]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vhost-user-test: use tmpfs by default
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
0cac1b66 53
022c62cb 54#include "exec/memory-internal.h"
220c3ebd 55#include "exec/ram_addr.h"
67d95c15 56
b35ba30f
MT		 57#include "qemu/range.h"
58
db7b5426 59//#define DEBUG_SUBPAGE
1196be37 60
e2eef170 61#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 62/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
63 * are protected by the ramlist lock.
64 */
0d53d9fe 65RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 66
67static MemoryRegion *system_memory;
309cb471 68static MemoryRegion *system_io;
62152b8a 69
f6790af6
AK		 70AddressSpace address_space_io;
71AddressSpace address_space_memory;
2673a5da 72
0844e007 73MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 74static MemoryRegion io_mem_unassigned;
0e0df1e2 75
7bd4f430
PB		 76/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
77#define RAM_PREALLOC (1 << 0)
78
dbcb8981
PB		 79/* RAM is mmap-ed with MAP_SHARED */
80#define RAM_SHARED (1 << 1)
81
62be4e3a
MT		 82/* Only a portion of RAM (used_length) is actually used, and migrated.
83 * This used_length size can change across reboots.
84 */
85#define RAM_RESIZEABLE (1 << 2)
86
8561c924
MT		 87/* An extra page is mapped on top of this RAM.
88 */
89#define RAM_EXTRA (1 << 3)
e2eef170 90#endif
9fa3e853 91
bdc44640 92struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 93/* current CPU in the current thread. It is only valid inside
94 cpu_exec() */
f240eb6f 95__thread CPUState *current_cpu;
2e70f6ef 96/* 0 = Do not count executed instructions.
bf20dc07 97 1 = Precise instruction counting.
2e70f6ef 98 2 = Adaptive rate instruction counting. */
5708fc66 99int use_icount;
6a00d601 100
e2eef170 101#if !defined(CONFIG_USER_ONLY)
4346ae3e 102
1db8abb1
PB		 103typedef struct PhysPageEntry PhysPageEntry;
104
105struct PhysPageEntry {
9736e55b 106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 107 uint32_t skip : 6;
9736e55b 108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 109 uint32_t ptr : 26;
1db8abb1
PB		 110};
111
8b795765
MT		 112#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113
03f49957 114/* Size of the L2 (and L3, etc) page tables. */
57271d63 115#define ADDR_SPACE_BITS 64
03f49957 116
026736ce 117#define P_L2_BITS 9
03f49957
PB		 118#define P_L2_SIZE (1 << P_L2_BITS)
119
120#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121
122typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 123
53cb28cb 124typedef struct PhysPageMap {
79e2b9ae
PB		 125 struct rcu_head rcu;
126
53cb28cb
MA		 127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
129 unsigned nodes_nb;
130 unsigned nodes_nb_alloc;
131 Node *nodes;
132 MemoryRegionSection *sections;
133} PhysPageMap;
134
1db8abb1 135struct AddressSpaceDispatch {
79e2b9ae
PB		 136 struct rcu_head rcu;
137
1db8abb1
PB		 138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
140 */
141 PhysPageEntry phys_map;
53cb28cb 142 PhysPageMap map;
acc9d80b 143 AddressSpace *as;
1db8abb1
PB		 144};
145
90260c6c
JK		 146#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147typedef struct subpage_t {
148 MemoryRegion iomem;
acc9d80b 149 AddressSpace *as;
90260c6c
JK		 150 hwaddr base;
151 uint16_t sub_section[TARGET_PAGE_SIZE];
152} subpage_t;
153
b41aac4f
LPF		 154#define PHYS_SECTION_UNASSIGNED 0
155#define PHYS_SECTION_NOTDIRTY 1
156#define PHYS_SECTION_ROM 2
157#define PHYS_SECTION_WATCH 3
5312bd8b 158
e2eef170 159static void io_mem_init(void);
62152b8a 160static void memory_map_init(void);
09daed84 161static void tcg_commit(MemoryListener *listener);
e2eef170 162
1ec9b909 163static MemoryRegion io_mem_watch;
6658ffb8 164#endif
fd6ce8f6 165
6d9a1304 166#if !defined(CONFIG_USER_ONLY)
d6f2ea22 167
53cb28cb 168static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 169{
53cb28cb
MA		 170 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
171 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
172 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
173 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 174 }
f7bf5461
AK		 175}
176
db94604b 177static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 178{
179 unsigned i;
8b795765 180 uint32_t ret;
db94604b
PB		 181 PhysPageEntry e;
182 PhysPageEntry *p;
f7bf5461 183
53cb28cb 184 ret = map->nodes_nb++;
db94604b 185 p = map->nodes[ret];
f7bf5461 186 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 187 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 188
189 e.skip = leaf ? 0 : 1;
190 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 191 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 192 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 193 }
f7bf5461 194 return ret;
d6f2ea22
AK		 195}
196
53cb28cb
MA		 197static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
198 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 199 int level)
f7bf5461
AK		 200{
201 PhysPageEntry *p;
03f49957 202 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 203
9736e55b 204 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 205 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 206 }
db94604b 207 p = map->nodes[lp->ptr];
03f49957 208 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 209
03f49957 210 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 211 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 212 lp->skip = 0;
c19e8800 213 lp->ptr = leaf;
07f07b31
AK		 214 *index += step;
215 *nb -= step;
2999097b 216 } else {
53cb28cb 217 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 218 }
219 ++lp;
f7bf5461
AK		 220 }
221}
222
ac1970fb 223static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 224 hwaddr index, hwaddr nb,
2999097b 225 uint16_t leaf)
f7bf5461 226{
2999097b 227 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 228 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 229
53cb28cb 230 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 231}
232
b35ba30f
MT		 233/* Compact a non leaf page entry. Simply detect that the entry has a single child,
234 * and update our entry so we can skip it and go directly to the destination.
235 */
236static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
237{
238 unsigned valid_ptr = P_L2_SIZE;
239 int valid = 0;
240 PhysPageEntry *p;
241 int i;
242
243 if (lp->ptr == PHYS_MAP_NODE_NIL) {
244 return;
245 }
246
247 p = nodes[lp->ptr];
248 for (i = 0; i < P_L2_SIZE; i++) {
249 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
250 continue;
251 }
252
253 valid_ptr = i;
254 valid++;
255 if (p[i].skip) {
256 phys_page_compact(&p[i], nodes, compacted);
257 }
258 }
259
260 /* We can only compress if there's only one child. */
261 if (valid != 1) {
262 return;
263 }
264
265 assert(valid_ptr < P_L2_SIZE);
266
267 /* Don't compress if it won't fit in the # of bits we have. */
268 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
269 return;
270 }
271
272 lp->ptr = p[valid_ptr].ptr;
273 if (!p[valid_ptr].skip) {
274 /* If our only child is a leaf, make this a leaf. */
275 /* By design, we should have made this node a leaf to begin with so we
276 * should never reach here.
277 * But since it's so simple to handle this, let's do it just in case we
278 * change this rule.
279 */
280 lp->skip = 0;
281 } else {
282 lp->skip += p[valid_ptr].skip;
283 }
284}
285
286static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
287{
288 DECLARE_BITMAP(compacted, nodes_nb);
289
290 if (d->phys_map.skip) {
53cb28cb 291 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 292 }
293}
294
97115a8d 295static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 296 Node *nodes, MemoryRegionSection *sections)
92e873b9 297{
31ab2b4a 298 PhysPageEntry *p;
97115a8d 299 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 300 int i;
f1f6e3b8 301
9736e55b 302 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 303 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 304 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 305 }
9affd6fc 306 p = nodes[lp.ptr];
03f49957 307 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 308 }
b35ba30f
MT		 309
310 if (sections[lp.ptr].size.hi ||
311 range_covers_byte(sections[lp.ptr].offset_within_address_space,
312 sections[lp.ptr].size.lo, addr)) {
313 return &sections[lp.ptr];
314 } else {
315 return &sections[PHYS_SECTION_UNASSIGNED];
316 }
f3705d53
AK		 317}
318
e5548617
BS		 319bool memory_region_is_unassigned(MemoryRegion *mr)
320{
2a8e7499 321 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 322 && mr != &io_mem_watch;
fd6ce8f6 323}
149f54b5 324
79e2b9ae 325/* Called from RCU critical section */
c7086b4a 326static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 327 hwaddr addr,
328 bool resolve_subpage)
9f029603 329{
90260c6c
JK		 330 MemoryRegionSection *section;
331 subpage_t *subpage;
332
53cb28cb 333 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 334 if (resolve_subpage && section->mr->subpage) {
335 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 336 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 337 }
338 return section;
9f029603
JK		 339}
340
79e2b9ae 341/* Called from RCU critical section */
90260c6c 342static MemoryRegionSection *
c7086b4a 343address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 344 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 345{
346 MemoryRegionSection *section;
965eb2fc 347 MemoryRegion *mr;
a87f3954 348 Int128 diff;
149f54b5 349
c7086b4a 350 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 351 /* Compute offset within MemoryRegionSection */
352 addr -= section->offset_within_address_space;
353
354 /* Compute offset within MemoryRegion */
355 *xlat = addr + section->offset_within_region;
356
965eb2fc 357 mr = section->mr;
b242e0e0
PB		 358
359 /* MMIO registers can be expected to perform full-width accesses based only
360 * on their address, without considering adjacent registers that could
361 * decode to completely different MemoryRegions. When such registers
362 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
363 * regions overlap wildly. For this reason we cannot clamp the accesses
364 * here.
365 *
366 * If the length is small (as is the case for address_space_ldl/stl),
367 * everything works fine. If the incoming length is large, however,
368 * the caller really has to do the clamping through memory_access_size.
369 */
965eb2fc 370 if (memory_region_is_ram(mr)) {
e4a511f8 371 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 372 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
373 }
149f54b5
PB		 374 return section;
375}
90260c6c 376
a87f3954
PB		 377static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
378{
379 if (memory_region_is_ram(mr)) {
380 return !(is_write && mr->readonly);
381 }
382 if (memory_region_is_romd(mr)) {
383 return !is_write;
384 }
385
386 return false;
387}
388
41063e1e 389/* Called from RCU critical section */
5c8a00ce
PB		 390MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
391 hwaddr *xlat, hwaddr *plen,
392 bool is_write)
90260c6c 393{
30951157
AK		 394 IOMMUTLBEntry iotlb;
395 MemoryRegionSection *section;
396 MemoryRegion *mr;
30951157
AK		 397
398 for (;;) {
79e2b9ae
PB		 399 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
400 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 401 mr = section->mr;
402
403 if (!mr->iommu_ops) {
404 break;
405 }
406
8d7b8cb9 407 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 408 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
409 | (addr & iotlb.addr_mask));
23820dbf 410 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 411 if (!(iotlb.perm & (1 << is_write))) {
412 mr = &io_mem_unassigned;
413 break;
414 }
415
416 as = iotlb.target_as;
417 }
418
fe680d0d 419 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 420 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 421 *plen = MIN(page, *plen);
a87f3954
PB		 422 }
423
30951157
AK		 424 *xlat = addr;
425 return mr;
90260c6c
JK		 426}
427
79e2b9ae 428/* Called from RCU critical section */
90260c6c 429MemoryRegionSection *
9d82b5a7
PB		 430address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
431 hwaddr *xlat, hwaddr *plen)
90260c6c 432{
30951157 433 MemoryRegionSection *section;
9d82b5a7
PB		 434 section = address_space_translate_internal(cpu->memory_dispatch,
435 addr, xlat, plen, false);
30951157
AK		 436
437 assert(!section->mr->iommu_ops);
438 return section;
90260c6c 439}
5b6dd868 440#endif
fd6ce8f6 441
b170fce3 442#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 443
444static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 445{
259186a7 446 CPUState *cpu = opaque;
a513fe19 447
5b6dd868
BS		 448 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
449 version_id is increased. */
259186a7 450 cpu->interrupt_request &= ~0x01;
c01a71c1 451 tlb_flush(cpu, 1);
5b6dd868
BS		 452
453 return 0;
a513fe19 454}
7501267e 455
6c3bff0e
PD		 456static int cpu_common_pre_load(void *opaque)
457{
458 CPUState *cpu = opaque;
459
adee6424 460 cpu->exception_index = -1;
6c3bff0e
PD		 461
462 return 0;
463}
464
465static bool cpu_common_exception_index_needed(void *opaque)
466{
467 CPUState *cpu = opaque;
468
adee6424 469 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 470}
471
472static const VMStateDescription vmstate_cpu_common_exception_index = {
473 .name = "cpu_common/exception_index",
474 .version_id = 1,
475 .minimum_version_id = 1,
5cd8cada 476 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 477 .fields = (VMStateField[]) {
478 VMSTATE_INT32(exception_index, CPUState),
479 VMSTATE_END_OF_LIST()
480 }
481};
482
bac05aa9
AS		 483static bool cpu_common_crash_occurred_needed(void *opaque)
484{
485 CPUState *cpu = opaque;
486
487 return cpu->crash_occurred;
488}
489
490static const VMStateDescription vmstate_cpu_common_crash_occurred = {
491 .name = "cpu_common/crash_occurred",
492 .version_id = 1,
493 .minimum_version_id = 1,
494 .needed = cpu_common_crash_occurred_needed,
495 .fields = (VMStateField[]) {
496 VMSTATE_BOOL(crash_occurred, CPUState),
497 VMSTATE_END_OF_LIST()
498 }
499};
500
1a1562f5 501const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 502 .name = "cpu_common",
503 .version_id = 1,
504 .minimum_version_id = 1,
6c3bff0e 505 .pre_load = cpu_common_pre_load,
5b6dd868 506 .post_load = cpu_common_post_load,
35d08458 507 .fields = (VMStateField[]) {
259186a7
AF		 508 VMSTATE_UINT32(halted, CPUState),
509 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 510 VMSTATE_END_OF_LIST()
6c3bff0e 511 },
5cd8cada
JQ		 512 .subsections = (const VMStateDescription*[]) {
513 &vmstate_cpu_common_exception_index,
bac05aa9 514 &vmstate_cpu_common_crash_occurred,
5cd8cada 515 NULL
5b6dd868
BS		 516 }
517};
1a1562f5 518
5b6dd868 519#endif
ea041c0e 520
38d8f5c8 521CPUState *qemu_get_cpu(int index)
ea041c0e 522{
bdc44640 523 CPUState *cpu;
ea041c0e 524
bdc44640 525 CPU_FOREACH(cpu) {
55e5c285 526 if (cpu->cpu_index == index) {
bdc44640 527 return cpu;
55e5c285 528 }
ea041c0e 529 }
5b6dd868 530
bdc44640 531 return NULL;
ea041c0e
FB		 532}
533
09daed84
EI		 534#if !defined(CONFIG_USER_ONLY)
535void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
536{
537 /* We only support one address space per cpu at the moment. */
538 assert(cpu->as == as);
539
540 if (cpu->tcg_as_listener) {
541 memory_listener_unregister(cpu->tcg_as_listener);
542 } else {
543 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
544 }
545 cpu->tcg_as_listener->commit = tcg_commit;
546 memory_listener_register(cpu->tcg_as_listener, as);
547}
548#endif
549
b7bca733
BR		 550#ifndef CONFIG_USER_ONLY
551static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
552
553static int cpu_get_free_index(Error **errp)
554{
555 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
556
557 if (cpu >= MAX_CPUMASK_BITS) {
558 error_setg(errp, "Trying to use more CPUs than max of %d",
559 MAX_CPUMASK_BITS);
560 return -1;
561 }
562
563 bitmap_set(cpu_index_map, cpu, 1);
564 return cpu;
565}
566
567void cpu_exec_exit(CPUState *cpu)
568{
569 if (cpu->cpu_index == -1) {
570 /* cpu_index was never allocated by this @cpu or was already freed. */
571 return;
572 }
573
574 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
575 cpu->cpu_index = -1;
576}
577#else
578
579static int cpu_get_free_index(Error **errp)
580{
581 CPUState *some_cpu;
582 int cpu_index = 0;
583
584 CPU_FOREACH(some_cpu) {
585 cpu_index++;
586 }
587 return cpu_index;
588}
589
590void cpu_exec_exit(CPUState *cpu)
591{
592}
593#endif
594
4bad9e39 595void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 596{
b170fce3 597 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 598 int cpu_index;
b7bca733 599 Error *local_err = NULL;
5b6dd868 600
291135b5
EH		 601#ifndef CONFIG_USER_ONLY
602 cpu->as = &address_space_memory;
603 cpu->thread_id = qemu_get_thread_id();
604 cpu_reload_memory_map(cpu);
605#endif
606
5b6dd868
BS		 607#if defined(CONFIG_USER_ONLY)
608 cpu_list_lock();
609#endif
b7bca733
BR		 610 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
611 if (local_err) {
612 error_propagate(errp, local_err);
613#if defined(CONFIG_USER_ONLY)
614 cpu_list_unlock();
615#endif
616 return;
5b6dd868 617 }
bdc44640 618 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 619#if defined(CONFIG_USER_ONLY)
620 cpu_list_unlock();
621#endif
e0d47944
AF		 622 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
623 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
624 }
5b6dd868 625#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 626 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 627 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 628 assert(cc->vmsd == NULL);
e0d47944 629 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 630#endif
b170fce3
AF		 631 if (cc->vmsd != NULL) {
632 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
633 }
ea041c0e
FB		 634}
635
94df27fd 636#if defined(CONFIG_USER_ONLY)
00b941e5 637static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 638{
639 tb_invalidate_phys_page_range(pc, pc + 1, 0);
640}
641#else
00b941e5 642static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 643{
e8262a1b
MF		 644 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
645 if (phys != -1) {
09daed84 646 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 647 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 648 }
1e7855a5 649}
c27004ec 650#endif
d720b93d 651
c527ee8f 652#if defined(CONFIG_USER_ONLY)
75a34036 653void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 654
655{
656}
657
3ee887e8
PM		 658int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
659 int flags)
660{
661 return -ENOSYS;
662}
663
664void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
665{
666}
667
75a34036 668int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 669 int flags, CPUWatchpoint **watchpoint)
670{
671 return -ENOSYS;
672}
673#else
6658ffb8 674/* Add a watchpoint. */
75a34036 675int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 676 int flags, CPUWatchpoint **watchpoint)
6658ffb8 677{
c0ce998e 678 CPUWatchpoint *wp;
6658ffb8 679
05068c0d 680 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 681 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 682 error_report("tried to set invalid watchpoint at %"
683 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 684 return -EINVAL;
685 }
7267c094 686 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 687
688 wp->vaddr = addr;
05068c0d 689 wp->len = len;
a1d1bb31
AL		 690 wp->flags = flags;
691
2dc9f411 692 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 693 if (flags & BP_GDB) {
694 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
695 } else {
696 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
697 }
6658ffb8 698
31b030d4 699 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 700
701 if (watchpoint)
702 *watchpoint = wp;
703 return 0;
6658ffb8
PB		 704}
705
a1d1bb31 706/* Remove a specific watchpoint. */
75a34036 707int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 708 int flags)
6658ffb8 709{
a1d1bb31 710 CPUWatchpoint *wp;
6658ffb8 711
ff4700b0 712 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 713 if (addr == wp->vaddr && len == wp->len
6e140f28 714 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 715 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 716 return 0;
717 }
718 }
a1d1bb31 719 return -ENOENT;
6658ffb8
PB		 720}
721
a1d1bb31 722/* Remove a specific watchpoint by reference. */
75a34036 723void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 724{
ff4700b0 725 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 726
31b030d4 727 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 728
7267c094 729 g_free(watchpoint);
a1d1bb31
AL		 730}
731
732/* Remove all matching watchpoints. */
75a34036 733void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 734{
c0ce998e 735 CPUWatchpoint *wp, *next;
a1d1bb31 736
ff4700b0 737 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 738 if (wp->flags & mask) {
739 cpu_watchpoint_remove_by_ref(cpu, wp);
740 }
c0ce998e 741 }
7d03f82f 742}
05068c0d
PM		 743
744/* Return true if this watchpoint address matches the specified
745 * access (ie the address range covered by the watchpoint overlaps
746 * partially or completely with the address range covered by the
747 * access).
748 */
749static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
750 vaddr addr,
751 vaddr len)
752{
753 /* We know the lengths are non-zero, but a little caution is
754 * required to avoid errors in the case where the range ends
755 * exactly at the top of the address space and so addr + len
756 * wraps round to zero.
757 */
758 vaddr wpend = wp->vaddr + wp->len - 1;
759 vaddr addrend = addr + len - 1;
760
761 return !(addr > wpend || wp->vaddr > addrend);
762}
763
c527ee8f 764#endif
7d03f82f 765
a1d1bb31 766/* Add a breakpoint. */
b3310ab3 767int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 768 CPUBreakpoint **breakpoint)
4c3a88a2 769{
c0ce998e 770 CPUBreakpoint *bp;
3b46e624 771
7267c094 772 bp = g_malloc(sizeof(*bp));
4c3a88a2 773
a1d1bb31
AL		 774 bp->pc = pc;
775 bp->flags = flags;
776
2dc9f411 777 /* keep all GDB-injected breakpoints in front */
00b941e5 778 if (flags & BP_GDB) {
f0c3c505 779 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 780 } else {
f0c3c505 781 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 782 }
3b46e624 783
f0c3c505 784 breakpoint_invalidate(cpu, pc);
a1d1bb31 785
00b941e5 786 if (breakpoint) {
a1d1bb31 787 *breakpoint = bp;
00b941e5 788 }
4c3a88a2 789 return 0;
4c3a88a2
FB		 790}
791
a1d1bb31 792/* Remove a specific breakpoint. */
b3310ab3 793int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 794{
a1d1bb31
AL		 795 CPUBreakpoint *bp;
796
f0c3c505 797 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 798 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 799 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 800 return 0;
801 }
7d03f82f 802 }
a1d1bb31 803 return -ENOENT;
7d03f82f
EI		 804}
805
a1d1bb31 806/* Remove a specific breakpoint by reference. */
b3310ab3 807void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 808{
f0c3c505
AF		 809 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
810
811 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 812
7267c094 813 g_free(breakpoint);
a1d1bb31
AL		 814}
815
816/* Remove all matching breakpoints. */
b3310ab3 817void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 818{
c0ce998e 819 CPUBreakpoint *bp, *next;
a1d1bb31 820
f0c3c505 821 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 822 if (bp->flags & mask) {
823 cpu_breakpoint_remove_by_ref(cpu, bp);
824 }
c0ce998e 825 }
4c3a88a2
FB		 826}
827
c33a346e
FB		 828/* enable or disable single step mode. EXCP_DEBUG is returned by the
829 CPU loop after each instruction */
3825b28f 830void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 831{
ed2803da
AF		 832 if (cpu->singlestep_enabled != enabled) {
833 cpu->singlestep_enabled = enabled;
834 if (kvm_enabled()) {
38e478ec 835 kvm_update_guest_debug(cpu, 0);
ed2803da 836 } else {
ccbb4d44 837 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 838 /* XXX: only flush what is necessary */
bbd77c18 839 tb_flush(cpu);
e22a25c9 840 }
c33a346e 841 }
c33a346e
FB		 842}
843
a47dddd7 844void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 845{
846 va_list ap;
493ae1f0 847 va_list ap2;
7501267e
FB		 848
849 va_start(ap, fmt);
493ae1f0 850 va_copy(ap2, ap);
7501267e
FB		 851 fprintf(stderr, "qemu: fatal: ");
852 vfprintf(stderr, fmt, ap);
853 fprintf(stderr, "\n");
878096ee 854 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 855 if (qemu_log_enabled()) {
856 qemu_log("qemu: fatal: ");
857 qemu_log_vprintf(fmt, ap2);
858 qemu_log("\n");
a0762859 859 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 860 qemu_log_flush();
93fcfe39 861 qemu_log_close();
924edcae 862 }
493ae1f0 863 va_end(ap2);
f9373291 864 va_end(ap);
fd052bf6
RV		 865#if defined(CONFIG_USER_ONLY)
866 {
867 struct sigaction act;
868 sigfillset(&act.sa_mask);
869 act.sa_handler = SIG_DFL;
870 sigaction(SIGABRT, &act, NULL);
871 }
872#endif
7501267e
FB		 873 abort();
874}
875
0124311e 876#if !defined(CONFIG_USER_ONLY)
0dc3f44a 877/* Called from RCU critical section */
041603fe
PB		 878static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
879{
880 RAMBlock *block;
881
43771539 882 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 883 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 884 goto found;
885 }
0dc3f44a 886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 887 if (addr - block->offset < block->max_length) {
041603fe
PB		 888 goto found;
889 }
890 }
891
892 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
893 abort();
894
895found:
43771539
PB		 896 /* It is safe to write mru_block outside the iothread lock. This
897 * is what happens:
898 *
899 * mru_block = xxx
900 * rcu_read_unlock()
901 * xxx removed from list
902 * rcu_read_lock()
903 * read mru_block
904 * mru_block = NULL;
905 * call_rcu(reclaim_ramblock, xxx);
906 * rcu_read_unlock()
907 *
908 * atomic_rcu_set is not needed here. The block was already published
909 * when it was placed into the list. Here we're just making an extra
910 * copy of the pointer.
911 */
041603fe
PB		 912 ram_list.mru_block = block;
913 return block;
914}
915
a2f4d5be 916static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 917{
9a13565d 918 CPUState *cpu;
041603fe 919 ram_addr_t start1;
a2f4d5be
JQ		 920 RAMBlock *block;
921 ram_addr_t end;
922
923 end = TARGET_PAGE_ALIGN(start + length);
924 start &= TARGET_PAGE_MASK;
d24981d3 925
0dc3f44a 926 rcu_read_lock();
041603fe
PB		 927 block = qemu_get_ram_block(start);
928 assert(block == qemu_get_ram_block(end - 1));
1240be24 929 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 930 CPU_FOREACH(cpu) {
931 tlb_reset_dirty(cpu, start1, length);
932 }
0dc3f44a 933 rcu_read_unlock();
d24981d3
JQ		 934}
935
5579c7f3 936/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 937bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
938 ram_addr_t length,
939 unsigned client)
1ccde1cb 940{
03eebc9e
SH		 941 unsigned long end, page;
942 bool dirty;
943
944 if (length == 0) {
945 return false;
946 }
f23db169 947
03eebc9e
SH		 948 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
949 page = start >> TARGET_PAGE_BITS;
950 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
951 page, end - page);
952
953 if (dirty && tcg_enabled()) {
a2f4d5be 954 tlb_reset_dirty_range_all(start, length);
5579c7f3 955 }
03eebc9e
SH		 956
957 return dirty;
1ccde1cb
FB		 958}
959
79e2b9ae 960/* Called from RCU critical section */
bb0e627a 961hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 962 MemoryRegionSection *section,
963 target_ulong vaddr,
964 hwaddr paddr, hwaddr xlat,
965 int prot,
966 target_ulong *address)
e5548617 967{
a8170e5e 968 hwaddr iotlb;
e5548617
BS		 969 CPUWatchpoint *wp;
970
cc5bea60 971 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 972 /* Normal RAM. */
973 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 974 + xlat;
e5548617 975 if (!section->readonly) {
b41aac4f 976 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 977 } else {
b41aac4f 978 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 979 }
980 } else {
0b8e2c10
PM		 981 AddressSpaceDispatch *d;
982
983 d = atomic_rcu_read(&section->address_space->dispatch);
984 iotlb = section - d->map.sections;
149f54b5 985 iotlb += xlat;
e5548617
BS		 986 }
987
988 /* Make accesses to pages with watchpoints go via the
989 watchpoint trap routines. */
ff4700b0 990 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 991 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 992 /* Avoid trapping reads of pages with a write breakpoint. */
993 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 994 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 995 *address |= TLB_MMIO;
996 break;
997 }
998 }
999 }
1000
1001 return iotlb;
1002}
9fa3e853
FB		 1003#endif /* defined(CONFIG_USER_ONLY) */
1004
e2eef170 1005#if !defined(CONFIG_USER_ONLY)
8da3ff18 1006
c227f099 1007static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1008 uint16_t section);
acc9d80b 1009static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1010
a2b257d6
IM		 1011static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1012 qemu_anon_ram_alloc;
91138037
MA		 1013
1014/*
1015 * Set a custom physical guest memory alloator.
1016 * Accelerators with unusual needs may need this. Hopefully, we can
1017 * get rid of it eventually.
1018 */
a2b257d6 1019void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1020{
1021 phys_mem_alloc = alloc;
1022}
1023
53cb28cb
MA		 1024static uint16_t phys_section_add(PhysPageMap *map,
1025 MemoryRegionSection *section)
5312bd8b 1026{
68f3f65b
PB		 1027 /* The physical section number is ORed with a page-aligned
1028 * pointer to produce the iotlb entries. Thus it should
1029 * never overflow into the page-aligned value.
1030 */
53cb28cb 1031 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1032
53cb28cb
MA		 1033 if (map->sections_nb == map->sections_nb_alloc) {
1034 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1035 map->sections = g_renew(MemoryRegionSection, map->sections,
1036 map->sections_nb_alloc);
5312bd8b 1037 }
53cb28cb 1038 map->sections[map->sections_nb] = *section;
dfde4e6e 1039 memory_region_ref(section->mr);
53cb28cb 1040 return map->sections_nb++;
5312bd8b
AK		 1041}
1042
058bc4b5
PB		 1043static void phys_section_destroy(MemoryRegion *mr)
1044{
dfde4e6e
PB		 1045 memory_region_unref(mr);
1046
058bc4b5
PB		 1047 if (mr->subpage) {
1048 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1049 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1050 g_free(subpage);
1051 }
1052}
1053
6092666e 1054static void phys_sections_free(PhysPageMap *map)
5312bd8b 1055{
9affd6fc
PB		 1056 while (map->sections_nb > 0) {
1057 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1058 phys_section_destroy(section->mr);
1059 }
9affd6fc
PB		 1060 g_free(map->sections);
1061 g_free(map->nodes);
5312bd8b
AK		 1062}
1063
ac1970fb 1064static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1065{
1066 subpage_t *subpage;
a8170e5e 1067 hwaddr base = section->offset_within_address_space
0f0cb164 1068 & TARGET_PAGE_MASK;
97115a8d 1069 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1070 d->map.nodes, d->map.sections);
0f0cb164
AK		 1071 MemoryRegionSection subsection = {
1072 .offset_within_address_space = base,
052e87b0 1073 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1074 };
a8170e5e 1075 hwaddr start, end;
0f0cb164 1076
f3705d53 1077 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1078
f3705d53 1079 if (!(existing->mr->subpage)) {
acc9d80b 1080 subpage = subpage_init(d->as, base);
3be91e86 1081 subsection.address_space = d->as;
0f0cb164 1082 subsection.mr = &subpage->iomem;
ac1970fb 1083 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1084 phys_section_add(&d->map, &subsection));
0f0cb164 1085 } else {
f3705d53 1086 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1087 }
1088 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1089 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1090 subpage_register(subpage, start, end,
1091 phys_section_add(&d->map, section));
0f0cb164
AK		 1092}
1093
1094
052e87b0
PB		 1095static void register_multipage(AddressSpaceDispatch *d,
1096 MemoryRegionSection *section)
33417e70 1097{
a8170e5e 1098 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1099 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1100 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1101 TARGET_PAGE_BITS));
dd81124b 1102
733d5ef5
PB		 1103 assert(num_pages);
1104 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1105}
1106
ac1970fb 1107static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1108{
89ae337a 1109 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1110 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1111 MemoryRegionSection now = *section, remain = *section;
052e87b0 1112 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1113
733d5ef5
PB		 1114 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1115 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1116 - now.offset_within_address_space;
1117
052e87b0 1118 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1119 register_subpage(d, &now);
733d5ef5 1120 } else {
052e87b0 1121 now.size = int128_zero();
733d5ef5 1122 }
052e87b0
PB		 1123 while (int128_ne(remain.size, now.size)) {
1124 remain.size = int128_sub(remain.size, now.size);
1125 remain.offset_within_address_space += int128_get64(now.size);
1126 remain.offset_within_region += int128_get64(now.size);
69b67646 1127 now = remain;
052e87b0 1128 if (int128_lt(remain.size, page_size)) {
733d5ef5 1129 register_subpage(d, &now);
88266249 1130 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1131 now.size = page_size;
ac1970fb 1132 register_subpage(d, &now);
69b67646 1133 } else {
052e87b0 1134 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1135 register_multipage(d, &now);
69b67646 1136 }
0f0cb164
AK		 1137 }
1138}
1139
62a2744c
SY		 1140void qemu_flush_coalesced_mmio_buffer(void)
1141{
1142 if (kvm_enabled())
1143 kvm_flush_coalesced_mmio_buffer();
1144}
1145
b2a8658e
UD		 1146void qemu_mutex_lock_ramlist(void)
1147{
1148 qemu_mutex_lock(&ram_list.mutex);
1149}
1150
1151void qemu_mutex_unlock_ramlist(void)
1152{
1153 qemu_mutex_unlock(&ram_list.mutex);
1154}
1155
e1e84ba0 1156#ifdef __linux__
c902760f
MT		 1157
1158#include <sys/vfs.h>
1159
1160#define HUGETLBFS_MAGIC 0x958458f6
1161
fc7a5800 1162static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1163{
1164 struct statfs fs;
1165 int ret;
1166
1167 do {
9742bf26 1168 ret = statfs(path, &fs);
c902760f
MT		 1169 } while (ret != 0 && errno == EINTR);
1170
1171 if (ret != 0) {
fc7a5800
HT		 1172 error_setg_errno(errp, errno, "failed to get page size of file %s",
1173 path);
9742bf26 1174 return 0;
c902760f
MT		 1175 }
1176
1177 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1178 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1179
1180 return fs.f_bsize;
1181}
1182
04b16653
AW		 1183static void *file_ram_alloc(RAMBlock *block,
1184 ram_addr_t memory,
7f56e740
PB		 1185 const char *path,
1186 Error **errp)
c902760f
MT		 1187{
1188 char *filename;
8ca761f6
PF		 1189 char *sanitized_name;
1190 char *c;
8561c924 1191 void *ptr;
557529dd 1192 void *area = NULL;
c902760f 1193 int fd;
557529dd 1194 uint64_t hpagesize;
8561c924 1195 uint64_t total;
fc7a5800 1196 Error *local_err = NULL;
8561c924 1197 size_t offset;
c902760f 1198
fc7a5800
HT		 1199 hpagesize = gethugepagesize(path, &local_err);
1200 if (local_err) {
1201 error_propagate(errp, local_err);
f9a49dfa 1202 goto error;
c902760f 1203 }
a2b257d6 1204 block->mr->align = hpagesize;
c902760f
MT		 1205
1206 if (memory < hpagesize) {
557529dd
HT		 1207 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1208 "or larger than huge page size 0x%" PRIx64,
1209 memory, hpagesize);
1210 goto error;
c902760f
MT		 1211 }
1212
1213 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1214 error_setg(errp,
1215 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1216 goto error;
c902760f
MT		 1217 }
1218
8ca761f6 1219 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1220 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1221 for (c = sanitized_name; *c != '\0'; c++) {
1222 if (*c == '/')
1223 *c = '_';
1224 }
1225
1226 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1227 sanitized_name);
1228 g_free(sanitized_name);
c902760f
MT		 1229
1230 fd = mkstemp(filename);
1231 if (fd < 0) {
7f56e740
PB		 1232 error_setg_errno(errp, errno,
1233 "unable to create backing store for hugepages");
e4ada482 1234 g_free(filename);
f9a49dfa 1235 goto error;
c902760f
MT		 1236 }
1237 unlink(filename);
e4ada482 1238 g_free(filename);
c902760f 1239
9284f319 1240 memory = ROUND_UP(memory, hpagesize);
8561c924 1241 total = memory + hpagesize;
c902760f
MT		 1242
1243 /*
1244 * ftruncate is not supported by hugetlbfs in older
1245 * hosts, so don't bother bailing out on errors.
1246 * If anything goes wrong with it under other filesystems,
1247 * mmap will fail.
1248 */
7f56e740 1249 if (ftruncate(fd, memory)) {
9742bf26 1250 perror("ftruncate");
7f56e740 1251 }
c902760f 1252
8561c924
MT		 1253 ptr = mmap(0, total, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS,
1254 -1, 0);
1255 if (ptr == MAP_FAILED) {
1256 error_setg_errno(errp, errno,
1257 "unable to allocate memory range for hugepages");
1258 close(fd);
1259 goto error;
1260 }
1261
1262 offset = QEMU_ALIGN_UP((uintptr_t)ptr, hpagesize) - (uintptr_t)ptr;
1263
1264 area = mmap(ptr + offset, memory, PROT_READ | PROT_WRITE,
1265 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE) |
1266 MAP_FIXED,
dbcb8981 1267 fd, 0);
c902760f 1268 if (area == MAP_FAILED) {
7f56e740
PB		 1269 error_setg_errno(errp, errno,
1270 "unable to map backing store for hugepages");
8561c924 1271 munmap(ptr, total);
9742bf26 1272 close(fd);
f9a49dfa 1273 goto error;
c902760f 1274 }
ef36fa14 1275
8561c924
MT		 1276 if (offset > 0) {
1277 munmap(ptr, offset);
1278 }
1279 ptr += offset;
1280 total -= offset;
1281
1282 if (total > memory + getpagesize()) {
1283 munmap(ptr + memory + getpagesize(),
1284 total - memory - getpagesize());
1285 }
1286
ef36fa14 1287 if (mem_prealloc) {
38183310 1288 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1289 }
1290
04b16653 1291 block->fd = fd;
c902760f 1292 return area;
f9a49dfa
MT		 1293
1294error:
1295 if (mem_prealloc) {
81b07353 1296 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1297 exit(1);
1298 }
1299 return NULL;
c902760f
MT		 1300}
1301#endif
1302
0dc3f44a 1303/* Called with the ramlist lock held. */
d17b5288 1304static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1305{
1306 RAMBlock *block, *next_block;
3e837b2c 1307 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1308
49cd9ac6
SH		 1309 assert(size != 0); /* it would hand out same offset multiple times */
1310
0dc3f44a 1311 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1312 return 0;
0d53d9fe 1313 }
04b16653 1314
0dc3f44a 1315 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1316 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1317
62be4e3a 1318 end = block->offset + block->max_length;
04b16653 1319
0dc3f44a 1320 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1321 if (next_block->offset >= end) {
1322 next = MIN(next, next_block->offset);
1323 }
1324 }
1325 if (next - end >= size && next - end < mingap) {
3e837b2c 1326 offset = end;
04b16653
AW		 1327 mingap = next - end;
1328 }
1329 }
3e837b2c
AW		 1330
1331 if (offset == RAM_ADDR_MAX) {
1332 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1333 (uint64_t)size);
1334 abort();
1335 }
1336
04b16653
AW		 1337 return offset;
1338}
1339
652d7ec2 1340ram_addr_t last_ram_offset(void)
d17b5288
AW		 1341{
1342 RAMBlock *block;
1343 ram_addr_t last = 0;
1344
0dc3f44a
MD		 1345 rcu_read_lock();
1346 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1347 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1348 }
0dc3f44a 1349 rcu_read_unlock();
d17b5288
AW		 1350 return last;
1351}
1352
ddb97f1d
JB		 1353static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1354{
1355 int ret;
ddb97f1d
JB		 1356
1357 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1358 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1359 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1360 if (ret) {
1361 perror("qemu_madvise");
1362 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1363 "but dump_guest_core=off specified\n");
1364 }
1365 }
1366}
1367
0dc3f44a
MD		 1368/* Called within an RCU critical section, or while the ramlist lock
1369 * is held.
1370 */
20cfe881 1371static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1372{
20cfe881 1373 RAMBlock *block;
84b89d78 1374
0dc3f44a 1375 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1376 if (block->offset == addr) {
20cfe881 1377 return block;
c5705a77
AK		 1378 }
1379 }
20cfe881
HT		 1380
1381 return NULL;
1382}
1383
ae3a7047 1384/* Called with iothread lock held. */
20cfe881
HT		 1385void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1386{
ae3a7047 1387 RAMBlock *new_block, *block;
20cfe881 1388
0dc3f44a 1389 rcu_read_lock();
ae3a7047 1390 new_block = find_ram_block(addr);
c5705a77
AK		 1391 assert(new_block);
1392 assert(!new_block->idstr[0]);
84b89d78 1393
09e5ab63
AL		 1394 if (dev) {
1395 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1396 if (id) {
1397 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1398 g_free(id);
84b89d78
CM		 1399 }
1400 }
1401 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1402
0dc3f44a 1403 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1404 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1405 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1406 new_block->idstr);
1407 abort();
1408 }
1409 }
0dc3f44a 1410 rcu_read_unlock();
c5705a77
AK		 1411}
1412
ae3a7047 1413/* Called with iothread lock held. */
20cfe881
HT		 1414void qemu_ram_unset_idstr(ram_addr_t addr)
1415{
ae3a7047 1416 RAMBlock *block;
20cfe881 1417
ae3a7047
MD		 1418 /* FIXME: arch_init.c assumes that this is not called throughout
1419 * migration. Ignore the problem since hot-unplug during migration
1420 * does not work anyway.
1421 */
1422
0dc3f44a 1423 rcu_read_lock();
ae3a7047 1424 block = find_ram_block(addr);
20cfe881
HT		 1425 if (block) {
1426 memset(block->idstr, 0, sizeof(block->idstr));
1427 }
0dc3f44a 1428 rcu_read_unlock();
20cfe881
HT		 1429}
1430
8490fc78
LC		 1431static int memory_try_enable_merging(void *addr, size_t len)
1432{
75cc7f01 1433 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1434 /* disabled by the user */
1435 return 0;
1436 }
1437
1438 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1439}
1440
62be4e3a
MT		 1441/* Only legal before guest might have detected the memory size: e.g. on
1442 * incoming migration, or right after reset.
1443 *
1444 * As memory core doesn't know how is memory accessed, it is up to
1445 * resize callback to update device state and/or add assertions to detect
1446 * misuse, if necessary.
1447 */
1448int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1449{
1450 RAMBlock *block = find_ram_block(base);
1451
1452 assert(block);
1453
129ddaf3
MT		 1454 newsize = TARGET_PAGE_ALIGN(newsize);
1455
62be4e3a
MT		 1456 if (block->used_length == newsize) {
1457 return 0;
1458 }
1459
1460 if (!(block->flags & RAM_RESIZEABLE)) {
1461 error_setg_errno(errp, EINVAL,
1462 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1463 " in != 0x" RAM_ADDR_FMT, block->idstr,
1464 newsize, block->used_length);
1465 return -EINVAL;
1466 }
1467
1468 if (block->max_length < newsize) {
1469 error_setg_errno(errp, EINVAL,
1470 "Length too large: %s: 0x" RAM_ADDR_FMT
1471 " > 0x" RAM_ADDR_FMT, block->idstr,
1472 newsize, block->max_length);
1473 return -EINVAL;
1474 }
1475
1476 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1477 block->used_length = newsize;
58d2707e
PB		 1478 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1479 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1480 memory_region_set_size(block->mr, newsize);
1481 if (block->resized) {
1482 block->resized(block->idstr, newsize, block->host);
1483 }
1484 return 0;
1485}
1486
ef701d7b 1487static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1488{
e1c57ab8 1489 RAMBlock *block;
0d53d9fe 1490 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1491 ram_addr_t old_ram_size, new_ram_size;
1492
1493 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1494
b2a8658e 1495 qemu_mutex_lock_ramlist();
9b8424d5 1496 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1497
1498 if (!new_block->host) {
1499 if (xen_enabled()) {
9b8424d5
MT		 1500 xen_ram_alloc(new_block->offset, new_block->max_length,
1501 new_block->mr);
e1c57ab8 1502 } else {
9b8424d5 1503 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1504 &new_block->mr->align);
39228250 1505 if (!new_block->host) {
ef701d7b
HT		 1506 error_setg_errno(errp, errno,
1507 "cannot set up guest memory '%s'",
1508 memory_region_name(new_block->mr));
1509 qemu_mutex_unlock_ramlist();
1510 return -1;
39228250 1511 }
9b8424d5 1512 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1513 }
c902760f 1514 }
94a6b54f 1515
dd631697
LZ		 1516 new_ram_size = MAX(old_ram_size,
1517 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1518 if (new_ram_size > old_ram_size) {
1519 migration_bitmap_extend(old_ram_size, new_ram_size);
1520 }
0d53d9fe
MD		 1521 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1522 * QLIST (which has an RCU-friendly variant) does not have insertion at
1523 * tail, so save the last element in last_block.
1524 */
0dc3f44a 1525 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1526 last_block = block;
9b8424d5 1527 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1528 break;
1529 }
1530 }
1531 if (block) {
0dc3f44a 1532 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1533 } else if (last_block) {
0dc3f44a 1534 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1535 } else { /* list is empty */
0dc3f44a 1536 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1537 }
0d6d3c87 1538 ram_list.mru_block = NULL;
94a6b54f 1539
0dc3f44a
MD		 1540 /* Write list before version */
1541 smp_wmb();
f798b07f 1542 ram_list.version++;
b2a8658e 1543 qemu_mutex_unlock_ramlist();
f798b07f 1544
2152f5ca
JQ		 1545 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1546
1547 if (new_ram_size > old_ram_size) {
1ab4c8ce 1548 int i;
ae3a7047
MD		 1549
1550 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1551 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1552 ram_list.dirty_memory[i] =
1553 bitmap_zero_extend(ram_list.dirty_memory[i],
1554 old_ram_size, new_ram_size);
1555 }
2152f5ca 1556 }
9b8424d5 1557 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1558 new_block->used_length,
1559 DIRTY_CLIENTS_ALL);
94a6b54f 1560
a904c911
PB		 1561 if (new_block->host) {
1562 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1563 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1564 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1565 if (kvm_enabled()) {
1566 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1567 }
e1c57ab8 1568 }
6f0437e8 1569
94a6b54f
PB		 1570 return new_block->offset;
1571}
e9a1ab19 1572
0b183fc8 1573#ifdef __linux__
e1c57ab8 1574ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1575 bool share, const char *mem_path,
7f56e740 1576 Error **errp)
e1c57ab8
PB		 1577{
1578 RAMBlock *new_block;
ef701d7b
HT		 1579 ram_addr_t addr;
1580 Error *local_err = NULL;
e1c57ab8
PB		 1581
1582 if (xen_enabled()) {
7f56e740
PB		 1583 error_setg(errp, "-mem-path not supported with Xen");
1584 return -1;
e1c57ab8
PB		 1585 }
1586
1587 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1588 /*
1589 * file_ram_alloc() needs to allocate just like
1590 * phys_mem_alloc, but we haven't bothered to provide
1591 * a hook there.
1592 */
7f56e740
PB		 1593 error_setg(errp,
1594 "-mem-path not supported with this accelerator");
1595 return -1;
e1c57ab8
PB		 1596 }
1597
1598 size = TARGET_PAGE_ALIGN(size);
1599 new_block = g_malloc0(sizeof(*new_block));
1600 new_block->mr = mr;
9b8424d5
MT		 1601 new_block->used_length = size;
1602 new_block->max_length = size;
dbcb8981 1603 new_block->flags = share ? RAM_SHARED : 0;
8561c924 1604 new_block->flags |= RAM_EXTRA;
7f56e740
PB		 1605 new_block->host = file_ram_alloc(new_block, size,
1606 mem_path, errp);
1607 if (!new_block->host) {
1608 g_free(new_block);
1609 return -1;
1610 }
1611
ef701d7b
HT		 1612 addr = ram_block_add(new_block, &local_err);
1613 if (local_err) {
1614 g_free(new_block);
1615 error_propagate(errp, local_err);
1616 return -1;
1617 }
1618 return addr;
e1c57ab8 1619}
0b183fc8 1620#endif
e1c57ab8 1621
62be4e3a
MT		 1622static
1623ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1624 void (*resized)(const char*,
1625 uint64_t length,
1626 void *host),
1627 void *host, bool resizeable,
ef701d7b 1628 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1629{
1630 RAMBlock *new_block;
ef701d7b
HT		 1631 ram_addr_t addr;
1632 Error *local_err = NULL;
e1c57ab8
PB		 1633
1634 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1635 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1636 new_block = g_malloc0(sizeof(*new_block));
1637 new_block->mr = mr;
62be4e3a 1638 new_block->resized = resized;
9b8424d5
MT		 1639 new_block->used_length = size;
1640 new_block->max_length = max_size;
62be4e3a 1641 assert(max_size >= size);
e1c57ab8
PB		 1642 new_block->fd = -1;
1643 new_block->host = host;
1644 if (host) {
7bd4f430 1645 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1646 }
62be4e3a
MT		 1647 if (resizeable) {
1648 new_block->flags |= RAM_RESIZEABLE;
1649 }
ef701d7b
HT		 1650 addr = ram_block_add(new_block, &local_err);
1651 if (local_err) {
1652 g_free(new_block);
1653 error_propagate(errp, local_err);
1654 return -1;
1655 }
1656 return addr;
e1c57ab8
PB		 1657}
1658
62be4e3a
MT		 1659ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1660 MemoryRegion *mr, Error **errp)
1661{
1662 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1663}
1664
ef701d7b 1665ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1666{
62be4e3a
MT		 1667 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1668}
1669
1670ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1671 void (*resized)(const char*,
1672 uint64_t length,
1673 void *host),
1674 MemoryRegion *mr, Error **errp)
1675{
1676 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1677}
1678
1f2e98b6
AW		 1679void qemu_ram_free_from_ptr(ram_addr_t addr)
1680{
1681 RAMBlock *block;
1682
b2a8658e 1683 qemu_mutex_lock_ramlist();
0dc3f44a 1684 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1685 if (addr == block->offset) {
0dc3f44a 1686 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1687 ram_list.mru_block = NULL;
0dc3f44a
MD		 1688 /* Write list before version */
1689 smp_wmb();
f798b07f 1690 ram_list.version++;
43771539 1691 g_free_rcu(block, rcu);
b2a8658e 1692 break;
1f2e98b6
AW		 1693 }
1694 }
b2a8658e 1695 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1696}
1697
43771539
PB		 1698static void reclaim_ramblock(RAMBlock *block)
1699{
1700 if (block->flags & RAM_PREALLOC) {
1701 ;
1702 } else if (xen_enabled()) {
1703 xen_invalidate_map_cache_entry(block->host);
1704#ifndef _WIN32
1705 } else if (block->fd >= 0) {
8561c924
MT		 1706 if (block->flags & RAM_EXTRA) {
1707 munmap(block->host, block->max_length + getpagesize());
1708 } else {
1709 munmap(block->host, block->max_length);
1710 }
43771539
PB		 1711 close(block->fd);
1712#endif
1713 } else {
1714 qemu_anon_ram_free(block->host, block->max_length);
1715 }
1716 g_free(block);
1717}
1718
c227f099 1719void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1720{
04b16653
AW		 1721 RAMBlock *block;
1722
b2a8658e 1723 qemu_mutex_lock_ramlist();
0dc3f44a 1724 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1725 if (addr == block->offset) {
0dc3f44a 1726 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1727 ram_list.mru_block = NULL;
0dc3f44a
MD		 1728 /* Write list before version */
1729 smp_wmb();
f798b07f 1730 ram_list.version++;
43771539 1731 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1732 break;
04b16653
AW		 1733 }
1734 }
b2a8658e 1735 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1736}
1737
cd19cfa2
HY		 1738#ifndef _WIN32
1739void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1740{
1741 RAMBlock *block;
1742 ram_addr_t offset;
1743 int flags;
1744 void *area, *vaddr;
1745
0dc3f44a 1746 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1747 offset = addr - block->offset;
9b8424d5 1748 if (offset < block->max_length) {
1240be24 1749 vaddr = ramblock_ptr(block, offset);
7bd4f430 1750 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1751 ;
dfeaf2ab
MA		 1752 } else if (xen_enabled()) {
1753 abort();
cd19cfa2
HY		 1754 } else {
1755 flags = MAP_FIXED;
3435f395 1756 if (block->fd >= 0) {
dbcb8981
PB		 1757 flags |= (block->flags & RAM_SHARED ?
1758 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1759 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1760 flags, block->fd, offset);
cd19cfa2 1761 } else {
2eb9fbaa
MA		 1762 /*
1763 * Remap needs to match alloc. Accelerators that
1764 * set phys_mem_alloc never remap. If they did,
1765 * we'd need a remap hook here.
1766 */
1767 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1768
cd19cfa2
HY		 1769 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1770 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1771 flags, -1, 0);
cd19cfa2
HY		 1772 }
1773 if (area != vaddr) {
f15fbc4b
AP		 1774 fprintf(stderr, "Could not remap addr: "
1775 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1776 length, addr);
1777 exit(1);
1778 }
8490fc78 1779 memory_try_enable_merging(vaddr, length);
ddb97f1d 1780 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1781 }
cd19cfa2
HY		 1782 }
1783 }
1784}
1785#endif /* !_WIN32 */
1786
a35ba7be
PB		 1787int qemu_get_ram_fd(ram_addr_t addr)
1788{
ae3a7047
MD		 1789 RAMBlock *block;
1790 int fd;
a35ba7be 1791
0dc3f44a 1792 rcu_read_lock();
ae3a7047
MD		 1793 block = qemu_get_ram_block(addr);
1794 fd = block->fd;
0dc3f44a 1795 rcu_read_unlock();
ae3a7047 1796 return fd;
a35ba7be
PB		 1797}
1798
3fd74b84
DM		 1799void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1800{
ae3a7047
MD		 1801 RAMBlock *block;
1802 void *ptr;
3fd74b84 1803
0dc3f44a 1804 rcu_read_lock();
ae3a7047
MD		 1805 block = qemu_get_ram_block(addr);
1806 ptr = ramblock_ptr(block, 0);
0dc3f44a 1807 rcu_read_unlock();
ae3a7047 1808 return ptr;
3fd74b84
DM		 1809}
1810
1b5ec234 1811/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1812 * This should not be used for general purpose DMA. Use address_space_map
1813 * or address_space_rw instead. For local memory (e.g. video ram) that the
1814 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1815 *
1816 * By the time this function returns, the returned pointer is not protected
1817 * by RCU anymore. If the caller is not within an RCU critical section and
1818 * does not hold the iothread lock, it must have other means of protecting the
1819 * pointer, such as a reference to the region that includes the incoming
1820 * ram_addr_t.
1b5ec234
PB		 1821 */
1822void *qemu_get_ram_ptr(ram_addr_t addr)
1823{
ae3a7047
MD		 1824 RAMBlock *block;
1825 void *ptr;
1b5ec234 1826
0dc3f44a 1827 rcu_read_lock();
ae3a7047
MD		 1828 block = qemu_get_ram_block(addr);
1829
1830 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map until the end of the page.
1834 */
1835 if (block->offset == 0) {
ae3a7047 1836 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1837 goto unlock;
0d6d3c87 1838 }
ae3a7047
MD		 1839
1840 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1841 }
ae3a7047
MD		 1842 ptr = ramblock_ptr(block, addr - block->offset);
1843
0dc3f44a
MD		 1844unlock:
1845 rcu_read_unlock();
ae3a7047 1846 return ptr;
dc828ca1
PB		 1847}
1848
38bee5dc 1849/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1850 * but takes a size argument.
0dc3f44a
MD		 1851 *
1852 * By the time this function returns, the returned pointer is not protected
1853 * by RCU anymore. If the caller is not within an RCU critical section and
1854 * does not hold the iothread lock, it must have other means of protecting the
1855 * pointer, such as a reference to the region that includes the incoming
1856 * ram_addr_t.
ae3a7047 1857 */
cb85f7ab 1858static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1859{
ae3a7047 1860 void *ptr;
8ab934f9
SS		 1861 if (*size == 0) {
1862 return NULL;
1863 }
868bb33f 1864 if (xen_enabled()) {
e41d7c69 1865 return xen_map_cache(addr, *size, 1);
868bb33f 1866 } else {
38bee5dc 1867 RAMBlock *block;
0dc3f44a
MD		 1868 rcu_read_lock();
1869 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1870 if (addr - block->offset < block->max_length) {
1871 if (addr - block->offset + *size > block->max_length)
1872 *size = block->max_length - addr + block->offset;
ae3a7047 1873 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1874 rcu_read_unlock();
ae3a7047 1875 return ptr;
38bee5dc
SS		 1876 }
1877 }
1878
1879 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1880 abort();
38bee5dc
SS		 1881 }
1882}
1883
7443b437 1884/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1885 * (typically a TLB entry) back to a ram offset.
1886 *
1887 * By the time this function returns, the returned pointer is not protected
1888 * by RCU anymore. If the caller is not within an RCU critical section and
1889 * does not hold the iothread lock, it must have other means of protecting the
1890 * pointer, such as a reference to the region that includes the incoming
1891 * ram_addr_t.
1892 */
1b5ec234 1893MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1894{
94a6b54f
PB		 1895 RAMBlock *block;
1896 uint8_t *host = ptr;
ae3a7047 1897 MemoryRegion *mr;
94a6b54f 1898
868bb33f 1899 if (xen_enabled()) {
0dc3f44a 1900 rcu_read_lock();
e41d7c69 1901 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1902 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1903 rcu_read_unlock();
ae3a7047 1904 return mr;
712c2b41
SS		 1905 }
1906
0dc3f44a
MD		 1907 rcu_read_lock();
1908 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1909 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1910 goto found;
1911 }
1912
0dc3f44a 1913 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1914 /* This case append when the block is not mapped. */
1915 if (block->host == NULL) {
1916 continue;
1917 }
9b8424d5 1918 if (host - block->host < block->max_length) {
23887b79 1919 goto found;
f471a17e 1920 }
94a6b54f 1921 }
432d268c 1922
0dc3f44a 1923 rcu_read_unlock();
1b5ec234 1924 return NULL;
23887b79
PB		 1925
1926found:
1927 *ram_addr = block->offset + (host - block->host);
ae3a7047 1928 mr = block->mr;
0dc3f44a 1929 rcu_read_unlock();
ae3a7047 1930 return mr;
e890261f 1931}
f471a17e 1932
a8170e5e 1933static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1934 uint64_t val, unsigned size)
9fa3e853 1935{
52159192 1936 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1937 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1938 }
0e0df1e2
AK		 1939 switch (size) {
1940 case 1:
1941 stb_p(qemu_get_ram_ptr(ram_addr), val);
1942 break;
1943 case 2:
1944 stw_p(qemu_get_ram_ptr(ram_addr), val);
1945 break;
1946 case 4:
1947 stl_p(qemu_get_ram_ptr(ram_addr), val);
1948 break;
1949 default:
1950 abort();
3a7d929e 1951 }
58d2707e
PB		 1952 /* Set both VGA and migration bits for simplicity and to remove
1953 * the notdirty callback faster.
1954 */
1955 cpu_physical_memory_set_dirty_range(ram_addr, size,
1956 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1957 /* we remove the notdirty callback only if the code has been
1958 flushed */
a2cd8c85 1959 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1960 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1961 }
9fa3e853
FB		 1962}
1963
b018ddf6
PB		 1964static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1965 unsigned size, bool is_write)
1966{
1967 return is_write;
1968}
1969
0e0df1e2 1970static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1971 .write = notdirty_mem_write,
b018ddf6 1972 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1973 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1974};
1975
0f459d16 1976/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1977static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1978{
93afeade
AF		 1979 CPUState *cpu = current_cpu;
1980 CPUArchState *env = cpu->env_ptr;
06d55cc1 1981 target_ulong pc, cs_base;
0f459d16 1982 target_ulong vaddr;
a1d1bb31 1983 CPUWatchpoint *wp;
06d55cc1 1984 int cpu_flags;
0f459d16 1985
ff4700b0 1986 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1987 /* We re-entered the check after replacing the TB. Now raise
1988 * the debug interrupt so that is will trigger after the
1989 * current instruction. */
93afeade 1990 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1991 return;
1992 }
93afeade 1993 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1994 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1995 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1996 && (wp->flags & flags)) {
08225676
PM		 1997 if (flags == BP_MEM_READ) {
1998 wp->flags |= BP_WATCHPOINT_HIT_READ;
1999 } else {
2000 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2001 }
2002 wp->hitaddr = vaddr;
66b9b43c 2003 wp->hitattrs = attrs;
ff4700b0
AF		 2004 if (!cpu->watchpoint_hit) {
2005 cpu->watchpoint_hit = wp;
239c51a5 2006 tb_check_watchpoint(cpu);
6e140f28 2007 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2008 cpu->exception_index = EXCP_DEBUG;
5638d180 2009 cpu_loop_exit(cpu);
6e140f28
AL		 2010 } else {
2011 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2012 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2013 cpu_resume_from_signal(cpu, NULL);
6e140f28 2014 }
06d55cc1 2015 }
6e140f28
AL		 2016 } else {
2017 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2018 }
2019 }
2020}
2021
6658ffb8
PB		 2022/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2023 so these check for a hit then pass through to the normal out-of-line
2024 phys routines. */
66b9b43c
PM		 2025static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2026 unsigned size, MemTxAttrs attrs)
6658ffb8 2027{
66b9b43c
PM		 2028 MemTxResult res;
2029 uint64_t data;
2030
2031 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2032 switch (size) {
66b9b43c
PM		 2033 case 1:
2034 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2035 break;
2036 case 2:
2037 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2038 break;
2039 case 4:
2040 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2041 break;
1ec9b909
AK		 2042 default: abort();
2043 }
66b9b43c
PM		 2044 *pdata = data;
2045 return res;
6658ffb8
PB		 2046}
2047
66b9b43c
PM		 2048static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2049 uint64_t val, unsigned size,
2050 MemTxAttrs attrs)
6658ffb8 2051{
66b9b43c
PM		 2052 MemTxResult res;
2053
2054 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2055 switch (size) {
67364150 2056 case 1:
66b9b43c 2057 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2058 break;
2059 case 2:
66b9b43c 2060 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2061 break;
2062 case 4:
66b9b43c 2063 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2064 break;
1ec9b909
AK		 2065 default: abort();
2066 }
66b9b43c 2067 return res;
6658ffb8
PB		 2068}
2069
1ec9b909 2070static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2071 .read_with_attrs = watch_mem_read,
2072 .write_with_attrs = watch_mem_write,
1ec9b909 2073 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2074};
6658ffb8 2075
f25a49e0
PM		 2076static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2077 unsigned len, MemTxAttrs attrs)
db7b5426 2078{
acc9d80b 2079 subpage_t *subpage = opaque;
ff6cff75 2080 uint8_t buf[8];
5c9eb028 2081 MemTxResult res;
791af8c8 2082
db7b5426 2083#if defined(DEBUG_SUBPAGE)
016e9d62 2084 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2085 subpage, len, addr);
db7b5426 2086#endif
5c9eb028
PM		 2087 res = address_space_read(subpage->as, addr + subpage->base,
2088 attrs, buf, len);
2089 if (res) {
2090 return res;
f25a49e0 2091 }
acc9d80b
JK		 2092 switch (len) {
2093 case 1:
f25a49e0
PM		 2094 *data = ldub_p(buf);
2095 return MEMTX_OK;
acc9d80b 2096 case 2:
f25a49e0
PM		 2097 *data = lduw_p(buf);
2098 return MEMTX_OK;
acc9d80b 2099 case 4:
f25a49e0
PM		 2100 *data = ldl_p(buf);
2101 return MEMTX_OK;
ff6cff75 2102 case 8:
f25a49e0
PM		 2103 *data = ldq_p(buf);
2104 return MEMTX_OK;
acc9d80b
JK		 2105 default:
2106 abort();
2107 }
db7b5426
BS		 2108}
2109
f25a49e0
PM		 2110static MemTxResult subpage_write(void *opaque, hwaddr addr,
2111 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2112{
acc9d80b 2113 subpage_t *subpage = opaque;
ff6cff75 2114 uint8_t buf[8];
acc9d80b 2115
db7b5426 2116#if defined(DEBUG_SUBPAGE)
016e9d62 2117 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2118 " value %"PRIx64"\n",
2119 __func__, subpage, len, addr, value);
db7b5426 2120#endif
acc9d80b
JK		 2121 switch (len) {
2122 case 1:
2123 stb_p(buf, value);
2124 break;
2125 case 2:
2126 stw_p(buf, value);
2127 break;
2128 case 4:
2129 stl_p(buf, value);
2130 break;
ff6cff75
PB		 2131 case 8:
2132 stq_p(buf, value);
2133 break;
acc9d80b
JK		 2134 default:
2135 abort();
2136 }
5c9eb028
PM		 2137 return address_space_write(subpage->as, addr + subpage->base,
2138 attrs, buf, len);
db7b5426
BS		 2139}
2140
c353e4cc 2141static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2142 unsigned len, bool is_write)
c353e4cc 2143{
acc9d80b 2144 subpage_t *subpage = opaque;
c353e4cc 2145#if defined(DEBUG_SUBPAGE)
016e9d62 2146 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2147 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2148#endif
2149
acc9d80b 2150 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2151 len, is_write);
c353e4cc
PB		 2152}
2153
70c68e44 2154static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2155 .read_with_attrs = subpage_read,
2156 .write_with_attrs = subpage_write,
ff6cff75
PB		 2157 .impl.min_access_size = 1,
2158 .impl.max_access_size = 8,
2159 .valid.min_access_size = 1,
2160 .valid.max_access_size = 8,
c353e4cc 2161 .valid.accepts = subpage_accepts,
70c68e44 2162 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2163};
2164
c227f099 2165static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2166 uint16_t section)
db7b5426
BS		 2167{
2168 int idx, eidx;
2169
2170 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2171 return -1;
2172 idx = SUBPAGE_IDX(start);
2173 eidx = SUBPAGE_IDX(end);
2174#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2175 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2176 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2177#endif
db7b5426 2178 for (; idx <= eidx; idx++) {
5312bd8b 2179 mmio->sub_section[idx] = section;
db7b5426
BS		 2180 }
2181
2182 return 0;
2183}
2184
acc9d80b 2185static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2186{
c227f099 2187 subpage_t *mmio;
db7b5426 2188
7267c094 2189 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2190
acc9d80b 2191 mmio->as = as;
1eec614b 2192 mmio->base = base;
2c9b15ca 2193 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2194 NULL, TARGET_PAGE_SIZE);
b3b00c78 2195 mmio->iomem.subpage = true;
db7b5426 2196#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2197 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2198 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2199#endif
b41aac4f 2200 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2201
2202 return mmio;
2203}
2204
a656e22f
PC		 2205static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2206 MemoryRegion *mr)
5312bd8b 2207{
a656e22f 2208 assert(as);
5312bd8b 2209 MemoryRegionSection section = {
a656e22f 2210 .address_space = as,
5312bd8b
AK		 2211 .mr = mr,
2212 .offset_within_address_space = 0,
2213 .offset_within_region = 0,
052e87b0 2214 .size = int128_2_64(),
5312bd8b
AK		 2215 };
2216
53cb28cb 2217 return phys_section_add(map, &section);
5312bd8b
AK		 2218}
2219
9d82b5a7 2220MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2221{
79e2b9ae
PB		 2222 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2223 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2224
2225 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2226}
2227
e9179ce1
AK		 2228static void io_mem_init(void)
2229{
1f6245e5 2230 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2231 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2232 NULL, UINT64_MAX);
2c9b15ca 2233 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2234 NULL, UINT64_MAX);
2c9b15ca 2235 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2236 NULL, UINT64_MAX);
e9179ce1
AK		 2237}
2238
ac1970fb 2239static void mem_begin(MemoryListener *listener)
00752703
PB		 2240{
2241 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2242 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2243 uint16_t n;
2244
a656e22f 2245 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2246 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2247 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2248 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2249 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2250 assert(n == PHYS_SECTION_ROM);
a656e22f 2251 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2252 assert(n == PHYS_SECTION_WATCH);
00752703 2253
9736e55b 2254 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2255 d->as = as;
2256 as->next_dispatch = d;
2257}
2258
79e2b9ae
PB		 2259static void address_space_dispatch_free(AddressSpaceDispatch *d)
2260{
2261 phys_sections_free(&d->map);
2262 g_free(d);
2263}
2264
00752703 2265static void mem_commit(MemoryListener *listener)
ac1970fb 2266{
89ae337a 2267 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2268 AddressSpaceDispatch *cur = as->dispatch;
2269 AddressSpaceDispatch *next = as->next_dispatch;
2270
53cb28cb 2271 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2272
79e2b9ae 2273 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2274 if (cur) {
79e2b9ae 2275 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2276 }
9affd6fc
PB		 2277}
2278
1d71148e 2279static void tcg_commit(MemoryListener *listener)
50c1e149 2280{
182735ef 2281 CPUState *cpu;
117712c3
AK		 2282
2283 /* since each CPU stores ram addresses in its TLB cache, we must
2284 reset the modified entries */
2285 /* XXX: slow ! */
bdc44640 2286 CPU_FOREACH(cpu) {
33bde2e1
EI		 2287 /* FIXME: Disentangle the cpu.h circular files deps so we can
2288 directly get the right CPU from listener. */
2289 if (cpu->tcg_as_listener != listener) {
2290 continue;
2291 }
76e5c76f 2292 cpu_reload_memory_map(cpu);
117712c3 2293 }
50c1e149
AK		 2294}
2295
ac1970fb
AK		 2296void address_space_init_dispatch(AddressSpace *as)
2297{
00752703 2298 as->dispatch = NULL;
89ae337a 2299 as->dispatch_listener = (MemoryListener) {
ac1970fb 2300 .begin = mem_begin,
00752703 2301 .commit = mem_commit,
ac1970fb
AK		 2302 .region_add = mem_add,
2303 .region_nop = mem_add,
2304 .priority = 0,
2305 };
89ae337a 2306 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2307}
2308
6e48e8f9
PB		 2309void address_space_unregister(AddressSpace *as)
2310{
2311 memory_listener_unregister(&as->dispatch_listener);
2312}
2313
83f3c251
AK		 2314void address_space_destroy_dispatch(AddressSpace *as)
2315{
2316 AddressSpaceDispatch *d = as->dispatch;
2317
79e2b9ae
PB		 2318 atomic_rcu_set(&as->dispatch, NULL);
2319 if (d) {
2320 call_rcu(d, address_space_dispatch_free, rcu);
2321 }
83f3c251
AK		 2322}
2323
62152b8a
AK		 2324static void memory_map_init(void)
2325{
7267c094 2326 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2327
57271d63 2328 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2329 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2330
7267c094 2331 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2332 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2333 65536);
7dca8043 2334 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2335}
2336
2337MemoryRegion *get_system_memory(void)
2338{
2339 return system_memory;
2340}
2341
309cb471
AK		 2342MemoryRegion *get_system_io(void)
2343{
2344 return system_io;
2345}
2346
e2eef170
PB		 2347#endif /* !defined(CONFIG_USER_ONLY) */
2348
13eb76e0
FB		 2349/* physical memory access (slow version, mainly for debug) */
2350#if defined(CONFIG_USER_ONLY)
f17ec444 2351int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2352 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2353{
2354 int l, flags;
2355 target_ulong page;
53a5960a 2356 void * p;
13eb76e0
FB		 2357
2358 while (len > 0) {
2359 page = addr & TARGET_PAGE_MASK;
2360 l = (page + TARGET_PAGE_SIZE) - addr;
2361 if (l > len)
2362 l = len;
2363 flags = page_get_flags(page);
2364 if (!(flags & PAGE_VALID))
a68fe89c 2365 return -1;
13eb76e0
FB		 2366 if (is_write) {
2367 if (!(flags & PAGE_WRITE))
a68fe89c 2368 return -1;
579a97f7 2369 /* XXX: this code should not depend on lock_user */
72fb7daa 2370 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2371 return -1;
72fb7daa
AJ		 2372 memcpy(p, buf, l);
2373 unlock_user(p, addr, l);
13eb76e0
FB		 2374 } else {
2375 if (!(flags & PAGE_READ))
a68fe89c 2376 return -1;
579a97f7 2377 /* XXX: this code should not depend on lock_user */
72fb7daa 2378 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2379 return -1;
72fb7daa 2380 memcpy(buf, p, l);
5b257578 2381 unlock_user(p, addr, 0);
13eb76e0
FB		 2382 }
2383 len -= l;
2384 buf += l;
2385 addr += l;
2386 }
a68fe89c 2387 return 0;
13eb76e0 2388}
8df1cd07 2389
13eb76e0 2390#else
51d7a9eb 2391
845b6214 2392static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2393 hwaddr length)
51d7a9eb 2394{
e87f7778
PB		 2395 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2396 /* No early return if dirty_log_mask is or becomes 0, because
2397 * cpu_physical_memory_set_dirty_range will still call
2398 * xen_modified_memory.
2399 */
2400 if (dirty_log_mask) {
2401 dirty_log_mask =
2402 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2403 }
2404 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2405 tb_invalidate_phys_range(addr, addr + length);
2406 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2407 }
e87f7778 2408 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2409}
2410
23326164 2411static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2412{
e1622f4b 2413 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2414
2415 /* Regions are assumed to support 1-4 byte accesses unless
2416 otherwise specified. */
23326164
RH		 2417 if (access_size_max == 0) {
2418 access_size_max = 4;
2419 }
2420
2421 /* Bound the maximum access by the alignment of the address. */
2422 if (!mr->ops->impl.unaligned) {
2423 unsigned align_size_max = addr & -addr;
2424 if (align_size_max != 0 && align_size_max < access_size_max) {
2425 access_size_max = align_size_max;
2426 }
82f2563f 2427 }
23326164
RH		 2428
2429 /* Don't attempt accesses larger than the maximum. */
2430 if (l > access_size_max) {
2431 l = access_size_max;
82f2563f 2432 }
6554f5c0 2433 l = pow2floor(l);
23326164
RH		 2434
2435 return l;
82f2563f
PB		 2436}
2437
4840f10e 2438static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2439{
4840f10e
JK		 2440 bool unlocked = !qemu_mutex_iothread_locked();
2441 bool release_lock = false;
2442
2443 if (unlocked && mr->global_locking) {
2444 qemu_mutex_lock_iothread();
2445 unlocked = false;
2446 release_lock = true;
2447 }
125b3806 2448 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2449 if (unlocked) {
2450 qemu_mutex_lock_iothread();
2451 }
125b3806 2452 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2453 if (unlocked) {
2454 qemu_mutex_unlock_iothread();
2455 }
125b3806 2456 }
4840f10e
JK		 2457
2458 return release_lock;
125b3806
PB		 2459}
2460
5c9eb028
PM		 2461MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2462 uint8_t *buf, int len, bool is_write)
13eb76e0 2463{
149f54b5 2464 hwaddr l;
13eb76e0 2465 uint8_t *ptr;
791af8c8 2466 uint64_t val;
149f54b5 2467 hwaddr addr1;
5c8a00ce 2468 MemoryRegion *mr;
3b643495 2469 MemTxResult result = MEMTX_OK;
4840f10e 2470 bool release_lock = false;
3b46e624 2471
41063e1e 2472 rcu_read_lock();
13eb76e0 2473 while (len > 0) {
149f54b5 2474 l = len;
5c8a00ce 2475 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2476
13eb76e0 2477 if (is_write) {
5c8a00ce 2478 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2479 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2480 l = memory_access_size(mr, l, addr1);
4917cf44 2481 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2482 potential bugs */
23326164
RH		 2483 switch (l) {
2484 case 8:
2485 /* 64 bit write access */
2486 val = ldq_p(buf);
3b643495
PM		 2487 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2488 attrs);
23326164
RH		 2489 break;
2490 case 4:
1c213d19 2491 /* 32 bit write access */
c27004ec 2492 val = ldl_p(buf);
3b643495
PM		 2493 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2494 attrs);
23326164
RH		 2495 break;
2496 case 2:
1c213d19 2497 /* 16 bit write access */
c27004ec 2498 val = lduw_p(buf);
3b643495
PM		 2499 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2500 attrs);
23326164
RH		 2501 break;
2502 case 1:
1c213d19 2503 /* 8 bit write access */
c27004ec 2504 val = ldub_p(buf);
3b643495
PM		 2505 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2506 attrs);
23326164
RH		 2507 break;
2508 default:
2509 abort();
13eb76e0 2510 }
2bbfa05d 2511 } else {
5c8a00ce 2512 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2513 /* RAM case */
5579c7f3 2514 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2515 memcpy(ptr, buf, l);
845b6214 2516 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2517 }
2518 } else {
5c8a00ce 2519 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2520 /* I/O case */
4840f10e 2521 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2522 l = memory_access_size(mr, l, addr1);
23326164
RH		 2523 switch (l) {
2524 case 8:
2525 /* 64 bit read access */
3b643495
PM		 2526 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2527 attrs);
23326164
RH		 2528 stq_p(buf, val);
2529 break;
2530 case 4:
13eb76e0 2531 /* 32 bit read access */
3b643495
PM		 2532 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2533 attrs);
c27004ec 2534 stl_p(buf, val);
23326164
RH		 2535 break;
2536 case 2:
13eb76e0 2537 /* 16 bit read access */
3b643495
PM		 2538 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2539 attrs);
c27004ec 2540 stw_p(buf, val);
23326164
RH		 2541 break;
2542 case 1:
1c213d19 2543 /* 8 bit read access */
3b643495
PM		 2544 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2545 attrs);
c27004ec 2546 stb_p(buf, val);
23326164
RH		 2547 break;
2548 default:
2549 abort();
13eb76e0
FB		 2550 }
2551 } else {
2552 /* RAM case */
5c8a00ce 2553 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2554 memcpy(buf, ptr, l);
13eb76e0
FB		 2555 }
2556 }
4840f10e
JK		 2557
2558 if (release_lock) {
2559 qemu_mutex_unlock_iothread();
2560 release_lock = false;
2561 }
2562
13eb76e0
FB		 2563 len -= l;
2564 buf += l;
2565 addr += l;
2566 }
41063e1e 2567 rcu_read_unlock();
fd8aaa76 2568
3b643495 2569 return result;
13eb76e0 2570}
8df1cd07 2571
5c9eb028
PM		 2572MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2573 const uint8_t *buf, int len)
ac1970fb 2574{
5c9eb028 2575 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2576}
2577
5c9eb028
PM		 2578MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2579 uint8_t *buf, int len)
ac1970fb 2580{
5c9eb028 2581 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2582}
2583
2584
a8170e5e 2585void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2586 int len, int is_write)
2587{
5c9eb028
PM		 2588 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2589 buf, len, is_write);
ac1970fb
AK		 2590}
2591
582b55a9
AG		 2592enum write_rom_type {
2593 WRITE_DATA,
2594 FLUSH_CACHE,
2595};
2596
2a221651 2597static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2598 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2599{
149f54b5 2600 hwaddr l;
d0ecd2aa 2601 uint8_t *ptr;
149f54b5 2602 hwaddr addr1;
5c8a00ce 2603 MemoryRegion *mr;
3b46e624 2604
41063e1e 2605 rcu_read_lock();
d0ecd2aa 2606 while (len > 0) {
149f54b5 2607 l = len;
2a221651 2608 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2609
5c8a00ce
PB		 2610 if (!(memory_region_is_ram(mr) ||
2611 memory_region_is_romd(mr))) {
b242e0e0 2612 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2613 } else {
5c8a00ce 2614 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2615 /* ROM/RAM case */
5579c7f3 2616 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2617 switch (type) {
2618 case WRITE_DATA:
2619 memcpy(ptr, buf, l);
845b6214 2620 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2621 break;
2622 case FLUSH_CACHE:
2623 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2624 break;
2625 }
d0ecd2aa
FB		 2626 }
2627 len -= l;
2628 buf += l;
2629 addr += l;
2630 }
41063e1e 2631 rcu_read_unlock();
d0ecd2aa
FB		 2632}
2633
582b55a9 2634/* used for ROM loading : can write in RAM and ROM */
2a221651 2635void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2636 const uint8_t *buf, int len)
2637{
2a221651 2638 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2639}
2640
2641void cpu_flush_icache_range(hwaddr start, int len)
2642{
2643 /*
2644 * This function should do the same thing as an icache flush that was
2645 * triggered from within the guest. For TCG we are always cache coherent,
2646 * so there is no need to flush anything. For KVM / Xen we need to flush
2647 * the host's instruction cache at least.
2648 */
2649 if (tcg_enabled()) {
2650 return;
2651 }
2652
2a221651
EI		 2653 cpu_physical_memory_write_rom_internal(&address_space_memory,
2654 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2655}
2656
6d16c2f8 2657typedef struct {
d3e71559 2658 MemoryRegion *mr;
6d16c2f8 2659 void *buffer;
a8170e5e
AK		 2660 hwaddr addr;
2661 hwaddr len;
c2cba0ff 2662 bool in_use;
6d16c2f8
AL		 2663} BounceBuffer;
2664
2665static BounceBuffer bounce;
2666
ba223c29 2667typedef struct MapClient {
e95205e1 2668 QEMUBH *bh;
72cf2d4f 2669 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2670} MapClient;
2671
38e047b5 2672QemuMutex map_client_list_lock;
72cf2d4f
BS		 2673static QLIST_HEAD(map_client_list, MapClient) map_client_list
2674 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2675
e95205e1
FZ		 2676static void cpu_unregister_map_client_do(MapClient *client)
2677{
2678 QLIST_REMOVE(client, link);
2679 g_free(client);
2680}
2681
33b6c2ed
FZ		 2682static void cpu_notify_map_clients_locked(void)
2683{
2684 MapClient *client;
2685
2686 while (!QLIST_EMPTY(&map_client_list)) {
2687 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2688 qemu_bh_schedule(client->bh);
2689 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2690 }
2691}
2692
e95205e1 2693void cpu_register_map_client(QEMUBH *bh)
ba223c29 2694{
7267c094 2695 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2696
38e047b5 2697 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2698 client->bh = bh;
72cf2d4f 2699 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2700 if (!atomic_read(&bounce.in_use)) {
2701 cpu_notify_map_clients_locked();
2702 }
38e047b5 2703 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2704}
2705
38e047b5 2706void cpu_exec_init_all(void)
ba223c29 2707{
38e047b5
FZ		 2708 qemu_mutex_init(&ram_list.mutex);
2709 memory_map_init();
2710 io_mem_init();
2711 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2712}
2713
e95205e1 2714void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2715{
2716 MapClient *client;
2717
e95205e1
FZ		 2718 qemu_mutex_lock(&map_client_list_lock);
2719 QLIST_FOREACH(client, &map_client_list, link) {
2720 if (client->bh == bh) {
2721 cpu_unregister_map_client_do(client);
2722 break;
2723 }
ba223c29 2724 }
e95205e1 2725 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2726}
2727
2728static void cpu_notify_map_clients(void)
2729{
38e047b5 2730 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2731 cpu_notify_map_clients_locked();
38e047b5 2732 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2733}
2734
51644ab7
PB		 2735bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2736{
5c8a00ce 2737 MemoryRegion *mr;
51644ab7
PB		 2738 hwaddr l, xlat;
2739
41063e1e 2740 rcu_read_lock();
51644ab7
PB		 2741 while (len > 0) {
2742 l = len;
5c8a00ce
PB		 2743 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2744 if (!memory_access_is_direct(mr, is_write)) {
2745 l = memory_access_size(mr, l, addr);
2746 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2747 return false;
2748 }
2749 }
2750
2751 len -= l;
2752 addr += l;
2753 }
41063e1e 2754 rcu_read_unlock();
51644ab7
PB		 2755 return true;
2756}
2757
6d16c2f8
AL		 2758/* Map a physical memory region into a host virtual address.
2759 * May map a subset of the requested range, given by and returned in *plen.
2760 * May return NULL if resources needed to perform the mapping are exhausted.
2761 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2762 * Use cpu_register_map_client() to know when retrying the map operation is
2763 * likely to succeed.
6d16c2f8 2764 */
ac1970fb 2765void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2766 hwaddr addr,
2767 hwaddr *plen,
ac1970fb 2768 bool is_write)
6d16c2f8 2769{
a8170e5e 2770 hwaddr len = *plen;
e3127ae0
PB		 2771 hwaddr done = 0;
2772 hwaddr l, xlat, base;
2773 MemoryRegion *mr, *this_mr;
2774 ram_addr_t raddr;
6d16c2f8 2775
e3127ae0
PB		 2776 if (len == 0) {
2777 return NULL;
2778 }
38bee5dc 2779
e3127ae0 2780 l = len;
41063e1e 2781 rcu_read_lock();
e3127ae0 2782 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2783
e3127ae0 2784 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2785 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2786 rcu_read_unlock();
e3127ae0 2787 return NULL;
6d16c2f8 2788 }
e85d9db5
KW		 2789 /* Avoid unbounded allocations */
2790 l = MIN(l, TARGET_PAGE_SIZE);
2791 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2792 bounce.addr = addr;
2793 bounce.len = l;
d3e71559
PB		 2794
2795 memory_region_ref(mr);
2796 bounce.mr = mr;
e3127ae0 2797 if (!is_write) {
5c9eb028
PM		 2798 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2799 bounce.buffer, l);
8ab934f9 2800 }
6d16c2f8 2801
41063e1e 2802 rcu_read_unlock();
e3127ae0
PB		 2803 *plen = l;
2804 return bounce.buffer;
2805 }
2806
2807 base = xlat;
2808 raddr = memory_region_get_ram_addr(mr);
2809
2810 for (;;) {
6d16c2f8
AL		 2811 len -= l;
2812 addr += l;
e3127ae0
PB		 2813 done += l;
2814 if (len == 0) {
2815 break;
2816 }
2817
2818 l = len;
2819 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2820 if (this_mr != mr || xlat != base + done) {
2821 break;
2822 }
6d16c2f8 2823 }
e3127ae0 2824
d3e71559 2825 memory_region_ref(mr);
41063e1e 2826 rcu_read_unlock();
e3127ae0
PB		 2827 *plen = done;
2828 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2829}
2830
ac1970fb 2831/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2832 * Will also mark the memory as dirty if is_write == 1. access_len gives
2833 * the amount of memory that was actually read or written by the caller.
2834 */
a8170e5e
AK		 2835void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2836 int is_write, hwaddr access_len)
6d16c2f8
AL		 2837{
2838 if (buffer != bounce.buffer) {
d3e71559
PB		 2839 MemoryRegion *mr;
2840 ram_addr_t addr1;
2841
2842 mr = qemu_ram_addr_from_host(buffer, &addr1);
2843 assert(mr != NULL);
6d16c2f8 2844 if (is_write) {
845b6214 2845 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2846 }
868bb33f 2847 if (xen_enabled()) {
e41d7c69 2848 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2849 }
d3e71559 2850 memory_region_unref(mr);
6d16c2f8
AL		 2851 return;
2852 }
2853 if (is_write) {
5c9eb028
PM		 2854 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2855 bounce.buffer, access_len);
6d16c2f8 2856 }
f8a83245 2857 qemu_vfree(bounce.buffer);
6d16c2f8 2858 bounce.buffer = NULL;
d3e71559 2859 memory_region_unref(bounce.mr);
c2cba0ff 2860 atomic_mb_set(&bounce.in_use, false);
ba223c29 2861 cpu_notify_map_clients();
6d16c2f8 2862}
d0ecd2aa 2863
a8170e5e
AK		 2864void *cpu_physical_memory_map(hwaddr addr,
2865 hwaddr *plen,
ac1970fb
AK		 2866 int is_write)
2867{
2868 return address_space_map(&address_space_memory, addr, plen, is_write);
2869}
2870
a8170e5e
AK		 2871void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2872 int is_write, hwaddr access_len)
ac1970fb
AK		 2873{
2874 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2875}
2876
8df1cd07 2877/* warning: addr must be aligned */
50013115
PM		 2878static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2879 MemTxAttrs attrs,
2880 MemTxResult *result,
2881 enum device_endian endian)
8df1cd07 2882{
8df1cd07 2883 uint8_t *ptr;
791af8c8 2884 uint64_t val;
5c8a00ce 2885 MemoryRegion *mr;
149f54b5
PB		 2886 hwaddr l = 4;
2887 hwaddr addr1;
50013115 2888 MemTxResult r;
4840f10e 2889 bool release_lock = false;
8df1cd07 2890
41063e1e 2891 rcu_read_lock();
fdfba1a2 2892 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2893 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2894 release_lock |= prepare_mmio_access(mr);
125b3806 2895
8df1cd07 2896 /* I/O case */
50013115 2897 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2898#if defined(TARGET_WORDS_BIGENDIAN)
2899 if (endian == DEVICE_LITTLE_ENDIAN) {
2900 val = bswap32(val);
2901 }
2902#else
2903 if (endian == DEVICE_BIG_ENDIAN) {
2904 val = bswap32(val);
2905 }
2906#endif
8df1cd07
FB		 2907 } else {
2908 /* RAM case */
5c8a00ce 2909 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2910 & TARGET_PAGE_MASK)
149f54b5 2911 + addr1);
1e78bcc1
AG		 2912 switch (endian) {
2913 case DEVICE_LITTLE_ENDIAN:
2914 val = ldl_le_p(ptr);
2915 break;
2916 case DEVICE_BIG_ENDIAN:
2917 val = ldl_be_p(ptr);
2918 break;
2919 default:
2920 val = ldl_p(ptr);
2921 break;
2922 }
50013115
PM		 2923 r = MEMTX_OK;
2924 }
2925 if (result) {
2926 *result = r;
8df1cd07 2927 }
4840f10e
JK		 2928 if (release_lock) {
2929 qemu_mutex_unlock_iothread();
2930 }
41063e1e 2931 rcu_read_unlock();
8df1cd07
FB		 2932 return val;
2933}
2934
50013115
PM		 2935uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2936 MemTxAttrs attrs, MemTxResult *result)
2937{
2938 return address_space_ldl_internal(as, addr, attrs, result,
2939 DEVICE_NATIVE_ENDIAN);
2940}
2941
2942uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2943 MemTxAttrs attrs, MemTxResult *result)
2944{
2945 return address_space_ldl_internal(as, addr, attrs, result,
2946 DEVICE_LITTLE_ENDIAN);
2947}
2948
2949uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2950 MemTxAttrs attrs, MemTxResult *result)
2951{
2952 return address_space_ldl_internal(as, addr, attrs, result,
2953 DEVICE_BIG_ENDIAN);
2954}
2955
fdfba1a2 2956uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2957{
50013115 2958 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2959}
2960
fdfba1a2 2961uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2962{
50013115 2963 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2964}
2965
fdfba1a2 2966uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2967{
50013115 2968 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2969}
2970
84b7b8e7 2971/* warning: addr must be aligned */
50013115
PM		 2972static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2973 MemTxAttrs attrs,
2974 MemTxResult *result,
2975 enum device_endian endian)
84b7b8e7 2976{
84b7b8e7
FB		 2977 uint8_t *ptr;
2978 uint64_t val;
5c8a00ce 2979 MemoryRegion *mr;
149f54b5
PB		 2980 hwaddr l = 8;
2981 hwaddr addr1;
50013115 2982 MemTxResult r;
4840f10e 2983 bool release_lock = false;
84b7b8e7 2984
41063e1e 2985 rcu_read_lock();
2c17449b 2986 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2987 false);
2988 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 2989 release_lock |= prepare_mmio_access(mr);
125b3806 2990
84b7b8e7 2991 /* I/O case */
50013115 2992 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 2993#if defined(TARGET_WORDS_BIGENDIAN)
2994 if (endian == DEVICE_LITTLE_ENDIAN) {
2995 val = bswap64(val);
2996 }
2997#else
2998 if (endian == DEVICE_BIG_ENDIAN) {
2999 val = bswap64(val);
3000 }
84b7b8e7
FB		 3001#endif
3002 } else {
3003 /* RAM case */
5c8a00ce 3004 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3005 & TARGET_PAGE_MASK)
149f54b5 3006 + addr1);
1e78bcc1
AG		 3007 switch (endian) {
3008 case DEVICE_LITTLE_ENDIAN:
3009 val = ldq_le_p(ptr);
3010 break;
3011 case DEVICE_BIG_ENDIAN:
3012 val = ldq_be_p(ptr);
3013 break;
3014 default:
3015 val = ldq_p(ptr);
3016 break;
3017 }
50013115
PM		 3018 r = MEMTX_OK;
3019 }
3020 if (result) {
3021 *result = r;
84b7b8e7 3022 }
4840f10e
JK		 3023 if (release_lock) {
3024 qemu_mutex_unlock_iothread();
3025 }
41063e1e 3026 rcu_read_unlock();
84b7b8e7
FB		 3027 return val;
3028}
3029
50013115
PM		 3030uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3031 MemTxAttrs attrs, MemTxResult *result)
3032{
3033 return address_space_ldq_internal(as, addr, attrs, result,
3034 DEVICE_NATIVE_ENDIAN);
3035}
3036
3037uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3038 MemTxAttrs attrs, MemTxResult *result)
3039{
3040 return address_space_ldq_internal(as, addr, attrs, result,
3041 DEVICE_LITTLE_ENDIAN);
3042}
3043
3044uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3045 MemTxAttrs attrs, MemTxResult *result)
3046{
3047 return address_space_ldq_internal(as, addr, attrs, result,
3048 DEVICE_BIG_ENDIAN);
3049}
3050
2c17449b 3051uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3052{
50013115 3053 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3054}
3055
2c17449b 3056uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3057{
50013115 3058 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3059}
3060
2c17449b 3061uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3062{
50013115 3063 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3064}
3065
aab33094 3066/* XXX: optimize */
50013115
PM		 3067uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3068 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3069{
3070 uint8_t val;
50013115
PM		 3071 MemTxResult r;
3072
3073 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3074 if (result) {
3075 *result = r;
3076 }
aab33094
FB		 3077 return val;
3078}
3079
50013115
PM		 3080uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3081{
3082 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3083}
3084
733f0b02 3085/* warning: addr must be aligned */
50013115
PM		 3086static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3087 hwaddr addr,
3088 MemTxAttrs attrs,
3089 MemTxResult *result,
3090 enum device_endian endian)
aab33094 3091{
733f0b02
MT		 3092 uint8_t *ptr;
3093 uint64_t val;
5c8a00ce 3094 MemoryRegion *mr;
149f54b5
PB		 3095 hwaddr l = 2;
3096 hwaddr addr1;
50013115 3097 MemTxResult r;
4840f10e 3098 bool release_lock = false;
733f0b02 3099
41063e1e 3100 rcu_read_lock();
41701aa4 3101 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3102 false);
3103 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3104 release_lock |= prepare_mmio_access(mr);
125b3806 3105
733f0b02 3106 /* I/O case */
50013115 3107 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3108#if defined(TARGET_WORDS_BIGENDIAN)
3109 if (endian == DEVICE_LITTLE_ENDIAN) {
3110 val = bswap16(val);
3111 }
3112#else
3113 if (endian == DEVICE_BIG_ENDIAN) {
3114 val = bswap16(val);
3115 }
3116#endif
733f0b02
MT		 3117 } else {
3118 /* RAM case */
5c8a00ce 3119 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3120 & TARGET_PAGE_MASK)
149f54b5 3121 + addr1);
1e78bcc1
AG		 3122 switch (endian) {
3123 case DEVICE_LITTLE_ENDIAN:
3124 val = lduw_le_p(ptr);
3125 break;
3126 case DEVICE_BIG_ENDIAN:
3127 val = lduw_be_p(ptr);
3128 break;
3129 default:
3130 val = lduw_p(ptr);
3131 break;
3132 }
50013115
PM		 3133 r = MEMTX_OK;
3134 }
3135 if (result) {
3136 *result = r;
733f0b02 3137 }
4840f10e
JK		 3138 if (release_lock) {
3139 qemu_mutex_unlock_iothread();
3140 }
41063e1e 3141 rcu_read_unlock();
733f0b02 3142 return val;
aab33094
FB		 3143}
3144
50013115
PM		 3145uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs, MemTxResult *result)
3147{
3148 return address_space_lduw_internal(as, addr, attrs, result,
3149 DEVICE_NATIVE_ENDIAN);
3150}
3151
3152uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3153 MemTxAttrs attrs, MemTxResult *result)
3154{
3155 return address_space_lduw_internal(as, addr, attrs, result,
3156 DEVICE_LITTLE_ENDIAN);
3157}
3158
3159uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3160 MemTxAttrs attrs, MemTxResult *result)
3161{
3162 return address_space_lduw_internal(as, addr, attrs, result,
3163 DEVICE_BIG_ENDIAN);
3164}
3165
41701aa4 3166uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3167{
50013115 3168 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3169}
3170
41701aa4 3171uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3172{
50013115 3173 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3174}
3175
41701aa4 3176uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3177{
50013115 3178 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3179}
3180
8df1cd07
FB		 3181/* warning: addr must be aligned. The ram page is not masked as dirty
3182 and the code inside is not invalidated. It is useful if the dirty
3183 bits are used to track modified PTEs */
50013115
PM		 3184void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3185 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3186{
8df1cd07 3187 uint8_t *ptr;
5c8a00ce 3188 MemoryRegion *mr;
149f54b5
PB		 3189 hwaddr l = 4;
3190 hwaddr addr1;
50013115 3191 MemTxResult r;
845b6214 3192 uint8_t dirty_log_mask;
4840f10e 3193 bool release_lock = false;
8df1cd07 3194
41063e1e 3195 rcu_read_lock();
2198a121 3196 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3197 true);
3198 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3199 release_lock |= prepare_mmio_access(mr);
125b3806 3200
50013115 3201 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3202 } else {
5c8a00ce 3203 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3204 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3205 stl_p(ptr, val);
74576198 3206
845b6214
PB		 3207 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3208 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3209 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3210 r = MEMTX_OK;
3211 }
3212 if (result) {
3213 *result = r;
8df1cd07 3214 }
4840f10e
JK		 3215 if (release_lock) {
3216 qemu_mutex_unlock_iothread();
3217 }
41063e1e 3218 rcu_read_unlock();
8df1cd07
FB		 3219}
3220
50013115
PM		 3221void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3222{
3223 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3224}
3225
8df1cd07 3226/* warning: addr must be aligned */
50013115
PM		 3227static inline void address_space_stl_internal(AddressSpace *as,
3228 hwaddr addr, uint32_t val,
3229 MemTxAttrs attrs,
3230 MemTxResult *result,
3231 enum device_endian endian)
8df1cd07 3232{
8df1cd07 3233 uint8_t *ptr;
5c8a00ce 3234 MemoryRegion *mr;
149f54b5
PB		 3235 hwaddr l = 4;
3236 hwaddr addr1;
50013115 3237 MemTxResult r;
4840f10e 3238 bool release_lock = false;
8df1cd07 3239
41063e1e 3240 rcu_read_lock();
ab1da857 3241 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3242 true);
3243 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3244 release_lock |= prepare_mmio_access(mr);
125b3806 3245
1e78bcc1
AG		 3246#if defined(TARGET_WORDS_BIGENDIAN)
3247 if (endian == DEVICE_LITTLE_ENDIAN) {
3248 val = bswap32(val);
3249 }
3250#else
3251 if (endian == DEVICE_BIG_ENDIAN) {
3252 val = bswap32(val);
3253 }
3254#endif
50013115 3255 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3256 } else {
8df1cd07 3257 /* RAM case */
5c8a00ce 3258 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3259 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3260 switch (endian) {
3261 case DEVICE_LITTLE_ENDIAN:
3262 stl_le_p(ptr, val);
3263 break;
3264 case DEVICE_BIG_ENDIAN:
3265 stl_be_p(ptr, val);
3266 break;
3267 default:
3268 stl_p(ptr, val);
3269 break;
3270 }
845b6214 3271 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3272 r = MEMTX_OK;
3273 }
3274 if (result) {
3275 *result = r;
8df1cd07 3276 }
4840f10e
JK		 3277 if (release_lock) {
3278 qemu_mutex_unlock_iothread();
3279 }
41063e1e 3280 rcu_read_unlock();
8df1cd07
FB		 3281}
3282
50013115
PM		 3283void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3284 MemTxAttrs attrs, MemTxResult *result)
3285{
3286 address_space_stl_internal(as, addr, val, attrs, result,
3287 DEVICE_NATIVE_ENDIAN);
3288}
3289
3290void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3291 MemTxAttrs attrs, MemTxResult *result)
3292{
3293 address_space_stl_internal(as, addr, val, attrs, result,
3294 DEVICE_LITTLE_ENDIAN);
3295}
3296
3297void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3298 MemTxAttrs attrs, MemTxResult *result)
3299{
3300 address_space_stl_internal(as, addr, val, attrs, result,
3301 DEVICE_BIG_ENDIAN);
3302}
3303
ab1da857 3304void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3305{
50013115 3306 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3307}
3308
ab1da857 3309void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3310{
50013115 3311 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3312}
3313
ab1da857 3314void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3315{
50013115 3316 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3317}
3318
aab33094 3319/* XXX: optimize */
50013115
PM		 3320void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3321 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3322{
3323 uint8_t v = val;
50013115
PM		 3324 MemTxResult r;
3325
3326 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3327 if (result) {
3328 *result = r;
3329 }
3330}
3331
3332void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3333{
3334 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3335}
3336
733f0b02 3337/* warning: addr must be aligned */
50013115
PM		 3338static inline void address_space_stw_internal(AddressSpace *as,
3339 hwaddr addr, uint32_t val,
3340 MemTxAttrs attrs,
3341 MemTxResult *result,
3342 enum device_endian endian)
aab33094 3343{
733f0b02 3344 uint8_t *ptr;
5c8a00ce 3345 MemoryRegion *mr;
149f54b5
PB		 3346 hwaddr l = 2;
3347 hwaddr addr1;
50013115 3348 MemTxResult r;
4840f10e 3349 bool release_lock = false;
733f0b02 3350
41063e1e 3351 rcu_read_lock();
5ce5944d 3352 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3353 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3354 release_lock |= prepare_mmio_access(mr);
125b3806 3355
1e78bcc1
AG		 3356#if defined(TARGET_WORDS_BIGENDIAN)
3357 if (endian == DEVICE_LITTLE_ENDIAN) {
3358 val = bswap16(val);
3359 }
3360#else
3361 if (endian == DEVICE_BIG_ENDIAN) {
3362 val = bswap16(val);
3363 }
3364#endif
50013115 3365 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3366 } else {
733f0b02 3367 /* RAM case */
5c8a00ce 3368 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3369 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3370 switch (endian) {
3371 case DEVICE_LITTLE_ENDIAN:
3372 stw_le_p(ptr, val);
3373 break;
3374 case DEVICE_BIG_ENDIAN:
3375 stw_be_p(ptr, val);
3376 break;
3377 default:
3378 stw_p(ptr, val);
3379 break;
3380 }
845b6214 3381 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3382 r = MEMTX_OK;
3383 }
3384 if (result) {
3385 *result = r;
733f0b02 3386 }
4840f10e
JK		 3387 if (release_lock) {
3388 qemu_mutex_unlock_iothread();
3389 }
41063e1e 3390 rcu_read_unlock();
aab33094
FB		 3391}
3392
50013115
PM		 3393void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3395{
3396 address_space_stw_internal(as, addr, val, attrs, result,
3397 DEVICE_NATIVE_ENDIAN);
3398}
3399
3400void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3401 MemTxAttrs attrs, MemTxResult *result)
3402{
3403 address_space_stw_internal(as, addr, val, attrs, result,
3404 DEVICE_LITTLE_ENDIAN);
3405}
3406
3407void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs, MemTxResult *result)
3409{
3410 address_space_stw_internal(as, addr, val, attrs, result,
3411 DEVICE_BIG_ENDIAN);
3412}
3413
5ce5944d 3414void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3415{
50013115 3416 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3417}
3418
5ce5944d 3419void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3420{
50013115 3421 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3422}
3423
5ce5944d 3424void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3425{
50013115 3426 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3427}
3428
aab33094 3429/* XXX: optimize */
50013115
PM		 3430void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3431 MemTxAttrs attrs, MemTxResult *result)
aab33094 3432{
50013115 3433 MemTxResult r;
aab33094 3434 val = tswap64(val);
50013115
PM		 3435 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3436 if (result) {
3437 *result = r;
3438 }
aab33094
FB		 3439}
3440
50013115
PM		 3441void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3442 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3443{
50013115 3444 MemTxResult r;
1e78bcc1 3445 val = cpu_to_le64(val);
50013115
PM		 3446 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3447 if (result) {
3448 *result = r;
3449 }
3450}
3451void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3452 MemTxAttrs attrs, MemTxResult *result)
3453{
3454 MemTxResult r;
3455 val = cpu_to_be64(val);
3456 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3457 if (result) {
3458 *result = r;
3459 }
3460}
3461
3462void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3463{
3464 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3465}
3466
3467void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3468{
3469 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3470}
3471
f606604f 3472void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3473{
50013115 3474 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3475}
3476
5e2972fd 3477/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3478int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3479 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3480{
3481 int l;
a8170e5e 3482 hwaddr phys_addr;
9b3c35e0 3483 target_ulong page;
13eb76e0
FB		 3484
3485 while (len > 0) {
3486 page = addr & TARGET_PAGE_MASK;
f17ec444 3487 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3488 /* if no physical page mapped, return an error */
3489 if (phys_addr == -1)
3490 return -1;
3491 l = (page + TARGET_PAGE_SIZE) - addr;
3492 if (l > len)
3493 l = len;
5e2972fd 3494 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3495 if (is_write) {
3496 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3497 } else {
5c9eb028
PM		 3498 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3499 buf, l, 0);
2e38847b 3500 }
13eb76e0
FB		 3501 len -= l;
3502 buf += l;
3503 addr += l;
3504 }
3505 return 0;
3506}
a68fe89c 3507#endif
13eb76e0 3508
8e4a424b
BS		 3509/*
3510 * A helper function for the _utterly broken_ virtio device model to find out if
3511 * it's running on a big endian machine. Don't do this at home kids!
3512 */
98ed8ecf
GK		 3513bool target_words_bigendian(void);
3514bool target_words_bigendian(void)
8e4a424b
BS		 3515{
3516#if defined(TARGET_WORDS_BIGENDIAN)
3517 return true;
3518#else
3519 return false;
3520#endif
3521}
3522
76f35538 3523#ifndef CONFIG_USER_ONLY
a8170e5e 3524bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3525{
5c8a00ce 3526 MemoryRegion*mr;
149f54b5 3527 hwaddr l = 1;
41063e1e 3528 bool res;
76f35538 3529
41063e1e 3530 rcu_read_lock();
5c8a00ce
PB		 3531 mr = address_space_translate(&address_space_memory,
3532 phys_addr, &phys_addr, &l, false);
76f35538 3533
41063e1e
PB		 3534 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3535 rcu_read_unlock();
3536 return res;
76f35538 3537}
bd2fa51f 3538
e3807054 3539int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3540{
3541 RAMBlock *block;
e3807054 3542 int ret = 0;
bd2fa51f 3543
0dc3f44a
MD		 3544 rcu_read_lock();
3545 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3546 ret = func(block->idstr, block->host, block->offset,
3547 block->used_length, opaque);
3548 if (ret) {
3549 break;
3550 }
bd2fa51f 3551 }
0dc3f44a 3552 rcu_read_unlock();
e3807054 3553 return ret;
bd2fa51f 3554}
ec3f8c99 3555#endif
QEMU mirror