]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block: Add .bdrv_co_pdiscard() driver callback
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes, compacted);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
310 DECLARE_BITMAP(compacted, nodes_nb);
311
312 if (d->phys_map.skip) {
53cb28cb 313 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 314 }
315}
316
29cb533d
FZ		 317static inline bool section_covers_addr(const MemoryRegionSection *section,
318 hwaddr addr)
319{
320 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
321 * the section must cover the entire address space.
322 */
323 return section->size.hi ||
324 range_covers_byte(section->offset_within_address_space,
325 section->size.lo, addr);
326}
327
97115a8d 328static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 329 Node *nodes, MemoryRegionSection *sections)
92e873b9 330{
31ab2b4a 331 PhysPageEntry *p;
97115a8d 332 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 333 int i;
f1f6e3b8 334
9736e55b 335 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 336 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 337 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 338 }
9affd6fc 339 p = nodes[lp.ptr];
03f49957 340 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 341 }
b35ba30f 342
29cb533d 343 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 344 return &sections[lp.ptr];
345 } else {
346 return &sections[PHYS_SECTION_UNASSIGNED];
347 }
f3705d53
AK		 348}
349
e5548617
BS		 350bool memory_region_is_unassigned(MemoryRegion *mr)
351{
2a8e7499 352 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 353 && mr != &io_mem_watch;
fd6ce8f6 354}
149f54b5 355
79e2b9ae 356/* Called from RCU critical section */
c7086b4a 357static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 358 hwaddr addr,
359 bool resolve_subpage)
9f029603 360{
729633c2 361 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 362 subpage_t *subpage;
729633c2 363 bool update;
90260c6c 364
729633c2
FZ		 365 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
366 section_covers_addr(section, addr)) {
367 update = false;
368 } else {
369 section = phys_page_find(d->phys_map, addr, d->map.nodes,
370 d->map.sections);
371 update = true;
372 }
90260c6c
JK		 373 if (resolve_subpage && section->mr->subpage) {
374 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 375 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 376 }
729633c2
FZ		 377 if (update) {
378 atomic_set(&d->mru_section, section);
379 }
90260c6c 380 return section;
9f029603
JK		 381}
382
79e2b9ae 383/* Called from RCU critical section */
90260c6c 384static MemoryRegionSection *
c7086b4a 385address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 386 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 387{
388 MemoryRegionSection *section;
965eb2fc 389 MemoryRegion *mr;
a87f3954 390 Int128 diff;
149f54b5 391
c7086b4a 392 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 393 /* Compute offset within MemoryRegionSection */
394 addr -= section->offset_within_address_space;
395
396 /* Compute offset within MemoryRegion */
397 *xlat = addr + section->offset_within_region;
398
965eb2fc 399 mr = section->mr;
b242e0e0
PB		 400
401 /* MMIO registers can be expected to perform full-width accesses based only
402 * on their address, without considering adjacent registers that could
403 * decode to completely different MemoryRegions. When such registers
404 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
405 * regions overlap wildly. For this reason we cannot clamp the accesses
406 * here.
407 *
408 * If the length is small (as is the case for address_space_ldl/stl),
409 * everything works fine. If the incoming length is large, however,
410 * the caller really has to do the clamping through memory_access_size.
411 */
965eb2fc 412 if (memory_region_is_ram(mr)) {
e4a511f8 413 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 414 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
415 }
149f54b5
PB		 416 return section;
417}
90260c6c 418
41063e1e 419/* Called from RCU critical section */
5c8a00ce
PB		 420MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
421 hwaddr *xlat, hwaddr *plen,
422 bool is_write)
90260c6c 423{
30951157
AK		 424 IOMMUTLBEntry iotlb;
425 MemoryRegionSection *section;
426 MemoryRegion *mr;
30951157
AK		 427
428 for (;;) {
79e2b9ae
PB		 429 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
430 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 431 mr = section->mr;
432
433 if (!mr->iommu_ops) {
434 break;
435 }
436
8d7b8cb9 437 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 438 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
439 | (addr & iotlb.addr_mask));
23820dbf 440 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 441 if (!(iotlb.perm & (1 << is_write))) {
442 mr = &io_mem_unassigned;
443 break;
444 }
445
446 as = iotlb.target_as;
447 }
448
fe680d0d 449 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 450 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 451 *plen = MIN(page, *plen);
a87f3954
PB		 452 }
453
30951157
AK		 454 *xlat = addr;
455 return mr;
90260c6c
JK		 456}
457
79e2b9ae 458/* Called from RCU critical section */
90260c6c 459MemoryRegionSection *
d7898cda 460address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 461 hwaddr *xlat, hwaddr *plen)
90260c6c 462{
30951157 463 MemoryRegionSection *section;
d7898cda
PM		 464 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
465
466 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 467
468 assert(!section->mr->iommu_ops);
469 return section;
90260c6c 470}
5b6dd868 471#endif
fd6ce8f6 472
b170fce3 473#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 474
475static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 476{
259186a7 477 CPUState *cpu = opaque;
a513fe19 478
5b6dd868
BS		 479 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
480 version_id is increased. */
259186a7 481 cpu->interrupt_request &= ~0x01;
c01a71c1 482 tlb_flush(cpu, 1);
5b6dd868
BS		 483
484 return 0;
a513fe19 485}
7501267e 486
6c3bff0e
PD		 487static int cpu_common_pre_load(void *opaque)
488{
489 CPUState *cpu = opaque;
490
adee6424 491 cpu->exception_index = -1;
6c3bff0e
PD		 492
493 return 0;
494}
495
496static bool cpu_common_exception_index_needed(void *opaque)
497{
498 CPUState *cpu = opaque;
499
adee6424 500 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 501}
502
503static const VMStateDescription vmstate_cpu_common_exception_index = {
504 .name = "cpu_common/exception_index",
505 .version_id = 1,
506 .minimum_version_id = 1,
5cd8cada 507 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 508 .fields = (VMStateField[]) {
509 VMSTATE_INT32(exception_index, CPUState),
510 VMSTATE_END_OF_LIST()
511 }
512};
513
bac05aa9
AS		 514static bool cpu_common_crash_occurred_needed(void *opaque)
515{
516 CPUState *cpu = opaque;
517
518 return cpu->crash_occurred;
519}
520
521static const VMStateDescription vmstate_cpu_common_crash_occurred = {
522 .name = "cpu_common/crash_occurred",
523 .version_id = 1,
524 .minimum_version_id = 1,
525 .needed = cpu_common_crash_occurred_needed,
526 .fields = (VMStateField[]) {
527 VMSTATE_BOOL(crash_occurred, CPUState),
528 VMSTATE_END_OF_LIST()
529 }
530};
531
1a1562f5 532const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 533 .name = "cpu_common",
534 .version_id = 1,
535 .minimum_version_id = 1,
6c3bff0e 536 .pre_load = cpu_common_pre_load,
5b6dd868 537 .post_load = cpu_common_post_load,
35d08458 538 .fields = (VMStateField[]) {
259186a7
AF		 539 VMSTATE_UINT32(halted, CPUState),
540 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 541 VMSTATE_END_OF_LIST()
6c3bff0e 542 },
5cd8cada
JQ		 543 .subsections = (const VMStateDescription*[]) {
544 &vmstate_cpu_common_exception_index,
bac05aa9 545 &vmstate_cpu_common_crash_occurred,
5cd8cada 546 NULL
5b6dd868
BS		 547 }
548};
1a1562f5 549
5b6dd868 550#endif
ea041c0e 551
38d8f5c8 552CPUState *qemu_get_cpu(int index)
ea041c0e 553{
bdc44640 554 CPUState *cpu;
ea041c0e 555
bdc44640 556 CPU_FOREACH(cpu) {
55e5c285 557 if (cpu->cpu_index == index) {
bdc44640 558 return cpu;
55e5c285 559 }
ea041c0e 560 }
5b6dd868 561
bdc44640 562 return NULL;
ea041c0e
FB		 563}
564
09daed84 565#if !defined(CONFIG_USER_ONLY)
56943e8c 566void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 567{
12ebc9a7
PM		 568 CPUAddressSpace *newas;
569
570 /* Target code should have set num_ases before calling us */
571 assert(asidx < cpu->num_ases);
572
56943e8c
PM		 573 if (asidx == 0) {
574 /* address space 0 gets the convenience alias */
575 cpu->as = as;
576 }
577
12ebc9a7
PM		 578 /* KVM cannot currently support multiple address spaces. */
579 assert(asidx == 0 || !kvm_enabled());
09daed84 580
12ebc9a7
PM		 581 if (!cpu->cpu_ases) {
582 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 583 }
32857f4d 584
12ebc9a7
PM		 585 newas = &cpu->cpu_ases[asidx];
586 newas->cpu = cpu;
587 newas->as = as;
56943e8c 588 if (tcg_enabled()) {
12ebc9a7
PM		 589 newas->tcg_as_listener.commit = tcg_commit;
590 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 591 }
09daed84 592}
651a5bc0
PM		 593
594AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
595{
596 /* Return the AddressSpace corresponding to the specified index */
597 return cpu->cpu_ases[asidx].as;
598}
09daed84
EI		 599#endif
600
b7bca733
BR		 601#ifndef CONFIG_USER_ONLY
602static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
603
604static int cpu_get_free_index(Error **errp)
605{
606 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
607
608 if (cpu >= MAX_CPUMASK_BITS) {
609 error_setg(errp, "Trying to use more CPUs than max of %d",
610 MAX_CPUMASK_BITS);
611 return -1;
612 }
613
614 bitmap_set(cpu_index_map, cpu, 1);
615 return cpu;
616}
617
1c59eb39 618static void cpu_release_index(CPUState *cpu)
b7bca733 619{
b7bca733 620 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
b7bca733
BR		 621}
622#else
623
624static int cpu_get_free_index(Error **errp)
625{
626 CPUState *some_cpu;
627 int cpu_index = 0;
628
629 CPU_FOREACH(some_cpu) {
630 cpu_index++;
631 }
632 return cpu_index;
633}
634
1c59eb39 635static void cpu_release_index(CPUState *cpu)
b7bca733 636{
1c59eb39 637 return;
b7bca733
BR		 638}
639#endif
640
1c59eb39
BR		 641void cpu_exec_exit(CPUState *cpu)
642{
9dfeca7c
BR		 643 CPUClass *cc = CPU_GET_CLASS(cpu);
644
1c59eb39
BR		 645#if defined(CONFIG_USER_ONLY)
646 cpu_list_lock();
647#endif
648 if (cpu->cpu_index == -1) {
649 /* cpu_index was never allocated by this @cpu or was already freed. */
650#if defined(CONFIG_USER_ONLY)
651 cpu_list_unlock();
652#endif
653 return;
654 }
655
656 QTAILQ_REMOVE(&cpus, cpu, node);
657 cpu_release_index(cpu);
658 cpu->cpu_index = -1;
659#if defined(CONFIG_USER_ONLY)
660 cpu_list_unlock();
661#endif
9dfeca7c
BR		 662
663 if (cc->vmsd != NULL) {
664 vmstate_unregister(NULL, cc->vmsd, cpu);
665 }
666 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
667 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
668 }
1c59eb39
BR		 669}
670
4bad9e39 671void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 672{
b170fce3 673 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 674 Error *local_err = NULL;
5b6dd868 675
56943e8c 676 cpu->as = NULL;
12ebc9a7 677 cpu->num_ases = 0;
56943e8c 678
291135b5 679#ifndef CONFIG_USER_ONLY
291135b5 680 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 681
682 /* This is a softmmu CPU object, so create a property for it
683 * so users can wire up its memory. (This can't go in qom/cpu.c
684 * because that file is compiled only once for both user-mode
685 * and system builds.) The default if no link is set up is to use
686 * the system address space.
687 */
688 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
689 (Object **)&cpu->memory,
690 qdev_prop_allow_set_link_before_realize,
691 OBJ_PROP_LINK_UNREF_ON_RELEASE,
692 &error_abort);
693 cpu->memory = system_memory;
694 object_ref(OBJECT(cpu->memory));
291135b5
EH		 695#endif
696
5b6dd868
BS		 697#if defined(CONFIG_USER_ONLY)
698 cpu_list_lock();
699#endif
741da0d3 700 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 701 if (local_err) {
702 error_propagate(errp, local_err);
703#if defined(CONFIG_USER_ONLY)
704 cpu_list_unlock();
705#endif
706 return;
5b6dd868 707 }
bdc44640 708 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 709#if defined(CONFIG_USER_ONLY)
741da0d3 710 (void) cc;
5b6dd868 711 cpu_list_unlock();
741da0d3 712#else
e0d47944 713 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 714 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 715 }
b170fce3 716 if (cc->vmsd != NULL) {
741da0d3 717 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 718 }
741da0d3 719#endif
ea041c0e
FB		 720}
721
94df27fd 722#if defined(CONFIG_USER_ONLY)
00b941e5 723static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 724{
725 tb_invalidate_phys_page_range(pc, pc + 1, 0);
726}
727#else
00b941e5 728static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 729{
5232e4c7
PM		 730 MemTxAttrs attrs;
731 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
732 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 733 if (phys != -1) {
5232e4c7 734 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 735 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 736 }
1e7855a5 737}
c27004ec 738#endif
d720b93d 739
c527ee8f 740#if defined(CONFIG_USER_ONLY)
75a34036 741void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 742
743{
744}
745
3ee887e8
PM		 746int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
747 int flags)
748{
749 return -ENOSYS;
750}
751
752void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
753{
754}
755
75a34036 756int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 757 int flags, CPUWatchpoint **watchpoint)
758{
759 return -ENOSYS;
760}
761#else
6658ffb8 762/* Add a watchpoint. */
75a34036 763int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 764 int flags, CPUWatchpoint **watchpoint)
6658ffb8 765{
c0ce998e 766 CPUWatchpoint *wp;
6658ffb8 767
05068c0d 768 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 769 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 770 error_report("tried to set invalid watchpoint at %"
771 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 772 return -EINVAL;
773 }
7267c094 774 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 775
776 wp->vaddr = addr;
05068c0d 777 wp->len = len;
a1d1bb31
AL		 778 wp->flags = flags;
779
2dc9f411 780 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 781 if (flags & BP_GDB) {
782 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
783 } else {
784 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
785 }
6658ffb8 786
31b030d4 787 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 788
789 if (watchpoint)
790 *watchpoint = wp;
791 return 0;
6658ffb8
PB		 792}
793
a1d1bb31 794/* Remove a specific watchpoint. */
75a34036 795int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 796 int flags)
6658ffb8 797{
a1d1bb31 798 CPUWatchpoint *wp;
6658ffb8 799
ff4700b0 800 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 801 if (addr == wp->vaddr && len == wp->len
6e140f28 802 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 803 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 804 return 0;
805 }
806 }
a1d1bb31 807 return -ENOENT;
6658ffb8
PB		 808}
809
a1d1bb31 810/* Remove a specific watchpoint by reference. */
75a34036 811void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 812{
ff4700b0 813 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 814
31b030d4 815 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 816
7267c094 817 g_free(watchpoint);
a1d1bb31
AL		 818}
819
820/* Remove all matching watchpoints. */
75a34036 821void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 822{
c0ce998e 823 CPUWatchpoint *wp, *next;
a1d1bb31 824
ff4700b0 825 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 826 if (wp->flags & mask) {
827 cpu_watchpoint_remove_by_ref(cpu, wp);
828 }
c0ce998e 829 }
7d03f82f 830}
05068c0d
PM		 831
832/* Return true if this watchpoint address matches the specified
833 * access (ie the address range covered by the watchpoint overlaps
834 * partially or completely with the address range covered by the
835 * access).
836 */
837static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
838 vaddr addr,
839 vaddr len)
840{
841 /* We know the lengths are non-zero, but a little caution is
842 * required to avoid errors in the case where the range ends
843 * exactly at the top of the address space and so addr + len
844 * wraps round to zero.
845 */
846 vaddr wpend = wp->vaddr + wp->len - 1;
847 vaddr addrend = addr + len - 1;
848
849 return !(addr > wpend || wp->vaddr > addrend);
850}
851
c527ee8f 852#endif
7d03f82f 853
a1d1bb31 854/* Add a breakpoint. */
b3310ab3 855int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 856 CPUBreakpoint **breakpoint)
4c3a88a2 857{
c0ce998e 858 CPUBreakpoint *bp;
3b46e624 859
7267c094 860 bp = g_malloc(sizeof(*bp));
4c3a88a2 861
a1d1bb31
AL		 862 bp->pc = pc;
863 bp->flags = flags;
864
2dc9f411 865 /* keep all GDB-injected breakpoints in front */
00b941e5 866 if (flags & BP_GDB) {
f0c3c505 867 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 868 } else {
f0c3c505 869 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 870 }
3b46e624 871
f0c3c505 872 breakpoint_invalidate(cpu, pc);
a1d1bb31 873
00b941e5 874 if (breakpoint) {
a1d1bb31 875 *breakpoint = bp;
00b941e5 876 }
4c3a88a2 877 return 0;
4c3a88a2
FB		 878}
879
a1d1bb31 880/* Remove a specific breakpoint. */
b3310ab3 881int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 882{
a1d1bb31
AL		 883 CPUBreakpoint *bp;
884
f0c3c505 885 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 886 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 887 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 888 return 0;
889 }
7d03f82f 890 }
a1d1bb31 891 return -ENOENT;
7d03f82f
EI		 892}
893
a1d1bb31 894/* Remove a specific breakpoint by reference. */
b3310ab3 895void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 896{
f0c3c505
AF		 897 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
898
899 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 900
7267c094 901 g_free(breakpoint);
a1d1bb31
AL		 902}
903
904/* Remove all matching breakpoints. */
b3310ab3 905void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 906{
c0ce998e 907 CPUBreakpoint *bp, *next;
a1d1bb31 908
f0c3c505 909 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 910 if (bp->flags & mask) {
911 cpu_breakpoint_remove_by_ref(cpu, bp);
912 }
c0ce998e 913 }
4c3a88a2
FB		 914}
915
c33a346e
FB		 916/* enable or disable single step mode. EXCP_DEBUG is returned by the
917 CPU loop after each instruction */
3825b28f 918void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 919{
ed2803da
AF		 920 if (cpu->singlestep_enabled != enabled) {
921 cpu->singlestep_enabled = enabled;
922 if (kvm_enabled()) {
38e478ec 923 kvm_update_guest_debug(cpu, 0);
ed2803da 924 } else {
ccbb4d44 925 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 926 /* XXX: only flush what is necessary */
bbd77c18 927 tb_flush(cpu);
e22a25c9 928 }
c33a346e 929 }
c33a346e
FB		 930}
931
a47dddd7 932void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 933{
934 va_list ap;
493ae1f0 935 va_list ap2;
7501267e
FB		 936
937 va_start(ap, fmt);
493ae1f0 938 va_copy(ap2, ap);
7501267e
FB		 939 fprintf(stderr, "qemu: fatal: ");
940 vfprintf(stderr, fmt, ap);
941 fprintf(stderr, "\n");
878096ee 942 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 943 if (qemu_log_separate()) {
93fcfe39
AL		 944 qemu_log("qemu: fatal: ");
945 qemu_log_vprintf(fmt, ap2);
946 qemu_log("\n");
a0762859 947 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 948 qemu_log_flush();
93fcfe39 949 qemu_log_close();
924edcae 950 }
493ae1f0 951 va_end(ap2);
f9373291 952 va_end(ap);
7615936e 953 replay_finish();
fd052bf6
RV		 954#if defined(CONFIG_USER_ONLY)
955 {
956 struct sigaction act;
957 sigfillset(&act.sa_mask);
958 act.sa_handler = SIG_DFL;
959 sigaction(SIGABRT, &act, NULL);
960 }
961#endif
7501267e
FB		 962 abort();
963}
964
0124311e 965#if !defined(CONFIG_USER_ONLY)
0dc3f44a 966/* Called from RCU critical section */
041603fe
PB		 967static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
968{
969 RAMBlock *block;
970
43771539 971 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 972 if (block && addr - block->offset < block->max_length) {
68851b98 973 return block;
041603fe 974 }
0dc3f44a 975 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 976 if (addr - block->offset < block->max_length) {
041603fe
PB		 977 goto found;
978 }
979 }
980
981 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
982 abort();
983
984found:
43771539
PB		 985 /* It is safe to write mru_block outside the iothread lock. This
986 * is what happens:
987 *
988 * mru_block = xxx
989 * rcu_read_unlock()
990 * xxx removed from list
991 * rcu_read_lock()
992 * read mru_block
993 * mru_block = NULL;
994 * call_rcu(reclaim_ramblock, xxx);
995 * rcu_read_unlock()
996 *
997 * atomic_rcu_set is not needed here. The block was already published
998 * when it was placed into the list. Here we're just making an extra
999 * copy of the pointer.
1000 */
041603fe
PB		 1001 ram_list.mru_block = block;
1002 return block;
1003}
1004
a2f4d5be 1005static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 1006{
9a13565d 1007 CPUState *cpu;
041603fe 1008 ram_addr_t start1;
a2f4d5be
JQ		 1009 RAMBlock *block;
1010 ram_addr_t end;
1011
1012 end = TARGET_PAGE_ALIGN(start + length);
1013 start &= TARGET_PAGE_MASK;
d24981d3 1014
0dc3f44a 1015 rcu_read_lock();
041603fe
PB		 1016 block = qemu_get_ram_block(start);
1017 assert(block == qemu_get_ram_block(end - 1));
1240be24 1018 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 1019 CPU_FOREACH(cpu) {
1020 tlb_reset_dirty(cpu, start1, length);
1021 }
0dc3f44a 1022 rcu_read_unlock();
d24981d3
JQ		 1023}
1024
5579c7f3 1025/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 1026bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
1027 ram_addr_t length,
1028 unsigned client)
1ccde1cb 1029{
5b82b703 1030 DirtyMemoryBlocks *blocks;
03eebc9e 1031 unsigned long end, page;
5b82b703 1032 bool dirty = false;
03eebc9e
SH		 1033
1034 if (length == 0) {
1035 return false;
1036 }
f23db169 1037
03eebc9e
SH		 1038 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1039 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1040
1041 rcu_read_lock();
1042
1043 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1044
1045 while (page < end) {
1046 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1047 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1048 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1049
1050 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1051 offset, num);
1052 page += num;
1053 }
1054
1055 rcu_read_unlock();
03eebc9e
SH		 1056
1057 if (dirty && tcg_enabled()) {
a2f4d5be 1058 tlb_reset_dirty_range_all(start, length);
5579c7f3 1059 }
03eebc9e
SH		 1060
1061 return dirty;
1ccde1cb
FB		 1062}
1063
79e2b9ae 1064/* Called from RCU critical section */
bb0e627a 1065hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1066 MemoryRegionSection *section,
1067 target_ulong vaddr,
1068 hwaddr paddr, hwaddr xlat,
1069 int prot,
1070 target_ulong *address)
e5548617 1071{
a8170e5e 1072 hwaddr iotlb;
e5548617
BS		 1073 CPUWatchpoint *wp;
1074
cc5bea60 1075 if (memory_region_is_ram(section->mr)) {
e5548617 1076 /* Normal RAM. */
e4e69794 1077 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1078 if (!section->readonly) {
b41aac4f 1079 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1080 } else {
b41aac4f 1081 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1082 }
1083 } else {
0b8e2c10
PM		 1084 AddressSpaceDispatch *d;
1085
1086 d = atomic_rcu_read(&section->address_space->dispatch);
1087 iotlb = section - d->map.sections;
149f54b5 1088 iotlb += xlat;
e5548617
BS		 1089 }
1090
1091 /* Make accesses to pages with watchpoints go via the
1092 watchpoint trap routines. */
ff4700b0 1093 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1094 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1095 /* Avoid trapping reads of pages with a write breakpoint. */
1096 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1097 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1098 *address |= TLB_MMIO;
1099 break;
1100 }
1101 }
1102 }
1103
1104 return iotlb;
1105}
9fa3e853
FB		 1106#endif /* defined(CONFIG_USER_ONLY) */
1107
e2eef170 1108#if !defined(CONFIG_USER_ONLY)
8da3ff18 1109
c227f099 1110static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1111 uint16_t section);
acc9d80b 1112static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1113
a2b257d6
IM		 1114static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1115 qemu_anon_ram_alloc;
91138037
MA		 1116
1117/*
1118 * Set a custom physical guest memory alloator.
1119 * Accelerators with unusual needs may need this. Hopefully, we can
1120 * get rid of it eventually.
1121 */
a2b257d6 1122void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1123{
1124 phys_mem_alloc = alloc;
1125}
1126
53cb28cb
MA		 1127static uint16_t phys_section_add(PhysPageMap *map,
1128 MemoryRegionSection *section)
5312bd8b 1129{
68f3f65b
PB		 1130 /* The physical section number is ORed with a page-aligned
1131 * pointer to produce the iotlb entries. Thus it should
1132 * never overflow into the page-aligned value.
1133 */
53cb28cb 1134 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1135
53cb28cb
MA		 1136 if (map->sections_nb == map->sections_nb_alloc) {
1137 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1138 map->sections = g_renew(MemoryRegionSection, map->sections,
1139 map->sections_nb_alloc);
5312bd8b 1140 }
53cb28cb 1141 map->sections[map->sections_nb] = *section;
dfde4e6e 1142 memory_region_ref(section->mr);
53cb28cb 1143 return map->sections_nb++;
5312bd8b
AK		 1144}
1145
058bc4b5
PB		 1146static void phys_section_destroy(MemoryRegion *mr)
1147{
55b4e80b
DS		 1148 bool have_sub_page = mr->subpage;
1149
dfde4e6e
PB		 1150 memory_region_unref(mr);
1151
55b4e80b 1152 if (have_sub_page) {
058bc4b5 1153 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1154 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1155 g_free(subpage);
1156 }
1157}
1158
6092666e 1159static void phys_sections_free(PhysPageMap *map)
5312bd8b 1160{
9affd6fc
PB		 1161 while (map->sections_nb > 0) {
1162 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1163 phys_section_destroy(section->mr);
1164 }
9affd6fc
PB		 1165 g_free(map->sections);
1166 g_free(map->nodes);
5312bd8b
AK		 1167}
1168
ac1970fb 1169static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1170{
1171 subpage_t *subpage;
a8170e5e 1172 hwaddr base = section->offset_within_address_space
0f0cb164 1173 & TARGET_PAGE_MASK;
97115a8d 1174 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1175 d->map.nodes, d->map.sections);
0f0cb164
AK		 1176 MemoryRegionSection subsection = {
1177 .offset_within_address_space = base,
052e87b0 1178 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1179 };
a8170e5e 1180 hwaddr start, end;
0f0cb164 1181
f3705d53 1182 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1183
f3705d53 1184 if (!(existing->mr->subpage)) {
acc9d80b 1185 subpage = subpage_init(d->as, base);
3be91e86 1186 subsection.address_space = d->as;
0f0cb164 1187 subsection.mr = &subpage->iomem;
ac1970fb 1188 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1189 phys_section_add(&d->map, &subsection));
0f0cb164 1190 } else {
f3705d53 1191 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1192 }
1193 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1194 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1195 subpage_register(subpage, start, end,
1196 phys_section_add(&d->map, section));
0f0cb164
AK		 1197}
1198
1199
052e87b0
PB		 1200static void register_multipage(AddressSpaceDispatch *d,
1201 MemoryRegionSection *section)
33417e70 1202{
a8170e5e 1203 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1204 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1205 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1206 TARGET_PAGE_BITS));
dd81124b 1207
733d5ef5
PB		 1208 assert(num_pages);
1209 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1210}
1211
ac1970fb 1212static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1213{
89ae337a 1214 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1215 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1216 MemoryRegionSection now = *section, remain = *section;
052e87b0 1217 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1218
733d5ef5
PB		 1219 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1220 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1221 - now.offset_within_address_space;
1222
052e87b0 1223 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1224 register_subpage(d, &now);
733d5ef5 1225 } else {
052e87b0 1226 now.size = int128_zero();
733d5ef5 1227 }
052e87b0
PB		 1228 while (int128_ne(remain.size, now.size)) {
1229 remain.size = int128_sub(remain.size, now.size);
1230 remain.offset_within_address_space += int128_get64(now.size);
1231 remain.offset_within_region += int128_get64(now.size);
69b67646 1232 now = remain;
052e87b0 1233 if (int128_lt(remain.size, page_size)) {
733d5ef5 1234 register_subpage(d, &now);
88266249 1235 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1236 now.size = page_size;
ac1970fb 1237 register_subpage(d, &now);
69b67646 1238 } else {
052e87b0 1239 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1240 register_multipage(d, &now);
69b67646 1241 }
0f0cb164
AK		 1242 }
1243}
1244
62a2744c
SY		 1245void qemu_flush_coalesced_mmio_buffer(void)
1246{
1247 if (kvm_enabled())
1248 kvm_flush_coalesced_mmio_buffer();
1249}
1250
b2a8658e
UD		 1251void qemu_mutex_lock_ramlist(void)
1252{
1253 qemu_mutex_lock(&ram_list.mutex);
1254}
1255
1256void qemu_mutex_unlock_ramlist(void)
1257{
1258 qemu_mutex_unlock(&ram_list.mutex);
1259}
1260
e1e84ba0 1261#ifdef __linux__
04b16653
AW		 1262static void *file_ram_alloc(RAMBlock *block,
1263 ram_addr_t memory,
7f56e740
PB		 1264 const char *path,
1265 Error **errp)
c902760f 1266{
fd97fd44 1267 bool unlink_on_error = false;
c902760f 1268 char *filename;
8ca761f6
PF		 1269 char *sanitized_name;
1270 char *c;
794e8f30 1271 void *area;
5c3ece79 1272 int fd = -1;
e1fb6471 1273 int64_t page_size;
c902760f
MT		 1274
1275 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1276 error_setg(errp,
1277 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1278 return NULL;
c902760f
MT		 1279 }
1280
fd97fd44
MA		 1281 for (;;) {
1282 fd = open(path, O_RDWR);
1283 if (fd >= 0) {
1284 /* @path names an existing file, use it */
1285 break;
8d31d6b6 1286 }
fd97fd44
MA		 1287 if (errno == ENOENT) {
1288 /* @path names a file that doesn't exist, create it */
1289 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1290 if (fd >= 0) {
1291 unlink_on_error = true;
1292 break;
1293 }
1294 } else if (errno == EISDIR) {
1295 /* @path names a directory, create a file there */
1296 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1297 sanitized_name = g_strdup(memory_region_name(block->mr));
1298 for (c = sanitized_name; *c != '\0'; c++) {
1299 if (*c == '/') {
1300 *c = '_';
1301 }
1302 }
8ca761f6 1303
fd97fd44
MA		 1304 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1305 sanitized_name);
1306 g_free(sanitized_name);
8d31d6b6 1307
fd97fd44
MA		 1308 fd = mkstemp(filename);
1309 if (fd >= 0) {
1310 unlink(filename);
1311 g_free(filename);
1312 break;
1313 }
1314 g_free(filename);
8d31d6b6 1315 }
fd97fd44
MA		 1316 if (errno != EEXIST && errno != EINTR) {
1317 error_setg_errno(errp, errno,
1318 "can't open backing store %s for guest RAM",
1319 path);
1320 goto error;
1321 }
1322 /*
1323 * Try again on EINTR and EEXIST. The latter happens when
1324 * something else creates the file between our two open().
1325 */
8d31d6b6 1326 }
c902760f 1327
e1fb6471 1328 page_size = qemu_fd_getpagesize(fd);
d2f39add 1329 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1330
e1fb6471 1331 if (memory < page_size) {
fd97fd44
MA		 1332 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1333 "or larger than page size 0x%" PRIx64,
e1fb6471 1334 memory, page_size);
f9a49dfa 1335 goto error;
c902760f 1336 }
c902760f 1337
e1fb6471 1338 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1339
1340 /*
1341 * ftruncate is not supported by hugetlbfs in older
1342 * hosts, so don't bother bailing out on errors.
1343 * If anything goes wrong with it under other filesystems,
1344 * mmap will fail.
1345 */
7f56e740 1346 if (ftruncate(fd, memory)) {
9742bf26 1347 perror("ftruncate");
7f56e740 1348 }
c902760f 1349
d2f39add
DD		 1350 area = qemu_ram_mmap(fd, memory, block->mr->align,
1351 block->flags & RAM_SHARED);
c902760f 1352 if (area == MAP_FAILED) {
7f56e740 1353 error_setg_errno(errp, errno,
fd97fd44 1354 "unable to map backing store for guest RAM");
f9a49dfa 1355 goto error;
c902760f 1356 }
ef36fa14
MT		 1357
1358 if (mem_prealloc) {
38183310 1359 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1360 }
1361
04b16653 1362 block->fd = fd;
c902760f 1363 return area;
f9a49dfa
MT		 1364
1365error:
fd97fd44
MA		 1366 if (unlink_on_error) {
1367 unlink(path);
1368 }
5c3ece79
PB		 1369 if (fd != -1) {
1370 close(fd);
1371 }
f9a49dfa 1372 return NULL;
c902760f
MT		 1373}
1374#endif
1375
0dc3f44a 1376/* Called with the ramlist lock held. */
d17b5288 1377static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1378{
1379 RAMBlock *block, *next_block;
3e837b2c 1380 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1381
49cd9ac6
SH		 1382 assert(size != 0); /* it would hand out same offset multiple times */
1383
0dc3f44a 1384 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1385 return 0;
0d53d9fe 1386 }
04b16653 1387
0dc3f44a 1388 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1389 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1390
62be4e3a 1391 end = block->offset + block->max_length;
04b16653 1392
0dc3f44a 1393 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1394 if (next_block->offset >= end) {
1395 next = MIN(next, next_block->offset);
1396 }
1397 }
1398 if (next - end >= size && next - end < mingap) {
3e837b2c 1399 offset = end;
04b16653
AW		 1400 mingap = next - end;
1401 }
1402 }
3e837b2c
AW		 1403
1404 if (offset == RAM_ADDR_MAX) {
1405 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1406 (uint64_t)size);
1407 abort();
1408 }
1409
04b16653
AW		 1410 return offset;
1411}
1412
652d7ec2 1413ram_addr_t last_ram_offset(void)
d17b5288
AW		 1414{
1415 RAMBlock *block;
1416 ram_addr_t last = 0;
1417
0dc3f44a
MD		 1418 rcu_read_lock();
1419 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1420 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1421 }
0dc3f44a 1422 rcu_read_unlock();
d17b5288
AW		 1423 return last;
1424}
1425
ddb97f1d
JB		 1426static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1427{
1428 int ret;
ddb97f1d
JB		 1429
1430 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1431 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1432 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1433 if (ret) {
1434 perror("qemu_madvise");
1435 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1436 "but dump_guest_core=off specified\n");
1437 }
1438 }
1439}
1440
422148d3
DDAG		 1441const char *qemu_ram_get_idstr(RAMBlock *rb)
1442{
1443 return rb->idstr;
1444}
1445
ae3a7047 1446/* Called with iothread lock held. */
fa53a0e5 1447void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1448{
fa53a0e5 1449 RAMBlock *block;
20cfe881 1450
c5705a77
AK		 1451 assert(new_block);
1452 assert(!new_block->idstr[0]);
84b89d78 1453
09e5ab63
AL		 1454 if (dev) {
1455 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1456 if (id) {
1457 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1458 g_free(id);
84b89d78
CM		 1459 }
1460 }
1461 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1462
ab0a9956 1463 rcu_read_lock();
0dc3f44a 1464 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1465 if (block != new_block &&
1466 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1467 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1468 new_block->idstr);
1469 abort();
1470 }
1471 }
0dc3f44a 1472 rcu_read_unlock();
c5705a77
AK		 1473}
1474
ae3a7047 1475/* Called with iothread lock held. */
fa53a0e5 1476void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1477{
ae3a7047
MD		 1478 /* FIXME: arch_init.c assumes that this is not called throughout
1479 * migration. Ignore the problem since hot-unplug during migration
1480 * does not work anyway.
1481 */
20cfe881
HT		 1482 if (block) {
1483 memset(block->idstr, 0, sizeof(block->idstr));
1484 }
1485}
1486
8490fc78
LC		 1487static int memory_try_enable_merging(void *addr, size_t len)
1488{
75cc7f01 1489 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1490 /* disabled by the user */
1491 return 0;
1492 }
1493
1494 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1495}
1496
62be4e3a
MT		 1497/* Only legal before guest might have detected the memory size: e.g. on
1498 * incoming migration, or right after reset.
1499 *
1500 * As memory core doesn't know how is memory accessed, it is up to
1501 * resize callback to update device state and/or add assertions to detect
1502 * misuse, if necessary.
1503 */
fa53a0e5 1504int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1505{
62be4e3a
MT		 1506 assert(block);
1507
4ed023ce 1508 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1509
62be4e3a
MT		 1510 if (block->used_length == newsize) {
1511 return 0;
1512 }
1513
1514 if (!(block->flags & RAM_RESIZEABLE)) {
1515 error_setg_errno(errp, EINVAL,
1516 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1517 " in != 0x" RAM_ADDR_FMT, block->idstr,
1518 newsize, block->used_length);
1519 return -EINVAL;
1520 }
1521
1522 if (block->max_length < newsize) {
1523 error_setg_errno(errp, EINVAL,
1524 "Length too large: %s: 0x" RAM_ADDR_FMT
1525 " > 0x" RAM_ADDR_FMT, block->idstr,
1526 newsize, block->max_length);
1527 return -EINVAL;
1528 }
1529
1530 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1531 block->used_length = newsize;
58d2707e
PB		 1532 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1533 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1534 memory_region_set_size(block->mr, newsize);
1535 if (block->resized) {
1536 block->resized(block->idstr, newsize, block->host);
1537 }
1538 return 0;
1539}
1540
5b82b703
SH		 1541/* Called with ram_list.mutex held */
1542static void dirty_memory_extend(ram_addr_t old_ram_size,
1543 ram_addr_t new_ram_size)
1544{
1545 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1546 DIRTY_MEMORY_BLOCK_SIZE);
1547 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1548 DIRTY_MEMORY_BLOCK_SIZE);
1549 int i;
1550
1551 /* Only need to extend if block count increased */
1552 if (new_num_blocks <= old_num_blocks) {
1553 return;
1554 }
1555
1556 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1557 DirtyMemoryBlocks *old_blocks;
1558 DirtyMemoryBlocks *new_blocks;
1559 int j;
1560
1561 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1562 new_blocks = g_malloc(sizeof(*new_blocks) +
1563 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1564
1565 if (old_num_blocks) {
1566 memcpy(new_blocks->blocks, old_blocks->blocks,
1567 old_num_blocks * sizeof(old_blocks->blocks[0]));
1568 }
1569
1570 for (j = old_num_blocks; j < new_num_blocks; j++) {
1571 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1572 }
1573
1574 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1575
1576 if (old_blocks) {
1577 g_free_rcu(old_blocks, rcu);
1578 }
1579 }
1580}
1581
528f46af 1582static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1583{
e1c57ab8 1584 RAMBlock *block;
0d53d9fe 1585 RAMBlock *last_block = NULL;
2152f5ca 1586 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1587 Error *err = NULL;
2152f5ca
JQ		 1588
1589 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1590
b2a8658e 1591 qemu_mutex_lock_ramlist();
9b8424d5 1592 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1593
1594 if (!new_block->host) {
1595 if (xen_enabled()) {
9b8424d5 1596 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1597 new_block->mr, &err);
1598 if (err) {
1599 error_propagate(errp, err);
1600 qemu_mutex_unlock_ramlist();
39c350ee 1601 return;
37aa7a0e 1602 }
e1c57ab8 1603 } else {
9b8424d5 1604 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1605 &new_block->mr->align);
39228250 1606 if (!new_block->host) {
ef701d7b
HT		 1607 error_setg_errno(errp, errno,
1608 "cannot set up guest memory '%s'",
1609 memory_region_name(new_block->mr));
1610 qemu_mutex_unlock_ramlist();
39c350ee 1611 return;
39228250 1612 }
9b8424d5 1613 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1614 }
c902760f 1615 }
94a6b54f 1616
dd631697
LZ		 1617 new_ram_size = MAX(old_ram_size,
1618 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1619 if (new_ram_size > old_ram_size) {
1620 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1621 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1622 }
0d53d9fe
MD		 1623 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1624 * QLIST (which has an RCU-friendly variant) does not have insertion at
1625 * tail, so save the last element in last_block.
1626 */
0dc3f44a 1627 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1628 last_block = block;
9b8424d5 1629 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1630 break;
1631 }
1632 }
1633 if (block) {
0dc3f44a 1634 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1635 } else if (last_block) {
0dc3f44a 1636 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1637 } else { /* list is empty */
0dc3f44a 1638 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1639 }
0d6d3c87 1640 ram_list.mru_block = NULL;
94a6b54f 1641
0dc3f44a
MD		 1642 /* Write list before version */
1643 smp_wmb();
f798b07f 1644 ram_list.version++;
b2a8658e 1645 qemu_mutex_unlock_ramlist();
f798b07f 1646
9b8424d5 1647 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1648 new_block->used_length,
1649 DIRTY_CLIENTS_ALL);
94a6b54f 1650
a904c911
PB		 1651 if (new_block->host) {
1652 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1653 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1654 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1655 if (kvm_enabled()) {
1656 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1657 }
e1c57ab8 1658 }
94a6b54f 1659}
e9a1ab19 1660
0b183fc8 1661#ifdef __linux__
528f46af
FZ		 1662RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1663 bool share, const char *mem_path,
1664 Error **errp)
e1c57ab8
PB		 1665{
1666 RAMBlock *new_block;
ef701d7b 1667 Error *local_err = NULL;
e1c57ab8
PB		 1668
1669 if (xen_enabled()) {
7f56e740 1670 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1671 return NULL;
e1c57ab8
PB		 1672 }
1673
1674 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1675 /*
1676 * file_ram_alloc() needs to allocate just like
1677 * phys_mem_alloc, but we haven't bothered to provide
1678 * a hook there.
1679 */
7f56e740
PB		 1680 error_setg(errp,
1681 "-mem-path not supported with this accelerator");
528f46af 1682 return NULL;
e1c57ab8
PB		 1683 }
1684
4ed023ce 1685 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1686 new_block = g_malloc0(sizeof(*new_block));
1687 new_block->mr = mr;
9b8424d5
MT		 1688 new_block->used_length = size;
1689 new_block->max_length = size;
dbcb8981 1690 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1691 new_block->host = file_ram_alloc(new_block, size,
1692 mem_path, errp);
1693 if (!new_block->host) {
1694 g_free(new_block);
528f46af 1695 return NULL;
7f56e740
PB		 1696 }
1697
528f46af 1698 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1699 if (local_err) {
1700 g_free(new_block);
1701 error_propagate(errp, local_err);
528f46af 1702 return NULL;
ef701d7b 1703 }
528f46af 1704 return new_block;
e1c57ab8 1705}
0b183fc8 1706#endif
e1c57ab8 1707
62be4e3a 1708static
528f46af
FZ		 1709RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1710 void (*resized)(const char*,
1711 uint64_t length,
1712 void *host),
1713 void *host, bool resizeable,
1714 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1715{
1716 RAMBlock *new_block;
ef701d7b 1717 Error *local_err = NULL;
e1c57ab8 1718
4ed023ce
DDAG		 1719 size = HOST_PAGE_ALIGN(size);
1720 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1721 new_block = g_malloc0(sizeof(*new_block));
1722 new_block->mr = mr;
62be4e3a 1723 new_block->resized = resized;
9b8424d5
MT		 1724 new_block->used_length = size;
1725 new_block->max_length = max_size;
62be4e3a 1726 assert(max_size >= size);
e1c57ab8
PB		 1727 new_block->fd = -1;
1728 new_block->host = host;
1729 if (host) {
7bd4f430 1730 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1731 }
62be4e3a
MT		 1732 if (resizeable) {
1733 new_block->flags |= RAM_RESIZEABLE;
1734 }
528f46af 1735 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1736 if (local_err) {
1737 g_free(new_block);
1738 error_propagate(errp, local_err);
528f46af 1739 return NULL;
ef701d7b 1740 }
528f46af 1741 return new_block;
e1c57ab8
PB		 1742}
1743
528f46af 1744RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1745 MemoryRegion *mr, Error **errp)
1746{
1747 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1748}
1749
528f46af 1750RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1751{
62be4e3a
MT		 1752 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1753}
1754
528f46af 1755RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1756 void (*resized)(const char*,
1757 uint64_t length,
1758 void *host),
1759 MemoryRegion *mr, Error **errp)
1760{
1761 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1762}
1763
43771539
PB		 1764static void reclaim_ramblock(RAMBlock *block)
1765{
1766 if (block->flags & RAM_PREALLOC) {
1767 ;
1768 } else if (xen_enabled()) {
1769 xen_invalidate_map_cache_entry(block->host);
1770#ifndef _WIN32
1771 } else if (block->fd >= 0) {
2f3a2bb1 1772 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1773 close(block->fd);
1774#endif
1775 } else {
1776 qemu_anon_ram_free(block->host, block->max_length);
1777 }
1778 g_free(block);
1779}
1780
f1060c55 1781void qemu_ram_free(RAMBlock *block)
e9a1ab19 1782{
85bc2a15
MAL		 1783 if (!block) {
1784 return;
1785 }
1786
b2a8658e 1787 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1788 QLIST_REMOVE_RCU(block, next);
1789 ram_list.mru_block = NULL;
1790 /* Write list before version */
1791 smp_wmb();
1792 ram_list.version++;
1793 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1794 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1795}
1796
cd19cfa2
HY		 1797#ifndef _WIN32
1798void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1799{
1800 RAMBlock *block;
1801 ram_addr_t offset;
1802 int flags;
1803 void *area, *vaddr;
1804
0dc3f44a 1805 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1806 offset = addr - block->offset;
9b8424d5 1807 if (offset < block->max_length) {
1240be24 1808 vaddr = ramblock_ptr(block, offset);
7bd4f430 1809 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1810 ;
dfeaf2ab
MA		 1811 } else if (xen_enabled()) {
1812 abort();
cd19cfa2
HY		 1813 } else {
1814 flags = MAP_FIXED;
3435f395 1815 if (block->fd >= 0) {
dbcb8981
PB		 1816 flags |= (block->flags & RAM_SHARED ?
1817 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1818 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1819 flags, block->fd, offset);
cd19cfa2 1820 } else {
2eb9fbaa
MA		 1821 /*
1822 * Remap needs to match alloc. Accelerators that
1823 * set phys_mem_alloc never remap. If they did,
1824 * we'd need a remap hook here.
1825 */
1826 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1827
cd19cfa2
HY		 1828 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1829 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1830 flags, -1, 0);
cd19cfa2
HY		 1831 }
1832 if (area != vaddr) {
f15fbc4b
AP		 1833 fprintf(stderr, "Could not remap addr: "
1834 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1835 length, addr);
1836 exit(1);
1837 }
8490fc78 1838 memory_try_enable_merging(vaddr, length);
ddb97f1d 1839 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1840 }
cd19cfa2
HY		 1841 }
1842 }
1843}
1844#endif /* !_WIN32 */
1845
1b5ec234 1846/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1847 * This should not be used for general purpose DMA. Use address_space_map
1848 * or address_space_rw instead. For local memory (e.g. video ram) that the
1849 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1850 *
49b24afc 1851 * Called within RCU critical section.
1b5ec234 1852 */
0878d0e1 1853void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1854{
3655cb9c
GA		 1855 RAMBlock *block = ram_block;
1856
1857 if (block == NULL) {
1858 block = qemu_get_ram_block(addr);
0878d0e1 1859 addr -= block->offset;
3655cb9c 1860 }
ae3a7047
MD		 1861
1862 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1863 /* We need to check if the requested address is in the RAM
1864 * because we don't want to map the entire memory in QEMU.
1865 * In that case just map until the end of the page.
1866 */
1867 if (block->offset == 0) {
49b24afc 1868 return xen_map_cache(addr, 0, 0);
0d6d3c87 1869 }
ae3a7047
MD		 1870
1871 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1872 }
0878d0e1 1873 return ramblock_ptr(block, addr);
dc828ca1
PB		 1874}
1875
0878d0e1 1876/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1877 * but takes a size argument.
0dc3f44a 1878 *
e81bcda5 1879 * Called within RCU critical section.
ae3a7047 1880 */
3655cb9c
GA		 1881static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1882 hwaddr *size)
38bee5dc 1883{
3655cb9c 1884 RAMBlock *block = ram_block;
8ab934f9
SS		 1885 if (*size == 0) {
1886 return NULL;
1887 }
e81bcda5 1888
3655cb9c
GA		 1889 if (block == NULL) {
1890 block = qemu_get_ram_block(addr);
0878d0e1 1891 addr -= block->offset;
3655cb9c 1892 }
0878d0e1 1893 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1894
1895 if (xen_enabled() && block->host == NULL) {
1896 /* We need to check if the requested address is in the RAM
1897 * because we don't want to map the entire memory in QEMU.
1898 * In that case just map the requested area.
1899 */
1900 if (block->offset == 0) {
1901 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1902 }
1903
e81bcda5 1904 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1905 }
e81bcda5 1906
0878d0e1 1907 return ramblock_ptr(block, addr);
38bee5dc
SS		 1908}
1909
422148d3
DDAG		 1910/*
1911 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1912 * in that RAMBlock.
1913 *
1914 * ptr: Host pointer to look up
1915 * round_offset: If true round the result offset down to a page boundary
1916 * *ram_addr: set to result ram_addr
1917 * *offset: set to result offset within the RAMBlock
1918 *
1919 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1920 *
1921 * By the time this function returns, the returned pointer is not protected
1922 * by RCU anymore. If the caller is not within an RCU critical section and
1923 * does not hold the iothread lock, it must have other means of protecting the
1924 * pointer, such as a reference to the region that includes the incoming
1925 * ram_addr_t.
1926 */
422148d3 1927RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1928 ram_addr_t *offset)
5579c7f3 1929{
94a6b54f
PB		 1930 RAMBlock *block;
1931 uint8_t *host = ptr;
1932
868bb33f 1933 if (xen_enabled()) {
f615f396 1934 ram_addr_t ram_addr;
0dc3f44a 1935 rcu_read_lock();
f615f396
PB		 1936 ram_addr = xen_ram_addr_from_mapcache(ptr);
1937 block = qemu_get_ram_block(ram_addr);
422148d3 1938 if (block) {
d6b6aec4 1939 *offset = ram_addr - block->offset;
422148d3 1940 }
0dc3f44a 1941 rcu_read_unlock();
422148d3 1942 return block;
712c2b41
SS		 1943 }
1944
0dc3f44a
MD		 1945 rcu_read_lock();
1946 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1947 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1948 goto found;
1949 }
1950
0dc3f44a 1951 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1952 /* This case append when the block is not mapped. */
1953 if (block->host == NULL) {
1954 continue;
1955 }
9b8424d5 1956 if (host - block->host < block->max_length) {
23887b79 1957 goto found;
f471a17e 1958 }
94a6b54f 1959 }
432d268c 1960
0dc3f44a 1961 rcu_read_unlock();
1b5ec234 1962 return NULL;
23887b79
PB		 1963
1964found:
422148d3
DDAG		 1965 *offset = (host - block->host);
1966 if (round_offset) {
1967 *offset &= TARGET_PAGE_MASK;
1968 }
0dc3f44a 1969 rcu_read_unlock();
422148d3
DDAG		 1970 return block;
1971}
1972
e3dd7493
DDAG		 1973/*
1974 * Finds the named RAMBlock
1975 *
1976 * name: The name of RAMBlock to find
1977 *
1978 * Returns: RAMBlock (or NULL if not found)
1979 */
1980RAMBlock *qemu_ram_block_by_name(const char *name)
1981{
1982 RAMBlock *block;
1983
1984 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1985 if (!strcmp(name, block->idstr)) {
1986 return block;
1987 }
1988 }
1989
1990 return NULL;
1991}
1992
422148d3
DDAG		 1993/* Some of the softmmu routines need to translate from a host pointer
1994 (typically a TLB entry) back to a ram offset. */
07bdaa41 1995ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1996{
1997 RAMBlock *block;
f615f396 1998 ram_addr_t offset;
422148d3 1999
f615f396 2000 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 2001 if (!block) {
07bdaa41 2002 return RAM_ADDR_INVALID;
422148d3
DDAG		 2003 }
2004
07bdaa41 2005 return block->offset + offset;
e890261f 2006}
f471a17e 2007
49b24afc 2008/* Called within RCU critical section. */
a8170e5e 2009static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2010 uint64_t val, unsigned size)
9fa3e853 2011{
52159192 2012 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2013 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2014 }
0e0df1e2
AK		 2015 switch (size) {
2016 case 1:
0878d0e1 2017 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2018 break;
2019 case 2:
0878d0e1 2020 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2021 break;
2022 case 4:
0878d0e1 2023 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2024 break;
2025 default:
2026 abort();
3a7d929e 2027 }
58d2707e
PB		 2028 /* Set both VGA and migration bits for simplicity and to remove
2029 * the notdirty callback faster.
2030 */
2031 cpu_physical_memory_set_dirty_range(ram_addr, size,
2032 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2033 /* we remove the notdirty callback only if the code has been
2034 flushed */
a2cd8c85 2035 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2036 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2037 }
9fa3e853
FB		 2038}
2039
b018ddf6
PB		 2040static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2041 unsigned size, bool is_write)
2042{
2043 return is_write;
2044}
2045
0e0df1e2 2046static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2047 .write = notdirty_mem_write,
b018ddf6 2048 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2049 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2050};
2051
0f459d16 2052/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2053static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2054{
93afeade 2055 CPUState *cpu = current_cpu;
568496c0 2056 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2057 CPUArchState *env = cpu->env_ptr;
06d55cc1 2058 target_ulong pc, cs_base;
0f459d16 2059 target_ulong vaddr;
a1d1bb31 2060 CPUWatchpoint *wp;
89fee74a 2061 uint32_t cpu_flags;
0f459d16 2062
ff4700b0 2063 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2064 /* We re-entered the check after replacing the TB. Now raise
2065 * the debug interrupt so that is will trigger after the
2066 * current instruction. */
93afeade 2067 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2068 return;
2069 }
93afeade 2070 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2071 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2072 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2073 && (wp->flags & flags)) {
08225676
PM		 2074 if (flags == BP_MEM_READ) {
2075 wp->flags |= BP_WATCHPOINT_HIT_READ;
2076 } else {
2077 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2078 }
2079 wp->hitaddr = vaddr;
66b9b43c 2080 wp->hitattrs = attrs;
ff4700b0 2081 if (!cpu->watchpoint_hit) {
568496c0
SF		 2082 if (wp->flags & BP_CPU &&
2083 !cc->debug_check_watchpoint(cpu, wp)) {
2084 wp->flags &= ~BP_WATCHPOINT_HIT;
2085 continue;
2086 }
ff4700b0 2087 cpu->watchpoint_hit = wp;
239c51a5 2088 tb_check_watchpoint(cpu);
6e140f28 2089 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2090 cpu->exception_index = EXCP_DEBUG;
5638d180 2091 cpu_loop_exit(cpu);
6e140f28
AL		 2092 } else {
2093 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2094 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2095 cpu_loop_exit_noexc(cpu);
6e140f28 2096 }
06d55cc1 2097 }
6e140f28
AL		 2098 } else {
2099 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2100 }
2101 }
2102}
2103
6658ffb8
PB		 2104/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2105 so these check for a hit then pass through to the normal out-of-line
2106 phys routines. */
66b9b43c
PM		 2107static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2108 unsigned size, MemTxAttrs attrs)
6658ffb8 2109{
66b9b43c
PM		 2110 MemTxResult res;
2111 uint64_t data;
79ed0416
PM		 2112 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2113 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2114
2115 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2116 switch (size) {
66b9b43c 2117 case 1:
79ed0416 2118 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2119 break;
2120 case 2:
79ed0416 2121 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2122 break;
2123 case 4:
79ed0416 2124 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2125 break;
1ec9b909
AK		 2126 default: abort();
2127 }
66b9b43c
PM		 2128 *pdata = data;
2129 return res;
6658ffb8
PB		 2130}
2131
66b9b43c
PM		 2132static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2133 uint64_t val, unsigned size,
2134 MemTxAttrs attrs)
6658ffb8 2135{
66b9b43c 2136 MemTxResult res;
79ed0416
PM		 2137 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2138 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2139
2140 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2141 switch (size) {
67364150 2142 case 1:
79ed0416 2143 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2144 break;
2145 case 2:
79ed0416 2146 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2147 break;
2148 case 4:
79ed0416 2149 address_space_stl(as, addr, val, attrs, &res);
67364150 2150 break;
1ec9b909
AK		 2151 default: abort();
2152 }
66b9b43c 2153 return res;
6658ffb8
PB		 2154}
2155
1ec9b909 2156static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2157 .read_with_attrs = watch_mem_read,
2158 .write_with_attrs = watch_mem_write,
1ec9b909 2159 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2160};
6658ffb8 2161
f25a49e0
PM		 2162static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2163 unsigned len, MemTxAttrs attrs)
db7b5426 2164{
acc9d80b 2165 subpage_t *subpage = opaque;
ff6cff75 2166 uint8_t buf[8];
5c9eb028 2167 MemTxResult res;
791af8c8 2168
db7b5426 2169#if defined(DEBUG_SUBPAGE)
016e9d62 2170 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2171 subpage, len, addr);
db7b5426 2172#endif
5c9eb028
PM		 2173 res = address_space_read(subpage->as, addr + subpage->base,
2174 attrs, buf, len);
2175 if (res) {
2176 return res;
f25a49e0 2177 }
acc9d80b
JK		 2178 switch (len) {
2179 case 1:
f25a49e0
PM		 2180 *data = ldub_p(buf);
2181 return MEMTX_OK;
acc9d80b 2182 case 2:
f25a49e0
PM		 2183 *data = lduw_p(buf);
2184 return MEMTX_OK;
acc9d80b 2185 case 4:
f25a49e0
PM		 2186 *data = ldl_p(buf);
2187 return MEMTX_OK;
ff6cff75 2188 case 8:
f25a49e0
PM		 2189 *data = ldq_p(buf);
2190 return MEMTX_OK;
acc9d80b
JK		 2191 default:
2192 abort();
2193 }
db7b5426
BS		 2194}
2195
f25a49e0
PM		 2196static MemTxResult subpage_write(void *opaque, hwaddr addr,
2197 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2198{
acc9d80b 2199 subpage_t *subpage = opaque;
ff6cff75 2200 uint8_t buf[8];
acc9d80b 2201
db7b5426 2202#if defined(DEBUG_SUBPAGE)
016e9d62 2203 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2204 " value %"PRIx64"\n",
2205 __func__, subpage, len, addr, value);
db7b5426 2206#endif
acc9d80b
JK		 2207 switch (len) {
2208 case 1:
2209 stb_p(buf, value);
2210 break;
2211 case 2:
2212 stw_p(buf, value);
2213 break;
2214 case 4:
2215 stl_p(buf, value);
2216 break;
ff6cff75
PB		 2217 case 8:
2218 stq_p(buf, value);
2219 break;
acc9d80b
JK		 2220 default:
2221 abort();
2222 }
5c9eb028
PM		 2223 return address_space_write(subpage->as, addr + subpage->base,
2224 attrs, buf, len);
db7b5426
BS		 2225}
2226
c353e4cc 2227static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2228 unsigned len, bool is_write)
c353e4cc 2229{
acc9d80b 2230 subpage_t *subpage = opaque;
c353e4cc 2231#if defined(DEBUG_SUBPAGE)
016e9d62 2232 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2233 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2234#endif
2235
acc9d80b 2236 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2237 len, is_write);
c353e4cc
PB		 2238}
2239
70c68e44 2240static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2241 .read_with_attrs = subpage_read,
2242 .write_with_attrs = subpage_write,
ff6cff75
PB		 2243 .impl.min_access_size = 1,
2244 .impl.max_access_size = 8,
2245 .valid.min_access_size = 1,
2246 .valid.max_access_size = 8,
c353e4cc 2247 .valid.accepts = subpage_accepts,
70c68e44 2248 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2249};
2250
c227f099 2251static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2252 uint16_t section)
db7b5426
BS		 2253{
2254 int idx, eidx;
2255
2256 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2257 return -1;
2258 idx = SUBPAGE_IDX(start);
2259 eidx = SUBPAGE_IDX(end);
2260#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2261 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2262 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2263#endif
db7b5426 2264 for (; idx <= eidx; idx++) {
5312bd8b 2265 mmio->sub_section[idx] = section;
db7b5426
BS		 2266 }
2267
2268 return 0;
2269}
2270
acc9d80b 2271static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2272{
c227f099 2273 subpage_t *mmio;
db7b5426 2274
7267c094 2275 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2276
acc9d80b 2277 mmio->as = as;
1eec614b 2278 mmio->base = base;
2c9b15ca 2279 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2280 NULL, TARGET_PAGE_SIZE);
b3b00c78 2281 mmio->iomem.subpage = true;
db7b5426 2282#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2283 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2284 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2285#endif
b41aac4f 2286 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2287
2288 return mmio;
2289}
2290
a656e22f
PC		 2291static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2292 MemoryRegion *mr)
5312bd8b 2293{
a656e22f 2294 assert(as);
5312bd8b 2295 MemoryRegionSection section = {
a656e22f 2296 .address_space = as,
5312bd8b
AK		 2297 .mr = mr,
2298 .offset_within_address_space = 0,
2299 .offset_within_region = 0,
052e87b0 2300 .size = int128_2_64(),
5312bd8b
AK		 2301 };
2302
53cb28cb 2303 return phys_section_add(map, &section);
5312bd8b
AK		 2304}
2305
a54c87b6 2306MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2307{
a54c87b6
PM		 2308 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2309 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2310 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2311 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2312
2313 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2314}
2315
e9179ce1
AK		 2316static void io_mem_init(void)
2317{
1f6245e5 2318 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2319 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2320 NULL, UINT64_MAX);
2c9b15ca 2321 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2322 NULL, UINT64_MAX);
2c9b15ca 2323 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2324 NULL, UINT64_MAX);
e9179ce1
AK		 2325}
2326
ac1970fb 2327static void mem_begin(MemoryListener *listener)
00752703
PB		 2328{
2329 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2330 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2331 uint16_t n;
2332
a656e22f 2333 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2334 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2335 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2336 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2337 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2338 assert(n == PHYS_SECTION_ROM);
a656e22f 2339 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2340 assert(n == PHYS_SECTION_WATCH);
00752703 2341
9736e55b 2342 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2343 d->as = as;
2344 as->next_dispatch = d;
2345}
2346
79e2b9ae
PB		 2347static void address_space_dispatch_free(AddressSpaceDispatch *d)
2348{
2349 phys_sections_free(&d->map);
2350 g_free(d);
2351}
2352
00752703 2353static void mem_commit(MemoryListener *listener)
ac1970fb 2354{
89ae337a 2355 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2356 AddressSpaceDispatch *cur = as->dispatch;
2357 AddressSpaceDispatch *next = as->next_dispatch;
2358
53cb28cb 2359 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2360
79e2b9ae 2361 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2362 if (cur) {
79e2b9ae 2363 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2364 }
9affd6fc
PB		 2365}
2366
1d71148e 2367static void tcg_commit(MemoryListener *listener)
50c1e149 2368{
32857f4d
PM		 2369 CPUAddressSpace *cpuas;
2370 AddressSpaceDispatch *d;
117712c3
AK		 2371
2372 /* since each CPU stores ram addresses in its TLB cache, we must
2373 reset the modified entries */
32857f4d
PM		 2374 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2375 cpu_reloading_memory_map();
2376 /* The CPU and TLB are protected by the iothread lock.
2377 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2378 * may have split the RCU critical section.
2379 */
2380 d = atomic_rcu_read(&cpuas->as->dispatch);
2381 cpuas->memory_dispatch = d;
2382 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2383}
2384
ac1970fb
AK		 2385void address_space_init_dispatch(AddressSpace *as)
2386{
00752703 2387 as->dispatch = NULL;
89ae337a 2388 as->dispatch_listener = (MemoryListener) {
ac1970fb 2389 .begin = mem_begin,
00752703 2390 .commit = mem_commit,
ac1970fb
AK		 2391 .region_add = mem_add,
2392 .region_nop = mem_add,
2393 .priority = 0,
2394 };
89ae337a 2395 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2396}
2397
6e48e8f9
PB		 2398void address_space_unregister(AddressSpace *as)
2399{
2400 memory_listener_unregister(&as->dispatch_listener);
2401}
2402
83f3c251
AK		 2403void address_space_destroy_dispatch(AddressSpace *as)
2404{
2405 AddressSpaceDispatch *d = as->dispatch;
2406
79e2b9ae
PB		 2407 atomic_rcu_set(&as->dispatch, NULL);
2408 if (d) {
2409 call_rcu(d, address_space_dispatch_free, rcu);
2410 }
83f3c251
AK		 2411}
2412
62152b8a
AK		 2413static void memory_map_init(void)
2414{
7267c094 2415 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2416
57271d63 2417 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2418 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2419
7267c094 2420 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2421 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2422 65536);
7dca8043 2423 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2424}
2425
2426MemoryRegion *get_system_memory(void)
2427{
2428 return system_memory;
2429}
2430
309cb471
AK		 2431MemoryRegion *get_system_io(void)
2432{
2433 return system_io;
2434}
2435
e2eef170
PB		 2436#endif /* !defined(CONFIG_USER_ONLY) */
2437
13eb76e0
FB		 2438/* physical memory access (slow version, mainly for debug) */
2439#if defined(CONFIG_USER_ONLY)
f17ec444 2440int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2441 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2442{
2443 int l, flags;
2444 target_ulong page;
53a5960a 2445 void * p;
13eb76e0
FB		 2446
2447 while (len > 0) {
2448 page = addr & TARGET_PAGE_MASK;
2449 l = (page + TARGET_PAGE_SIZE) - addr;
2450 if (l > len)
2451 l = len;
2452 flags = page_get_flags(page);
2453 if (!(flags & PAGE_VALID))
a68fe89c 2454 return -1;
13eb76e0
FB		 2455 if (is_write) {
2456 if (!(flags & PAGE_WRITE))
a68fe89c 2457 return -1;
579a97f7 2458 /* XXX: this code should not depend on lock_user */
72fb7daa 2459 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2460 return -1;
72fb7daa
AJ		 2461 memcpy(p, buf, l);
2462 unlock_user(p, addr, l);
13eb76e0
FB		 2463 } else {
2464 if (!(flags & PAGE_READ))
a68fe89c 2465 return -1;
579a97f7 2466 /* XXX: this code should not depend on lock_user */
72fb7daa 2467 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2468 return -1;
72fb7daa 2469 memcpy(buf, p, l);
5b257578 2470 unlock_user(p, addr, 0);
13eb76e0
FB		 2471 }
2472 len -= l;
2473 buf += l;
2474 addr += l;
2475 }
a68fe89c 2476 return 0;
13eb76e0 2477}
8df1cd07 2478
13eb76e0 2479#else
51d7a9eb 2480
845b6214 2481static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2482 hwaddr length)
51d7a9eb 2483{
e87f7778 2484 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2485 addr += memory_region_get_ram_addr(mr);
2486
e87f7778
PB		 2487 /* No early return if dirty_log_mask is or becomes 0, because
2488 * cpu_physical_memory_set_dirty_range will still call
2489 * xen_modified_memory.
2490 */
2491 if (dirty_log_mask) {
2492 dirty_log_mask =
2493 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2494 }
2495 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2496 tb_invalidate_phys_range(addr, addr + length);
2497 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2498 }
e87f7778 2499 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2500}
2501
23326164 2502static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2503{
e1622f4b 2504 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2505
2506 /* Regions are assumed to support 1-4 byte accesses unless
2507 otherwise specified. */
23326164
RH		 2508 if (access_size_max == 0) {
2509 access_size_max = 4;
2510 }
2511
2512 /* Bound the maximum access by the alignment of the address. */
2513 if (!mr->ops->impl.unaligned) {
2514 unsigned align_size_max = addr & -addr;
2515 if (align_size_max != 0 && align_size_max < access_size_max) {
2516 access_size_max = align_size_max;
2517 }
82f2563f 2518 }
23326164
RH		 2519
2520 /* Don't attempt accesses larger than the maximum. */
2521 if (l > access_size_max) {
2522 l = access_size_max;
82f2563f 2523 }
6554f5c0 2524 l = pow2floor(l);
23326164
RH		 2525
2526 return l;
82f2563f
PB		 2527}
2528
4840f10e 2529static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2530{
4840f10e
JK		 2531 bool unlocked = !qemu_mutex_iothread_locked();
2532 bool release_lock = false;
2533
2534 if (unlocked && mr->global_locking) {
2535 qemu_mutex_lock_iothread();
2536 unlocked = false;
2537 release_lock = true;
2538 }
125b3806 2539 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2540 if (unlocked) {
2541 qemu_mutex_lock_iothread();
2542 }
125b3806 2543 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2544 if (unlocked) {
2545 qemu_mutex_unlock_iothread();
2546 }
125b3806 2547 }
4840f10e
JK		 2548
2549 return release_lock;
125b3806
PB		 2550}
2551
a203ac70
PB		 2552/* Called within RCU critical section. */
2553static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2554 MemTxAttrs attrs,
2555 const uint8_t *buf,
2556 int len, hwaddr addr1,
2557 hwaddr l, MemoryRegion *mr)
13eb76e0 2558{
13eb76e0 2559 uint8_t *ptr;
791af8c8 2560 uint64_t val;
3b643495 2561 MemTxResult result = MEMTX_OK;
4840f10e 2562 bool release_lock = false;
3b46e624 2563
a203ac70 2564 for (;;) {
eb7eeb88
PB		 2565 if (!memory_access_is_direct(mr, true)) {
2566 release_lock |= prepare_mmio_access(mr);
2567 l = memory_access_size(mr, l, addr1);
2568 /* XXX: could force current_cpu to NULL to avoid
2569 potential bugs */
2570 switch (l) {
2571 case 8:
2572 /* 64 bit write access */
2573 val = ldq_p(buf);
2574 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2575 attrs);
2576 break;
2577 case 4:
2578 /* 32 bit write access */
2579 val = ldl_p(buf);
2580 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2581 attrs);
2582 break;
2583 case 2:
2584 /* 16 bit write access */
2585 val = lduw_p(buf);
2586 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2587 attrs);
2588 break;
2589 case 1:
2590 /* 8 bit write access */
2591 val = ldub_p(buf);
2592 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2593 attrs);
2594 break;
2595 default:
2596 abort();
13eb76e0
FB		 2597 }
2598 } else {
eb7eeb88 2599 /* RAM case */
0878d0e1 2600 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2601 memcpy(ptr, buf, l);
2602 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2603 }
4840f10e
JK		 2604
2605 if (release_lock) {
2606 qemu_mutex_unlock_iothread();
2607 release_lock = false;
2608 }
2609
13eb76e0
FB		 2610 len -= l;
2611 buf += l;
2612 addr += l;
a203ac70
PB		 2613
2614 if (!len) {
2615 break;
2616 }
2617
2618 l = len;
2619 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2620 }
fd8aaa76 2621
3b643495 2622 return result;
13eb76e0 2623}
8df1cd07 2624
a203ac70
PB		 2625MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2626 const uint8_t *buf, int len)
ac1970fb 2627{
eb7eeb88 2628 hwaddr l;
eb7eeb88
PB		 2629 hwaddr addr1;
2630 MemoryRegion *mr;
2631 MemTxResult result = MEMTX_OK;
eb7eeb88 2632
a203ac70
PB		 2633 if (len > 0) {
2634 rcu_read_lock();
eb7eeb88 2635 l = len;
a203ac70
PB		 2636 mr = address_space_translate(as, addr, &addr1, &l, true);
2637 result = address_space_write_continue(as, addr, attrs, buf, len,
2638 addr1, l, mr);
2639 rcu_read_unlock();
2640 }
2641
2642 return result;
2643}
2644
2645/* Called within RCU critical section. */
2646MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2647 MemTxAttrs attrs, uint8_t *buf,
2648 int len, hwaddr addr1, hwaddr l,
2649 MemoryRegion *mr)
2650{
2651 uint8_t *ptr;
2652 uint64_t val;
2653 MemTxResult result = MEMTX_OK;
2654 bool release_lock = false;
eb7eeb88 2655
a203ac70 2656 for (;;) {
eb7eeb88
PB		 2657 if (!memory_access_is_direct(mr, false)) {
2658 /* I/O case */
2659 release_lock |= prepare_mmio_access(mr);
2660 l = memory_access_size(mr, l, addr1);
2661 switch (l) {
2662 case 8:
2663 /* 64 bit read access */
2664 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2665 attrs);
2666 stq_p(buf, val);
2667 break;
2668 case 4:
2669 /* 32 bit read access */
2670 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2671 attrs);
2672 stl_p(buf, val);
2673 break;
2674 case 2:
2675 /* 16 bit read access */
2676 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2677 attrs);
2678 stw_p(buf, val);
2679 break;
2680 case 1:
2681 /* 8 bit read access */
2682 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2683 attrs);
2684 stb_p(buf, val);
2685 break;
2686 default:
2687 abort();
2688 }
2689 } else {
2690 /* RAM case */
0878d0e1 2691 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2692 memcpy(buf, ptr, l);
2693 }
2694
2695 if (release_lock) {
2696 qemu_mutex_unlock_iothread();
2697 release_lock = false;
2698 }
2699
2700 len -= l;
2701 buf += l;
2702 addr += l;
a203ac70
PB		 2703
2704 if (!len) {
2705 break;
2706 }
2707
2708 l = len;
2709 mr = address_space_translate(as, addr, &addr1, &l, false);
2710 }
2711
2712 return result;
2713}
2714
3cc8f884
PB		 2715MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2716 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2717{
2718 hwaddr l;
2719 hwaddr addr1;
2720 MemoryRegion *mr;
2721 MemTxResult result = MEMTX_OK;
2722
2723 if (len > 0) {
2724 rcu_read_lock();
2725 l = len;
2726 mr = address_space_translate(as, addr, &addr1, &l, false);
2727 result = address_space_read_continue(as, addr, attrs, buf, len,
2728 addr1, l, mr);
2729 rcu_read_unlock();
eb7eeb88 2730 }
eb7eeb88
PB		 2731
2732 return result;
ac1970fb
AK		 2733}
2734
eb7eeb88
PB		 2735MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2736 uint8_t *buf, int len, bool is_write)
2737{
2738 if (is_write) {
2739 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2740 } else {
2741 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2742 }
2743}
ac1970fb 2744
a8170e5e 2745void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2746 int len, int is_write)
2747{
5c9eb028
PM		 2748 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2749 buf, len, is_write);
ac1970fb
AK		 2750}
2751
582b55a9
AG		 2752enum write_rom_type {
2753 WRITE_DATA,
2754 FLUSH_CACHE,
2755};
2756
2a221651 2757static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2758 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2759{
149f54b5 2760 hwaddr l;
d0ecd2aa 2761 uint8_t *ptr;
149f54b5 2762 hwaddr addr1;
5c8a00ce 2763 MemoryRegion *mr;
3b46e624 2764
41063e1e 2765 rcu_read_lock();
d0ecd2aa 2766 while (len > 0) {
149f54b5 2767 l = len;
2a221651 2768 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2769
5c8a00ce
PB		 2770 if (!(memory_region_is_ram(mr) ||
2771 memory_region_is_romd(mr))) {
b242e0e0 2772 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2773 } else {
d0ecd2aa 2774 /* ROM/RAM case */
0878d0e1 2775 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2776 switch (type) {
2777 case WRITE_DATA:
2778 memcpy(ptr, buf, l);
845b6214 2779 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2780 break;
2781 case FLUSH_CACHE:
2782 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2783 break;
2784 }
d0ecd2aa
FB		 2785 }
2786 len -= l;
2787 buf += l;
2788 addr += l;
2789 }
41063e1e 2790 rcu_read_unlock();
d0ecd2aa
FB		 2791}
2792
582b55a9 2793/* used for ROM loading : can write in RAM and ROM */
2a221651 2794void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2795 const uint8_t *buf, int len)
2796{
2a221651 2797 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2798}
2799
2800void cpu_flush_icache_range(hwaddr start, int len)
2801{
2802 /*
2803 * This function should do the same thing as an icache flush that was
2804 * triggered from within the guest. For TCG we are always cache coherent,
2805 * so there is no need to flush anything. For KVM / Xen we need to flush
2806 * the host's instruction cache at least.
2807 */
2808 if (tcg_enabled()) {
2809 return;
2810 }
2811
2a221651
EI		 2812 cpu_physical_memory_write_rom_internal(&address_space_memory,
2813 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2814}
2815
6d16c2f8 2816typedef struct {
d3e71559 2817 MemoryRegion *mr;
6d16c2f8 2818 void *buffer;
a8170e5e
AK		 2819 hwaddr addr;
2820 hwaddr len;
c2cba0ff 2821 bool in_use;
6d16c2f8
AL		 2822} BounceBuffer;
2823
2824static BounceBuffer bounce;
2825
ba223c29 2826typedef struct MapClient {
e95205e1 2827 QEMUBH *bh;
72cf2d4f 2828 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2829} MapClient;
2830
38e047b5 2831QemuMutex map_client_list_lock;
72cf2d4f
BS		 2832static QLIST_HEAD(map_client_list, MapClient) map_client_list
2833 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2834
e95205e1
FZ		 2835static void cpu_unregister_map_client_do(MapClient *client)
2836{
2837 QLIST_REMOVE(client, link);
2838 g_free(client);
2839}
2840
33b6c2ed
FZ		 2841static void cpu_notify_map_clients_locked(void)
2842{
2843 MapClient *client;
2844
2845 while (!QLIST_EMPTY(&map_client_list)) {
2846 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2847 qemu_bh_schedule(client->bh);
2848 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2849 }
2850}
2851
e95205e1 2852void cpu_register_map_client(QEMUBH *bh)
ba223c29 2853{
7267c094 2854 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2855
38e047b5 2856 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2857 client->bh = bh;
72cf2d4f 2858 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2859 if (!atomic_read(&bounce.in_use)) {
2860 cpu_notify_map_clients_locked();
2861 }
38e047b5 2862 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2863}
2864
38e047b5 2865void cpu_exec_init_all(void)
ba223c29 2866{
38e047b5 2867 qemu_mutex_init(&ram_list.mutex);
38e047b5 2868 io_mem_init();
680a4783 2869 memory_map_init();
38e047b5 2870 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2871}
2872
e95205e1 2873void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2874{
2875 MapClient *client;
2876
e95205e1
FZ		 2877 qemu_mutex_lock(&map_client_list_lock);
2878 QLIST_FOREACH(client, &map_client_list, link) {
2879 if (client->bh == bh) {
2880 cpu_unregister_map_client_do(client);
2881 break;
2882 }
ba223c29 2883 }
e95205e1 2884 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2885}
2886
2887static void cpu_notify_map_clients(void)
2888{
38e047b5 2889 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2890 cpu_notify_map_clients_locked();
38e047b5 2891 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2892}
2893
51644ab7
PB		 2894bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2895{
5c8a00ce 2896 MemoryRegion *mr;
51644ab7
PB		 2897 hwaddr l, xlat;
2898
41063e1e 2899 rcu_read_lock();
51644ab7
PB		 2900 while (len > 0) {
2901 l = len;
5c8a00ce
PB		 2902 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2903 if (!memory_access_is_direct(mr, is_write)) {
2904 l = memory_access_size(mr, l, addr);
2905 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2906 return false;
2907 }
2908 }
2909
2910 len -= l;
2911 addr += l;
2912 }
41063e1e 2913 rcu_read_unlock();
51644ab7
PB		 2914 return true;
2915}
2916
6d16c2f8
AL		 2917/* Map a physical memory region into a host virtual address.
2918 * May map a subset of the requested range, given by and returned in *plen.
2919 * May return NULL if resources needed to perform the mapping are exhausted.
2920 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2921 * Use cpu_register_map_client() to know when retrying the map operation is
2922 * likely to succeed.
6d16c2f8 2923 */
ac1970fb 2924void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2925 hwaddr addr,
2926 hwaddr *plen,
ac1970fb 2927 bool is_write)
6d16c2f8 2928{
a8170e5e 2929 hwaddr len = *plen;
e3127ae0
PB		 2930 hwaddr done = 0;
2931 hwaddr l, xlat, base;
2932 MemoryRegion *mr, *this_mr;
e81bcda5 2933 void *ptr;
6d16c2f8 2934
e3127ae0
PB		 2935 if (len == 0) {
2936 return NULL;
2937 }
38bee5dc 2938
e3127ae0 2939 l = len;
41063e1e 2940 rcu_read_lock();
e3127ae0 2941 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2942
e3127ae0 2943 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2944 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2945 rcu_read_unlock();
e3127ae0 2946 return NULL;
6d16c2f8 2947 }
e85d9db5
KW		 2948 /* Avoid unbounded allocations */
2949 l = MIN(l, TARGET_PAGE_SIZE);
2950 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2951 bounce.addr = addr;
2952 bounce.len = l;
d3e71559
PB		 2953
2954 memory_region_ref(mr);
2955 bounce.mr = mr;
e3127ae0 2956 if (!is_write) {
5c9eb028
PM		 2957 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2958 bounce.buffer, l);
8ab934f9 2959 }
6d16c2f8 2960
41063e1e 2961 rcu_read_unlock();
e3127ae0
PB		 2962 *plen = l;
2963 return bounce.buffer;
2964 }
2965
2966 base = xlat;
e3127ae0
PB		 2967
2968 for (;;) {
6d16c2f8
AL		 2969 len -= l;
2970 addr += l;
e3127ae0
PB		 2971 done += l;
2972 if (len == 0) {
2973 break;
2974 }
2975
2976 l = len;
2977 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2978 if (this_mr != mr || xlat != base + done) {
2979 break;
2980 }
6d16c2f8 2981 }
e3127ae0 2982
d3e71559 2983 memory_region_ref(mr);
e3127ae0 2984 *plen = done;
0878d0e1 2985 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2986 rcu_read_unlock();
2987
2988 return ptr;
6d16c2f8
AL		 2989}
2990
ac1970fb 2991/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2992 * Will also mark the memory as dirty if is_write == 1. access_len gives
2993 * the amount of memory that was actually read or written by the caller.
2994 */
a8170e5e
AK		 2995void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2996 int is_write, hwaddr access_len)
6d16c2f8
AL		 2997{
2998 if (buffer != bounce.buffer) {
d3e71559
PB		 2999 MemoryRegion *mr;
3000 ram_addr_t addr1;
3001
07bdaa41 3002 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3003 assert(mr != NULL);
6d16c2f8 3004 if (is_write) {
845b6214 3005 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3006 }
868bb33f 3007 if (xen_enabled()) {
e41d7c69 3008 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3009 }
d3e71559 3010 memory_region_unref(mr);
6d16c2f8
AL		 3011 return;
3012 }
3013 if (is_write) {
5c9eb028
PM		 3014 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3015 bounce.buffer, access_len);
6d16c2f8 3016 }
f8a83245 3017 qemu_vfree(bounce.buffer);
6d16c2f8 3018 bounce.buffer = NULL;
d3e71559 3019 memory_region_unref(bounce.mr);
c2cba0ff 3020 atomic_mb_set(&bounce.in_use, false);
ba223c29 3021 cpu_notify_map_clients();
6d16c2f8 3022}
d0ecd2aa 3023
a8170e5e
AK		 3024void *cpu_physical_memory_map(hwaddr addr,
3025 hwaddr *plen,
ac1970fb
AK		 3026 int is_write)
3027{
3028 return address_space_map(&address_space_memory, addr, plen, is_write);
3029}
3030
a8170e5e
AK		 3031void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3032 int is_write, hwaddr access_len)
ac1970fb
AK		 3033{
3034 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3035}
3036
8df1cd07 3037/* warning: addr must be aligned */
50013115
PM		 3038static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3039 MemTxAttrs attrs,
3040 MemTxResult *result,
3041 enum device_endian endian)
8df1cd07 3042{
8df1cd07 3043 uint8_t *ptr;
791af8c8 3044 uint64_t val;
5c8a00ce 3045 MemoryRegion *mr;
149f54b5
PB		 3046 hwaddr l = 4;
3047 hwaddr addr1;
50013115 3048 MemTxResult r;
4840f10e 3049 bool release_lock = false;
8df1cd07 3050
41063e1e 3051 rcu_read_lock();
fdfba1a2 3052 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3053 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3054 release_lock |= prepare_mmio_access(mr);
125b3806 3055
8df1cd07 3056 /* I/O case */
50013115 3057 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3058#if defined(TARGET_WORDS_BIGENDIAN)
3059 if (endian == DEVICE_LITTLE_ENDIAN) {
3060 val = bswap32(val);
3061 }
3062#else
3063 if (endian == DEVICE_BIG_ENDIAN) {
3064 val = bswap32(val);
3065 }
3066#endif
8df1cd07
FB		 3067 } else {
3068 /* RAM case */
0878d0e1 3069 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3070 switch (endian) {
3071 case DEVICE_LITTLE_ENDIAN:
3072 val = ldl_le_p(ptr);
3073 break;
3074 case DEVICE_BIG_ENDIAN:
3075 val = ldl_be_p(ptr);
3076 break;
3077 default:
3078 val = ldl_p(ptr);
3079 break;
3080 }
50013115
PM		 3081 r = MEMTX_OK;
3082 }
3083 if (result) {
3084 *result = r;
8df1cd07 3085 }
4840f10e
JK		 3086 if (release_lock) {
3087 qemu_mutex_unlock_iothread();
3088 }
41063e1e 3089 rcu_read_unlock();
8df1cd07
FB		 3090 return val;
3091}
3092
50013115
PM		 3093uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3094 MemTxAttrs attrs, MemTxResult *result)
3095{
3096 return address_space_ldl_internal(as, addr, attrs, result,
3097 DEVICE_NATIVE_ENDIAN);
3098}
3099
3100uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3101 MemTxAttrs attrs, MemTxResult *result)
3102{
3103 return address_space_ldl_internal(as, addr, attrs, result,
3104 DEVICE_LITTLE_ENDIAN);
3105}
3106
3107uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3108 MemTxAttrs attrs, MemTxResult *result)
3109{
3110 return address_space_ldl_internal(as, addr, attrs, result,
3111 DEVICE_BIG_ENDIAN);
3112}
3113
fdfba1a2 3114uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3115{
50013115 3116 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3117}
3118
fdfba1a2 3119uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3120{
50013115 3121 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3122}
3123
fdfba1a2 3124uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3125{
50013115 3126 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3127}
3128
84b7b8e7 3129/* warning: addr must be aligned */
50013115
PM		 3130static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3131 MemTxAttrs attrs,
3132 MemTxResult *result,
3133 enum device_endian endian)
84b7b8e7 3134{
84b7b8e7
FB		 3135 uint8_t *ptr;
3136 uint64_t val;
5c8a00ce 3137 MemoryRegion *mr;
149f54b5
PB		 3138 hwaddr l = 8;
3139 hwaddr addr1;
50013115 3140 MemTxResult r;
4840f10e 3141 bool release_lock = false;
84b7b8e7 3142
41063e1e 3143 rcu_read_lock();
2c17449b 3144 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3145 false);
3146 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3147 release_lock |= prepare_mmio_access(mr);
125b3806 3148
84b7b8e7 3149 /* I/O case */
50013115 3150 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3151#if defined(TARGET_WORDS_BIGENDIAN)
3152 if (endian == DEVICE_LITTLE_ENDIAN) {
3153 val = bswap64(val);
3154 }
3155#else
3156 if (endian == DEVICE_BIG_ENDIAN) {
3157 val = bswap64(val);
3158 }
84b7b8e7
FB		 3159#endif
3160 } else {
3161 /* RAM case */
0878d0e1 3162 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3163 switch (endian) {
3164 case DEVICE_LITTLE_ENDIAN:
3165 val = ldq_le_p(ptr);
3166 break;
3167 case DEVICE_BIG_ENDIAN:
3168 val = ldq_be_p(ptr);
3169 break;
3170 default:
3171 val = ldq_p(ptr);
3172 break;
3173 }
50013115
PM		 3174 r = MEMTX_OK;
3175 }
3176 if (result) {
3177 *result = r;
84b7b8e7 3178 }
4840f10e
JK		 3179 if (release_lock) {
3180 qemu_mutex_unlock_iothread();
3181 }
41063e1e 3182 rcu_read_unlock();
84b7b8e7
FB		 3183 return val;
3184}
3185
50013115
PM		 3186uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3187 MemTxAttrs attrs, MemTxResult *result)
3188{
3189 return address_space_ldq_internal(as, addr, attrs, result,
3190 DEVICE_NATIVE_ENDIAN);
3191}
3192
3193uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3194 MemTxAttrs attrs, MemTxResult *result)
3195{
3196 return address_space_ldq_internal(as, addr, attrs, result,
3197 DEVICE_LITTLE_ENDIAN);
3198}
3199
3200uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3201 MemTxAttrs attrs, MemTxResult *result)
3202{
3203 return address_space_ldq_internal(as, addr, attrs, result,
3204 DEVICE_BIG_ENDIAN);
3205}
3206
2c17449b 3207uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3208{
50013115 3209 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3210}
3211
2c17449b 3212uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3213{
50013115 3214 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3215}
3216
2c17449b 3217uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3218{
50013115 3219 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3220}
3221
aab33094 3222/* XXX: optimize */
50013115
PM		 3223uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3224 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3225{
3226 uint8_t val;
50013115
PM		 3227 MemTxResult r;
3228
3229 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3230 if (result) {
3231 *result = r;
3232 }
aab33094
FB		 3233 return val;
3234}
3235
50013115
PM		 3236uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3237{
3238 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3239}
3240
733f0b02 3241/* warning: addr must be aligned */
50013115
PM		 3242static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3243 hwaddr addr,
3244 MemTxAttrs attrs,
3245 MemTxResult *result,
3246 enum device_endian endian)
aab33094 3247{
733f0b02
MT		 3248 uint8_t *ptr;
3249 uint64_t val;
5c8a00ce 3250 MemoryRegion *mr;
149f54b5
PB		 3251 hwaddr l = 2;
3252 hwaddr addr1;
50013115 3253 MemTxResult r;
4840f10e 3254 bool release_lock = false;
733f0b02 3255
41063e1e 3256 rcu_read_lock();
41701aa4 3257 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3258 false);
3259 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3260 release_lock |= prepare_mmio_access(mr);
125b3806 3261
733f0b02 3262 /* I/O case */
50013115 3263 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3264#if defined(TARGET_WORDS_BIGENDIAN)
3265 if (endian == DEVICE_LITTLE_ENDIAN) {
3266 val = bswap16(val);
3267 }
3268#else
3269 if (endian == DEVICE_BIG_ENDIAN) {
3270 val = bswap16(val);
3271 }
3272#endif
733f0b02
MT		 3273 } else {
3274 /* RAM case */
0878d0e1 3275 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3276 switch (endian) {
3277 case DEVICE_LITTLE_ENDIAN:
3278 val = lduw_le_p(ptr);
3279 break;
3280 case DEVICE_BIG_ENDIAN:
3281 val = lduw_be_p(ptr);
3282 break;
3283 default:
3284 val = lduw_p(ptr);
3285 break;
3286 }
50013115
PM		 3287 r = MEMTX_OK;
3288 }
3289 if (result) {
3290 *result = r;
733f0b02 3291 }
4840f10e
JK		 3292 if (release_lock) {
3293 qemu_mutex_unlock_iothread();
3294 }
41063e1e 3295 rcu_read_unlock();
733f0b02 3296 return val;
aab33094
FB		 3297}
3298
50013115
PM		 3299uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3300 MemTxAttrs attrs, MemTxResult *result)
3301{
3302 return address_space_lduw_internal(as, addr, attrs, result,
3303 DEVICE_NATIVE_ENDIAN);
3304}
3305
3306uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3307 MemTxAttrs attrs, MemTxResult *result)
3308{
3309 return address_space_lduw_internal(as, addr, attrs, result,
3310 DEVICE_LITTLE_ENDIAN);
3311}
3312
3313uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3314 MemTxAttrs attrs, MemTxResult *result)
3315{
3316 return address_space_lduw_internal(as, addr, attrs, result,
3317 DEVICE_BIG_ENDIAN);
3318}
3319
41701aa4 3320uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3321{
50013115 3322 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3323}
3324
41701aa4 3325uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3326{
50013115 3327 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3328}
3329
41701aa4 3330uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3331{
50013115 3332 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3333}
3334
8df1cd07
FB		 3335/* warning: addr must be aligned. The ram page is not masked as dirty
3336 and the code inside is not invalidated. It is useful if the dirty
3337 bits are used to track modified PTEs */
50013115
PM		 3338void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3339 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3340{
8df1cd07 3341 uint8_t *ptr;
5c8a00ce 3342 MemoryRegion *mr;
149f54b5
PB		 3343 hwaddr l = 4;
3344 hwaddr addr1;
50013115 3345 MemTxResult r;
845b6214 3346 uint8_t dirty_log_mask;
4840f10e 3347 bool release_lock = false;
8df1cd07 3348
41063e1e 3349 rcu_read_lock();
2198a121 3350 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3351 true);
3352 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3353 release_lock |= prepare_mmio_access(mr);
125b3806 3354
50013115 3355 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3356 } else {
0878d0e1 3357 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3358 stl_p(ptr, val);
74576198 3359
845b6214
PB		 3360 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3361 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3362 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3363 4, dirty_log_mask);
50013115
PM		 3364 r = MEMTX_OK;
3365 }
3366 if (result) {
3367 *result = r;
8df1cd07 3368 }
4840f10e
JK		 3369 if (release_lock) {
3370 qemu_mutex_unlock_iothread();
3371 }
41063e1e 3372 rcu_read_unlock();
8df1cd07
FB		 3373}
3374
50013115
PM		 3375void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3376{
3377 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3378}
3379
8df1cd07 3380/* warning: addr must be aligned */
50013115
PM		 3381static inline void address_space_stl_internal(AddressSpace *as,
3382 hwaddr addr, uint32_t val,
3383 MemTxAttrs attrs,
3384 MemTxResult *result,
3385 enum device_endian endian)
8df1cd07 3386{
8df1cd07 3387 uint8_t *ptr;
5c8a00ce 3388 MemoryRegion *mr;
149f54b5
PB		 3389 hwaddr l = 4;
3390 hwaddr addr1;
50013115 3391 MemTxResult r;
4840f10e 3392 bool release_lock = false;
8df1cd07 3393
41063e1e 3394 rcu_read_lock();
ab1da857 3395 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3396 true);
3397 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3398 release_lock |= prepare_mmio_access(mr);
125b3806 3399
1e78bcc1
AG		 3400#if defined(TARGET_WORDS_BIGENDIAN)
3401 if (endian == DEVICE_LITTLE_ENDIAN) {
3402 val = bswap32(val);
3403 }
3404#else
3405 if (endian == DEVICE_BIG_ENDIAN) {
3406 val = bswap32(val);
3407 }
3408#endif
50013115 3409 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3410 } else {
8df1cd07 3411 /* RAM case */
0878d0e1 3412 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3413 switch (endian) {
3414 case DEVICE_LITTLE_ENDIAN:
3415 stl_le_p(ptr, val);
3416 break;
3417 case DEVICE_BIG_ENDIAN:
3418 stl_be_p(ptr, val);
3419 break;
3420 default:
3421 stl_p(ptr, val);
3422 break;
3423 }
845b6214 3424 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3425 r = MEMTX_OK;
3426 }
3427 if (result) {
3428 *result = r;
8df1cd07 3429 }
4840f10e
JK		 3430 if (release_lock) {
3431 qemu_mutex_unlock_iothread();
3432 }
41063e1e 3433 rcu_read_unlock();
8df1cd07
FB		 3434}
3435
50013115
PM		 3436void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3437 MemTxAttrs attrs, MemTxResult *result)
3438{
3439 address_space_stl_internal(as, addr, val, attrs, result,
3440 DEVICE_NATIVE_ENDIAN);
3441}
3442
3443void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3444 MemTxAttrs attrs, MemTxResult *result)
3445{
3446 address_space_stl_internal(as, addr, val, attrs, result,
3447 DEVICE_LITTLE_ENDIAN);
3448}
3449
3450void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3451 MemTxAttrs attrs, MemTxResult *result)
3452{
3453 address_space_stl_internal(as, addr, val, attrs, result,
3454 DEVICE_BIG_ENDIAN);
3455}
3456
ab1da857 3457void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3458{
50013115 3459 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3460}
3461
ab1da857 3462void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3463{
50013115 3464 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3465}
3466
ab1da857 3467void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3468{
50013115 3469 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3470}
3471
aab33094 3472/* XXX: optimize */
50013115
PM		 3473void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3474 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3475{
3476 uint8_t v = val;
50013115
PM		 3477 MemTxResult r;
3478
3479 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3480 if (result) {
3481 *result = r;
3482 }
3483}
3484
3485void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3486{
3487 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3488}
3489
733f0b02 3490/* warning: addr must be aligned */
50013115
PM		 3491static inline void address_space_stw_internal(AddressSpace *as,
3492 hwaddr addr, uint32_t val,
3493 MemTxAttrs attrs,
3494 MemTxResult *result,
3495 enum device_endian endian)
aab33094 3496{
733f0b02 3497 uint8_t *ptr;
5c8a00ce 3498 MemoryRegion *mr;
149f54b5
PB		 3499 hwaddr l = 2;
3500 hwaddr addr1;
50013115 3501 MemTxResult r;
4840f10e 3502 bool release_lock = false;
733f0b02 3503
41063e1e 3504 rcu_read_lock();
5ce5944d 3505 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3506 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3507 release_lock |= prepare_mmio_access(mr);
125b3806 3508
1e78bcc1
AG		 3509#if defined(TARGET_WORDS_BIGENDIAN)
3510 if (endian == DEVICE_LITTLE_ENDIAN) {
3511 val = bswap16(val);
3512 }
3513#else
3514 if (endian == DEVICE_BIG_ENDIAN) {
3515 val = bswap16(val);
3516 }
3517#endif
50013115 3518 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3519 } else {
733f0b02 3520 /* RAM case */
0878d0e1 3521 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3522 switch (endian) {
3523 case DEVICE_LITTLE_ENDIAN:
3524 stw_le_p(ptr, val);
3525 break;
3526 case DEVICE_BIG_ENDIAN:
3527 stw_be_p(ptr, val);
3528 break;
3529 default:
3530 stw_p(ptr, val);
3531 break;
3532 }
845b6214 3533 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3534 r = MEMTX_OK;
3535 }
3536 if (result) {
3537 *result = r;
733f0b02 3538 }
4840f10e
JK		 3539 if (release_lock) {
3540 qemu_mutex_unlock_iothread();
3541 }
41063e1e 3542 rcu_read_unlock();
aab33094
FB		 3543}
3544
50013115
PM		 3545void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3546 MemTxAttrs attrs, MemTxResult *result)
3547{
3548 address_space_stw_internal(as, addr, val, attrs, result,
3549 DEVICE_NATIVE_ENDIAN);
3550}
3551
3552void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3553 MemTxAttrs attrs, MemTxResult *result)
3554{
3555 address_space_stw_internal(as, addr, val, attrs, result,
3556 DEVICE_LITTLE_ENDIAN);
3557}
3558
3559void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3560 MemTxAttrs attrs, MemTxResult *result)
3561{
3562 address_space_stw_internal(as, addr, val, attrs, result,
3563 DEVICE_BIG_ENDIAN);
3564}
3565
5ce5944d 3566void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3567{
50013115 3568 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3569}
3570
5ce5944d 3571void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3572{
50013115 3573 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3574}
3575
5ce5944d 3576void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3577{
50013115 3578 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3579}
3580
aab33094 3581/* XXX: optimize */
50013115
PM		 3582void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3583 MemTxAttrs attrs, MemTxResult *result)
aab33094 3584{
50013115 3585 MemTxResult r;
aab33094 3586 val = tswap64(val);
50013115
PM		 3587 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3588 if (result) {
3589 *result = r;
3590 }
aab33094
FB		 3591}
3592
50013115
PM		 3593void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3594 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3595{
50013115 3596 MemTxResult r;
1e78bcc1 3597 val = cpu_to_le64(val);
50013115
PM		 3598 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3599 if (result) {
3600 *result = r;
3601 }
3602}
3603void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3604 MemTxAttrs attrs, MemTxResult *result)
3605{
3606 MemTxResult r;
3607 val = cpu_to_be64(val);
3608 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3609 if (result) {
3610 *result = r;
3611 }
3612}
3613
3614void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3615{
3616 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3617}
3618
3619void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3620{
3621 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3622}
3623
f606604f 3624void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3625{
50013115 3626 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3627}
3628
5e2972fd 3629/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3630int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3631 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3632{
3633 int l;
a8170e5e 3634 hwaddr phys_addr;
9b3c35e0 3635 target_ulong page;
13eb76e0
FB		 3636
3637 while (len > 0) {
5232e4c7
PM		 3638 int asidx;
3639 MemTxAttrs attrs;
3640
13eb76e0 3641 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3642 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3643 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3644 /* if no physical page mapped, return an error */
3645 if (phys_addr == -1)
3646 return -1;
3647 l = (page + TARGET_PAGE_SIZE) - addr;
3648 if (l > len)
3649 l = len;
5e2972fd 3650 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3651 if (is_write) {
5232e4c7
PM		 3652 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3653 phys_addr, buf, l);
2e38847b 3654 } else {
5232e4c7
PM		 3655 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3656 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3657 buf, l, 0);
2e38847b 3658 }
13eb76e0
FB		 3659 len -= l;
3660 buf += l;
3661 addr += l;
3662 }
3663 return 0;
3664}
038629a6
DDAG		 3665
3666/*
3667 * Allows code that needs to deal with migration bitmaps etc to still be built
3668 * target independent.
3669 */
3670size_t qemu_target_page_bits(void)
3671{
3672 return TARGET_PAGE_BITS;
3673}
3674
a68fe89c 3675#endif
13eb76e0 3676
8e4a424b
BS		 3677/*
3678 * A helper function for the _utterly broken_ virtio device model to find out if
3679 * it's running on a big endian machine. Don't do this at home kids!
3680 */
98ed8ecf
GK		 3681bool target_words_bigendian(void);
3682bool target_words_bigendian(void)
8e4a424b
BS		 3683{
3684#if defined(TARGET_WORDS_BIGENDIAN)
3685 return true;
3686#else
3687 return false;
3688#endif
3689}
3690
76f35538 3691#ifndef CONFIG_USER_ONLY
a8170e5e 3692bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3693{
5c8a00ce 3694 MemoryRegion*mr;
149f54b5 3695 hwaddr l = 1;
41063e1e 3696 bool res;
76f35538 3697
41063e1e 3698 rcu_read_lock();
5c8a00ce
PB		 3699 mr = address_space_translate(&address_space_memory,
3700 phys_addr, &phys_addr, &l, false);
76f35538 3701
41063e1e
PB		 3702 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3703 rcu_read_unlock();
3704 return res;
76f35538 3705}
bd2fa51f 3706
e3807054 3707int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3708{
3709 RAMBlock *block;
e3807054 3710 int ret = 0;
bd2fa51f 3711
0dc3f44a
MD		 3712 rcu_read_lock();
3713 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3714 ret = func(block->idstr, block->host, block->offset,
3715 block->used_length, opaque);
3716 if (ret) {
3717 break;
3718 }
bd2fa51f 3719 }
0dc3f44a 3720 rcu_read_unlock();
e3807054 3721 return ret;
bd2fa51f 3722}
ec3f8c99 3723#endif
QEMU mirror