]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target-i386: add Skylake-Client cpu model
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
9dfeca7c
BR		 60#include "migration/vmstate.h"
61
b35ba30f 62#include "qemu/range.h"
794e8f30
MT		 63#ifndef _WIN32
64#include "qemu/mmap-alloc.h"
65#endif
b35ba30f 66
db7b5426 67//#define DEBUG_SUBPAGE
1196be37 68
e2eef170 69#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 70/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
71 * are protected by the ramlist lock.
72 */
0d53d9fe 73RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 74
75static MemoryRegion *system_memory;
309cb471 76static MemoryRegion *system_io;
62152b8a 77
f6790af6
AK		 78AddressSpace address_space_io;
79AddressSpace address_space_memory;
2673a5da 80
0844e007 81MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 82static MemoryRegion io_mem_unassigned;
0e0df1e2 83
7bd4f430
PB		 84/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
85#define RAM_PREALLOC (1 << 0)
86
dbcb8981
PB		 87/* RAM is mmap-ed with MAP_SHARED */
88#define RAM_SHARED (1 << 1)
89
62be4e3a
MT		 90/* Only a portion of RAM (used_length) is actually used, and migrated.
91 * This used_length size can change across reboots.
92 */
93#define RAM_RESIZEABLE (1 << 2)
94
e2eef170 95#endif
9fa3e853 96
bdc44640 97struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 98/* current CPU in the current thread. It is only valid inside
99 cpu_exec() */
f240eb6f 100__thread CPUState *current_cpu;
2e70f6ef 101/* 0 = Do not count executed instructions.
bf20dc07 102 1 = Precise instruction counting.
2e70f6ef 103 2 = Adaptive rate instruction counting. */
5708fc66 104int use_icount;
6a00d601 105
e2eef170 106#if !defined(CONFIG_USER_ONLY)
4346ae3e 107
1db8abb1
PB		 108typedef struct PhysPageEntry PhysPageEntry;
109
110struct PhysPageEntry {
9736e55b 111 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 112 uint32_t skip : 6;
9736e55b 113 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 114 uint32_t ptr : 26;
1db8abb1
PB		 115};
116
8b795765
MT		 117#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
118
03f49957 119/* Size of the L2 (and L3, etc) page tables. */
57271d63 120#define ADDR_SPACE_BITS 64
03f49957 121
026736ce 122#define P_L2_BITS 9
03f49957
PB		 123#define P_L2_SIZE (1 << P_L2_BITS)
124
125#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
126
127typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 128
53cb28cb 129typedef struct PhysPageMap {
79e2b9ae
PB		 130 struct rcu_head rcu;
131
53cb28cb
MA		 132 unsigned sections_nb;
133 unsigned sections_nb_alloc;
134 unsigned nodes_nb;
135 unsigned nodes_nb_alloc;
136 Node *nodes;
137 MemoryRegionSection *sections;
138} PhysPageMap;
139
1db8abb1 140struct AddressSpaceDispatch {
79e2b9ae
PB		 141 struct rcu_head rcu;
142
729633c2 143 MemoryRegionSection *mru_section;
1db8abb1
PB		 144 /* This is a multi-level map on the physical address space.
145 * The bottom level has pointers to MemoryRegionSections.
146 */
147 PhysPageEntry phys_map;
53cb28cb 148 PhysPageMap map;
acc9d80b 149 AddressSpace *as;
1db8abb1
PB		 150};
151
90260c6c
JK		 152#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
153typedef struct subpage_t {
154 MemoryRegion iomem;
acc9d80b 155 AddressSpace *as;
90260c6c
JK		 156 hwaddr base;
157 uint16_t sub_section[TARGET_PAGE_SIZE];
158} subpage_t;
159
b41aac4f
LPF		 160#define PHYS_SECTION_UNASSIGNED 0
161#define PHYS_SECTION_NOTDIRTY 1
162#define PHYS_SECTION_ROM 2
163#define PHYS_SECTION_WATCH 3
5312bd8b 164
e2eef170 165static void io_mem_init(void);
62152b8a 166static void memory_map_init(void);
09daed84 167static void tcg_commit(MemoryListener *listener);
e2eef170 168
1ec9b909 169static MemoryRegion io_mem_watch;
32857f4d
PM		 170
171/**
172 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
173 * @cpu: the CPU whose AddressSpace this is
174 * @as: the AddressSpace itself
175 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
176 * @tcg_as_listener: listener for tracking changes to the AddressSpace
177 */
178struct CPUAddressSpace {
179 CPUState *cpu;
180 AddressSpace *as;
181 struct AddressSpaceDispatch *memory_dispatch;
182 MemoryListener tcg_as_listener;
183};
184
6658ffb8 185#endif
fd6ce8f6 186
6d9a1304 187#if !defined(CONFIG_USER_ONLY)
d6f2ea22 188
53cb28cb 189static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 190{
53cb28cb
MA		 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 195 }
f7bf5461
AK		 196}
197
db94604b 198static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 199{
200 unsigned i;
8b795765 201 uint32_t ret;
db94604b
PB		 202 PhysPageEntry e;
203 PhysPageEntry *p;
f7bf5461 204
53cb28cb 205 ret = map->nodes_nb++;
db94604b 206 p = map->nodes[ret];
f7bf5461 207 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 208 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 209
210 e.skip = leaf ? 0 : 1;
211 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 212 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 213 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 214 }
f7bf5461 215 return ret;
d6f2ea22
AK		 216}
217
53cb28cb
MA		 218static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
219 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 220 int level)
f7bf5461
AK		 221{
222 PhysPageEntry *p;
03f49957 223 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 224
9736e55b 225 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 226 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 227 }
db94604b 228 p = map->nodes[lp->ptr];
03f49957 229 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 230
03f49957 231 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 232 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 233 lp->skip = 0;
c19e8800 234 lp->ptr = leaf;
07f07b31
AK		 235 *index += step;
236 *nb -= step;
2999097b 237 } else {
53cb28cb 238 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 239 }
240 ++lp;
f7bf5461
AK		 241 }
242}
243
ac1970fb 244static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 245 hwaddr index, hwaddr nb,
2999097b 246 uint16_t leaf)
f7bf5461 247{
2999097b 248 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 249 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 250
53cb28cb 251 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 252}
253
b35ba30f
MT		 254/* Compact a non leaf page entry. Simply detect that the entry has a single child,
255 * and update our entry so we can skip it and go directly to the destination.
256 */
257static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
258{
259 unsigned valid_ptr = P_L2_SIZE;
260 int valid = 0;
261 PhysPageEntry *p;
262 int i;
263
264 if (lp->ptr == PHYS_MAP_NODE_NIL) {
265 return;
266 }
267
268 p = nodes[lp->ptr];
269 for (i = 0; i < P_L2_SIZE; i++) {
270 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
271 continue;
272 }
273
274 valid_ptr = i;
275 valid++;
276 if (p[i].skip) {
277 phys_page_compact(&p[i], nodes, compacted);
278 }
279 }
280
281 /* We can only compress if there's only one child. */
282 if (valid != 1) {
283 return;
284 }
285
286 assert(valid_ptr < P_L2_SIZE);
287
288 /* Don't compress if it won't fit in the # of bits we have. */
289 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
290 return;
291 }
292
293 lp->ptr = p[valid_ptr].ptr;
294 if (!p[valid_ptr].skip) {
295 /* If our only child is a leaf, make this a leaf. */
296 /* By design, we should have made this node a leaf to begin with so we
297 * should never reach here.
298 * But since it's so simple to handle this, let's do it just in case we
299 * change this rule.
300 */
301 lp->skip = 0;
302 } else {
303 lp->skip += p[valid_ptr].skip;
304 }
305}
306
307static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
308{
309 DECLARE_BITMAP(compacted, nodes_nb);
310
311 if (d->phys_map.skip) {
53cb28cb 312 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 313 }
314}
315
29cb533d
FZ		 316static inline bool section_covers_addr(const MemoryRegionSection *section,
317 hwaddr addr)
318{
319 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
320 * the section must cover the entire address space.
321 */
322 return section->size.hi ||
323 range_covers_byte(section->offset_within_address_space,
324 section->size.lo, addr);
325}
326
97115a8d 327static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 328 Node *nodes, MemoryRegionSection *sections)
92e873b9 329{
31ab2b4a 330 PhysPageEntry *p;
97115a8d 331 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 332 int i;
f1f6e3b8 333
9736e55b 334 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 335 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 336 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 337 }
9affd6fc 338 p = nodes[lp.ptr];
03f49957 339 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 340 }
b35ba30f 341
29cb533d 342 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 343 return &sections[lp.ptr];
344 } else {
345 return &sections[PHYS_SECTION_UNASSIGNED];
346 }
f3705d53
AK		 347}
348
e5548617
BS		 349bool memory_region_is_unassigned(MemoryRegion *mr)
350{
2a8e7499 351 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 352 && mr != &io_mem_watch;
fd6ce8f6 353}
149f54b5 354
79e2b9ae 355/* Called from RCU critical section */
c7086b4a 356static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 357 hwaddr addr,
358 bool resolve_subpage)
9f029603 359{
729633c2 360 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 361 subpage_t *subpage;
729633c2 362 bool update;
90260c6c 363
729633c2
FZ		 364 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
365 section_covers_addr(section, addr)) {
366 update = false;
367 } else {
368 section = phys_page_find(d->phys_map, addr, d->map.nodes,
369 d->map.sections);
370 update = true;
371 }
90260c6c
JK		 372 if (resolve_subpage && section->mr->subpage) {
373 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 374 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 375 }
729633c2
FZ		 376 if (update) {
377 atomic_set(&d->mru_section, section);
378 }
90260c6c 379 return section;
9f029603
JK		 380}
381
79e2b9ae 382/* Called from RCU critical section */
90260c6c 383static MemoryRegionSection *
c7086b4a 384address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 385 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 386{
387 MemoryRegionSection *section;
965eb2fc 388 MemoryRegion *mr;
a87f3954 389 Int128 diff;
149f54b5 390
c7086b4a 391 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 392 /* Compute offset within MemoryRegionSection */
393 addr -= section->offset_within_address_space;
394
395 /* Compute offset within MemoryRegion */
396 *xlat = addr + section->offset_within_region;
397
965eb2fc 398 mr = section->mr;
b242e0e0
PB		 399
400 /* MMIO registers can be expected to perform full-width accesses based only
401 * on their address, without considering adjacent registers that could
402 * decode to completely different MemoryRegions. When such registers
403 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
404 * regions overlap wildly. For this reason we cannot clamp the accesses
405 * here.
406 *
407 * If the length is small (as is the case for address_space_ldl/stl),
408 * everything works fine. If the incoming length is large, however,
409 * the caller really has to do the clamping through memory_access_size.
410 */
965eb2fc 411 if (memory_region_is_ram(mr)) {
e4a511f8 412 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 413 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
414 }
149f54b5
PB		 415 return section;
416}
90260c6c 417
41063e1e 418/* Called from RCU critical section */
5c8a00ce
PB		 419MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
420 hwaddr *xlat, hwaddr *plen,
421 bool is_write)
90260c6c 422{
30951157
AK		 423 IOMMUTLBEntry iotlb;
424 MemoryRegionSection *section;
425 MemoryRegion *mr;
30951157
AK		 426
427 for (;;) {
79e2b9ae
PB		 428 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
429 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 430 mr = section->mr;
431
432 if (!mr->iommu_ops) {
433 break;
434 }
435
8d7b8cb9 436 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 437 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
438 | (addr & iotlb.addr_mask));
23820dbf 439 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 440 if (!(iotlb.perm & (1 << is_write))) {
441 mr = &io_mem_unassigned;
442 break;
443 }
444
445 as = iotlb.target_as;
446 }
447
fe680d0d 448 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 449 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 450 *plen = MIN(page, *plen);
a87f3954
PB		 451 }
452
30951157
AK		 453 *xlat = addr;
454 return mr;
90260c6c
JK		 455}
456
79e2b9ae 457/* Called from RCU critical section */
90260c6c 458MemoryRegionSection *
d7898cda 459address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 460 hwaddr *xlat, hwaddr *plen)
90260c6c 461{
30951157 462 MemoryRegionSection *section;
d7898cda
PM		 463 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
464
465 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 466
467 assert(!section->mr->iommu_ops);
468 return section;
90260c6c 469}
5b6dd868 470#endif
fd6ce8f6 471
b170fce3 472#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 473
474static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 475{
259186a7 476 CPUState *cpu = opaque;
a513fe19 477
5b6dd868
BS		 478 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
479 version_id is increased. */
259186a7 480 cpu->interrupt_request &= ~0x01;
c01a71c1 481 tlb_flush(cpu, 1);
5b6dd868
BS		 482
483 return 0;
a513fe19 484}
7501267e 485
6c3bff0e
PD		 486static int cpu_common_pre_load(void *opaque)
487{
488 CPUState *cpu = opaque;
489
adee6424 490 cpu->exception_index = -1;
6c3bff0e
PD		 491
492 return 0;
493}
494
495static bool cpu_common_exception_index_needed(void *opaque)
496{
497 CPUState *cpu = opaque;
498
adee6424 499 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 500}
501
502static const VMStateDescription vmstate_cpu_common_exception_index = {
503 .name = "cpu_common/exception_index",
504 .version_id = 1,
505 .minimum_version_id = 1,
5cd8cada 506 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 507 .fields = (VMStateField[]) {
508 VMSTATE_INT32(exception_index, CPUState),
509 VMSTATE_END_OF_LIST()
510 }
511};
512
bac05aa9
AS		 513static bool cpu_common_crash_occurred_needed(void *opaque)
514{
515 CPUState *cpu = opaque;
516
517 return cpu->crash_occurred;
518}
519
520static const VMStateDescription vmstate_cpu_common_crash_occurred = {
521 .name = "cpu_common/crash_occurred",
522 .version_id = 1,
523 .minimum_version_id = 1,
524 .needed = cpu_common_crash_occurred_needed,
525 .fields = (VMStateField[]) {
526 VMSTATE_BOOL(crash_occurred, CPUState),
527 VMSTATE_END_OF_LIST()
528 }
529};
530
1a1562f5 531const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 532 .name = "cpu_common",
533 .version_id = 1,
534 .minimum_version_id = 1,
6c3bff0e 535 .pre_load = cpu_common_pre_load,
5b6dd868 536 .post_load = cpu_common_post_load,
35d08458 537 .fields = (VMStateField[]) {
259186a7
AF		 538 VMSTATE_UINT32(halted, CPUState),
539 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 540 VMSTATE_END_OF_LIST()
6c3bff0e 541 },
5cd8cada
JQ		 542 .subsections = (const VMStateDescription*[]) {
543 &vmstate_cpu_common_exception_index,
bac05aa9 544 &vmstate_cpu_common_crash_occurred,
5cd8cada 545 NULL
5b6dd868
BS		 546 }
547};
1a1562f5 548
5b6dd868 549#endif
ea041c0e 550
38d8f5c8 551CPUState *qemu_get_cpu(int index)
ea041c0e 552{
bdc44640 553 CPUState *cpu;
ea041c0e 554
bdc44640 555 CPU_FOREACH(cpu) {
55e5c285 556 if (cpu->cpu_index == index) {
bdc44640 557 return cpu;
55e5c285 558 }
ea041c0e 559 }
5b6dd868 560
bdc44640 561 return NULL;
ea041c0e
FB		 562}
563
09daed84 564#if !defined(CONFIG_USER_ONLY)
56943e8c 565void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 566{
12ebc9a7
PM		 567 CPUAddressSpace *newas;
568
569 /* Target code should have set num_ases before calling us */
570 assert(asidx < cpu->num_ases);
571
56943e8c
PM		 572 if (asidx == 0) {
573 /* address space 0 gets the convenience alias */
574 cpu->as = as;
575 }
576
12ebc9a7
PM		 577 /* KVM cannot currently support multiple address spaces. */
578 assert(asidx == 0 || !kvm_enabled());
09daed84 579
12ebc9a7
PM		 580 if (!cpu->cpu_ases) {
581 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 582 }
32857f4d 583
12ebc9a7
PM		 584 newas = &cpu->cpu_ases[asidx];
585 newas->cpu = cpu;
586 newas->as = as;
56943e8c 587 if (tcg_enabled()) {
12ebc9a7
PM		 588 newas->tcg_as_listener.commit = tcg_commit;
589 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 590 }
09daed84 591}
651a5bc0
PM		 592
593AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
594{
595 /* Return the AddressSpace corresponding to the specified index */
596 return cpu->cpu_ases[asidx].as;
597}
09daed84
EI		 598#endif
599
b7bca733
BR		 600#ifndef CONFIG_USER_ONLY
601static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
602
603static int cpu_get_free_index(Error **errp)
604{
605 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
606
607 if (cpu >= MAX_CPUMASK_BITS) {
608 error_setg(errp, "Trying to use more CPUs than max of %d",
609 MAX_CPUMASK_BITS);
610 return -1;
611 }
612
613 bitmap_set(cpu_index_map, cpu, 1);
614 return cpu;
615}
616
1c59eb39 617static void cpu_release_index(CPUState *cpu)
b7bca733 618{
b7bca733 619 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
b7bca733
BR		 620}
621#else
622
623static int cpu_get_free_index(Error **errp)
624{
625 CPUState *some_cpu;
626 int cpu_index = 0;
627
628 CPU_FOREACH(some_cpu) {
629 cpu_index++;
630 }
631 return cpu_index;
632}
633
1c59eb39 634static void cpu_release_index(CPUState *cpu)
b7bca733 635{
1c59eb39 636 return;
b7bca733
BR		 637}
638#endif
639
1c59eb39
BR		 640void cpu_exec_exit(CPUState *cpu)
641{
9dfeca7c
BR		 642 CPUClass *cc = CPU_GET_CLASS(cpu);
643
1c59eb39
BR		 644#if defined(CONFIG_USER_ONLY)
645 cpu_list_lock();
646#endif
647 if (cpu->cpu_index == -1) {
648 /* cpu_index was never allocated by this @cpu or was already freed. */
649#if defined(CONFIG_USER_ONLY)
650 cpu_list_unlock();
651#endif
652 return;
653 }
654
655 QTAILQ_REMOVE(&cpus, cpu, node);
656 cpu_release_index(cpu);
657 cpu->cpu_index = -1;
658#if defined(CONFIG_USER_ONLY)
659 cpu_list_unlock();
660#endif
9dfeca7c
BR		 661
662 if (cc->vmsd != NULL) {
663 vmstate_unregister(NULL, cc->vmsd, cpu);
664 }
665 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
666 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
667 }
1c59eb39
BR		 668}
669
4bad9e39 670void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 671{
b170fce3 672 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 673 Error *local_err = NULL;
5b6dd868 674
56943e8c 675 cpu->as = NULL;
12ebc9a7 676 cpu->num_ases = 0;
56943e8c 677
291135b5 678#ifndef CONFIG_USER_ONLY
291135b5 679 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 680
681 /* This is a softmmu CPU object, so create a property for it
682 * so users can wire up its memory. (This can't go in qom/cpu.c
683 * because that file is compiled only once for both user-mode
684 * and system builds.) The default if no link is set up is to use
685 * the system address space.
686 */
687 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
688 (Object **)&cpu->memory,
689 qdev_prop_allow_set_link_before_realize,
690 OBJ_PROP_LINK_UNREF_ON_RELEASE,
691 &error_abort);
692 cpu->memory = system_memory;
693 object_ref(OBJECT(cpu->memory));
291135b5
EH		 694#endif
695
5b6dd868
BS		 696#if defined(CONFIG_USER_ONLY)
697 cpu_list_lock();
698#endif
741da0d3 699 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 700 if (local_err) {
701 error_propagate(errp, local_err);
702#if defined(CONFIG_USER_ONLY)
703 cpu_list_unlock();
704#endif
705 return;
5b6dd868 706 }
bdc44640 707 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 708#if defined(CONFIG_USER_ONLY)
741da0d3 709 (void) cc;
5b6dd868 710 cpu_list_unlock();
741da0d3 711#else
e0d47944 712 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 713 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 714 }
b170fce3 715 if (cc->vmsd != NULL) {
741da0d3 716 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 717 }
741da0d3 718#endif
ea041c0e
FB		 719}
720
94df27fd 721#if defined(CONFIG_USER_ONLY)
00b941e5 722static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 723{
724 tb_invalidate_phys_page_range(pc, pc + 1, 0);
725}
726#else
00b941e5 727static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 728{
5232e4c7
PM		 729 MemTxAttrs attrs;
730 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
731 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 732 if (phys != -1) {
5232e4c7 733 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 734 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 735 }
1e7855a5 736}
c27004ec 737#endif
d720b93d 738
c527ee8f 739#if defined(CONFIG_USER_ONLY)
75a34036 740void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 741
742{
743}
744
3ee887e8
PM		 745int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
746 int flags)
747{
748 return -ENOSYS;
749}
750
751void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
752{
753}
754
75a34036 755int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 756 int flags, CPUWatchpoint **watchpoint)
757{
758 return -ENOSYS;
759}
760#else
6658ffb8 761/* Add a watchpoint. */
75a34036 762int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 763 int flags, CPUWatchpoint **watchpoint)
6658ffb8 764{
c0ce998e 765 CPUWatchpoint *wp;
6658ffb8 766
05068c0d 767 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 768 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 769 error_report("tried to set invalid watchpoint at %"
770 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 771 return -EINVAL;
772 }
7267c094 773 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 774
775 wp->vaddr = addr;
05068c0d 776 wp->len = len;
a1d1bb31
AL		 777 wp->flags = flags;
778
2dc9f411 779 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 780 if (flags & BP_GDB) {
781 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
782 } else {
783 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
784 }
6658ffb8 785
31b030d4 786 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 787
788 if (watchpoint)
789 *watchpoint = wp;
790 return 0;
6658ffb8
PB		 791}
792
a1d1bb31 793/* Remove a specific watchpoint. */
75a34036 794int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 795 int flags)
6658ffb8 796{
a1d1bb31 797 CPUWatchpoint *wp;
6658ffb8 798
ff4700b0 799 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 800 if (addr == wp->vaddr && len == wp->len
6e140f28 801 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 802 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 803 return 0;
804 }
805 }
a1d1bb31 806 return -ENOENT;
6658ffb8
PB		 807}
808
a1d1bb31 809/* Remove a specific watchpoint by reference. */
75a34036 810void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 811{
ff4700b0 812 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 813
31b030d4 814 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 815
7267c094 816 g_free(watchpoint);
a1d1bb31
AL		 817}
818
819/* Remove all matching watchpoints. */
75a34036 820void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 821{
c0ce998e 822 CPUWatchpoint *wp, *next;
a1d1bb31 823
ff4700b0 824 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 825 if (wp->flags & mask) {
826 cpu_watchpoint_remove_by_ref(cpu, wp);
827 }
c0ce998e 828 }
7d03f82f 829}
05068c0d
PM		 830
831/* Return true if this watchpoint address matches the specified
832 * access (ie the address range covered by the watchpoint overlaps
833 * partially or completely with the address range covered by the
834 * access).
835 */
836static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
837 vaddr addr,
838 vaddr len)
839{
840 /* We know the lengths are non-zero, but a little caution is
841 * required to avoid errors in the case where the range ends
842 * exactly at the top of the address space and so addr + len
843 * wraps round to zero.
844 */
845 vaddr wpend = wp->vaddr + wp->len - 1;
846 vaddr addrend = addr + len - 1;
847
848 return !(addr > wpend || wp->vaddr > addrend);
849}
850
c527ee8f 851#endif
7d03f82f 852
a1d1bb31 853/* Add a breakpoint. */
b3310ab3 854int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 855 CPUBreakpoint **breakpoint)
4c3a88a2 856{
c0ce998e 857 CPUBreakpoint *bp;
3b46e624 858
7267c094 859 bp = g_malloc(sizeof(*bp));
4c3a88a2 860
a1d1bb31
AL		 861 bp->pc = pc;
862 bp->flags = flags;
863
2dc9f411 864 /* keep all GDB-injected breakpoints in front */
00b941e5 865 if (flags & BP_GDB) {
f0c3c505 866 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 867 } else {
f0c3c505 868 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 869 }
3b46e624 870
f0c3c505 871 breakpoint_invalidate(cpu, pc);
a1d1bb31 872
00b941e5 873 if (breakpoint) {
a1d1bb31 874 *breakpoint = bp;
00b941e5 875 }
4c3a88a2 876 return 0;
4c3a88a2
FB		 877}
878
a1d1bb31 879/* Remove a specific breakpoint. */
b3310ab3 880int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 881{
a1d1bb31
AL		 882 CPUBreakpoint *bp;
883
f0c3c505 884 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 885 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 886 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 887 return 0;
888 }
7d03f82f 889 }
a1d1bb31 890 return -ENOENT;
7d03f82f
EI		 891}
892
a1d1bb31 893/* Remove a specific breakpoint by reference. */
b3310ab3 894void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 895{
f0c3c505
AF		 896 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
897
898 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 899
7267c094 900 g_free(breakpoint);
a1d1bb31
AL		 901}
902
903/* Remove all matching breakpoints. */
b3310ab3 904void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 905{
c0ce998e 906 CPUBreakpoint *bp, *next;
a1d1bb31 907
f0c3c505 908 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 909 if (bp->flags & mask) {
910 cpu_breakpoint_remove_by_ref(cpu, bp);
911 }
c0ce998e 912 }
4c3a88a2
FB		 913}
914
c33a346e
FB		 915/* enable or disable single step mode. EXCP_DEBUG is returned by the
916 CPU loop after each instruction */
3825b28f 917void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 918{
ed2803da
AF		 919 if (cpu->singlestep_enabled != enabled) {
920 cpu->singlestep_enabled = enabled;
921 if (kvm_enabled()) {
38e478ec 922 kvm_update_guest_debug(cpu, 0);
ed2803da 923 } else {
ccbb4d44 924 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 925 /* XXX: only flush what is necessary */
bbd77c18 926 tb_flush(cpu);
e22a25c9 927 }
c33a346e 928 }
c33a346e
FB		 929}
930
a47dddd7 931void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 932{
933 va_list ap;
493ae1f0 934 va_list ap2;
7501267e
FB		 935
936 va_start(ap, fmt);
493ae1f0 937 va_copy(ap2, ap);
7501267e
FB		 938 fprintf(stderr, "qemu: fatal: ");
939 vfprintf(stderr, fmt, ap);
940 fprintf(stderr, "\n");
878096ee 941 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 942 if (qemu_log_separate()) {
93fcfe39
AL		 943 qemu_log("qemu: fatal: ");
944 qemu_log_vprintf(fmt, ap2);
945 qemu_log("\n");
a0762859 946 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 947 qemu_log_flush();
93fcfe39 948 qemu_log_close();
924edcae 949 }
493ae1f0 950 va_end(ap2);
f9373291 951 va_end(ap);
7615936e 952 replay_finish();
fd052bf6
RV		 953#if defined(CONFIG_USER_ONLY)
954 {
955 struct sigaction act;
956 sigfillset(&act.sa_mask);
957 act.sa_handler = SIG_DFL;
958 sigaction(SIGABRT, &act, NULL);
959 }
960#endif
7501267e
FB		 961 abort();
962}
963
0124311e 964#if !defined(CONFIG_USER_ONLY)
0dc3f44a 965/* Called from RCU critical section */
041603fe
PB		 966static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
967{
968 RAMBlock *block;
969
43771539 970 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 971 if (block && addr - block->offset < block->max_length) {
68851b98 972 return block;
041603fe 973 }
0dc3f44a 974 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 975 if (addr - block->offset < block->max_length) {
041603fe
PB		 976 goto found;
977 }
978 }
979
980 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
981 abort();
982
983found:
43771539
PB		 984 /* It is safe to write mru_block outside the iothread lock. This
985 * is what happens:
986 *
987 * mru_block = xxx
988 * rcu_read_unlock()
989 * xxx removed from list
990 * rcu_read_lock()
991 * read mru_block
992 * mru_block = NULL;
993 * call_rcu(reclaim_ramblock, xxx);
994 * rcu_read_unlock()
995 *
996 * atomic_rcu_set is not needed here. The block was already published
997 * when it was placed into the list. Here we're just making an extra
998 * copy of the pointer.
999 */
041603fe
PB		 1000 ram_list.mru_block = block;
1001 return block;
1002}
1003
a2f4d5be 1004static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 1005{
9a13565d 1006 CPUState *cpu;
041603fe 1007 ram_addr_t start1;
a2f4d5be
JQ		 1008 RAMBlock *block;
1009 ram_addr_t end;
1010
1011 end = TARGET_PAGE_ALIGN(start + length);
1012 start &= TARGET_PAGE_MASK;
d24981d3 1013
0dc3f44a 1014 rcu_read_lock();
041603fe
PB		 1015 block = qemu_get_ram_block(start);
1016 assert(block == qemu_get_ram_block(end - 1));
1240be24 1017 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 1018 CPU_FOREACH(cpu) {
1019 tlb_reset_dirty(cpu, start1, length);
1020 }
0dc3f44a 1021 rcu_read_unlock();
d24981d3
JQ		 1022}
1023
5579c7f3 1024/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 1025bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
1026 ram_addr_t length,
1027 unsigned client)
1ccde1cb 1028{
5b82b703 1029 DirtyMemoryBlocks *blocks;
03eebc9e 1030 unsigned long end, page;
5b82b703 1031 bool dirty = false;
03eebc9e
SH		 1032
1033 if (length == 0) {
1034 return false;
1035 }
f23db169 1036
03eebc9e
SH		 1037 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1038 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1039
1040 rcu_read_lock();
1041
1042 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1043
1044 while (page < end) {
1045 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1046 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1047 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1048
1049 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1050 offset, num);
1051 page += num;
1052 }
1053
1054 rcu_read_unlock();
03eebc9e
SH		 1055
1056 if (dirty && tcg_enabled()) {
a2f4d5be 1057 tlb_reset_dirty_range_all(start, length);
5579c7f3 1058 }
03eebc9e
SH		 1059
1060 return dirty;
1ccde1cb
FB		 1061}
1062
79e2b9ae 1063/* Called from RCU critical section */
bb0e627a 1064hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1065 MemoryRegionSection *section,
1066 target_ulong vaddr,
1067 hwaddr paddr, hwaddr xlat,
1068 int prot,
1069 target_ulong *address)
e5548617 1070{
a8170e5e 1071 hwaddr iotlb;
e5548617
BS		 1072 CPUWatchpoint *wp;
1073
cc5bea60 1074 if (memory_region_is_ram(section->mr)) {
e5548617 1075 /* Normal RAM. */
e4e69794 1076 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1077 if (!section->readonly) {
b41aac4f 1078 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1079 } else {
b41aac4f 1080 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1081 }
1082 } else {
0b8e2c10
PM		 1083 AddressSpaceDispatch *d;
1084
1085 d = atomic_rcu_read(&section->address_space->dispatch);
1086 iotlb = section - d->map.sections;
149f54b5 1087 iotlb += xlat;
e5548617
BS		 1088 }
1089
1090 /* Make accesses to pages with watchpoints go via the
1091 watchpoint trap routines. */
ff4700b0 1092 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1093 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1094 /* Avoid trapping reads of pages with a write breakpoint. */
1095 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1096 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1097 *address |= TLB_MMIO;
1098 break;
1099 }
1100 }
1101 }
1102
1103 return iotlb;
1104}
9fa3e853
FB		 1105#endif /* defined(CONFIG_USER_ONLY) */
1106
e2eef170 1107#if !defined(CONFIG_USER_ONLY)
8da3ff18 1108
c227f099 1109static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1110 uint16_t section);
acc9d80b 1111static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1112
a2b257d6
IM		 1113static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1114 qemu_anon_ram_alloc;
91138037
MA		 1115
1116/*
1117 * Set a custom physical guest memory alloator.
1118 * Accelerators with unusual needs may need this. Hopefully, we can
1119 * get rid of it eventually.
1120 */
a2b257d6 1121void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1122{
1123 phys_mem_alloc = alloc;
1124}
1125
53cb28cb
MA		 1126static uint16_t phys_section_add(PhysPageMap *map,
1127 MemoryRegionSection *section)
5312bd8b 1128{
68f3f65b
PB		 1129 /* The physical section number is ORed with a page-aligned
1130 * pointer to produce the iotlb entries. Thus it should
1131 * never overflow into the page-aligned value.
1132 */
53cb28cb 1133 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1134
53cb28cb
MA		 1135 if (map->sections_nb == map->sections_nb_alloc) {
1136 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1137 map->sections = g_renew(MemoryRegionSection, map->sections,
1138 map->sections_nb_alloc);
5312bd8b 1139 }
53cb28cb 1140 map->sections[map->sections_nb] = *section;
dfde4e6e 1141 memory_region_ref(section->mr);
53cb28cb 1142 return map->sections_nb++;
5312bd8b
AK		 1143}
1144
058bc4b5
PB		 1145static void phys_section_destroy(MemoryRegion *mr)
1146{
55b4e80b
DS		 1147 bool have_sub_page = mr->subpage;
1148
dfde4e6e
PB		 1149 memory_region_unref(mr);
1150
55b4e80b 1151 if (have_sub_page) {
058bc4b5 1152 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1153 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1154 g_free(subpage);
1155 }
1156}
1157
6092666e 1158static void phys_sections_free(PhysPageMap *map)
5312bd8b 1159{
9affd6fc
PB		 1160 while (map->sections_nb > 0) {
1161 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1162 phys_section_destroy(section->mr);
1163 }
9affd6fc
PB		 1164 g_free(map->sections);
1165 g_free(map->nodes);
5312bd8b
AK		 1166}
1167
ac1970fb 1168static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1169{
1170 subpage_t *subpage;
a8170e5e 1171 hwaddr base = section->offset_within_address_space
0f0cb164 1172 & TARGET_PAGE_MASK;
97115a8d 1173 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1174 d->map.nodes, d->map.sections);
0f0cb164
AK		 1175 MemoryRegionSection subsection = {
1176 .offset_within_address_space = base,
052e87b0 1177 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1178 };
a8170e5e 1179 hwaddr start, end;
0f0cb164 1180
f3705d53 1181 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1182
f3705d53 1183 if (!(existing->mr->subpage)) {
acc9d80b 1184 subpage = subpage_init(d->as, base);
3be91e86 1185 subsection.address_space = d->as;
0f0cb164 1186 subsection.mr = &subpage->iomem;
ac1970fb 1187 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1188 phys_section_add(&d->map, &subsection));
0f0cb164 1189 } else {
f3705d53 1190 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1191 }
1192 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1193 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1194 subpage_register(subpage, start, end,
1195 phys_section_add(&d->map, section));
0f0cb164
AK		 1196}
1197
1198
052e87b0
PB		 1199static void register_multipage(AddressSpaceDispatch *d,
1200 MemoryRegionSection *section)
33417e70 1201{
a8170e5e 1202 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1203 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1204 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1205 TARGET_PAGE_BITS));
dd81124b 1206
733d5ef5
PB		 1207 assert(num_pages);
1208 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1209}
1210
ac1970fb 1211static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1212{
89ae337a 1213 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1214 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1215 MemoryRegionSection now = *section, remain = *section;
052e87b0 1216 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1217
733d5ef5
PB		 1218 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1219 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1220 - now.offset_within_address_space;
1221
052e87b0 1222 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1223 register_subpage(d, &now);
733d5ef5 1224 } else {
052e87b0 1225 now.size = int128_zero();
733d5ef5 1226 }
052e87b0
PB		 1227 while (int128_ne(remain.size, now.size)) {
1228 remain.size = int128_sub(remain.size, now.size);
1229 remain.offset_within_address_space += int128_get64(now.size);
1230 remain.offset_within_region += int128_get64(now.size);
69b67646 1231 now = remain;
052e87b0 1232 if (int128_lt(remain.size, page_size)) {
733d5ef5 1233 register_subpage(d, &now);
88266249 1234 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1235 now.size = page_size;
ac1970fb 1236 register_subpage(d, &now);
69b67646 1237 } else {
052e87b0 1238 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1239 register_multipage(d, &now);
69b67646 1240 }
0f0cb164
AK		 1241 }
1242}
1243
62a2744c
SY		 1244void qemu_flush_coalesced_mmio_buffer(void)
1245{
1246 if (kvm_enabled())
1247 kvm_flush_coalesced_mmio_buffer();
1248}
1249
b2a8658e
UD		 1250void qemu_mutex_lock_ramlist(void)
1251{
1252 qemu_mutex_lock(&ram_list.mutex);
1253}
1254
1255void qemu_mutex_unlock_ramlist(void)
1256{
1257 qemu_mutex_unlock(&ram_list.mutex);
1258}
1259
e1e84ba0 1260#ifdef __linux__
04b16653
AW		 1261static void *file_ram_alloc(RAMBlock *block,
1262 ram_addr_t memory,
7f56e740
PB		 1263 const char *path,
1264 Error **errp)
c902760f 1265{
fd97fd44 1266 bool unlink_on_error = false;
c902760f 1267 char *filename;
8ca761f6
PF		 1268 char *sanitized_name;
1269 char *c;
794e8f30 1270 void *area;
5c3ece79 1271 int fd = -1;
e1fb6471 1272 int64_t page_size;
c902760f
MT		 1273
1274 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1275 error_setg(errp,
1276 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1277 return NULL;
c902760f
MT		 1278 }
1279
fd97fd44
MA		 1280 for (;;) {
1281 fd = open(path, O_RDWR);
1282 if (fd >= 0) {
1283 /* @path names an existing file, use it */
1284 break;
8d31d6b6 1285 }
fd97fd44
MA		 1286 if (errno == ENOENT) {
1287 /* @path names a file that doesn't exist, create it */
1288 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1289 if (fd >= 0) {
1290 unlink_on_error = true;
1291 break;
1292 }
1293 } else if (errno == EISDIR) {
1294 /* @path names a directory, create a file there */
1295 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1296 sanitized_name = g_strdup(memory_region_name(block->mr));
1297 for (c = sanitized_name; *c != '\0'; c++) {
1298 if (*c == '/') {
1299 *c = '_';
1300 }
1301 }
8ca761f6 1302
fd97fd44
MA		 1303 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1304 sanitized_name);
1305 g_free(sanitized_name);
8d31d6b6 1306
fd97fd44
MA		 1307 fd = mkstemp(filename);
1308 if (fd >= 0) {
1309 unlink(filename);
1310 g_free(filename);
1311 break;
1312 }
1313 g_free(filename);
8d31d6b6 1314 }
fd97fd44
MA		 1315 if (errno != EEXIST && errno != EINTR) {
1316 error_setg_errno(errp, errno,
1317 "can't open backing store %s for guest RAM",
1318 path);
1319 goto error;
1320 }
1321 /*
1322 * Try again on EINTR and EEXIST. The latter happens when
1323 * something else creates the file between our two open().
1324 */
8d31d6b6 1325 }
c902760f 1326
e1fb6471 1327 page_size = qemu_fd_getpagesize(fd);
d2f39add 1328 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1329
e1fb6471 1330 if (memory < page_size) {
fd97fd44
MA		 1331 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1332 "or larger than page size 0x%" PRIx64,
e1fb6471 1333 memory, page_size);
f9a49dfa 1334 goto error;
c902760f 1335 }
c902760f 1336
e1fb6471 1337 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1338
1339 /*
1340 * ftruncate is not supported by hugetlbfs in older
1341 * hosts, so don't bother bailing out on errors.
1342 * If anything goes wrong with it under other filesystems,
1343 * mmap will fail.
1344 */
7f56e740 1345 if (ftruncate(fd, memory)) {
9742bf26 1346 perror("ftruncate");
7f56e740 1347 }
c902760f 1348
d2f39add
DD		 1349 area = qemu_ram_mmap(fd, memory, block->mr->align,
1350 block->flags & RAM_SHARED);
c902760f 1351 if (area == MAP_FAILED) {
7f56e740 1352 error_setg_errno(errp, errno,
fd97fd44 1353 "unable to map backing store for guest RAM");
f9a49dfa 1354 goto error;
c902760f 1355 }
ef36fa14
MT		 1356
1357 if (mem_prealloc) {
38183310 1358 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1359 }
1360
04b16653 1361 block->fd = fd;
c902760f 1362 return area;
f9a49dfa
MT		 1363
1364error:
fd97fd44
MA		 1365 if (unlink_on_error) {
1366 unlink(path);
1367 }
5c3ece79
PB		 1368 if (fd != -1) {
1369 close(fd);
1370 }
f9a49dfa 1371 return NULL;
c902760f
MT		 1372}
1373#endif
1374
0dc3f44a 1375/* Called with the ramlist lock held. */
d17b5288 1376static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1377{
1378 RAMBlock *block, *next_block;
3e837b2c 1379 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1380
49cd9ac6
SH		 1381 assert(size != 0); /* it would hand out same offset multiple times */
1382
0dc3f44a 1383 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1384 return 0;
0d53d9fe 1385 }
04b16653 1386
0dc3f44a 1387 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1388 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1389
62be4e3a 1390 end = block->offset + block->max_length;
04b16653 1391
0dc3f44a 1392 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1393 if (next_block->offset >= end) {
1394 next = MIN(next, next_block->offset);
1395 }
1396 }
1397 if (next - end >= size && next - end < mingap) {
3e837b2c 1398 offset = end;
04b16653
AW		 1399 mingap = next - end;
1400 }
1401 }
3e837b2c
AW		 1402
1403 if (offset == RAM_ADDR_MAX) {
1404 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1405 (uint64_t)size);
1406 abort();
1407 }
1408
04b16653
AW		 1409 return offset;
1410}
1411
652d7ec2 1412ram_addr_t last_ram_offset(void)
d17b5288
AW		 1413{
1414 RAMBlock *block;
1415 ram_addr_t last = 0;
1416
0dc3f44a
MD		 1417 rcu_read_lock();
1418 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1419 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1420 }
0dc3f44a 1421 rcu_read_unlock();
d17b5288
AW		 1422 return last;
1423}
1424
ddb97f1d
JB		 1425static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1426{
1427 int ret;
ddb97f1d
JB		 1428
1429 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1430 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1431 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1432 if (ret) {
1433 perror("qemu_madvise");
1434 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1435 "but dump_guest_core=off specified\n");
1436 }
1437 }
1438}
1439
422148d3
DDAG		 1440const char *qemu_ram_get_idstr(RAMBlock *rb)
1441{
1442 return rb->idstr;
1443}
1444
ae3a7047 1445/* Called with iothread lock held. */
fa53a0e5 1446void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1447{
fa53a0e5 1448 RAMBlock *block;
20cfe881 1449
c5705a77
AK		 1450 assert(new_block);
1451 assert(!new_block->idstr[0]);
84b89d78 1452
09e5ab63
AL		 1453 if (dev) {
1454 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1455 if (id) {
1456 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1457 g_free(id);
84b89d78
CM		 1458 }
1459 }
1460 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1461
ab0a9956 1462 rcu_read_lock();
0dc3f44a 1463 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1464 if (block != new_block &&
1465 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1466 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1467 new_block->idstr);
1468 abort();
1469 }
1470 }
0dc3f44a 1471 rcu_read_unlock();
c5705a77
AK		 1472}
1473
ae3a7047 1474/* Called with iothread lock held. */
fa53a0e5 1475void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1476{
ae3a7047
MD		 1477 /* FIXME: arch_init.c assumes that this is not called throughout
1478 * migration. Ignore the problem since hot-unplug during migration
1479 * does not work anyway.
1480 */
20cfe881
HT		 1481 if (block) {
1482 memset(block->idstr, 0, sizeof(block->idstr));
1483 }
1484}
1485
8490fc78
LC		 1486static int memory_try_enable_merging(void *addr, size_t len)
1487{
75cc7f01 1488 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1489 /* disabled by the user */
1490 return 0;
1491 }
1492
1493 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1494}
1495
62be4e3a
MT		 1496/* Only legal before guest might have detected the memory size: e.g. on
1497 * incoming migration, or right after reset.
1498 *
1499 * As memory core doesn't know how is memory accessed, it is up to
1500 * resize callback to update device state and/or add assertions to detect
1501 * misuse, if necessary.
1502 */
fa53a0e5 1503int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1504{
62be4e3a
MT		 1505 assert(block);
1506
4ed023ce 1507 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1508
62be4e3a
MT		 1509 if (block->used_length == newsize) {
1510 return 0;
1511 }
1512
1513 if (!(block->flags & RAM_RESIZEABLE)) {
1514 error_setg_errno(errp, EINVAL,
1515 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1516 " in != 0x" RAM_ADDR_FMT, block->idstr,
1517 newsize, block->used_length);
1518 return -EINVAL;
1519 }
1520
1521 if (block->max_length < newsize) {
1522 error_setg_errno(errp, EINVAL,
1523 "Length too large: %s: 0x" RAM_ADDR_FMT
1524 " > 0x" RAM_ADDR_FMT, block->idstr,
1525 newsize, block->max_length);
1526 return -EINVAL;
1527 }
1528
1529 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1530 block->used_length = newsize;
58d2707e
PB		 1531 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1532 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1533 memory_region_set_size(block->mr, newsize);
1534 if (block->resized) {
1535 block->resized(block->idstr, newsize, block->host);
1536 }
1537 return 0;
1538}
1539
5b82b703
SH		 1540/* Called with ram_list.mutex held */
1541static void dirty_memory_extend(ram_addr_t old_ram_size,
1542 ram_addr_t new_ram_size)
1543{
1544 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1545 DIRTY_MEMORY_BLOCK_SIZE);
1546 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1547 DIRTY_MEMORY_BLOCK_SIZE);
1548 int i;
1549
1550 /* Only need to extend if block count increased */
1551 if (new_num_blocks <= old_num_blocks) {
1552 return;
1553 }
1554
1555 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1556 DirtyMemoryBlocks *old_blocks;
1557 DirtyMemoryBlocks *new_blocks;
1558 int j;
1559
1560 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1561 new_blocks = g_malloc(sizeof(*new_blocks) +
1562 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1563
1564 if (old_num_blocks) {
1565 memcpy(new_blocks->blocks, old_blocks->blocks,
1566 old_num_blocks * sizeof(old_blocks->blocks[0]));
1567 }
1568
1569 for (j = old_num_blocks; j < new_num_blocks; j++) {
1570 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1571 }
1572
1573 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1574
1575 if (old_blocks) {
1576 g_free_rcu(old_blocks, rcu);
1577 }
1578 }
1579}
1580
528f46af 1581static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1582{
e1c57ab8 1583 RAMBlock *block;
0d53d9fe 1584 RAMBlock *last_block = NULL;
2152f5ca 1585 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1586 Error *err = NULL;
2152f5ca
JQ		 1587
1588 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1589
b2a8658e 1590 qemu_mutex_lock_ramlist();
9b8424d5 1591 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1592
1593 if (!new_block->host) {
1594 if (xen_enabled()) {
9b8424d5 1595 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1596 new_block->mr, &err);
1597 if (err) {
1598 error_propagate(errp, err);
1599 qemu_mutex_unlock_ramlist();
39c350ee 1600 return;
37aa7a0e 1601 }
e1c57ab8 1602 } else {
9b8424d5 1603 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1604 &new_block->mr->align);
39228250 1605 if (!new_block->host) {
ef701d7b
HT		 1606 error_setg_errno(errp, errno,
1607 "cannot set up guest memory '%s'",
1608 memory_region_name(new_block->mr));
1609 qemu_mutex_unlock_ramlist();
39c350ee 1610 return;
39228250 1611 }
9b8424d5 1612 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1613 }
c902760f 1614 }
94a6b54f 1615
dd631697
LZ		 1616 new_ram_size = MAX(old_ram_size,
1617 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1618 if (new_ram_size > old_ram_size) {
1619 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1620 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1621 }
0d53d9fe
MD		 1622 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1623 * QLIST (which has an RCU-friendly variant) does not have insertion at
1624 * tail, so save the last element in last_block.
1625 */
0dc3f44a 1626 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1627 last_block = block;
9b8424d5 1628 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1629 break;
1630 }
1631 }
1632 if (block) {
0dc3f44a 1633 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1634 } else if (last_block) {
0dc3f44a 1635 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1636 } else { /* list is empty */
0dc3f44a 1637 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1638 }
0d6d3c87 1639 ram_list.mru_block = NULL;
94a6b54f 1640
0dc3f44a
MD		 1641 /* Write list before version */
1642 smp_wmb();
f798b07f 1643 ram_list.version++;
b2a8658e 1644 qemu_mutex_unlock_ramlist();
f798b07f 1645
9b8424d5 1646 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1647 new_block->used_length,
1648 DIRTY_CLIENTS_ALL);
94a6b54f 1649
a904c911
PB		 1650 if (new_block->host) {
1651 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1652 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1653 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1654 if (kvm_enabled()) {
1655 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1656 }
e1c57ab8 1657 }
94a6b54f 1658}
e9a1ab19 1659
0b183fc8 1660#ifdef __linux__
528f46af
FZ		 1661RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1662 bool share, const char *mem_path,
1663 Error **errp)
e1c57ab8
PB		 1664{
1665 RAMBlock *new_block;
ef701d7b 1666 Error *local_err = NULL;
e1c57ab8
PB		 1667
1668 if (xen_enabled()) {
7f56e740 1669 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1670 return NULL;
e1c57ab8
PB		 1671 }
1672
1673 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1674 /*
1675 * file_ram_alloc() needs to allocate just like
1676 * phys_mem_alloc, but we haven't bothered to provide
1677 * a hook there.
1678 */
7f56e740
PB		 1679 error_setg(errp,
1680 "-mem-path not supported with this accelerator");
528f46af 1681 return NULL;
e1c57ab8
PB		 1682 }
1683
4ed023ce 1684 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1685 new_block = g_malloc0(sizeof(*new_block));
1686 new_block->mr = mr;
9b8424d5
MT		 1687 new_block->used_length = size;
1688 new_block->max_length = size;
dbcb8981 1689 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1690 new_block->host = file_ram_alloc(new_block, size,
1691 mem_path, errp);
1692 if (!new_block->host) {
1693 g_free(new_block);
528f46af 1694 return NULL;
7f56e740
PB		 1695 }
1696
528f46af 1697 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1698 if (local_err) {
1699 g_free(new_block);
1700 error_propagate(errp, local_err);
528f46af 1701 return NULL;
ef701d7b 1702 }
528f46af 1703 return new_block;
e1c57ab8 1704}
0b183fc8 1705#endif
e1c57ab8 1706
62be4e3a 1707static
528f46af
FZ		 1708RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1709 void (*resized)(const char*,
1710 uint64_t length,
1711 void *host),
1712 void *host, bool resizeable,
1713 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1714{
1715 RAMBlock *new_block;
ef701d7b 1716 Error *local_err = NULL;
e1c57ab8 1717
4ed023ce
DDAG		 1718 size = HOST_PAGE_ALIGN(size);
1719 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1720 new_block = g_malloc0(sizeof(*new_block));
1721 new_block->mr = mr;
62be4e3a 1722 new_block->resized = resized;
9b8424d5
MT		 1723 new_block->used_length = size;
1724 new_block->max_length = max_size;
62be4e3a 1725 assert(max_size >= size);
e1c57ab8
PB		 1726 new_block->fd = -1;
1727 new_block->host = host;
1728 if (host) {
7bd4f430 1729 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1730 }
62be4e3a
MT		 1731 if (resizeable) {
1732 new_block->flags |= RAM_RESIZEABLE;
1733 }
528f46af 1734 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1735 if (local_err) {
1736 g_free(new_block);
1737 error_propagate(errp, local_err);
528f46af 1738 return NULL;
ef701d7b 1739 }
528f46af 1740 return new_block;
e1c57ab8
PB		 1741}
1742
528f46af 1743RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1744 MemoryRegion *mr, Error **errp)
1745{
1746 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1747}
1748
528f46af 1749RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1750{
62be4e3a
MT		 1751 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1752}
1753
528f46af 1754RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1755 void (*resized)(const char*,
1756 uint64_t length,
1757 void *host),
1758 MemoryRegion *mr, Error **errp)
1759{
1760 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1761}
1762
43771539
PB		 1763static void reclaim_ramblock(RAMBlock *block)
1764{
1765 if (block->flags & RAM_PREALLOC) {
1766 ;
1767 } else if (xen_enabled()) {
1768 xen_invalidate_map_cache_entry(block->host);
1769#ifndef _WIN32
1770 } else if (block->fd >= 0) {
2f3a2bb1 1771 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1772 close(block->fd);
1773#endif
1774 } else {
1775 qemu_anon_ram_free(block->host, block->max_length);
1776 }
1777 g_free(block);
1778}
1779
f1060c55 1780void qemu_ram_free(RAMBlock *block)
e9a1ab19 1781{
85bc2a15
MAL		 1782 if (!block) {
1783 return;
1784 }
1785
b2a8658e 1786 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1787 QLIST_REMOVE_RCU(block, next);
1788 ram_list.mru_block = NULL;
1789 /* Write list before version */
1790 smp_wmb();
1791 ram_list.version++;
1792 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1793 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1794}
1795
cd19cfa2
HY		 1796#ifndef _WIN32
1797void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1798{
1799 RAMBlock *block;
1800 ram_addr_t offset;
1801 int flags;
1802 void *area, *vaddr;
1803
0dc3f44a 1804 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1805 offset = addr - block->offset;
9b8424d5 1806 if (offset < block->max_length) {
1240be24 1807 vaddr = ramblock_ptr(block, offset);
7bd4f430 1808 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1809 ;
dfeaf2ab
MA		 1810 } else if (xen_enabled()) {
1811 abort();
cd19cfa2
HY		 1812 } else {
1813 flags = MAP_FIXED;
3435f395 1814 if (block->fd >= 0) {
dbcb8981
PB		 1815 flags |= (block->flags & RAM_SHARED ?
1816 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1817 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1818 flags, block->fd, offset);
cd19cfa2 1819 } else {
2eb9fbaa
MA		 1820 /*
1821 * Remap needs to match alloc. Accelerators that
1822 * set phys_mem_alloc never remap. If they did,
1823 * we'd need a remap hook here.
1824 */
1825 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1826
cd19cfa2
HY		 1827 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1828 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1829 flags, -1, 0);
cd19cfa2
HY		 1830 }
1831 if (area != vaddr) {
f15fbc4b
AP		 1832 fprintf(stderr, "Could not remap addr: "
1833 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1834 length, addr);
1835 exit(1);
1836 }
8490fc78 1837 memory_try_enable_merging(vaddr, length);
ddb97f1d 1838 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1839 }
cd19cfa2
HY		 1840 }
1841 }
1842}
1843#endif /* !_WIN32 */
1844
1b5ec234 1845/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1846 * This should not be used for general purpose DMA. Use address_space_map
1847 * or address_space_rw instead. For local memory (e.g. video ram) that the
1848 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1849 *
49b24afc 1850 * Called within RCU critical section.
1b5ec234 1851 */
0878d0e1 1852void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1853{
3655cb9c
GA		 1854 RAMBlock *block = ram_block;
1855
1856 if (block == NULL) {
1857 block = qemu_get_ram_block(addr);
0878d0e1 1858 addr -= block->offset;
3655cb9c 1859 }
ae3a7047
MD		 1860
1861 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1862 /* We need to check if the requested address is in the RAM
1863 * because we don't want to map the entire memory in QEMU.
1864 * In that case just map until the end of the page.
1865 */
1866 if (block->offset == 0) {
49b24afc 1867 return xen_map_cache(addr, 0, 0);
0d6d3c87 1868 }
ae3a7047
MD		 1869
1870 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1871 }
0878d0e1 1872 return ramblock_ptr(block, addr);
dc828ca1
PB		 1873}
1874
0878d0e1 1875/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1876 * but takes a size argument.
0dc3f44a 1877 *
e81bcda5 1878 * Called within RCU critical section.
ae3a7047 1879 */
3655cb9c
GA		 1880static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1881 hwaddr *size)
38bee5dc 1882{
3655cb9c 1883 RAMBlock *block = ram_block;
8ab934f9
SS		 1884 if (*size == 0) {
1885 return NULL;
1886 }
e81bcda5 1887
3655cb9c
GA		 1888 if (block == NULL) {
1889 block = qemu_get_ram_block(addr);
0878d0e1 1890 addr -= block->offset;
3655cb9c 1891 }
0878d0e1 1892 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1893
1894 if (xen_enabled() && block->host == NULL) {
1895 /* We need to check if the requested address is in the RAM
1896 * because we don't want to map the entire memory in QEMU.
1897 * In that case just map the requested area.
1898 */
1899 if (block->offset == 0) {
1900 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1901 }
1902
e81bcda5 1903 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1904 }
e81bcda5 1905
0878d0e1 1906 return ramblock_ptr(block, addr);
38bee5dc
SS		 1907}
1908
422148d3
DDAG		 1909/*
1910 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1911 * in that RAMBlock.
1912 *
1913 * ptr: Host pointer to look up
1914 * round_offset: If true round the result offset down to a page boundary
1915 * *ram_addr: set to result ram_addr
1916 * *offset: set to result offset within the RAMBlock
1917 *
1918 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1919 *
1920 * By the time this function returns, the returned pointer is not protected
1921 * by RCU anymore. If the caller is not within an RCU critical section and
1922 * does not hold the iothread lock, it must have other means of protecting the
1923 * pointer, such as a reference to the region that includes the incoming
1924 * ram_addr_t.
1925 */
422148d3 1926RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1927 ram_addr_t *offset)
5579c7f3 1928{
94a6b54f
PB		 1929 RAMBlock *block;
1930 uint8_t *host = ptr;
1931
868bb33f 1932 if (xen_enabled()) {
f615f396 1933 ram_addr_t ram_addr;
0dc3f44a 1934 rcu_read_lock();
f615f396
PB		 1935 ram_addr = xen_ram_addr_from_mapcache(ptr);
1936 block = qemu_get_ram_block(ram_addr);
422148d3 1937 if (block) {
d6b6aec4 1938 *offset = ram_addr - block->offset;
422148d3 1939 }
0dc3f44a 1940 rcu_read_unlock();
422148d3 1941 return block;
712c2b41
SS		 1942 }
1943
0dc3f44a
MD		 1944 rcu_read_lock();
1945 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1946 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1947 goto found;
1948 }
1949
0dc3f44a 1950 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1951 /* This case append when the block is not mapped. */
1952 if (block->host == NULL) {
1953 continue;
1954 }
9b8424d5 1955 if (host - block->host < block->max_length) {
23887b79 1956 goto found;
f471a17e 1957 }
94a6b54f 1958 }
432d268c 1959
0dc3f44a 1960 rcu_read_unlock();
1b5ec234 1961 return NULL;
23887b79
PB		 1962
1963found:
422148d3
DDAG		 1964 *offset = (host - block->host);
1965 if (round_offset) {
1966 *offset &= TARGET_PAGE_MASK;
1967 }
0dc3f44a 1968 rcu_read_unlock();
422148d3
DDAG		 1969 return block;
1970}
1971
e3dd7493
DDAG		 1972/*
1973 * Finds the named RAMBlock
1974 *
1975 * name: The name of RAMBlock to find
1976 *
1977 * Returns: RAMBlock (or NULL if not found)
1978 */
1979RAMBlock *qemu_ram_block_by_name(const char *name)
1980{
1981 RAMBlock *block;
1982
1983 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1984 if (!strcmp(name, block->idstr)) {
1985 return block;
1986 }
1987 }
1988
1989 return NULL;
1990}
1991
422148d3
DDAG		 1992/* Some of the softmmu routines need to translate from a host pointer
1993 (typically a TLB entry) back to a ram offset. */
07bdaa41 1994ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1995{
1996 RAMBlock *block;
f615f396 1997 ram_addr_t offset;
422148d3 1998
f615f396 1999 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 2000 if (!block) {
07bdaa41 2001 return RAM_ADDR_INVALID;
422148d3
DDAG		 2002 }
2003
07bdaa41 2004 return block->offset + offset;
e890261f 2005}
f471a17e 2006
49b24afc 2007/* Called within RCU critical section. */
a8170e5e 2008static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2009 uint64_t val, unsigned size)
9fa3e853 2010{
52159192 2011 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2012 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2013 }
0e0df1e2
AK		 2014 switch (size) {
2015 case 1:
0878d0e1 2016 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2017 break;
2018 case 2:
0878d0e1 2019 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2020 break;
2021 case 4:
0878d0e1 2022 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2023 break;
2024 default:
2025 abort();
3a7d929e 2026 }
58d2707e
PB		 2027 /* Set both VGA and migration bits for simplicity and to remove
2028 * the notdirty callback faster.
2029 */
2030 cpu_physical_memory_set_dirty_range(ram_addr, size,
2031 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2032 /* we remove the notdirty callback only if the code has been
2033 flushed */
a2cd8c85 2034 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2035 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2036 }
9fa3e853
FB		 2037}
2038
b018ddf6
PB		 2039static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2040 unsigned size, bool is_write)
2041{
2042 return is_write;
2043}
2044
0e0df1e2 2045static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2046 .write = notdirty_mem_write,
b018ddf6 2047 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2048 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2049};
2050
0f459d16 2051/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2052static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2053{
93afeade 2054 CPUState *cpu = current_cpu;
568496c0 2055 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2056 CPUArchState *env = cpu->env_ptr;
06d55cc1 2057 target_ulong pc, cs_base;
0f459d16 2058 target_ulong vaddr;
a1d1bb31 2059 CPUWatchpoint *wp;
89fee74a 2060 uint32_t cpu_flags;
0f459d16 2061
ff4700b0 2062 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2063 /* We re-entered the check after replacing the TB. Now raise
2064 * the debug interrupt so that is will trigger after the
2065 * current instruction. */
93afeade 2066 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2067 return;
2068 }
93afeade 2069 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2070 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2071 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2072 && (wp->flags & flags)) {
08225676
PM		 2073 if (flags == BP_MEM_READ) {
2074 wp->flags |= BP_WATCHPOINT_HIT_READ;
2075 } else {
2076 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2077 }
2078 wp->hitaddr = vaddr;
66b9b43c 2079 wp->hitattrs = attrs;
ff4700b0 2080 if (!cpu->watchpoint_hit) {
568496c0
SF		 2081 if (wp->flags & BP_CPU &&
2082 !cc->debug_check_watchpoint(cpu, wp)) {
2083 wp->flags &= ~BP_WATCHPOINT_HIT;
2084 continue;
2085 }
ff4700b0 2086 cpu->watchpoint_hit = wp;
239c51a5 2087 tb_check_watchpoint(cpu);
6e140f28 2088 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2089 cpu->exception_index = EXCP_DEBUG;
5638d180 2090 cpu_loop_exit(cpu);
6e140f28
AL		 2091 } else {
2092 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2093 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2094 cpu_loop_exit_noexc(cpu);
6e140f28 2095 }
06d55cc1 2096 }
6e140f28
AL		 2097 } else {
2098 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2099 }
2100 }
2101}
2102
6658ffb8
PB		 2103/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2104 so these check for a hit then pass through to the normal out-of-line
2105 phys routines. */
66b9b43c
PM		 2106static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2107 unsigned size, MemTxAttrs attrs)
6658ffb8 2108{
66b9b43c
PM		 2109 MemTxResult res;
2110 uint64_t data;
79ed0416
PM		 2111 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2112 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2113
2114 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2115 switch (size) {
66b9b43c 2116 case 1:
79ed0416 2117 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2118 break;
2119 case 2:
79ed0416 2120 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2121 break;
2122 case 4:
79ed0416 2123 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2124 break;
1ec9b909
AK		 2125 default: abort();
2126 }
66b9b43c
PM		 2127 *pdata = data;
2128 return res;
6658ffb8
PB		 2129}
2130
66b9b43c
PM		 2131static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2132 uint64_t val, unsigned size,
2133 MemTxAttrs attrs)
6658ffb8 2134{
66b9b43c 2135 MemTxResult res;
79ed0416
PM		 2136 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2137 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2138
2139 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2140 switch (size) {
67364150 2141 case 1:
79ed0416 2142 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2143 break;
2144 case 2:
79ed0416 2145 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2146 break;
2147 case 4:
79ed0416 2148 address_space_stl(as, addr, val, attrs, &res);
67364150 2149 break;
1ec9b909
AK		 2150 default: abort();
2151 }
66b9b43c 2152 return res;
6658ffb8
PB		 2153}
2154
1ec9b909 2155static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2156 .read_with_attrs = watch_mem_read,
2157 .write_with_attrs = watch_mem_write,
1ec9b909 2158 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2159};
6658ffb8 2160
f25a49e0
PM		 2161static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2162 unsigned len, MemTxAttrs attrs)
db7b5426 2163{
acc9d80b 2164 subpage_t *subpage = opaque;
ff6cff75 2165 uint8_t buf[8];
5c9eb028 2166 MemTxResult res;
791af8c8 2167
db7b5426 2168#if defined(DEBUG_SUBPAGE)
016e9d62 2169 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2170 subpage, len, addr);
db7b5426 2171#endif
5c9eb028
PM		 2172 res = address_space_read(subpage->as, addr + subpage->base,
2173 attrs, buf, len);
2174 if (res) {
2175 return res;
f25a49e0 2176 }
acc9d80b
JK		 2177 switch (len) {
2178 case 1:
f25a49e0
PM		 2179 *data = ldub_p(buf);
2180 return MEMTX_OK;
acc9d80b 2181 case 2:
f25a49e0
PM		 2182 *data = lduw_p(buf);
2183 return MEMTX_OK;
acc9d80b 2184 case 4:
f25a49e0
PM		 2185 *data = ldl_p(buf);
2186 return MEMTX_OK;
ff6cff75 2187 case 8:
f25a49e0
PM		 2188 *data = ldq_p(buf);
2189 return MEMTX_OK;
acc9d80b
JK		 2190 default:
2191 abort();
2192 }
db7b5426
BS		 2193}
2194
f25a49e0
PM		 2195static MemTxResult subpage_write(void *opaque, hwaddr addr,
2196 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2197{
acc9d80b 2198 subpage_t *subpage = opaque;
ff6cff75 2199 uint8_t buf[8];
acc9d80b 2200
db7b5426 2201#if defined(DEBUG_SUBPAGE)
016e9d62 2202 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2203 " value %"PRIx64"\n",
2204 __func__, subpage, len, addr, value);
db7b5426 2205#endif
acc9d80b
JK		 2206 switch (len) {
2207 case 1:
2208 stb_p(buf, value);
2209 break;
2210 case 2:
2211 stw_p(buf, value);
2212 break;
2213 case 4:
2214 stl_p(buf, value);
2215 break;
ff6cff75
PB		 2216 case 8:
2217 stq_p(buf, value);
2218 break;
acc9d80b
JK		 2219 default:
2220 abort();
2221 }
5c9eb028
PM		 2222 return address_space_write(subpage->as, addr + subpage->base,
2223 attrs, buf, len);
db7b5426
BS		 2224}
2225
c353e4cc 2226static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2227 unsigned len, bool is_write)
c353e4cc 2228{
acc9d80b 2229 subpage_t *subpage = opaque;
c353e4cc 2230#if defined(DEBUG_SUBPAGE)
016e9d62 2231 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2232 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2233#endif
2234
acc9d80b 2235 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2236 len, is_write);
c353e4cc
PB		 2237}
2238
70c68e44 2239static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2240 .read_with_attrs = subpage_read,
2241 .write_with_attrs = subpage_write,
ff6cff75
PB		 2242 .impl.min_access_size = 1,
2243 .impl.max_access_size = 8,
2244 .valid.min_access_size = 1,
2245 .valid.max_access_size = 8,
c353e4cc 2246 .valid.accepts = subpage_accepts,
70c68e44 2247 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2248};
2249
c227f099 2250static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2251 uint16_t section)
db7b5426
BS		 2252{
2253 int idx, eidx;
2254
2255 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2256 return -1;
2257 idx = SUBPAGE_IDX(start);
2258 eidx = SUBPAGE_IDX(end);
2259#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2260 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2261 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2262#endif
db7b5426 2263 for (; idx <= eidx; idx++) {
5312bd8b 2264 mmio->sub_section[idx] = section;
db7b5426
BS		 2265 }
2266
2267 return 0;
2268}
2269
acc9d80b 2270static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2271{
c227f099 2272 subpage_t *mmio;
db7b5426 2273
7267c094 2274 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2275
acc9d80b 2276 mmio->as = as;
1eec614b 2277 mmio->base = base;
2c9b15ca 2278 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2279 NULL, TARGET_PAGE_SIZE);
b3b00c78 2280 mmio->iomem.subpage = true;
db7b5426 2281#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2282 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2283 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2284#endif
b41aac4f 2285 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2286
2287 return mmio;
2288}
2289
a656e22f
PC		 2290static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2291 MemoryRegion *mr)
5312bd8b 2292{
a656e22f 2293 assert(as);
5312bd8b 2294 MemoryRegionSection section = {
a656e22f 2295 .address_space = as,
5312bd8b
AK		 2296 .mr = mr,
2297 .offset_within_address_space = 0,
2298 .offset_within_region = 0,
052e87b0 2299 .size = int128_2_64(),
5312bd8b
AK		 2300 };
2301
53cb28cb 2302 return phys_section_add(map, &section);
5312bd8b
AK		 2303}
2304
a54c87b6 2305MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2306{
a54c87b6
PM		 2307 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2308 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2309 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2310 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2311
2312 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2313}
2314
e9179ce1
AK		 2315static void io_mem_init(void)
2316{
1f6245e5 2317 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2318 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2319 NULL, UINT64_MAX);
2c9b15ca 2320 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2321 NULL, UINT64_MAX);
2c9b15ca 2322 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2323 NULL, UINT64_MAX);
e9179ce1
AK		 2324}
2325
ac1970fb 2326static void mem_begin(MemoryListener *listener)
00752703
PB		 2327{
2328 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2329 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2330 uint16_t n;
2331
a656e22f 2332 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2333 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2334 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2335 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2336 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2337 assert(n == PHYS_SECTION_ROM);
a656e22f 2338 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2339 assert(n == PHYS_SECTION_WATCH);
00752703 2340
9736e55b 2341 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2342 d->as = as;
2343 as->next_dispatch = d;
2344}
2345
79e2b9ae
PB		 2346static void address_space_dispatch_free(AddressSpaceDispatch *d)
2347{
2348 phys_sections_free(&d->map);
2349 g_free(d);
2350}
2351
00752703 2352static void mem_commit(MemoryListener *listener)
ac1970fb 2353{
89ae337a 2354 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2355 AddressSpaceDispatch *cur = as->dispatch;
2356 AddressSpaceDispatch *next = as->next_dispatch;
2357
53cb28cb 2358 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2359
79e2b9ae 2360 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2361 if (cur) {
79e2b9ae 2362 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2363 }
9affd6fc
PB		 2364}
2365
1d71148e 2366static void tcg_commit(MemoryListener *listener)
50c1e149 2367{
32857f4d
PM		 2368 CPUAddressSpace *cpuas;
2369 AddressSpaceDispatch *d;
117712c3
AK		 2370
2371 /* since each CPU stores ram addresses in its TLB cache, we must
2372 reset the modified entries */
32857f4d
PM		 2373 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2374 cpu_reloading_memory_map();
2375 /* The CPU and TLB are protected by the iothread lock.
2376 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2377 * may have split the RCU critical section.
2378 */
2379 d = atomic_rcu_read(&cpuas->as->dispatch);
2380 cpuas->memory_dispatch = d;
2381 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2382}
2383
ac1970fb
AK		 2384void address_space_init_dispatch(AddressSpace *as)
2385{
00752703 2386 as->dispatch = NULL;
89ae337a 2387 as->dispatch_listener = (MemoryListener) {
ac1970fb 2388 .begin = mem_begin,
00752703 2389 .commit = mem_commit,
ac1970fb
AK		 2390 .region_add = mem_add,
2391 .region_nop = mem_add,
2392 .priority = 0,
2393 };
89ae337a 2394 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2395}
2396
6e48e8f9
PB		 2397void address_space_unregister(AddressSpace *as)
2398{
2399 memory_listener_unregister(&as->dispatch_listener);
2400}
2401
83f3c251
AK		 2402void address_space_destroy_dispatch(AddressSpace *as)
2403{
2404 AddressSpaceDispatch *d = as->dispatch;
2405
79e2b9ae
PB		 2406 atomic_rcu_set(&as->dispatch, NULL);
2407 if (d) {
2408 call_rcu(d, address_space_dispatch_free, rcu);
2409 }
83f3c251
AK		 2410}
2411
62152b8a
AK		 2412static void memory_map_init(void)
2413{
7267c094 2414 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2415
57271d63 2416 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2417 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2418
7267c094 2419 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2420 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2421 65536);
7dca8043 2422 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2423}
2424
2425MemoryRegion *get_system_memory(void)
2426{
2427 return system_memory;
2428}
2429
309cb471
AK		 2430MemoryRegion *get_system_io(void)
2431{
2432 return system_io;
2433}
2434
e2eef170
PB		 2435#endif /* !defined(CONFIG_USER_ONLY) */
2436
13eb76e0
FB		 2437/* physical memory access (slow version, mainly for debug) */
2438#if defined(CONFIG_USER_ONLY)
f17ec444 2439int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2440 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2441{
2442 int l, flags;
2443 target_ulong page;
53a5960a 2444 void * p;
13eb76e0
FB		 2445
2446 while (len > 0) {
2447 page = addr & TARGET_PAGE_MASK;
2448 l = (page + TARGET_PAGE_SIZE) - addr;
2449 if (l > len)
2450 l = len;
2451 flags = page_get_flags(page);
2452 if (!(flags & PAGE_VALID))
a68fe89c 2453 return -1;
13eb76e0
FB		 2454 if (is_write) {
2455 if (!(flags & PAGE_WRITE))
a68fe89c 2456 return -1;
579a97f7 2457 /* XXX: this code should not depend on lock_user */
72fb7daa 2458 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2459 return -1;
72fb7daa
AJ		 2460 memcpy(p, buf, l);
2461 unlock_user(p, addr, l);
13eb76e0
FB		 2462 } else {
2463 if (!(flags & PAGE_READ))
a68fe89c 2464 return -1;
579a97f7 2465 /* XXX: this code should not depend on lock_user */
72fb7daa 2466 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2467 return -1;
72fb7daa 2468 memcpy(buf, p, l);
5b257578 2469 unlock_user(p, addr, 0);
13eb76e0
FB		 2470 }
2471 len -= l;
2472 buf += l;
2473 addr += l;
2474 }
a68fe89c 2475 return 0;
13eb76e0 2476}
8df1cd07 2477
13eb76e0 2478#else
51d7a9eb 2479
845b6214 2480static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2481 hwaddr length)
51d7a9eb 2482{
e87f7778 2483 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2484 addr += memory_region_get_ram_addr(mr);
2485
e87f7778
PB		 2486 /* No early return if dirty_log_mask is or becomes 0, because
2487 * cpu_physical_memory_set_dirty_range will still call
2488 * xen_modified_memory.
2489 */
2490 if (dirty_log_mask) {
2491 dirty_log_mask =
2492 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2493 }
2494 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2495 tb_invalidate_phys_range(addr, addr + length);
2496 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2497 }
e87f7778 2498 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2499}
2500
23326164 2501static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2502{
e1622f4b 2503 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2504
2505 /* Regions are assumed to support 1-4 byte accesses unless
2506 otherwise specified. */
23326164
RH		 2507 if (access_size_max == 0) {
2508 access_size_max = 4;
2509 }
2510
2511 /* Bound the maximum access by the alignment of the address. */
2512 if (!mr->ops->impl.unaligned) {
2513 unsigned align_size_max = addr & -addr;
2514 if (align_size_max != 0 && align_size_max < access_size_max) {
2515 access_size_max = align_size_max;
2516 }
82f2563f 2517 }
23326164
RH		 2518
2519 /* Don't attempt accesses larger than the maximum. */
2520 if (l > access_size_max) {
2521 l = access_size_max;
82f2563f 2522 }
6554f5c0 2523 l = pow2floor(l);
23326164
RH		 2524
2525 return l;
82f2563f
PB		 2526}
2527
4840f10e 2528static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2529{
4840f10e
JK		 2530 bool unlocked = !qemu_mutex_iothread_locked();
2531 bool release_lock = false;
2532
2533 if (unlocked && mr->global_locking) {
2534 qemu_mutex_lock_iothread();
2535 unlocked = false;
2536 release_lock = true;
2537 }
125b3806 2538 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2539 if (unlocked) {
2540 qemu_mutex_lock_iothread();
2541 }
125b3806 2542 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2543 if (unlocked) {
2544 qemu_mutex_unlock_iothread();
2545 }
125b3806 2546 }
4840f10e
JK		 2547
2548 return release_lock;
125b3806
PB		 2549}
2550
a203ac70
PB		 2551/* Called within RCU critical section. */
2552static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2553 MemTxAttrs attrs,
2554 const uint8_t *buf,
2555 int len, hwaddr addr1,
2556 hwaddr l, MemoryRegion *mr)
13eb76e0 2557{
13eb76e0 2558 uint8_t *ptr;
791af8c8 2559 uint64_t val;
3b643495 2560 MemTxResult result = MEMTX_OK;
4840f10e 2561 bool release_lock = false;
3b46e624 2562
a203ac70 2563 for (;;) {
eb7eeb88
PB		 2564 if (!memory_access_is_direct(mr, true)) {
2565 release_lock |= prepare_mmio_access(mr);
2566 l = memory_access_size(mr, l, addr1);
2567 /* XXX: could force current_cpu to NULL to avoid
2568 potential bugs */
2569 switch (l) {
2570 case 8:
2571 /* 64 bit write access */
2572 val = ldq_p(buf);
2573 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2574 attrs);
2575 break;
2576 case 4:
2577 /* 32 bit write access */
2578 val = ldl_p(buf);
2579 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2580 attrs);
2581 break;
2582 case 2:
2583 /* 16 bit write access */
2584 val = lduw_p(buf);
2585 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2586 attrs);
2587 break;
2588 case 1:
2589 /* 8 bit write access */
2590 val = ldub_p(buf);
2591 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2592 attrs);
2593 break;
2594 default:
2595 abort();
13eb76e0
FB		 2596 }
2597 } else {
eb7eeb88 2598 /* RAM case */
0878d0e1 2599 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2600 memcpy(ptr, buf, l);
2601 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2602 }
4840f10e
JK		 2603
2604 if (release_lock) {
2605 qemu_mutex_unlock_iothread();
2606 release_lock = false;
2607 }
2608
13eb76e0
FB		 2609 len -= l;
2610 buf += l;
2611 addr += l;
a203ac70
PB		 2612
2613 if (!len) {
2614 break;
2615 }
2616
2617 l = len;
2618 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2619 }
fd8aaa76 2620
3b643495 2621 return result;
13eb76e0 2622}
8df1cd07 2623
a203ac70
PB		 2624MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2625 const uint8_t *buf, int len)
ac1970fb 2626{
eb7eeb88 2627 hwaddr l;
eb7eeb88
PB		 2628 hwaddr addr1;
2629 MemoryRegion *mr;
2630 MemTxResult result = MEMTX_OK;
eb7eeb88 2631
a203ac70
PB		 2632 if (len > 0) {
2633 rcu_read_lock();
eb7eeb88 2634 l = len;
a203ac70
PB		 2635 mr = address_space_translate(as, addr, &addr1, &l, true);
2636 result = address_space_write_continue(as, addr, attrs, buf, len,
2637 addr1, l, mr);
2638 rcu_read_unlock();
2639 }
2640
2641 return result;
2642}
2643
2644/* Called within RCU critical section. */
2645MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2646 MemTxAttrs attrs, uint8_t *buf,
2647 int len, hwaddr addr1, hwaddr l,
2648 MemoryRegion *mr)
2649{
2650 uint8_t *ptr;
2651 uint64_t val;
2652 MemTxResult result = MEMTX_OK;
2653 bool release_lock = false;
eb7eeb88 2654
a203ac70 2655 for (;;) {
eb7eeb88
PB		 2656 if (!memory_access_is_direct(mr, false)) {
2657 /* I/O case */
2658 release_lock |= prepare_mmio_access(mr);
2659 l = memory_access_size(mr, l, addr1);
2660 switch (l) {
2661 case 8:
2662 /* 64 bit read access */
2663 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2664 attrs);
2665 stq_p(buf, val);
2666 break;
2667 case 4:
2668 /* 32 bit read access */
2669 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2670 attrs);
2671 stl_p(buf, val);
2672 break;
2673 case 2:
2674 /* 16 bit read access */
2675 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2676 attrs);
2677 stw_p(buf, val);
2678 break;
2679 case 1:
2680 /* 8 bit read access */
2681 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2682 attrs);
2683 stb_p(buf, val);
2684 break;
2685 default:
2686 abort();
2687 }
2688 } else {
2689 /* RAM case */
0878d0e1 2690 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2691 memcpy(buf, ptr, l);
2692 }
2693
2694 if (release_lock) {
2695 qemu_mutex_unlock_iothread();
2696 release_lock = false;
2697 }
2698
2699 len -= l;
2700 buf += l;
2701 addr += l;
a203ac70
PB		 2702
2703 if (!len) {
2704 break;
2705 }
2706
2707 l = len;
2708 mr = address_space_translate(as, addr, &addr1, &l, false);
2709 }
2710
2711 return result;
2712}
2713
3cc8f884
PB		 2714MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2715 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2716{
2717 hwaddr l;
2718 hwaddr addr1;
2719 MemoryRegion *mr;
2720 MemTxResult result = MEMTX_OK;
2721
2722 if (len > 0) {
2723 rcu_read_lock();
2724 l = len;
2725 mr = address_space_translate(as, addr, &addr1, &l, false);
2726 result = address_space_read_continue(as, addr, attrs, buf, len,
2727 addr1, l, mr);
2728 rcu_read_unlock();
eb7eeb88 2729 }
eb7eeb88
PB		 2730
2731 return result;
ac1970fb
AK		 2732}
2733
eb7eeb88
PB		 2734MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2735 uint8_t *buf, int len, bool is_write)
2736{
2737 if (is_write) {
2738 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2739 } else {
2740 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2741 }
2742}
ac1970fb 2743
a8170e5e 2744void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2745 int len, int is_write)
2746{
5c9eb028
PM		 2747 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2748 buf, len, is_write);
ac1970fb
AK		 2749}
2750
582b55a9
AG		 2751enum write_rom_type {
2752 WRITE_DATA,
2753 FLUSH_CACHE,
2754};
2755
2a221651 2756static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2757 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2758{
149f54b5 2759 hwaddr l;
d0ecd2aa 2760 uint8_t *ptr;
149f54b5 2761 hwaddr addr1;
5c8a00ce 2762 MemoryRegion *mr;
3b46e624 2763
41063e1e 2764 rcu_read_lock();
d0ecd2aa 2765 while (len > 0) {
149f54b5 2766 l = len;
2a221651 2767 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2768
5c8a00ce
PB		 2769 if (!(memory_region_is_ram(mr) ||
2770 memory_region_is_romd(mr))) {
b242e0e0 2771 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2772 } else {
d0ecd2aa 2773 /* ROM/RAM case */
0878d0e1 2774 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2775 switch (type) {
2776 case WRITE_DATA:
2777 memcpy(ptr, buf, l);
845b6214 2778 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2779 break;
2780 case FLUSH_CACHE:
2781 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2782 break;
2783 }
d0ecd2aa
FB		 2784 }
2785 len -= l;
2786 buf += l;
2787 addr += l;
2788 }
41063e1e 2789 rcu_read_unlock();
d0ecd2aa
FB		 2790}
2791
582b55a9 2792/* used for ROM loading : can write in RAM and ROM */
2a221651 2793void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2794 const uint8_t *buf, int len)
2795{
2a221651 2796 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2797}
2798
2799void cpu_flush_icache_range(hwaddr start, int len)
2800{
2801 /*
2802 * This function should do the same thing as an icache flush that was
2803 * triggered from within the guest. For TCG we are always cache coherent,
2804 * so there is no need to flush anything. For KVM / Xen we need to flush
2805 * the host's instruction cache at least.
2806 */
2807 if (tcg_enabled()) {
2808 return;
2809 }
2810
2a221651
EI		 2811 cpu_physical_memory_write_rom_internal(&address_space_memory,
2812 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2813}
2814
6d16c2f8 2815typedef struct {
d3e71559 2816 MemoryRegion *mr;
6d16c2f8 2817 void *buffer;
a8170e5e
AK		 2818 hwaddr addr;
2819 hwaddr len;
c2cba0ff 2820 bool in_use;
6d16c2f8
AL		 2821} BounceBuffer;
2822
2823static BounceBuffer bounce;
2824
ba223c29 2825typedef struct MapClient {
e95205e1 2826 QEMUBH *bh;
72cf2d4f 2827 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2828} MapClient;
2829
38e047b5 2830QemuMutex map_client_list_lock;
72cf2d4f
BS		 2831static QLIST_HEAD(map_client_list, MapClient) map_client_list
2832 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2833
e95205e1
FZ		 2834static void cpu_unregister_map_client_do(MapClient *client)
2835{
2836 QLIST_REMOVE(client, link);
2837 g_free(client);
2838}
2839
33b6c2ed
FZ		 2840static void cpu_notify_map_clients_locked(void)
2841{
2842 MapClient *client;
2843
2844 while (!QLIST_EMPTY(&map_client_list)) {
2845 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2846 qemu_bh_schedule(client->bh);
2847 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2848 }
2849}
2850
e95205e1 2851void cpu_register_map_client(QEMUBH *bh)
ba223c29 2852{
7267c094 2853 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2854
38e047b5 2855 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2856 client->bh = bh;
72cf2d4f 2857 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2858 if (!atomic_read(&bounce.in_use)) {
2859 cpu_notify_map_clients_locked();
2860 }
38e047b5 2861 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2862}
2863
38e047b5 2864void cpu_exec_init_all(void)
ba223c29 2865{
38e047b5 2866 qemu_mutex_init(&ram_list.mutex);
38e047b5 2867 io_mem_init();
680a4783 2868 memory_map_init();
38e047b5 2869 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2870}
2871
e95205e1 2872void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2873{
2874 MapClient *client;
2875
e95205e1
FZ		 2876 qemu_mutex_lock(&map_client_list_lock);
2877 QLIST_FOREACH(client, &map_client_list, link) {
2878 if (client->bh == bh) {
2879 cpu_unregister_map_client_do(client);
2880 break;
2881 }
ba223c29 2882 }
e95205e1 2883 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2884}
2885
2886static void cpu_notify_map_clients(void)
2887{
38e047b5 2888 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2889 cpu_notify_map_clients_locked();
38e047b5 2890 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2891}
2892
51644ab7
PB		 2893bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2894{
5c8a00ce 2895 MemoryRegion *mr;
51644ab7
PB		 2896 hwaddr l, xlat;
2897
41063e1e 2898 rcu_read_lock();
51644ab7
PB		 2899 while (len > 0) {
2900 l = len;
5c8a00ce
PB		 2901 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2902 if (!memory_access_is_direct(mr, is_write)) {
2903 l = memory_access_size(mr, l, addr);
2904 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2905 return false;
2906 }
2907 }
2908
2909 len -= l;
2910 addr += l;
2911 }
41063e1e 2912 rcu_read_unlock();
51644ab7
PB		 2913 return true;
2914}
2915
6d16c2f8
AL		 2916/* Map a physical memory region into a host virtual address.
2917 * May map a subset of the requested range, given by and returned in *plen.
2918 * May return NULL if resources needed to perform the mapping are exhausted.
2919 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2920 * Use cpu_register_map_client() to know when retrying the map operation is
2921 * likely to succeed.
6d16c2f8 2922 */
ac1970fb 2923void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2924 hwaddr addr,
2925 hwaddr *plen,
ac1970fb 2926 bool is_write)
6d16c2f8 2927{
a8170e5e 2928 hwaddr len = *plen;
e3127ae0
PB		 2929 hwaddr done = 0;
2930 hwaddr l, xlat, base;
2931 MemoryRegion *mr, *this_mr;
e81bcda5 2932 void *ptr;
6d16c2f8 2933
e3127ae0
PB		 2934 if (len == 0) {
2935 return NULL;
2936 }
38bee5dc 2937
e3127ae0 2938 l = len;
41063e1e 2939 rcu_read_lock();
e3127ae0 2940 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2941
e3127ae0 2942 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2943 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2944 rcu_read_unlock();
e3127ae0 2945 return NULL;
6d16c2f8 2946 }
e85d9db5
KW		 2947 /* Avoid unbounded allocations */
2948 l = MIN(l, TARGET_PAGE_SIZE);
2949 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2950 bounce.addr = addr;
2951 bounce.len = l;
d3e71559
PB		 2952
2953 memory_region_ref(mr);
2954 bounce.mr = mr;
e3127ae0 2955 if (!is_write) {
5c9eb028
PM		 2956 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2957 bounce.buffer, l);
8ab934f9 2958 }
6d16c2f8 2959
41063e1e 2960 rcu_read_unlock();
e3127ae0
PB		 2961 *plen = l;
2962 return bounce.buffer;
2963 }
2964
2965 base = xlat;
e3127ae0
PB		 2966
2967 for (;;) {
6d16c2f8
AL		 2968 len -= l;
2969 addr += l;
e3127ae0
PB		 2970 done += l;
2971 if (len == 0) {
2972 break;
2973 }
2974
2975 l = len;
2976 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2977 if (this_mr != mr || xlat != base + done) {
2978 break;
2979 }
6d16c2f8 2980 }
e3127ae0 2981
d3e71559 2982 memory_region_ref(mr);
e3127ae0 2983 *plen = done;
0878d0e1 2984 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2985 rcu_read_unlock();
2986
2987 return ptr;
6d16c2f8
AL		 2988}
2989
ac1970fb 2990/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2991 * Will also mark the memory as dirty if is_write == 1. access_len gives
2992 * the amount of memory that was actually read or written by the caller.
2993 */
a8170e5e
AK		 2994void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2995 int is_write, hwaddr access_len)
6d16c2f8
AL		 2996{
2997 if (buffer != bounce.buffer) {
d3e71559
PB		 2998 MemoryRegion *mr;
2999 ram_addr_t addr1;
3000
07bdaa41 3001 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3002 assert(mr != NULL);
6d16c2f8 3003 if (is_write) {
845b6214 3004 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3005 }
868bb33f 3006 if (xen_enabled()) {
e41d7c69 3007 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3008 }
d3e71559 3009 memory_region_unref(mr);
6d16c2f8
AL		 3010 return;
3011 }
3012 if (is_write) {
5c9eb028
PM		 3013 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3014 bounce.buffer, access_len);
6d16c2f8 3015 }
f8a83245 3016 qemu_vfree(bounce.buffer);
6d16c2f8 3017 bounce.buffer = NULL;
d3e71559 3018 memory_region_unref(bounce.mr);
c2cba0ff 3019 atomic_mb_set(&bounce.in_use, false);
ba223c29 3020 cpu_notify_map_clients();
6d16c2f8 3021}
d0ecd2aa 3022
a8170e5e
AK		 3023void *cpu_physical_memory_map(hwaddr addr,
3024 hwaddr *plen,
ac1970fb
AK		 3025 int is_write)
3026{
3027 return address_space_map(&address_space_memory, addr, plen, is_write);
3028}
3029
a8170e5e
AK		 3030void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3031 int is_write, hwaddr access_len)
ac1970fb
AK		 3032{
3033 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3034}
3035
8df1cd07 3036/* warning: addr must be aligned */
50013115
PM		 3037static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3038 MemTxAttrs attrs,
3039 MemTxResult *result,
3040 enum device_endian endian)
8df1cd07 3041{
8df1cd07 3042 uint8_t *ptr;
791af8c8 3043 uint64_t val;
5c8a00ce 3044 MemoryRegion *mr;
149f54b5
PB		 3045 hwaddr l = 4;
3046 hwaddr addr1;
50013115 3047 MemTxResult r;
4840f10e 3048 bool release_lock = false;
8df1cd07 3049
41063e1e 3050 rcu_read_lock();
fdfba1a2 3051 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3052 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3053 release_lock |= prepare_mmio_access(mr);
125b3806 3054
8df1cd07 3055 /* I/O case */
50013115 3056 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3057#if defined(TARGET_WORDS_BIGENDIAN)
3058 if (endian == DEVICE_LITTLE_ENDIAN) {
3059 val = bswap32(val);
3060 }
3061#else
3062 if (endian == DEVICE_BIG_ENDIAN) {
3063 val = bswap32(val);
3064 }
3065#endif
8df1cd07
FB		 3066 } else {
3067 /* RAM case */
0878d0e1 3068 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3069 switch (endian) {
3070 case DEVICE_LITTLE_ENDIAN:
3071 val = ldl_le_p(ptr);
3072 break;
3073 case DEVICE_BIG_ENDIAN:
3074 val = ldl_be_p(ptr);
3075 break;
3076 default:
3077 val = ldl_p(ptr);
3078 break;
3079 }
50013115
PM		 3080 r = MEMTX_OK;
3081 }
3082 if (result) {
3083 *result = r;
8df1cd07 3084 }
4840f10e
JK		 3085 if (release_lock) {
3086 qemu_mutex_unlock_iothread();
3087 }
41063e1e 3088 rcu_read_unlock();
8df1cd07
FB		 3089 return val;
3090}
3091
50013115
PM		 3092uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3093 MemTxAttrs attrs, MemTxResult *result)
3094{
3095 return address_space_ldl_internal(as, addr, attrs, result,
3096 DEVICE_NATIVE_ENDIAN);
3097}
3098
3099uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3100 MemTxAttrs attrs, MemTxResult *result)
3101{
3102 return address_space_ldl_internal(as, addr, attrs, result,
3103 DEVICE_LITTLE_ENDIAN);
3104}
3105
3106uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3107 MemTxAttrs attrs, MemTxResult *result)
3108{
3109 return address_space_ldl_internal(as, addr, attrs, result,
3110 DEVICE_BIG_ENDIAN);
3111}
3112
fdfba1a2 3113uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3114{
50013115 3115 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3116}
3117
fdfba1a2 3118uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3119{
50013115 3120 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3121}
3122
fdfba1a2 3123uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3124{
50013115 3125 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3126}
3127
84b7b8e7 3128/* warning: addr must be aligned */
50013115
PM		 3129static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3130 MemTxAttrs attrs,
3131 MemTxResult *result,
3132 enum device_endian endian)
84b7b8e7 3133{
84b7b8e7
FB		 3134 uint8_t *ptr;
3135 uint64_t val;
5c8a00ce 3136 MemoryRegion *mr;
149f54b5
PB		 3137 hwaddr l = 8;
3138 hwaddr addr1;
50013115 3139 MemTxResult r;
4840f10e 3140 bool release_lock = false;
84b7b8e7 3141
41063e1e 3142 rcu_read_lock();
2c17449b 3143 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3144 false);
3145 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3146 release_lock |= prepare_mmio_access(mr);
125b3806 3147
84b7b8e7 3148 /* I/O case */
50013115 3149 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3150#if defined(TARGET_WORDS_BIGENDIAN)
3151 if (endian == DEVICE_LITTLE_ENDIAN) {
3152 val = bswap64(val);
3153 }
3154#else
3155 if (endian == DEVICE_BIG_ENDIAN) {
3156 val = bswap64(val);
3157 }
84b7b8e7
FB		 3158#endif
3159 } else {
3160 /* RAM case */
0878d0e1 3161 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3162 switch (endian) {
3163 case DEVICE_LITTLE_ENDIAN:
3164 val = ldq_le_p(ptr);
3165 break;
3166 case DEVICE_BIG_ENDIAN:
3167 val = ldq_be_p(ptr);
3168 break;
3169 default:
3170 val = ldq_p(ptr);
3171 break;
3172 }
50013115
PM		 3173 r = MEMTX_OK;
3174 }
3175 if (result) {
3176 *result = r;
84b7b8e7 3177 }
4840f10e
JK		 3178 if (release_lock) {
3179 qemu_mutex_unlock_iothread();
3180 }
41063e1e 3181 rcu_read_unlock();
84b7b8e7
FB		 3182 return val;
3183}
3184
50013115
PM		 3185uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3186 MemTxAttrs attrs, MemTxResult *result)
3187{
3188 return address_space_ldq_internal(as, addr, attrs, result,
3189 DEVICE_NATIVE_ENDIAN);
3190}
3191
3192uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3193 MemTxAttrs attrs, MemTxResult *result)
3194{
3195 return address_space_ldq_internal(as, addr, attrs, result,
3196 DEVICE_LITTLE_ENDIAN);
3197}
3198
3199uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3200 MemTxAttrs attrs, MemTxResult *result)
3201{
3202 return address_space_ldq_internal(as, addr, attrs, result,
3203 DEVICE_BIG_ENDIAN);
3204}
3205
2c17449b 3206uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3207{
50013115 3208 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3209}
3210
2c17449b 3211uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3212{
50013115 3213 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3214}
3215
2c17449b 3216uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3217{
50013115 3218 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3219}
3220
aab33094 3221/* XXX: optimize */
50013115
PM		 3222uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3223 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3224{
3225 uint8_t val;
50013115
PM		 3226 MemTxResult r;
3227
3228 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3229 if (result) {
3230 *result = r;
3231 }
aab33094
FB		 3232 return val;
3233}
3234
50013115
PM		 3235uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3236{
3237 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3238}
3239
733f0b02 3240/* warning: addr must be aligned */
50013115
PM		 3241static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3242 hwaddr addr,
3243 MemTxAttrs attrs,
3244 MemTxResult *result,
3245 enum device_endian endian)
aab33094 3246{
733f0b02
MT		 3247 uint8_t *ptr;
3248 uint64_t val;
5c8a00ce 3249 MemoryRegion *mr;
149f54b5
PB		 3250 hwaddr l = 2;
3251 hwaddr addr1;
50013115 3252 MemTxResult r;
4840f10e 3253 bool release_lock = false;
733f0b02 3254
41063e1e 3255 rcu_read_lock();
41701aa4 3256 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3257 false);
3258 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3259 release_lock |= prepare_mmio_access(mr);
125b3806 3260
733f0b02 3261 /* I/O case */
50013115 3262 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3263#if defined(TARGET_WORDS_BIGENDIAN)
3264 if (endian == DEVICE_LITTLE_ENDIAN) {
3265 val = bswap16(val);
3266 }
3267#else
3268 if (endian == DEVICE_BIG_ENDIAN) {
3269 val = bswap16(val);
3270 }
3271#endif
733f0b02
MT		 3272 } else {
3273 /* RAM case */
0878d0e1 3274 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3275 switch (endian) {
3276 case DEVICE_LITTLE_ENDIAN:
3277 val = lduw_le_p(ptr);
3278 break;
3279 case DEVICE_BIG_ENDIAN:
3280 val = lduw_be_p(ptr);
3281 break;
3282 default:
3283 val = lduw_p(ptr);
3284 break;
3285 }
50013115
PM		 3286 r = MEMTX_OK;
3287 }
3288 if (result) {
3289 *result = r;
733f0b02 3290 }
4840f10e
JK		 3291 if (release_lock) {
3292 qemu_mutex_unlock_iothread();
3293 }
41063e1e 3294 rcu_read_unlock();
733f0b02 3295 return val;
aab33094
FB		 3296}
3297
50013115
PM		 3298uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3299 MemTxAttrs attrs, MemTxResult *result)
3300{
3301 return address_space_lduw_internal(as, addr, attrs, result,
3302 DEVICE_NATIVE_ENDIAN);
3303}
3304
3305uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3306 MemTxAttrs attrs, MemTxResult *result)
3307{
3308 return address_space_lduw_internal(as, addr, attrs, result,
3309 DEVICE_LITTLE_ENDIAN);
3310}
3311
3312uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3313 MemTxAttrs attrs, MemTxResult *result)
3314{
3315 return address_space_lduw_internal(as, addr, attrs, result,
3316 DEVICE_BIG_ENDIAN);
3317}
3318
41701aa4 3319uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3320{
50013115 3321 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3322}
3323
41701aa4 3324uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3325{
50013115 3326 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3327}
3328
41701aa4 3329uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3330{
50013115 3331 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3332}
3333
8df1cd07
FB		 3334/* warning: addr must be aligned. The ram page is not masked as dirty
3335 and the code inside is not invalidated. It is useful if the dirty
3336 bits are used to track modified PTEs */
50013115
PM		 3337void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3338 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3339{
8df1cd07 3340 uint8_t *ptr;
5c8a00ce 3341 MemoryRegion *mr;
149f54b5
PB		 3342 hwaddr l = 4;
3343 hwaddr addr1;
50013115 3344 MemTxResult r;
845b6214 3345 uint8_t dirty_log_mask;
4840f10e 3346 bool release_lock = false;
8df1cd07 3347
41063e1e 3348 rcu_read_lock();
2198a121 3349 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3350 true);
3351 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3352 release_lock |= prepare_mmio_access(mr);
125b3806 3353
50013115 3354 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3355 } else {
0878d0e1 3356 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3357 stl_p(ptr, val);
74576198 3358
845b6214
PB		 3359 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3360 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3361 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3362 4, dirty_log_mask);
50013115
PM		 3363 r = MEMTX_OK;
3364 }
3365 if (result) {
3366 *result = r;
8df1cd07 3367 }
4840f10e
JK		 3368 if (release_lock) {
3369 qemu_mutex_unlock_iothread();
3370 }
41063e1e 3371 rcu_read_unlock();
8df1cd07
FB		 3372}
3373
50013115
PM		 3374void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3375{
3376 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3377}
3378
8df1cd07 3379/* warning: addr must be aligned */
50013115
PM		 3380static inline void address_space_stl_internal(AddressSpace *as,
3381 hwaddr addr, uint32_t val,
3382 MemTxAttrs attrs,
3383 MemTxResult *result,
3384 enum device_endian endian)
8df1cd07 3385{
8df1cd07 3386 uint8_t *ptr;
5c8a00ce 3387 MemoryRegion *mr;
149f54b5
PB		 3388 hwaddr l = 4;
3389 hwaddr addr1;
50013115 3390 MemTxResult r;
4840f10e 3391 bool release_lock = false;
8df1cd07 3392
41063e1e 3393 rcu_read_lock();
ab1da857 3394 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3395 true);
3396 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3397 release_lock |= prepare_mmio_access(mr);
125b3806 3398
1e78bcc1
AG		 3399#if defined(TARGET_WORDS_BIGENDIAN)
3400 if (endian == DEVICE_LITTLE_ENDIAN) {
3401 val = bswap32(val);
3402 }
3403#else
3404 if (endian == DEVICE_BIG_ENDIAN) {
3405 val = bswap32(val);
3406 }
3407#endif
50013115 3408 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3409 } else {
8df1cd07 3410 /* RAM case */
0878d0e1 3411 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3412 switch (endian) {
3413 case DEVICE_LITTLE_ENDIAN:
3414 stl_le_p(ptr, val);
3415 break;
3416 case DEVICE_BIG_ENDIAN:
3417 stl_be_p(ptr, val);
3418 break;
3419 default:
3420 stl_p(ptr, val);
3421 break;
3422 }
845b6214 3423 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3424 r = MEMTX_OK;
3425 }
3426 if (result) {
3427 *result = r;
8df1cd07 3428 }
4840f10e
JK		 3429 if (release_lock) {
3430 qemu_mutex_unlock_iothread();
3431 }
41063e1e 3432 rcu_read_unlock();
8df1cd07
FB		 3433}
3434
50013115
PM		 3435void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3436 MemTxAttrs attrs, MemTxResult *result)
3437{
3438 address_space_stl_internal(as, addr, val, attrs, result,
3439 DEVICE_NATIVE_ENDIAN);
3440}
3441
3442void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3443 MemTxAttrs attrs, MemTxResult *result)
3444{
3445 address_space_stl_internal(as, addr, val, attrs, result,
3446 DEVICE_LITTLE_ENDIAN);
3447}
3448
3449void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3450 MemTxAttrs attrs, MemTxResult *result)
3451{
3452 address_space_stl_internal(as, addr, val, attrs, result,
3453 DEVICE_BIG_ENDIAN);
3454}
3455
ab1da857 3456void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3457{
50013115 3458 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3459}
3460
ab1da857 3461void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3462{
50013115 3463 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3464}
3465
ab1da857 3466void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3467{
50013115 3468 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3469}
3470
aab33094 3471/* XXX: optimize */
50013115
PM		 3472void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3473 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3474{
3475 uint8_t v = val;
50013115
PM		 3476 MemTxResult r;
3477
3478 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3479 if (result) {
3480 *result = r;
3481 }
3482}
3483
3484void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3485{
3486 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3487}
3488
733f0b02 3489/* warning: addr must be aligned */
50013115
PM		 3490static inline void address_space_stw_internal(AddressSpace *as,
3491 hwaddr addr, uint32_t val,
3492 MemTxAttrs attrs,
3493 MemTxResult *result,
3494 enum device_endian endian)
aab33094 3495{
733f0b02 3496 uint8_t *ptr;
5c8a00ce 3497 MemoryRegion *mr;
149f54b5
PB		 3498 hwaddr l = 2;
3499 hwaddr addr1;
50013115 3500 MemTxResult r;
4840f10e 3501 bool release_lock = false;
733f0b02 3502
41063e1e 3503 rcu_read_lock();
5ce5944d 3504 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3505 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3506 release_lock |= prepare_mmio_access(mr);
125b3806 3507
1e78bcc1
AG		 3508#if defined(TARGET_WORDS_BIGENDIAN)
3509 if (endian == DEVICE_LITTLE_ENDIAN) {
3510 val = bswap16(val);
3511 }
3512#else
3513 if (endian == DEVICE_BIG_ENDIAN) {
3514 val = bswap16(val);
3515 }
3516#endif
50013115 3517 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3518 } else {
733f0b02 3519 /* RAM case */
0878d0e1 3520 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3521 switch (endian) {
3522 case DEVICE_LITTLE_ENDIAN:
3523 stw_le_p(ptr, val);
3524 break;
3525 case DEVICE_BIG_ENDIAN:
3526 stw_be_p(ptr, val);
3527 break;
3528 default:
3529 stw_p(ptr, val);
3530 break;
3531 }
845b6214 3532 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3533 r = MEMTX_OK;
3534 }
3535 if (result) {
3536 *result = r;
733f0b02 3537 }
4840f10e
JK		 3538 if (release_lock) {
3539 qemu_mutex_unlock_iothread();
3540 }
41063e1e 3541 rcu_read_unlock();
aab33094
FB		 3542}
3543
50013115
PM		 3544void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3545 MemTxAttrs attrs, MemTxResult *result)
3546{
3547 address_space_stw_internal(as, addr, val, attrs, result,
3548 DEVICE_NATIVE_ENDIAN);
3549}
3550
3551void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3552 MemTxAttrs attrs, MemTxResult *result)
3553{
3554 address_space_stw_internal(as, addr, val, attrs, result,
3555 DEVICE_LITTLE_ENDIAN);
3556}
3557
3558void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3559 MemTxAttrs attrs, MemTxResult *result)
3560{
3561 address_space_stw_internal(as, addr, val, attrs, result,
3562 DEVICE_BIG_ENDIAN);
3563}
3564
5ce5944d 3565void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3566{
50013115 3567 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3568}
3569
5ce5944d 3570void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3571{
50013115 3572 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3573}
3574
5ce5944d 3575void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3576{
50013115 3577 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3578}
3579
aab33094 3580/* XXX: optimize */
50013115
PM		 3581void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3582 MemTxAttrs attrs, MemTxResult *result)
aab33094 3583{
50013115 3584 MemTxResult r;
aab33094 3585 val = tswap64(val);
50013115
PM		 3586 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3587 if (result) {
3588 *result = r;
3589 }
aab33094
FB		 3590}
3591
50013115
PM		 3592void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3593 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3594{
50013115 3595 MemTxResult r;
1e78bcc1 3596 val = cpu_to_le64(val);
50013115
PM		 3597 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3598 if (result) {
3599 *result = r;
3600 }
3601}
3602void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3603 MemTxAttrs attrs, MemTxResult *result)
3604{
3605 MemTxResult r;
3606 val = cpu_to_be64(val);
3607 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3608 if (result) {
3609 *result = r;
3610 }
3611}
3612
3613void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3614{
3615 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3616}
3617
3618void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3619{
3620 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3621}
3622
f606604f 3623void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3624{
50013115 3625 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3626}
3627
5e2972fd 3628/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3629int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3630 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3631{
3632 int l;
a8170e5e 3633 hwaddr phys_addr;
9b3c35e0 3634 target_ulong page;
13eb76e0
FB		 3635
3636 while (len > 0) {
5232e4c7
PM		 3637 int asidx;
3638 MemTxAttrs attrs;
3639
13eb76e0 3640 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3641 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3642 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3643 /* if no physical page mapped, return an error */
3644 if (phys_addr == -1)
3645 return -1;
3646 l = (page + TARGET_PAGE_SIZE) - addr;
3647 if (l > len)
3648 l = len;
5e2972fd 3649 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3650 if (is_write) {
5232e4c7
PM		 3651 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3652 phys_addr, buf, l);
2e38847b 3653 } else {
5232e4c7
PM		 3654 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3655 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3656 buf, l, 0);
2e38847b 3657 }
13eb76e0
FB		 3658 len -= l;
3659 buf += l;
3660 addr += l;
3661 }
3662 return 0;
3663}
038629a6
DDAG		 3664
3665/*
3666 * Allows code that needs to deal with migration bitmaps etc to still be built
3667 * target independent.
3668 */
3669size_t qemu_target_page_bits(void)
3670{
3671 return TARGET_PAGE_BITS;
3672}
3673
a68fe89c 3674#endif
13eb76e0 3675
8e4a424b
BS		 3676/*
3677 * A helper function for the _utterly broken_ virtio device model to find out if
3678 * it's running on a big endian machine. Don't do this at home kids!
3679 */
98ed8ecf
GK		 3680bool target_words_bigendian(void);
3681bool target_words_bigendian(void)
8e4a424b
BS		 3682{
3683#if defined(TARGET_WORDS_BIGENDIAN)
3684 return true;
3685#else
3686 return false;
3687#endif
3688}
3689
76f35538 3690#ifndef CONFIG_USER_ONLY
a8170e5e 3691bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3692{
5c8a00ce 3693 MemoryRegion*mr;
149f54b5 3694 hwaddr l = 1;
41063e1e 3695 bool res;
76f35538 3696
41063e1e 3697 rcu_read_lock();
5c8a00ce
PB		 3698 mr = address_space_translate(&address_space_memory,
3699 phys_addr, &phys_addr, &l, false);
76f35538 3700
41063e1e
PB		 3701 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3702 rcu_read_unlock();
3703 return res;
76f35538 3704}
bd2fa51f 3705
e3807054 3706int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3707{
3708 RAMBlock *block;
e3807054 3709 int ret = 0;
bd2fa51f 3710
0dc3f44a
MD		 3711 rcu_read_lock();
3712 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3713 ret = func(block->idstr, block->host, block->offset,
3714 block->used_length, opaque);
3715 if (ret) {
3716 break;
3717 }
bd2fa51f 3718 }
0dc3f44a 3719 rcu_read_unlock();
e3807054 3720 return ret;
bd2fa51f 3721}
ec3f8c99 3722#endif
QEMU mirror