]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ivshmem: initialize max_peer to -1
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
0cac1b66 53
022c62cb 54#include "exec/memory-internal.h"
220c3ebd 55#include "exec/ram_addr.h"
67d95c15 56
b35ba30f 57#include "qemu/range.h"
794e8f30
MT		 58#ifndef _WIN32
59#include "qemu/mmap-alloc.h"
60#endif
b35ba30f 61
db7b5426 62//#define DEBUG_SUBPAGE
1196be37 63
e2eef170 64#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 65/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
0d53d9fe 68RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 69
70static MemoryRegion *system_memory;
309cb471 71static MemoryRegion *system_io;
62152b8a 72
f6790af6
AK		 73AddressSpace address_space_io;
74AddressSpace address_space_memory;
2673a5da 75
0844e007 76MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 77static MemoryRegion io_mem_unassigned;
0e0df1e2 78
7bd4f430
PB		 79/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80#define RAM_PREALLOC (1 << 0)
81
dbcb8981
PB		 82/* RAM is mmap-ed with MAP_SHARED */
83#define RAM_SHARED (1 << 1)
84
62be4e3a
MT		 85/* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88#define RAM_RESIZEABLE (1 << 2)
89
794e8f30 90/* RAM is backed by an mmapped file.
8561c924 91 */
794e8f30 92#define RAM_FILE (1 << 3)
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
1db8abb1
PB		 141 /* This is a multi-level map on the physical address space.
142 * The bottom level has pointers to MemoryRegionSections.
143 */
144 PhysPageEntry phys_map;
53cb28cb 145 PhysPageMap map;
acc9d80b 146 AddressSpace *as;
1db8abb1
PB		 147};
148
90260c6c
JK		 149#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
150typedef struct subpage_t {
151 MemoryRegion iomem;
acc9d80b 152 AddressSpace *as;
90260c6c
JK		 153 hwaddr base;
154 uint16_t sub_section[TARGET_PAGE_SIZE];
155} subpage_t;
156
b41aac4f
LPF		 157#define PHYS_SECTION_UNASSIGNED 0
158#define PHYS_SECTION_NOTDIRTY 1
159#define PHYS_SECTION_ROM 2
160#define PHYS_SECTION_WATCH 3
5312bd8b 161
e2eef170 162static void io_mem_init(void);
62152b8a 163static void memory_map_init(void);
09daed84 164static void tcg_commit(MemoryListener *listener);
e2eef170 165
1ec9b909 166static MemoryRegion io_mem_watch;
32857f4d
PM		 167
168/**
169 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
170 * @cpu: the CPU whose AddressSpace this is
171 * @as: the AddressSpace itself
172 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
173 * @tcg_as_listener: listener for tracking changes to the AddressSpace
174 */
175struct CPUAddressSpace {
176 CPUState *cpu;
177 AddressSpace *as;
178 struct AddressSpaceDispatch *memory_dispatch;
179 MemoryListener tcg_as_listener;
180};
181
6658ffb8 182#endif
fd6ce8f6 183
6d9a1304 184#if !defined(CONFIG_USER_ONLY)
d6f2ea22 185
53cb28cb 186static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 187{
53cb28cb
MA		 188 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
189 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
191 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 192 }
f7bf5461
AK		 193}
194
db94604b 195static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 196{
197 unsigned i;
8b795765 198 uint32_t ret;
db94604b
PB		 199 PhysPageEntry e;
200 PhysPageEntry *p;
f7bf5461 201
53cb28cb 202 ret = map->nodes_nb++;
db94604b 203 p = map->nodes[ret];
f7bf5461 204 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 205 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 206
207 e.skip = leaf ? 0 : 1;
208 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 209 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 210 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 211 }
f7bf5461 212 return ret;
d6f2ea22
AK		 213}
214
53cb28cb
MA		 215static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
216 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 217 int level)
f7bf5461
AK		 218{
219 PhysPageEntry *p;
03f49957 220 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 221
9736e55b 222 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 223 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 224 }
db94604b 225 p = map->nodes[lp->ptr];
03f49957 226 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 227
03f49957 228 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 229 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 230 lp->skip = 0;
c19e8800 231 lp->ptr = leaf;
07f07b31
AK		 232 *index += step;
233 *nb -= step;
2999097b 234 } else {
53cb28cb 235 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 236 }
237 ++lp;
f7bf5461
AK		 238 }
239}
240
ac1970fb 241static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 242 hwaddr index, hwaddr nb,
2999097b 243 uint16_t leaf)
f7bf5461 244{
2999097b 245 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 246 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 247
53cb28cb 248 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 249}
250
b35ba30f
MT		 251/* Compact a non leaf page entry. Simply detect that the entry has a single child,
252 * and update our entry so we can skip it and go directly to the destination.
253 */
254static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
255{
256 unsigned valid_ptr = P_L2_SIZE;
257 int valid = 0;
258 PhysPageEntry *p;
259 int i;
260
261 if (lp->ptr == PHYS_MAP_NODE_NIL) {
262 return;
263 }
264
265 p = nodes[lp->ptr];
266 for (i = 0; i < P_L2_SIZE; i++) {
267 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
268 continue;
269 }
270
271 valid_ptr = i;
272 valid++;
273 if (p[i].skip) {
274 phys_page_compact(&p[i], nodes, compacted);
275 }
276 }
277
278 /* We can only compress if there's only one child. */
279 if (valid != 1) {
280 return;
281 }
282
283 assert(valid_ptr < P_L2_SIZE);
284
285 /* Don't compress if it won't fit in the # of bits we have. */
286 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
287 return;
288 }
289
290 lp->ptr = p[valid_ptr].ptr;
291 if (!p[valid_ptr].skip) {
292 /* If our only child is a leaf, make this a leaf. */
293 /* By design, we should have made this node a leaf to begin with so we
294 * should never reach here.
295 * But since it's so simple to handle this, let's do it just in case we
296 * change this rule.
297 */
298 lp->skip = 0;
299 } else {
300 lp->skip += p[valid_ptr].skip;
301 }
302}
303
304static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
305{
306 DECLARE_BITMAP(compacted, nodes_nb);
307
308 if (d->phys_map.skip) {
53cb28cb 309 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 310 }
311}
312
97115a8d 313static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 314 Node *nodes, MemoryRegionSection *sections)
92e873b9 315{
31ab2b4a 316 PhysPageEntry *p;
97115a8d 317 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 318 int i;
f1f6e3b8 319
9736e55b 320 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 321 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 322 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 323 }
9affd6fc 324 p = nodes[lp.ptr];
03f49957 325 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 326 }
b35ba30f
MT		 327
328 if (sections[lp.ptr].size.hi ||
329 range_covers_byte(sections[lp.ptr].offset_within_address_space,
330 sections[lp.ptr].size.lo, addr)) {
331 return &sections[lp.ptr];
332 } else {
333 return &sections[PHYS_SECTION_UNASSIGNED];
334 }
f3705d53
AK		 335}
336
e5548617
BS		 337bool memory_region_is_unassigned(MemoryRegion *mr)
338{
2a8e7499 339 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 340 && mr != &io_mem_watch;
fd6ce8f6 341}
149f54b5 342
79e2b9ae 343/* Called from RCU critical section */
c7086b4a 344static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 345 hwaddr addr,
346 bool resolve_subpage)
9f029603 347{
90260c6c
JK		 348 MemoryRegionSection *section;
349 subpage_t *subpage;
350
53cb28cb 351 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 352 if (resolve_subpage && section->mr->subpage) {
353 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 354 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 355 }
356 return section;
9f029603
JK		 357}
358
79e2b9ae 359/* Called from RCU critical section */
90260c6c 360static MemoryRegionSection *
c7086b4a 361address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 362 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 363{
364 MemoryRegionSection *section;
965eb2fc 365 MemoryRegion *mr;
a87f3954 366 Int128 diff;
149f54b5 367
c7086b4a 368 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 369 /* Compute offset within MemoryRegionSection */
370 addr -= section->offset_within_address_space;
371
372 /* Compute offset within MemoryRegion */
373 *xlat = addr + section->offset_within_region;
374
965eb2fc 375 mr = section->mr;
b242e0e0
PB		 376
377 /* MMIO registers can be expected to perform full-width accesses based only
378 * on their address, without considering adjacent registers that could
379 * decode to completely different MemoryRegions. When such registers
380 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
381 * regions overlap wildly. For this reason we cannot clamp the accesses
382 * here.
383 *
384 * If the length is small (as is the case for address_space_ldl/stl),
385 * everything works fine. If the incoming length is large, however,
386 * the caller really has to do the clamping through memory_access_size.
387 */
965eb2fc 388 if (memory_region_is_ram(mr)) {
e4a511f8 389 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 390 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
391 }
149f54b5
PB		 392 return section;
393}
90260c6c 394
a87f3954
PB		 395static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
396{
397 if (memory_region_is_ram(mr)) {
398 return !(is_write && mr->readonly);
399 }
400 if (memory_region_is_romd(mr)) {
401 return !is_write;
402 }
403
404 return false;
405}
406
41063e1e 407/* Called from RCU critical section */
5c8a00ce
PB		 408MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
409 hwaddr *xlat, hwaddr *plen,
410 bool is_write)
90260c6c 411{
30951157
AK		 412 IOMMUTLBEntry iotlb;
413 MemoryRegionSection *section;
414 MemoryRegion *mr;
30951157
AK		 415
416 for (;;) {
79e2b9ae
PB		 417 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
418 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 419 mr = section->mr;
420
421 if (!mr->iommu_ops) {
422 break;
423 }
424
8d7b8cb9 425 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 426 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
427 | (addr & iotlb.addr_mask));
23820dbf 428 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 429 if (!(iotlb.perm & (1 << is_write))) {
430 mr = &io_mem_unassigned;
431 break;
432 }
433
434 as = iotlb.target_as;
435 }
436
fe680d0d 437 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 438 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 439 *plen = MIN(page, *plen);
a87f3954
PB		 440 }
441
30951157
AK		 442 *xlat = addr;
443 return mr;
90260c6c
JK		 444}
445
79e2b9ae 446/* Called from RCU critical section */
90260c6c 447MemoryRegionSection *
9d82b5a7
PB		 448address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
449 hwaddr *xlat, hwaddr *plen)
90260c6c 450{
30951157 451 MemoryRegionSection *section;
32857f4d 452 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 453 addr, xlat, plen, false);
30951157
AK		 454
455 assert(!section->mr->iommu_ops);
456 return section;
90260c6c 457}
5b6dd868 458#endif
fd6ce8f6 459
b170fce3 460#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 461
462static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 463{
259186a7 464 CPUState *cpu = opaque;
a513fe19 465
5b6dd868
BS		 466 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
467 version_id is increased. */
259186a7 468 cpu->interrupt_request &= ~0x01;
c01a71c1 469 tlb_flush(cpu, 1);
5b6dd868
BS		 470
471 return 0;
a513fe19 472}
7501267e 473
6c3bff0e
PD		 474static int cpu_common_pre_load(void *opaque)
475{
476 CPUState *cpu = opaque;
477
adee6424 478 cpu->exception_index = -1;
6c3bff0e
PD		 479
480 return 0;
481}
482
483static bool cpu_common_exception_index_needed(void *opaque)
484{
485 CPUState *cpu = opaque;
486
adee6424 487 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 488}
489
490static const VMStateDescription vmstate_cpu_common_exception_index = {
491 .name = "cpu_common/exception_index",
492 .version_id = 1,
493 .minimum_version_id = 1,
5cd8cada 494 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 495 .fields = (VMStateField[]) {
496 VMSTATE_INT32(exception_index, CPUState),
497 VMSTATE_END_OF_LIST()
498 }
499};
500
bac05aa9
AS		 501static bool cpu_common_crash_occurred_needed(void *opaque)
502{
503 CPUState *cpu = opaque;
504
505 return cpu->crash_occurred;
506}
507
508static const VMStateDescription vmstate_cpu_common_crash_occurred = {
509 .name = "cpu_common/crash_occurred",
510 .version_id = 1,
511 .minimum_version_id = 1,
512 .needed = cpu_common_crash_occurred_needed,
513 .fields = (VMStateField[]) {
514 VMSTATE_BOOL(crash_occurred, CPUState),
515 VMSTATE_END_OF_LIST()
516 }
517};
518
1a1562f5 519const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 520 .name = "cpu_common",
521 .version_id = 1,
522 .minimum_version_id = 1,
6c3bff0e 523 .pre_load = cpu_common_pre_load,
5b6dd868 524 .post_load = cpu_common_post_load,
35d08458 525 .fields = (VMStateField[]) {
259186a7
AF		 526 VMSTATE_UINT32(halted, CPUState),
527 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 528 VMSTATE_END_OF_LIST()
6c3bff0e 529 },
5cd8cada
JQ		 530 .subsections = (const VMStateDescription*[]) {
531 &vmstate_cpu_common_exception_index,
bac05aa9 532 &vmstate_cpu_common_crash_occurred,
5cd8cada 533 NULL
5b6dd868
BS		 534 }
535};
1a1562f5 536
5b6dd868 537#endif
ea041c0e 538
38d8f5c8 539CPUState *qemu_get_cpu(int index)
ea041c0e 540{
bdc44640 541 CPUState *cpu;
ea041c0e 542
bdc44640 543 CPU_FOREACH(cpu) {
55e5c285 544 if (cpu->cpu_index == index) {
bdc44640 545 return cpu;
55e5c285 546 }
ea041c0e 547 }
5b6dd868 548
bdc44640 549 return NULL;
ea041c0e
FB		 550}
551
09daed84
EI		 552#if !defined(CONFIG_USER_ONLY)
553void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
554{
555 /* We only support one address space per cpu at the moment. */
556 assert(cpu->as == as);
557
32857f4d
PM		 558 if (cpu->cpu_ases) {
559 /* We've already registered the listener for our only AS */
560 return;
09daed84 561 }
32857f4d
PM		 562
563 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
564 cpu->cpu_ases[0].cpu = cpu;
565 cpu->cpu_ases[0].as = as;
566 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
567 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 568}
569#endif
570
b7bca733
BR		 571#ifndef CONFIG_USER_ONLY
572static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
573
574static int cpu_get_free_index(Error **errp)
575{
576 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
577
578 if (cpu >= MAX_CPUMASK_BITS) {
579 error_setg(errp, "Trying to use more CPUs than max of %d",
580 MAX_CPUMASK_BITS);
581 return -1;
582 }
583
584 bitmap_set(cpu_index_map, cpu, 1);
585 return cpu;
586}
587
588void cpu_exec_exit(CPUState *cpu)
589{
590 if (cpu->cpu_index == -1) {
591 /* cpu_index was never allocated by this @cpu or was already freed. */
592 return;
593 }
594
595 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
596 cpu->cpu_index = -1;
597}
598#else
599
600static int cpu_get_free_index(Error **errp)
601{
602 CPUState *some_cpu;
603 int cpu_index = 0;
604
605 CPU_FOREACH(some_cpu) {
606 cpu_index++;
607 }
608 return cpu_index;
609}
610
611void cpu_exec_exit(CPUState *cpu)
612{
613}
614#endif
615
4bad9e39 616void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 617{
b170fce3 618 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 619 int cpu_index;
b7bca733 620 Error *local_err = NULL;
5b6dd868 621
291135b5
EH		 622#ifndef CONFIG_USER_ONLY
623 cpu->as = &address_space_memory;
624 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 625#endif
626
5b6dd868
BS		 627#if defined(CONFIG_USER_ONLY)
628 cpu_list_lock();
629#endif
b7bca733
BR		 630 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
631 if (local_err) {
632 error_propagate(errp, local_err);
633#if defined(CONFIG_USER_ONLY)
634 cpu_list_unlock();
635#endif
636 return;
5b6dd868 637 }
bdc44640 638 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 639#if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641#endif
e0d47944
AF		 642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
644 }
5b6dd868 645#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 647 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 648 assert(cc->vmsd == NULL);
e0d47944 649 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 650#endif
b170fce3
AF		 651 if (cc->vmsd != NULL) {
652 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
653 }
ea041c0e
FB		 654}
655
94df27fd 656#if defined(CONFIG_USER_ONLY)
00b941e5 657static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 658{
659 tb_invalidate_phys_page_range(pc, pc + 1, 0);
660}
661#else
00b941e5 662static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 663{
e8262a1b
MF		 664 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
665 if (phys != -1) {
09daed84 666 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 667 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 668 }
1e7855a5 669}
c27004ec 670#endif
d720b93d 671
c527ee8f 672#if defined(CONFIG_USER_ONLY)
75a34036 673void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 674
675{
676}
677
3ee887e8
PM		 678int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
679 int flags)
680{
681 return -ENOSYS;
682}
683
684void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
685{
686}
687
75a34036 688int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 689 int flags, CPUWatchpoint **watchpoint)
690{
691 return -ENOSYS;
692}
693#else
6658ffb8 694/* Add a watchpoint. */
75a34036 695int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 696 int flags, CPUWatchpoint **watchpoint)
6658ffb8 697{
c0ce998e 698 CPUWatchpoint *wp;
6658ffb8 699
05068c0d 700 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 701 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 702 error_report("tried to set invalid watchpoint at %"
703 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 704 return -EINVAL;
705 }
7267c094 706 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 707
708 wp->vaddr = addr;
05068c0d 709 wp->len = len;
a1d1bb31
AL		 710 wp->flags = flags;
711
2dc9f411 712 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 713 if (flags & BP_GDB) {
714 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
715 } else {
716 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
717 }
6658ffb8 718
31b030d4 719 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 720
721 if (watchpoint)
722 *watchpoint = wp;
723 return 0;
6658ffb8
PB		 724}
725
a1d1bb31 726/* Remove a specific watchpoint. */
75a34036 727int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 728 int flags)
6658ffb8 729{
a1d1bb31 730 CPUWatchpoint *wp;
6658ffb8 731
ff4700b0 732 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 733 if (addr == wp->vaddr && len == wp->len
6e140f28 734 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 735 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 736 return 0;
737 }
738 }
a1d1bb31 739 return -ENOENT;
6658ffb8
PB		 740}
741
a1d1bb31 742/* Remove a specific watchpoint by reference. */
75a34036 743void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 744{
ff4700b0 745 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 746
31b030d4 747 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 748
7267c094 749 g_free(watchpoint);
a1d1bb31
AL		 750}
751
752/* Remove all matching watchpoints. */
75a34036 753void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 754{
c0ce998e 755 CPUWatchpoint *wp, *next;
a1d1bb31 756
ff4700b0 757 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 758 if (wp->flags & mask) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
760 }
c0ce998e 761 }
7d03f82f 762}
05068c0d
PM		 763
764/* Return true if this watchpoint address matches the specified
765 * access (ie the address range covered by the watchpoint overlaps
766 * partially or completely with the address range covered by the
767 * access).
768 */
769static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
770 vaddr addr,
771 vaddr len)
772{
773 /* We know the lengths are non-zero, but a little caution is
774 * required to avoid errors in the case where the range ends
775 * exactly at the top of the address space and so addr + len
776 * wraps round to zero.
777 */
778 vaddr wpend = wp->vaddr + wp->len - 1;
779 vaddr addrend = addr + len - 1;
780
781 return !(addr > wpend || wp->vaddr > addrend);
782}
783
c527ee8f 784#endif
7d03f82f 785
a1d1bb31 786/* Add a breakpoint. */
b3310ab3 787int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 788 CPUBreakpoint **breakpoint)
4c3a88a2 789{
c0ce998e 790 CPUBreakpoint *bp;
3b46e624 791
7267c094 792 bp = g_malloc(sizeof(*bp));
4c3a88a2 793
a1d1bb31
AL		 794 bp->pc = pc;
795 bp->flags = flags;
796
2dc9f411 797 /* keep all GDB-injected breakpoints in front */
00b941e5 798 if (flags & BP_GDB) {
f0c3c505 799 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 800 } else {
f0c3c505 801 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 802 }
3b46e624 803
f0c3c505 804 breakpoint_invalidate(cpu, pc);
a1d1bb31 805
00b941e5 806 if (breakpoint) {
a1d1bb31 807 *breakpoint = bp;
00b941e5 808 }
4c3a88a2 809 return 0;
4c3a88a2
FB		 810}
811
a1d1bb31 812/* Remove a specific breakpoint. */
b3310ab3 813int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 814{
a1d1bb31
AL		 815 CPUBreakpoint *bp;
816
f0c3c505 817 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 818 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 819 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 820 return 0;
821 }
7d03f82f 822 }
a1d1bb31 823 return -ENOENT;
7d03f82f
EI		 824}
825
a1d1bb31 826/* Remove a specific breakpoint by reference. */
b3310ab3 827void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 828{
f0c3c505
AF		 829 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
830
831 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 832
7267c094 833 g_free(breakpoint);
a1d1bb31
AL		 834}
835
836/* Remove all matching breakpoints. */
b3310ab3 837void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 838{
c0ce998e 839 CPUBreakpoint *bp, *next;
a1d1bb31 840
f0c3c505 841 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 842 if (bp->flags & mask) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
844 }
c0ce998e 845 }
4c3a88a2
FB		 846}
847
c33a346e
FB		 848/* enable or disable single step mode. EXCP_DEBUG is returned by the
849 CPU loop after each instruction */
3825b28f 850void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 851{
ed2803da
AF		 852 if (cpu->singlestep_enabled != enabled) {
853 cpu->singlestep_enabled = enabled;
854 if (kvm_enabled()) {
38e478ec 855 kvm_update_guest_debug(cpu, 0);
ed2803da 856 } else {
ccbb4d44 857 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 858 /* XXX: only flush what is necessary */
bbd77c18 859 tb_flush(cpu);
e22a25c9 860 }
c33a346e 861 }
c33a346e
FB		 862}
863
a47dddd7 864void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 865{
866 va_list ap;
493ae1f0 867 va_list ap2;
7501267e
FB		 868
869 va_start(ap, fmt);
493ae1f0 870 va_copy(ap2, ap);
7501267e
FB		 871 fprintf(stderr, "qemu: fatal: ");
872 vfprintf(stderr, fmt, ap);
873 fprintf(stderr, "\n");
878096ee 874 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 875 if (qemu_log_enabled()) {
876 qemu_log("qemu: fatal: ");
877 qemu_log_vprintf(fmt, ap2);
878 qemu_log("\n");
a0762859 879 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 880 qemu_log_flush();
93fcfe39 881 qemu_log_close();
924edcae 882 }
493ae1f0 883 va_end(ap2);
f9373291 884 va_end(ap);
fd052bf6
RV		 885#if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892#endif
7501267e
FB		 893 abort();
894}
895
0124311e 896#if !defined(CONFIG_USER_ONLY)
0dc3f44a 897/* Called from RCU critical section */
041603fe
PB		 898static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899{
900 RAMBlock *block;
901
43771539 902 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 903 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 904 goto found;
905 }
0dc3f44a 906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 907 if (addr - block->offset < block->max_length) {
041603fe
PB		 908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915found:
43771539
PB		 916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
041603fe
PB		 932 ram_list.mru_block = block;
933 return block;
934}
935
a2f4d5be 936static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 937{
9a13565d 938 CPUState *cpu;
041603fe 939 ram_addr_t start1;
a2f4d5be
JQ		 940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
d24981d3 945
0dc3f44a 946 rcu_read_lock();
041603fe
PB		 947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
1240be24 949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
0dc3f44a 953 rcu_read_unlock();
d24981d3
JQ		 954}
955
5579c7f3 956/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 957bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
1ccde1cb 960{
03eebc9e
SH		 961 unsigned long end, page;
962 bool dirty;
963
964 if (length == 0) {
965 return false;
966 }
f23db169 967
03eebc9e
SH		 968 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
969 page = start >> TARGET_PAGE_BITS;
970 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
971 page, end - page);
972
973 if (dirty && tcg_enabled()) {
a2f4d5be 974 tlb_reset_dirty_range_all(start, length);
5579c7f3 975 }
03eebc9e
SH		 976
977 return dirty;
1ccde1cb
FB		 978}
979
79e2b9ae 980/* Called from RCU critical section */
bb0e627a 981hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 982 MemoryRegionSection *section,
983 target_ulong vaddr,
984 hwaddr paddr, hwaddr xlat,
985 int prot,
986 target_ulong *address)
e5548617 987{
a8170e5e 988 hwaddr iotlb;
e5548617
BS		 989 CPUWatchpoint *wp;
990
cc5bea60 991 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 992 /* Normal RAM. */
993 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 994 + xlat;
e5548617 995 if (!section->readonly) {
b41aac4f 996 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 997 } else {
b41aac4f 998 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 999 }
1000 } else {
0b8e2c10
PM		 1001 AddressSpaceDispatch *d;
1002
1003 d = atomic_rcu_read(&section->address_space->dispatch);
1004 iotlb = section - d->map.sections;
149f54b5 1005 iotlb += xlat;
e5548617
BS		 1006 }
1007
1008 /* Make accesses to pages with watchpoints go via the
1009 watchpoint trap routines. */
ff4700b0 1010 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1011 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1012 /* Avoid trapping reads of pages with a write breakpoint. */
1013 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1014 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1015 *address |= TLB_MMIO;
1016 break;
1017 }
1018 }
1019 }
1020
1021 return iotlb;
1022}
9fa3e853
FB		 1023#endif /* defined(CONFIG_USER_ONLY) */
1024
e2eef170 1025#if !defined(CONFIG_USER_ONLY)
8da3ff18 1026
c227f099 1027static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1028 uint16_t section);
acc9d80b 1029static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1030
a2b257d6
IM		 1031static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1032 qemu_anon_ram_alloc;
91138037
MA		 1033
1034/*
1035 * Set a custom physical guest memory alloator.
1036 * Accelerators with unusual needs may need this. Hopefully, we can
1037 * get rid of it eventually.
1038 */
a2b257d6 1039void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1040{
1041 phys_mem_alloc = alloc;
1042}
1043
53cb28cb
MA		 1044static uint16_t phys_section_add(PhysPageMap *map,
1045 MemoryRegionSection *section)
5312bd8b 1046{
68f3f65b
PB		 1047 /* The physical section number is ORed with a page-aligned
1048 * pointer to produce the iotlb entries. Thus it should
1049 * never overflow into the page-aligned value.
1050 */
53cb28cb 1051 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1052
53cb28cb
MA		 1053 if (map->sections_nb == map->sections_nb_alloc) {
1054 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1055 map->sections = g_renew(MemoryRegionSection, map->sections,
1056 map->sections_nb_alloc);
5312bd8b 1057 }
53cb28cb 1058 map->sections[map->sections_nb] = *section;
dfde4e6e 1059 memory_region_ref(section->mr);
53cb28cb 1060 return map->sections_nb++;
5312bd8b
AK		 1061}
1062
058bc4b5
PB		 1063static void phys_section_destroy(MemoryRegion *mr)
1064{
dfde4e6e
PB		 1065 memory_region_unref(mr);
1066
058bc4b5
PB		 1067 if (mr->subpage) {
1068 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1069 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1070 g_free(subpage);
1071 }
1072}
1073
6092666e 1074static void phys_sections_free(PhysPageMap *map)
5312bd8b 1075{
9affd6fc
PB		 1076 while (map->sections_nb > 0) {
1077 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1078 phys_section_destroy(section->mr);
1079 }
9affd6fc
PB		 1080 g_free(map->sections);
1081 g_free(map->nodes);
5312bd8b
AK		 1082}
1083
ac1970fb 1084static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1085{
1086 subpage_t *subpage;
a8170e5e 1087 hwaddr base = section->offset_within_address_space
0f0cb164 1088 & TARGET_PAGE_MASK;
97115a8d 1089 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1090 d->map.nodes, d->map.sections);
0f0cb164
AK		 1091 MemoryRegionSection subsection = {
1092 .offset_within_address_space = base,
052e87b0 1093 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1094 };
a8170e5e 1095 hwaddr start, end;
0f0cb164 1096
f3705d53 1097 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1098
f3705d53 1099 if (!(existing->mr->subpage)) {
acc9d80b 1100 subpage = subpage_init(d->as, base);
3be91e86 1101 subsection.address_space = d->as;
0f0cb164 1102 subsection.mr = &subpage->iomem;
ac1970fb 1103 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1104 phys_section_add(&d->map, &subsection));
0f0cb164 1105 } else {
f3705d53 1106 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1107 }
1108 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1109 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1110 subpage_register(subpage, start, end,
1111 phys_section_add(&d->map, section));
0f0cb164
AK		 1112}
1113
1114
052e87b0
PB		 1115static void register_multipage(AddressSpaceDispatch *d,
1116 MemoryRegionSection *section)
33417e70 1117{
a8170e5e 1118 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1119 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1120 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1121 TARGET_PAGE_BITS));
dd81124b 1122
733d5ef5
PB		 1123 assert(num_pages);
1124 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1125}
1126
ac1970fb 1127static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1128{
89ae337a 1129 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1130 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1131 MemoryRegionSection now = *section, remain = *section;
052e87b0 1132 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1133
733d5ef5
PB		 1134 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1135 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1136 - now.offset_within_address_space;
1137
052e87b0 1138 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1139 register_subpage(d, &now);
733d5ef5 1140 } else {
052e87b0 1141 now.size = int128_zero();
733d5ef5 1142 }
052e87b0
PB		 1143 while (int128_ne(remain.size, now.size)) {
1144 remain.size = int128_sub(remain.size, now.size);
1145 remain.offset_within_address_space += int128_get64(now.size);
1146 remain.offset_within_region += int128_get64(now.size);
69b67646 1147 now = remain;
052e87b0 1148 if (int128_lt(remain.size, page_size)) {
733d5ef5 1149 register_subpage(d, &now);
88266249 1150 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1151 now.size = page_size;
ac1970fb 1152 register_subpage(d, &now);
69b67646 1153 } else {
052e87b0 1154 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1155 register_multipage(d, &now);
69b67646 1156 }
0f0cb164
AK		 1157 }
1158}
1159
62a2744c
SY		 1160void qemu_flush_coalesced_mmio_buffer(void)
1161{
1162 if (kvm_enabled())
1163 kvm_flush_coalesced_mmio_buffer();
1164}
1165
b2a8658e
UD		 1166void qemu_mutex_lock_ramlist(void)
1167{
1168 qemu_mutex_lock(&ram_list.mutex);
1169}
1170
1171void qemu_mutex_unlock_ramlist(void)
1172{
1173 qemu_mutex_unlock(&ram_list.mutex);
1174}
1175
e1e84ba0 1176#ifdef __linux__
c902760f
MT		 1177
1178#include <sys/vfs.h>
1179
1180#define HUGETLBFS_MAGIC 0x958458f6
1181
fc7a5800 1182static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1183{
1184 struct statfs fs;
1185 int ret;
1186
1187 do {
9742bf26 1188 ret = statfs(path, &fs);
c902760f
MT		 1189 } while (ret != 0 && errno == EINTR);
1190
1191 if (ret != 0) {
fc7a5800
HT		 1192 error_setg_errno(errp, errno, "failed to get page size of file %s",
1193 path);
9742bf26 1194 return 0;
c902760f
MT		 1195 }
1196
1197 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1198 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1199
1200 return fs.f_bsize;
1201}
1202
04b16653
AW		 1203static void *file_ram_alloc(RAMBlock *block,
1204 ram_addr_t memory,
7f56e740
PB		 1205 const char *path,
1206 Error **errp)
c902760f
MT		 1207{
1208 char *filename;
8ca761f6
PF		 1209 char *sanitized_name;
1210 char *c;
794e8f30 1211 void *area;
c902760f 1212 int fd;
557529dd 1213 uint64_t hpagesize;
fc7a5800 1214 Error *local_err = NULL;
c902760f 1215
fc7a5800
HT		 1216 hpagesize = gethugepagesize(path, &local_err);
1217 if (local_err) {
1218 error_propagate(errp, local_err);
f9a49dfa 1219 goto error;
c902760f 1220 }
a2b257d6 1221 block->mr->align = hpagesize;
c902760f
MT		 1222
1223 if (memory < hpagesize) {
557529dd
HT		 1224 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1225 "or larger than huge page size 0x%" PRIx64,
1226 memory, hpagesize);
1227 goto error;
c902760f
MT		 1228 }
1229
1230 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1231 error_setg(errp,
1232 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1233 goto error;
c902760f
MT		 1234 }
1235
8ca761f6 1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1237 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/')
1240 *c = '_';
1241 }
1242
1243 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1244 sanitized_name);
1245 g_free(sanitized_name);
c902760f
MT		 1246
1247 fd = mkstemp(filename);
1248 if (fd < 0) {
7f56e740
PB		 1249 error_setg_errno(errp, errno,
1250 "unable to create backing store for hugepages");
e4ada482 1251 g_free(filename);
f9a49dfa 1252 goto error;
c902760f
MT		 1253 }
1254 unlink(filename);
e4ada482 1255 g_free(filename);
c902760f 1256
9284f319 1257 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1258
1259 /*
1260 * ftruncate is not supported by hugetlbfs in older
1261 * hosts, so don't bother bailing out on errors.
1262 * If anything goes wrong with it under other filesystems,
1263 * mmap will fail.
1264 */
7f56e740 1265 if (ftruncate(fd, memory)) {
9742bf26 1266 perror("ftruncate");
7f56e740 1267 }
c902760f 1268
794e8f30 1269 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1270 if (area == MAP_FAILED) {
7f56e740
PB		 1271 error_setg_errno(errp, errno,
1272 "unable to map backing store for hugepages");
9742bf26 1273 close(fd);
f9a49dfa 1274 goto error;
c902760f 1275 }
ef36fa14
MT		 1276
1277 if (mem_prealloc) {
38183310 1278 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1279 }
1280
04b16653 1281 block->fd = fd;
c902760f 1282 return area;
f9a49dfa
MT		 1283
1284error:
1285 if (mem_prealloc) {
81b07353 1286 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1287 exit(1);
1288 }
1289 return NULL;
c902760f
MT		 1290}
1291#endif
1292
0dc3f44a 1293/* Called with the ramlist lock held. */
d17b5288 1294static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1295{
1296 RAMBlock *block, *next_block;
3e837b2c 1297 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1298
49cd9ac6
SH		 1299 assert(size != 0); /* it would hand out same offset multiple times */
1300
0dc3f44a 1301 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1302 return 0;
0d53d9fe 1303 }
04b16653 1304
0dc3f44a 1305 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1306 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1307
62be4e3a 1308 end = block->offset + block->max_length;
04b16653 1309
0dc3f44a 1310 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1311 if (next_block->offset >= end) {
1312 next = MIN(next, next_block->offset);
1313 }
1314 }
1315 if (next - end >= size && next - end < mingap) {
3e837b2c 1316 offset = end;
04b16653
AW		 1317 mingap = next - end;
1318 }
1319 }
3e837b2c
AW		 1320
1321 if (offset == RAM_ADDR_MAX) {
1322 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1323 (uint64_t)size);
1324 abort();
1325 }
1326
04b16653
AW		 1327 return offset;
1328}
1329
652d7ec2 1330ram_addr_t last_ram_offset(void)
d17b5288
AW		 1331{
1332 RAMBlock *block;
1333 ram_addr_t last = 0;
1334
0dc3f44a
MD		 1335 rcu_read_lock();
1336 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1337 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1338 }
0dc3f44a 1339 rcu_read_unlock();
d17b5288
AW		 1340 return last;
1341}
1342
ddb97f1d
JB		 1343static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1344{
1345 int ret;
ddb97f1d
JB		 1346
1347 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1348 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1349 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1350 if (ret) {
1351 perror("qemu_madvise");
1352 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1353 "but dump_guest_core=off specified\n");
1354 }
1355 }
1356}
1357
0dc3f44a
MD		 1358/* Called within an RCU critical section, or while the ramlist lock
1359 * is held.
1360 */
20cfe881 1361static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1362{
20cfe881 1363 RAMBlock *block;
84b89d78 1364
0dc3f44a 1365 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1366 if (block->offset == addr) {
20cfe881 1367 return block;
c5705a77
AK		 1368 }
1369 }
20cfe881
HT		 1370
1371 return NULL;
1372}
1373
ae3a7047 1374/* Called with iothread lock held. */
20cfe881
HT		 1375void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1376{
ae3a7047 1377 RAMBlock *new_block, *block;
20cfe881 1378
0dc3f44a 1379 rcu_read_lock();
ae3a7047 1380 new_block = find_ram_block(addr);
c5705a77
AK		 1381 assert(new_block);
1382 assert(!new_block->idstr[0]);
84b89d78 1383
09e5ab63
AL		 1384 if (dev) {
1385 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1386 if (id) {
1387 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1388 g_free(id);
84b89d78
CM		 1389 }
1390 }
1391 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1392
0dc3f44a 1393 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1394 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1395 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1396 new_block->idstr);
1397 abort();
1398 }
1399 }
0dc3f44a 1400 rcu_read_unlock();
c5705a77
AK		 1401}
1402
ae3a7047 1403/* Called with iothread lock held. */
20cfe881
HT		 1404void qemu_ram_unset_idstr(ram_addr_t addr)
1405{
ae3a7047 1406 RAMBlock *block;
20cfe881 1407
ae3a7047
MD		 1408 /* FIXME: arch_init.c assumes that this is not called throughout
1409 * migration. Ignore the problem since hot-unplug during migration
1410 * does not work anyway.
1411 */
1412
0dc3f44a 1413 rcu_read_lock();
ae3a7047 1414 block = find_ram_block(addr);
20cfe881
HT		 1415 if (block) {
1416 memset(block->idstr, 0, sizeof(block->idstr));
1417 }
0dc3f44a 1418 rcu_read_unlock();
20cfe881
HT		 1419}
1420
8490fc78
LC		 1421static int memory_try_enable_merging(void *addr, size_t len)
1422{
75cc7f01 1423 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1424 /* disabled by the user */
1425 return 0;
1426 }
1427
1428 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1429}
1430
62be4e3a
MT		 1431/* Only legal before guest might have detected the memory size: e.g. on
1432 * incoming migration, or right after reset.
1433 *
1434 * As memory core doesn't know how is memory accessed, it is up to
1435 * resize callback to update device state and/or add assertions to detect
1436 * misuse, if necessary.
1437 */
1438int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1439{
1440 RAMBlock *block = find_ram_block(base);
1441
1442 assert(block);
1443
129ddaf3
MT		 1444 newsize = TARGET_PAGE_ALIGN(newsize);
1445
62be4e3a
MT		 1446 if (block->used_length == newsize) {
1447 return 0;
1448 }
1449
1450 if (!(block->flags & RAM_RESIZEABLE)) {
1451 error_setg_errno(errp, EINVAL,
1452 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1453 " in != 0x" RAM_ADDR_FMT, block->idstr,
1454 newsize, block->used_length);
1455 return -EINVAL;
1456 }
1457
1458 if (block->max_length < newsize) {
1459 error_setg_errno(errp, EINVAL,
1460 "Length too large: %s: 0x" RAM_ADDR_FMT
1461 " > 0x" RAM_ADDR_FMT, block->idstr,
1462 newsize, block->max_length);
1463 return -EINVAL;
1464 }
1465
1466 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1467 block->used_length = newsize;
58d2707e
PB		 1468 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1469 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1470 memory_region_set_size(block->mr, newsize);
1471 if (block->resized) {
1472 block->resized(block->idstr, newsize, block->host);
1473 }
1474 return 0;
1475}
1476
ef701d7b 1477static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1478{
e1c57ab8 1479 RAMBlock *block;
0d53d9fe 1480 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1481 ram_addr_t old_ram_size, new_ram_size;
1482
1483 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1484
b2a8658e 1485 qemu_mutex_lock_ramlist();
9b8424d5 1486 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1487
1488 if (!new_block->host) {
1489 if (xen_enabled()) {
9b8424d5
MT		 1490 xen_ram_alloc(new_block->offset, new_block->max_length,
1491 new_block->mr);
e1c57ab8 1492 } else {
9b8424d5 1493 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1494 &new_block->mr->align);
39228250 1495 if (!new_block->host) {
ef701d7b
HT		 1496 error_setg_errno(errp, errno,
1497 "cannot set up guest memory '%s'",
1498 memory_region_name(new_block->mr));
1499 qemu_mutex_unlock_ramlist();
1500 return -1;
39228250 1501 }
9b8424d5 1502 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1503 }
c902760f 1504 }
94a6b54f 1505
dd631697
LZ		 1506 new_ram_size = MAX(old_ram_size,
1507 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1508 if (new_ram_size > old_ram_size) {
1509 migration_bitmap_extend(old_ram_size, new_ram_size);
1510 }
0d53d9fe
MD		 1511 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1512 * QLIST (which has an RCU-friendly variant) does not have insertion at
1513 * tail, so save the last element in last_block.
1514 */
0dc3f44a 1515 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1516 last_block = block;
9b8424d5 1517 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1518 break;
1519 }
1520 }
1521 if (block) {
0dc3f44a 1522 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1523 } else if (last_block) {
0dc3f44a 1524 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1525 } else { /* list is empty */
0dc3f44a 1526 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1527 }
0d6d3c87 1528 ram_list.mru_block = NULL;
94a6b54f 1529
0dc3f44a
MD		 1530 /* Write list before version */
1531 smp_wmb();
f798b07f 1532 ram_list.version++;
b2a8658e 1533 qemu_mutex_unlock_ramlist();
f798b07f 1534
2152f5ca
JQ		 1535 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1536
1537 if (new_ram_size > old_ram_size) {
1ab4c8ce 1538 int i;
ae3a7047
MD		 1539
1540 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1541 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1542 ram_list.dirty_memory[i] =
1543 bitmap_zero_extend(ram_list.dirty_memory[i],
1544 old_ram_size, new_ram_size);
1545 }
2152f5ca 1546 }
9b8424d5 1547 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1548 new_block->used_length,
1549 DIRTY_CLIENTS_ALL);
94a6b54f 1550
a904c911
PB		 1551 if (new_block->host) {
1552 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1553 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1554 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1555 if (kvm_enabled()) {
1556 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1557 }
e1c57ab8 1558 }
6f0437e8 1559
94a6b54f
PB		 1560 return new_block->offset;
1561}
e9a1ab19 1562
0b183fc8 1563#ifdef __linux__
e1c57ab8 1564ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1565 bool share, const char *mem_path,
7f56e740 1566 Error **errp)
e1c57ab8
PB		 1567{
1568 RAMBlock *new_block;
ef701d7b
HT		 1569 ram_addr_t addr;
1570 Error *local_err = NULL;
e1c57ab8
PB		 1571
1572 if (xen_enabled()) {
7f56e740
PB		 1573 error_setg(errp, "-mem-path not supported with Xen");
1574 return -1;
e1c57ab8
PB		 1575 }
1576
1577 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1578 /*
1579 * file_ram_alloc() needs to allocate just like
1580 * phys_mem_alloc, but we haven't bothered to provide
1581 * a hook there.
1582 */
7f56e740
PB		 1583 error_setg(errp,
1584 "-mem-path not supported with this accelerator");
1585 return -1;
e1c57ab8
PB		 1586 }
1587
1588 size = TARGET_PAGE_ALIGN(size);
1589 new_block = g_malloc0(sizeof(*new_block));
1590 new_block->mr = mr;
9b8424d5
MT		 1591 new_block->used_length = size;
1592 new_block->max_length = size;
dbcb8981 1593 new_block->flags = share ? RAM_SHARED : 0;
794e8f30 1594 new_block->flags |= RAM_FILE;
7f56e740
PB		 1595 new_block->host = file_ram_alloc(new_block, size,
1596 mem_path, errp);
1597 if (!new_block->host) {
1598 g_free(new_block);
1599 return -1;
1600 }
1601
ef701d7b
HT		 1602 addr = ram_block_add(new_block, &local_err);
1603 if (local_err) {
1604 g_free(new_block);
1605 error_propagate(errp, local_err);
1606 return -1;
1607 }
1608 return addr;
e1c57ab8 1609}
0b183fc8 1610#endif
e1c57ab8 1611
62be4e3a
MT		 1612static
1613ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1614 void (*resized)(const char*,
1615 uint64_t length,
1616 void *host),
1617 void *host, bool resizeable,
ef701d7b 1618 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1619{
1620 RAMBlock *new_block;
ef701d7b
HT		 1621 ram_addr_t addr;
1622 Error *local_err = NULL;
e1c57ab8
PB		 1623
1624 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1625 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1626 new_block = g_malloc0(sizeof(*new_block));
1627 new_block->mr = mr;
62be4e3a 1628 new_block->resized = resized;
9b8424d5
MT		 1629 new_block->used_length = size;
1630 new_block->max_length = max_size;
62be4e3a 1631 assert(max_size >= size);
e1c57ab8
PB		 1632 new_block->fd = -1;
1633 new_block->host = host;
1634 if (host) {
7bd4f430 1635 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1636 }
62be4e3a
MT		 1637 if (resizeable) {
1638 new_block->flags |= RAM_RESIZEABLE;
1639 }
ef701d7b
HT		 1640 addr = ram_block_add(new_block, &local_err);
1641 if (local_err) {
1642 g_free(new_block);
1643 error_propagate(errp, local_err);
1644 return -1;
1645 }
1646 return addr;
e1c57ab8
PB		 1647}
1648
62be4e3a
MT		 1649ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1650 MemoryRegion *mr, Error **errp)
1651{
1652 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1653}
1654
ef701d7b 1655ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1656{
62be4e3a
MT		 1657 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1658}
1659
1660ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1661 void (*resized)(const char*,
1662 uint64_t length,
1663 void *host),
1664 MemoryRegion *mr, Error **errp)
1665{
1666 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1667}
1668
1f2e98b6
AW		 1669void qemu_ram_free_from_ptr(ram_addr_t addr)
1670{
1671 RAMBlock *block;
1672
b2a8658e 1673 qemu_mutex_lock_ramlist();
0dc3f44a 1674 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1675 if (addr == block->offset) {
0dc3f44a 1676 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1677 ram_list.mru_block = NULL;
0dc3f44a
MD		 1678 /* Write list before version */
1679 smp_wmb();
f798b07f 1680 ram_list.version++;
43771539 1681 g_free_rcu(block, rcu);
b2a8658e 1682 break;
1f2e98b6
AW		 1683 }
1684 }
b2a8658e 1685 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1686}
1687
43771539
PB		 1688static void reclaim_ramblock(RAMBlock *block)
1689{
1690 if (block->flags & RAM_PREALLOC) {
1691 ;
1692 } else if (xen_enabled()) {
1693 xen_invalidate_map_cache_entry(block->host);
1694#ifndef _WIN32
1695 } else if (block->fd >= 0) {
794e8f30
MT		 1696 if (block->flags & RAM_FILE) {
1697 qemu_ram_munmap(block->host, block->max_length);
8561c924
MT		 1698 } else {
1699 munmap(block->host, block->max_length);
1700 }
43771539
PB		 1701 close(block->fd);
1702#endif
1703 } else {
1704 qemu_anon_ram_free(block->host, block->max_length);
1705 }
1706 g_free(block);
1707}
1708
c227f099 1709void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1710{
04b16653
AW		 1711 RAMBlock *block;
1712
b2a8658e 1713 qemu_mutex_lock_ramlist();
0dc3f44a 1714 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1715 if (addr == block->offset) {
0dc3f44a 1716 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1717 ram_list.mru_block = NULL;
0dc3f44a
MD		 1718 /* Write list before version */
1719 smp_wmb();
f798b07f 1720 ram_list.version++;
43771539 1721 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1722 break;
04b16653
AW		 1723 }
1724 }
b2a8658e 1725 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1726}
1727
cd19cfa2
HY		 1728#ifndef _WIN32
1729void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1730{
1731 RAMBlock *block;
1732 ram_addr_t offset;
1733 int flags;
1734 void *area, *vaddr;
1735
0dc3f44a 1736 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1737 offset = addr - block->offset;
9b8424d5 1738 if (offset < block->max_length) {
1240be24 1739 vaddr = ramblock_ptr(block, offset);
7bd4f430 1740 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1741 ;
dfeaf2ab
MA		 1742 } else if (xen_enabled()) {
1743 abort();
cd19cfa2
HY		 1744 } else {
1745 flags = MAP_FIXED;
3435f395 1746 if (block->fd >= 0) {
dbcb8981
PB		 1747 flags |= (block->flags & RAM_SHARED ?
1748 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1749 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1750 flags, block->fd, offset);
cd19cfa2 1751 } else {
2eb9fbaa
MA		 1752 /*
1753 * Remap needs to match alloc. Accelerators that
1754 * set phys_mem_alloc never remap. If they did,
1755 * we'd need a remap hook here.
1756 */
1757 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1758
cd19cfa2
HY		 1759 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1760 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1761 flags, -1, 0);
cd19cfa2
HY		 1762 }
1763 if (area != vaddr) {
f15fbc4b
AP		 1764 fprintf(stderr, "Could not remap addr: "
1765 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1766 length, addr);
1767 exit(1);
1768 }
8490fc78 1769 memory_try_enable_merging(vaddr, length);
ddb97f1d 1770 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1771 }
cd19cfa2
HY		 1772 }
1773 }
1774}
1775#endif /* !_WIN32 */
1776
a35ba7be
PB		 1777int qemu_get_ram_fd(ram_addr_t addr)
1778{
ae3a7047
MD		 1779 RAMBlock *block;
1780 int fd;
a35ba7be 1781
0dc3f44a 1782 rcu_read_lock();
ae3a7047
MD		 1783 block = qemu_get_ram_block(addr);
1784 fd = block->fd;
0dc3f44a 1785 rcu_read_unlock();
ae3a7047 1786 return fd;
a35ba7be
PB		 1787}
1788
3fd74b84
DM		 1789void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1790{
ae3a7047
MD		 1791 RAMBlock *block;
1792 void *ptr;
3fd74b84 1793
0dc3f44a 1794 rcu_read_lock();
ae3a7047
MD		 1795 block = qemu_get_ram_block(addr);
1796 ptr = ramblock_ptr(block, 0);
0dc3f44a 1797 rcu_read_unlock();
ae3a7047 1798 return ptr;
3fd74b84
DM		 1799}
1800
1b5ec234 1801/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1802 * This should not be used for general purpose DMA. Use address_space_map
1803 * or address_space_rw instead. For local memory (e.g. video ram) that the
1804 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1805 *
1806 * By the time this function returns, the returned pointer is not protected
1807 * by RCU anymore. If the caller is not within an RCU critical section and
1808 * does not hold the iothread lock, it must have other means of protecting the
1809 * pointer, such as a reference to the region that includes the incoming
1810 * ram_addr_t.
1b5ec234
PB		 1811 */
1812void *qemu_get_ram_ptr(ram_addr_t addr)
1813{
ae3a7047
MD		 1814 RAMBlock *block;
1815 void *ptr;
1b5ec234 1816
0dc3f44a 1817 rcu_read_lock();
ae3a7047
MD		 1818 block = qemu_get_ram_block(addr);
1819
1820 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1821 /* We need to check if the requested address is in the RAM
1822 * because we don't want to map the entire memory in QEMU.
1823 * In that case just map until the end of the page.
1824 */
1825 if (block->offset == 0) {
ae3a7047 1826 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1827 goto unlock;
0d6d3c87 1828 }
ae3a7047
MD		 1829
1830 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1831 }
ae3a7047
MD		 1832 ptr = ramblock_ptr(block, addr - block->offset);
1833
0dc3f44a
MD		 1834unlock:
1835 rcu_read_unlock();
ae3a7047 1836 return ptr;
dc828ca1
PB		 1837}
1838
38bee5dc 1839/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1840 * but takes a size argument.
0dc3f44a
MD		 1841 *
1842 * By the time this function returns, the returned pointer is not protected
1843 * by RCU anymore. If the caller is not within an RCU critical section and
1844 * does not hold the iothread lock, it must have other means of protecting the
1845 * pointer, such as a reference to the region that includes the incoming
1846 * ram_addr_t.
ae3a7047 1847 */
cb85f7ab 1848static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1849{
ae3a7047 1850 void *ptr;
8ab934f9
SS		 1851 if (*size == 0) {
1852 return NULL;
1853 }
868bb33f 1854 if (xen_enabled()) {
e41d7c69 1855 return xen_map_cache(addr, *size, 1);
868bb33f 1856 } else {
38bee5dc 1857 RAMBlock *block;
0dc3f44a
MD		 1858 rcu_read_lock();
1859 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1860 if (addr - block->offset < block->max_length) {
1861 if (addr - block->offset + *size > block->max_length)
1862 *size = block->max_length - addr + block->offset;
ae3a7047 1863 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1864 rcu_read_unlock();
ae3a7047 1865 return ptr;
38bee5dc
SS		 1866 }
1867 }
1868
1869 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1870 abort();
38bee5dc
SS		 1871 }
1872}
1873
7443b437 1874/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1875 * (typically a TLB entry) back to a ram offset.
1876 *
1877 * By the time this function returns, the returned pointer is not protected
1878 * by RCU anymore. If the caller is not within an RCU critical section and
1879 * does not hold the iothread lock, it must have other means of protecting the
1880 * pointer, such as a reference to the region that includes the incoming
1881 * ram_addr_t.
1882 */
1b5ec234 1883MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1884{
94a6b54f
PB		 1885 RAMBlock *block;
1886 uint8_t *host = ptr;
ae3a7047 1887 MemoryRegion *mr;
94a6b54f 1888
868bb33f 1889 if (xen_enabled()) {
0dc3f44a 1890 rcu_read_lock();
e41d7c69 1891 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1892 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1893 rcu_read_unlock();
ae3a7047 1894 return mr;
712c2b41
SS		 1895 }
1896
0dc3f44a
MD		 1897 rcu_read_lock();
1898 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1899 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1900 goto found;
1901 }
1902
0dc3f44a 1903 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1904 /* This case append when the block is not mapped. */
1905 if (block->host == NULL) {
1906 continue;
1907 }
9b8424d5 1908 if (host - block->host < block->max_length) {
23887b79 1909 goto found;
f471a17e 1910 }
94a6b54f 1911 }
432d268c 1912
0dc3f44a 1913 rcu_read_unlock();
1b5ec234 1914 return NULL;
23887b79
PB		 1915
1916found:
1917 *ram_addr = block->offset + (host - block->host);
ae3a7047 1918 mr = block->mr;
0dc3f44a 1919 rcu_read_unlock();
ae3a7047 1920 return mr;
e890261f 1921}
f471a17e 1922
a8170e5e 1923static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1924 uint64_t val, unsigned size)
9fa3e853 1925{
52159192 1926 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1927 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1928 }
0e0df1e2
AK		 1929 switch (size) {
1930 case 1:
1931 stb_p(qemu_get_ram_ptr(ram_addr), val);
1932 break;
1933 case 2:
1934 stw_p(qemu_get_ram_ptr(ram_addr), val);
1935 break;
1936 case 4:
1937 stl_p(qemu_get_ram_ptr(ram_addr), val);
1938 break;
1939 default:
1940 abort();
3a7d929e 1941 }
58d2707e
PB		 1942 /* Set both VGA and migration bits for simplicity and to remove
1943 * the notdirty callback faster.
1944 */
1945 cpu_physical_memory_set_dirty_range(ram_addr, size,
1946 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1947 /* we remove the notdirty callback only if the code has been
1948 flushed */
a2cd8c85 1949 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1950 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1951 }
9fa3e853
FB		 1952}
1953
b018ddf6
PB		 1954static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1955 unsigned size, bool is_write)
1956{
1957 return is_write;
1958}
1959
0e0df1e2 1960static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1961 .write = notdirty_mem_write,
b018ddf6 1962 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1963 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1964};
1965
0f459d16 1966/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1967static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1968{
93afeade
AF		 1969 CPUState *cpu = current_cpu;
1970 CPUArchState *env = cpu->env_ptr;
06d55cc1 1971 target_ulong pc, cs_base;
0f459d16 1972 target_ulong vaddr;
a1d1bb31 1973 CPUWatchpoint *wp;
06d55cc1 1974 int cpu_flags;
0f459d16 1975
ff4700b0 1976 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1977 /* We re-entered the check after replacing the TB. Now raise
1978 * the debug interrupt so that is will trigger after the
1979 * current instruction. */
93afeade 1980 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1981 return;
1982 }
93afeade 1983 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1984 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1985 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1986 && (wp->flags & flags)) {
08225676
PM		 1987 if (flags == BP_MEM_READ) {
1988 wp->flags |= BP_WATCHPOINT_HIT_READ;
1989 } else {
1990 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1991 }
1992 wp->hitaddr = vaddr;
66b9b43c 1993 wp->hitattrs = attrs;
ff4700b0
AF		 1994 if (!cpu->watchpoint_hit) {
1995 cpu->watchpoint_hit = wp;
239c51a5 1996 tb_check_watchpoint(cpu);
6e140f28 1997 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1998 cpu->exception_index = EXCP_DEBUG;
5638d180 1999 cpu_loop_exit(cpu);
6e140f28
AL		 2000 } else {
2001 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2002 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2003 cpu_resume_from_signal(cpu, NULL);
6e140f28 2004 }
06d55cc1 2005 }
6e140f28
AL		 2006 } else {
2007 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2008 }
2009 }
2010}
2011
6658ffb8
PB		 2012/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2013 so these check for a hit then pass through to the normal out-of-line
2014 phys routines. */
66b9b43c
PM		 2015static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2016 unsigned size, MemTxAttrs attrs)
6658ffb8 2017{
66b9b43c
PM		 2018 MemTxResult res;
2019 uint64_t data;
2020
2021 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2022 switch (size) {
66b9b43c
PM		 2023 case 1:
2024 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2025 break;
2026 case 2:
2027 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2028 break;
2029 case 4:
2030 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2031 break;
1ec9b909
AK		 2032 default: abort();
2033 }
66b9b43c
PM		 2034 *pdata = data;
2035 return res;
6658ffb8
PB		 2036}
2037
66b9b43c
PM		 2038static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2039 uint64_t val, unsigned size,
2040 MemTxAttrs attrs)
6658ffb8 2041{
66b9b43c
PM		 2042 MemTxResult res;
2043
2044 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2045 switch (size) {
67364150 2046 case 1:
66b9b43c 2047 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2048 break;
2049 case 2:
66b9b43c 2050 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2051 break;
2052 case 4:
66b9b43c 2053 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2054 break;
1ec9b909
AK		 2055 default: abort();
2056 }
66b9b43c 2057 return res;
6658ffb8
PB		 2058}
2059
1ec9b909 2060static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2061 .read_with_attrs = watch_mem_read,
2062 .write_with_attrs = watch_mem_write,
1ec9b909 2063 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2064};
6658ffb8 2065
f25a49e0
PM		 2066static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2067 unsigned len, MemTxAttrs attrs)
db7b5426 2068{
acc9d80b 2069 subpage_t *subpage = opaque;
ff6cff75 2070 uint8_t buf[8];
5c9eb028 2071 MemTxResult res;
791af8c8 2072
db7b5426 2073#if defined(DEBUG_SUBPAGE)
016e9d62 2074 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2075 subpage, len, addr);
db7b5426 2076#endif
5c9eb028
PM		 2077 res = address_space_read(subpage->as, addr + subpage->base,
2078 attrs, buf, len);
2079 if (res) {
2080 return res;
f25a49e0 2081 }
acc9d80b
JK		 2082 switch (len) {
2083 case 1:
f25a49e0
PM		 2084 *data = ldub_p(buf);
2085 return MEMTX_OK;
acc9d80b 2086 case 2:
f25a49e0
PM		 2087 *data = lduw_p(buf);
2088 return MEMTX_OK;
acc9d80b 2089 case 4:
f25a49e0
PM		 2090 *data = ldl_p(buf);
2091 return MEMTX_OK;
ff6cff75 2092 case 8:
f25a49e0
PM		 2093 *data = ldq_p(buf);
2094 return MEMTX_OK;
acc9d80b
JK		 2095 default:
2096 abort();
2097 }
db7b5426
BS		 2098}
2099
f25a49e0
PM		 2100static MemTxResult subpage_write(void *opaque, hwaddr addr,
2101 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2102{
acc9d80b 2103 subpage_t *subpage = opaque;
ff6cff75 2104 uint8_t buf[8];
acc9d80b 2105
db7b5426 2106#if defined(DEBUG_SUBPAGE)
016e9d62 2107 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2108 " value %"PRIx64"\n",
2109 __func__, subpage, len, addr, value);
db7b5426 2110#endif
acc9d80b
JK		 2111 switch (len) {
2112 case 1:
2113 stb_p(buf, value);
2114 break;
2115 case 2:
2116 stw_p(buf, value);
2117 break;
2118 case 4:
2119 stl_p(buf, value);
2120 break;
ff6cff75
PB		 2121 case 8:
2122 stq_p(buf, value);
2123 break;
acc9d80b
JK		 2124 default:
2125 abort();
2126 }
5c9eb028
PM		 2127 return address_space_write(subpage->as, addr + subpage->base,
2128 attrs, buf, len);
db7b5426
BS		 2129}
2130
c353e4cc 2131static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2132 unsigned len, bool is_write)
c353e4cc 2133{
acc9d80b 2134 subpage_t *subpage = opaque;
c353e4cc 2135#if defined(DEBUG_SUBPAGE)
016e9d62 2136 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2137 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2138#endif
2139
acc9d80b 2140 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2141 len, is_write);
c353e4cc
PB		 2142}
2143
70c68e44 2144static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2145 .read_with_attrs = subpage_read,
2146 .write_with_attrs = subpage_write,
ff6cff75
PB		 2147 .impl.min_access_size = 1,
2148 .impl.max_access_size = 8,
2149 .valid.min_access_size = 1,
2150 .valid.max_access_size = 8,
c353e4cc 2151 .valid.accepts = subpage_accepts,
70c68e44 2152 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2153};
2154
c227f099 2155static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2156 uint16_t section)
db7b5426
BS		 2157{
2158 int idx, eidx;
2159
2160 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2161 return -1;
2162 idx = SUBPAGE_IDX(start);
2163 eidx = SUBPAGE_IDX(end);
2164#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2165 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2166 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2167#endif
db7b5426 2168 for (; idx <= eidx; idx++) {
5312bd8b 2169 mmio->sub_section[idx] = section;
db7b5426
BS		 2170 }
2171
2172 return 0;
2173}
2174
acc9d80b 2175static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2176{
c227f099 2177 subpage_t *mmio;
db7b5426 2178
7267c094 2179 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2180
acc9d80b 2181 mmio->as = as;
1eec614b 2182 mmio->base = base;
2c9b15ca 2183 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2184 NULL, TARGET_PAGE_SIZE);
b3b00c78 2185 mmio->iomem.subpage = true;
db7b5426 2186#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2187 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2188 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2189#endif
b41aac4f 2190 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2191
2192 return mmio;
2193}
2194
a656e22f
PC		 2195static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2196 MemoryRegion *mr)
5312bd8b 2197{
a656e22f 2198 assert(as);
5312bd8b 2199 MemoryRegionSection section = {
a656e22f 2200 .address_space = as,
5312bd8b
AK		 2201 .mr = mr,
2202 .offset_within_address_space = 0,
2203 .offset_within_region = 0,
052e87b0 2204 .size = int128_2_64(),
5312bd8b
AK		 2205 };
2206
53cb28cb 2207 return phys_section_add(map, &section);
5312bd8b
AK		 2208}
2209
9d82b5a7 2210MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2211{
32857f4d
PM		 2212 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2213 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2214 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2215
2216 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2217}
2218
e9179ce1
AK		 2219static void io_mem_init(void)
2220{
1f6245e5 2221 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2222 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2223 NULL, UINT64_MAX);
2c9b15ca 2224 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2225 NULL, UINT64_MAX);
2c9b15ca 2226 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2227 NULL, UINT64_MAX);
e9179ce1
AK		 2228}
2229
ac1970fb 2230static void mem_begin(MemoryListener *listener)
00752703
PB		 2231{
2232 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2233 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2234 uint16_t n;
2235
a656e22f 2236 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2237 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2238 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2239 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2240 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2241 assert(n == PHYS_SECTION_ROM);
a656e22f 2242 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2243 assert(n == PHYS_SECTION_WATCH);
00752703 2244
9736e55b 2245 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2246 d->as = as;
2247 as->next_dispatch = d;
2248}
2249
79e2b9ae
PB		 2250static void address_space_dispatch_free(AddressSpaceDispatch *d)
2251{
2252 phys_sections_free(&d->map);
2253 g_free(d);
2254}
2255
00752703 2256static void mem_commit(MemoryListener *listener)
ac1970fb 2257{
89ae337a 2258 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2259 AddressSpaceDispatch *cur = as->dispatch;
2260 AddressSpaceDispatch *next = as->next_dispatch;
2261
53cb28cb 2262 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2263
79e2b9ae 2264 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2265 if (cur) {
79e2b9ae 2266 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2267 }
9affd6fc
PB		 2268}
2269
1d71148e 2270static void tcg_commit(MemoryListener *listener)
50c1e149 2271{
32857f4d
PM		 2272 CPUAddressSpace *cpuas;
2273 AddressSpaceDispatch *d;
117712c3
AK		 2274
2275 /* since each CPU stores ram addresses in its TLB cache, we must
2276 reset the modified entries */
32857f4d
PM		 2277 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2278 cpu_reloading_memory_map();
2279 /* The CPU and TLB are protected by the iothread lock.
2280 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2281 * may have split the RCU critical section.
2282 */
2283 d = atomic_rcu_read(&cpuas->as->dispatch);
2284 cpuas->memory_dispatch = d;
2285 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2286}
2287
ac1970fb
AK		 2288void address_space_init_dispatch(AddressSpace *as)
2289{
00752703 2290 as->dispatch = NULL;
89ae337a 2291 as->dispatch_listener = (MemoryListener) {
ac1970fb 2292 .begin = mem_begin,
00752703 2293 .commit = mem_commit,
ac1970fb
AK		 2294 .region_add = mem_add,
2295 .region_nop = mem_add,
2296 .priority = 0,
2297 };
89ae337a 2298 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2299}
2300
6e48e8f9
PB		 2301void address_space_unregister(AddressSpace *as)
2302{
2303 memory_listener_unregister(&as->dispatch_listener);
2304}
2305
83f3c251
AK		 2306void address_space_destroy_dispatch(AddressSpace *as)
2307{
2308 AddressSpaceDispatch *d = as->dispatch;
2309
79e2b9ae
PB		 2310 atomic_rcu_set(&as->dispatch, NULL);
2311 if (d) {
2312 call_rcu(d, address_space_dispatch_free, rcu);
2313 }
83f3c251
AK		 2314}
2315
62152b8a
AK		 2316static void memory_map_init(void)
2317{
7267c094 2318 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2319
57271d63 2320 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2321 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2322
7267c094 2323 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2324 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2325 65536);
7dca8043 2326 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2327}
2328
2329MemoryRegion *get_system_memory(void)
2330{
2331 return system_memory;
2332}
2333
309cb471
AK		 2334MemoryRegion *get_system_io(void)
2335{
2336 return system_io;
2337}
2338
e2eef170
PB		 2339#endif /* !defined(CONFIG_USER_ONLY) */
2340
13eb76e0
FB		 2341/* physical memory access (slow version, mainly for debug) */
2342#if defined(CONFIG_USER_ONLY)
f17ec444 2343int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2344 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2345{
2346 int l, flags;
2347 target_ulong page;
53a5960a 2348 void * p;
13eb76e0
FB		 2349
2350 while (len > 0) {
2351 page = addr & TARGET_PAGE_MASK;
2352 l = (page + TARGET_PAGE_SIZE) - addr;
2353 if (l > len)
2354 l = len;
2355 flags = page_get_flags(page);
2356 if (!(flags & PAGE_VALID))
a68fe89c 2357 return -1;
13eb76e0
FB		 2358 if (is_write) {
2359 if (!(flags & PAGE_WRITE))
a68fe89c 2360 return -1;
579a97f7 2361 /* XXX: this code should not depend on lock_user */
72fb7daa 2362 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2363 return -1;
72fb7daa
AJ		 2364 memcpy(p, buf, l);
2365 unlock_user(p, addr, l);
13eb76e0
FB		 2366 } else {
2367 if (!(flags & PAGE_READ))
a68fe89c 2368 return -1;
579a97f7 2369 /* XXX: this code should not depend on lock_user */
72fb7daa 2370 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2371 return -1;
72fb7daa 2372 memcpy(buf, p, l);
5b257578 2373 unlock_user(p, addr, 0);
13eb76e0
FB		 2374 }
2375 len -= l;
2376 buf += l;
2377 addr += l;
2378 }
a68fe89c 2379 return 0;
13eb76e0 2380}
8df1cd07 2381
13eb76e0 2382#else
51d7a9eb 2383
845b6214 2384static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2385 hwaddr length)
51d7a9eb 2386{
e87f7778
PB		 2387 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2388 /* No early return if dirty_log_mask is or becomes 0, because
2389 * cpu_physical_memory_set_dirty_range will still call
2390 * xen_modified_memory.
2391 */
2392 if (dirty_log_mask) {
2393 dirty_log_mask =
2394 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2395 }
2396 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2397 tb_invalidate_phys_range(addr, addr + length);
2398 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2399 }
e87f7778 2400 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2401}
2402
23326164 2403static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2404{
e1622f4b 2405 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2406
2407 /* Regions are assumed to support 1-4 byte accesses unless
2408 otherwise specified. */
23326164
RH		 2409 if (access_size_max == 0) {
2410 access_size_max = 4;
2411 }
2412
2413 /* Bound the maximum access by the alignment of the address. */
2414 if (!mr->ops->impl.unaligned) {
2415 unsigned align_size_max = addr & -addr;
2416 if (align_size_max != 0 && align_size_max < access_size_max) {
2417 access_size_max = align_size_max;
2418 }
82f2563f 2419 }
23326164
RH		 2420
2421 /* Don't attempt accesses larger than the maximum. */
2422 if (l > access_size_max) {
2423 l = access_size_max;
82f2563f 2424 }
6554f5c0 2425 l = pow2floor(l);
23326164
RH		 2426
2427 return l;
82f2563f
PB		 2428}
2429
4840f10e 2430static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2431{
4840f10e
JK		 2432 bool unlocked = !qemu_mutex_iothread_locked();
2433 bool release_lock = false;
2434
2435 if (unlocked && mr->global_locking) {
2436 qemu_mutex_lock_iothread();
2437 unlocked = false;
2438 release_lock = true;
2439 }
125b3806 2440 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2441 if (unlocked) {
2442 qemu_mutex_lock_iothread();
2443 }
125b3806 2444 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2445 if (unlocked) {
2446 qemu_mutex_unlock_iothread();
2447 }
125b3806 2448 }
4840f10e
JK		 2449
2450 return release_lock;
125b3806
PB		 2451}
2452
5c9eb028
PM		 2453MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2454 uint8_t *buf, int len, bool is_write)
13eb76e0 2455{
149f54b5 2456 hwaddr l;
13eb76e0 2457 uint8_t *ptr;
791af8c8 2458 uint64_t val;
149f54b5 2459 hwaddr addr1;
5c8a00ce 2460 MemoryRegion *mr;
3b643495 2461 MemTxResult result = MEMTX_OK;
4840f10e 2462 bool release_lock = false;
3b46e624 2463
41063e1e 2464 rcu_read_lock();
13eb76e0 2465 while (len > 0) {
149f54b5 2466 l = len;
5c8a00ce 2467 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2468
13eb76e0 2469 if (is_write) {
5c8a00ce 2470 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2471 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2472 l = memory_access_size(mr, l, addr1);
4917cf44 2473 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2474 potential bugs */
23326164
RH		 2475 switch (l) {
2476 case 8:
2477 /* 64 bit write access */
2478 val = ldq_p(buf);
3b643495
PM		 2479 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2480 attrs);
23326164
RH		 2481 break;
2482 case 4:
1c213d19 2483 /* 32 bit write access */
c27004ec 2484 val = ldl_p(buf);
3b643495
PM		 2485 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2486 attrs);
23326164
RH		 2487 break;
2488 case 2:
1c213d19 2489 /* 16 bit write access */
c27004ec 2490 val = lduw_p(buf);
3b643495
PM		 2491 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2492 attrs);
23326164
RH		 2493 break;
2494 case 1:
1c213d19 2495 /* 8 bit write access */
c27004ec 2496 val = ldub_p(buf);
3b643495
PM		 2497 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2498 attrs);
23326164
RH		 2499 break;
2500 default:
2501 abort();
13eb76e0 2502 }
2bbfa05d 2503 } else {
5c8a00ce 2504 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2505 /* RAM case */
5579c7f3 2506 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2507 memcpy(ptr, buf, l);
845b6214 2508 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2509 }
2510 } else {
5c8a00ce 2511 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2512 /* I/O case */
4840f10e 2513 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2514 l = memory_access_size(mr, l, addr1);
23326164
RH		 2515 switch (l) {
2516 case 8:
2517 /* 64 bit read access */
3b643495
PM		 2518 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2519 attrs);
23326164
RH		 2520 stq_p(buf, val);
2521 break;
2522 case 4:
13eb76e0 2523 /* 32 bit read access */
3b643495
PM		 2524 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2525 attrs);
c27004ec 2526 stl_p(buf, val);
23326164
RH		 2527 break;
2528 case 2:
13eb76e0 2529 /* 16 bit read access */
3b643495
PM		 2530 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2531 attrs);
c27004ec 2532 stw_p(buf, val);
23326164
RH		 2533 break;
2534 case 1:
1c213d19 2535 /* 8 bit read access */
3b643495
PM		 2536 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2537 attrs);
c27004ec 2538 stb_p(buf, val);
23326164
RH		 2539 break;
2540 default:
2541 abort();
13eb76e0
FB		 2542 }
2543 } else {
2544 /* RAM case */
5c8a00ce 2545 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2546 memcpy(buf, ptr, l);
13eb76e0
FB		 2547 }
2548 }
4840f10e
JK		 2549
2550 if (release_lock) {
2551 qemu_mutex_unlock_iothread();
2552 release_lock = false;
2553 }
2554
13eb76e0
FB		 2555 len -= l;
2556 buf += l;
2557 addr += l;
2558 }
41063e1e 2559 rcu_read_unlock();
fd8aaa76 2560
3b643495 2561 return result;
13eb76e0 2562}
8df1cd07 2563
5c9eb028
PM		 2564MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2565 const uint8_t *buf, int len)
ac1970fb 2566{
5c9eb028 2567 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2568}
2569
5c9eb028
PM		 2570MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2571 uint8_t *buf, int len)
ac1970fb 2572{
5c9eb028 2573 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2574}
2575
2576
a8170e5e 2577void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2578 int len, int is_write)
2579{
5c9eb028
PM		 2580 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2581 buf, len, is_write);
ac1970fb
AK		 2582}
2583
582b55a9
AG		 2584enum write_rom_type {
2585 WRITE_DATA,
2586 FLUSH_CACHE,
2587};
2588
2a221651 2589static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2590 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2591{
149f54b5 2592 hwaddr l;
d0ecd2aa 2593 uint8_t *ptr;
149f54b5 2594 hwaddr addr1;
5c8a00ce 2595 MemoryRegion *mr;
3b46e624 2596
41063e1e 2597 rcu_read_lock();
d0ecd2aa 2598 while (len > 0) {
149f54b5 2599 l = len;
2a221651 2600 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2601
5c8a00ce
PB		 2602 if (!(memory_region_is_ram(mr) ||
2603 memory_region_is_romd(mr))) {
b242e0e0 2604 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2605 } else {
5c8a00ce 2606 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2607 /* ROM/RAM case */
5579c7f3 2608 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2609 switch (type) {
2610 case WRITE_DATA:
2611 memcpy(ptr, buf, l);
845b6214 2612 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2613 break;
2614 case FLUSH_CACHE:
2615 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2616 break;
2617 }
d0ecd2aa
FB		 2618 }
2619 len -= l;
2620 buf += l;
2621 addr += l;
2622 }
41063e1e 2623 rcu_read_unlock();
d0ecd2aa
FB		 2624}
2625
582b55a9 2626/* used for ROM loading : can write in RAM and ROM */
2a221651 2627void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2628 const uint8_t *buf, int len)
2629{
2a221651 2630 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2631}
2632
2633void cpu_flush_icache_range(hwaddr start, int len)
2634{
2635 /*
2636 * This function should do the same thing as an icache flush that was
2637 * triggered from within the guest. For TCG we are always cache coherent,
2638 * so there is no need to flush anything. For KVM / Xen we need to flush
2639 * the host's instruction cache at least.
2640 */
2641 if (tcg_enabled()) {
2642 return;
2643 }
2644
2a221651
EI		 2645 cpu_physical_memory_write_rom_internal(&address_space_memory,
2646 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2647}
2648
6d16c2f8 2649typedef struct {
d3e71559 2650 MemoryRegion *mr;
6d16c2f8 2651 void *buffer;
a8170e5e
AK		 2652 hwaddr addr;
2653 hwaddr len;
c2cba0ff 2654 bool in_use;
6d16c2f8
AL		 2655} BounceBuffer;
2656
2657static BounceBuffer bounce;
2658
ba223c29 2659typedef struct MapClient {
e95205e1 2660 QEMUBH *bh;
72cf2d4f 2661 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2662} MapClient;
2663
38e047b5 2664QemuMutex map_client_list_lock;
72cf2d4f
BS		 2665static QLIST_HEAD(map_client_list, MapClient) map_client_list
2666 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2667
e95205e1
FZ		 2668static void cpu_unregister_map_client_do(MapClient *client)
2669{
2670 QLIST_REMOVE(client, link);
2671 g_free(client);
2672}
2673
33b6c2ed
FZ		 2674static void cpu_notify_map_clients_locked(void)
2675{
2676 MapClient *client;
2677
2678 while (!QLIST_EMPTY(&map_client_list)) {
2679 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2680 qemu_bh_schedule(client->bh);
2681 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2682 }
2683}
2684
e95205e1 2685void cpu_register_map_client(QEMUBH *bh)
ba223c29 2686{
7267c094 2687 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2688
38e047b5 2689 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2690 client->bh = bh;
72cf2d4f 2691 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2692 if (!atomic_read(&bounce.in_use)) {
2693 cpu_notify_map_clients_locked();
2694 }
38e047b5 2695 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2696}
2697
38e047b5 2698void cpu_exec_init_all(void)
ba223c29 2699{
38e047b5
FZ		 2700 qemu_mutex_init(&ram_list.mutex);
2701 memory_map_init();
2702 io_mem_init();
2703 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2704}
2705
e95205e1 2706void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2707{
2708 MapClient *client;
2709
e95205e1
FZ		 2710 qemu_mutex_lock(&map_client_list_lock);
2711 QLIST_FOREACH(client, &map_client_list, link) {
2712 if (client->bh == bh) {
2713 cpu_unregister_map_client_do(client);
2714 break;
2715 }
ba223c29 2716 }
e95205e1 2717 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2718}
2719
2720static void cpu_notify_map_clients(void)
2721{
38e047b5 2722 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2723 cpu_notify_map_clients_locked();
38e047b5 2724 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2725}
2726
51644ab7
PB		 2727bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2728{
5c8a00ce 2729 MemoryRegion *mr;
51644ab7
PB		 2730 hwaddr l, xlat;
2731
41063e1e 2732 rcu_read_lock();
51644ab7
PB		 2733 while (len > 0) {
2734 l = len;
5c8a00ce
PB		 2735 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2736 if (!memory_access_is_direct(mr, is_write)) {
2737 l = memory_access_size(mr, l, addr);
2738 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2739 return false;
2740 }
2741 }
2742
2743 len -= l;
2744 addr += l;
2745 }
41063e1e 2746 rcu_read_unlock();
51644ab7
PB		 2747 return true;
2748}
2749
6d16c2f8
AL		 2750/* Map a physical memory region into a host virtual address.
2751 * May map a subset of the requested range, given by and returned in *plen.
2752 * May return NULL if resources needed to perform the mapping are exhausted.
2753 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2754 * Use cpu_register_map_client() to know when retrying the map operation is
2755 * likely to succeed.
6d16c2f8 2756 */
ac1970fb 2757void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2758 hwaddr addr,
2759 hwaddr *plen,
ac1970fb 2760 bool is_write)
6d16c2f8 2761{
a8170e5e 2762 hwaddr len = *plen;
e3127ae0
PB		 2763 hwaddr done = 0;
2764 hwaddr l, xlat, base;
2765 MemoryRegion *mr, *this_mr;
2766 ram_addr_t raddr;
6d16c2f8 2767
e3127ae0
PB		 2768 if (len == 0) {
2769 return NULL;
2770 }
38bee5dc 2771
e3127ae0 2772 l = len;
41063e1e 2773 rcu_read_lock();
e3127ae0 2774 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2775
e3127ae0 2776 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2777 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2778 rcu_read_unlock();
e3127ae0 2779 return NULL;
6d16c2f8 2780 }
e85d9db5
KW		 2781 /* Avoid unbounded allocations */
2782 l = MIN(l, TARGET_PAGE_SIZE);
2783 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2784 bounce.addr = addr;
2785 bounce.len = l;
d3e71559
PB		 2786
2787 memory_region_ref(mr);
2788 bounce.mr = mr;
e3127ae0 2789 if (!is_write) {
5c9eb028
PM		 2790 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2791 bounce.buffer, l);
8ab934f9 2792 }
6d16c2f8 2793
41063e1e 2794 rcu_read_unlock();
e3127ae0
PB		 2795 *plen = l;
2796 return bounce.buffer;
2797 }
2798
2799 base = xlat;
2800 raddr = memory_region_get_ram_addr(mr);
2801
2802 for (;;) {
6d16c2f8
AL		 2803 len -= l;
2804 addr += l;
e3127ae0
PB		 2805 done += l;
2806 if (len == 0) {
2807 break;
2808 }
2809
2810 l = len;
2811 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2812 if (this_mr != mr || xlat != base + done) {
2813 break;
2814 }
6d16c2f8 2815 }
e3127ae0 2816
d3e71559 2817 memory_region_ref(mr);
41063e1e 2818 rcu_read_unlock();
e3127ae0
PB		 2819 *plen = done;
2820 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2821}
2822
ac1970fb 2823/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2824 * Will also mark the memory as dirty if is_write == 1. access_len gives
2825 * the amount of memory that was actually read or written by the caller.
2826 */
a8170e5e
AK		 2827void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2828 int is_write, hwaddr access_len)
6d16c2f8
AL		 2829{
2830 if (buffer != bounce.buffer) {
d3e71559
PB		 2831 MemoryRegion *mr;
2832 ram_addr_t addr1;
2833
2834 mr = qemu_ram_addr_from_host(buffer, &addr1);
2835 assert(mr != NULL);
6d16c2f8 2836 if (is_write) {
845b6214 2837 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2838 }
868bb33f 2839 if (xen_enabled()) {
e41d7c69 2840 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2841 }
d3e71559 2842 memory_region_unref(mr);
6d16c2f8
AL		 2843 return;
2844 }
2845 if (is_write) {
5c9eb028
PM		 2846 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2847 bounce.buffer, access_len);
6d16c2f8 2848 }
f8a83245 2849 qemu_vfree(bounce.buffer);
6d16c2f8 2850 bounce.buffer = NULL;
d3e71559 2851 memory_region_unref(bounce.mr);
c2cba0ff 2852 atomic_mb_set(&bounce.in_use, false);
ba223c29 2853 cpu_notify_map_clients();
6d16c2f8 2854}
d0ecd2aa 2855
a8170e5e
AK		 2856void *cpu_physical_memory_map(hwaddr addr,
2857 hwaddr *plen,
ac1970fb
AK		 2858 int is_write)
2859{
2860 return address_space_map(&address_space_memory, addr, plen, is_write);
2861}
2862
a8170e5e
AK		 2863void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2864 int is_write, hwaddr access_len)
ac1970fb
AK		 2865{
2866 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2867}
2868
8df1cd07 2869/* warning: addr must be aligned */
50013115
PM		 2870static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2871 MemTxAttrs attrs,
2872 MemTxResult *result,
2873 enum device_endian endian)
8df1cd07 2874{
8df1cd07 2875 uint8_t *ptr;
791af8c8 2876 uint64_t val;
5c8a00ce 2877 MemoryRegion *mr;
149f54b5
PB		 2878 hwaddr l = 4;
2879 hwaddr addr1;
50013115 2880 MemTxResult r;
4840f10e 2881 bool release_lock = false;
8df1cd07 2882
41063e1e 2883 rcu_read_lock();
fdfba1a2 2884 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2885 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2886 release_lock |= prepare_mmio_access(mr);
125b3806 2887
8df1cd07 2888 /* I/O case */
50013115 2889 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2890#if defined(TARGET_WORDS_BIGENDIAN)
2891 if (endian == DEVICE_LITTLE_ENDIAN) {
2892 val = bswap32(val);
2893 }
2894#else
2895 if (endian == DEVICE_BIG_ENDIAN) {
2896 val = bswap32(val);
2897 }
2898#endif
8df1cd07
FB		 2899 } else {
2900 /* RAM case */
5c8a00ce 2901 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2902 & TARGET_PAGE_MASK)
149f54b5 2903 + addr1);
1e78bcc1
AG		 2904 switch (endian) {
2905 case DEVICE_LITTLE_ENDIAN:
2906 val = ldl_le_p(ptr);
2907 break;
2908 case DEVICE_BIG_ENDIAN:
2909 val = ldl_be_p(ptr);
2910 break;
2911 default:
2912 val = ldl_p(ptr);
2913 break;
2914 }
50013115
PM		 2915 r = MEMTX_OK;
2916 }
2917 if (result) {
2918 *result = r;
8df1cd07 2919 }
4840f10e
JK		 2920 if (release_lock) {
2921 qemu_mutex_unlock_iothread();
2922 }
41063e1e 2923 rcu_read_unlock();
8df1cd07
FB		 2924 return val;
2925}
2926
50013115
PM		 2927uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2928 MemTxAttrs attrs, MemTxResult *result)
2929{
2930 return address_space_ldl_internal(as, addr, attrs, result,
2931 DEVICE_NATIVE_ENDIAN);
2932}
2933
2934uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2935 MemTxAttrs attrs, MemTxResult *result)
2936{
2937 return address_space_ldl_internal(as, addr, attrs, result,
2938 DEVICE_LITTLE_ENDIAN);
2939}
2940
2941uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2942 MemTxAttrs attrs, MemTxResult *result)
2943{
2944 return address_space_ldl_internal(as, addr, attrs, result,
2945 DEVICE_BIG_ENDIAN);
2946}
2947
fdfba1a2 2948uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2949{
50013115 2950 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2951}
2952
fdfba1a2 2953uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2954{
50013115 2955 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2956}
2957
fdfba1a2 2958uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2959{
50013115 2960 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2961}
2962
84b7b8e7 2963/* warning: addr must be aligned */
50013115
PM		 2964static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2965 MemTxAttrs attrs,
2966 MemTxResult *result,
2967 enum device_endian endian)
84b7b8e7 2968{
84b7b8e7
FB		 2969 uint8_t *ptr;
2970 uint64_t val;
5c8a00ce 2971 MemoryRegion *mr;
149f54b5
PB		 2972 hwaddr l = 8;
2973 hwaddr addr1;
50013115 2974 MemTxResult r;
4840f10e 2975 bool release_lock = false;
84b7b8e7 2976
41063e1e 2977 rcu_read_lock();
2c17449b 2978 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2979 false);
2980 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 2981 release_lock |= prepare_mmio_access(mr);
125b3806 2982
84b7b8e7 2983 /* I/O case */
50013115 2984 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 2985#if defined(TARGET_WORDS_BIGENDIAN)
2986 if (endian == DEVICE_LITTLE_ENDIAN) {
2987 val = bswap64(val);
2988 }
2989#else
2990 if (endian == DEVICE_BIG_ENDIAN) {
2991 val = bswap64(val);
2992 }
84b7b8e7
FB		 2993#endif
2994 } else {
2995 /* RAM case */
5c8a00ce 2996 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2997 & TARGET_PAGE_MASK)
149f54b5 2998 + addr1);
1e78bcc1
AG		 2999 switch (endian) {
3000 case DEVICE_LITTLE_ENDIAN:
3001 val = ldq_le_p(ptr);
3002 break;
3003 case DEVICE_BIG_ENDIAN:
3004 val = ldq_be_p(ptr);
3005 break;
3006 default:
3007 val = ldq_p(ptr);
3008 break;
3009 }
50013115
PM		 3010 r = MEMTX_OK;
3011 }
3012 if (result) {
3013 *result = r;
84b7b8e7 3014 }
4840f10e
JK		 3015 if (release_lock) {
3016 qemu_mutex_unlock_iothread();
3017 }
41063e1e 3018 rcu_read_unlock();
84b7b8e7
FB		 3019 return val;
3020}
3021
50013115
PM		 3022uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3023 MemTxAttrs attrs, MemTxResult *result)
3024{
3025 return address_space_ldq_internal(as, addr, attrs, result,
3026 DEVICE_NATIVE_ENDIAN);
3027}
3028
3029uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3030 MemTxAttrs attrs, MemTxResult *result)
3031{
3032 return address_space_ldq_internal(as, addr, attrs, result,
3033 DEVICE_LITTLE_ENDIAN);
3034}
3035
3036uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3037 MemTxAttrs attrs, MemTxResult *result)
3038{
3039 return address_space_ldq_internal(as, addr, attrs, result,
3040 DEVICE_BIG_ENDIAN);
3041}
3042
2c17449b 3043uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3044{
50013115 3045 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3046}
3047
2c17449b 3048uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3049{
50013115 3050 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3051}
3052
2c17449b 3053uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3054{
50013115 3055 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3056}
3057
aab33094 3058/* XXX: optimize */
50013115
PM		 3059uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3060 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3061{
3062 uint8_t val;
50013115
PM		 3063 MemTxResult r;
3064
3065 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3066 if (result) {
3067 *result = r;
3068 }
aab33094
FB		 3069 return val;
3070}
3071
50013115
PM		 3072uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3073{
3074 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3075}
3076
733f0b02 3077/* warning: addr must be aligned */
50013115
PM		 3078static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3079 hwaddr addr,
3080 MemTxAttrs attrs,
3081 MemTxResult *result,
3082 enum device_endian endian)
aab33094 3083{
733f0b02
MT		 3084 uint8_t *ptr;
3085 uint64_t val;
5c8a00ce 3086 MemoryRegion *mr;
149f54b5
PB		 3087 hwaddr l = 2;
3088 hwaddr addr1;
50013115 3089 MemTxResult r;
4840f10e 3090 bool release_lock = false;
733f0b02 3091
41063e1e 3092 rcu_read_lock();
41701aa4 3093 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3094 false);
3095 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3096 release_lock |= prepare_mmio_access(mr);
125b3806 3097
733f0b02 3098 /* I/O case */
50013115 3099 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3100#if defined(TARGET_WORDS_BIGENDIAN)
3101 if (endian == DEVICE_LITTLE_ENDIAN) {
3102 val = bswap16(val);
3103 }
3104#else
3105 if (endian == DEVICE_BIG_ENDIAN) {
3106 val = bswap16(val);
3107 }
3108#endif
733f0b02
MT		 3109 } else {
3110 /* RAM case */
5c8a00ce 3111 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3112 & TARGET_PAGE_MASK)
149f54b5 3113 + addr1);
1e78bcc1
AG		 3114 switch (endian) {
3115 case DEVICE_LITTLE_ENDIAN:
3116 val = lduw_le_p(ptr);
3117 break;
3118 case DEVICE_BIG_ENDIAN:
3119 val = lduw_be_p(ptr);
3120 break;
3121 default:
3122 val = lduw_p(ptr);
3123 break;
3124 }
50013115
PM		 3125 r = MEMTX_OK;
3126 }
3127 if (result) {
3128 *result = r;
733f0b02 3129 }
4840f10e
JK		 3130 if (release_lock) {
3131 qemu_mutex_unlock_iothread();
3132 }
41063e1e 3133 rcu_read_unlock();
733f0b02 3134 return val;
aab33094
FB		 3135}
3136
50013115
PM		 3137uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3138 MemTxAttrs attrs, MemTxResult *result)
3139{
3140 return address_space_lduw_internal(as, addr, attrs, result,
3141 DEVICE_NATIVE_ENDIAN);
3142}
3143
3144uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3145 MemTxAttrs attrs, MemTxResult *result)
3146{
3147 return address_space_lduw_internal(as, addr, attrs, result,
3148 DEVICE_LITTLE_ENDIAN);
3149}
3150
3151uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3152 MemTxAttrs attrs, MemTxResult *result)
3153{
3154 return address_space_lduw_internal(as, addr, attrs, result,
3155 DEVICE_BIG_ENDIAN);
3156}
3157
41701aa4 3158uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3159{
50013115 3160 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3161}
3162
41701aa4 3163uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3164{
50013115 3165 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3166}
3167
41701aa4 3168uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3169{
50013115 3170 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3171}
3172
8df1cd07
FB		 3173/* warning: addr must be aligned. The ram page is not masked as dirty
3174 and the code inside is not invalidated. It is useful if the dirty
3175 bits are used to track modified PTEs */
50013115
PM		 3176void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3177 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3178{
8df1cd07 3179 uint8_t *ptr;
5c8a00ce 3180 MemoryRegion *mr;
149f54b5
PB		 3181 hwaddr l = 4;
3182 hwaddr addr1;
50013115 3183 MemTxResult r;
845b6214 3184 uint8_t dirty_log_mask;
4840f10e 3185 bool release_lock = false;
8df1cd07 3186
41063e1e 3187 rcu_read_lock();
2198a121 3188 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3189 true);
3190 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3191 release_lock |= prepare_mmio_access(mr);
125b3806 3192
50013115 3193 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3194 } else {
5c8a00ce 3195 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3196 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3197 stl_p(ptr, val);
74576198 3198
845b6214
PB		 3199 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3200 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3201 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3202 r = MEMTX_OK;
3203 }
3204 if (result) {
3205 *result = r;
8df1cd07 3206 }
4840f10e
JK		 3207 if (release_lock) {
3208 qemu_mutex_unlock_iothread();
3209 }
41063e1e 3210 rcu_read_unlock();
8df1cd07
FB		 3211}
3212
50013115
PM		 3213void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3214{
3215 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3216}
3217
8df1cd07 3218/* warning: addr must be aligned */
50013115
PM		 3219static inline void address_space_stl_internal(AddressSpace *as,
3220 hwaddr addr, uint32_t val,
3221 MemTxAttrs attrs,
3222 MemTxResult *result,
3223 enum device_endian endian)
8df1cd07 3224{
8df1cd07 3225 uint8_t *ptr;
5c8a00ce 3226 MemoryRegion *mr;
149f54b5
PB		 3227 hwaddr l = 4;
3228 hwaddr addr1;
50013115 3229 MemTxResult r;
4840f10e 3230 bool release_lock = false;
8df1cd07 3231
41063e1e 3232 rcu_read_lock();
ab1da857 3233 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3234 true);
3235 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3236 release_lock |= prepare_mmio_access(mr);
125b3806 3237
1e78bcc1
AG		 3238#if defined(TARGET_WORDS_BIGENDIAN)
3239 if (endian == DEVICE_LITTLE_ENDIAN) {
3240 val = bswap32(val);
3241 }
3242#else
3243 if (endian == DEVICE_BIG_ENDIAN) {
3244 val = bswap32(val);
3245 }
3246#endif
50013115 3247 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3248 } else {
8df1cd07 3249 /* RAM case */
5c8a00ce 3250 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3251 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3252 switch (endian) {
3253 case DEVICE_LITTLE_ENDIAN:
3254 stl_le_p(ptr, val);
3255 break;
3256 case DEVICE_BIG_ENDIAN:
3257 stl_be_p(ptr, val);
3258 break;
3259 default:
3260 stl_p(ptr, val);
3261 break;
3262 }
845b6214 3263 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3264 r = MEMTX_OK;
3265 }
3266 if (result) {
3267 *result = r;
8df1cd07 3268 }
4840f10e
JK		 3269 if (release_lock) {
3270 qemu_mutex_unlock_iothread();
3271 }
41063e1e 3272 rcu_read_unlock();
8df1cd07
FB		 3273}
3274
50013115
PM		 3275void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3276 MemTxAttrs attrs, MemTxResult *result)
3277{
3278 address_space_stl_internal(as, addr, val, attrs, result,
3279 DEVICE_NATIVE_ENDIAN);
3280}
3281
3282void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs, MemTxResult *result)
3284{
3285 address_space_stl_internal(as, addr, val, attrs, result,
3286 DEVICE_LITTLE_ENDIAN);
3287}
3288
3289void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
3291{
3292 address_space_stl_internal(as, addr, val, attrs, result,
3293 DEVICE_BIG_ENDIAN);
3294}
3295
ab1da857 3296void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3297{
50013115 3298 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3299}
3300
ab1da857 3301void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3302{
50013115 3303 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3304}
3305
ab1da857 3306void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3307{
50013115 3308 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3309}
3310
aab33094 3311/* XXX: optimize */
50013115
PM		 3312void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3313 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3314{
3315 uint8_t v = val;
50013115
PM		 3316 MemTxResult r;
3317
3318 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3319 if (result) {
3320 *result = r;
3321 }
3322}
3323
3324void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3325{
3326 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3327}
3328
733f0b02 3329/* warning: addr must be aligned */
50013115
PM		 3330static inline void address_space_stw_internal(AddressSpace *as,
3331 hwaddr addr, uint32_t val,
3332 MemTxAttrs attrs,
3333 MemTxResult *result,
3334 enum device_endian endian)
aab33094 3335{
733f0b02 3336 uint8_t *ptr;
5c8a00ce 3337 MemoryRegion *mr;
149f54b5
PB		 3338 hwaddr l = 2;
3339 hwaddr addr1;
50013115 3340 MemTxResult r;
4840f10e 3341 bool release_lock = false;
733f0b02 3342
41063e1e 3343 rcu_read_lock();
5ce5944d 3344 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3345 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3346 release_lock |= prepare_mmio_access(mr);
125b3806 3347
1e78bcc1
AG		 3348#if defined(TARGET_WORDS_BIGENDIAN)
3349 if (endian == DEVICE_LITTLE_ENDIAN) {
3350 val = bswap16(val);
3351 }
3352#else
3353 if (endian == DEVICE_BIG_ENDIAN) {
3354 val = bswap16(val);
3355 }
3356#endif
50013115 3357 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3358 } else {
733f0b02 3359 /* RAM case */
5c8a00ce 3360 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3361 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3362 switch (endian) {
3363 case DEVICE_LITTLE_ENDIAN:
3364 stw_le_p(ptr, val);
3365 break;
3366 case DEVICE_BIG_ENDIAN:
3367 stw_be_p(ptr, val);
3368 break;
3369 default:
3370 stw_p(ptr, val);
3371 break;
3372 }
845b6214 3373 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3374 r = MEMTX_OK;
3375 }
3376 if (result) {
3377 *result = r;
733f0b02 3378 }
4840f10e
JK		 3379 if (release_lock) {
3380 qemu_mutex_unlock_iothread();
3381 }
41063e1e 3382 rcu_read_unlock();
aab33094
FB		 3383}
3384
50013115
PM		 3385void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3387{
3388 address_space_stw_internal(as, addr, val, attrs, result,
3389 DEVICE_NATIVE_ENDIAN);
3390}
3391
3392void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3393 MemTxAttrs attrs, MemTxResult *result)
3394{
3395 address_space_stw_internal(as, addr, val, attrs, result,
3396 DEVICE_LITTLE_ENDIAN);
3397}
3398
3399void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3400 MemTxAttrs attrs, MemTxResult *result)
3401{
3402 address_space_stw_internal(as, addr, val, attrs, result,
3403 DEVICE_BIG_ENDIAN);
3404}
3405
5ce5944d 3406void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3407{
50013115 3408 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3409}
3410
5ce5944d 3411void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3412{
50013115 3413 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3414}
3415
5ce5944d 3416void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3417{
50013115 3418 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3419}
3420
aab33094 3421/* XXX: optimize */
50013115
PM		 3422void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3423 MemTxAttrs attrs, MemTxResult *result)
aab33094 3424{
50013115 3425 MemTxResult r;
aab33094 3426 val = tswap64(val);
50013115
PM		 3427 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3428 if (result) {
3429 *result = r;
3430 }
aab33094
FB		 3431}
3432
50013115
PM		 3433void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3434 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3435{
50013115 3436 MemTxResult r;
1e78bcc1 3437 val = cpu_to_le64(val);
50013115
PM		 3438 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3439 if (result) {
3440 *result = r;
3441 }
3442}
3443void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3444 MemTxAttrs attrs, MemTxResult *result)
3445{
3446 MemTxResult r;
3447 val = cpu_to_be64(val);
3448 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3449 if (result) {
3450 *result = r;
3451 }
3452}
3453
3454void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3455{
3456 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3457}
3458
3459void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3460{
3461 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3462}
3463
f606604f 3464void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3465{
50013115 3466 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3467}
3468
5e2972fd 3469/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3470int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3471 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3472{
3473 int l;
a8170e5e 3474 hwaddr phys_addr;
9b3c35e0 3475 target_ulong page;
13eb76e0
FB		 3476
3477 while (len > 0) {
3478 page = addr & TARGET_PAGE_MASK;
f17ec444 3479 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3480 /* if no physical page mapped, return an error */
3481 if (phys_addr == -1)
3482 return -1;
3483 l = (page + TARGET_PAGE_SIZE) - addr;
3484 if (l > len)
3485 l = len;
5e2972fd 3486 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3487 if (is_write) {
3488 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3489 } else {
5c9eb028
PM		 3490 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3491 buf, l, 0);
2e38847b 3492 }
13eb76e0
FB		 3493 len -= l;
3494 buf += l;
3495 addr += l;
3496 }
3497 return 0;
3498}
a68fe89c 3499#endif
13eb76e0 3500
8e4a424b
BS		 3501/*
3502 * A helper function for the _utterly broken_ virtio device model to find out if
3503 * it's running on a big endian machine. Don't do this at home kids!
3504 */
98ed8ecf
GK		 3505bool target_words_bigendian(void);
3506bool target_words_bigendian(void)
8e4a424b
BS		 3507{
3508#if defined(TARGET_WORDS_BIGENDIAN)
3509 return true;
3510#else
3511 return false;
3512#endif
3513}
3514
76f35538 3515#ifndef CONFIG_USER_ONLY
a8170e5e 3516bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3517{
5c8a00ce 3518 MemoryRegion*mr;
149f54b5 3519 hwaddr l = 1;
41063e1e 3520 bool res;
76f35538 3521
41063e1e 3522 rcu_read_lock();
5c8a00ce
PB		 3523 mr = address_space_translate(&address_space_memory,
3524 phys_addr, &phys_addr, &l, false);
76f35538 3525
41063e1e
PB		 3526 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3527 rcu_read_unlock();
3528 return res;
76f35538 3529}
bd2fa51f 3530
e3807054 3531int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3532{
3533 RAMBlock *block;
e3807054 3534 int ret = 0;
bd2fa51f 3535
0dc3f44a
MD		 3536 rcu_read_lock();
3537 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3538 ret = func(block->idstr, block->host, block->offset,
3539 block->used_length, opaque);
3540 if (ret) {
3541 break;
3542 }
bd2fa51f 3543 }
0dc3f44a 3544 rcu_read_unlock();
e3807054 3545 return ret;
bd2fa51f 3546}
ec3f8c99 3547#endif
QEMU mirror