]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
libqos/ahci: ATAPI identify
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
67d95c15 57
b35ba30f 58#include "qemu/range.h"
794e8f30
MT		 59#ifndef _WIN32
60#include "qemu/mmap-alloc.h"
61#endif
b35ba30f 62
db7b5426 63//#define DEBUG_SUBPAGE
1196be37 64
e2eef170 65#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 66/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
0d53d9fe 69RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 70
71static MemoryRegion *system_memory;
309cb471 72static MemoryRegion *system_io;
62152b8a 73
f6790af6
AK		 74AddressSpace address_space_io;
75AddressSpace address_space_memory;
2673a5da 76
0844e007 77MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 78static MemoryRegion io_mem_unassigned;
0e0df1e2 79
7bd4f430
PB		 80/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81#define RAM_PREALLOC (1 << 0)
82
dbcb8981
PB		 83/* RAM is mmap-ed with MAP_SHARED */
84#define RAM_SHARED (1 << 1)
85
62be4e3a
MT		 86/* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89#define RAM_RESIZEABLE (1 << 2)
90
e2eef170 91#endif
9fa3e853 92
bdc44640 93struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 94/* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
f240eb6f 96__thread CPUState *current_cpu;
2e70f6ef 97/* 0 = Do not count executed instructions.
bf20dc07 98 1 = Precise instruction counting.
2e70f6ef 99 2 = Adaptive rate instruction counting. */
5708fc66 100int use_icount;
6a00d601 101
e2eef170 102#if !defined(CONFIG_USER_ONLY)
4346ae3e 103
1db8abb1
PB		 104typedef struct PhysPageEntry PhysPageEntry;
105
106struct PhysPageEntry {
9736e55b 107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 108 uint32_t skip : 6;
9736e55b 109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 110 uint32_t ptr : 26;
1db8abb1
PB		 111};
112
8b795765
MT		 113#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
03f49957 115/* Size of the L2 (and L3, etc) page tables. */
57271d63 116#define ADDR_SPACE_BITS 64
03f49957 117
026736ce 118#define P_L2_BITS 9
03f49957
PB		 119#define P_L2_SIZE (1 << P_L2_BITS)
120
121#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 124
53cb28cb 125typedef struct PhysPageMap {
79e2b9ae
PB		 126 struct rcu_head rcu;
127
53cb28cb
MA		 128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134} PhysPageMap;
135
1db8abb1 136struct AddressSpaceDispatch {
79e2b9ae
PB		 137 struct rcu_head rcu;
138
1db8abb1
PB		 139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
53cb28cb 143 PhysPageMap map;
acc9d80b 144 AddressSpace *as;
1db8abb1
PB		 145};
146
90260c6c
JK		 147#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148typedef struct subpage_t {
149 MemoryRegion iomem;
acc9d80b 150 AddressSpace *as;
90260c6c
JK		 151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153} subpage_t;
154
b41aac4f
LPF		 155#define PHYS_SECTION_UNASSIGNED 0
156#define PHYS_SECTION_NOTDIRTY 1
157#define PHYS_SECTION_ROM 2
158#define PHYS_SECTION_WATCH 3
5312bd8b 159
e2eef170 160static void io_mem_init(void);
62152b8a 161static void memory_map_init(void);
09daed84 162static void tcg_commit(MemoryListener *listener);
e2eef170 163
1ec9b909 164static MemoryRegion io_mem_watch;
32857f4d
PM		 165
166/**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178};
179
6658ffb8 180#endif
fd6ce8f6 181
6d9a1304 182#if !defined(CONFIG_USER_ONLY)
d6f2ea22 183
53cb28cb 184static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 185{
53cb28cb
MA		 186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 190 }
f7bf5461
AK		 191}
192
db94604b 193static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 194{
195 unsigned i;
8b795765 196 uint32_t ret;
db94604b
PB		 197 PhysPageEntry e;
198 PhysPageEntry *p;
f7bf5461 199
53cb28cb 200 ret = map->nodes_nb++;
db94604b 201 p = map->nodes[ret];
f7bf5461 202 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 203 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 207 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 208 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 209 }
f7bf5461 210 return ret;
d6f2ea22
AK		 211}
212
53cb28cb
MA		 213static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 215 int level)
f7bf5461
AK		 216{
217 PhysPageEntry *p;
03f49957 218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 219
9736e55b 220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 221 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 222 }
db94604b 223 p = map->nodes[lp->ptr];
03f49957 224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 225
03f49957 226 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 227 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 228 lp->skip = 0;
c19e8800 229 lp->ptr = leaf;
07f07b31
AK		 230 *index += step;
231 *nb -= step;
2999097b 232 } else {
53cb28cb 233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 234 }
235 ++lp;
f7bf5461
AK		 236 }
237}
238
ac1970fb 239static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 240 hwaddr index, hwaddr nb,
2999097b 241 uint16_t leaf)
f7bf5461 242{
2999097b 243 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 245
53cb28cb 246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 247}
248
b35ba30f
MT		 249/* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253{
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300}
301
302static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303{
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
53cb28cb 307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 308 }
309}
310
97115a8d 311static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 312 Node *nodes, MemoryRegionSection *sections)
92e873b9 313{
31ab2b4a 314 PhysPageEntry *p;
97115a8d 315 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 316 int i;
f1f6e3b8 317
9736e55b 318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 320 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 321 }
9affd6fc 322 p = nodes[lp.ptr];
03f49957 323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 324 }
b35ba30f
MT		 325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
f3705d53
AK		 333}
334
e5548617
BS		 335bool memory_region_is_unassigned(MemoryRegion *mr)
336{
2a8e7499 337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 338 && mr != &io_mem_watch;
fd6ce8f6 339}
149f54b5 340
79e2b9ae 341/* Called from RCU critical section */
c7086b4a 342static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 343 hwaddr addr,
344 bool resolve_subpage)
9f029603 345{
90260c6c
JK		 346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
53cb28cb 349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 353 }
354 return section;
9f029603
JK		 355}
356
79e2b9ae 357/* Called from RCU critical section */
90260c6c 358static MemoryRegionSection *
c7086b4a 359address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 360 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 361{
362 MemoryRegionSection *section;
965eb2fc 363 MemoryRegion *mr;
a87f3954 364 Int128 diff;
149f54b5 365
c7086b4a 366 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
965eb2fc 373 mr = section->mr;
b242e0e0
PB		 374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
965eb2fc 386 if (memory_region_is_ram(mr)) {
e4a511f8 387 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
149f54b5
PB		 390 return section;
391}
90260c6c 392
41063e1e 393/* Called from RCU critical section */
5c8a00ce
PB		 394MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
90260c6c 397{
30951157
AK		 398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
30951157
AK		 401
402 for (;;) {
79e2b9ae
PB		 403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
8d7b8cb9 411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
23820dbf 414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
fe680d0d 423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 425 *plen = MIN(page, *plen);
a87f3954
PB		 426 }
427
30951157
AK		 428 *xlat = addr;
429 return mr;
90260c6c
JK		 430}
431
79e2b9ae 432/* Called from RCU critical section */
90260c6c 433MemoryRegionSection *
9d82b5a7
PB		 434address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
90260c6c 436{
30951157 437 MemoryRegionSection *section;
32857f4d 438 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 439 addr, xlat, plen, false);
30951157
AK		 440
441 assert(!section->mr->iommu_ops);
442 return section;
90260c6c 443}
5b6dd868 444#endif
fd6ce8f6 445
b170fce3 446#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 447
448static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 449{
259186a7 450 CPUState *cpu = opaque;
a513fe19 451
5b6dd868
BS		 452 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
453 version_id is increased. */
259186a7 454 cpu->interrupt_request &= ~0x01;
c01a71c1 455 tlb_flush(cpu, 1);
5b6dd868
BS		 456
457 return 0;
a513fe19 458}
7501267e 459
6c3bff0e
PD		 460static int cpu_common_pre_load(void *opaque)
461{
462 CPUState *cpu = opaque;
463
adee6424 464 cpu->exception_index = -1;
6c3bff0e
PD		 465
466 return 0;
467}
468
469static bool cpu_common_exception_index_needed(void *opaque)
470{
471 CPUState *cpu = opaque;
472
adee6424 473 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 474}
475
476static const VMStateDescription vmstate_cpu_common_exception_index = {
477 .name = "cpu_common/exception_index",
478 .version_id = 1,
479 .minimum_version_id = 1,
5cd8cada 480 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 481 .fields = (VMStateField[]) {
482 VMSTATE_INT32(exception_index, CPUState),
483 VMSTATE_END_OF_LIST()
484 }
485};
486
bac05aa9
AS		 487static bool cpu_common_crash_occurred_needed(void *opaque)
488{
489 CPUState *cpu = opaque;
490
491 return cpu->crash_occurred;
492}
493
494static const VMStateDescription vmstate_cpu_common_crash_occurred = {
495 .name = "cpu_common/crash_occurred",
496 .version_id = 1,
497 .minimum_version_id = 1,
498 .needed = cpu_common_crash_occurred_needed,
499 .fields = (VMStateField[]) {
500 VMSTATE_BOOL(crash_occurred, CPUState),
501 VMSTATE_END_OF_LIST()
502 }
503};
504
1a1562f5 505const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 506 .name = "cpu_common",
507 .version_id = 1,
508 .minimum_version_id = 1,
6c3bff0e 509 .pre_load = cpu_common_pre_load,
5b6dd868 510 .post_load = cpu_common_post_load,
35d08458 511 .fields = (VMStateField[]) {
259186a7
AF		 512 VMSTATE_UINT32(halted, CPUState),
513 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 514 VMSTATE_END_OF_LIST()
6c3bff0e 515 },
5cd8cada
JQ		 516 .subsections = (const VMStateDescription*[]) {
517 &vmstate_cpu_common_exception_index,
bac05aa9 518 &vmstate_cpu_common_crash_occurred,
5cd8cada 519 NULL
5b6dd868
BS		 520 }
521};
1a1562f5 522
5b6dd868 523#endif
ea041c0e 524
38d8f5c8 525CPUState *qemu_get_cpu(int index)
ea041c0e 526{
bdc44640 527 CPUState *cpu;
ea041c0e 528
bdc44640 529 CPU_FOREACH(cpu) {
55e5c285 530 if (cpu->cpu_index == index) {
bdc44640 531 return cpu;
55e5c285 532 }
ea041c0e 533 }
5b6dd868 534
bdc44640 535 return NULL;
ea041c0e
FB		 536}
537
09daed84
EI		 538#if !defined(CONFIG_USER_ONLY)
539void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
540{
541 /* We only support one address space per cpu at the moment. */
542 assert(cpu->as == as);
543
32857f4d
PM		 544 if (cpu->cpu_ases) {
545 /* We've already registered the listener for our only AS */
546 return;
09daed84 547 }
32857f4d
PM		 548
549 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
550 cpu->cpu_ases[0].cpu = cpu;
551 cpu->cpu_ases[0].as = as;
552 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
553 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 554}
555#endif
556
b7bca733
BR		 557#ifndef CONFIG_USER_ONLY
558static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
559
560static int cpu_get_free_index(Error **errp)
561{
562 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
563
564 if (cpu >= MAX_CPUMASK_BITS) {
565 error_setg(errp, "Trying to use more CPUs than max of %d",
566 MAX_CPUMASK_BITS);
567 return -1;
568 }
569
570 bitmap_set(cpu_index_map, cpu, 1);
571 return cpu;
572}
573
574void cpu_exec_exit(CPUState *cpu)
575{
576 if (cpu->cpu_index == -1) {
577 /* cpu_index was never allocated by this @cpu or was already freed. */
578 return;
579 }
580
581 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
582 cpu->cpu_index = -1;
583}
584#else
585
586static int cpu_get_free_index(Error **errp)
587{
588 CPUState *some_cpu;
589 int cpu_index = 0;
590
591 CPU_FOREACH(some_cpu) {
592 cpu_index++;
593 }
594 return cpu_index;
595}
596
597void cpu_exec_exit(CPUState *cpu)
598{
599}
600#endif
601
4bad9e39 602void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 603{
b170fce3 604 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 605 int cpu_index;
b7bca733 606 Error *local_err = NULL;
5b6dd868 607
291135b5
EH		 608#ifndef CONFIG_USER_ONLY
609 cpu->as = &address_space_memory;
610 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 611#endif
612
5b6dd868
BS		 613#if defined(CONFIG_USER_ONLY)
614 cpu_list_lock();
615#endif
b7bca733
BR		 616 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
617 if (local_err) {
618 error_propagate(errp, local_err);
619#if defined(CONFIG_USER_ONLY)
620 cpu_list_unlock();
621#endif
622 return;
5b6dd868 623 }
bdc44640 624 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 625#if defined(CONFIG_USER_ONLY)
626 cpu_list_unlock();
627#endif
e0d47944
AF		 628 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
629 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
630 }
5b6dd868 631#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 632 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 633 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 634 assert(cc->vmsd == NULL);
e0d47944 635 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 636#endif
b170fce3
AF		 637 if (cc->vmsd != NULL) {
638 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
639 }
ea041c0e
FB		 640}
641
94df27fd 642#if defined(CONFIG_USER_ONLY)
00b941e5 643static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 644{
645 tb_invalidate_phys_page_range(pc, pc + 1, 0);
646}
647#else
00b941e5 648static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 649{
e8262a1b
MF		 650 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
651 if (phys != -1) {
09daed84 652 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 653 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 654 }
1e7855a5 655}
c27004ec 656#endif
d720b93d 657
c527ee8f 658#if defined(CONFIG_USER_ONLY)
75a34036 659void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 660
661{
662}
663
3ee887e8
PM		 664int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
665 int flags)
666{
667 return -ENOSYS;
668}
669
670void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
671{
672}
673
75a34036 674int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 675 int flags, CPUWatchpoint **watchpoint)
676{
677 return -ENOSYS;
678}
679#else
6658ffb8 680/* Add a watchpoint. */
75a34036 681int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 682 int flags, CPUWatchpoint **watchpoint)
6658ffb8 683{
c0ce998e 684 CPUWatchpoint *wp;
6658ffb8 685
05068c0d 686 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 687 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 688 error_report("tried to set invalid watchpoint at %"
689 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 690 return -EINVAL;
691 }
7267c094 692 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 693
694 wp->vaddr = addr;
05068c0d 695 wp->len = len;
a1d1bb31
AL		 696 wp->flags = flags;
697
2dc9f411 698 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 699 if (flags & BP_GDB) {
700 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
701 } else {
702 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
703 }
6658ffb8 704
31b030d4 705 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 706
707 if (watchpoint)
708 *watchpoint = wp;
709 return 0;
6658ffb8
PB		 710}
711
a1d1bb31 712/* Remove a specific watchpoint. */
75a34036 713int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 714 int flags)
6658ffb8 715{
a1d1bb31 716 CPUWatchpoint *wp;
6658ffb8 717
ff4700b0 718 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 719 if (addr == wp->vaddr && len == wp->len
6e140f28 720 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 721 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 722 return 0;
723 }
724 }
a1d1bb31 725 return -ENOENT;
6658ffb8
PB		 726}
727
a1d1bb31 728/* Remove a specific watchpoint by reference. */
75a34036 729void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 730{
ff4700b0 731 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 732
31b030d4 733 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 734
7267c094 735 g_free(watchpoint);
a1d1bb31
AL		 736}
737
738/* Remove all matching watchpoints. */
75a34036 739void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 740{
c0ce998e 741 CPUWatchpoint *wp, *next;
a1d1bb31 742
ff4700b0 743 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 744 if (wp->flags & mask) {
745 cpu_watchpoint_remove_by_ref(cpu, wp);
746 }
c0ce998e 747 }
7d03f82f 748}
05068c0d
PM		 749
750/* Return true if this watchpoint address matches the specified
751 * access (ie the address range covered by the watchpoint overlaps
752 * partially or completely with the address range covered by the
753 * access).
754 */
755static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
756 vaddr addr,
757 vaddr len)
758{
759 /* We know the lengths are non-zero, but a little caution is
760 * required to avoid errors in the case where the range ends
761 * exactly at the top of the address space and so addr + len
762 * wraps round to zero.
763 */
764 vaddr wpend = wp->vaddr + wp->len - 1;
765 vaddr addrend = addr + len - 1;
766
767 return !(addr > wpend || wp->vaddr > addrend);
768}
769
c527ee8f 770#endif
7d03f82f 771
a1d1bb31 772/* Add a breakpoint. */
b3310ab3 773int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 774 CPUBreakpoint **breakpoint)
4c3a88a2 775{
c0ce998e 776 CPUBreakpoint *bp;
3b46e624 777
7267c094 778 bp = g_malloc(sizeof(*bp));
4c3a88a2 779
a1d1bb31
AL		 780 bp->pc = pc;
781 bp->flags = flags;
782
2dc9f411 783 /* keep all GDB-injected breakpoints in front */
00b941e5 784 if (flags & BP_GDB) {
f0c3c505 785 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 786 } else {
f0c3c505 787 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 788 }
3b46e624 789
f0c3c505 790 breakpoint_invalidate(cpu, pc);
a1d1bb31 791
00b941e5 792 if (breakpoint) {
a1d1bb31 793 *breakpoint = bp;
00b941e5 794 }
4c3a88a2 795 return 0;
4c3a88a2
FB		 796}
797
a1d1bb31 798/* Remove a specific breakpoint. */
b3310ab3 799int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 800{
a1d1bb31
AL		 801 CPUBreakpoint *bp;
802
f0c3c505 803 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 804 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 805 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 806 return 0;
807 }
7d03f82f 808 }
a1d1bb31 809 return -ENOENT;
7d03f82f
EI		 810}
811
a1d1bb31 812/* Remove a specific breakpoint by reference. */
b3310ab3 813void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 814{
f0c3c505
AF		 815 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
816
817 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 818
7267c094 819 g_free(breakpoint);
a1d1bb31
AL		 820}
821
822/* Remove all matching breakpoints. */
b3310ab3 823void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 824{
c0ce998e 825 CPUBreakpoint *bp, *next;
a1d1bb31 826
f0c3c505 827 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 828 if (bp->flags & mask) {
829 cpu_breakpoint_remove_by_ref(cpu, bp);
830 }
c0ce998e 831 }
4c3a88a2
FB		 832}
833
c33a346e
FB		 834/* enable or disable single step mode. EXCP_DEBUG is returned by the
835 CPU loop after each instruction */
3825b28f 836void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 837{
ed2803da
AF		 838 if (cpu->singlestep_enabled != enabled) {
839 cpu->singlestep_enabled = enabled;
840 if (kvm_enabled()) {
38e478ec 841 kvm_update_guest_debug(cpu, 0);
ed2803da 842 } else {
ccbb4d44 843 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 844 /* XXX: only flush what is necessary */
bbd77c18 845 tb_flush(cpu);
e22a25c9 846 }
c33a346e 847 }
c33a346e
FB		 848}
849
a47dddd7 850void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 851{
852 va_list ap;
493ae1f0 853 va_list ap2;
7501267e
FB		 854
855 va_start(ap, fmt);
493ae1f0 856 va_copy(ap2, ap);
7501267e
FB		 857 fprintf(stderr, "qemu: fatal: ");
858 vfprintf(stderr, fmt, ap);
859 fprintf(stderr, "\n");
878096ee 860 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 861 if (qemu_log_separate()) {
93fcfe39
AL		 862 qemu_log("qemu: fatal: ");
863 qemu_log_vprintf(fmt, ap2);
864 qemu_log("\n");
a0762859 865 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 866 qemu_log_flush();
93fcfe39 867 qemu_log_close();
924edcae 868 }
493ae1f0 869 va_end(ap2);
f9373291 870 va_end(ap);
7615936e 871 replay_finish();
fd052bf6
RV		 872#if defined(CONFIG_USER_ONLY)
873 {
874 struct sigaction act;
875 sigfillset(&act.sa_mask);
876 act.sa_handler = SIG_DFL;
877 sigaction(SIGABRT, &act, NULL);
878 }
879#endif
7501267e
FB		 880 abort();
881}
882
0124311e 883#if !defined(CONFIG_USER_ONLY)
0dc3f44a 884/* Called from RCU critical section */
041603fe
PB		 885static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
886{
887 RAMBlock *block;
888
43771539 889 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 890 if (block && addr - block->offset < block->max_length) {
68851b98 891 return block;
041603fe 892 }
0dc3f44a 893 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 894 if (addr - block->offset < block->max_length) {
041603fe
PB		 895 goto found;
896 }
897 }
898
899 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
900 abort();
901
902found:
43771539
PB		 903 /* It is safe to write mru_block outside the iothread lock. This
904 * is what happens:
905 *
906 * mru_block = xxx
907 * rcu_read_unlock()
908 * xxx removed from list
909 * rcu_read_lock()
910 * read mru_block
911 * mru_block = NULL;
912 * call_rcu(reclaim_ramblock, xxx);
913 * rcu_read_unlock()
914 *
915 * atomic_rcu_set is not needed here. The block was already published
916 * when it was placed into the list. Here we're just making an extra
917 * copy of the pointer.
918 */
041603fe
PB		 919 ram_list.mru_block = block;
920 return block;
921}
922
a2f4d5be 923static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 924{
9a13565d 925 CPUState *cpu;
041603fe 926 ram_addr_t start1;
a2f4d5be
JQ		 927 RAMBlock *block;
928 ram_addr_t end;
929
930 end = TARGET_PAGE_ALIGN(start + length);
931 start &= TARGET_PAGE_MASK;
d24981d3 932
0dc3f44a 933 rcu_read_lock();
041603fe
PB		 934 block = qemu_get_ram_block(start);
935 assert(block == qemu_get_ram_block(end - 1));
1240be24 936 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 937 CPU_FOREACH(cpu) {
938 tlb_reset_dirty(cpu, start1, length);
939 }
0dc3f44a 940 rcu_read_unlock();
d24981d3
JQ		 941}
942
5579c7f3 943/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 944bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
945 ram_addr_t length,
946 unsigned client)
1ccde1cb 947{
03eebc9e
SH		 948 unsigned long end, page;
949 bool dirty;
950
951 if (length == 0) {
952 return false;
953 }
f23db169 954
03eebc9e
SH		 955 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
956 page = start >> TARGET_PAGE_BITS;
957 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
958 page, end - page);
959
960 if (dirty && tcg_enabled()) {
a2f4d5be 961 tlb_reset_dirty_range_all(start, length);
5579c7f3 962 }
03eebc9e
SH		 963
964 return dirty;
1ccde1cb
FB		 965}
966
79e2b9ae 967/* Called from RCU critical section */
bb0e627a 968hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 969 MemoryRegionSection *section,
970 target_ulong vaddr,
971 hwaddr paddr, hwaddr xlat,
972 int prot,
973 target_ulong *address)
e5548617 974{
a8170e5e 975 hwaddr iotlb;
e5548617
BS		 976 CPUWatchpoint *wp;
977
cc5bea60 978 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 979 /* Normal RAM. */
980 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 981 + xlat;
e5548617 982 if (!section->readonly) {
b41aac4f 983 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 984 } else {
b41aac4f 985 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 986 }
987 } else {
0b8e2c10
PM		 988 AddressSpaceDispatch *d;
989
990 d = atomic_rcu_read(&section->address_space->dispatch);
991 iotlb = section - d->map.sections;
149f54b5 992 iotlb += xlat;
e5548617
BS		 993 }
994
995 /* Make accesses to pages with watchpoints go via the
996 watchpoint trap routines. */
ff4700b0 997 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 998 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 999 /* Avoid trapping reads of pages with a write breakpoint. */
1000 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1001 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1002 *address |= TLB_MMIO;
1003 break;
1004 }
1005 }
1006 }
1007
1008 return iotlb;
1009}
9fa3e853
FB		 1010#endif /* defined(CONFIG_USER_ONLY) */
1011
e2eef170 1012#if !defined(CONFIG_USER_ONLY)
8da3ff18 1013
c227f099 1014static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1015 uint16_t section);
acc9d80b 1016static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1017
a2b257d6
IM		 1018static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1019 qemu_anon_ram_alloc;
91138037
MA		 1020
1021/*
1022 * Set a custom physical guest memory alloator.
1023 * Accelerators with unusual needs may need this. Hopefully, we can
1024 * get rid of it eventually.
1025 */
a2b257d6 1026void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1027{
1028 phys_mem_alloc = alloc;
1029}
1030
53cb28cb
MA		 1031static uint16_t phys_section_add(PhysPageMap *map,
1032 MemoryRegionSection *section)
5312bd8b 1033{
68f3f65b
PB		 1034 /* The physical section number is ORed with a page-aligned
1035 * pointer to produce the iotlb entries. Thus it should
1036 * never overflow into the page-aligned value.
1037 */
53cb28cb 1038 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1039
53cb28cb
MA		 1040 if (map->sections_nb == map->sections_nb_alloc) {
1041 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1042 map->sections = g_renew(MemoryRegionSection, map->sections,
1043 map->sections_nb_alloc);
5312bd8b 1044 }
53cb28cb 1045 map->sections[map->sections_nb] = *section;
dfde4e6e 1046 memory_region_ref(section->mr);
53cb28cb 1047 return map->sections_nb++;
5312bd8b
AK		 1048}
1049
058bc4b5
PB		 1050static void phys_section_destroy(MemoryRegion *mr)
1051{
55b4e80b
DS		 1052 bool have_sub_page = mr->subpage;
1053
dfde4e6e
PB		 1054 memory_region_unref(mr);
1055
55b4e80b 1056 if (have_sub_page) {
058bc4b5 1057 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1058 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1059 g_free(subpage);
1060 }
1061}
1062
6092666e 1063static void phys_sections_free(PhysPageMap *map)
5312bd8b 1064{
9affd6fc
PB		 1065 while (map->sections_nb > 0) {
1066 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1067 phys_section_destroy(section->mr);
1068 }
9affd6fc
PB		 1069 g_free(map->sections);
1070 g_free(map->nodes);
5312bd8b
AK		 1071}
1072
ac1970fb 1073static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1074{
1075 subpage_t *subpage;
a8170e5e 1076 hwaddr base = section->offset_within_address_space
0f0cb164 1077 & TARGET_PAGE_MASK;
97115a8d 1078 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1079 d->map.nodes, d->map.sections);
0f0cb164
AK		 1080 MemoryRegionSection subsection = {
1081 .offset_within_address_space = base,
052e87b0 1082 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1083 };
a8170e5e 1084 hwaddr start, end;
0f0cb164 1085
f3705d53 1086 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1087
f3705d53 1088 if (!(existing->mr->subpage)) {
acc9d80b 1089 subpage = subpage_init(d->as, base);
3be91e86 1090 subsection.address_space = d->as;
0f0cb164 1091 subsection.mr = &subpage->iomem;
ac1970fb 1092 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1093 phys_section_add(&d->map, &subsection));
0f0cb164 1094 } else {
f3705d53 1095 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1096 }
1097 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1098 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1099 subpage_register(subpage, start, end,
1100 phys_section_add(&d->map, section));
0f0cb164
AK		 1101}
1102
1103
052e87b0
PB		 1104static void register_multipage(AddressSpaceDispatch *d,
1105 MemoryRegionSection *section)
33417e70 1106{
a8170e5e 1107 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1108 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1109 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1110 TARGET_PAGE_BITS));
dd81124b 1111
733d5ef5
PB		 1112 assert(num_pages);
1113 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1114}
1115
ac1970fb 1116static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1117{
89ae337a 1118 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1119 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1120 MemoryRegionSection now = *section, remain = *section;
052e87b0 1121 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1122
733d5ef5
PB		 1123 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1124 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1125 - now.offset_within_address_space;
1126
052e87b0 1127 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1128 register_subpage(d, &now);
733d5ef5 1129 } else {
052e87b0 1130 now.size = int128_zero();
733d5ef5 1131 }
052e87b0
PB		 1132 while (int128_ne(remain.size, now.size)) {
1133 remain.size = int128_sub(remain.size, now.size);
1134 remain.offset_within_address_space += int128_get64(now.size);
1135 remain.offset_within_region += int128_get64(now.size);
69b67646 1136 now = remain;
052e87b0 1137 if (int128_lt(remain.size, page_size)) {
733d5ef5 1138 register_subpage(d, &now);
88266249 1139 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1140 now.size = page_size;
ac1970fb 1141 register_subpage(d, &now);
69b67646 1142 } else {
052e87b0 1143 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1144 register_multipage(d, &now);
69b67646 1145 }
0f0cb164
AK		 1146 }
1147}
1148
62a2744c
SY		 1149void qemu_flush_coalesced_mmio_buffer(void)
1150{
1151 if (kvm_enabled())
1152 kvm_flush_coalesced_mmio_buffer();
1153}
1154
b2a8658e
UD		 1155void qemu_mutex_lock_ramlist(void)
1156{
1157 qemu_mutex_lock(&ram_list.mutex);
1158}
1159
1160void qemu_mutex_unlock_ramlist(void)
1161{
1162 qemu_mutex_unlock(&ram_list.mutex);
1163}
1164
e1e84ba0 1165#ifdef __linux__
c902760f
MT		 1166
1167#include <sys/vfs.h>
1168
1169#define HUGETLBFS_MAGIC 0x958458f6
1170
fc7a5800 1171static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1172{
1173 struct statfs fs;
1174 int ret;
1175
1176 do {
9742bf26 1177 ret = statfs(path, &fs);
c902760f
MT		 1178 } while (ret != 0 && errno == EINTR);
1179
1180 if (ret != 0) {
fc7a5800
HT		 1181 error_setg_errno(errp, errno, "failed to get page size of file %s",
1182 path);
9742bf26 1183 return 0;
c902760f
MT		 1184 }
1185
c902760f
MT		 1186 return fs.f_bsize;
1187}
1188
04b16653
AW		 1189static void *file_ram_alloc(RAMBlock *block,
1190 ram_addr_t memory,
7f56e740
PB		 1191 const char *path,
1192 Error **errp)
c902760f 1193{
8d31d6b6 1194 struct stat st;
c902760f 1195 char *filename;
8ca761f6
PF		 1196 char *sanitized_name;
1197 char *c;
794e8f30 1198 void *area;
c902760f 1199 int fd;
557529dd 1200 uint64_t hpagesize;
fc7a5800 1201 Error *local_err = NULL;
c902760f 1202
fc7a5800
HT		 1203 hpagesize = gethugepagesize(path, &local_err);
1204 if (local_err) {
1205 error_propagate(errp, local_err);
f9a49dfa 1206 goto error;
c902760f 1207 }
a2b257d6 1208 block->mr->align = hpagesize;
c902760f
MT		 1209
1210 if (memory < hpagesize) {
557529dd
HT		 1211 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1212 "or larger than huge page size 0x%" PRIx64,
1213 memory, hpagesize);
1214 goto error;
c902760f
MT		 1215 }
1216
1217 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1218 error_setg(errp,
1219 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1220 goto error;
c902760f
MT		 1221 }
1222
8d31d6b6
PF		 1223 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1224 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1225 sanitized_name = g_strdup(memory_region_name(block->mr));
1226 for (c = sanitized_name; *c != '\0'; c++) {
1227 if (*c == '/') {
1228 *c = '_';
1229 }
1230 }
8ca761f6 1231
8d31d6b6
PF		 1232 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1233 sanitized_name);
1234 g_free(sanitized_name);
1235
1236 fd = mkstemp(filename);
1237 if (fd >= 0) {
1238 unlink(filename);
1239 }
1240 g_free(filename);
1241 } else {
1242 fd = open(path, O_RDWR | O_CREAT, 0644);
1243 }
c902760f 1244
c902760f 1245 if (fd < 0) {
7f56e740
PB		 1246 error_setg_errno(errp, errno,
1247 "unable to create backing store for hugepages");
f9a49dfa 1248 goto error;
c902760f 1249 }
c902760f 1250
9284f319 1251 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1252
1253 /*
1254 * ftruncate is not supported by hugetlbfs in older
1255 * hosts, so don't bother bailing out on errors.
1256 * If anything goes wrong with it under other filesystems,
1257 * mmap will fail.
1258 */
7f56e740 1259 if (ftruncate(fd, memory)) {
9742bf26 1260 perror("ftruncate");
7f56e740 1261 }
c902760f 1262
794e8f30 1263 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1264 if (area == MAP_FAILED) {
7f56e740
PB		 1265 error_setg_errno(errp, errno,
1266 "unable to map backing store for hugepages");
9742bf26 1267 close(fd);
f9a49dfa 1268 goto error;
c902760f 1269 }
ef36fa14
MT		 1270
1271 if (mem_prealloc) {
38183310 1272 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1273 }
1274
04b16653 1275 block->fd = fd;
c902760f 1276 return area;
f9a49dfa
MT		 1277
1278error:
f9a49dfa 1279 return NULL;
c902760f
MT		 1280}
1281#endif
1282
0dc3f44a 1283/* Called with the ramlist lock held. */
d17b5288 1284static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1285{
1286 RAMBlock *block, *next_block;
3e837b2c 1287 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1288
49cd9ac6
SH		 1289 assert(size != 0); /* it would hand out same offset multiple times */
1290
0dc3f44a 1291 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1292 return 0;
0d53d9fe 1293 }
04b16653 1294
0dc3f44a 1295 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1296 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1297
62be4e3a 1298 end = block->offset + block->max_length;
04b16653 1299
0dc3f44a 1300 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1301 if (next_block->offset >= end) {
1302 next = MIN(next, next_block->offset);
1303 }
1304 }
1305 if (next - end >= size && next - end < mingap) {
3e837b2c 1306 offset = end;
04b16653
AW		 1307 mingap = next - end;
1308 }
1309 }
3e837b2c
AW		 1310
1311 if (offset == RAM_ADDR_MAX) {
1312 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1313 (uint64_t)size);
1314 abort();
1315 }
1316
04b16653
AW		 1317 return offset;
1318}
1319
652d7ec2 1320ram_addr_t last_ram_offset(void)
d17b5288
AW		 1321{
1322 RAMBlock *block;
1323 ram_addr_t last = 0;
1324
0dc3f44a
MD		 1325 rcu_read_lock();
1326 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1327 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1328 }
0dc3f44a 1329 rcu_read_unlock();
d17b5288
AW		 1330 return last;
1331}
1332
ddb97f1d
JB		 1333static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1334{
1335 int ret;
ddb97f1d
JB		 1336
1337 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1338 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1339 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1340 if (ret) {
1341 perror("qemu_madvise");
1342 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1343 "but dump_guest_core=off specified\n");
1344 }
1345 }
1346}
1347
0dc3f44a
MD		 1348/* Called within an RCU critical section, or while the ramlist lock
1349 * is held.
1350 */
20cfe881 1351static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1352{
20cfe881 1353 RAMBlock *block;
84b89d78 1354
0dc3f44a 1355 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1356 if (block->offset == addr) {
20cfe881 1357 return block;
c5705a77
AK		 1358 }
1359 }
20cfe881
HT		 1360
1361 return NULL;
1362}
1363
422148d3
DDAG		 1364const char *qemu_ram_get_idstr(RAMBlock *rb)
1365{
1366 return rb->idstr;
1367}
1368
ae3a7047 1369/* Called with iothread lock held. */
20cfe881
HT		 1370void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1371{
ae3a7047 1372 RAMBlock *new_block, *block;
20cfe881 1373
0dc3f44a 1374 rcu_read_lock();
ae3a7047 1375 new_block = find_ram_block(addr);
c5705a77
AK		 1376 assert(new_block);
1377 assert(!new_block->idstr[0]);
84b89d78 1378
09e5ab63
AL		 1379 if (dev) {
1380 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1381 if (id) {
1382 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1383 g_free(id);
84b89d78
CM		 1384 }
1385 }
1386 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1387
0dc3f44a 1388 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1389 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1390 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1391 new_block->idstr);
1392 abort();
1393 }
1394 }
0dc3f44a 1395 rcu_read_unlock();
c5705a77
AK		 1396}
1397
ae3a7047 1398/* Called with iothread lock held. */
20cfe881
HT		 1399void qemu_ram_unset_idstr(ram_addr_t addr)
1400{
ae3a7047 1401 RAMBlock *block;
20cfe881 1402
ae3a7047
MD		 1403 /* FIXME: arch_init.c assumes that this is not called throughout
1404 * migration. Ignore the problem since hot-unplug during migration
1405 * does not work anyway.
1406 */
1407
0dc3f44a 1408 rcu_read_lock();
ae3a7047 1409 block = find_ram_block(addr);
20cfe881
HT		 1410 if (block) {
1411 memset(block->idstr, 0, sizeof(block->idstr));
1412 }
0dc3f44a 1413 rcu_read_unlock();
20cfe881
HT		 1414}
1415
8490fc78
LC		 1416static int memory_try_enable_merging(void *addr, size_t len)
1417{
75cc7f01 1418 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1419 /* disabled by the user */
1420 return 0;
1421 }
1422
1423 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1424}
1425
62be4e3a
MT		 1426/* Only legal before guest might have detected the memory size: e.g. on
1427 * incoming migration, or right after reset.
1428 *
1429 * As memory core doesn't know how is memory accessed, it is up to
1430 * resize callback to update device state and/or add assertions to detect
1431 * misuse, if necessary.
1432 */
1433int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1434{
1435 RAMBlock *block = find_ram_block(base);
1436
1437 assert(block);
1438
4ed023ce 1439 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1440
62be4e3a
MT		 1441 if (block->used_length == newsize) {
1442 return 0;
1443 }
1444
1445 if (!(block->flags & RAM_RESIZEABLE)) {
1446 error_setg_errno(errp, EINVAL,
1447 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1448 " in != 0x" RAM_ADDR_FMT, block->idstr,
1449 newsize, block->used_length);
1450 return -EINVAL;
1451 }
1452
1453 if (block->max_length < newsize) {
1454 error_setg_errno(errp, EINVAL,
1455 "Length too large: %s: 0x" RAM_ADDR_FMT
1456 " > 0x" RAM_ADDR_FMT, block->idstr,
1457 newsize, block->max_length);
1458 return -EINVAL;
1459 }
1460
1461 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1462 block->used_length = newsize;
58d2707e
PB		 1463 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1464 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1465 memory_region_set_size(block->mr, newsize);
1466 if (block->resized) {
1467 block->resized(block->idstr, newsize, block->host);
1468 }
1469 return 0;
1470}
1471
ef701d7b 1472static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1473{
e1c57ab8 1474 RAMBlock *block;
0d53d9fe 1475 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1476 ram_addr_t old_ram_size, new_ram_size;
1477
1478 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1479
b2a8658e 1480 qemu_mutex_lock_ramlist();
9b8424d5 1481 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1482
1483 if (!new_block->host) {
1484 if (xen_enabled()) {
9b8424d5
MT		 1485 xen_ram_alloc(new_block->offset, new_block->max_length,
1486 new_block->mr);
e1c57ab8 1487 } else {
9b8424d5 1488 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1489 &new_block->mr->align);
39228250 1490 if (!new_block->host) {
ef701d7b
HT		 1491 error_setg_errno(errp, errno,
1492 "cannot set up guest memory '%s'",
1493 memory_region_name(new_block->mr));
1494 qemu_mutex_unlock_ramlist();
1495 return -1;
39228250 1496 }
9b8424d5 1497 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1498 }
c902760f 1499 }
94a6b54f 1500
dd631697
LZ		 1501 new_ram_size = MAX(old_ram_size,
1502 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1503 if (new_ram_size > old_ram_size) {
1504 migration_bitmap_extend(old_ram_size, new_ram_size);
1505 }
0d53d9fe
MD		 1506 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1507 * QLIST (which has an RCU-friendly variant) does not have insertion at
1508 * tail, so save the last element in last_block.
1509 */
0dc3f44a 1510 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1511 last_block = block;
9b8424d5 1512 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1513 break;
1514 }
1515 }
1516 if (block) {
0dc3f44a 1517 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1518 } else if (last_block) {
0dc3f44a 1519 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1520 } else { /* list is empty */
0dc3f44a 1521 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1522 }
0d6d3c87 1523 ram_list.mru_block = NULL;
94a6b54f 1524
0dc3f44a
MD		 1525 /* Write list before version */
1526 smp_wmb();
f798b07f 1527 ram_list.version++;
b2a8658e 1528 qemu_mutex_unlock_ramlist();
f798b07f 1529
2152f5ca
JQ		 1530 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1531
1532 if (new_ram_size > old_ram_size) {
1ab4c8ce 1533 int i;
ae3a7047
MD		 1534
1535 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1536 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1537 ram_list.dirty_memory[i] =
1538 bitmap_zero_extend(ram_list.dirty_memory[i],
1539 old_ram_size, new_ram_size);
1540 }
2152f5ca 1541 }
9b8424d5 1542 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1543 new_block->used_length,
1544 DIRTY_CLIENTS_ALL);
94a6b54f 1545
a904c911
PB		 1546 if (new_block->host) {
1547 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1548 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1549 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1550 if (kvm_enabled()) {
1551 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1552 }
e1c57ab8 1553 }
6f0437e8 1554
94a6b54f
PB		 1555 return new_block->offset;
1556}
e9a1ab19 1557
0b183fc8 1558#ifdef __linux__
e1c57ab8 1559ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1560 bool share, const char *mem_path,
7f56e740 1561 Error **errp)
e1c57ab8
PB		 1562{
1563 RAMBlock *new_block;
ef701d7b
HT		 1564 ram_addr_t addr;
1565 Error *local_err = NULL;
e1c57ab8
PB		 1566
1567 if (xen_enabled()) {
7f56e740
PB		 1568 error_setg(errp, "-mem-path not supported with Xen");
1569 return -1;
e1c57ab8
PB		 1570 }
1571
1572 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1573 /*
1574 * file_ram_alloc() needs to allocate just like
1575 * phys_mem_alloc, but we haven't bothered to provide
1576 * a hook there.
1577 */
7f56e740
PB		 1578 error_setg(errp,
1579 "-mem-path not supported with this accelerator");
1580 return -1;
e1c57ab8
PB		 1581 }
1582
4ed023ce 1583 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1584 new_block = g_malloc0(sizeof(*new_block));
1585 new_block->mr = mr;
9b8424d5
MT		 1586 new_block->used_length = size;
1587 new_block->max_length = size;
dbcb8981 1588 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1589 new_block->host = file_ram_alloc(new_block, size,
1590 mem_path, errp);
1591 if (!new_block->host) {
1592 g_free(new_block);
1593 return -1;
1594 }
1595
ef701d7b
HT		 1596 addr = ram_block_add(new_block, &local_err);
1597 if (local_err) {
1598 g_free(new_block);
1599 error_propagate(errp, local_err);
1600 return -1;
1601 }
1602 return addr;
e1c57ab8 1603}
0b183fc8 1604#endif
e1c57ab8 1605
62be4e3a
MT		 1606static
1607ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1608 void (*resized)(const char*,
1609 uint64_t length,
1610 void *host),
1611 void *host, bool resizeable,
ef701d7b 1612 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1613{
1614 RAMBlock *new_block;
ef701d7b
HT		 1615 ram_addr_t addr;
1616 Error *local_err = NULL;
e1c57ab8 1617
4ed023ce
DDAG		 1618 size = HOST_PAGE_ALIGN(size);
1619 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1620 new_block = g_malloc0(sizeof(*new_block));
1621 new_block->mr = mr;
62be4e3a 1622 new_block->resized = resized;
9b8424d5
MT		 1623 new_block->used_length = size;
1624 new_block->max_length = max_size;
62be4e3a 1625 assert(max_size >= size);
e1c57ab8
PB		 1626 new_block->fd = -1;
1627 new_block->host = host;
1628 if (host) {
7bd4f430 1629 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1630 }
62be4e3a
MT		 1631 if (resizeable) {
1632 new_block->flags |= RAM_RESIZEABLE;
1633 }
ef701d7b
HT		 1634 addr = ram_block_add(new_block, &local_err);
1635 if (local_err) {
1636 g_free(new_block);
1637 error_propagate(errp, local_err);
1638 return -1;
1639 }
1640 return addr;
e1c57ab8
PB		 1641}
1642
62be4e3a
MT		 1643ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1644 MemoryRegion *mr, Error **errp)
1645{
1646 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1647}
1648
ef701d7b 1649ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1650{
62be4e3a
MT		 1651 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1652}
1653
1654ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1655 void (*resized)(const char*,
1656 uint64_t length,
1657 void *host),
1658 MemoryRegion *mr, Error **errp)
1659{
1660 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1661}
1662
43771539
PB		 1663static void reclaim_ramblock(RAMBlock *block)
1664{
1665 if (block->flags & RAM_PREALLOC) {
1666 ;
1667 } else if (xen_enabled()) {
1668 xen_invalidate_map_cache_entry(block->host);
1669#ifndef _WIN32
1670 } else if (block->fd >= 0) {
2f3a2bb1 1671 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1672 close(block->fd);
1673#endif
1674 } else {
1675 qemu_anon_ram_free(block->host, block->max_length);
1676 }
1677 g_free(block);
1678}
1679
c227f099 1680void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1681{
04b16653
AW		 1682 RAMBlock *block;
1683
b2a8658e 1684 qemu_mutex_lock_ramlist();
0dc3f44a 1685 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1686 if (addr == block->offset) {
0dc3f44a 1687 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1688 ram_list.mru_block = NULL;
0dc3f44a
MD		 1689 /* Write list before version */
1690 smp_wmb();
f798b07f 1691 ram_list.version++;
43771539 1692 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1693 break;
04b16653
AW		 1694 }
1695 }
b2a8658e 1696 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1697}
1698
cd19cfa2
HY		 1699#ifndef _WIN32
1700void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1701{
1702 RAMBlock *block;
1703 ram_addr_t offset;
1704 int flags;
1705 void *area, *vaddr;
1706
0dc3f44a 1707 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1708 offset = addr - block->offset;
9b8424d5 1709 if (offset < block->max_length) {
1240be24 1710 vaddr = ramblock_ptr(block, offset);
7bd4f430 1711 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1712 ;
dfeaf2ab
MA		 1713 } else if (xen_enabled()) {
1714 abort();
cd19cfa2
HY		 1715 } else {
1716 flags = MAP_FIXED;
3435f395 1717 if (block->fd >= 0) {
dbcb8981
PB		 1718 flags |= (block->flags & RAM_SHARED ?
1719 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1720 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1721 flags, block->fd, offset);
cd19cfa2 1722 } else {
2eb9fbaa
MA		 1723 /*
1724 * Remap needs to match alloc. Accelerators that
1725 * set phys_mem_alloc never remap. If they did,
1726 * we'd need a remap hook here.
1727 */
1728 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1729
cd19cfa2
HY		 1730 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1731 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1732 flags, -1, 0);
cd19cfa2
HY		 1733 }
1734 if (area != vaddr) {
f15fbc4b
AP		 1735 fprintf(stderr, "Could not remap addr: "
1736 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1737 length, addr);
1738 exit(1);
1739 }
8490fc78 1740 memory_try_enable_merging(vaddr, length);
ddb97f1d 1741 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1742 }
cd19cfa2
HY		 1743 }
1744 }
1745}
1746#endif /* !_WIN32 */
1747
a35ba7be
PB		 1748int qemu_get_ram_fd(ram_addr_t addr)
1749{
ae3a7047
MD		 1750 RAMBlock *block;
1751 int fd;
a35ba7be 1752
0dc3f44a 1753 rcu_read_lock();
ae3a7047
MD		 1754 block = qemu_get_ram_block(addr);
1755 fd = block->fd;
0dc3f44a 1756 rcu_read_unlock();
ae3a7047 1757 return fd;
a35ba7be
PB		 1758}
1759
56a571d9
TM		 1760void qemu_set_ram_fd(ram_addr_t addr, int fd)
1761{
1762 RAMBlock *block;
1763
1764 rcu_read_lock();
1765 block = qemu_get_ram_block(addr);
1766 block->fd = fd;
1767 rcu_read_unlock();
1768}
1769
3fd74b84
DM		 1770void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1771{
ae3a7047
MD		 1772 RAMBlock *block;
1773 void *ptr;
3fd74b84 1774
0dc3f44a 1775 rcu_read_lock();
ae3a7047
MD		 1776 block = qemu_get_ram_block(addr);
1777 ptr = ramblock_ptr(block, 0);
0dc3f44a 1778 rcu_read_unlock();
ae3a7047 1779 return ptr;
3fd74b84
DM		 1780}
1781
1b5ec234 1782/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1783 * This should not be used for general purpose DMA. Use address_space_map
1784 * or address_space_rw instead. For local memory (e.g. video ram) that the
1785 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1786 *
49b24afc 1787 * Called within RCU critical section.
1b5ec234
PB		 1788 */
1789void *qemu_get_ram_ptr(ram_addr_t addr)
1790{
49b24afc 1791 RAMBlock *block = qemu_get_ram_block(addr);
ae3a7047
MD		 1792
1793 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1794 /* We need to check if the requested address is in the RAM
1795 * because we don't want to map the entire memory in QEMU.
1796 * In that case just map until the end of the page.
1797 */
1798 if (block->offset == 0) {
49b24afc 1799 return xen_map_cache(addr, 0, 0);
0d6d3c87 1800 }
ae3a7047
MD		 1801
1802 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1803 }
49b24afc 1804 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1805}
1806
38bee5dc 1807/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1808 * but takes a size argument.
0dc3f44a 1809 *
e81bcda5 1810 * Called within RCU critical section.
ae3a7047 1811 */
cb85f7ab 1812static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1813{
e81bcda5
PB		 1814 RAMBlock *block;
1815 ram_addr_t offset_inside_block;
8ab934f9
SS		 1816 if (*size == 0) {
1817 return NULL;
1818 }
e81bcda5
PB		 1819
1820 block = qemu_get_ram_block(addr);
1821 offset_inside_block = addr - block->offset;
1822 *size = MIN(*size, block->max_length - offset_inside_block);
1823
1824 if (xen_enabled() && block->host == NULL) {
1825 /* We need to check if the requested address is in the RAM
1826 * because we don't want to map the entire memory in QEMU.
1827 * In that case just map the requested area.
1828 */
1829 if (block->offset == 0) {
1830 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1831 }
1832
e81bcda5 1833 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1834 }
e81bcda5
PB		 1835
1836 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1837}
1838
422148d3
DDAG		 1839/*
1840 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1841 * in that RAMBlock.
1842 *
1843 * ptr: Host pointer to look up
1844 * round_offset: If true round the result offset down to a page boundary
1845 * *ram_addr: set to result ram_addr
1846 * *offset: set to result offset within the RAMBlock
1847 *
1848 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1849 *
1850 * By the time this function returns, the returned pointer is not protected
1851 * by RCU anymore. If the caller is not within an RCU critical section and
1852 * does not hold the iothread lock, it must have other means of protecting the
1853 * pointer, such as a reference to the region that includes the incoming
1854 * ram_addr_t.
1855 */
422148d3
DDAG		 1856RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1857 ram_addr_t *ram_addr,
1858 ram_addr_t *offset)
5579c7f3 1859{
94a6b54f
PB		 1860 RAMBlock *block;
1861 uint8_t *host = ptr;
1862
868bb33f 1863 if (xen_enabled()) {
0dc3f44a 1864 rcu_read_lock();
e41d7c69 1865 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1866 block = qemu_get_ram_block(*ram_addr);
1867 if (block) {
1868 *offset = (host - block->host);
1869 }
0dc3f44a 1870 rcu_read_unlock();
422148d3 1871 return block;
712c2b41
SS		 1872 }
1873
0dc3f44a
MD		 1874 rcu_read_lock();
1875 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1876 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1877 goto found;
1878 }
1879
0dc3f44a 1880 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1881 /* This case append when the block is not mapped. */
1882 if (block->host == NULL) {
1883 continue;
1884 }
9b8424d5 1885 if (host - block->host < block->max_length) {
23887b79 1886 goto found;
f471a17e 1887 }
94a6b54f 1888 }
432d268c 1889
0dc3f44a 1890 rcu_read_unlock();
1b5ec234 1891 return NULL;
23887b79
PB		 1892
1893found:
422148d3
DDAG		 1894 *offset = (host - block->host);
1895 if (round_offset) {
1896 *offset &= TARGET_PAGE_MASK;
1897 }
1898 *ram_addr = block->offset + *offset;
0dc3f44a 1899 rcu_read_unlock();
422148d3
DDAG		 1900 return block;
1901}
1902
e3dd7493
DDAG		 1903/*
1904 * Finds the named RAMBlock
1905 *
1906 * name: The name of RAMBlock to find
1907 *
1908 * Returns: RAMBlock (or NULL if not found)
1909 */
1910RAMBlock *qemu_ram_block_by_name(const char *name)
1911{
1912 RAMBlock *block;
1913
1914 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1915 if (!strcmp(name, block->idstr)) {
1916 return block;
1917 }
1918 }
1919
1920 return NULL;
1921}
1922
422148d3
DDAG		 1923/* Some of the softmmu routines need to translate from a host pointer
1924 (typically a TLB entry) back to a ram offset. */
1925MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1926{
1927 RAMBlock *block;
1928 ram_addr_t offset; /* Not used */
1929
1930 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1931
1932 if (!block) {
1933 return NULL;
1934 }
1935
1936 return block->mr;
e890261f 1937}
f471a17e 1938
49b24afc 1939/* Called within RCU critical section. */
a8170e5e 1940static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1941 uint64_t val, unsigned size)
9fa3e853 1942{
52159192 1943 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1944 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1945 }
0e0df1e2
AK		 1946 switch (size) {
1947 case 1:
1948 stb_p(qemu_get_ram_ptr(ram_addr), val);
1949 break;
1950 case 2:
1951 stw_p(qemu_get_ram_ptr(ram_addr), val);
1952 break;
1953 case 4:
1954 stl_p(qemu_get_ram_ptr(ram_addr), val);
1955 break;
1956 default:
1957 abort();
3a7d929e 1958 }
58d2707e
PB		 1959 /* Set both VGA and migration bits for simplicity and to remove
1960 * the notdirty callback faster.
1961 */
1962 cpu_physical_memory_set_dirty_range(ram_addr, size,
1963 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1964 /* we remove the notdirty callback only if the code has been
1965 flushed */
a2cd8c85 1966 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1967 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1968 }
9fa3e853
FB		 1969}
1970
b018ddf6
PB		 1971static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1972 unsigned size, bool is_write)
1973{
1974 return is_write;
1975}
1976
0e0df1e2 1977static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1978 .write = notdirty_mem_write,
b018ddf6 1979 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1980 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1981};
1982
0f459d16 1983/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1984static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1985{
93afeade
AF		 1986 CPUState *cpu = current_cpu;
1987 CPUArchState *env = cpu->env_ptr;
06d55cc1 1988 target_ulong pc, cs_base;
0f459d16 1989 target_ulong vaddr;
a1d1bb31 1990 CPUWatchpoint *wp;
06d55cc1 1991 int cpu_flags;
0f459d16 1992
ff4700b0 1993 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1994 /* We re-entered the check after replacing the TB. Now raise
1995 * the debug interrupt so that is will trigger after the
1996 * current instruction. */
93afeade 1997 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1998 return;
1999 }
93afeade 2000 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2001 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2002 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2003 && (wp->flags & flags)) {
08225676
PM		 2004 if (flags == BP_MEM_READ) {
2005 wp->flags |= BP_WATCHPOINT_HIT_READ;
2006 } else {
2007 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2008 }
2009 wp->hitaddr = vaddr;
66b9b43c 2010 wp->hitattrs = attrs;
ff4700b0
AF		 2011 if (!cpu->watchpoint_hit) {
2012 cpu->watchpoint_hit = wp;
239c51a5 2013 tb_check_watchpoint(cpu);
6e140f28 2014 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2015 cpu->exception_index = EXCP_DEBUG;
5638d180 2016 cpu_loop_exit(cpu);
6e140f28
AL		 2017 } else {
2018 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2019 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2020 cpu_resume_from_signal(cpu, NULL);
6e140f28 2021 }
06d55cc1 2022 }
6e140f28
AL		 2023 } else {
2024 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2025 }
2026 }
2027}
2028
6658ffb8
PB		 2029/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2030 so these check for a hit then pass through to the normal out-of-line
2031 phys routines. */
66b9b43c
PM		 2032static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2033 unsigned size, MemTxAttrs attrs)
6658ffb8 2034{
66b9b43c
PM		 2035 MemTxResult res;
2036 uint64_t data;
2037
2038 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2039 switch (size) {
66b9b43c
PM		 2040 case 1:
2041 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2042 break;
2043 case 2:
2044 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2045 break;
2046 case 4:
2047 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2048 break;
1ec9b909
AK		 2049 default: abort();
2050 }
66b9b43c
PM		 2051 *pdata = data;
2052 return res;
6658ffb8
PB		 2053}
2054
66b9b43c
PM		 2055static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2056 uint64_t val, unsigned size,
2057 MemTxAttrs attrs)
6658ffb8 2058{
66b9b43c
PM		 2059 MemTxResult res;
2060
2061 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2062 switch (size) {
67364150 2063 case 1:
66b9b43c 2064 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2065 break;
2066 case 2:
66b9b43c 2067 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2068 break;
2069 case 4:
66b9b43c 2070 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2071 break;
1ec9b909
AK		 2072 default: abort();
2073 }
66b9b43c 2074 return res;
6658ffb8
PB		 2075}
2076
1ec9b909 2077static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2078 .read_with_attrs = watch_mem_read,
2079 .write_with_attrs = watch_mem_write,
1ec9b909 2080 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2081};
6658ffb8 2082
f25a49e0
PM		 2083static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2084 unsigned len, MemTxAttrs attrs)
db7b5426 2085{
acc9d80b 2086 subpage_t *subpage = opaque;
ff6cff75 2087 uint8_t buf[8];
5c9eb028 2088 MemTxResult res;
791af8c8 2089
db7b5426 2090#if defined(DEBUG_SUBPAGE)
016e9d62 2091 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2092 subpage, len, addr);
db7b5426 2093#endif
5c9eb028
PM		 2094 res = address_space_read(subpage->as, addr + subpage->base,
2095 attrs, buf, len);
2096 if (res) {
2097 return res;
f25a49e0 2098 }
acc9d80b
JK		 2099 switch (len) {
2100 case 1:
f25a49e0
PM		 2101 *data = ldub_p(buf);
2102 return MEMTX_OK;
acc9d80b 2103 case 2:
f25a49e0
PM		 2104 *data = lduw_p(buf);
2105 return MEMTX_OK;
acc9d80b 2106 case 4:
f25a49e0
PM		 2107 *data = ldl_p(buf);
2108 return MEMTX_OK;
ff6cff75 2109 case 8:
f25a49e0
PM		 2110 *data = ldq_p(buf);
2111 return MEMTX_OK;
acc9d80b
JK		 2112 default:
2113 abort();
2114 }
db7b5426
BS		 2115}
2116
f25a49e0
PM		 2117static MemTxResult subpage_write(void *opaque, hwaddr addr,
2118 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2119{
acc9d80b 2120 subpage_t *subpage = opaque;
ff6cff75 2121 uint8_t buf[8];
acc9d80b 2122
db7b5426 2123#if defined(DEBUG_SUBPAGE)
016e9d62 2124 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2125 " value %"PRIx64"\n",
2126 __func__, subpage, len, addr, value);
db7b5426 2127#endif
acc9d80b
JK		 2128 switch (len) {
2129 case 1:
2130 stb_p(buf, value);
2131 break;
2132 case 2:
2133 stw_p(buf, value);
2134 break;
2135 case 4:
2136 stl_p(buf, value);
2137 break;
ff6cff75
PB		 2138 case 8:
2139 stq_p(buf, value);
2140 break;
acc9d80b
JK		 2141 default:
2142 abort();
2143 }
5c9eb028
PM		 2144 return address_space_write(subpage->as, addr + subpage->base,
2145 attrs, buf, len);
db7b5426
BS		 2146}
2147
c353e4cc 2148static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2149 unsigned len, bool is_write)
c353e4cc 2150{
acc9d80b 2151 subpage_t *subpage = opaque;
c353e4cc 2152#if defined(DEBUG_SUBPAGE)
016e9d62 2153 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2154 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2155#endif
2156
acc9d80b 2157 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2158 len, is_write);
c353e4cc
PB		 2159}
2160
70c68e44 2161static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2162 .read_with_attrs = subpage_read,
2163 .write_with_attrs = subpage_write,
ff6cff75
PB		 2164 .impl.min_access_size = 1,
2165 .impl.max_access_size = 8,
2166 .valid.min_access_size = 1,
2167 .valid.max_access_size = 8,
c353e4cc 2168 .valid.accepts = subpage_accepts,
70c68e44 2169 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2170};
2171
c227f099 2172static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2173 uint16_t section)
db7b5426
BS		 2174{
2175 int idx, eidx;
2176
2177 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2178 return -1;
2179 idx = SUBPAGE_IDX(start);
2180 eidx = SUBPAGE_IDX(end);
2181#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2182 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2183 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2184#endif
db7b5426 2185 for (; idx <= eidx; idx++) {
5312bd8b 2186 mmio->sub_section[idx] = section;
db7b5426
BS		 2187 }
2188
2189 return 0;
2190}
2191
acc9d80b 2192static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2193{
c227f099 2194 subpage_t *mmio;
db7b5426 2195
7267c094 2196 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2197
acc9d80b 2198 mmio->as = as;
1eec614b 2199 mmio->base = base;
2c9b15ca 2200 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2201 NULL, TARGET_PAGE_SIZE);
b3b00c78 2202 mmio->iomem.subpage = true;
db7b5426 2203#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2204 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2205 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2206#endif
b41aac4f 2207 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2208
2209 return mmio;
2210}
2211
a656e22f
PC		 2212static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2213 MemoryRegion *mr)
5312bd8b 2214{
a656e22f 2215 assert(as);
5312bd8b 2216 MemoryRegionSection section = {
a656e22f 2217 .address_space = as,
5312bd8b
AK		 2218 .mr = mr,
2219 .offset_within_address_space = 0,
2220 .offset_within_region = 0,
052e87b0 2221 .size = int128_2_64(),
5312bd8b
AK		 2222 };
2223
53cb28cb 2224 return phys_section_add(map, &section);
5312bd8b
AK		 2225}
2226
9d82b5a7 2227MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2228{
32857f4d
PM		 2229 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2230 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2231 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2232
2233 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2234}
2235
e9179ce1
AK		 2236static void io_mem_init(void)
2237{
1f6245e5 2238 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2239 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2240 NULL, UINT64_MAX);
2c9b15ca 2241 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2242 NULL, UINT64_MAX);
2c9b15ca 2243 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2244 NULL, UINT64_MAX);
e9179ce1
AK		 2245}
2246
ac1970fb 2247static void mem_begin(MemoryListener *listener)
00752703
PB		 2248{
2249 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2250 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2251 uint16_t n;
2252
a656e22f 2253 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2254 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2255 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2256 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2257 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2258 assert(n == PHYS_SECTION_ROM);
a656e22f 2259 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2260 assert(n == PHYS_SECTION_WATCH);
00752703 2261
9736e55b 2262 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2263 d->as = as;
2264 as->next_dispatch = d;
2265}
2266
79e2b9ae
PB		 2267static void address_space_dispatch_free(AddressSpaceDispatch *d)
2268{
2269 phys_sections_free(&d->map);
2270 g_free(d);
2271}
2272
00752703 2273static void mem_commit(MemoryListener *listener)
ac1970fb 2274{
89ae337a 2275 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2276 AddressSpaceDispatch *cur = as->dispatch;
2277 AddressSpaceDispatch *next = as->next_dispatch;
2278
53cb28cb 2279 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2280
79e2b9ae 2281 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2282 if (cur) {
79e2b9ae 2283 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2284 }
9affd6fc
PB		 2285}
2286
1d71148e 2287static void tcg_commit(MemoryListener *listener)
50c1e149 2288{
32857f4d
PM		 2289 CPUAddressSpace *cpuas;
2290 AddressSpaceDispatch *d;
117712c3
AK		 2291
2292 /* since each CPU stores ram addresses in its TLB cache, we must
2293 reset the modified entries */
32857f4d
PM		 2294 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2295 cpu_reloading_memory_map();
2296 /* The CPU and TLB are protected by the iothread lock.
2297 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2298 * may have split the RCU critical section.
2299 */
2300 d = atomic_rcu_read(&cpuas->as->dispatch);
2301 cpuas->memory_dispatch = d;
2302 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2303}
2304
ac1970fb
AK		 2305void address_space_init_dispatch(AddressSpace *as)
2306{
00752703 2307 as->dispatch = NULL;
89ae337a 2308 as->dispatch_listener = (MemoryListener) {
ac1970fb 2309 .begin = mem_begin,
00752703 2310 .commit = mem_commit,
ac1970fb
AK		 2311 .region_add = mem_add,
2312 .region_nop = mem_add,
2313 .priority = 0,
2314 };
89ae337a 2315 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2316}
2317
6e48e8f9
PB		 2318void address_space_unregister(AddressSpace *as)
2319{
2320 memory_listener_unregister(&as->dispatch_listener);
2321}
2322
83f3c251
AK		 2323void address_space_destroy_dispatch(AddressSpace *as)
2324{
2325 AddressSpaceDispatch *d = as->dispatch;
2326
79e2b9ae
PB		 2327 atomic_rcu_set(&as->dispatch, NULL);
2328 if (d) {
2329 call_rcu(d, address_space_dispatch_free, rcu);
2330 }
83f3c251
AK		 2331}
2332
62152b8a
AK		 2333static void memory_map_init(void)
2334{
7267c094 2335 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2336
57271d63 2337 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2338 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2339
7267c094 2340 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2341 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2342 65536);
7dca8043 2343 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2344}
2345
2346MemoryRegion *get_system_memory(void)
2347{
2348 return system_memory;
2349}
2350
309cb471
AK		 2351MemoryRegion *get_system_io(void)
2352{
2353 return system_io;
2354}
2355
e2eef170
PB		 2356#endif /* !defined(CONFIG_USER_ONLY) */
2357
13eb76e0
FB		 2358/* physical memory access (slow version, mainly for debug) */
2359#if defined(CONFIG_USER_ONLY)
f17ec444 2360int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2361 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2362{
2363 int l, flags;
2364 target_ulong page;
53a5960a 2365 void * p;
13eb76e0
FB		 2366
2367 while (len > 0) {
2368 page = addr & TARGET_PAGE_MASK;
2369 l = (page + TARGET_PAGE_SIZE) - addr;
2370 if (l > len)
2371 l = len;
2372 flags = page_get_flags(page);
2373 if (!(flags & PAGE_VALID))
a68fe89c 2374 return -1;
13eb76e0
FB		 2375 if (is_write) {
2376 if (!(flags & PAGE_WRITE))
a68fe89c 2377 return -1;
579a97f7 2378 /* XXX: this code should not depend on lock_user */
72fb7daa 2379 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2380 return -1;
72fb7daa
AJ		 2381 memcpy(p, buf, l);
2382 unlock_user(p, addr, l);
13eb76e0
FB		 2383 } else {
2384 if (!(flags & PAGE_READ))
a68fe89c 2385 return -1;
579a97f7 2386 /* XXX: this code should not depend on lock_user */
72fb7daa 2387 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2388 return -1;
72fb7daa 2389 memcpy(buf, p, l);
5b257578 2390 unlock_user(p, addr, 0);
13eb76e0
FB		 2391 }
2392 len -= l;
2393 buf += l;
2394 addr += l;
2395 }
a68fe89c 2396 return 0;
13eb76e0 2397}
8df1cd07 2398
13eb76e0 2399#else
51d7a9eb 2400
845b6214 2401static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2402 hwaddr length)
51d7a9eb 2403{
e87f7778
PB		 2404 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2405 /* No early return if dirty_log_mask is or becomes 0, because
2406 * cpu_physical_memory_set_dirty_range will still call
2407 * xen_modified_memory.
2408 */
2409 if (dirty_log_mask) {
2410 dirty_log_mask =
2411 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2412 }
2413 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2414 tb_invalidate_phys_range(addr, addr + length);
2415 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2416 }
e87f7778 2417 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2418}
2419
23326164 2420static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2421{
e1622f4b 2422 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2423
2424 /* Regions are assumed to support 1-4 byte accesses unless
2425 otherwise specified. */
23326164
RH		 2426 if (access_size_max == 0) {
2427 access_size_max = 4;
2428 }
2429
2430 /* Bound the maximum access by the alignment of the address. */
2431 if (!mr->ops->impl.unaligned) {
2432 unsigned align_size_max = addr & -addr;
2433 if (align_size_max != 0 && align_size_max < access_size_max) {
2434 access_size_max = align_size_max;
2435 }
82f2563f 2436 }
23326164
RH		 2437
2438 /* Don't attempt accesses larger than the maximum. */
2439 if (l > access_size_max) {
2440 l = access_size_max;
82f2563f 2441 }
6554f5c0 2442 l = pow2floor(l);
23326164
RH		 2443
2444 return l;
82f2563f
PB		 2445}
2446
4840f10e 2447static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2448{
4840f10e
JK		 2449 bool unlocked = !qemu_mutex_iothread_locked();
2450 bool release_lock = false;
2451
2452 if (unlocked && mr->global_locking) {
2453 qemu_mutex_lock_iothread();
2454 unlocked = false;
2455 release_lock = true;
2456 }
125b3806 2457 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2458 if (unlocked) {
2459 qemu_mutex_lock_iothread();
2460 }
125b3806 2461 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2462 if (unlocked) {
2463 qemu_mutex_unlock_iothread();
2464 }
125b3806 2465 }
4840f10e
JK		 2466
2467 return release_lock;
125b3806
PB		 2468}
2469
a203ac70
PB		 2470/* Called within RCU critical section. */
2471static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2472 MemTxAttrs attrs,
2473 const uint8_t *buf,
2474 int len, hwaddr addr1,
2475 hwaddr l, MemoryRegion *mr)
13eb76e0 2476{
13eb76e0 2477 uint8_t *ptr;
791af8c8 2478 uint64_t val;
3b643495 2479 MemTxResult result = MEMTX_OK;
4840f10e 2480 bool release_lock = false;
3b46e624 2481
a203ac70 2482 for (;;) {
eb7eeb88
PB		 2483 if (!memory_access_is_direct(mr, true)) {
2484 release_lock |= prepare_mmio_access(mr);
2485 l = memory_access_size(mr, l, addr1);
2486 /* XXX: could force current_cpu to NULL to avoid
2487 potential bugs */
2488 switch (l) {
2489 case 8:
2490 /* 64 bit write access */
2491 val = ldq_p(buf);
2492 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2493 attrs);
2494 break;
2495 case 4:
2496 /* 32 bit write access */
2497 val = ldl_p(buf);
2498 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2499 attrs);
2500 break;
2501 case 2:
2502 /* 16 bit write access */
2503 val = lduw_p(buf);
2504 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2505 attrs);
2506 break;
2507 case 1:
2508 /* 8 bit write access */
2509 val = ldub_p(buf);
2510 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2511 attrs);
2512 break;
2513 default:
2514 abort();
13eb76e0
FB		 2515 }
2516 } else {
eb7eeb88
PB		 2517 addr1 += memory_region_get_ram_addr(mr);
2518 /* RAM case */
2519 ptr = qemu_get_ram_ptr(addr1);
2520 memcpy(ptr, buf, l);
2521 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2522 }
4840f10e
JK		 2523
2524 if (release_lock) {
2525 qemu_mutex_unlock_iothread();
2526 release_lock = false;
2527 }
2528
13eb76e0
FB		 2529 len -= l;
2530 buf += l;
2531 addr += l;
a203ac70
PB		 2532
2533 if (!len) {
2534 break;
2535 }
2536
2537 l = len;
2538 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2539 }
fd8aaa76 2540
3b643495 2541 return result;
13eb76e0 2542}
8df1cd07 2543
a203ac70
PB		 2544MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2545 const uint8_t *buf, int len)
ac1970fb 2546{
eb7eeb88 2547 hwaddr l;
eb7eeb88
PB		 2548 hwaddr addr1;
2549 MemoryRegion *mr;
2550 MemTxResult result = MEMTX_OK;
eb7eeb88 2551
a203ac70
PB		 2552 if (len > 0) {
2553 rcu_read_lock();
eb7eeb88 2554 l = len;
a203ac70
PB		 2555 mr = address_space_translate(as, addr, &addr1, &l, true);
2556 result = address_space_write_continue(as, addr, attrs, buf, len,
2557 addr1, l, mr);
2558 rcu_read_unlock();
2559 }
2560
2561 return result;
2562}
2563
2564/* Called within RCU critical section. */
2565MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2566 MemTxAttrs attrs, uint8_t *buf,
2567 int len, hwaddr addr1, hwaddr l,
2568 MemoryRegion *mr)
2569{
2570 uint8_t *ptr;
2571 uint64_t val;
2572 MemTxResult result = MEMTX_OK;
2573 bool release_lock = false;
eb7eeb88 2574
a203ac70 2575 for (;;) {
eb7eeb88
PB		 2576 if (!memory_access_is_direct(mr, false)) {
2577 /* I/O case */
2578 release_lock |= prepare_mmio_access(mr);
2579 l = memory_access_size(mr, l, addr1);
2580 switch (l) {
2581 case 8:
2582 /* 64 bit read access */
2583 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2584 attrs);
2585 stq_p(buf, val);
2586 break;
2587 case 4:
2588 /* 32 bit read access */
2589 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2590 attrs);
2591 stl_p(buf, val);
2592 break;
2593 case 2:
2594 /* 16 bit read access */
2595 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2596 attrs);
2597 stw_p(buf, val);
2598 break;
2599 case 1:
2600 /* 8 bit read access */
2601 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2602 attrs);
2603 stb_p(buf, val);
2604 break;
2605 default:
2606 abort();
2607 }
2608 } else {
2609 /* RAM case */
2610 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2611 memcpy(buf, ptr, l);
2612 }
2613
2614 if (release_lock) {
2615 qemu_mutex_unlock_iothread();
2616 release_lock = false;
2617 }
2618
2619 len -= l;
2620 buf += l;
2621 addr += l;
a203ac70
PB		 2622
2623 if (!len) {
2624 break;
2625 }
2626
2627 l = len;
2628 mr = address_space_translate(as, addr, &addr1, &l, false);
2629 }
2630
2631 return result;
2632}
2633
3cc8f884
PB		 2634MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2635 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2636{
2637 hwaddr l;
2638 hwaddr addr1;
2639 MemoryRegion *mr;
2640 MemTxResult result = MEMTX_OK;
2641
2642 if (len > 0) {
2643 rcu_read_lock();
2644 l = len;
2645 mr = address_space_translate(as, addr, &addr1, &l, false);
2646 result = address_space_read_continue(as, addr, attrs, buf, len,
2647 addr1, l, mr);
2648 rcu_read_unlock();
eb7eeb88 2649 }
eb7eeb88
PB		 2650
2651 return result;
ac1970fb
AK		 2652}
2653
eb7eeb88
PB		 2654MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2655 uint8_t *buf, int len, bool is_write)
2656{
2657 if (is_write) {
2658 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2659 } else {
2660 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2661 }
2662}
ac1970fb 2663
a8170e5e 2664void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2665 int len, int is_write)
2666{
5c9eb028
PM		 2667 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2668 buf, len, is_write);
ac1970fb
AK		 2669}
2670
582b55a9
AG		 2671enum write_rom_type {
2672 WRITE_DATA,
2673 FLUSH_CACHE,
2674};
2675
2a221651 2676static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2677 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2678{
149f54b5 2679 hwaddr l;
d0ecd2aa 2680 uint8_t *ptr;
149f54b5 2681 hwaddr addr1;
5c8a00ce 2682 MemoryRegion *mr;
3b46e624 2683
41063e1e 2684 rcu_read_lock();
d0ecd2aa 2685 while (len > 0) {
149f54b5 2686 l = len;
2a221651 2687 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2688
5c8a00ce
PB		 2689 if (!(memory_region_is_ram(mr) ||
2690 memory_region_is_romd(mr))) {
b242e0e0 2691 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2692 } else {
5c8a00ce 2693 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2694 /* ROM/RAM case */
5579c7f3 2695 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2696 switch (type) {
2697 case WRITE_DATA:
2698 memcpy(ptr, buf, l);
845b6214 2699 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2700 break;
2701 case FLUSH_CACHE:
2702 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2703 break;
2704 }
d0ecd2aa
FB		 2705 }
2706 len -= l;
2707 buf += l;
2708 addr += l;
2709 }
41063e1e 2710 rcu_read_unlock();
d0ecd2aa
FB		 2711}
2712
582b55a9 2713/* used for ROM loading : can write in RAM and ROM */
2a221651 2714void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2715 const uint8_t *buf, int len)
2716{
2a221651 2717 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2718}
2719
2720void cpu_flush_icache_range(hwaddr start, int len)
2721{
2722 /*
2723 * This function should do the same thing as an icache flush that was
2724 * triggered from within the guest. For TCG we are always cache coherent,
2725 * so there is no need to flush anything. For KVM / Xen we need to flush
2726 * the host's instruction cache at least.
2727 */
2728 if (tcg_enabled()) {
2729 return;
2730 }
2731
2a221651
EI		 2732 cpu_physical_memory_write_rom_internal(&address_space_memory,
2733 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2734}
2735
6d16c2f8 2736typedef struct {
d3e71559 2737 MemoryRegion *mr;
6d16c2f8 2738 void *buffer;
a8170e5e
AK		 2739 hwaddr addr;
2740 hwaddr len;
c2cba0ff 2741 bool in_use;
6d16c2f8
AL		 2742} BounceBuffer;
2743
2744static BounceBuffer bounce;
2745
ba223c29 2746typedef struct MapClient {
e95205e1 2747 QEMUBH *bh;
72cf2d4f 2748 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2749} MapClient;
2750
38e047b5 2751QemuMutex map_client_list_lock;
72cf2d4f
BS		 2752static QLIST_HEAD(map_client_list, MapClient) map_client_list
2753 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2754
e95205e1
FZ		 2755static void cpu_unregister_map_client_do(MapClient *client)
2756{
2757 QLIST_REMOVE(client, link);
2758 g_free(client);
2759}
2760
33b6c2ed
FZ		 2761static void cpu_notify_map_clients_locked(void)
2762{
2763 MapClient *client;
2764
2765 while (!QLIST_EMPTY(&map_client_list)) {
2766 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2767 qemu_bh_schedule(client->bh);
2768 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2769 }
2770}
2771
e95205e1 2772void cpu_register_map_client(QEMUBH *bh)
ba223c29 2773{
7267c094 2774 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2775
38e047b5 2776 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2777 client->bh = bh;
72cf2d4f 2778 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2779 if (!atomic_read(&bounce.in_use)) {
2780 cpu_notify_map_clients_locked();
2781 }
38e047b5 2782 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2783}
2784
38e047b5 2785void cpu_exec_init_all(void)
ba223c29 2786{
38e047b5 2787 qemu_mutex_init(&ram_list.mutex);
38e047b5 2788 io_mem_init();
680a4783 2789 memory_map_init();
38e047b5 2790 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2791}
2792
e95205e1 2793void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2794{
2795 MapClient *client;
2796
e95205e1
FZ		 2797 qemu_mutex_lock(&map_client_list_lock);
2798 QLIST_FOREACH(client, &map_client_list, link) {
2799 if (client->bh == bh) {
2800 cpu_unregister_map_client_do(client);
2801 break;
2802 }
ba223c29 2803 }
e95205e1 2804 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2805}
2806
2807static void cpu_notify_map_clients(void)
2808{
38e047b5 2809 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2810 cpu_notify_map_clients_locked();
38e047b5 2811 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2812}
2813
51644ab7
PB		 2814bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2815{
5c8a00ce 2816 MemoryRegion *mr;
51644ab7
PB		 2817 hwaddr l, xlat;
2818
41063e1e 2819 rcu_read_lock();
51644ab7
PB		 2820 while (len > 0) {
2821 l = len;
5c8a00ce
PB		 2822 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2823 if (!memory_access_is_direct(mr, is_write)) {
2824 l = memory_access_size(mr, l, addr);
2825 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2826 return false;
2827 }
2828 }
2829
2830 len -= l;
2831 addr += l;
2832 }
41063e1e 2833 rcu_read_unlock();
51644ab7
PB		 2834 return true;
2835}
2836
6d16c2f8
AL		 2837/* Map a physical memory region into a host virtual address.
2838 * May map a subset of the requested range, given by and returned in *plen.
2839 * May return NULL if resources needed to perform the mapping are exhausted.
2840 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2841 * Use cpu_register_map_client() to know when retrying the map operation is
2842 * likely to succeed.
6d16c2f8 2843 */
ac1970fb 2844void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2845 hwaddr addr,
2846 hwaddr *plen,
ac1970fb 2847 bool is_write)
6d16c2f8 2848{
a8170e5e 2849 hwaddr len = *plen;
e3127ae0
PB		 2850 hwaddr done = 0;
2851 hwaddr l, xlat, base;
2852 MemoryRegion *mr, *this_mr;
2853 ram_addr_t raddr;
e81bcda5 2854 void *ptr;
6d16c2f8 2855
e3127ae0
PB		 2856 if (len == 0) {
2857 return NULL;
2858 }
38bee5dc 2859
e3127ae0 2860 l = len;
41063e1e 2861 rcu_read_lock();
e3127ae0 2862 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2863
e3127ae0 2864 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2865 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2866 rcu_read_unlock();
e3127ae0 2867 return NULL;
6d16c2f8 2868 }
e85d9db5
KW		 2869 /* Avoid unbounded allocations */
2870 l = MIN(l, TARGET_PAGE_SIZE);
2871 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2872 bounce.addr = addr;
2873 bounce.len = l;
d3e71559
PB		 2874
2875 memory_region_ref(mr);
2876 bounce.mr = mr;
e3127ae0 2877 if (!is_write) {
5c9eb028
PM		 2878 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2879 bounce.buffer, l);
8ab934f9 2880 }
6d16c2f8 2881
41063e1e 2882 rcu_read_unlock();
e3127ae0
PB		 2883 *plen = l;
2884 return bounce.buffer;
2885 }
2886
2887 base = xlat;
2888 raddr = memory_region_get_ram_addr(mr);
2889
2890 for (;;) {
6d16c2f8
AL		 2891 len -= l;
2892 addr += l;
e3127ae0
PB		 2893 done += l;
2894 if (len == 0) {
2895 break;
2896 }
2897
2898 l = len;
2899 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2900 if (this_mr != mr || xlat != base + done) {
2901 break;
2902 }
6d16c2f8 2903 }
e3127ae0 2904
d3e71559 2905 memory_region_ref(mr);
e3127ae0 2906 *plen = done;
e81bcda5
PB		 2907 ptr = qemu_ram_ptr_length(raddr + base, plen);
2908 rcu_read_unlock();
2909
2910 return ptr;
6d16c2f8
AL		 2911}
2912
ac1970fb 2913/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2914 * Will also mark the memory as dirty if is_write == 1. access_len gives
2915 * the amount of memory that was actually read or written by the caller.
2916 */
a8170e5e
AK		 2917void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2918 int is_write, hwaddr access_len)
6d16c2f8
AL		 2919{
2920 if (buffer != bounce.buffer) {
d3e71559
PB		 2921 MemoryRegion *mr;
2922 ram_addr_t addr1;
2923
2924 mr = qemu_ram_addr_from_host(buffer, &addr1);
2925 assert(mr != NULL);
6d16c2f8 2926 if (is_write) {
845b6214 2927 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2928 }
868bb33f 2929 if (xen_enabled()) {
e41d7c69 2930 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2931 }
d3e71559 2932 memory_region_unref(mr);
6d16c2f8
AL		 2933 return;
2934 }
2935 if (is_write) {
5c9eb028
PM		 2936 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2937 bounce.buffer, access_len);
6d16c2f8 2938 }
f8a83245 2939 qemu_vfree(bounce.buffer);
6d16c2f8 2940 bounce.buffer = NULL;
d3e71559 2941 memory_region_unref(bounce.mr);
c2cba0ff 2942 atomic_mb_set(&bounce.in_use, false);
ba223c29 2943 cpu_notify_map_clients();
6d16c2f8 2944}
d0ecd2aa 2945
a8170e5e
AK		 2946void *cpu_physical_memory_map(hwaddr addr,
2947 hwaddr *plen,
ac1970fb
AK		 2948 int is_write)
2949{
2950 return address_space_map(&address_space_memory, addr, plen, is_write);
2951}
2952
a8170e5e
AK		 2953void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2954 int is_write, hwaddr access_len)
ac1970fb
AK		 2955{
2956 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2957}
2958
8df1cd07 2959/* warning: addr must be aligned */
50013115
PM		 2960static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2961 MemTxAttrs attrs,
2962 MemTxResult *result,
2963 enum device_endian endian)
8df1cd07 2964{
8df1cd07 2965 uint8_t *ptr;
791af8c8 2966 uint64_t val;
5c8a00ce 2967 MemoryRegion *mr;
149f54b5
PB		 2968 hwaddr l = 4;
2969 hwaddr addr1;
50013115 2970 MemTxResult r;
4840f10e 2971 bool release_lock = false;
8df1cd07 2972
41063e1e 2973 rcu_read_lock();
fdfba1a2 2974 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2975 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2976 release_lock |= prepare_mmio_access(mr);
125b3806 2977
8df1cd07 2978 /* I/O case */
50013115 2979 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2980#if defined(TARGET_WORDS_BIGENDIAN)
2981 if (endian == DEVICE_LITTLE_ENDIAN) {
2982 val = bswap32(val);
2983 }
2984#else
2985 if (endian == DEVICE_BIG_ENDIAN) {
2986 val = bswap32(val);
2987 }
2988#endif
8df1cd07
FB		 2989 } else {
2990 /* RAM case */
5c8a00ce 2991 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2992 & TARGET_PAGE_MASK)
149f54b5 2993 + addr1);
1e78bcc1
AG		 2994 switch (endian) {
2995 case DEVICE_LITTLE_ENDIAN:
2996 val = ldl_le_p(ptr);
2997 break;
2998 case DEVICE_BIG_ENDIAN:
2999 val = ldl_be_p(ptr);
3000 break;
3001 default:
3002 val = ldl_p(ptr);
3003 break;
3004 }
50013115
PM		 3005 r = MEMTX_OK;
3006 }
3007 if (result) {
3008 *result = r;
8df1cd07 3009 }
4840f10e
JK		 3010 if (release_lock) {
3011 qemu_mutex_unlock_iothread();
3012 }
41063e1e 3013 rcu_read_unlock();
8df1cd07
FB		 3014 return val;
3015}
3016
50013115
PM		 3017uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3018 MemTxAttrs attrs, MemTxResult *result)
3019{
3020 return address_space_ldl_internal(as, addr, attrs, result,
3021 DEVICE_NATIVE_ENDIAN);
3022}
3023
3024uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3025 MemTxAttrs attrs, MemTxResult *result)
3026{
3027 return address_space_ldl_internal(as, addr, attrs, result,
3028 DEVICE_LITTLE_ENDIAN);
3029}
3030
3031uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3032 MemTxAttrs attrs, MemTxResult *result)
3033{
3034 return address_space_ldl_internal(as, addr, attrs, result,
3035 DEVICE_BIG_ENDIAN);
3036}
3037
fdfba1a2 3038uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3039{
50013115 3040 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3041}
3042
fdfba1a2 3043uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3044{
50013115 3045 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3046}
3047
fdfba1a2 3048uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3049{
50013115 3050 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3051}
3052
84b7b8e7 3053/* warning: addr must be aligned */
50013115
PM		 3054static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3055 MemTxAttrs attrs,
3056 MemTxResult *result,
3057 enum device_endian endian)
84b7b8e7 3058{
84b7b8e7
FB		 3059 uint8_t *ptr;
3060 uint64_t val;
5c8a00ce 3061 MemoryRegion *mr;
149f54b5
PB		 3062 hwaddr l = 8;
3063 hwaddr addr1;
50013115 3064 MemTxResult r;
4840f10e 3065 bool release_lock = false;
84b7b8e7 3066
41063e1e 3067 rcu_read_lock();
2c17449b 3068 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3069 false);
3070 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3071 release_lock |= prepare_mmio_access(mr);
125b3806 3072
84b7b8e7 3073 /* I/O case */
50013115 3074 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3075#if defined(TARGET_WORDS_BIGENDIAN)
3076 if (endian == DEVICE_LITTLE_ENDIAN) {
3077 val = bswap64(val);
3078 }
3079#else
3080 if (endian == DEVICE_BIG_ENDIAN) {
3081 val = bswap64(val);
3082 }
84b7b8e7
FB		 3083#endif
3084 } else {
3085 /* RAM case */
5c8a00ce 3086 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3087 & TARGET_PAGE_MASK)
149f54b5 3088 + addr1);
1e78bcc1
AG		 3089 switch (endian) {
3090 case DEVICE_LITTLE_ENDIAN:
3091 val = ldq_le_p(ptr);
3092 break;
3093 case DEVICE_BIG_ENDIAN:
3094 val = ldq_be_p(ptr);
3095 break;
3096 default:
3097 val = ldq_p(ptr);
3098 break;
3099 }
50013115
PM		 3100 r = MEMTX_OK;
3101 }
3102 if (result) {
3103 *result = r;
84b7b8e7 3104 }
4840f10e
JK		 3105 if (release_lock) {
3106 qemu_mutex_unlock_iothread();
3107 }
41063e1e 3108 rcu_read_unlock();
84b7b8e7
FB		 3109 return val;
3110}
3111
50013115
PM		 3112uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3113 MemTxAttrs attrs, MemTxResult *result)
3114{
3115 return address_space_ldq_internal(as, addr, attrs, result,
3116 DEVICE_NATIVE_ENDIAN);
3117}
3118
3119uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3120 MemTxAttrs attrs, MemTxResult *result)
3121{
3122 return address_space_ldq_internal(as, addr, attrs, result,
3123 DEVICE_LITTLE_ENDIAN);
3124}
3125
3126uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3127 MemTxAttrs attrs, MemTxResult *result)
3128{
3129 return address_space_ldq_internal(as, addr, attrs, result,
3130 DEVICE_BIG_ENDIAN);
3131}
3132
2c17449b 3133uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3134{
50013115 3135 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3136}
3137
2c17449b 3138uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3139{
50013115 3140 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3141}
3142
2c17449b 3143uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3144{
50013115 3145 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3146}
3147
aab33094 3148/* XXX: optimize */
50013115
PM		 3149uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3150 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3151{
3152 uint8_t val;
50013115
PM		 3153 MemTxResult r;
3154
3155 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3156 if (result) {
3157 *result = r;
3158 }
aab33094
FB		 3159 return val;
3160}
3161
50013115
PM		 3162uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3163{
3164 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3165}
3166
733f0b02 3167/* warning: addr must be aligned */
50013115
PM		 3168static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3169 hwaddr addr,
3170 MemTxAttrs attrs,
3171 MemTxResult *result,
3172 enum device_endian endian)
aab33094 3173{
733f0b02
MT		 3174 uint8_t *ptr;
3175 uint64_t val;
5c8a00ce 3176 MemoryRegion *mr;
149f54b5
PB		 3177 hwaddr l = 2;
3178 hwaddr addr1;
50013115 3179 MemTxResult r;
4840f10e 3180 bool release_lock = false;
733f0b02 3181
41063e1e 3182 rcu_read_lock();
41701aa4 3183 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3184 false);
3185 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3186 release_lock |= prepare_mmio_access(mr);
125b3806 3187
733f0b02 3188 /* I/O case */
50013115 3189 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3190#if defined(TARGET_WORDS_BIGENDIAN)
3191 if (endian == DEVICE_LITTLE_ENDIAN) {
3192 val = bswap16(val);
3193 }
3194#else
3195 if (endian == DEVICE_BIG_ENDIAN) {
3196 val = bswap16(val);
3197 }
3198#endif
733f0b02
MT		 3199 } else {
3200 /* RAM case */
5c8a00ce 3201 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3202 & TARGET_PAGE_MASK)
149f54b5 3203 + addr1);
1e78bcc1
AG		 3204 switch (endian) {
3205 case DEVICE_LITTLE_ENDIAN:
3206 val = lduw_le_p(ptr);
3207 break;
3208 case DEVICE_BIG_ENDIAN:
3209 val = lduw_be_p(ptr);
3210 break;
3211 default:
3212 val = lduw_p(ptr);
3213 break;
3214 }
50013115
PM		 3215 r = MEMTX_OK;
3216 }
3217 if (result) {
3218 *result = r;
733f0b02 3219 }
4840f10e
JK		 3220 if (release_lock) {
3221 qemu_mutex_unlock_iothread();
3222 }
41063e1e 3223 rcu_read_unlock();
733f0b02 3224 return val;
aab33094
FB		 3225}
3226
50013115
PM		 3227uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3228 MemTxAttrs attrs, MemTxResult *result)
3229{
3230 return address_space_lduw_internal(as, addr, attrs, result,
3231 DEVICE_NATIVE_ENDIAN);
3232}
3233
3234uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3235 MemTxAttrs attrs, MemTxResult *result)
3236{
3237 return address_space_lduw_internal(as, addr, attrs, result,
3238 DEVICE_LITTLE_ENDIAN);
3239}
3240
3241uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3243{
3244 return address_space_lduw_internal(as, addr, attrs, result,
3245 DEVICE_BIG_ENDIAN);
3246}
3247
41701aa4 3248uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3249{
50013115 3250 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3251}
3252
41701aa4 3253uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3254{
50013115 3255 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3256}
3257
41701aa4 3258uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3259{
50013115 3260 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3261}
3262
8df1cd07
FB		 3263/* warning: addr must be aligned. The ram page is not masked as dirty
3264 and the code inside is not invalidated. It is useful if the dirty
3265 bits are used to track modified PTEs */
50013115
PM		 3266void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3267 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3268{
8df1cd07 3269 uint8_t *ptr;
5c8a00ce 3270 MemoryRegion *mr;
149f54b5
PB		 3271 hwaddr l = 4;
3272 hwaddr addr1;
50013115 3273 MemTxResult r;
845b6214 3274 uint8_t dirty_log_mask;
4840f10e 3275 bool release_lock = false;
8df1cd07 3276
41063e1e 3277 rcu_read_lock();
2198a121 3278 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3279 true);
3280 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3281 release_lock |= prepare_mmio_access(mr);
125b3806 3282
50013115 3283 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3284 } else {
5c8a00ce 3285 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3286 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3287 stl_p(ptr, val);
74576198 3288
845b6214
PB		 3289 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3290 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3291 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3292 r = MEMTX_OK;
3293 }
3294 if (result) {
3295 *result = r;
8df1cd07 3296 }
4840f10e
JK		 3297 if (release_lock) {
3298 qemu_mutex_unlock_iothread();
3299 }
41063e1e 3300 rcu_read_unlock();
8df1cd07
FB		 3301}
3302
50013115
PM		 3303void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3304{
3305 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3306}
3307
8df1cd07 3308/* warning: addr must be aligned */
50013115
PM		 3309static inline void address_space_stl_internal(AddressSpace *as,
3310 hwaddr addr, uint32_t val,
3311 MemTxAttrs attrs,
3312 MemTxResult *result,
3313 enum device_endian endian)
8df1cd07 3314{
8df1cd07 3315 uint8_t *ptr;
5c8a00ce 3316 MemoryRegion *mr;
149f54b5
PB		 3317 hwaddr l = 4;
3318 hwaddr addr1;
50013115 3319 MemTxResult r;
4840f10e 3320 bool release_lock = false;
8df1cd07 3321
41063e1e 3322 rcu_read_lock();
ab1da857 3323 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3324 true);
3325 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3326 release_lock |= prepare_mmio_access(mr);
125b3806 3327
1e78bcc1
AG		 3328#if defined(TARGET_WORDS_BIGENDIAN)
3329 if (endian == DEVICE_LITTLE_ENDIAN) {
3330 val = bswap32(val);
3331 }
3332#else
3333 if (endian == DEVICE_BIG_ENDIAN) {
3334 val = bswap32(val);
3335 }
3336#endif
50013115 3337 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3338 } else {
8df1cd07 3339 /* RAM case */
5c8a00ce 3340 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3341 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3342 switch (endian) {
3343 case DEVICE_LITTLE_ENDIAN:
3344 stl_le_p(ptr, val);
3345 break;
3346 case DEVICE_BIG_ENDIAN:
3347 stl_be_p(ptr, val);
3348 break;
3349 default:
3350 stl_p(ptr, val);
3351 break;
3352 }
845b6214 3353 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3354 r = MEMTX_OK;
3355 }
3356 if (result) {
3357 *result = r;
8df1cd07 3358 }
4840f10e
JK		 3359 if (release_lock) {
3360 qemu_mutex_unlock_iothread();
3361 }
41063e1e 3362 rcu_read_unlock();
8df1cd07
FB		 3363}
3364
50013115
PM		 3365void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3366 MemTxAttrs attrs, MemTxResult *result)
3367{
3368 address_space_stl_internal(as, addr, val, attrs, result,
3369 DEVICE_NATIVE_ENDIAN);
3370}
3371
3372void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3373 MemTxAttrs attrs, MemTxResult *result)
3374{
3375 address_space_stl_internal(as, addr, val, attrs, result,
3376 DEVICE_LITTLE_ENDIAN);
3377}
3378
3379void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3380 MemTxAttrs attrs, MemTxResult *result)
3381{
3382 address_space_stl_internal(as, addr, val, attrs, result,
3383 DEVICE_BIG_ENDIAN);
3384}
3385
ab1da857 3386void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3387{
50013115 3388 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3389}
3390
ab1da857 3391void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3392{
50013115 3393 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3394}
3395
ab1da857 3396void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3397{
50013115 3398 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3399}
3400
aab33094 3401/* XXX: optimize */
50013115
PM		 3402void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3403 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3404{
3405 uint8_t v = val;
50013115
PM		 3406 MemTxResult r;
3407
3408 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3409 if (result) {
3410 *result = r;
3411 }
3412}
3413
3414void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3415{
3416 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3417}
3418
733f0b02 3419/* warning: addr must be aligned */
50013115
PM		 3420static inline void address_space_stw_internal(AddressSpace *as,
3421 hwaddr addr, uint32_t val,
3422 MemTxAttrs attrs,
3423 MemTxResult *result,
3424 enum device_endian endian)
aab33094 3425{
733f0b02 3426 uint8_t *ptr;
5c8a00ce 3427 MemoryRegion *mr;
149f54b5
PB		 3428 hwaddr l = 2;
3429 hwaddr addr1;
50013115 3430 MemTxResult r;
4840f10e 3431 bool release_lock = false;
733f0b02 3432
41063e1e 3433 rcu_read_lock();
5ce5944d 3434 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3435 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3436 release_lock |= prepare_mmio_access(mr);
125b3806 3437
1e78bcc1
AG		 3438#if defined(TARGET_WORDS_BIGENDIAN)
3439 if (endian == DEVICE_LITTLE_ENDIAN) {
3440 val = bswap16(val);
3441 }
3442#else
3443 if (endian == DEVICE_BIG_ENDIAN) {
3444 val = bswap16(val);
3445 }
3446#endif
50013115 3447 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3448 } else {
733f0b02 3449 /* RAM case */
5c8a00ce 3450 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3451 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3452 switch (endian) {
3453 case DEVICE_LITTLE_ENDIAN:
3454 stw_le_p(ptr, val);
3455 break;
3456 case DEVICE_BIG_ENDIAN:
3457 stw_be_p(ptr, val);
3458 break;
3459 default:
3460 stw_p(ptr, val);
3461 break;
3462 }
845b6214 3463 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3464 r = MEMTX_OK;
3465 }
3466 if (result) {
3467 *result = r;
733f0b02 3468 }
4840f10e
JK		 3469 if (release_lock) {
3470 qemu_mutex_unlock_iothread();
3471 }
41063e1e 3472 rcu_read_unlock();
aab33094
FB		 3473}
3474
50013115
PM		 3475void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3476 MemTxAttrs attrs, MemTxResult *result)
3477{
3478 address_space_stw_internal(as, addr, val, attrs, result,
3479 DEVICE_NATIVE_ENDIAN);
3480}
3481
3482void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3483 MemTxAttrs attrs, MemTxResult *result)
3484{
3485 address_space_stw_internal(as, addr, val, attrs, result,
3486 DEVICE_LITTLE_ENDIAN);
3487}
3488
3489void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3490 MemTxAttrs attrs, MemTxResult *result)
3491{
3492 address_space_stw_internal(as, addr, val, attrs, result,
3493 DEVICE_BIG_ENDIAN);
3494}
3495
5ce5944d 3496void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3497{
50013115 3498 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3499}
3500
5ce5944d 3501void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3502{
50013115 3503 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3504}
3505
5ce5944d 3506void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3507{
50013115 3508 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3509}
3510
aab33094 3511/* XXX: optimize */
50013115
PM		 3512void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3513 MemTxAttrs attrs, MemTxResult *result)
aab33094 3514{
50013115 3515 MemTxResult r;
aab33094 3516 val = tswap64(val);
50013115
PM		 3517 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3518 if (result) {
3519 *result = r;
3520 }
aab33094
FB		 3521}
3522
50013115
PM		 3523void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3524 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3525{
50013115 3526 MemTxResult r;
1e78bcc1 3527 val = cpu_to_le64(val);
50013115
PM		 3528 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3529 if (result) {
3530 *result = r;
3531 }
3532}
3533void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3534 MemTxAttrs attrs, MemTxResult *result)
3535{
3536 MemTxResult r;
3537 val = cpu_to_be64(val);
3538 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3539 if (result) {
3540 *result = r;
3541 }
3542}
3543
3544void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3545{
3546 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3547}
3548
3549void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3550{
3551 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3552}
3553
f606604f 3554void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3555{
50013115 3556 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3557}
3558
5e2972fd 3559/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3560int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3561 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3562{
3563 int l;
a8170e5e 3564 hwaddr phys_addr;
9b3c35e0 3565 target_ulong page;
13eb76e0
FB		 3566
3567 while (len > 0) {
3568 page = addr & TARGET_PAGE_MASK;
f17ec444 3569 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3570 /* if no physical page mapped, return an error */
3571 if (phys_addr == -1)
3572 return -1;
3573 l = (page + TARGET_PAGE_SIZE) - addr;
3574 if (l > len)
3575 l = len;
5e2972fd 3576 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3577 if (is_write) {
3578 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3579 } else {
5c9eb028
PM		 3580 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3581 buf, l, 0);
2e38847b 3582 }
13eb76e0
FB		 3583 len -= l;
3584 buf += l;
3585 addr += l;
3586 }
3587 return 0;
3588}
038629a6
DDAG		 3589
3590/*
3591 * Allows code that needs to deal with migration bitmaps etc to still be built
3592 * target independent.
3593 */
3594size_t qemu_target_page_bits(void)
3595{
3596 return TARGET_PAGE_BITS;
3597}
3598
a68fe89c 3599#endif
13eb76e0 3600
8e4a424b
BS		 3601/*
3602 * A helper function for the _utterly broken_ virtio device model to find out if
3603 * it's running on a big endian machine. Don't do this at home kids!
3604 */
98ed8ecf
GK		 3605bool target_words_bigendian(void);
3606bool target_words_bigendian(void)
8e4a424b
BS		 3607{
3608#if defined(TARGET_WORDS_BIGENDIAN)
3609 return true;
3610#else
3611 return false;
3612#endif
3613}
3614
76f35538 3615#ifndef CONFIG_USER_ONLY
a8170e5e 3616bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3617{
5c8a00ce 3618 MemoryRegion*mr;
149f54b5 3619 hwaddr l = 1;
41063e1e 3620 bool res;
76f35538 3621
41063e1e 3622 rcu_read_lock();
5c8a00ce
PB		 3623 mr = address_space_translate(&address_space_memory,
3624 phys_addr, &phys_addr, &l, false);
76f35538 3625
41063e1e
PB		 3626 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3627 rcu_read_unlock();
3628 return res;
76f35538 3629}
bd2fa51f 3630
e3807054 3631int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3632{
3633 RAMBlock *block;
e3807054 3634 int ret = 0;
bd2fa51f 3635
0dc3f44a
MD		 3636 rcu_read_lock();
3637 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3638 ret = func(block->idstr, block->host, block->offset,
3639 block->used_length, opaque);
3640 if (ret) {
3641 break;
3642 }
bd2fa51f 3643 }
0dc3f44a 3644 rcu_read_unlock();
e3807054 3645 return ret;
bd2fa51f 3646}
ec3f8c99 3647#endif
QEMU mirror