]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
docker: make sure debootstrap is at least 1.0.67
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes, compacted);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
310 DECLARE_BITMAP(compacted, nodes_nb);
311
312 if (d->phys_map.skip) {
53cb28cb 313 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 314 }
315}
316
29cb533d
FZ		 317static inline bool section_covers_addr(const MemoryRegionSection *section,
318 hwaddr addr)
319{
320 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
321 * the section must cover the entire address space.
322 */
323 return section->size.hi ||
324 range_covers_byte(section->offset_within_address_space,
325 section->size.lo, addr);
326}
327
97115a8d 328static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 329 Node *nodes, MemoryRegionSection *sections)
92e873b9 330{
31ab2b4a 331 PhysPageEntry *p;
97115a8d 332 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 333 int i;
f1f6e3b8 334
9736e55b 335 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 336 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 337 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 338 }
9affd6fc 339 p = nodes[lp.ptr];
03f49957 340 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 341 }
b35ba30f 342
29cb533d 343 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 344 return &sections[lp.ptr];
345 } else {
346 return &sections[PHYS_SECTION_UNASSIGNED];
347 }
f3705d53
AK		 348}
349
e5548617
BS		 350bool memory_region_is_unassigned(MemoryRegion *mr)
351{
2a8e7499 352 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 353 && mr != &io_mem_watch;
fd6ce8f6 354}
149f54b5 355
79e2b9ae 356/* Called from RCU critical section */
c7086b4a 357static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 358 hwaddr addr,
359 bool resolve_subpage)
9f029603 360{
729633c2 361 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 362 subpage_t *subpage;
729633c2 363 bool update;
90260c6c 364
729633c2
FZ		 365 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
366 section_covers_addr(section, addr)) {
367 update = false;
368 } else {
369 section = phys_page_find(d->phys_map, addr, d->map.nodes,
370 d->map.sections);
371 update = true;
372 }
90260c6c
JK		 373 if (resolve_subpage && section->mr->subpage) {
374 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 375 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 376 }
729633c2
FZ		 377 if (update) {
378 atomic_set(&d->mru_section, section);
379 }
90260c6c 380 return section;
9f029603
JK		 381}
382
79e2b9ae 383/* Called from RCU critical section */
90260c6c 384static MemoryRegionSection *
c7086b4a 385address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 386 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 387{
388 MemoryRegionSection *section;
965eb2fc 389 MemoryRegion *mr;
a87f3954 390 Int128 diff;
149f54b5 391
c7086b4a 392 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 393 /* Compute offset within MemoryRegionSection */
394 addr -= section->offset_within_address_space;
395
396 /* Compute offset within MemoryRegion */
397 *xlat = addr + section->offset_within_region;
398
965eb2fc 399 mr = section->mr;
b242e0e0
PB		 400
401 /* MMIO registers can be expected to perform full-width accesses based only
402 * on their address, without considering adjacent registers that could
403 * decode to completely different MemoryRegions. When such registers
404 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
405 * regions overlap wildly. For this reason we cannot clamp the accesses
406 * here.
407 *
408 * If the length is small (as is the case for address_space_ldl/stl),
409 * everything works fine. If the incoming length is large, however,
410 * the caller really has to do the clamping through memory_access_size.
411 */
965eb2fc 412 if (memory_region_is_ram(mr)) {
e4a511f8 413 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 414 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
415 }
149f54b5
PB		 416 return section;
417}
90260c6c 418
41063e1e 419/* Called from RCU critical section */
5c8a00ce
PB		 420MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
421 hwaddr *xlat, hwaddr *plen,
422 bool is_write)
90260c6c 423{
30951157
AK		 424 IOMMUTLBEntry iotlb;
425 MemoryRegionSection *section;
426 MemoryRegion *mr;
30951157
AK		 427
428 for (;;) {
79e2b9ae
PB		 429 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
430 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 431 mr = section->mr;
432
433 if (!mr->iommu_ops) {
434 break;
435 }
436
8d7b8cb9 437 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 438 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
439 | (addr & iotlb.addr_mask));
23820dbf 440 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 441 if (!(iotlb.perm & (1 << is_write))) {
442 mr = &io_mem_unassigned;
443 break;
444 }
445
446 as = iotlb.target_as;
447 }
448
fe680d0d 449 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 450 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 451 *plen = MIN(page, *plen);
a87f3954
PB		 452 }
453
30951157
AK		 454 *xlat = addr;
455 return mr;
90260c6c
JK		 456}
457
79e2b9ae 458/* Called from RCU critical section */
90260c6c 459MemoryRegionSection *
d7898cda 460address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 461 hwaddr *xlat, hwaddr *plen)
90260c6c 462{
30951157 463 MemoryRegionSection *section;
d7898cda
PM		 464 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
465
466 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 467
468 assert(!section->mr->iommu_ops);
469 return section;
90260c6c 470}
5b6dd868 471#endif
fd6ce8f6 472
b170fce3 473#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 474
475static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 476{
259186a7 477 CPUState *cpu = opaque;
a513fe19 478
5b6dd868
BS		 479 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
480 version_id is increased. */
259186a7 481 cpu->interrupt_request &= ~0x01;
c01a71c1 482 tlb_flush(cpu, 1);
5b6dd868
BS		 483
484 return 0;
a513fe19 485}
7501267e 486
6c3bff0e
PD		 487static int cpu_common_pre_load(void *opaque)
488{
489 CPUState *cpu = opaque;
490
adee6424 491 cpu->exception_index = -1;
6c3bff0e
PD		 492
493 return 0;
494}
495
496static bool cpu_common_exception_index_needed(void *opaque)
497{
498 CPUState *cpu = opaque;
499
adee6424 500 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 501}
502
503static const VMStateDescription vmstate_cpu_common_exception_index = {
504 .name = "cpu_common/exception_index",
505 .version_id = 1,
506 .minimum_version_id = 1,
5cd8cada 507 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 508 .fields = (VMStateField[]) {
509 VMSTATE_INT32(exception_index, CPUState),
510 VMSTATE_END_OF_LIST()
511 }
512};
513
bac05aa9
AS		 514static bool cpu_common_crash_occurred_needed(void *opaque)
515{
516 CPUState *cpu = opaque;
517
518 return cpu->crash_occurred;
519}
520
521static const VMStateDescription vmstate_cpu_common_crash_occurred = {
522 .name = "cpu_common/crash_occurred",
523 .version_id = 1,
524 .minimum_version_id = 1,
525 .needed = cpu_common_crash_occurred_needed,
526 .fields = (VMStateField[]) {
527 VMSTATE_BOOL(crash_occurred, CPUState),
528 VMSTATE_END_OF_LIST()
529 }
530};
531
1a1562f5 532const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 533 .name = "cpu_common",
534 .version_id = 1,
535 .minimum_version_id = 1,
6c3bff0e 536 .pre_load = cpu_common_pre_load,
5b6dd868 537 .post_load = cpu_common_post_load,
35d08458 538 .fields = (VMStateField[]) {
259186a7
AF		 539 VMSTATE_UINT32(halted, CPUState),
540 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 541 VMSTATE_END_OF_LIST()
6c3bff0e 542 },
5cd8cada
JQ		 543 .subsections = (const VMStateDescription*[]) {
544 &vmstate_cpu_common_exception_index,
bac05aa9 545 &vmstate_cpu_common_crash_occurred,
5cd8cada 546 NULL
5b6dd868
BS		 547 }
548};
1a1562f5 549
5b6dd868 550#endif
ea041c0e 551
38d8f5c8 552CPUState *qemu_get_cpu(int index)
ea041c0e 553{
bdc44640 554 CPUState *cpu;
ea041c0e 555
bdc44640 556 CPU_FOREACH(cpu) {
55e5c285 557 if (cpu->cpu_index == index) {
bdc44640 558 return cpu;
55e5c285 559 }
ea041c0e 560 }
5b6dd868 561
bdc44640 562 return NULL;
ea041c0e
FB		 563}
564
09daed84 565#if !defined(CONFIG_USER_ONLY)
56943e8c 566void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 567{
12ebc9a7
PM		 568 CPUAddressSpace *newas;
569
570 /* Target code should have set num_ases before calling us */
571 assert(asidx < cpu->num_ases);
572
56943e8c
PM		 573 if (asidx == 0) {
574 /* address space 0 gets the convenience alias */
575 cpu->as = as;
576 }
577
12ebc9a7
PM		 578 /* KVM cannot currently support multiple address spaces. */
579 assert(asidx == 0 || !kvm_enabled());
09daed84 580
12ebc9a7
PM		 581 if (!cpu->cpu_ases) {
582 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 583 }
32857f4d 584
12ebc9a7
PM		 585 newas = &cpu->cpu_ases[asidx];
586 newas->cpu = cpu;
587 newas->as = as;
56943e8c 588 if (tcg_enabled()) {
12ebc9a7
PM		 589 newas->tcg_as_listener.commit = tcg_commit;
590 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 591 }
09daed84 592}
651a5bc0
PM		 593
594AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
595{
596 /* Return the AddressSpace corresponding to the specified index */
597 return cpu->cpu_ases[asidx].as;
598}
09daed84
EI		 599#endif
600
630eb0fa
IM		 601static bool cpu_index_auto_assigned;
602
a07f953e 603static int cpu_get_free_index(void)
b7bca733
BR		 604{
605 CPUState *some_cpu;
606 int cpu_index = 0;
607
630eb0fa 608 cpu_index_auto_assigned = true;
b7bca733
BR		 609 CPU_FOREACH(some_cpu) {
610 cpu_index++;
611 }
612 return cpu_index;
613}
614
1c59eb39
BR		 615void cpu_exec_exit(CPUState *cpu)
616{
9dfeca7c
BR		 617 CPUClass *cc = CPU_GET_CLASS(cpu);
618
1c59eb39 619 cpu_list_lock();
8b1b8350
IM		 620 if (cpu->node.tqe_prev == NULL) {
621 /* there is nothing to undo since cpu_exec_init() hasn't been called */
1c59eb39 622 cpu_list_unlock();
1c59eb39
BR		 623 return;
624 }
625
630eb0fa
IM		 626 assert(!(cpu_index_auto_assigned && cpu != QTAILQ_LAST(&cpus, CPUTailQ)));
627
1c59eb39 628 QTAILQ_REMOVE(&cpus, cpu, node);
8b1b8350 629 cpu->node.tqe_prev = NULL;
a07f953e 630 cpu->cpu_index = UNASSIGNED_CPU_INDEX;
1c59eb39 631 cpu_list_unlock();
9dfeca7c
BR		 632
633 if (cc->vmsd != NULL) {
634 vmstate_unregister(NULL, cc->vmsd, cpu);
635 }
636 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
637 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
638 }
1c59eb39
BR		 639}
640
4bad9e39 641void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 642{
1bc7e522 643 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
a07f953e 644 Error *local_err ATTRIBUTE_UNUSED = NULL;
5b6dd868 645
56943e8c 646 cpu->as = NULL;
12ebc9a7 647 cpu->num_ases = 0;
56943e8c 648
291135b5 649#ifndef CONFIG_USER_ONLY
291135b5 650 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 651
652 /* This is a softmmu CPU object, so create a property for it
653 * so users can wire up its memory. (This can't go in qom/cpu.c
654 * because that file is compiled only once for both user-mode
655 * and system builds.) The default if no link is set up is to use
656 * the system address space.
657 */
658 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
659 (Object **)&cpu->memory,
660 qdev_prop_allow_set_link_before_realize,
661 OBJ_PROP_LINK_UNREF_ON_RELEASE,
662 &error_abort);
663 cpu->memory = system_memory;
664 object_ref(OBJECT(cpu->memory));
291135b5
EH		 665#endif
666
5b6dd868 667 cpu_list_lock();
a07f953e
IM		 668 if (cpu->cpu_index == UNASSIGNED_CPU_INDEX) {
669 cpu->cpu_index = cpu_get_free_index();
670 assert(cpu->cpu_index != UNASSIGNED_CPU_INDEX);
630eb0fa
IM		 671 } else {
672 assert(!cpu_index_auto_assigned);
5b6dd868 673 }
bdc44640 674 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 675 cpu_list_unlock();
1bc7e522
IM		 676
677#ifndef CONFIG_USER_ONLY
e0d47944 678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 680 }
b170fce3 681 if (cc->vmsd != NULL) {
741da0d3 682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 683 }
741da0d3 684#endif
ea041c0e
FB		 685}
686
94df27fd 687#if defined(CONFIG_USER_ONLY)
00b941e5 688static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 689{
690 tb_invalidate_phys_page_range(pc, pc + 1, 0);
691}
692#else
00b941e5 693static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 694{
5232e4c7
PM		 695 MemTxAttrs attrs;
696 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
697 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 698 if (phys != -1) {
5232e4c7 699 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 700 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 701 }
1e7855a5 702}
c27004ec 703#endif
d720b93d 704
c527ee8f 705#if defined(CONFIG_USER_ONLY)
75a34036 706void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 707
708{
709}
710
3ee887e8
PM		 711int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
712 int flags)
713{
714 return -ENOSYS;
715}
716
717void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
718{
719}
720
75a34036 721int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 722 int flags, CPUWatchpoint **watchpoint)
723{
724 return -ENOSYS;
725}
726#else
6658ffb8 727/* Add a watchpoint. */
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 729 int flags, CPUWatchpoint **watchpoint)
6658ffb8 730{
c0ce998e 731 CPUWatchpoint *wp;
6658ffb8 732
05068c0d 733 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 734 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 735 error_report("tried to set invalid watchpoint at %"
736 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 737 return -EINVAL;
738 }
7267c094 739 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 740
741 wp->vaddr = addr;
05068c0d 742 wp->len = len;
a1d1bb31
AL		 743 wp->flags = flags;
744
2dc9f411 745 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 746 if (flags & BP_GDB) {
747 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
748 } else {
749 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
750 }
6658ffb8 751
31b030d4 752 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 753
754 if (watchpoint)
755 *watchpoint = wp;
756 return 0;
6658ffb8
PB		 757}
758
a1d1bb31 759/* Remove a specific watchpoint. */
75a34036 760int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 761 int flags)
6658ffb8 762{
a1d1bb31 763 CPUWatchpoint *wp;
6658ffb8 764
ff4700b0 765 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 766 if (addr == wp->vaddr && len == wp->len
6e140f28 767 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 768 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 769 return 0;
770 }
771 }
a1d1bb31 772 return -ENOENT;
6658ffb8
PB		 773}
774
a1d1bb31 775/* Remove a specific watchpoint by reference. */
75a34036 776void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 777{
ff4700b0 778 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 779
31b030d4 780 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 781
7267c094 782 g_free(watchpoint);
a1d1bb31
AL		 783}
784
785/* Remove all matching watchpoints. */
75a34036 786void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 787{
c0ce998e 788 CPUWatchpoint *wp, *next;
a1d1bb31 789
ff4700b0 790 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 791 if (wp->flags & mask) {
792 cpu_watchpoint_remove_by_ref(cpu, wp);
793 }
c0ce998e 794 }
7d03f82f 795}
05068c0d
PM		 796
797/* Return true if this watchpoint address matches the specified
798 * access (ie the address range covered by the watchpoint overlaps
799 * partially or completely with the address range covered by the
800 * access).
801 */
802static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
803 vaddr addr,
804 vaddr len)
805{
806 /* We know the lengths are non-zero, but a little caution is
807 * required to avoid errors in the case where the range ends
808 * exactly at the top of the address space and so addr + len
809 * wraps round to zero.
810 */
811 vaddr wpend = wp->vaddr + wp->len - 1;
812 vaddr addrend = addr + len - 1;
813
814 return !(addr > wpend || wp->vaddr > addrend);
815}
816
c527ee8f 817#endif
7d03f82f 818
a1d1bb31 819/* Add a breakpoint. */
b3310ab3 820int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 821 CPUBreakpoint **breakpoint)
4c3a88a2 822{
c0ce998e 823 CPUBreakpoint *bp;
3b46e624 824
7267c094 825 bp = g_malloc(sizeof(*bp));
4c3a88a2 826
a1d1bb31
AL		 827 bp->pc = pc;
828 bp->flags = flags;
829
2dc9f411 830 /* keep all GDB-injected breakpoints in front */
00b941e5 831 if (flags & BP_GDB) {
f0c3c505 832 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 833 } else {
f0c3c505 834 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 835 }
3b46e624 836
f0c3c505 837 breakpoint_invalidate(cpu, pc);
a1d1bb31 838
00b941e5 839 if (breakpoint) {
a1d1bb31 840 *breakpoint = bp;
00b941e5 841 }
4c3a88a2 842 return 0;
4c3a88a2
FB		 843}
844
a1d1bb31 845/* Remove a specific breakpoint. */
b3310ab3 846int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 847{
a1d1bb31
AL		 848 CPUBreakpoint *bp;
849
f0c3c505 850 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 851 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 852 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 853 return 0;
854 }
7d03f82f 855 }
a1d1bb31 856 return -ENOENT;
7d03f82f
EI		 857}
858
a1d1bb31 859/* Remove a specific breakpoint by reference. */
b3310ab3 860void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 861{
f0c3c505
AF		 862 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
863
864 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 865
7267c094 866 g_free(breakpoint);
a1d1bb31
AL		 867}
868
869/* Remove all matching breakpoints. */
b3310ab3 870void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 871{
c0ce998e 872 CPUBreakpoint *bp, *next;
a1d1bb31 873
f0c3c505 874 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 875 if (bp->flags & mask) {
876 cpu_breakpoint_remove_by_ref(cpu, bp);
877 }
c0ce998e 878 }
4c3a88a2
FB		 879}
880
c33a346e
FB		 881/* enable or disable single step mode. EXCP_DEBUG is returned by the
882 CPU loop after each instruction */
3825b28f 883void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 884{
ed2803da
AF		 885 if (cpu->singlestep_enabled != enabled) {
886 cpu->singlestep_enabled = enabled;
887 if (kvm_enabled()) {
38e478ec 888 kvm_update_guest_debug(cpu, 0);
ed2803da 889 } else {
ccbb4d44 890 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 891 /* XXX: only flush what is necessary */
bbd77c18 892 tb_flush(cpu);
e22a25c9 893 }
c33a346e 894 }
c33a346e
FB		 895}
896
a47dddd7 897void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 898{
899 va_list ap;
493ae1f0 900 va_list ap2;
7501267e
FB		 901
902 va_start(ap, fmt);
493ae1f0 903 va_copy(ap2, ap);
7501267e
FB		 904 fprintf(stderr, "qemu: fatal: ");
905 vfprintf(stderr, fmt, ap);
906 fprintf(stderr, "\n");
878096ee 907 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 908 if (qemu_log_separate()) {
93fcfe39
AL		 909 qemu_log("qemu: fatal: ");
910 qemu_log_vprintf(fmt, ap2);
911 qemu_log("\n");
a0762859 912 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 913 qemu_log_flush();
93fcfe39 914 qemu_log_close();
924edcae 915 }
493ae1f0 916 va_end(ap2);
f9373291 917 va_end(ap);
7615936e 918 replay_finish();
fd052bf6
RV		 919#if defined(CONFIG_USER_ONLY)
920 {
921 struct sigaction act;
922 sigfillset(&act.sa_mask);
923 act.sa_handler = SIG_DFL;
924 sigaction(SIGABRT, &act, NULL);
925 }
926#endif
7501267e
FB		 927 abort();
928}
929
0124311e 930#if !defined(CONFIG_USER_ONLY)
0dc3f44a 931/* Called from RCU critical section */
041603fe
PB		 932static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
933{
934 RAMBlock *block;
935
43771539 936 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 937 if (block && addr - block->offset < block->max_length) {
68851b98 938 return block;
041603fe 939 }
0dc3f44a 940 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 941 if (addr - block->offset < block->max_length) {
041603fe
PB		 942 goto found;
943 }
944 }
945
946 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
947 abort();
948
949found:
43771539
PB		 950 /* It is safe to write mru_block outside the iothread lock. This
951 * is what happens:
952 *
953 * mru_block = xxx
954 * rcu_read_unlock()
955 * xxx removed from list
956 * rcu_read_lock()
957 * read mru_block
958 * mru_block = NULL;
959 * call_rcu(reclaim_ramblock, xxx);
960 * rcu_read_unlock()
961 *
962 * atomic_rcu_set is not needed here. The block was already published
963 * when it was placed into the list. Here we're just making an extra
964 * copy of the pointer.
965 */
041603fe
PB		 966 ram_list.mru_block = block;
967 return block;
968}
969
a2f4d5be 970static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 971{
9a13565d 972 CPUState *cpu;
041603fe 973 ram_addr_t start1;
a2f4d5be
JQ		 974 RAMBlock *block;
975 ram_addr_t end;
976
977 end = TARGET_PAGE_ALIGN(start + length);
978 start &= TARGET_PAGE_MASK;
d24981d3 979
0dc3f44a 980 rcu_read_lock();
041603fe
PB		 981 block = qemu_get_ram_block(start);
982 assert(block == qemu_get_ram_block(end - 1));
1240be24 983 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 984 CPU_FOREACH(cpu) {
985 tlb_reset_dirty(cpu, start1, length);
986 }
0dc3f44a 987 rcu_read_unlock();
d24981d3
JQ		 988}
989
5579c7f3 990/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 991bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
992 ram_addr_t length,
993 unsigned client)
1ccde1cb 994{
5b82b703 995 DirtyMemoryBlocks *blocks;
03eebc9e 996 unsigned long end, page;
5b82b703 997 bool dirty = false;
03eebc9e
SH		 998
999 if (length == 0) {
1000 return false;
1001 }
f23db169 1002
03eebc9e
SH		 1003 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1004 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1005
1006 rcu_read_lock();
1007
1008 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1009
1010 while (page < end) {
1011 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1012 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1013 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1014
1015 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1016 offset, num);
1017 page += num;
1018 }
1019
1020 rcu_read_unlock();
03eebc9e
SH		 1021
1022 if (dirty && tcg_enabled()) {
a2f4d5be 1023 tlb_reset_dirty_range_all(start, length);
5579c7f3 1024 }
03eebc9e
SH		 1025
1026 return dirty;
1ccde1cb
FB		 1027}
1028
79e2b9ae 1029/* Called from RCU critical section */
bb0e627a 1030hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1031 MemoryRegionSection *section,
1032 target_ulong vaddr,
1033 hwaddr paddr, hwaddr xlat,
1034 int prot,
1035 target_ulong *address)
e5548617 1036{
a8170e5e 1037 hwaddr iotlb;
e5548617
BS		 1038 CPUWatchpoint *wp;
1039
cc5bea60 1040 if (memory_region_is_ram(section->mr)) {
e5548617 1041 /* Normal RAM. */
e4e69794 1042 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1043 if (!section->readonly) {
b41aac4f 1044 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1045 } else {
b41aac4f 1046 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1047 }
1048 } else {
0b8e2c10
PM		 1049 AddressSpaceDispatch *d;
1050
1051 d = atomic_rcu_read(&section->address_space->dispatch);
1052 iotlb = section - d->map.sections;
149f54b5 1053 iotlb += xlat;
e5548617
BS		 1054 }
1055
1056 /* Make accesses to pages with watchpoints go via the
1057 watchpoint trap routines. */
ff4700b0 1058 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1059 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1060 /* Avoid trapping reads of pages with a write breakpoint. */
1061 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1062 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1063 *address |= TLB_MMIO;
1064 break;
1065 }
1066 }
1067 }
1068
1069 return iotlb;
1070}
9fa3e853
FB		 1071#endif /* defined(CONFIG_USER_ONLY) */
1072
e2eef170 1073#if !defined(CONFIG_USER_ONLY)
8da3ff18 1074
c227f099 1075static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1076 uint16_t section);
acc9d80b 1077static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1078
a2b257d6
IM		 1079static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1080 qemu_anon_ram_alloc;
91138037
MA		 1081
1082/*
1083 * Set a custom physical guest memory alloator.
1084 * Accelerators with unusual needs may need this. Hopefully, we can
1085 * get rid of it eventually.
1086 */
a2b257d6 1087void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1088{
1089 phys_mem_alloc = alloc;
1090}
1091
53cb28cb
MA		 1092static uint16_t phys_section_add(PhysPageMap *map,
1093 MemoryRegionSection *section)
5312bd8b 1094{
68f3f65b
PB		 1095 /* The physical section number is ORed with a page-aligned
1096 * pointer to produce the iotlb entries. Thus it should
1097 * never overflow into the page-aligned value.
1098 */
53cb28cb 1099 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1100
53cb28cb
MA		 1101 if (map->sections_nb == map->sections_nb_alloc) {
1102 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1103 map->sections = g_renew(MemoryRegionSection, map->sections,
1104 map->sections_nb_alloc);
5312bd8b 1105 }
53cb28cb 1106 map->sections[map->sections_nb] = *section;
dfde4e6e 1107 memory_region_ref(section->mr);
53cb28cb 1108 return map->sections_nb++;
5312bd8b
AK		 1109}
1110
058bc4b5
PB		 1111static void phys_section_destroy(MemoryRegion *mr)
1112{
55b4e80b
DS		 1113 bool have_sub_page = mr->subpage;
1114
dfde4e6e
PB		 1115 memory_region_unref(mr);
1116
55b4e80b 1117 if (have_sub_page) {
058bc4b5 1118 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1119 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1120 g_free(subpage);
1121 }
1122}
1123
6092666e 1124static void phys_sections_free(PhysPageMap *map)
5312bd8b 1125{
9affd6fc
PB		 1126 while (map->sections_nb > 0) {
1127 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1128 phys_section_destroy(section->mr);
1129 }
9affd6fc
PB		 1130 g_free(map->sections);
1131 g_free(map->nodes);
5312bd8b
AK		 1132}
1133
ac1970fb 1134static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1135{
1136 subpage_t *subpage;
a8170e5e 1137 hwaddr base = section->offset_within_address_space
0f0cb164 1138 & TARGET_PAGE_MASK;
97115a8d 1139 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1140 d->map.nodes, d->map.sections);
0f0cb164
AK		 1141 MemoryRegionSection subsection = {
1142 .offset_within_address_space = base,
052e87b0 1143 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1144 };
a8170e5e 1145 hwaddr start, end;
0f0cb164 1146
f3705d53 1147 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1148
f3705d53 1149 if (!(existing->mr->subpage)) {
acc9d80b 1150 subpage = subpage_init(d->as, base);
3be91e86 1151 subsection.address_space = d->as;
0f0cb164 1152 subsection.mr = &subpage->iomem;
ac1970fb 1153 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1154 phys_section_add(&d->map, &subsection));
0f0cb164 1155 } else {
f3705d53 1156 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1157 }
1158 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1159 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1160 subpage_register(subpage, start, end,
1161 phys_section_add(&d->map, section));
0f0cb164
AK		 1162}
1163
1164
052e87b0
PB		 1165static void register_multipage(AddressSpaceDispatch *d,
1166 MemoryRegionSection *section)
33417e70 1167{
a8170e5e 1168 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1169 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1170 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1171 TARGET_PAGE_BITS));
dd81124b 1172
733d5ef5
PB		 1173 assert(num_pages);
1174 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1175}
1176
ac1970fb 1177static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1178{
89ae337a 1179 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1180 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1181 MemoryRegionSection now = *section, remain = *section;
052e87b0 1182 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1183
733d5ef5
PB		 1184 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1185 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1186 - now.offset_within_address_space;
1187
052e87b0 1188 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1189 register_subpage(d, &now);
733d5ef5 1190 } else {
052e87b0 1191 now.size = int128_zero();
733d5ef5 1192 }
052e87b0
PB		 1193 while (int128_ne(remain.size, now.size)) {
1194 remain.size = int128_sub(remain.size, now.size);
1195 remain.offset_within_address_space += int128_get64(now.size);
1196 remain.offset_within_region += int128_get64(now.size);
69b67646 1197 now = remain;
052e87b0 1198 if (int128_lt(remain.size, page_size)) {
733d5ef5 1199 register_subpage(d, &now);
88266249 1200 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1201 now.size = page_size;
ac1970fb 1202 register_subpage(d, &now);
69b67646 1203 } else {
052e87b0 1204 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1205 register_multipage(d, &now);
69b67646 1206 }
0f0cb164
AK		 1207 }
1208}
1209
62a2744c
SY		 1210void qemu_flush_coalesced_mmio_buffer(void)
1211{
1212 if (kvm_enabled())
1213 kvm_flush_coalesced_mmio_buffer();
1214}
1215
b2a8658e
UD		 1216void qemu_mutex_lock_ramlist(void)
1217{
1218 qemu_mutex_lock(&ram_list.mutex);
1219}
1220
1221void qemu_mutex_unlock_ramlist(void)
1222{
1223 qemu_mutex_unlock(&ram_list.mutex);
1224}
1225
e1e84ba0 1226#ifdef __linux__
04b16653
AW		 1227static void *file_ram_alloc(RAMBlock *block,
1228 ram_addr_t memory,
7f56e740
PB		 1229 const char *path,
1230 Error **errp)
c902760f 1231{
fd97fd44 1232 bool unlink_on_error = false;
c902760f 1233 char *filename;
8ca761f6
PF		 1234 char *sanitized_name;
1235 char *c;
056b68af 1236 void *area = MAP_FAILED;
5c3ece79 1237 int fd = -1;
e1fb6471 1238 int64_t page_size;
c902760f
MT		 1239
1240 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1241 error_setg(errp,
1242 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1243 return NULL;
c902760f
MT		 1244 }
1245
fd97fd44
MA		 1246 for (;;) {
1247 fd = open(path, O_RDWR);
1248 if (fd >= 0) {
1249 /* @path names an existing file, use it */
1250 break;
8d31d6b6 1251 }
fd97fd44
MA		 1252 if (errno == ENOENT) {
1253 /* @path names a file that doesn't exist, create it */
1254 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1255 if (fd >= 0) {
1256 unlink_on_error = true;
1257 break;
1258 }
1259 } else if (errno == EISDIR) {
1260 /* @path names a directory, create a file there */
1261 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1262 sanitized_name = g_strdup(memory_region_name(block->mr));
1263 for (c = sanitized_name; *c != '\0'; c++) {
1264 if (*c == '/') {
1265 *c = '_';
1266 }
1267 }
8ca761f6 1268
fd97fd44
MA		 1269 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1270 sanitized_name);
1271 g_free(sanitized_name);
8d31d6b6 1272
fd97fd44
MA		 1273 fd = mkstemp(filename);
1274 if (fd >= 0) {
1275 unlink(filename);
1276 g_free(filename);
1277 break;
1278 }
1279 g_free(filename);
8d31d6b6 1280 }
fd97fd44
MA		 1281 if (errno != EEXIST && errno != EINTR) {
1282 error_setg_errno(errp, errno,
1283 "can't open backing store %s for guest RAM",
1284 path);
1285 goto error;
1286 }
1287 /*
1288 * Try again on EINTR and EEXIST. The latter happens when
1289 * something else creates the file between our two open().
1290 */
8d31d6b6 1291 }
c902760f 1292
e1fb6471 1293 page_size = qemu_fd_getpagesize(fd);
d2f39add 1294 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1295
e1fb6471 1296 if (memory < page_size) {
fd97fd44
MA		 1297 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1298 "or larger than page size 0x%" PRIx64,
e1fb6471 1299 memory, page_size);
f9a49dfa 1300 goto error;
c902760f 1301 }
c902760f 1302
e1fb6471 1303 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1304
1305 /*
1306 * ftruncate is not supported by hugetlbfs in older
1307 * hosts, so don't bother bailing out on errors.
1308 * If anything goes wrong with it under other filesystems,
1309 * mmap will fail.
1310 */
7f56e740 1311 if (ftruncate(fd, memory)) {
9742bf26 1312 perror("ftruncate");
7f56e740 1313 }
c902760f 1314
d2f39add
DD		 1315 area = qemu_ram_mmap(fd, memory, block->mr->align,
1316 block->flags & RAM_SHARED);
c902760f 1317 if (area == MAP_FAILED) {
7f56e740 1318 error_setg_errno(errp, errno,
fd97fd44 1319 "unable to map backing store for guest RAM");
f9a49dfa 1320 goto error;
c902760f 1321 }
ef36fa14
MT		 1322
1323 if (mem_prealloc) {
056b68af
IM		 1324 os_mem_prealloc(fd, area, memory, errp);
1325 if (errp && *errp) {
1326 goto error;
1327 }
ef36fa14
MT		 1328 }
1329
04b16653 1330 block->fd = fd;
c902760f 1331 return area;
f9a49dfa
MT		 1332
1333error:
056b68af
IM		 1334 if (area != MAP_FAILED) {
1335 qemu_ram_munmap(area, memory);
1336 }
fd97fd44
MA		 1337 if (unlink_on_error) {
1338 unlink(path);
1339 }
5c3ece79
PB		 1340 if (fd != -1) {
1341 close(fd);
1342 }
f9a49dfa 1343 return NULL;
c902760f
MT		 1344}
1345#endif
1346
0dc3f44a 1347/* Called with the ramlist lock held. */
d17b5288 1348static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1349{
1350 RAMBlock *block, *next_block;
3e837b2c 1351 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1352
49cd9ac6
SH		 1353 assert(size != 0); /* it would hand out same offset multiple times */
1354
0dc3f44a 1355 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1356 return 0;
0d53d9fe 1357 }
04b16653 1358
0dc3f44a 1359 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1360 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1361
62be4e3a 1362 end = block->offset + block->max_length;
04b16653 1363
0dc3f44a 1364 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1365 if (next_block->offset >= end) {
1366 next = MIN(next, next_block->offset);
1367 }
1368 }
1369 if (next - end >= size && next - end < mingap) {
3e837b2c 1370 offset = end;
04b16653
AW		 1371 mingap = next - end;
1372 }
1373 }
3e837b2c
AW		 1374
1375 if (offset == RAM_ADDR_MAX) {
1376 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1377 (uint64_t)size);
1378 abort();
1379 }
1380
04b16653
AW		 1381 return offset;
1382}
1383
652d7ec2 1384ram_addr_t last_ram_offset(void)
d17b5288
AW		 1385{
1386 RAMBlock *block;
1387 ram_addr_t last = 0;
1388
0dc3f44a
MD		 1389 rcu_read_lock();
1390 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1391 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1392 }
0dc3f44a 1393 rcu_read_unlock();
d17b5288
AW		 1394 return last;
1395}
1396
ddb97f1d
JB		 1397static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1398{
1399 int ret;
ddb97f1d
JB		 1400
1401 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1402 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1403 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1404 if (ret) {
1405 perror("qemu_madvise");
1406 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1407 "but dump_guest_core=off specified\n");
1408 }
1409 }
1410}
1411
422148d3
DDAG		 1412const char *qemu_ram_get_idstr(RAMBlock *rb)
1413{
1414 return rb->idstr;
1415}
1416
ae3a7047 1417/* Called with iothread lock held. */
fa53a0e5 1418void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1419{
fa53a0e5 1420 RAMBlock *block;
20cfe881 1421
c5705a77
AK		 1422 assert(new_block);
1423 assert(!new_block->idstr[0]);
84b89d78 1424
09e5ab63
AL		 1425 if (dev) {
1426 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1427 if (id) {
1428 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1429 g_free(id);
84b89d78
CM		 1430 }
1431 }
1432 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1433
ab0a9956 1434 rcu_read_lock();
0dc3f44a 1435 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1436 if (block != new_block &&
1437 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1438 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1439 new_block->idstr);
1440 abort();
1441 }
1442 }
0dc3f44a 1443 rcu_read_unlock();
c5705a77
AK		 1444}
1445
ae3a7047 1446/* Called with iothread lock held. */
fa53a0e5 1447void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1448{
ae3a7047
MD		 1449 /* FIXME: arch_init.c assumes that this is not called throughout
1450 * migration. Ignore the problem since hot-unplug during migration
1451 * does not work anyway.
1452 */
20cfe881
HT		 1453 if (block) {
1454 memset(block->idstr, 0, sizeof(block->idstr));
1455 }
1456}
1457
8490fc78
LC		 1458static int memory_try_enable_merging(void *addr, size_t len)
1459{
75cc7f01 1460 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1461 /* disabled by the user */
1462 return 0;
1463 }
1464
1465 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1466}
1467
62be4e3a
MT		 1468/* Only legal before guest might have detected the memory size: e.g. on
1469 * incoming migration, or right after reset.
1470 *
1471 * As memory core doesn't know how is memory accessed, it is up to
1472 * resize callback to update device state and/or add assertions to detect
1473 * misuse, if necessary.
1474 */
fa53a0e5 1475int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1476{
62be4e3a
MT		 1477 assert(block);
1478
4ed023ce 1479 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1480
62be4e3a
MT		 1481 if (block->used_length == newsize) {
1482 return 0;
1483 }
1484
1485 if (!(block->flags & RAM_RESIZEABLE)) {
1486 error_setg_errno(errp, EINVAL,
1487 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1488 " in != 0x" RAM_ADDR_FMT, block->idstr,
1489 newsize, block->used_length);
1490 return -EINVAL;
1491 }
1492
1493 if (block->max_length < newsize) {
1494 error_setg_errno(errp, EINVAL,
1495 "Length too large: %s: 0x" RAM_ADDR_FMT
1496 " > 0x" RAM_ADDR_FMT, block->idstr,
1497 newsize, block->max_length);
1498 return -EINVAL;
1499 }
1500
1501 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1502 block->used_length = newsize;
58d2707e
PB		 1503 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1504 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1505 memory_region_set_size(block->mr, newsize);
1506 if (block->resized) {
1507 block->resized(block->idstr, newsize, block->host);
1508 }
1509 return 0;
1510}
1511
5b82b703
SH		 1512/* Called with ram_list.mutex held */
1513static void dirty_memory_extend(ram_addr_t old_ram_size,
1514 ram_addr_t new_ram_size)
1515{
1516 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1517 DIRTY_MEMORY_BLOCK_SIZE);
1518 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1519 DIRTY_MEMORY_BLOCK_SIZE);
1520 int i;
1521
1522 /* Only need to extend if block count increased */
1523 if (new_num_blocks <= old_num_blocks) {
1524 return;
1525 }
1526
1527 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1528 DirtyMemoryBlocks *old_blocks;
1529 DirtyMemoryBlocks *new_blocks;
1530 int j;
1531
1532 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1533 new_blocks = g_malloc(sizeof(*new_blocks) +
1534 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1535
1536 if (old_num_blocks) {
1537 memcpy(new_blocks->blocks, old_blocks->blocks,
1538 old_num_blocks * sizeof(old_blocks->blocks[0]));
1539 }
1540
1541 for (j = old_num_blocks; j < new_num_blocks; j++) {
1542 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1543 }
1544
1545 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1546
1547 if (old_blocks) {
1548 g_free_rcu(old_blocks, rcu);
1549 }
1550 }
1551}
1552
528f46af 1553static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1554{
e1c57ab8 1555 RAMBlock *block;
0d53d9fe 1556 RAMBlock *last_block = NULL;
2152f5ca 1557 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1558 Error *err = NULL;
2152f5ca
JQ		 1559
1560 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1561
b2a8658e 1562 qemu_mutex_lock_ramlist();
9b8424d5 1563 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1564
1565 if (!new_block->host) {
1566 if (xen_enabled()) {
9b8424d5 1567 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1568 new_block->mr, &err);
1569 if (err) {
1570 error_propagate(errp, err);
1571 qemu_mutex_unlock_ramlist();
39c350ee 1572 return;
37aa7a0e 1573 }
e1c57ab8 1574 } else {
9b8424d5 1575 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1576 &new_block->mr->align);
39228250 1577 if (!new_block->host) {
ef701d7b
HT		 1578 error_setg_errno(errp, errno,
1579 "cannot set up guest memory '%s'",
1580 memory_region_name(new_block->mr));
1581 qemu_mutex_unlock_ramlist();
39c350ee 1582 return;
39228250 1583 }
9b8424d5 1584 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1585 }
c902760f 1586 }
94a6b54f 1587
dd631697
LZ		 1588 new_ram_size = MAX(old_ram_size,
1589 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1590 if (new_ram_size > old_ram_size) {
1591 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1592 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1593 }
0d53d9fe
MD		 1594 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1595 * QLIST (which has an RCU-friendly variant) does not have insertion at
1596 * tail, so save the last element in last_block.
1597 */
0dc3f44a 1598 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1599 last_block = block;
9b8424d5 1600 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1601 break;
1602 }
1603 }
1604 if (block) {
0dc3f44a 1605 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1606 } else if (last_block) {
0dc3f44a 1607 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1608 } else { /* list is empty */
0dc3f44a 1609 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1610 }
0d6d3c87 1611 ram_list.mru_block = NULL;
94a6b54f 1612
0dc3f44a
MD		 1613 /* Write list before version */
1614 smp_wmb();
f798b07f 1615 ram_list.version++;
b2a8658e 1616 qemu_mutex_unlock_ramlist();
f798b07f 1617
9b8424d5 1618 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1619 new_block->used_length,
1620 DIRTY_CLIENTS_ALL);
94a6b54f 1621
a904c911
PB		 1622 if (new_block->host) {
1623 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1624 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1625 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1626 if (kvm_enabled()) {
1627 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1628 }
e1c57ab8 1629 }
94a6b54f 1630}
e9a1ab19 1631
0b183fc8 1632#ifdef __linux__
528f46af
FZ		 1633RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1634 bool share, const char *mem_path,
1635 Error **errp)
e1c57ab8
PB		 1636{
1637 RAMBlock *new_block;
ef701d7b 1638 Error *local_err = NULL;
e1c57ab8
PB		 1639
1640 if (xen_enabled()) {
7f56e740 1641 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1642 return NULL;
e1c57ab8
PB		 1643 }
1644
1645 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1646 /*
1647 * file_ram_alloc() needs to allocate just like
1648 * phys_mem_alloc, but we haven't bothered to provide
1649 * a hook there.
1650 */
7f56e740
PB		 1651 error_setg(errp,
1652 "-mem-path not supported with this accelerator");
528f46af 1653 return NULL;
e1c57ab8
PB		 1654 }
1655
4ed023ce 1656 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1657 new_block = g_malloc0(sizeof(*new_block));
1658 new_block->mr = mr;
9b8424d5
MT		 1659 new_block->used_length = size;
1660 new_block->max_length = size;
dbcb8981 1661 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1662 new_block->host = file_ram_alloc(new_block, size,
1663 mem_path, errp);
1664 if (!new_block->host) {
1665 g_free(new_block);
528f46af 1666 return NULL;
7f56e740
PB		 1667 }
1668
528f46af 1669 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1670 if (local_err) {
1671 g_free(new_block);
1672 error_propagate(errp, local_err);
528f46af 1673 return NULL;
ef701d7b 1674 }
528f46af 1675 return new_block;
e1c57ab8 1676}
0b183fc8 1677#endif
e1c57ab8 1678
62be4e3a 1679static
528f46af
FZ		 1680RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1681 void (*resized)(const char*,
1682 uint64_t length,
1683 void *host),
1684 void *host, bool resizeable,
1685 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1686{
1687 RAMBlock *new_block;
ef701d7b 1688 Error *local_err = NULL;
e1c57ab8 1689
4ed023ce
DDAG		 1690 size = HOST_PAGE_ALIGN(size);
1691 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1692 new_block = g_malloc0(sizeof(*new_block));
1693 new_block->mr = mr;
62be4e3a 1694 new_block->resized = resized;
9b8424d5
MT		 1695 new_block->used_length = size;
1696 new_block->max_length = max_size;
62be4e3a 1697 assert(max_size >= size);
e1c57ab8
PB		 1698 new_block->fd = -1;
1699 new_block->host = host;
1700 if (host) {
7bd4f430 1701 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1702 }
62be4e3a
MT		 1703 if (resizeable) {
1704 new_block->flags |= RAM_RESIZEABLE;
1705 }
528f46af 1706 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1707 if (local_err) {
1708 g_free(new_block);
1709 error_propagate(errp, local_err);
528f46af 1710 return NULL;
ef701d7b 1711 }
528f46af 1712 return new_block;
e1c57ab8
PB		 1713}
1714
528f46af 1715RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1716 MemoryRegion *mr, Error **errp)
1717{
1718 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1719}
1720
528f46af 1721RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1722{
62be4e3a
MT		 1723 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1724}
1725
528f46af 1726RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1727 void (*resized)(const char*,
1728 uint64_t length,
1729 void *host),
1730 MemoryRegion *mr, Error **errp)
1731{
1732 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1733}
1734
43771539
PB		 1735static void reclaim_ramblock(RAMBlock *block)
1736{
1737 if (block->flags & RAM_PREALLOC) {
1738 ;
1739 } else if (xen_enabled()) {
1740 xen_invalidate_map_cache_entry(block->host);
1741#ifndef _WIN32
1742 } else if (block->fd >= 0) {
2f3a2bb1 1743 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1744 close(block->fd);
1745#endif
1746 } else {
1747 qemu_anon_ram_free(block->host, block->max_length);
1748 }
1749 g_free(block);
1750}
1751
f1060c55 1752void qemu_ram_free(RAMBlock *block)
e9a1ab19 1753{
85bc2a15
MAL		 1754 if (!block) {
1755 return;
1756 }
1757
b2a8658e 1758 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1759 QLIST_REMOVE_RCU(block, next);
1760 ram_list.mru_block = NULL;
1761 /* Write list before version */
1762 smp_wmb();
1763 ram_list.version++;
1764 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1765 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1766}
1767
cd19cfa2
HY		 1768#ifndef _WIN32
1769void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1770{
1771 RAMBlock *block;
1772 ram_addr_t offset;
1773 int flags;
1774 void *area, *vaddr;
1775
0dc3f44a 1776 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1777 offset = addr - block->offset;
9b8424d5 1778 if (offset < block->max_length) {
1240be24 1779 vaddr = ramblock_ptr(block, offset);
7bd4f430 1780 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1781 ;
dfeaf2ab
MA		 1782 } else if (xen_enabled()) {
1783 abort();
cd19cfa2
HY		 1784 } else {
1785 flags = MAP_FIXED;
3435f395 1786 if (block->fd >= 0) {
dbcb8981
PB		 1787 flags |= (block->flags & RAM_SHARED ?
1788 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1789 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1790 flags, block->fd, offset);
cd19cfa2 1791 } else {
2eb9fbaa
MA		 1792 /*
1793 * Remap needs to match alloc. Accelerators that
1794 * set phys_mem_alloc never remap. If they did,
1795 * we'd need a remap hook here.
1796 */
1797 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1798
cd19cfa2
HY		 1799 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1800 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1801 flags, -1, 0);
cd19cfa2
HY		 1802 }
1803 if (area != vaddr) {
f15fbc4b
AP		 1804 fprintf(stderr, "Could not remap addr: "
1805 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1806 length, addr);
1807 exit(1);
1808 }
8490fc78 1809 memory_try_enable_merging(vaddr, length);
ddb97f1d 1810 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1811 }
cd19cfa2
HY		 1812 }
1813 }
1814}
1815#endif /* !_WIN32 */
1816
1b5ec234 1817/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1818 * This should not be used for general purpose DMA. Use address_space_map
1819 * or address_space_rw instead. For local memory (e.g. video ram) that the
1820 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1821 *
49b24afc 1822 * Called within RCU critical section.
1b5ec234 1823 */
0878d0e1 1824void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1825{
3655cb9c
GA		 1826 RAMBlock *block = ram_block;
1827
1828 if (block == NULL) {
1829 block = qemu_get_ram_block(addr);
0878d0e1 1830 addr -= block->offset;
3655cb9c 1831 }
ae3a7047
MD		 1832
1833 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1834 /* We need to check if the requested address is in the RAM
1835 * because we don't want to map the entire memory in QEMU.
1836 * In that case just map until the end of the page.
1837 */
1838 if (block->offset == 0) {
49b24afc 1839 return xen_map_cache(addr, 0, 0);
0d6d3c87 1840 }
ae3a7047
MD		 1841
1842 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1843 }
0878d0e1 1844 return ramblock_ptr(block, addr);
dc828ca1
PB		 1845}
1846
0878d0e1 1847/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1848 * but takes a size argument.
0dc3f44a 1849 *
e81bcda5 1850 * Called within RCU critical section.
ae3a7047 1851 */
3655cb9c
GA		 1852static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1853 hwaddr *size)
38bee5dc 1854{
3655cb9c 1855 RAMBlock *block = ram_block;
8ab934f9
SS		 1856 if (*size == 0) {
1857 return NULL;
1858 }
e81bcda5 1859
3655cb9c
GA		 1860 if (block == NULL) {
1861 block = qemu_get_ram_block(addr);
0878d0e1 1862 addr -= block->offset;
3655cb9c 1863 }
0878d0e1 1864 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1865
1866 if (xen_enabled() && block->host == NULL) {
1867 /* We need to check if the requested address is in the RAM
1868 * because we don't want to map the entire memory in QEMU.
1869 * In that case just map the requested area.
1870 */
1871 if (block->offset == 0) {
1872 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1873 }
1874
e81bcda5 1875 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1876 }
e81bcda5 1877
0878d0e1 1878 return ramblock_ptr(block, addr);
38bee5dc
SS		 1879}
1880
422148d3
DDAG		 1881/*
1882 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1883 * in that RAMBlock.
1884 *
1885 * ptr: Host pointer to look up
1886 * round_offset: If true round the result offset down to a page boundary
1887 * *ram_addr: set to result ram_addr
1888 * *offset: set to result offset within the RAMBlock
1889 *
1890 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1891 *
1892 * By the time this function returns, the returned pointer is not protected
1893 * by RCU anymore. If the caller is not within an RCU critical section and
1894 * does not hold the iothread lock, it must have other means of protecting the
1895 * pointer, such as a reference to the region that includes the incoming
1896 * ram_addr_t.
1897 */
422148d3 1898RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1899 ram_addr_t *offset)
5579c7f3 1900{
94a6b54f
PB		 1901 RAMBlock *block;
1902 uint8_t *host = ptr;
1903
868bb33f 1904 if (xen_enabled()) {
f615f396 1905 ram_addr_t ram_addr;
0dc3f44a 1906 rcu_read_lock();
f615f396
PB		 1907 ram_addr = xen_ram_addr_from_mapcache(ptr);
1908 block = qemu_get_ram_block(ram_addr);
422148d3 1909 if (block) {
d6b6aec4 1910 *offset = ram_addr - block->offset;
422148d3 1911 }
0dc3f44a 1912 rcu_read_unlock();
422148d3 1913 return block;
712c2b41
SS		 1914 }
1915
0dc3f44a
MD		 1916 rcu_read_lock();
1917 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1918 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1919 goto found;
1920 }
1921
0dc3f44a 1922 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1923 /* This case append when the block is not mapped. */
1924 if (block->host == NULL) {
1925 continue;
1926 }
9b8424d5 1927 if (host - block->host < block->max_length) {
23887b79 1928 goto found;
f471a17e 1929 }
94a6b54f 1930 }
432d268c 1931
0dc3f44a 1932 rcu_read_unlock();
1b5ec234 1933 return NULL;
23887b79
PB		 1934
1935found:
422148d3
DDAG		 1936 *offset = (host - block->host);
1937 if (round_offset) {
1938 *offset &= TARGET_PAGE_MASK;
1939 }
0dc3f44a 1940 rcu_read_unlock();
422148d3
DDAG		 1941 return block;
1942}
1943
e3dd7493
DDAG		 1944/*
1945 * Finds the named RAMBlock
1946 *
1947 * name: The name of RAMBlock to find
1948 *
1949 * Returns: RAMBlock (or NULL if not found)
1950 */
1951RAMBlock *qemu_ram_block_by_name(const char *name)
1952{
1953 RAMBlock *block;
1954
1955 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1956 if (!strcmp(name, block->idstr)) {
1957 return block;
1958 }
1959 }
1960
1961 return NULL;
1962}
1963
422148d3
DDAG		 1964/* Some of the softmmu routines need to translate from a host pointer
1965 (typically a TLB entry) back to a ram offset. */
07bdaa41 1966ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1967{
1968 RAMBlock *block;
f615f396 1969 ram_addr_t offset;
422148d3 1970
f615f396 1971 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1972 if (!block) {
07bdaa41 1973 return RAM_ADDR_INVALID;
422148d3
DDAG		 1974 }
1975
07bdaa41 1976 return block->offset + offset;
e890261f 1977}
f471a17e 1978
49b24afc 1979/* Called within RCU critical section. */
a8170e5e 1980static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1981 uint64_t val, unsigned size)
9fa3e853 1982{
52159192 1983 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1984 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1985 }
0e0df1e2
AK		 1986 switch (size) {
1987 case 1:
0878d0e1 1988 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1989 break;
1990 case 2:
0878d0e1 1991 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1992 break;
1993 case 4:
0878d0e1 1994 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1995 break;
1996 default:
1997 abort();
3a7d929e 1998 }
58d2707e
PB		 1999 /* Set both VGA and migration bits for simplicity and to remove
2000 * the notdirty callback faster.
2001 */
2002 cpu_physical_memory_set_dirty_range(ram_addr, size,
2003 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2004 /* we remove the notdirty callback only if the code has been
2005 flushed */
a2cd8c85 2006 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2007 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2008 }
9fa3e853
FB		 2009}
2010
b018ddf6
PB		 2011static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2012 unsigned size, bool is_write)
2013{
2014 return is_write;
2015}
2016
0e0df1e2 2017static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2018 .write = notdirty_mem_write,
b018ddf6 2019 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2020 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2021};
2022
0f459d16 2023/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2024static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2025{
93afeade 2026 CPUState *cpu = current_cpu;
568496c0 2027 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2028 CPUArchState *env = cpu->env_ptr;
06d55cc1 2029 target_ulong pc, cs_base;
0f459d16 2030 target_ulong vaddr;
a1d1bb31 2031 CPUWatchpoint *wp;
89fee74a 2032 uint32_t cpu_flags;
0f459d16 2033
ff4700b0 2034 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2035 /* We re-entered the check after replacing the TB. Now raise
2036 * the debug interrupt so that is will trigger after the
2037 * current instruction. */
93afeade 2038 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2039 return;
2040 }
93afeade 2041 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2042 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2043 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2044 && (wp->flags & flags)) {
08225676
PM		 2045 if (flags == BP_MEM_READ) {
2046 wp->flags |= BP_WATCHPOINT_HIT_READ;
2047 } else {
2048 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2049 }
2050 wp->hitaddr = vaddr;
66b9b43c 2051 wp->hitattrs = attrs;
ff4700b0 2052 if (!cpu->watchpoint_hit) {
568496c0
SF		 2053 if (wp->flags & BP_CPU &&
2054 !cc->debug_check_watchpoint(cpu, wp)) {
2055 wp->flags &= ~BP_WATCHPOINT_HIT;
2056 continue;
2057 }
ff4700b0 2058 cpu->watchpoint_hit = wp;
239c51a5 2059 tb_check_watchpoint(cpu);
6e140f28 2060 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2061 cpu->exception_index = EXCP_DEBUG;
5638d180 2062 cpu_loop_exit(cpu);
6e140f28
AL		 2063 } else {
2064 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2065 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2066 cpu_loop_exit_noexc(cpu);
6e140f28 2067 }
06d55cc1 2068 }
6e140f28
AL		 2069 } else {
2070 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2071 }
2072 }
2073}
2074
6658ffb8
PB		 2075/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2076 so these check for a hit then pass through to the normal out-of-line
2077 phys routines. */
66b9b43c
PM		 2078static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2079 unsigned size, MemTxAttrs attrs)
6658ffb8 2080{
66b9b43c
PM		 2081 MemTxResult res;
2082 uint64_t data;
79ed0416
PM		 2083 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2084 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2085
2086 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2087 switch (size) {
66b9b43c 2088 case 1:
79ed0416 2089 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2090 break;
2091 case 2:
79ed0416 2092 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2093 break;
2094 case 4:
79ed0416 2095 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2096 break;
1ec9b909
AK		 2097 default: abort();
2098 }
66b9b43c
PM		 2099 *pdata = data;
2100 return res;
6658ffb8
PB		 2101}
2102
66b9b43c
PM		 2103static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2104 uint64_t val, unsigned size,
2105 MemTxAttrs attrs)
6658ffb8 2106{
66b9b43c 2107 MemTxResult res;
79ed0416
PM		 2108 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2109 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2110
2111 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2112 switch (size) {
67364150 2113 case 1:
79ed0416 2114 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2115 break;
2116 case 2:
79ed0416 2117 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2118 break;
2119 case 4:
79ed0416 2120 address_space_stl(as, addr, val, attrs, &res);
67364150 2121 break;
1ec9b909
AK		 2122 default: abort();
2123 }
66b9b43c 2124 return res;
6658ffb8
PB		 2125}
2126
1ec9b909 2127static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2128 .read_with_attrs = watch_mem_read,
2129 .write_with_attrs = watch_mem_write,
1ec9b909 2130 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2131};
6658ffb8 2132
f25a49e0
PM		 2133static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2134 unsigned len, MemTxAttrs attrs)
db7b5426 2135{
acc9d80b 2136 subpage_t *subpage = opaque;
ff6cff75 2137 uint8_t buf[8];
5c9eb028 2138 MemTxResult res;
791af8c8 2139
db7b5426 2140#if defined(DEBUG_SUBPAGE)
016e9d62 2141 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2142 subpage, len, addr);
db7b5426 2143#endif
5c9eb028
PM		 2144 res = address_space_read(subpage->as, addr + subpage->base,
2145 attrs, buf, len);
2146 if (res) {
2147 return res;
f25a49e0 2148 }
acc9d80b
JK		 2149 switch (len) {
2150 case 1:
f25a49e0
PM		 2151 *data = ldub_p(buf);
2152 return MEMTX_OK;
acc9d80b 2153 case 2:
f25a49e0
PM		 2154 *data = lduw_p(buf);
2155 return MEMTX_OK;
acc9d80b 2156 case 4:
f25a49e0
PM		 2157 *data = ldl_p(buf);
2158 return MEMTX_OK;
ff6cff75 2159 case 8:
f25a49e0
PM		 2160 *data = ldq_p(buf);
2161 return MEMTX_OK;
acc9d80b
JK		 2162 default:
2163 abort();
2164 }
db7b5426
BS		 2165}
2166
f25a49e0
PM		 2167static MemTxResult subpage_write(void *opaque, hwaddr addr,
2168 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2169{
acc9d80b 2170 subpage_t *subpage = opaque;
ff6cff75 2171 uint8_t buf[8];
acc9d80b 2172
db7b5426 2173#if defined(DEBUG_SUBPAGE)
016e9d62 2174 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2175 " value %"PRIx64"\n",
2176 __func__, subpage, len, addr, value);
db7b5426 2177#endif
acc9d80b
JK		 2178 switch (len) {
2179 case 1:
2180 stb_p(buf, value);
2181 break;
2182 case 2:
2183 stw_p(buf, value);
2184 break;
2185 case 4:
2186 stl_p(buf, value);
2187 break;
ff6cff75
PB		 2188 case 8:
2189 stq_p(buf, value);
2190 break;
acc9d80b
JK		 2191 default:
2192 abort();
2193 }
5c9eb028
PM		 2194 return address_space_write(subpage->as, addr + subpage->base,
2195 attrs, buf, len);
db7b5426
BS		 2196}
2197
c353e4cc 2198static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2199 unsigned len, bool is_write)
c353e4cc 2200{
acc9d80b 2201 subpage_t *subpage = opaque;
c353e4cc 2202#if defined(DEBUG_SUBPAGE)
016e9d62 2203 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2204 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2205#endif
2206
acc9d80b 2207 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2208 len, is_write);
c353e4cc
PB		 2209}
2210
70c68e44 2211static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2212 .read_with_attrs = subpage_read,
2213 .write_with_attrs = subpage_write,
ff6cff75
PB		 2214 .impl.min_access_size = 1,
2215 .impl.max_access_size = 8,
2216 .valid.min_access_size = 1,
2217 .valid.max_access_size = 8,
c353e4cc 2218 .valid.accepts = subpage_accepts,
70c68e44 2219 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2220};
2221
c227f099 2222static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2223 uint16_t section)
db7b5426
BS		 2224{
2225 int idx, eidx;
2226
2227 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2228 return -1;
2229 idx = SUBPAGE_IDX(start);
2230 eidx = SUBPAGE_IDX(end);
2231#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2232 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2233 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2234#endif
db7b5426 2235 for (; idx <= eidx; idx++) {
5312bd8b 2236 mmio->sub_section[idx] = section;
db7b5426
BS		 2237 }
2238
2239 return 0;
2240}
2241
acc9d80b 2242static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2243{
c227f099 2244 subpage_t *mmio;
db7b5426 2245
7267c094 2246 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2247
acc9d80b 2248 mmio->as = as;
1eec614b 2249 mmio->base = base;
2c9b15ca 2250 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2251 NULL, TARGET_PAGE_SIZE);
b3b00c78 2252 mmio->iomem.subpage = true;
db7b5426 2253#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2254 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2255 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2256#endif
b41aac4f 2257 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2258
2259 return mmio;
2260}
2261
a656e22f
PC		 2262static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2263 MemoryRegion *mr)
5312bd8b 2264{
a656e22f 2265 assert(as);
5312bd8b 2266 MemoryRegionSection section = {
a656e22f 2267 .address_space = as,
5312bd8b
AK		 2268 .mr = mr,
2269 .offset_within_address_space = 0,
2270 .offset_within_region = 0,
052e87b0 2271 .size = int128_2_64(),
5312bd8b
AK		 2272 };
2273
53cb28cb 2274 return phys_section_add(map, &section);
5312bd8b
AK		 2275}
2276
a54c87b6 2277MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2278{
a54c87b6
PM		 2279 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2280 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2281 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2282 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2283
2284 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2285}
2286
e9179ce1
AK		 2287static void io_mem_init(void)
2288{
1f6245e5 2289 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2290 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2291 NULL, UINT64_MAX);
2c9b15ca 2292 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2293 NULL, UINT64_MAX);
2c9b15ca 2294 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2295 NULL, UINT64_MAX);
e9179ce1
AK		 2296}
2297
ac1970fb 2298static void mem_begin(MemoryListener *listener)
00752703
PB		 2299{
2300 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2301 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2302 uint16_t n;
2303
a656e22f 2304 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2305 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2306 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2307 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2308 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2309 assert(n == PHYS_SECTION_ROM);
a656e22f 2310 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2311 assert(n == PHYS_SECTION_WATCH);
00752703 2312
9736e55b 2313 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2314 d->as = as;
2315 as->next_dispatch = d;
2316}
2317
79e2b9ae
PB		 2318static void address_space_dispatch_free(AddressSpaceDispatch *d)
2319{
2320 phys_sections_free(&d->map);
2321 g_free(d);
2322}
2323
00752703 2324static void mem_commit(MemoryListener *listener)
ac1970fb 2325{
89ae337a 2326 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2327 AddressSpaceDispatch *cur = as->dispatch;
2328 AddressSpaceDispatch *next = as->next_dispatch;
2329
53cb28cb 2330 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2331
79e2b9ae 2332 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2333 if (cur) {
79e2b9ae 2334 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2335 }
9affd6fc
PB		 2336}
2337
1d71148e 2338static void tcg_commit(MemoryListener *listener)
50c1e149 2339{
32857f4d
PM		 2340 CPUAddressSpace *cpuas;
2341 AddressSpaceDispatch *d;
117712c3
AK		 2342
2343 /* since each CPU stores ram addresses in its TLB cache, we must
2344 reset the modified entries */
32857f4d
PM		 2345 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2346 cpu_reloading_memory_map();
2347 /* The CPU and TLB are protected by the iothread lock.
2348 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2349 * may have split the RCU critical section.
2350 */
2351 d = atomic_rcu_read(&cpuas->as->dispatch);
2352 cpuas->memory_dispatch = d;
2353 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2354}
2355
ac1970fb
AK		 2356void address_space_init_dispatch(AddressSpace *as)
2357{
00752703 2358 as->dispatch = NULL;
89ae337a 2359 as->dispatch_listener = (MemoryListener) {
ac1970fb 2360 .begin = mem_begin,
00752703 2361 .commit = mem_commit,
ac1970fb
AK		 2362 .region_add = mem_add,
2363 .region_nop = mem_add,
2364 .priority = 0,
2365 };
89ae337a 2366 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2367}
2368
6e48e8f9
PB		 2369void address_space_unregister(AddressSpace *as)
2370{
2371 memory_listener_unregister(&as->dispatch_listener);
2372}
2373
83f3c251
AK		 2374void address_space_destroy_dispatch(AddressSpace *as)
2375{
2376 AddressSpaceDispatch *d = as->dispatch;
2377
79e2b9ae
PB		 2378 atomic_rcu_set(&as->dispatch, NULL);
2379 if (d) {
2380 call_rcu(d, address_space_dispatch_free, rcu);
2381 }
83f3c251
AK		 2382}
2383
62152b8a
AK		 2384static void memory_map_init(void)
2385{
7267c094 2386 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2387
57271d63 2388 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2389 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2390
7267c094 2391 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2392 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2393 65536);
7dca8043 2394 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2395}
2396
2397MemoryRegion *get_system_memory(void)
2398{
2399 return system_memory;
2400}
2401
309cb471
AK		 2402MemoryRegion *get_system_io(void)
2403{
2404 return system_io;
2405}
2406
e2eef170
PB		 2407#endif /* !defined(CONFIG_USER_ONLY) */
2408
13eb76e0
FB		 2409/* physical memory access (slow version, mainly for debug) */
2410#if defined(CONFIG_USER_ONLY)
f17ec444 2411int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2412 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2413{
2414 int l, flags;
2415 target_ulong page;
53a5960a 2416 void * p;
13eb76e0
FB		 2417
2418 while (len > 0) {
2419 page = addr & TARGET_PAGE_MASK;
2420 l = (page + TARGET_PAGE_SIZE) - addr;
2421 if (l > len)
2422 l = len;
2423 flags = page_get_flags(page);
2424 if (!(flags & PAGE_VALID))
a68fe89c 2425 return -1;
13eb76e0
FB		 2426 if (is_write) {
2427 if (!(flags & PAGE_WRITE))
a68fe89c 2428 return -1;
579a97f7 2429 /* XXX: this code should not depend on lock_user */
72fb7daa 2430 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2431 return -1;
72fb7daa
AJ		 2432 memcpy(p, buf, l);
2433 unlock_user(p, addr, l);
13eb76e0
FB		 2434 } else {
2435 if (!(flags & PAGE_READ))
a68fe89c 2436 return -1;
579a97f7 2437 /* XXX: this code should not depend on lock_user */
72fb7daa 2438 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2439 return -1;
72fb7daa 2440 memcpy(buf, p, l);
5b257578 2441 unlock_user(p, addr, 0);
13eb76e0
FB		 2442 }
2443 len -= l;
2444 buf += l;
2445 addr += l;
2446 }
a68fe89c 2447 return 0;
13eb76e0 2448}
8df1cd07 2449
13eb76e0 2450#else
51d7a9eb 2451
845b6214 2452static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2453 hwaddr length)
51d7a9eb 2454{
e87f7778 2455 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2456 addr += memory_region_get_ram_addr(mr);
2457
e87f7778
PB		 2458 /* No early return if dirty_log_mask is or becomes 0, because
2459 * cpu_physical_memory_set_dirty_range will still call
2460 * xen_modified_memory.
2461 */
2462 if (dirty_log_mask) {
2463 dirty_log_mask =
2464 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2465 }
2466 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2467 tb_invalidate_phys_range(addr, addr + length);
2468 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2469 }
e87f7778 2470 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2471}
2472
23326164 2473static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2474{
e1622f4b 2475 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2476
2477 /* Regions are assumed to support 1-4 byte accesses unless
2478 otherwise specified. */
23326164
RH		 2479 if (access_size_max == 0) {
2480 access_size_max = 4;
2481 }
2482
2483 /* Bound the maximum access by the alignment of the address. */
2484 if (!mr->ops->impl.unaligned) {
2485 unsigned align_size_max = addr & -addr;
2486 if (align_size_max != 0 && align_size_max < access_size_max) {
2487 access_size_max = align_size_max;
2488 }
82f2563f 2489 }
23326164
RH		 2490
2491 /* Don't attempt accesses larger than the maximum. */
2492 if (l > access_size_max) {
2493 l = access_size_max;
82f2563f 2494 }
6554f5c0 2495 l = pow2floor(l);
23326164
RH		 2496
2497 return l;
82f2563f
PB		 2498}
2499
4840f10e 2500static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2501{
4840f10e
JK		 2502 bool unlocked = !qemu_mutex_iothread_locked();
2503 bool release_lock = false;
2504
2505 if (unlocked && mr->global_locking) {
2506 qemu_mutex_lock_iothread();
2507 unlocked = false;
2508 release_lock = true;
2509 }
125b3806 2510 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2511 if (unlocked) {
2512 qemu_mutex_lock_iothread();
2513 }
125b3806 2514 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2515 if (unlocked) {
2516 qemu_mutex_unlock_iothread();
2517 }
125b3806 2518 }
4840f10e
JK		 2519
2520 return release_lock;
125b3806
PB		 2521}
2522
a203ac70
PB		 2523/* Called within RCU critical section. */
2524static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2525 MemTxAttrs attrs,
2526 const uint8_t *buf,
2527 int len, hwaddr addr1,
2528 hwaddr l, MemoryRegion *mr)
13eb76e0 2529{
13eb76e0 2530 uint8_t *ptr;
791af8c8 2531 uint64_t val;
3b643495 2532 MemTxResult result = MEMTX_OK;
4840f10e 2533 bool release_lock = false;
3b46e624 2534
a203ac70 2535 for (;;) {
eb7eeb88
PB		 2536 if (!memory_access_is_direct(mr, true)) {
2537 release_lock |= prepare_mmio_access(mr);
2538 l = memory_access_size(mr, l, addr1);
2539 /* XXX: could force current_cpu to NULL to avoid
2540 potential bugs */
2541 switch (l) {
2542 case 8:
2543 /* 64 bit write access */
2544 val = ldq_p(buf);
2545 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2546 attrs);
2547 break;
2548 case 4:
2549 /* 32 bit write access */
2550 val = ldl_p(buf);
2551 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2552 attrs);
2553 break;
2554 case 2:
2555 /* 16 bit write access */
2556 val = lduw_p(buf);
2557 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2558 attrs);
2559 break;
2560 case 1:
2561 /* 8 bit write access */
2562 val = ldub_p(buf);
2563 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2564 attrs);
2565 break;
2566 default:
2567 abort();
13eb76e0
FB		 2568 }
2569 } else {
eb7eeb88 2570 /* RAM case */
0878d0e1 2571 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2572 memcpy(ptr, buf, l);
2573 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2574 }
4840f10e
JK		 2575
2576 if (release_lock) {
2577 qemu_mutex_unlock_iothread();
2578 release_lock = false;
2579 }
2580
13eb76e0
FB		 2581 len -= l;
2582 buf += l;
2583 addr += l;
a203ac70
PB		 2584
2585 if (!len) {
2586 break;
2587 }
2588
2589 l = len;
2590 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2591 }
fd8aaa76 2592
3b643495 2593 return result;
13eb76e0 2594}
8df1cd07 2595
a203ac70
PB		 2596MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2597 const uint8_t *buf, int len)
ac1970fb 2598{
eb7eeb88 2599 hwaddr l;
eb7eeb88
PB		 2600 hwaddr addr1;
2601 MemoryRegion *mr;
2602 MemTxResult result = MEMTX_OK;
eb7eeb88 2603
a203ac70
PB		 2604 if (len > 0) {
2605 rcu_read_lock();
eb7eeb88 2606 l = len;
a203ac70
PB		 2607 mr = address_space_translate(as, addr, &addr1, &l, true);
2608 result = address_space_write_continue(as, addr, attrs, buf, len,
2609 addr1, l, mr);
2610 rcu_read_unlock();
2611 }
2612
2613 return result;
2614}
2615
2616/* Called within RCU critical section. */
2617MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2618 MemTxAttrs attrs, uint8_t *buf,
2619 int len, hwaddr addr1, hwaddr l,
2620 MemoryRegion *mr)
2621{
2622 uint8_t *ptr;
2623 uint64_t val;
2624 MemTxResult result = MEMTX_OK;
2625 bool release_lock = false;
eb7eeb88 2626
a203ac70 2627 for (;;) {
eb7eeb88
PB		 2628 if (!memory_access_is_direct(mr, false)) {
2629 /* I/O case */
2630 release_lock |= prepare_mmio_access(mr);
2631 l = memory_access_size(mr, l, addr1);
2632 switch (l) {
2633 case 8:
2634 /* 64 bit read access */
2635 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2636 attrs);
2637 stq_p(buf, val);
2638 break;
2639 case 4:
2640 /* 32 bit read access */
2641 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2642 attrs);
2643 stl_p(buf, val);
2644 break;
2645 case 2:
2646 /* 16 bit read access */
2647 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2648 attrs);
2649 stw_p(buf, val);
2650 break;
2651 case 1:
2652 /* 8 bit read access */
2653 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2654 attrs);
2655 stb_p(buf, val);
2656 break;
2657 default:
2658 abort();
2659 }
2660 } else {
2661 /* RAM case */
0878d0e1 2662 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2663 memcpy(buf, ptr, l);
2664 }
2665
2666 if (release_lock) {
2667 qemu_mutex_unlock_iothread();
2668 release_lock = false;
2669 }
2670
2671 len -= l;
2672 buf += l;
2673 addr += l;
a203ac70
PB		 2674
2675 if (!len) {
2676 break;
2677 }
2678
2679 l = len;
2680 mr = address_space_translate(as, addr, &addr1, &l, false);
2681 }
2682
2683 return result;
2684}
2685
3cc8f884
PB		 2686MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2687 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2688{
2689 hwaddr l;
2690 hwaddr addr1;
2691 MemoryRegion *mr;
2692 MemTxResult result = MEMTX_OK;
2693
2694 if (len > 0) {
2695 rcu_read_lock();
2696 l = len;
2697 mr = address_space_translate(as, addr, &addr1, &l, false);
2698 result = address_space_read_continue(as, addr, attrs, buf, len,
2699 addr1, l, mr);
2700 rcu_read_unlock();
eb7eeb88 2701 }
eb7eeb88
PB		 2702
2703 return result;
ac1970fb
AK		 2704}
2705
eb7eeb88
PB		 2706MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2707 uint8_t *buf, int len, bool is_write)
2708{
2709 if (is_write) {
2710 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2711 } else {
2712 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2713 }
2714}
ac1970fb 2715
a8170e5e 2716void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2717 int len, int is_write)
2718{
5c9eb028
PM		 2719 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2720 buf, len, is_write);
ac1970fb
AK		 2721}
2722
582b55a9
AG		 2723enum write_rom_type {
2724 WRITE_DATA,
2725 FLUSH_CACHE,
2726};
2727
2a221651 2728static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2729 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2730{
149f54b5 2731 hwaddr l;
d0ecd2aa 2732 uint8_t *ptr;
149f54b5 2733 hwaddr addr1;
5c8a00ce 2734 MemoryRegion *mr;
3b46e624 2735
41063e1e 2736 rcu_read_lock();
d0ecd2aa 2737 while (len > 0) {
149f54b5 2738 l = len;
2a221651 2739 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2740
5c8a00ce
PB		 2741 if (!(memory_region_is_ram(mr) ||
2742 memory_region_is_romd(mr))) {
b242e0e0 2743 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2744 } else {
d0ecd2aa 2745 /* ROM/RAM case */
0878d0e1 2746 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2747 switch (type) {
2748 case WRITE_DATA:
2749 memcpy(ptr, buf, l);
845b6214 2750 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2751 break;
2752 case FLUSH_CACHE:
2753 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2754 break;
2755 }
d0ecd2aa
FB		 2756 }
2757 len -= l;
2758 buf += l;
2759 addr += l;
2760 }
41063e1e 2761 rcu_read_unlock();
d0ecd2aa
FB		 2762}
2763
582b55a9 2764/* used for ROM loading : can write in RAM and ROM */
2a221651 2765void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2766 const uint8_t *buf, int len)
2767{
2a221651 2768 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2769}
2770
2771void cpu_flush_icache_range(hwaddr start, int len)
2772{
2773 /*
2774 * This function should do the same thing as an icache flush that was
2775 * triggered from within the guest. For TCG we are always cache coherent,
2776 * so there is no need to flush anything. For KVM / Xen we need to flush
2777 * the host's instruction cache at least.
2778 */
2779 if (tcg_enabled()) {
2780 return;
2781 }
2782
2a221651
EI		 2783 cpu_physical_memory_write_rom_internal(&address_space_memory,
2784 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2785}
2786
6d16c2f8 2787typedef struct {
d3e71559 2788 MemoryRegion *mr;
6d16c2f8 2789 void *buffer;
a8170e5e
AK		 2790 hwaddr addr;
2791 hwaddr len;
c2cba0ff 2792 bool in_use;
6d16c2f8
AL		 2793} BounceBuffer;
2794
2795static BounceBuffer bounce;
2796
ba223c29 2797typedef struct MapClient {
e95205e1 2798 QEMUBH *bh;
72cf2d4f 2799 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2800} MapClient;
2801
38e047b5 2802QemuMutex map_client_list_lock;
72cf2d4f
BS		 2803static QLIST_HEAD(map_client_list, MapClient) map_client_list
2804 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2805
e95205e1
FZ		 2806static void cpu_unregister_map_client_do(MapClient *client)
2807{
2808 QLIST_REMOVE(client, link);
2809 g_free(client);
2810}
2811
33b6c2ed
FZ		 2812static void cpu_notify_map_clients_locked(void)
2813{
2814 MapClient *client;
2815
2816 while (!QLIST_EMPTY(&map_client_list)) {
2817 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2818 qemu_bh_schedule(client->bh);
2819 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2820 }
2821}
2822
e95205e1 2823void cpu_register_map_client(QEMUBH *bh)
ba223c29 2824{
7267c094 2825 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2826
38e047b5 2827 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2828 client->bh = bh;
72cf2d4f 2829 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2830 if (!atomic_read(&bounce.in_use)) {
2831 cpu_notify_map_clients_locked();
2832 }
38e047b5 2833 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2834}
2835
38e047b5 2836void cpu_exec_init_all(void)
ba223c29 2837{
38e047b5 2838 qemu_mutex_init(&ram_list.mutex);
38e047b5 2839 io_mem_init();
680a4783 2840 memory_map_init();
38e047b5 2841 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2842}
2843
e95205e1 2844void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2845{
2846 MapClient *client;
2847
e95205e1
FZ		 2848 qemu_mutex_lock(&map_client_list_lock);
2849 QLIST_FOREACH(client, &map_client_list, link) {
2850 if (client->bh == bh) {
2851 cpu_unregister_map_client_do(client);
2852 break;
2853 }
ba223c29 2854 }
e95205e1 2855 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2856}
2857
2858static void cpu_notify_map_clients(void)
2859{
38e047b5 2860 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2861 cpu_notify_map_clients_locked();
38e047b5 2862 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2863}
2864
51644ab7
PB		 2865bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2866{
5c8a00ce 2867 MemoryRegion *mr;
51644ab7
PB		 2868 hwaddr l, xlat;
2869
41063e1e 2870 rcu_read_lock();
51644ab7
PB		 2871 while (len > 0) {
2872 l = len;
5c8a00ce
PB		 2873 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2874 if (!memory_access_is_direct(mr, is_write)) {
2875 l = memory_access_size(mr, l, addr);
2876 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2877 return false;
2878 }
2879 }
2880
2881 len -= l;
2882 addr += l;
2883 }
41063e1e 2884 rcu_read_unlock();
51644ab7
PB		 2885 return true;
2886}
2887
6d16c2f8
AL		 2888/* Map a physical memory region into a host virtual address.
2889 * May map a subset of the requested range, given by and returned in *plen.
2890 * May return NULL if resources needed to perform the mapping are exhausted.
2891 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2892 * Use cpu_register_map_client() to know when retrying the map operation is
2893 * likely to succeed.
6d16c2f8 2894 */
ac1970fb 2895void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2896 hwaddr addr,
2897 hwaddr *plen,
ac1970fb 2898 bool is_write)
6d16c2f8 2899{
a8170e5e 2900 hwaddr len = *plen;
e3127ae0
PB		 2901 hwaddr done = 0;
2902 hwaddr l, xlat, base;
2903 MemoryRegion *mr, *this_mr;
e81bcda5 2904 void *ptr;
6d16c2f8 2905
e3127ae0
PB		 2906 if (len == 0) {
2907 return NULL;
2908 }
38bee5dc 2909
e3127ae0 2910 l = len;
41063e1e 2911 rcu_read_lock();
e3127ae0 2912 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2913
e3127ae0 2914 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2915 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2916 rcu_read_unlock();
e3127ae0 2917 return NULL;
6d16c2f8 2918 }
e85d9db5
KW		 2919 /* Avoid unbounded allocations */
2920 l = MIN(l, TARGET_PAGE_SIZE);
2921 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2922 bounce.addr = addr;
2923 bounce.len = l;
d3e71559
PB		 2924
2925 memory_region_ref(mr);
2926 bounce.mr = mr;
e3127ae0 2927 if (!is_write) {
5c9eb028
PM		 2928 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2929 bounce.buffer, l);
8ab934f9 2930 }
6d16c2f8 2931
41063e1e 2932 rcu_read_unlock();
e3127ae0
PB		 2933 *plen = l;
2934 return bounce.buffer;
2935 }
2936
2937 base = xlat;
e3127ae0
PB		 2938
2939 for (;;) {
6d16c2f8
AL		 2940 len -= l;
2941 addr += l;
e3127ae0
PB		 2942 done += l;
2943 if (len == 0) {
2944 break;
2945 }
2946
2947 l = len;
2948 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2949 if (this_mr != mr || xlat != base + done) {
2950 break;
2951 }
6d16c2f8 2952 }
e3127ae0 2953
d3e71559 2954 memory_region_ref(mr);
e3127ae0 2955 *plen = done;
0878d0e1 2956 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2957 rcu_read_unlock();
2958
2959 return ptr;
6d16c2f8
AL		 2960}
2961
ac1970fb 2962/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2963 * Will also mark the memory as dirty if is_write == 1. access_len gives
2964 * the amount of memory that was actually read or written by the caller.
2965 */
a8170e5e
AK		 2966void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2967 int is_write, hwaddr access_len)
6d16c2f8
AL		 2968{
2969 if (buffer != bounce.buffer) {
d3e71559
PB		 2970 MemoryRegion *mr;
2971 ram_addr_t addr1;
2972
07bdaa41 2973 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2974 assert(mr != NULL);
6d16c2f8 2975 if (is_write) {
845b6214 2976 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2977 }
868bb33f 2978 if (xen_enabled()) {
e41d7c69 2979 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2980 }
d3e71559 2981 memory_region_unref(mr);
6d16c2f8
AL		 2982 return;
2983 }
2984 if (is_write) {
5c9eb028
PM		 2985 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2986 bounce.buffer, access_len);
6d16c2f8 2987 }
f8a83245 2988 qemu_vfree(bounce.buffer);
6d16c2f8 2989 bounce.buffer = NULL;
d3e71559 2990 memory_region_unref(bounce.mr);
c2cba0ff 2991 atomic_mb_set(&bounce.in_use, false);
ba223c29 2992 cpu_notify_map_clients();
6d16c2f8 2993}
d0ecd2aa 2994
a8170e5e
AK		 2995void *cpu_physical_memory_map(hwaddr addr,
2996 hwaddr *plen,
ac1970fb
AK		 2997 int is_write)
2998{
2999 return address_space_map(&address_space_memory, addr, plen, is_write);
3000}
3001
a8170e5e
AK		 3002void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3003 int is_write, hwaddr access_len)
ac1970fb
AK		 3004{
3005 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3006}
3007
8df1cd07 3008/* warning: addr must be aligned */
50013115
PM		 3009static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3010 MemTxAttrs attrs,
3011 MemTxResult *result,
3012 enum device_endian endian)
8df1cd07 3013{
8df1cd07 3014 uint8_t *ptr;
791af8c8 3015 uint64_t val;
5c8a00ce 3016 MemoryRegion *mr;
149f54b5
PB		 3017 hwaddr l = 4;
3018 hwaddr addr1;
50013115 3019 MemTxResult r;
4840f10e 3020 bool release_lock = false;
8df1cd07 3021
41063e1e 3022 rcu_read_lock();
fdfba1a2 3023 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3024 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3025 release_lock |= prepare_mmio_access(mr);
125b3806 3026
8df1cd07 3027 /* I/O case */
50013115 3028 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3029#if defined(TARGET_WORDS_BIGENDIAN)
3030 if (endian == DEVICE_LITTLE_ENDIAN) {
3031 val = bswap32(val);
3032 }
3033#else
3034 if (endian == DEVICE_BIG_ENDIAN) {
3035 val = bswap32(val);
3036 }
3037#endif
8df1cd07
FB		 3038 } else {
3039 /* RAM case */
0878d0e1 3040 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3041 switch (endian) {
3042 case DEVICE_LITTLE_ENDIAN:
3043 val = ldl_le_p(ptr);
3044 break;
3045 case DEVICE_BIG_ENDIAN:
3046 val = ldl_be_p(ptr);
3047 break;
3048 default:
3049 val = ldl_p(ptr);
3050 break;
3051 }
50013115
PM		 3052 r = MEMTX_OK;
3053 }
3054 if (result) {
3055 *result = r;
8df1cd07 3056 }
4840f10e
JK		 3057 if (release_lock) {
3058 qemu_mutex_unlock_iothread();
3059 }
41063e1e 3060 rcu_read_unlock();
8df1cd07
FB		 3061 return val;
3062}
3063
50013115
PM		 3064uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3065 MemTxAttrs attrs, MemTxResult *result)
3066{
3067 return address_space_ldl_internal(as, addr, attrs, result,
3068 DEVICE_NATIVE_ENDIAN);
3069}
3070
3071uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3072 MemTxAttrs attrs, MemTxResult *result)
3073{
3074 return address_space_ldl_internal(as, addr, attrs, result,
3075 DEVICE_LITTLE_ENDIAN);
3076}
3077
3078uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3079 MemTxAttrs attrs, MemTxResult *result)
3080{
3081 return address_space_ldl_internal(as, addr, attrs, result,
3082 DEVICE_BIG_ENDIAN);
3083}
3084
fdfba1a2 3085uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3086{
50013115 3087 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3088}
3089
fdfba1a2 3090uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3091{
50013115 3092 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3093}
3094
fdfba1a2 3095uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3096{
50013115 3097 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3098}
3099
84b7b8e7 3100/* warning: addr must be aligned */
50013115
PM		 3101static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3102 MemTxAttrs attrs,
3103 MemTxResult *result,
3104 enum device_endian endian)
84b7b8e7 3105{
84b7b8e7
FB		 3106 uint8_t *ptr;
3107 uint64_t val;
5c8a00ce 3108 MemoryRegion *mr;
149f54b5
PB		 3109 hwaddr l = 8;
3110 hwaddr addr1;
50013115 3111 MemTxResult r;
4840f10e 3112 bool release_lock = false;
84b7b8e7 3113
41063e1e 3114 rcu_read_lock();
2c17449b 3115 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3116 false);
3117 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3118 release_lock |= prepare_mmio_access(mr);
125b3806 3119
84b7b8e7 3120 /* I/O case */
50013115 3121 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3122#if defined(TARGET_WORDS_BIGENDIAN)
3123 if (endian == DEVICE_LITTLE_ENDIAN) {
3124 val = bswap64(val);
3125 }
3126#else
3127 if (endian == DEVICE_BIG_ENDIAN) {
3128 val = bswap64(val);
3129 }
84b7b8e7
FB		 3130#endif
3131 } else {
3132 /* RAM case */
0878d0e1 3133 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3134 switch (endian) {
3135 case DEVICE_LITTLE_ENDIAN:
3136 val = ldq_le_p(ptr);
3137 break;
3138 case DEVICE_BIG_ENDIAN:
3139 val = ldq_be_p(ptr);
3140 break;
3141 default:
3142 val = ldq_p(ptr);
3143 break;
3144 }
50013115
PM		 3145 r = MEMTX_OK;
3146 }
3147 if (result) {
3148 *result = r;
84b7b8e7 3149 }
4840f10e
JK		 3150 if (release_lock) {
3151 qemu_mutex_unlock_iothread();
3152 }
41063e1e 3153 rcu_read_unlock();
84b7b8e7
FB		 3154 return val;
3155}
3156
50013115
PM		 3157uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3158 MemTxAttrs attrs, MemTxResult *result)
3159{
3160 return address_space_ldq_internal(as, addr, attrs, result,
3161 DEVICE_NATIVE_ENDIAN);
3162}
3163
3164uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3165 MemTxAttrs attrs, MemTxResult *result)
3166{
3167 return address_space_ldq_internal(as, addr, attrs, result,
3168 DEVICE_LITTLE_ENDIAN);
3169}
3170
3171uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3172 MemTxAttrs attrs, MemTxResult *result)
3173{
3174 return address_space_ldq_internal(as, addr, attrs, result,
3175 DEVICE_BIG_ENDIAN);
3176}
3177
2c17449b 3178uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3179{
50013115 3180 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3181}
3182
2c17449b 3183uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3184{
50013115 3185 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3186}
3187
2c17449b 3188uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3189{
50013115 3190 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3191}
3192
aab33094 3193/* XXX: optimize */
50013115
PM		 3194uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3195 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3196{
3197 uint8_t val;
50013115
PM		 3198 MemTxResult r;
3199
3200 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3201 if (result) {
3202 *result = r;
3203 }
aab33094
FB		 3204 return val;
3205}
3206
50013115
PM		 3207uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3208{
3209 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3210}
3211
733f0b02 3212/* warning: addr must be aligned */
50013115
PM		 3213static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3214 hwaddr addr,
3215 MemTxAttrs attrs,
3216 MemTxResult *result,
3217 enum device_endian endian)
aab33094 3218{
733f0b02
MT		 3219 uint8_t *ptr;
3220 uint64_t val;
5c8a00ce 3221 MemoryRegion *mr;
149f54b5
PB		 3222 hwaddr l = 2;
3223 hwaddr addr1;
50013115 3224 MemTxResult r;
4840f10e 3225 bool release_lock = false;
733f0b02 3226
41063e1e 3227 rcu_read_lock();
41701aa4 3228 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3229 false);
3230 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3231 release_lock |= prepare_mmio_access(mr);
125b3806 3232
733f0b02 3233 /* I/O case */
50013115 3234 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3235#if defined(TARGET_WORDS_BIGENDIAN)
3236 if (endian == DEVICE_LITTLE_ENDIAN) {
3237 val = bswap16(val);
3238 }
3239#else
3240 if (endian == DEVICE_BIG_ENDIAN) {
3241 val = bswap16(val);
3242 }
3243#endif
733f0b02
MT		 3244 } else {
3245 /* RAM case */
0878d0e1 3246 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3247 switch (endian) {
3248 case DEVICE_LITTLE_ENDIAN:
3249 val = lduw_le_p(ptr);
3250 break;
3251 case DEVICE_BIG_ENDIAN:
3252 val = lduw_be_p(ptr);
3253 break;
3254 default:
3255 val = lduw_p(ptr);
3256 break;
3257 }
50013115
PM		 3258 r = MEMTX_OK;
3259 }
3260 if (result) {
3261 *result = r;
733f0b02 3262 }
4840f10e
JK		 3263 if (release_lock) {
3264 qemu_mutex_unlock_iothread();
3265 }
41063e1e 3266 rcu_read_unlock();
733f0b02 3267 return val;
aab33094
FB		 3268}
3269
50013115
PM		 3270uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3271 MemTxAttrs attrs, MemTxResult *result)
3272{
3273 return address_space_lduw_internal(as, addr, attrs, result,
3274 DEVICE_NATIVE_ENDIAN);
3275}
3276
3277uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3278 MemTxAttrs attrs, MemTxResult *result)
3279{
3280 return address_space_lduw_internal(as, addr, attrs, result,
3281 DEVICE_LITTLE_ENDIAN);
3282}
3283
3284uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3285 MemTxAttrs attrs, MemTxResult *result)
3286{
3287 return address_space_lduw_internal(as, addr, attrs, result,
3288 DEVICE_BIG_ENDIAN);
3289}
3290
41701aa4 3291uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3292{
50013115 3293 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3294}
3295
41701aa4 3296uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3297{
50013115 3298 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3299}
3300
41701aa4 3301uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3302{
50013115 3303 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3304}
3305
8df1cd07
FB		 3306/* warning: addr must be aligned. The ram page is not masked as dirty
3307 and the code inside is not invalidated. It is useful if the dirty
3308 bits are used to track modified PTEs */
50013115
PM		 3309void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3310 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3311{
8df1cd07 3312 uint8_t *ptr;
5c8a00ce 3313 MemoryRegion *mr;
149f54b5
PB		 3314 hwaddr l = 4;
3315 hwaddr addr1;
50013115 3316 MemTxResult r;
845b6214 3317 uint8_t dirty_log_mask;
4840f10e 3318 bool release_lock = false;
8df1cd07 3319
41063e1e 3320 rcu_read_lock();
2198a121 3321 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3322 true);
3323 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3324 release_lock |= prepare_mmio_access(mr);
125b3806 3325
50013115 3326 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3327 } else {
0878d0e1 3328 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3329 stl_p(ptr, val);
74576198 3330
845b6214
PB		 3331 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3332 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3333 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3334 4, dirty_log_mask);
50013115
PM		 3335 r = MEMTX_OK;
3336 }
3337 if (result) {
3338 *result = r;
8df1cd07 3339 }
4840f10e
JK		 3340 if (release_lock) {
3341 qemu_mutex_unlock_iothread();
3342 }
41063e1e 3343 rcu_read_unlock();
8df1cd07
FB		 3344}
3345
50013115
PM		 3346void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3347{
3348 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3349}
3350
8df1cd07 3351/* warning: addr must be aligned */
50013115
PM		 3352static inline void address_space_stl_internal(AddressSpace *as,
3353 hwaddr addr, uint32_t val,
3354 MemTxAttrs attrs,
3355 MemTxResult *result,
3356 enum device_endian endian)
8df1cd07 3357{
8df1cd07 3358 uint8_t *ptr;
5c8a00ce 3359 MemoryRegion *mr;
149f54b5
PB		 3360 hwaddr l = 4;
3361 hwaddr addr1;
50013115 3362 MemTxResult r;
4840f10e 3363 bool release_lock = false;
8df1cd07 3364
41063e1e 3365 rcu_read_lock();
ab1da857 3366 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3367 true);
3368 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3369 release_lock |= prepare_mmio_access(mr);
125b3806 3370
1e78bcc1
AG		 3371#if defined(TARGET_WORDS_BIGENDIAN)
3372 if (endian == DEVICE_LITTLE_ENDIAN) {
3373 val = bswap32(val);
3374 }
3375#else
3376 if (endian == DEVICE_BIG_ENDIAN) {
3377 val = bswap32(val);
3378 }
3379#endif
50013115 3380 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3381 } else {
8df1cd07 3382 /* RAM case */
0878d0e1 3383 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3384 switch (endian) {
3385 case DEVICE_LITTLE_ENDIAN:
3386 stl_le_p(ptr, val);
3387 break;
3388 case DEVICE_BIG_ENDIAN:
3389 stl_be_p(ptr, val);
3390 break;
3391 default:
3392 stl_p(ptr, val);
3393 break;
3394 }
845b6214 3395 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3396 r = MEMTX_OK;
3397 }
3398 if (result) {
3399 *result = r;
8df1cd07 3400 }
4840f10e
JK		 3401 if (release_lock) {
3402 qemu_mutex_unlock_iothread();
3403 }
41063e1e 3404 rcu_read_unlock();
8df1cd07
FB		 3405}
3406
50013115
PM		 3407void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs, MemTxResult *result)
3409{
3410 address_space_stl_internal(as, addr, val, attrs, result,
3411 DEVICE_NATIVE_ENDIAN);
3412}
3413
3414void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3415 MemTxAttrs attrs, MemTxResult *result)
3416{
3417 address_space_stl_internal(as, addr, val, attrs, result,
3418 DEVICE_LITTLE_ENDIAN);
3419}
3420
3421void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3422 MemTxAttrs attrs, MemTxResult *result)
3423{
3424 address_space_stl_internal(as, addr, val, attrs, result,
3425 DEVICE_BIG_ENDIAN);
3426}
3427
ab1da857 3428void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3429{
50013115 3430 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3431}
3432
ab1da857 3433void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3434{
50013115 3435 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3436}
3437
ab1da857 3438void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3439{
50013115 3440 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3441}
3442
aab33094 3443/* XXX: optimize */
50013115
PM		 3444void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3445 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3446{
3447 uint8_t v = val;
50013115
PM		 3448 MemTxResult r;
3449
3450 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3451 if (result) {
3452 *result = r;
3453 }
3454}
3455
3456void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3457{
3458 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3459}
3460
733f0b02 3461/* warning: addr must be aligned */
50013115
PM		 3462static inline void address_space_stw_internal(AddressSpace *as,
3463 hwaddr addr, uint32_t val,
3464 MemTxAttrs attrs,
3465 MemTxResult *result,
3466 enum device_endian endian)
aab33094 3467{
733f0b02 3468 uint8_t *ptr;
5c8a00ce 3469 MemoryRegion *mr;
149f54b5
PB		 3470 hwaddr l = 2;
3471 hwaddr addr1;
50013115 3472 MemTxResult r;
4840f10e 3473 bool release_lock = false;
733f0b02 3474
41063e1e 3475 rcu_read_lock();
5ce5944d 3476 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3477 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3478 release_lock |= prepare_mmio_access(mr);
125b3806 3479
1e78bcc1
AG		 3480#if defined(TARGET_WORDS_BIGENDIAN)
3481 if (endian == DEVICE_LITTLE_ENDIAN) {
3482 val = bswap16(val);
3483 }
3484#else
3485 if (endian == DEVICE_BIG_ENDIAN) {
3486 val = bswap16(val);
3487 }
3488#endif
50013115 3489 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3490 } else {
733f0b02 3491 /* RAM case */
0878d0e1 3492 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3493 switch (endian) {
3494 case DEVICE_LITTLE_ENDIAN:
3495 stw_le_p(ptr, val);
3496 break;
3497 case DEVICE_BIG_ENDIAN:
3498 stw_be_p(ptr, val);
3499 break;
3500 default:
3501 stw_p(ptr, val);
3502 break;
3503 }
845b6214 3504 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3505 r = MEMTX_OK;
3506 }
3507 if (result) {
3508 *result = r;
733f0b02 3509 }
4840f10e
JK		 3510 if (release_lock) {
3511 qemu_mutex_unlock_iothread();
3512 }
41063e1e 3513 rcu_read_unlock();
aab33094
FB		 3514}
3515
50013115
PM		 3516void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3517 MemTxAttrs attrs, MemTxResult *result)
3518{
3519 address_space_stw_internal(as, addr, val, attrs, result,
3520 DEVICE_NATIVE_ENDIAN);
3521}
3522
3523void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3524 MemTxAttrs attrs, MemTxResult *result)
3525{
3526 address_space_stw_internal(as, addr, val, attrs, result,
3527 DEVICE_LITTLE_ENDIAN);
3528}
3529
3530void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3531 MemTxAttrs attrs, MemTxResult *result)
3532{
3533 address_space_stw_internal(as, addr, val, attrs, result,
3534 DEVICE_BIG_ENDIAN);
3535}
3536
5ce5944d 3537void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3538{
50013115 3539 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3540}
3541
5ce5944d 3542void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3543{
50013115 3544 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3545}
3546
5ce5944d 3547void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3548{
50013115 3549 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3550}
3551
aab33094 3552/* XXX: optimize */
50013115
PM		 3553void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3554 MemTxAttrs attrs, MemTxResult *result)
aab33094 3555{
50013115 3556 MemTxResult r;
aab33094 3557 val = tswap64(val);
50013115
PM		 3558 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3559 if (result) {
3560 *result = r;
3561 }
aab33094
FB		 3562}
3563
50013115
PM		 3564void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3565 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3566{
50013115 3567 MemTxResult r;
1e78bcc1 3568 val = cpu_to_le64(val);
50013115
PM		 3569 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3570 if (result) {
3571 *result = r;
3572 }
3573}
3574void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3575 MemTxAttrs attrs, MemTxResult *result)
3576{
3577 MemTxResult r;
3578 val = cpu_to_be64(val);
3579 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3580 if (result) {
3581 *result = r;
3582 }
3583}
3584
3585void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3586{
3587 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3588}
3589
3590void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3591{
3592 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3593}
3594
f606604f 3595void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3596{
50013115 3597 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3598}
3599
5e2972fd 3600/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3601int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3602 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3603{
3604 int l;
a8170e5e 3605 hwaddr phys_addr;
9b3c35e0 3606 target_ulong page;
13eb76e0
FB		 3607
3608 while (len > 0) {
5232e4c7
PM		 3609 int asidx;
3610 MemTxAttrs attrs;
3611
13eb76e0 3612 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3613 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3614 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3615 /* if no physical page mapped, return an error */
3616 if (phys_addr == -1)
3617 return -1;
3618 l = (page + TARGET_PAGE_SIZE) - addr;
3619 if (l > len)
3620 l = len;
5e2972fd 3621 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3622 if (is_write) {
5232e4c7
PM		 3623 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3624 phys_addr, buf, l);
2e38847b 3625 } else {
5232e4c7
PM		 3626 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3627 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3628 buf, l, 0);
2e38847b 3629 }
13eb76e0
FB		 3630 len -= l;
3631 buf += l;
3632 addr += l;
3633 }
3634 return 0;
3635}
038629a6
DDAG		 3636
3637/*
3638 * Allows code that needs to deal with migration bitmaps etc to still be built
3639 * target independent.
3640 */
3641size_t qemu_target_page_bits(void)
3642{
3643 return TARGET_PAGE_BITS;
3644}
3645
a68fe89c 3646#endif
13eb76e0 3647
8e4a424b
BS		 3648/*
3649 * A helper function for the _utterly broken_ virtio device model to find out if
3650 * it's running on a big endian machine. Don't do this at home kids!
3651 */
98ed8ecf
GK		 3652bool target_words_bigendian(void);
3653bool target_words_bigendian(void)
8e4a424b
BS		 3654{
3655#if defined(TARGET_WORDS_BIGENDIAN)
3656 return true;
3657#else
3658 return false;
3659#endif
3660}
3661
76f35538 3662#ifndef CONFIG_USER_ONLY
a8170e5e 3663bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3664{
5c8a00ce 3665 MemoryRegion*mr;
149f54b5 3666 hwaddr l = 1;
41063e1e 3667 bool res;
76f35538 3668
41063e1e 3669 rcu_read_lock();
5c8a00ce
PB		 3670 mr = address_space_translate(&address_space_memory,
3671 phys_addr, &phys_addr, &l, false);
76f35538 3672
41063e1e
PB		 3673 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3674 rcu_read_unlock();
3675 return res;
76f35538 3676}
bd2fa51f 3677
e3807054 3678int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3679{
3680 RAMBlock *block;
e3807054 3681 int ret = 0;
bd2fa51f 3682
0dc3f44a
MD		 3683 rcu_read_lock();
3684 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3685 ret = func(block->idstr, block->host, block->offset,
3686 block->used_length, opaque);
3687 if (ret) {
3688 break;
3689 }
bd2fa51f 3690 }
0dc3f44a 3691 rcu_read_unlock();
e3807054 3692 return ret;
bd2fa51f 3693}
ec3f8c99 3694#endif
QEMU mirror