2922 return true;
2923}
2924
6d16c2f8
AL		 2925/* Map a physical memory region into a host virtual address.
2926 * May map a subset of the requested range, given by and returned in *plen.
2927 * May return NULL if resources needed to perform the mapping are exhausted.
2928 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2929 * Use cpu_register_map_client() to know when retrying the map operation is
2930 * likely to succeed.
6d16c2f8 2931 */
ac1970fb 2932void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2933 hwaddr addr,
2934 hwaddr *plen,
ac1970fb 2935 bool is_write)
6d16c2f8 2936{
a8170e5e 2937 hwaddr len = *plen;
e3127ae0
PB		 2938 hwaddr done = 0;
2939 hwaddr l, xlat, base;
2940 MemoryRegion *mr, *this_mr;
e81bcda5 2941 void *ptr;
6d16c2f8 2942
e3127ae0
PB		 2943 if (len == 0) {
2944 return NULL;
2945 }
38bee5dc 2946
e3127ae0 2947 l = len;
41063e1e 2948 rcu_read_lock();
e3127ae0 2949 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2950
e3127ae0 2951 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2952 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2953 rcu_read_unlock();
e3127ae0 2954 return NULL;
6d16c2f8 2955 }
e85d9db5
KW		 2956 /* Avoid unbounded allocations */
2957 l = MIN(l, TARGET_PAGE_SIZE);
2958 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2959 bounce.addr = addr;
2960 bounce.len = l;
d3e71559
PB		 2961
2962 memory_region_ref(mr);
2963 bounce.mr = mr;
e3127ae0 2964 if (!is_write) {
5c9eb028
PM		 2965 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2966 bounce.buffer, l);
8ab934f9 2967 }
6d16c2f8 2968
41063e1e 2969 rcu_read_unlock();
e3127ae0
PB		 2970 *plen = l;
2971 return bounce.buffer;
2972 }
2973
2974 base = xlat;
e3127ae0
PB		 2975
2976 for (;;) {
6d16c2f8
AL		 2977 len -= l;
2978 addr += l;
e3127ae0
PB		 2979 done += l;
2980 if (len == 0) {
2981 break;
2982 }
2983
2984 l = len;
2985 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2986 if (this_mr != mr || xlat != base + done) {
2987 break;
2988 }
6d16c2f8 2989 }
e3127ae0 2990
d3e71559 2991 memory_region_ref(mr);
e3127ae0 2992 *plen = done;
0878d0e1 2993 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2994 rcu_read_unlock();
2995
2996 return ptr;
6d16c2f8
AL		 2997}
2998
ac1970fb 2999/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3000 * Will also mark the memory as dirty if is_write == 1. access_len gives
3001 * the amount of memory that was actually read or written by the caller.
3002 */
a8170e5e
AK		 3003void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3004 int is_write, hwaddr access_len)
6d16c2f8
AL		 3005{
3006 if (buffer != bounce.buffer) {
d3e71559
PB		 3007 MemoryRegion *mr;
3008 ram_addr_t addr1;
3009
07bdaa41 3010 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3011 assert(mr != NULL);
6d16c2f8 3012 if (is_write) {
845b6214 3013 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3014 }
868bb33f 3015 if (xen_enabled()) {
e41d7c69 3016 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3017 }
d3e71559 3018 memory_region_unref(mr);
6d16c2f8
AL		 3019 return;
3020 }
3021 if (is_write) {
5c9eb028
PM		 3022 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3023 bounce.buffer, access_len);
6d16c2f8 3024 }
f8a83245 3025 qemu_vfree(bounce.buffer);
6d16c2f8 3026 bounce.buffer = NULL;
d3e71559 3027 memory_region_unref(bounce.mr);
c2cba0ff 3028 atomic_mb_set(&bounce.in_use, false);
ba223c29 3029 cpu_notify_map_clients();
6d16c2f8 3030}
d0ecd2aa 3031
a8170e5e
AK		 3032void *cpu_physical_memory_map(hwaddr addr,
3033 hwaddr *plen,
ac1970fb
AK		 3034 int is_write)
3035{
3036 return address_space_map(&address_space_memory, addr, plen, is_write);
3037}
3038
a8170e5e
AK		 3039void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3040 int is_write, hwaddr access_len)
ac1970fb
AK		 3041{
3042 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3043}
3044
8df1cd07 3045/* warning: addr must be aligned */
50013115
PM		 3046static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3047 MemTxAttrs attrs,
3048 MemTxResult *result,
3049 enum device_endian endian)
8df1cd07 3050{
8df1cd07 3051 uint8_t *ptr;
791af8c8 3052 uint64_t val;
5c8a00ce 3053 MemoryRegion *mr;
149f54b5
PB		 3054 hwaddr l = 4;
3055 hwaddr addr1;
50013115 3056 MemTxResult r;
4840f10e 3057 bool release_lock = false;
8df1cd07 3058
41063e1e 3059 rcu_read_lock();
fdfba1a2 3060 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3061 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3062 release_lock |= prepare_mmio_access(mr);
125b3806 3063
8df1cd07 3064 /* I/O case */
50013115 3065 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3066#if defined(TARGET_WORDS_BIGENDIAN)
3067 if (endian == DEVICE_LITTLE_ENDIAN) {
3068 val = bswap32(val);
3069 }
3070#else
3071 if (endian == DEVICE_BIG_ENDIAN) {
3072 val = bswap32(val);
3073 }
3074#endif
8df1cd07
FB		 3075 } else {
3076 /* RAM case */
0878d0e1 3077 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3078 switch (endian) {
3079 case DEVICE_LITTLE_ENDIAN:
3080 val = ldl_le_p(ptr);
3081 break;
3082 case DEVICE_BIG_ENDIAN:
3083 val = ldl_be_p(ptr);
3084 break;
3085 default:
3086 val = ldl_p(ptr);
3087 break;
3088 }
50013115
PM		 3089 r = MEMTX_OK;
3090 }
3091 if (result) {
3092 *result = r;
8df1cd07 3093 }
4840f10e
JK		 3094 if (release_lock) {
3095 qemu_mutex_unlock_iothread();
3096 }
41063e1e 3097 rcu_read_unlock();
8df1cd07
FB		 3098 return val;
3099}
3100
50013115
PM		 3101uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3102 MemTxAttrs attrs, MemTxResult *result)
3103{
3104 return address_space_ldl_internal(as, addr, attrs, result,
3105 DEVICE_NATIVE_ENDIAN);
3106}
3107
3108uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3109 MemTxAttrs attrs, MemTxResult *result)
3110{
3111 return address_space_ldl_internal(as, addr, attrs, result,
3112 DEVICE_LITTLE_ENDIAN);
3113}
3114
3115uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3116 MemTxAttrs attrs, MemTxResult *result)
3117{
3118 return address_space_ldl_internal(as, addr, attrs, result,
3119 DEVICE_BIG_ENDIAN);
3120}
3121
fdfba1a2 3122uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3123{
50013115 3124 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3125}
3126
fdfba1a2 3127uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3128{
50013115 3129 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3130}
3131
fdfba1a2 3132uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3133{
50013115 3134 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3135}
3136
84b7b8e7 3137/* warning: addr must be aligned */
50013115
PM		 3138static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3139 MemTxAttrs attrs,
3140 MemTxResult *result,
3141 enum device_endian endian)
84b7b8e7 3142{
84b7b8e7
FB		 3143 uint8_t *ptr;
3144 uint64_t val;
5c8a00ce 3145 MemoryRegion *mr;
149f54b5
PB		 3146 hwaddr l = 8;
3147 hwaddr addr1;
50013115 3148 MemTxResult r;
4840f10e 3149 bool release_lock = false;
84b7b8e7 3150
41063e1e 3151 rcu_read_lock();
2c17449b 3152 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3153 false);
3154 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3155 release_lock |= prepare_mmio_access(mr);
125b3806 3156
84b7b8e7 3157 /* I/O case */
50013115 3158 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3159#if defined(TARGET_WORDS_BIGENDIAN)
3160 if (endian == DEVICE_LITTLE_ENDIAN) {
3161 val = bswap64(val);
3162 }
3163#else
3164 if (endian == DEVICE_BIG_ENDIAN) {
3165 val = bswap64(val);
3166 }
84b7b8e7
FB		 3167#endif
3168 } else {
3169 /* RAM case */
0878d0e1 3170 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3171 switch (endian) {
3172 case DEVICE_LITTLE_ENDIAN:
3173 val = ldq_le_p(ptr);
3174 break;
3175 case DEVICE_BIG_ENDIAN:
3176 val = ldq_be_p(ptr);
3177 break;
3178 default:
3179 val = ldq_p(ptr);
3180 break;
3181 }
50013115
PM		 3182 r = MEMTX_OK;
3183 }
3184 if (result) {
3185 *result = r;
84b7b8e7 3186 }
4840f10e
JK		 3187 if (release_lock) {
3188 qemu_mutex_unlock_iothread();
3189 }
41063e1e 3190 rcu_read_unlock();
84b7b8e7
FB		 3191 return val;
3192}
3193
50013115
PM		 3194uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3195 MemTxAttrs attrs, MemTxResult *result)
3196{
3197 return address_space_ldq_internal(as, addr, attrs, result,
3198 DEVICE_NATIVE_ENDIAN);
3199}
3200
3201uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3202 MemTxAttrs attrs, MemTxResult *result)
3203{
3204 return address_space_ldq_internal(as, addr, attrs, result,
3205 DEVICE_LITTLE_ENDIAN);
3206}
3207
3208uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3209 MemTxAttrs attrs, MemTxResult *result)
3210{
3211 return address_space_ldq_internal(as, addr, attrs, result,
3212 DEVICE_BIG_ENDIAN);
3213}
3214
2c17449b 3215uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3216{
50013115 3217 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3218}
3219
2c17449b 3220uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3221{
50013115 3222 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3223}
3224
2c17449b 3225uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3226{
50013115 3227 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3228}
3229
aab33094 3230/* XXX: optimize */
50013115
PM		 3231uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3232 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3233{
3234 uint8_t val;
50013115
PM		 3235 MemTxResult r;
3236
3237 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3238 if (result) {
3239 *result = r;
3240 }
aab33094
FB		 3241 return val;
3242}
3243
50013115
PM		 3244uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3245{
3246 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3247}
3248
733f0b02 3249/* warning: addr must be aligned */
50013115
PM		 3250static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3251 hwaddr addr,
3252 MemTxAttrs attrs,
3253 MemTxResult *result,
3254 enum device_endian endian)
aab33094 3255{
733f0b02
MT		 3256 uint8_t *ptr;
3257 uint64_t val;
5c8a00ce 3258 MemoryRegion *mr;
149f54b5
PB		 3259 hwaddr l = 2;
3260 hwaddr addr1;
50013115 3261 MemTxResult r;
4840f10e 3262 bool release_lock = false;
733f0b02 3263
41063e1e 3264 rcu_read_lock();
41701aa4 3265 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3266 false);
3267 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3268 release_lock |= prepare_mmio_access(mr);
125b3806 3269
733f0b02 3270 /* I/O case */
50013115 3271 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3272#if defined(TARGET_WORDS_BIGENDIAN)
3273 if (endian == DEVICE_LITTLE_ENDIAN) {
3274 val = bswap16(val);
3275 }
3276#else
3277 if (endian == DEVICE_BIG_ENDIAN) {
3278 val = bswap16(val);
3279 }
3280#endif
733f0b02
MT		 3281 } else {
3282 /* RAM case */
0878d0e1 3283 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3284 switch (endian) {
3285 case DEVICE_LITTLE_ENDIAN:
3286 val = lduw_le_p(ptr);
3287 break;
3288 case DEVICE_BIG_ENDIAN:
3289 val = lduw_be_p(ptr);
3290 break;
3291 default:
3292 val = lduw_p(ptr);
3293 break;
3294 }
50013115
PM		 3295 r = MEMTX_OK;
3296 }
3297 if (result) {
3298 *result = r;
733f0b02 3299 }
4840f10e
JK		 3300 if (release_lock) {
3301 qemu_mutex_unlock_iothread();
3302 }
41063e1e 3303 rcu_read_unlock();
733f0b02 3304 return val;
aab33094
FB		 3305}
3306
50013115
PM		 3307uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3308 MemTxAttrs attrs, MemTxResult *result)
3309{
3310 return address_space_lduw_internal(as, addr, attrs, result,
3311 DEVICE_NATIVE_ENDIAN);
3312}
3313
3314uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3315 MemTxAttrs attrs, MemTxResult *result)
3316{
3317 return address_space_lduw_internal(as, addr, attrs, result,
3318 DEVICE_LITTLE_ENDIAN);
3319}
3320
3321uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3322 MemTxAttrs attrs, MemTxResult *result)
3323{
3324 return address_space_lduw_internal(as, addr, attrs, result,
3325 DEVICE_BIG_ENDIAN);
3326}
3327
41701aa4 3328uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3329{
50013115 3330 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3331}
3332
41701aa4 3333uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3334{
50013115 3335 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3336}
3337
41701aa4 3338uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3339{
50013115 3340 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3341}
3342
8df1cd07
FB		 3343/* warning: addr must be aligned. The ram page is not masked as dirty
3344 and the code inside is not invalidated. It is useful if the dirty
3345 bits are used to track modified PTEs */
50013115
PM		 3346void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3347 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3348{
8df1cd07 3349 uint8_t *ptr;
5c8a00ce 3350 MemoryRegion *mr;
149f54b5
PB		 3351 hwaddr l = 4;
3352 hwaddr addr1;
50013115 3353 MemTxResult r;
845b6214 3354 uint8_t dirty_log_mask;
4840f10e 3355 bool release_lock = false;
8df1cd07 3356
41063e1e 3357 rcu_read_lock();
2198a121 3358 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3359 true);
3360 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3361 release_lock |= prepare_mmio_access(mr);
125b3806 3362
50013115 3363 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3364 } else {
0878d0e1 3365 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3366 stl_p(ptr, val);
74576198 3367
845b6214
PB		 3368 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3369 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3370 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3371 4, dirty_log_mask);
50013115
PM		 3372 r = MEMTX_OK;
3373 }
3374 if (result) {
3375 *result = r;
8df1cd07 3376 }
4840f10e
JK		 3377 if (release_lock) {
3378 qemu_mutex_unlock_iothread();
3379 }
41063e1e 3380 rcu_read_unlock();
8df1cd07
FB		 3381}
3382
50013115
PM		 3383void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3384{
3385 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3386}
3387
8df1cd07 3388/* warning: addr must be aligned */
50013115
PM		 3389static inline void address_space_stl_internal(AddressSpace *as,
3390 hwaddr addr, uint32_t val,
3391 MemTxAttrs attrs,
3392 MemTxResult *result,
3393 enum device_endian endian)
8df1cd07 3394{
8df1cd07 3395 uint8_t *ptr;
5c8a00ce 3396 MemoryRegion *mr;
149f54b5
PB		 3397 hwaddr l = 4;
3398 hwaddr addr1;
50013115 3399 MemTxResult r;
4840f10e 3400 bool release_lock = false;
8df1cd07 3401
41063e1e 3402 rcu_read_lock();
ab1da857 3403 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3404 true);
3405 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3406 release_lock |= prepare_mmio_access(mr);
125b3806 3407
1e78bcc1
AG		 3408#if defined(TARGET_WORDS_BIGENDIAN)
3409 if (endian == DEVICE_LITTLE_ENDIAN) {
3410 val = bswap32(val);
3411 }
3412#else
3413 if (endian == DEVICE_BIG_ENDIAN) {
3414 val = bswap32(val);
3415 }
3416#endif
50013115 3417 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3418 } else {
8df1cd07 3419 /* RAM case */
0878d0e1 3420 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3421 switch (endian) {
3422 case DEVICE_LITTLE_ENDIAN:
3423 stl_le_p(ptr, val);
3424 break;
3425 case DEVICE_BIG_ENDIAN:
3426 stl_be_p(ptr, val);
3427 break;
3428 default:
3429 stl_p(ptr, val);
3430 break;
3431 }
845b6214 3432 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3433 r = MEMTX_OK;
3434 }
3435 if (result) {
3436 *result = r;
8df1cd07 3437 }
4840f10e
JK		 3438 if (release_lock) {
3439 qemu_mutex_unlock_iothread();
3440 }
41063e1e 3441 rcu_read_unlock();
8df1cd07
FB		 3442}
3443
50013115
PM		 3444void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3445 MemTxAttrs attrs, MemTxResult *result)
3446{
3447 address_space_stl_internal(as, addr, val, attrs, result,
3448 DEVICE_NATIVE_ENDIAN);
3449}
3450
3451void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3452 MemTxAttrs attrs, MemTxResult *result)
3453{
3454 address_space_stl_internal(as, addr, val, attrs, result,
3455 DEVICE_LITTLE_ENDIAN);
3456}
3457
3458void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3459 MemTxAttrs attrs, MemTxResult *result)
3460{
3461 address_space_stl_internal(as, addr, val, attrs, result,
3462 DEVICE_BIG_ENDIAN);
3463}
3464
ab1da857 3465void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3466{
50013115 3467 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3468}
3469
ab1da857 3470void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3471{
50013115 3472 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3473}
3474
ab1da857 3475void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3476{
50013115 3477 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3478}
3479
aab33094 3480/* XXX: optimize */
50013115
PM		 3481void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3482 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3483{
3484 uint8_t v = val;
50013115
PM		 3485 MemTxResult r;
3486
3487 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3488 if (result) {
3489 *result = r;
3490 }
3491}
3492
3493void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3494{
3495 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3496}
3497
733f0b02 3498/* warning: addr must be aligned */
50013115
PM		 3499static inline void address_space_stw_internal(AddressSpace *as,
3500 hwaddr addr, uint32_t val,
3501 MemTxAttrs attrs,
3502 MemTxResult *result,
3503 enum device_endian endian)
aab33094 3504{
733f0b02 3505 uint8_t *ptr;
5c8a00ce 3506 MemoryRegion *mr;
149f54b5
PB		 3507 hwaddr l = 2;
3508 hwaddr addr1;
50013115 3509 MemTxResult r;
4840f10e 3510 bool release_lock = false;
733f0b02 3511
41063e1e 3512 rcu_read_lock();
5ce5944d 3513 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3514 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3515 release_lock |= prepare_mmio_access(mr);
125b3806 3516
1e78bcc1
AG		 3517#if defined(TARGET_WORDS_BIGENDIAN)
3518 if (endian == DEVICE_LITTLE_ENDIAN) {
3519 val = bswap16(val);
3520 }
3521#else
3522 if (endian == DEVICE_BIG_ENDIAN) {
3523 val = bswap16(val);
3524 }
3525#endif
50013115 3526 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3527 } else {
733f0b02 3528 /* RAM case */
0878d0e1 3529 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3530 switch (endian) {
3531 case DEVICE_LITTLE_ENDIAN:
3532 stw_le_p(ptr, val);
3533 break;
3534 case DEVICE_BIG_ENDIAN:
3535 stw_be_p(ptr, val);
3536 break;
3537 default:
3538 stw_p(ptr, val);
3539 break;
3540 }
845b6214 3541 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3542 r = MEMTX_OK;
3543 }
3544 if (result) {
3545 *result = r;
733f0b02 3546 }
4840f10e
JK		 3547 if (release_lock) {
3548 qemu_mutex_unlock_iothread();
3549 }
41063e1e 3550 rcu_read_unlock();
aab33094
FB		 3551}
3552
50013115
PM		 3553void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3554 MemTxAttrs attrs, MemTxResult *result)
3555{
3556 address_space_stw_internal(as, addr, val, attrs, result,
3557 DEVICE_NATIVE_ENDIAN);
3558}
3559
3560void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3561 MemTxAttrs attrs, MemTxResult *result)
3562{
3563 address_space_stw_internal(as, addr, val, attrs, result,
3564 DEVICE_LITTLE_ENDIAN);
3565}
3566
3567void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3568 MemTxAttrs attrs, MemTxResult *result)
3569{
3570 address_space_stw_internal(as, addr, val, attrs, result,
3571 DEVICE_BIG_ENDIAN);
3572}
3573
5ce5944d 3574void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3575{
50013115 3576 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3577}
3578
5ce5944d 3579void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3580{
50013115 3581 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3582}
3583
5ce5944d 3584void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3585{
50013115 3586 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3587}
3588
aab33094 3589/* XXX: optimize */
50013115
PM		 3590void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3591 MemTxAttrs attrs, MemTxResult *result)
aab33094 3592{
50013115 3593 MemTxResult r;
aab33094 3594 val = tswap64(val);
50013115
PM		 3595 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3596 if (result) {
3597 *result = r;
3598 }
aab33094
FB		 3599}
3600
50013115
PM		 3601void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3602 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3603{
50013115 3604 MemTxResult r;
1e78bcc1 3605 val = cpu_to_le64(val);
50013115
PM		 3606 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3607 if (result) {
3608 *result = r;
3609 }
3610}
3611void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3612 MemTxAttrs attrs, MemTxResult *result)
3613{
3614 MemTxResult r;
3615 val = cpu_to_be64(val);
3616 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3617 if (result) {
3618 *result = r;
3619 }
3620}
3621
3622void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3623{
3624 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3625}
3626
3627void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3628{
3629 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3630}
3631
f606604f 3632void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3633{
50013115 3634 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3635}
3636
5e2972fd 3637/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3638int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3639 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3640{
3641 int l;
a8170e5e 3642 hwaddr phys_addr;
9b3c35e0 3643 target_ulong page;
13eb76e0
FB		 3644
3645 while (len > 0) {
5232e4c7
PM		 3646 int asidx;
3647 MemTxAttrs attrs;
3648
13eb76e0 3649 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3650 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3651 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3652 /* if no physical page mapped, return an error */
3653 if (phys_addr == -1)
3654 return -1;
3655 l = (page + TARGET_PAGE_SIZE) - addr;
3656 if (l > len)
3657 l = len;
5e2972fd 3658 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3659 if (is_write) {
5232e4c7
PM		 3660 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3661 phys_addr, buf, l);
2e38847b 3662 } else {
5232e4c7
PM		 3663 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3664 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3665 buf, l, 0);
2e38847b 3666 }
13eb76e0
FB		 3667 len -= l;
3668 buf += l;
3669 addr += l;
3670 }
3671 return 0;
3672}
038629a6
DDAG		 3673
3674/*
3675 * Allows code that needs to deal with migration bitmaps etc to still be built
3676 * target independent.
3677 */
3678size_t qemu_target_page_bits(void)
3679{
3680 return TARGET_PAGE_BITS;
3681}
3682
a68fe89c 3683#endif
13eb76e0 3684
8e4a424b
BS		 3685/*
3686 * A helper function for the _utterly broken_ virtio device model to find out if
3687 * it's running on a big endian machine. Don't do this at home kids!
3688 */
98ed8ecf
GK		 3689bool target_words_bigendian(void);
3690bool target_words_bigendian(void)
8e4a424b
BS		 3691{
3692#if defined(TARGET_WORDS_BIGENDIAN)
3693 return true;
3694#else
3695 return false;
3696#endif
3697}
3698
76f35538 3699#ifndef CONFIG_USER_ONLY
a8170e5e 3700bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3701{
5c8a00ce 3702 MemoryRegion*mr;
149f54b5 3703 hwaddr l = 1;
41063e1e 3704 bool res;
76f35538 3705
41063e1e 3706 rcu_read_lock();
5c8a00ce
PB		 3707 mr = address_space_translate(&address_space_memory,
3708 phys_addr, &phys_addr, &l, false);
76f35538 3709
41063e1e
PB		 3710 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3711 rcu_read_unlock();
3712 return res;
76f35538 3713}
bd2fa51f 3714
e3807054 3715int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3716{
3717 RAMBlock *block;
e3807054 3718 int ret = 0;
bd2fa51f 3719
0dc3f44a
MD		 3720 rcu_read_lock();
3721 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3722 ret = func(block->idstr, block->host, block->offset,
3723 block->used_length, opaque);
3724 if (ret) {
3725 break;
3726 }
bd2fa51f 3727 }
0dc3f44a 3728 rcu_read_unlock();
e3807054 3729 return ret;
bd2fa51f 3730}
ec3f8c99 3731#endif
QEMU mirror