]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ppce500_spin: Store PowerPCCPU in SpinKick
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
7762c2c1 62#include "memory-internal.h"
67d95c15 63
fd6ce8f6 64//#define DEBUG_TB_INVALIDATE
66e85a21 65//#define DEBUG_FLUSH
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24 69//#define DEBUG_TB_CHECK
fd6ce8f6 70
1196be37 71//#define DEBUG_IOPORT
db7b5426 72//#define DEBUG_SUBPAGE
1196be37 73
99773bd4
PB		 74#if !defined(CONFIG_USER_ONLY)
75/* TB consistency checks only implemented for usermode emulation. */
76#undef DEBUG_TB_CHECK
77#endif
78
9fa3e853
FB		 79#define SMC_BITMAP_USE_THRESHOLD 10
80
bdaf78e0 81static TranslationBlock *tbs;
24ab68ac 82static int code_gen_max_blocks;
9fa3e853 83TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 84static int nb_tbs;
eb51d102 85/* any access to the tbs or the page table must use this lock */
c227f099 86spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 87
4438c8a9 88uint8_t *code_gen_prologue;
bdaf78e0 89static uint8_t *code_gen_buffer;
f1bc0bcc 90static size_t code_gen_buffer_size;
26a5f13b 91/* threshold to flush the translated code buffer */
f1bc0bcc 92static size_t code_gen_buffer_max_size;
24ab68ac 93static uint8_t *code_gen_ptr;
fd6ce8f6 94
e2eef170 95#if !defined(CONFIG_USER_ONLY)
9fa3e853 96int phys_ram_fd;
74576198 97static int in_migration;
94a6b54f 98
85d59fef 99RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 100
101static MemoryRegion *system_memory;
309cb471 102static MemoryRegion *system_io;
62152b8a 103
f6790af6
AK		 104AddressSpace address_space_io;
105AddressSpace address_space_memory;
2673a5da 106
0e0df1e2 107MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 108static MemoryRegion io_mem_subpage_ram;
0e0df1e2 109
e2eef170 110#endif
9fa3e853 111
9349b4f9 112CPUArchState *first_cpu;
6a00d601
FB		 113/* current CPU in the current thread. It is only valid inside
114 cpu_exec() */
9349b4f9 115DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 116/* 0 = Do not count executed instructions.
bf20dc07 117 1 = Precise instruction counting.
2e70f6ef
PB		 118 2 = Adaptive rate instruction counting. */
119int use_icount = 0;
6a00d601 120
54936004 121typedef struct PageDesc {
92e873b9 122 /* list of TBs intersecting this ram page */
fd6ce8f6 123 TranslationBlock *first_tb;
9fa3e853
FB		 124 /* in order to optimize self modifying code, we count the number
125 of lookups we do to a given page to use a bitmap */
126 unsigned int code_write_count;
127 uint8_t *code_bitmap;
128#if defined(CONFIG_USER_ONLY)
129 unsigned long flags;
130#endif
54936004
FB		 131} PageDesc;
132
41c1b1c9 133/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 134 while in user mode we want it to be based on virtual addresses. */
135#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 136#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
137# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
138#else
5cd2c5b6 139# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 140#endif
bedb69ea 141#else
5cd2c5b6 142# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 143#endif
54936004 144
5cd2c5b6
RH		 145/* Size of the L2 (and L3, etc) page tables. */
146#define L2_BITS 10
54936004
FB		 147#define L2_SIZE (1 << L2_BITS)
148
3eef53df
AK		 149#define P_L2_LEVELS \
150 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
151
5cd2c5b6 152/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 153#define V_L1_BITS_REM \
154 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
155
5cd2c5b6
RH		 156#if V_L1_BITS_REM < 4
157#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
158#else
159#define V_L1_BITS V_L1_BITS_REM
160#endif
161
5cd2c5b6
RH		 162#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
163
5cd2c5b6
RH		 164#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
165
c6d50674
SW		 166uintptr_t qemu_real_host_page_size;
167uintptr_t qemu_host_page_size;
168uintptr_t qemu_host_page_mask;
54936004 169
5cd2c5b6
RH		 170/* This is a multi-level map on the virtual address space.
171 The bottom level has pointers to PageDesc. */
172static void *l1_map[V_L1_SIZE];
54936004 173
e2eef170 174#if !defined(CONFIG_USER_ONLY)
4346ae3e 175
5312bd8b
AK		 176static MemoryRegionSection *phys_sections;
177static unsigned phys_sections_nb, phys_sections_nb_alloc;
178static uint16_t phys_section_unassigned;
aa102231
AK		 179static uint16_t phys_section_notdirty;
180static uint16_t phys_section_rom;
181static uint16_t phys_section_watch;
5312bd8b 182
d6f2ea22
AK		 183/* Simple allocator for PhysPageEntry nodes */
184static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
185static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
186
07f07b31 187#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 188
e2eef170 189static void io_mem_init(void);
62152b8a 190static void memory_map_init(void);
e2eef170 191
1ec9b909 192static MemoryRegion io_mem_watch;
6658ffb8 193#endif
33417e70 194
e3db7226 195/* statistics */
e3db7226
FB		 196static int tb_flush_count;
197static int tb_phys_invalidate_count;
198
7cb69cae 199#ifdef _WIN32
4438c8a9 200static inline void map_exec(void *addr, long size)
7cb69cae
FB		 201{
202 DWORD old_protect;
203 VirtualProtect(addr, size,
204 PAGE_EXECUTE_READWRITE, &old_protect);
205
206}
207#else
4438c8a9 208static inline void map_exec(void *addr, long size)
7cb69cae 209{
4369415f 210 unsigned long start, end, page_size;
7cb69cae 211
4369415f 212 page_size = getpagesize();
7cb69cae 213 start = (unsigned long)addr;
4369415f 214 start &= ~(page_size - 1);
7cb69cae
FB		 215
216 end = (unsigned long)addr + size;
4369415f
FB		 217 end += page_size - 1;
218 end &= ~(page_size - 1);
7cb69cae
FB		 219
220 mprotect((void *)start, end - start,
221 PROT_READ | PROT_WRITE | PROT_EXEC);
222}
223#endif
224
b346ff46 225static void page_init(void)
54936004 226{
83fb7adf 227 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 228 TARGET_PAGE_SIZE */
c2b48b69
AL		 229#ifdef _WIN32
230 {
231 SYSTEM_INFO system_info;
232
233 GetSystemInfo(&system_info);
234 qemu_real_host_page_size = system_info.dwPageSize;
235 }
236#else
237 qemu_real_host_page_size = getpagesize();
238#endif
83fb7adf
FB		 239 if (qemu_host_page_size == 0)
240 qemu_host_page_size = qemu_real_host_page_size;
241 if (qemu_host_page_size < TARGET_PAGE_SIZE)
242 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 243 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 244
2e9a5713 245#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 246 {
f01576f1
JL		 247#ifdef HAVE_KINFO_GETVMMAP
248 struct kinfo_vmentry *freep;
249 int i, cnt;
250
251 freep = kinfo_getvmmap(getpid(), &cnt);
252 if (freep) {
253 mmap_lock();
254 for (i = 0; i < cnt; i++) {
255 unsigned long startaddr, endaddr;
256
257 startaddr = freep[i].kve_start;
258 endaddr = freep[i].kve_end;
259 if (h2g_valid(startaddr)) {
260 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
261
262 if (h2g_valid(endaddr)) {
263 endaddr = h2g(endaddr);
fd436907 264 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 265 } else {
266#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
267 endaddr = ~0ul;
fd436907 268 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 269#endif
270 }
271 }
272 }
273 free(freep);
274 mmap_unlock();
275 }
276#else
50a9569b 277 FILE *f;
50a9569b 278
0776590d 279 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 280
fd436907 281 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 282 if (f) {
5cd2c5b6
RH		 283 mmap_lock();
284
50a9569b 285 do {
5cd2c5b6
RH		 286 unsigned long startaddr, endaddr;
287 int n;
288
289 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
290
291 if (n == 2 && h2g_valid(startaddr)) {
292 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
293
294 if (h2g_valid(endaddr)) {
295 endaddr = h2g(endaddr);
296 } else {
297 endaddr = ~0ul;
298 }
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 300 }
301 } while (!feof(f));
5cd2c5b6 302
50a9569b 303 fclose(f);
5cd2c5b6 304 mmap_unlock();
50a9569b 305 }
f01576f1 306#endif
50a9569b
AZ		 307 }
308#endif
54936004
FB		 309}
310
41c1b1c9 311static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 312{
41c1b1c9
PB		 313 PageDesc *pd;
314 void **lp;
315 int i;
316
5cd2c5b6 317#if defined(CONFIG_USER_ONLY)
7267c094 318 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 319# define ALLOC(P, SIZE) \
320 do { \
321 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
322 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 323 } while (0)
324#else
325# define ALLOC(P, SIZE) \
7267c094 326 do { P = g_malloc0(SIZE); } while (0)
17e2377a 327#endif
434929bf 328
5cd2c5b6
RH		 329 /* Level 1. Always allocated. */
330 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
331
332 /* Level 2..N-1. */
333 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
334 void **p = *lp;
335
336 if (p == NULL) {
337 if (!alloc) {
338 return NULL;
339 }
340 ALLOC(p, sizeof(void *) * L2_SIZE);
341 *lp = p;
17e2377a 342 }
5cd2c5b6
RH		 343
344 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
345 }
346
347 pd = *lp;
348 if (pd == NULL) {
349 if (!alloc) {
350 return NULL;
351 }
352 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
353 *lp = pd;
54936004 354 }
5cd2c5b6
RH		 355
356#undef ALLOC
5cd2c5b6
RH		 357
358 return pd + (index & (L2_SIZE - 1));
54936004
FB		 359}
360
41c1b1c9 361static inline PageDesc *page_find(tb_page_addr_t index)
54936004 362{
5cd2c5b6 363 return page_find_alloc(index, 0);
fd6ce8f6
FB		 364}
365
6d9a1304 366#if !defined(CONFIG_USER_ONLY)
d6f2ea22 367
f7bf5461 368static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 369{
f7bf5461 370 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 371 typedef PhysPageEntry Node[L2_SIZE];
372 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 373 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
374 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 375 phys_map_nodes = g_renew(Node, phys_map_nodes,
376 phys_map_nodes_nb_alloc);
377 }
f7bf5461
AK		 378}
379
380static uint16_t phys_map_node_alloc(void)
381{
382 unsigned i;
383 uint16_t ret;
384
385 ret = phys_map_nodes_nb++;
386 assert(ret != PHYS_MAP_NODE_NIL);
387 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 388 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 389 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 390 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 391 }
f7bf5461 392 return ret;
d6f2ea22
AK		 393}
394
395static void phys_map_nodes_reset(void)
396{
397 phys_map_nodes_nb = 0;
398}
399
92e873b9 400
a8170e5e
AK		 401static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
402 hwaddr *nb, uint16_t leaf,
2999097b 403 int level)
f7bf5461
AK		 404{
405 PhysPageEntry *p;
406 int i;
a8170e5e 407 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 408
07f07b31 409 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 410 lp->ptr = phys_map_node_alloc();
411 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 412 if (level == 0) {
413 for (i = 0; i < L2_SIZE; i++) {
07f07b31 414 p[i].is_leaf = 1;
c19e8800 415 p[i].ptr = phys_section_unassigned;
4346ae3e 416 }
67c4d23c 417 }
f7bf5461 418 } else {
c19e8800 419 p = phys_map_nodes[lp->ptr];
92e873b9 420 }
2999097b 421 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 422
2999097b 423 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 424 if ((*index & (step - 1)) == 0 && *nb >= step) {
425 lp->is_leaf = true;
c19e8800 426 lp->ptr = leaf;
07f07b31
AK		 427 *index += step;
428 *nb -= step;
2999097b
AK		 429 } else {
430 phys_page_set_level(lp, index, nb, leaf, level - 1);
431 }
432 ++lp;
f7bf5461
AK		 433 }
434}
435
ac1970fb 436static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 437 hwaddr index, hwaddr nb,
2999097b 438 uint16_t leaf)
f7bf5461 439{
2999097b 440 /* Wildly overreserve - it doesn't matter much. */
07f07b31 441 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 442
ac1970fb 443 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 444}
445
a8170e5e 446MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 447{
ac1970fb 448 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 449 PhysPageEntry *p;
450 int i;
31ab2b4a 451 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 452
07f07b31 453 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 454 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 455 goto not_found;
456 }
c19e8800 457 p = phys_map_nodes[lp.ptr];
31ab2b4a 458 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 459 }
31ab2b4a 460
c19e8800 461 s_index = lp.ptr;
31ab2b4a 462not_found:
f3705d53
AK		 463 return &phys_sections[s_index];
464}
465
e5548617
BS		 466bool memory_region_is_unassigned(MemoryRegion *mr)
467{
468 return mr != &io_mem_ram && mr != &io_mem_rom
469 && mr != &io_mem_notdirty && !mr->rom_device
470 && mr != &io_mem_watch;
471}
472
c8a706fe
PB		 473#define mmap_lock() do { } while(0)
474#define mmap_unlock() do { } while(0)
9fa3e853 475#endif
fd6ce8f6 476
4369415f 477#if defined(CONFIG_USER_ONLY)
ccbb4d44 478/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 479 user mode. It will change when a dedicated libc will be used. */
480/* ??? 64-bit hosts ought to have no problem mmaping data outside the
481 region in which the guest needs to run. Revisit this. */
4369415f
FB		 482#define USE_STATIC_CODE_GEN_BUFFER
483#endif
484
f1bc0bcc
RH		 485/* ??? Should configure for this, not list operating systems here. */
486#if (defined(__linux__) \
487 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
488 || defined(__DragonFly__) || defined(__OpenBSD__) \
489 || defined(__NetBSD__))
490# define USE_MMAP
4369415f
FB		 491#endif
492
74d590c8
RH		 493/* Minimum size of the code gen buffer. This number is randomly chosen,
494 but not so small that we can't have a fair number of TB's live. */
495#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
496
f1bc0bcc
RH		 497/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
498 indicated, this is constrained by the range of direct branches on the
499 host cpu, as used by the TCG implementation of goto_tb. */
500#if defined(__x86_64__)
501# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
502#elif defined(__sparc__)
503# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504#elif defined(__arm__)
505# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
506#elif defined(__s390x__)
507 /* We have a +- 4GB range on the branches; leave some slop. */
508# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
509#else
510# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
511#endif
512
3d85a72f
RH		 513#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
514
515#define DEFAULT_CODE_GEN_BUFFER_SIZE \
516 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
517 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 518
519static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 520{
f1bc0bcc
RH		 521 /* Size the buffer. */
522 if (tb_size == 0) {
4369415f 523#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 524 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 525#else
f1bc0bcc
RH		 526 /* ??? Needs adjustments. */
527 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
528 static buffer, we could size this on RESERVED_VA, on the text
529 segment size of the executable, or continue to use the default. */
530 tb_size = (unsigned long)(ram_size / 4);
4369415f 531#endif
26a5f13b 532 }
f1bc0bcc
RH		 533 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
534 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 535 }
f1bc0bcc
RH		 536 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
537 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 538 }
f1bc0bcc
RH		 539 code_gen_buffer_size = tb_size;
540 return tb_size;
541}
542
543#ifdef USE_STATIC_CODE_GEN_BUFFER
544static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
545 __attribute__((aligned(CODE_GEN_ALIGN)));
546
547static inline void *alloc_code_gen_buffer(void)
548{
549 map_exec(static_code_gen_buffer, code_gen_buffer_size);
550 return static_code_gen_buffer;
551}
552#elif defined(USE_MMAP)
553static inline void *alloc_code_gen_buffer(void)
554{
555 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
556 uintptr_t start = 0;
557 void *buf;
558
559 /* Constrain the position of the buffer based on the host cpu.
560 Note that these addresses are chosen in concert with the
561 addresses assigned in the relevant linker script file. */
405def18
RH		 562# if defined(__PIE__) || defined(__PIC__)
563 /* Don't bother setting a preferred location if we're building
564 a position-independent executable. We're more likely to get
565 an address near the main executable if we let the kernel
566 choose the address. */
567# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 568 /* Force the memory down into low memory with the executable.
569 Leave the choice of exact location with the kernel. */
570 flags |= MAP_32BIT;
571 /* Cannot expect to map more than 800MB in low memory. */
572 if (code_gen_buffer_size > 800u * 1024 * 1024) {
573 code_gen_buffer_size = 800u * 1024 * 1024;
574 }
575# elif defined(__sparc__)
576 start = 0x40000000ul;
577# elif defined(__s390x__)
578 start = 0x90000000ul;
579# endif
580
581 buf = mmap((void *)start, code_gen_buffer_size,
582 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
583 return buf == MAP_FAILED ? NULL : buf;
584}
26a5f13b 585#else
f1bc0bcc
RH		 586static inline void *alloc_code_gen_buffer(void)
587{
588 void *buf = g_malloc(code_gen_buffer_size);
589 if (buf) {
590 map_exec(buf, code_gen_buffer_size);
591 }
592 return buf;
593}
594#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
595
596static inline void code_gen_alloc(size_t tb_size)
597{
598 code_gen_buffer_size = size_code_gen_buffer(tb_size);
599 code_gen_buffer = alloc_code_gen_buffer();
600 if (code_gen_buffer == NULL) {
601 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
602 exit(1);
603 }
604
4438c8a9
RH		 605 /* Steal room for the prologue at the end of the buffer. This ensures
606 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
607 from TB's to the prologue are going to be in range. It also means
608 that we don't need to mark (additional) portions of the data segment
609 as executable. */
610 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
611 code_gen_buffer_size -= 1024;
612
a884da8a
PM		 613 code_gen_buffer_max_size = code_gen_buffer_size -
614 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 615 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 616 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 617}
618
619/* Must be called before using the QEMU cpus. 'tb_size' is the size
620 (in bytes) allocated to the translation buffer. Zero means default
621 size. */
d5ab9713 622void tcg_exec_init(unsigned long tb_size)
26a5f13b 623{
26a5f13b
FB		 624 cpu_gen_init();
625 code_gen_alloc(tb_size);
626 code_gen_ptr = code_gen_buffer;
813da627 627 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 628 page_init();
9002ec79
RH		 629#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
630 /* There's no guest base to take into account, so go ahead and
631 initialize the prologue now. */
632 tcg_prologue_init(&tcg_ctx);
633#endif
26a5f13b
FB		 634}
635
d5ab9713
JK		 636bool tcg_enabled(void)
637{
638 return code_gen_buffer != NULL;
639}
640
641void cpu_exec_init_all(void)
642{
643#if !defined(CONFIG_USER_ONLY)
644 memory_map_init();
645 io_mem_init();
646#endif
647}
648
9656f324
PB		 649#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
650
e59fb374 651static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 652{
9349b4f9 653 CPUArchState *env = opaque;
9656f324 654
3098dba0
AJ		 655 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
656 version_id is increased. */
657 env->interrupt_request &= ~0x01;
9656f324
PB		 658 tlb_flush(env, 1);
659
660 return 0;
661}
e7f4eff7
JQ		 662
663static const VMStateDescription vmstate_cpu_common = {
664 .name = "cpu_common",
665 .version_id = 1,
666 .minimum_version_id = 1,
667 .minimum_version_id_old = 1,
e7f4eff7
JQ		 668 .post_load = cpu_common_post_load,
669 .fields = (VMStateField []) {
9349b4f9
AF		 670 VMSTATE_UINT32(halted, CPUArchState),
671 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 672 VMSTATE_END_OF_LIST()
673 }
674};
9656f324
PB		 675#endif
676
9349b4f9 677CPUArchState *qemu_get_cpu(int cpu)
950f1472 678{
9349b4f9 679 CPUArchState *env = first_cpu;
950f1472
GC		 680
681 while (env) {
682 if (env->cpu_index == cpu)
683 break;
684 env = env->next_cpu;
685 }
686
687 return env;
688}
689
9349b4f9 690void cpu_exec_init(CPUArchState *env)
fd6ce8f6 691{
9349b4f9 692 CPUArchState **penv;
6a00d601
FB		 693 int cpu_index;
694
c2764719
PB		 695#if defined(CONFIG_USER_ONLY)
696 cpu_list_lock();
697#endif
6a00d601
FB		 698 env->next_cpu = NULL;
699 penv = &first_cpu;
700 cpu_index = 0;
701 while (*penv != NULL) {
1e9fa730 702 penv = &(*penv)->next_cpu;
6a00d601
FB		 703 cpu_index++;
704 }
705 env->cpu_index = cpu_index;
268a362c 706 env->numa_node = 0;
72cf2d4f
BS		 707 QTAILQ_INIT(&env->breakpoints);
708 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 709#ifndef CONFIG_USER_ONLY
710 env->thread_id = qemu_get_thread_id();
711#endif
6a00d601 712 *penv = env;
c2764719
PB		 713#if defined(CONFIG_USER_ONLY)
714 cpu_list_unlock();
715#endif
b3c7724c 716#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 717 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
718 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 719 cpu_save, cpu_load, env);
720#endif
fd6ce8f6
FB		 721}
722
d1a1eb74
TG		 723/* Allocate a new translation block. Flush the translation buffer if
724 too many translation blocks or too much generated code. */
725static TranslationBlock *tb_alloc(target_ulong pc)
726{
727 TranslationBlock *tb;
728
729 if (nb_tbs >= code_gen_max_blocks ||
730 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
731 return NULL;
732 tb = &tbs[nb_tbs++];
733 tb->pc = pc;
734 tb->cflags = 0;
735 return tb;
736}
737
738void tb_free(TranslationBlock *tb)
739{
740 /* In practice this is mostly used for single use temporary TB
741 Ignore the hard cases and just back up if this TB happens to
742 be the last one generated. */
743 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
744 code_gen_ptr = tb->tc_ptr;
745 nb_tbs--;
746 }
747}
748
9fa3e853
FB		 749static inline void invalidate_page_bitmap(PageDesc *p)
750{
751 if (p->code_bitmap) {
7267c094 752 g_free(p->code_bitmap);
9fa3e853
FB		 753 p->code_bitmap = NULL;
754 }
755 p->code_write_count = 0;
756}
757
5cd2c5b6
RH		 758/* Set to NULL all the 'first_tb' fields in all PageDescs. */
759
760static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 761{
5cd2c5b6 762 int i;
fd6ce8f6 763
5cd2c5b6
RH		 764 if (*lp == NULL) {
765 return;
766 }
767 if (level == 0) {
768 PageDesc *pd = *lp;
7296abac 769 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 770 pd[i].first_tb = NULL;
771 invalidate_page_bitmap(pd + i);
fd6ce8f6 772 }
5cd2c5b6
RH		 773 } else {
774 void **pp = *lp;
7296abac 775 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 776 page_flush_tb_1 (level - 1, pp + i);
777 }
778 }
779}
780
781static void page_flush_tb(void)
782{
783 int i;
784 for (i = 0; i < V_L1_SIZE; i++) {
785 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 786 }
787}
788
789/* flush all the translation blocks */
d4e8164f 790/* XXX: tb_flush is currently not thread safe */
9349b4f9 791void tb_flush(CPUArchState *env1)
fd6ce8f6 792{
9349b4f9 793 CPUArchState *env;
0124311e 794#if defined(DEBUG_FLUSH)
ab3d1727
BS		 795 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
796 (unsigned long)(code_gen_ptr - code_gen_buffer),
797 nb_tbs, nb_tbs > 0 ?
798 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 799#endif
26a5f13b 800 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 801 cpu_abort(env1, "Internal error: code buffer overflow\n");
802
fd6ce8f6 803 nb_tbs = 0;
3b46e624 804
6a00d601
FB		 805 for(env = first_cpu; env != NULL; env = env->next_cpu) {
806 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
807 }
9fa3e853 808
8a8a608f 809 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 810 page_flush_tb();
9fa3e853 811
fd6ce8f6 812 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 813 /* XXX: flush processor icache at this point if cache flush is
814 expensive */
e3db7226 815 tb_flush_count++;
fd6ce8f6
FB		 816}
817
818#ifdef DEBUG_TB_CHECK
819
bc98a7ef 820static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 821{
822 TranslationBlock *tb;
823 int i;
824 address &= TARGET_PAGE_MASK;
99773bd4
PB		 825 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
826 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 827 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
828 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 829 printf("ERROR invalidate: address=" TARGET_FMT_lx
830 " PC=%08lx size=%04x\n",
99773bd4 831 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 832 }
833 }
834 }
835}
836
837/* verify that all the pages have correct rights for code */
838static void tb_page_check(void)
839{
840 TranslationBlock *tb;
841 int i, flags1, flags2;
3b46e624 842
99773bd4
PB		 843 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
844 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 845 flags1 = page_get_flags(tb->pc);
846 flags2 = page_get_flags(tb->pc + tb->size - 1);
847 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
848 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 849 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 850 }
851 }
852 }
853}
854
855#endif
856
857/* invalidate one TB */
858static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
859 int next_offset)
860{
861 TranslationBlock *tb1;
862 for(;;) {
863 tb1 = *ptb;
864 if (tb1 == tb) {
865 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
866 break;
867 }
868 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
869 }
870}
871
9fa3e853
FB		 872static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
873{
874 TranslationBlock *tb1;
875 unsigned int n1;
876
877 for(;;) {
878 tb1 = *ptb;
8efe0ca8
SW		 879 n1 = (uintptr_t)tb1 & 3;
880 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 881 if (tb1 == tb) {
882 *ptb = tb1->page_next[n1];
883 break;
884 }
885 ptb = &tb1->page_next[n1];
886 }
887}
888
d4e8164f
FB		 889static inline void tb_jmp_remove(TranslationBlock *tb, int n)
890{
891 TranslationBlock *tb1, **ptb;
892 unsigned int n1;
893
894 ptb = &tb->jmp_next[n];
895 tb1 = *ptb;
896 if (tb1) {
897 /* find tb(n) in circular list */
898 for(;;) {
899 tb1 = *ptb;
8efe0ca8
SW		 900 n1 = (uintptr_t)tb1 & 3;
901 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 902 if (n1 == n && tb1 == tb)
903 break;
904 if (n1 == 2) {
905 ptb = &tb1->jmp_first;
906 } else {
907 ptb = &tb1->jmp_next[n1];
908 }
909 }
910 /* now we can suppress tb(n) from the list */
911 *ptb = tb->jmp_next[n];
912
913 tb->jmp_next[n] = NULL;
914 }
915}
916
917/* reset the jump entry 'n' of a TB so that it is not chained to
918 another TB */
919static inline void tb_reset_jump(TranslationBlock *tb, int n)
920{
8efe0ca8 921 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 922}
923
41c1b1c9 924void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 925{
9349b4f9 926 CPUArchState *env;
8a40a180 927 PageDesc *p;
d4e8164f 928 unsigned int h, n1;
41c1b1c9 929 tb_page_addr_t phys_pc;
8a40a180 930 TranslationBlock *tb1, *tb2;
3b46e624 931
8a40a180
FB		 932 /* remove the TB from the hash list */
933 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
934 h = tb_phys_hash_func(phys_pc);
5fafdf24 935 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 936 offsetof(TranslationBlock, phys_hash_next));
937
938 /* remove the TB from the page list */
939 if (tb->page_addr[0] != page_addr) {
940 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
941 tb_page_remove(&p->first_tb, tb);
942 invalidate_page_bitmap(p);
943 }
944 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
945 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
946 tb_page_remove(&p->first_tb, tb);
947 invalidate_page_bitmap(p);
948 }
949
36bdbe54 950 tb_invalidated_flag = 1;
59817ccb 951
fd6ce8f6 952 /* remove the TB from the hash list */
8a40a180 953 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 954 for(env = first_cpu; env != NULL; env = env->next_cpu) {
955 if (env->tb_jmp_cache[h] == tb)
956 env->tb_jmp_cache[h] = NULL;
957 }
d4e8164f
FB		 958
959 /* suppress this TB from the two jump lists */
960 tb_jmp_remove(tb, 0);
961 tb_jmp_remove(tb, 1);
962
963 /* suppress any remaining jumps to this TB */
964 tb1 = tb->jmp_first;
965 for(;;) {
8efe0ca8 966 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 967 if (n1 == 2)
968 break;
8efe0ca8 969 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 970 tb2 = tb1->jmp_next[n1];
971 tb_reset_jump(tb1, n1);
972 tb1->jmp_next[n1] = NULL;
973 tb1 = tb2;
974 }
8efe0ca8 975 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 976
e3db7226 977 tb_phys_invalidate_count++;
9fa3e853
FB		 978}
979
980static inline void set_bits(uint8_t *tab, int start, int len)
981{
982 int end, mask, end1;
983
984 end = start + len;
985 tab += start >> 3;
986 mask = 0xff << (start & 7);
987 if ((start & ~7) == (end & ~7)) {
988 if (start < end) {
989 mask &= ~(0xff << (end & 7));
990 *tab |= mask;
991 }
992 } else {
993 *tab++ |= mask;
994 start = (start + 8) & ~7;
995 end1 = end & ~7;
996 while (start < end1) {
997 *tab++ = 0xff;
998 start += 8;
999 }
1000 if (start < end) {
1001 mask = ~(0xff << (end & 7));
1002 *tab |= mask;
1003 }
1004 }
1005}
1006
1007static void build_page_bitmap(PageDesc *p)
1008{
1009 int n, tb_start, tb_end;
1010 TranslationBlock *tb;
3b46e624 1011
7267c094 1012 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1013
1014 tb = p->first_tb;
1015 while (tb != NULL) {
8efe0ca8
SW		 1016 n = (uintptr_t)tb & 3;
1017 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1018 /* NOTE: this is subtle as a TB may span two physical pages */
1019 if (n == 0) {
1020 /* NOTE: tb_end may be after the end of the page, but
1021 it is not a problem */
1022 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1023 tb_end = tb_start + tb->size;
1024 if (tb_end > TARGET_PAGE_SIZE)
1025 tb_end = TARGET_PAGE_SIZE;
1026 } else {
1027 tb_start = 0;
1028 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1029 }
1030 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1031 tb = tb->page_next[n];
1032 }
1033}
1034
9349b4f9 1035TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1036 target_ulong pc, target_ulong cs_base,
1037 int flags, int cflags)
d720b93d
FB		 1038{
1039 TranslationBlock *tb;
1040 uint8_t *tc_ptr;
41c1b1c9
PB		 1041 tb_page_addr_t phys_pc, phys_page2;
1042 target_ulong virt_page2;
d720b93d
FB		 1043 int code_gen_size;
1044
41c1b1c9 1045 phys_pc = get_page_addr_code(env, pc);
c27004ec 1046 tb = tb_alloc(pc);
d720b93d
FB		 1047 if (!tb) {
1048 /* flush must be done */
1049 tb_flush(env);
1050 /* cannot fail at this point */
c27004ec 1051 tb = tb_alloc(pc);
2e70f6ef
PB		 1052 /* Don't forget to invalidate previous TB info. */
1053 tb_invalidated_flag = 1;
d720b93d
FB		 1054 }
1055 tc_ptr = code_gen_ptr;
1056 tb->tc_ptr = tc_ptr;
1057 tb->cs_base = cs_base;
1058 tb->flags = flags;
1059 tb->cflags = cflags;
d07bde88 1060 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1061 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1062 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1063
d720b93d 1064 /* check next page if needed */
c27004ec 1065 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1066 phys_page2 = -1;
c27004ec 1067 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1068 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1069 }
41c1b1c9 1070 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1071 return tb;
d720b93d 1072}
3b46e624 1073
77a8f1a5 1074/*
8e0fdce3
JK		 1075 * Invalidate all TBs which intersect with the target physical address range
1076 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1077 * 'is_cpu_write_access' should be true if called from a real cpu write
1078 * access: the virtual CPU will exit the current TB if code is modified inside
1079 * this TB.
77a8f1a5
AG		 1080 */
1081void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1082 int is_cpu_write_access)
1083{
1084 while (start < end) {
1085 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1086 start &= TARGET_PAGE_MASK;
1087 start += TARGET_PAGE_SIZE;
1088 }
1089}
1090
8e0fdce3
JK		 1091/*
1092 * Invalidate all TBs which intersect with the target physical address range
1093 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1094 * 'is_cpu_write_access' should be true if called from a real cpu write
1095 * access: the virtual CPU will exit the current TB if code is modified inside
1096 * this TB.
1097 */
41c1b1c9 1098void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1099 int is_cpu_write_access)
1100{
6b917547 1101 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1102 CPUArchState *env = cpu_single_env;
41c1b1c9 1103 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1104 PageDesc *p;
1105 int n;
1106#ifdef TARGET_HAS_PRECISE_SMC
1107 int current_tb_not_found = is_cpu_write_access;
1108 TranslationBlock *current_tb = NULL;
1109 int current_tb_modified = 0;
1110 target_ulong current_pc = 0;
1111 target_ulong current_cs_base = 0;
1112 int current_flags = 0;
1113#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1114
1115 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1116 if (!p)
9fa3e853 1117 return;
5fafdf24 1118 if (!p->code_bitmap &&
d720b93d
FB		 1119 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1120 is_cpu_write_access) {
9fa3e853
FB		 1121 /* build code bitmap */
1122 build_page_bitmap(p);
1123 }
1124
1125 /* we remove all the TBs in the range [start, end[ */
1126 /* XXX: see if in some cases it could be faster to invalidate all the code */
1127 tb = p->first_tb;
1128 while (tb != NULL) {
8efe0ca8
SW		 1129 n = (uintptr_t)tb & 3;
1130 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1131 tb_next = tb->page_next[n];
1132 /* NOTE: this is subtle as a TB may span two physical pages */
1133 if (n == 0) {
1134 /* NOTE: tb_end may be after the end of the page, but
1135 it is not a problem */
1136 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1137 tb_end = tb_start + tb->size;
1138 } else {
1139 tb_start = tb->page_addr[1];
1140 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1141 }
1142 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1143#ifdef TARGET_HAS_PRECISE_SMC
1144 if (current_tb_not_found) {
1145 current_tb_not_found = 0;
1146 current_tb = NULL;
2e70f6ef 1147 if (env->mem_io_pc) {
d720b93d 1148 /* now we have a real cpu fault */
2e70f6ef 1149 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1150 }
1151 }
1152 if (current_tb == tb &&
2e70f6ef 1153 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1154 /* If we are modifying the current TB, we must stop
1155 its execution. We could be more precise by checking
1156 that the modification is after the current PC, but it
1157 would require a specialized function to partially
1158 restore the CPU state */
3b46e624 1159
d720b93d 1160 current_tb_modified = 1;
618ba8e6 1161 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1162 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1163 &current_flags);
d720b93d
FB		 1164 }
1165#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1166 /* we need to do that to handle the case where a signal
1167 occurs while doing tb_phys_invalidate() */
1168 saved_tb = NULL;
1169 if (env) {
1170 saved_tb = env->current_tb;
1171 env->current_tb = NULL;
1172 }
9fa3e853 1173 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1174 if (env) {
1175 env->current_tb = saved_tb;
1176 if (env->interrupt_request && env->current_tb)
1177 cpu_interrupt(env, env->interrupt_request);
1178 }
9fa3e853
FB		 1179 }
1180 tb = tb_next;
1181 }
1182#if !defined(CONFIG_USER_ONLY)
1183 /* if no code remaining, no need to continue to use slow writes */
1184 if (!p->first_tb) {
1185 invalidate_page_bitmap(p);
d720b93d 1186 if (is_cpu_write_access) {
2e70f6ef 1187 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1188 }
1189 }
1190#endif
1191#ifdef TARGET_HAS_PRECISE_SMC
1192 if (current_tb_modified) {
1193 /* we generate a block containing just the instruction
1194 modifying the memory. It will ensure that it cannot modify
1195 itself */
ea1c1802 1196 env->current_tb = NULL;
2e70f6ef 1197 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1198 cpu_resume_from_signal(env, NULL);
9fa3e853 1199 }
fd6ce8f6 1200#endif
9fa3e853 1201}
fd6ce8f6 1202
9fa3e853 1203/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1204static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1205{
1206 PageDesc *p;
1207 int offset, b;
59817ccb 1208#if 0
a4193c8a 1209 if (1) {
93fcfe39
AL		 1210 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1211 cpu_single_env->mem_io_vaddr, len,
1212 cpu_single_env->eip,
8efe0ca8
SW		 1213 cpu_single_env->eip +
1214 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1215 }
1216#endif
9fa3e853 1217 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1218 if (!p)
9fa3e853
FB		 1219 return;
1220 if (p->code_bitmap) {
1221 offset = start & ~TARGET_PAGE_MASK;
1222 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1223 if (b & ((1 << len) - 1))
1224 goto do_invalidate;
1225 } else {
1226 do_invalidate:
d720b93d 1227 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1228 }
1229}
1230
9fa3e853 1231#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1232static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1233 uintptr_t pc, void *puc)
9fa3e853 1234{
6b917547 1235 TranslationBlock *tb;
9fa3e853 1236 PageDesc *p;
6b917547 1237 int n;
d720b93d 1238#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1239 TranslationBlock *current_tb = NULL;
9349b4f9 1240 CPUArchState *env = cpu_single_env;
6b917547
AL		 1241 int current_tb_modified = 0;
1242 target_ulong current_pc = 0;
1243 target_ulong current_cs_base = 0;
1244 int current_flags = 0;
d720b93d 1245#endif
9fa3e853
FB		 1246
1247 addr &= TARGET_PAGE_MASK;
1248 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1249 if (!p)
9fa3e853
FB		 1250 return;
1251 tb = p->first_tb;
d720b93d
FB		 1252#ifdef TARGET_HAS_PRECISE_SMC
1253 if (tb && pc != 0) {
1254 current_tb = tb_find_pc(pc);
1255 }
1256#endif
9fa3e853 1257 while (tb != NULL) {
8efe0ca8
SW		 1258 n = (uintptr_t)tb & 3;
1259 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1260#ifdef TARGET_HAS_PRECISE_SMC
1261 if (current_tb == tb &&
2e70f6ef 1262 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1263 /* If we are modifying the current TB, we must stop
1264 its execution. We could be more precise by checking
1265 that the modification is after the current PC, but it
1266 would require a specialized function to partially
1267 restore the CPU state */
3b46e624 1268
d720b93d 1269 current_tb_modified = 1;
618ba8e6 1270 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1271 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1272 &current_flags);
d720b93d
FB		 1273 }
1274#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1275 tb_phys_invalidate(tb, addr);
1276 tb = tb->page_next[n];
1277 }
fd6ce8f6 1278 p->first_tb = NULL;
d720b93d
FB		 1279#ifdef TARGET_HAS_PRECISE_SMC
1280 if (current_tb_modified) {
1281 /* we generate a block containing just the instruction
1282 modifying the memory. It will ensure that it cannot modify
1283 itself */
ea1c1802 1284 env->current_tb = NULL;
2e70f6ef 1285 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1286 cpu_resume_from_signal(env, puc);
1287 }
1288#endif
fd6ce8f6 1289}
9fa3e853 1290#endif
fd6ce8f6
FB		 1291
1292/* add the tb in the target page and protect it if necessary */
5fafdf24 1293static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1294 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1295{
1296 PageDesc *p;
4429ab44
JQ		 1297#ifndef CONFIG_USER_ONLY
1298 bool page_already_protected;
1299#endif
9fa3e853
FB		 1300
1301 tb->page_addr[n] = page_addr;
5cd2c5b6 1302 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1303 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1304#ifndef CONFIG_USER_ONLY
1305 page_already_protected = p->first_tb != NULL;
1306#endif
8efe0ca8 1307 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1308 invalidate_page_bitmap(p);
fd6ce8f6 1309
107db443 1310#if defined(TARGET_HAS_SMC) || 1
d720b93d 1311
9fa3e853 1312#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1313 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1314 target_ulong addr;
1315 PageDesc *p2;
9fa3e853
FB		 1316 int prot;
1317
fd6ce8f6
FB		 1318 /* force the host page as non writable (writes will have a
1319 page fault + mprotect overhead) */
53a5960a 1320 page_addr &= qemu_host_page_mask;
fd6ce8f6 1321 prot = 0;
53a5960a
PB		 1322 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1323 addr += TARGET_PAGE_SIZE) {
1324
1325 p2 = page_find (addr >> TARGET_PAGE_BITS);
1326 if (!p2)
1327 continue;
1328 prot |= p2->flags;
1329 p2->flags &= ~PAGE_WRITE;
53a5960a 1330 }
5fafdf24 1331 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1332 (prot & PAGE_BITS) & ~PAGE_WRITE);
1333#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1334 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1335 page_addr);
fd6ce8f6 1336#endif
fd6ce8f6 1337 }
9fa3e853
FB		 1338#else
1339 /* if some code is already present, then the pages are already
1340 protected. So we handle the case where only the first TB is
1341 allocated in a physical page */
4429ab44 1342 if (!page_already_protected) {
6a00d601 1343 tlb_protect_code(page_addr);
9fa3e853
FB		 1344 }
1345#endif
d720b93d
FB		 1346
1347#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1348}
1349
9fa3e853
FB		 1350/* add a new TB and link it to the physical page tables. phys_page2 is
1351 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1352void tb_link_page(TranslationBlock *tb,
1353 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1354{
9fa3e853
FB		 1355 unsigned int h;
1356 TranslationBlock **ptb;
1357
c8a706fe
PB		 1358 /* Grab the mmap lock to stop another thread invalidating this TB
1359 before we are done. */
1360 mmap_lock();
9fa3e853
FB		 1361 /* add in the physical hash table */
1362 h = tb_phys_hash_func(phys_pc);
1363 ptb = &tb_phys_hash[h];
1364 tb->phys_hash_next = *ptb;
1365 *ptb = tb;
fd6ce8f6
FB		 1366
1367 /* add in the page list */
9fa3e853
FB		 1368 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1369 if (phys_page2 != -1)
1370 tb_alloc_page(tb, 1, phys_page2);
1371 else
1372 tb->page_addr[1] = -1;
9fa3e853 1373
8efe0ca8 1374 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1375 tb->jmp_next[0] = NULL;
1376 tb->jmp_next[1] = NULL;
1377
1378 /* init original jump addresses */
1379 if (tb->tb_next_offset[0] != 0xffff)
1380 tb_reset_jump(tb, 0);
1381 if (tb->tb_next_offset[1] != 0xffff)
1382 tb_reset_jump(tb, 1);
8a40a180
FB		 1383
1384#ifdef DEBUG_TB_CHECK
1385 tb_page_check();
1386#endif
c8a706fe 1387 mmap_unlock();
fd6ce8f6
FB		 1388}
1389
9fa3e853
FB		 1390/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1391 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1392TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1393{
9fa3e853 1394 int m_min, m_max, m;
8efe0ca8 1395 uintptr_t v;
9fa3e853 1396 TranslationBlock *tb;
a513fe19
FB		 1397
1398 if (nb_tbs <= 0)
1399 return NULL;
8efe0ca8
SW		 1400 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1401 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1402 return NULL;
8efe0ca8 1403 }
a513fe19
FB		 1404 /* binary search (cf Knuth) */
1405 m_min = 0;
1406 m_max = nb_tbs - 1;
1407 while (m_min <= m_max) {
1408 m = (m_min + m_max) >> 1;
1409 tb = &tbs[m];
8efe0ca8 1410 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1411 if (v == tc_ptr)
1412 return tb;
1413 else if (tc_ptr < v) {
1414 m_max = m - 1;
1415 } else {
1416 m_min = m + 1;
1417 }
5fafdf24 1418 }
a513fe19
FB		 1419 return &tbs[m_max];
1420}
7501267e 1421
ea041c0e
FB		 1422static void tb_reset_jump_recursive(TranslationBlock *tb);
1423
1424static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1425{
1426 TranslationBlock *tb1, *tb_next, **ptb;
1427 unsigned int n1;
1428
1429 tb1 = tb->jmp_next[n];
1430 if (tb1 != NULL) {
1431 /* find head of list */
1432 for(;;) {
8efe0ca8
SW		 1433 n1 = (uintptr_t)tb1 & 3;
1434 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1435 if (n1 == 2)
1436 break;
1437 tb1 = tb1->jmp_next[n1];
1438 }
1439 /* we are now sure now that tb jumps to tb1 */
1440 tb_next = tb1;
1441
1442 /* remove tb from the jmp_first list */
1443 ptb = &tb_next->jmp_first;
1444 for(;;) {
1445 tb1 = *ptb;
8efe0ca8
SW		 1446 n1 = (uintptr_t)tb1 & 3;
1447 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1448 if (n1 == n && tb1 == tb)
1449 break;
1450 ptb = &tb1->jmp_next[n1];
1451 }
1452 *ptb = tb->jmp_next[n];
1453 tb->jmp_next[n] = NULL;
3b46e624 1454
ea041c0e
FB		 1455 /* suppress the jump to next tb in generated code */
1456 tb_reset_jump(tb, n);
1457
0124311e 1458 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1459 tb_reset_jump_recursive(tb_next);
1460 }
1461}
1462
1463static void tb_reset_jump_recursive(TranslationBlock *tb)
1464{
1465 tb_reset_jump_recursive2(tb, 0);
1466 tb_reset_jump_recursive2(tb, 1);
1467}
1468
1fddef4b 1469#if defined(TARGET_HAS_ICE)
94df27fd 1470#if defined(CONFIG_USER_ONLY)
9349b4f9 1471static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1472{
1473 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1474}
1475#else
a8170e5e 1476void tb_invalidate_phys_addr(hwaddr addr)
d720b93d 1477{
c227f099 1478 ram_addr_t ram_addr;
f3705d53 1479 MemoryRegionSection *section;
d720b93d 1480
ac1970fb 1481 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1482 if (!(memory_region_is_ram(section->mr)
1483 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1484 return;
1485 }
f3705d53 1486 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1487 + memory_region_section_addr(section, addr);
706cd4b5 1488 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1489}
1e7855a5
MF		 1490
1491static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1492{
9d70c4b7
MF		 1493 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1494 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1495}
c27004ec 1496#endif
94df27fd 1497#endif /* TARGET_HAS_ICE */
d720b93d 1498
c527ee8f 1499#if defined(CONFIG_USER_ONLY)
9349b4f9 1500void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1501
1502{
1503}
1504
9349b4f9 1505int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1506 int flags, CPUWatchpoint **watchpoint)
1507{
1508 return -ENOSYS;
1509}
1510#else
6658ffb8 1511/* Add a watchpoint. */
9349b4f9 1512int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1513 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1514{
b4051334 1515 target_ulong len_mask = ~(len - 1);
c0ce998e 1516 CPUWatchpoint *wp;
6658ffb8 1517
b4051334 1518 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1519 if ((len & (len - 1)) || (addr & ~len_mask) ||
1520 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1521 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1522 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1523 return -EINVAL;
1524 }
7267c094 1525 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1526
1527 wp->vaddr = addr;
b4051334 1528 wp->len_mask = len_mask;
a1d1bb31
AL		 1529 wp->flags = flags;
1530
2dc9f411 1531 /* keep all GDB-injected watchpoints in front */
c0ce998e 1532 if (flags & BP_GDB)
72cf2d4f 1533 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1534 else
72cf2d4f 1535 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1536
6658ffb8 1537 tlb_flush_page(env, addr);
a1d1bb31
AL		 1538
1539 if (watchpoint)
1540 *watchpoint = wp;
1541 return 0;
6658ffb8
PB		 1542}
1543
a1d1bb31 1544/* Remove a specific watchpoint. */
9349b4f9 1545int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1546 int flags)
6658ffb8 1547{
b4051334 1548 target_ulong len_mask = ~(len - 1);
a1d1bb31 1549 CPUWatchpoint *wp;
6658ffb8 1550
72cf2d4f 1551 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1552 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1553 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1554 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1555 return 0;
1556 }
1557 }
a1d1bb31 1558 return -ENOENT;
6658ffb8
PB		 1559}
1560
a1d1bb31 1561/* Remove a specific watchpoint by reference. */
9349b4f9 1562void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1563{
72cf2d4f 1564 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1565
a1d1bb31
AL		 1566 tlb_flush_page(env, watchpoint->vaddr);
1567
7267c094 1568 g_free(watchpoint);
a1d1bb31
AL		 1569}
1570
1571/* Remove all matching watchpoints. */
9349b4f9 1572void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1573{
c0ce998e 1574 CPUWatchpoint *wp, *next;
a1d1bb31 1575
72cf2d4f 1576 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1577 if (wp->flags & mask)
1578 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1579 }
7d03f82f 1580}
c527ee8f 1581#endif
7d03f82f 1582
a1d1bb31 1583/* Add a breakpoint. */
9349b4f9 1584int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1585 CPUBreakpoint **breakpoint)
4c3a88a2 1586{
1fddef4b 1587#if defined(TARGET_HAS_ICE)
c0ce998e 1588 CPUBreakpoint *bp;
3b46e624 1589
7267c094 1590 bp = g_malloc(sizeof(*bp));
4c3a88a2 1591
a1d1bb31
AL		 1592 bp->pc = pc;
1593 bp->flags = flags;
1594
2dc9f411 1595 /* keep all GDB-injected breakpoints in front */
c0ce998e 1596 if (flags & BP_GDB)
72cf2d4f 1597 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1598 else
72cf2d4f 1599 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1600
d720b93d 1601 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1602
1603 if (breakpoint)
1604 *breakpoint = bp;
4c3a88a2
FB		 1605 return 0;
1606#else
a1d1bb31 1607 return -ENOSYS;
4c3a88a2
FB		 1608#endif
1609}
1610
a1d1bb31 1611/* Remove a specific breakpoint. */
9349b4f9 1612int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1613{
7d03f82f 1614#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1615 CPUBreakpoint *bp;
1616
72cf2d4f 1617 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1618 if (bp->pc == pc && bp->flags == flags) {
1619 cpu_breakpoint_remove_by_ref(env, bp);
1620 return 0;
1621 }
7d03f82f 1622 }
a1d1bb31
AL		 1623 return -ENOENT;
1624#else
1625 return -ENOSYS;
7d03f82f
EI		 1626#endif
1627}
1628
a1d1bb31 1629/* Remove a specific breakpoint by reference. */
9349b4f9 1630void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1631{
1fddef4b 1632#if defined(TARGET_HAS_ICE)
72cf2d4f 1633 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1634
a1d1bb31
AL		 1635 breakpoint_invalidate(env, breakpoint->pc);
1636
7267c094 1637 g_free(breakpoint);
a1d1bb31
AL		 1638#endif
1639}
1640
1641/* Remove all matching breakpoints. */
9349b4f9 1642void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1643{
1644#if defined(TARGET_HAS_ICE)
c0ce998e 1645 CPUBreakpoint *bp, *next;
a1d1bb31 1646
72cf2d4f 1647 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1648 if (bp->flags & mask)
1649 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1650 }
4c3a88a2
FB		 1651#endif
1652}
1653
c33a346e
FB		 1654/* enable or disable single step mode. EXCP_DEBUG is returned by the
1655 CPU loop after each instruction */
9349b4f9 1656void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1657{
1fddef4b 1658#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1659 if (env->singlestep_enabled != enabled) {
1660 env->singlestep_enabled = enabled;
e22a25c9
AL		 1661 if (kvm_enabled())
1662 kvm_update_guest_debug(env, 0);
1663 else {
ccbb4d44 1664 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1665 /* XXX: only flush what is necessary */
1666 tb_flush(env);
1667 }
c33a346e
FB		 1668 }
1669#endif
1670}
1671
9349b4f9 1672static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1673{
3098dba0
AJ		 1674 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1675 problem and hope the cpu will stop of its own accord. For userspace
1676 emulation this often isn't actually as bad as it sounds. Often
1677 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1678 TranslationBlock *tb;
c227f099 1679 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1680
cab1b4bd 1681 spin_lock(&interrupt_lock);
3098dba0
AJ		 1682 tb = env->current_tb;
1683 /* if the cpu is currently executing code, we must unlink it and
1684 all the potentially executing TB */
f76cfe56 1685 if (tb) {
3098dba0
AJ		 1686 env->current_tb = NULL;
1687 tb_reset_jump_recursive(tb);
be214e6c 1688 }
cab1b4bd 1689 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1690}
1691
97ffbd8d 1692#ifndef CONFIG_USER_ONLY
3098dba0 1693/* mask must never be zero, except for A20 change call */
9349b4f9 1694static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0 1695{
60e82579 1696 CPUState *cpu = ENV_GET_CPU(env);
3098dba0 1697 int old_mask;
be214e6c 1698
2e70f6ef 1699 old_mask = env->interrupt_request;
68a79315 1700 env->interrupt_request |= mask;
3098dba0 1701
8edac960
AL		 1702 /*
1703 * If called from iothread context, wake the target cpu in
1704 * case its halted.
1705 */
60e82579 1706 if (!qemu_cpu_is_self(cpu)) {
8edac960
AL		 1707 qemu_cpu_kick(env);
1708 return;
1709 }
8edac960 1710
2e70f6ef 1711 if (use_icount) {
266910c4 1712 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1713 if (!can_do_io(env)
be214e6c 1714 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1715 cpu_abort(env, "Raised interrupt while not in I/O function");
1716 }
2e70f6ef 1717 } else {
3098dba0 1718 cpu_unlink_tb(env);
ea041c0e
FB		 1719 }
1720}
1721
ec6959d0
JK		 1722CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1723
97ffbd8d
JK		 1724#else /* CONFIG_USER_ONLY */
1725
9349b4f9 1726void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1727{
1728 env->interrupt_request |= mask;
1729 cpu_unlink_tb(env);
1730}
1731#endif /* CONFIG_USER_ONLY */
1732
9349b4f9 1733void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1734{
1735 env->interrupt_request &= ~mask;
1736}
1737
9349b4f9 1738void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1739{
1740 env->exit_request = 1;
1741 cpu_unlink_tb(env);
1742}
1743
9349b4f9 1744void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1745{
1746 va_list ap;
493ae1f0 1747 va_list ap2;
7501267e
FB		 1748
1749 va_start(ap, fmt);
493ae1f0 1750 va_copy(ap2, ap);
7501267e
FB		 1751 fprintf(stderr, "qemu: fatal: ");
1752 vfprintf(stderr, fmt, ap);
1753 fprintf(stderr, "\n");
6fd2a026 1754 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1755 if (qemu_log_enabled()) {
1756 qemu_log("qemu: fatal: ");
1757 qemu_log_vprintf(fmt, ap2);
1758 qemu_log("\n");
6fd2a026 1759 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1760 qemu_log_flush();
93fcfe39 1761 qemu_log_close();
924edcae 1762 }
493ae1f0 1763 va_end(ap2);
f9373291 1764 va_end(ap);
fd052bf6
RV		 1765#if defined(CONFIG_USER_ONLY)
1766 {
1767 struct sigaction act;
1768 sigfillset(&act.sa_mask);
1769 act.sa_handler = SIG_DFL;
1770 sigaction(SIGABRT, &act, NULL);
1771 }
1772#endif
7501267e
FB		 1773 abort();
1774}
1775
9349b4f9 1776CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1777{
9349b4f9
AF		 1778 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1779 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1780 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1781#if defined(TARGET_HAS_ICE)
1782 CPUBreakpoint *bp;
1783 CPUWatchpoint *wp;
1784#endif
1785
9349b4f9 1786 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1787
1788 /* Preserve chaining and index. */
c5be9f08
TS		 1789 new_env->next_cpu = next_cpu;
1790 new_env->cpu_index = cpu_index;
5a38f081
AL		 1791
1792 /* Clone all break/watchpoints.
1793 Note: Once we support ptrace with hw-debug register access, make sure
1794 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1795 QTAILQ_INIT(&env->breakpoints);
1796 QTAILQ_INIT(&env->watchpoints);
5a38f081 1797#if defined(TARGET_HAS_ICE)
72cf2d4f 1798 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1799 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1800 }
72cf2d4f 1801 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1802 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1803 wp->flags, NULL);
1804 }
1805#endif
1806
c5be9f08
TS		 1807 return new_env;
1808}
1809
0124311e 1810#if !defined(CONFIG_USER_ONLY)
0cac1b66 1811void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1812{
1813 unsigned int i;
1814
1815 /* Discard jump cache entries for any tb which might potentially
1816 overlap the flushed page. */
1817 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1818 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1819 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1820
1821 i = tb_jmp_cache_hash_page(addr);
1822 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1823 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1824}
1825
d24981d3
JQ		 1826static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1827 uintptr_t length)
1828{
1829 uintptr_t start1;
1830
1831 /* we modify the TLB cache so that the dirty bit will be set again
1832 when accessing the range */
1833 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1834 /* Check that we don't span multiple blocks - this breaks the
1835 address comparisons below. */
1836 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1837 != (end - 1) - start) {
1838 abort();
1839 }
1840 cpu_tlb_reset_dirty_all(start1, length);
1841
1842}
1843
5579c7f3 1844/* Note: start and end must be within the same ram block. */
c227f099 1845void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1846 int dirty_flags)
1ccde1cb 1847{
d24981d3 1848 uintptr_t length;
1ccde1cb
FB		 1849
1850 start &= TARGET_PAGE_MASK;
1851 end = TARGET_PAGE_ALIGN(end);
1852
1853 length = end - start;
1854 if (length == 0)
1855 return;
f7c11b53 1856 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1857
d24981d3
JQ		 1858 if (tcg_enabled()) {
1859 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1860 }
1ccde1cb
FB		 1861}
1862
74576198
AL		 1863int cpu_physical_memory_set_dirty_tracking(int enable)
1864{
f6f3fbca 1865 int ret = 0;
74576198 1866 in_migration = enable;
f6f3fbca 1867 return ret;
74576198
AL		 1868}
1869
a8170e5e 1870hwaddr memory_region_section_get_iotlb(CPUArchState *env,
e5548617
BS		 1871 MemoryRegionSection *section,
1872 target_ulong vaddr,
a8170e5e 1873 hwaddr paddr,
e5548617
BS		 1874 int prot,
1875 target_ulong *address)
1876{
a8170e5e 1877 hwaddr iotlb;
e5548617
BS		 1878 CPUWatchpoint *wp;
1879
cc5bea60 1880 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1881 /* Normal RAM. */
1882 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1883 + memory_region_section_addr(section, paddr);
e5548617
BS		 1884 if (!section->readonly) {
1885 iotlb |= phys_section_notdirty;
1886 } else {
1887 iotlb |= phys_section_rom;
1888 }
1889 } else {
1890 /* IO handlers are currently passed a physical address.
1891 It would be nice to pass an offset from the base address
1892 of that region. This would avoid having to special case RAM,
1893 and avoid full address decoding in every device.
1894 We can't use the high bits of pd for this because
1895 IO_MEM_ROMD uses these as a ram address. */
1896 iotlb = section - phys_sections;
cc5bea60 1897 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1898 }
1899
1900 /* Make accesses to pages with watchpoints go via the
1901 watchpoint trap routines. */
1902 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1903 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1904 /* Avoid trapping reads of pages with a write breakpoint. */
1905 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1906 iotlb = phys_section_watch + paddr;
1907 *address |= TLB_MMIO;
1908 break;
1909 }
1910 }
1911 }
1912
1913 return iotlb;
1914}
1915
0124311e 1916#else
edf8e2af
MW		 1917/*
1918 * Walks guest process memory "regions" one by one
1919 * and calls callback function 'fn' for each region.
1920 */
5cd2c5b6
RH		 1921
1922struct walk_memory_regions_data
1923{
1924 walk_memory_regions_fn fn;
1925 void *priv;
8efe0ca8 1926 uintptr_t start;
5cd2c5b6
RH		 1927 int prot;
1928};
1929
1930static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1931 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1932{
1933 if (data->start != -1ul) {
1934 int rc = data->fn(data->priv, data->start, end, data->prot);
1935 if (rc != 0) {
1936 return rc;
1937 }
1938 }
1939
1940 data->start = (new_prot ? end : -1ul);
1941 data->prot = new_prot;
1942
1943 return 0;
1944}
1945
1946static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1947 abi_ulong base, int level, void **lp)
5cd2c5b6 1948{
b480d9b7 1949 abi_ulong pa;
5cd2c5b6
RH		 1950 int i, rc;
1951
1952 if (*lp == NULL) {
1953 return walk_memory_regions_end(data, base, 0);
1954 }
1955
1956 if (level == 0) {
1957 PageDesc *pd = *lp;
7296abac 1958 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1959 int prot = pd[i].flags;
1960
1961 pa = base | (i << TARGET_PAGE_BITS);
1962 if (prot != data->prot) {
1963 rc = walk_memory_regions_end(data, pa, prot);
1964 if (rc != 0) {
1965 return rc;
9fa3e853 1966 }
9fa3e853 1967 }
5cd2c5b6
RH		 1968 }
1969 } else {
1970 void **pp = *lp;
7296abac 1971 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1972 pa = base | ((abi_ulong)i <<
1973 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1974 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1975 if (rc != 0) {
1976 return rc;
1977 }
1978 }
1979 }
1980
1981 return 0;
1982}
1983
1984int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1985{
1986 struct walk_memory_regions_data data;
8efe0ca8 1987 uintptr_t i;
5cd2c5b6
RH		 1988
1989 data.fn = fn;
1990 data.priv = priv;
1991 data.start = -1ul;
1992 data.prot = 0;
1993
1994 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1995 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1996 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1997 if (rc != 0) {
1998 return rc;
9fa3e853 1999 }
33417e70 2000 }
5cd2c5b6
RH		 2001
2002 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2003}
2004
b480d9b7
PB		 2005static int dump_region(void *priv, abi_ulong start,
2006 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2007{
2008 FILE *f = (FILE *)priv;
2009
b480d9b7
PB		 2010 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2011 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2012 start, end, end - start,
2013 ((prot & PAGE_READ) ? 'r' : '-'),
2014 ((prot & PAGE_WRITE) ? 'w' : '-'),
2015 ((prot & PAGE_EXEC) ? 'x' : '-'));
2016
2017 return (0);
2018}
2019
2020/* dump memory mappings */
2021void page_dump(FILE *f)
2022{
2023 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2024 "start", "end", "size", "prot");
2025 walk_memory_regions(f, dump_region);
33417e70
FB		 2026}
2027
53a5960a 2028int page_get_flags(target_ulong address)
33417e70 2029{
9fa3e853
FB		 2030 PageDesc *p;
2031
2032 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2033 if (!p)
9fa3e853
FB		 2034 return 0;
2035 return p->flags;
2036}
2037
376a7909
RH		 2038/* Modify the flags of a page and invalidate the code if necessary.
2039 The flag PAGE_WRITE_ORG is positioned automatically depending
2040 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2041void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2042{
376a7909
RH		 2043 target_ulong addr, len;
2044
2045 /* This function should never be called with addresses outside the
2046 guest address space. If this assert fires, it probably indicates
2047 a missing call to h2g_valid. */
b480d9b7
PB		 2048#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2049 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2050#endif
2051 assert(start < end);
9fa3e853
FB		 2052
2053 start = start & TARGET_PAGE_MASK;
2054 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2055
2056 if (flags & PAGE_WRITE) {
9fa3e853 2057 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2058 }
2059
2060 for (addr = start, len = end - start;
2061 len != 0;
2062 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2063 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2064
2065 /* If the write protection bit is set, then we invalidate
2066 the code inside. */
5fafdf24 2067 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2068 (flags & PAGE_WRITE) &&
2069 p->first_tb) {
d720b93d 2070 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2071 }
2072 p->flags = flags;
2073 }
33417e70
FB		 2074}
2075
3d97b40b
TS		 2076int page_check_range(target_ulong start, target_ulong len, int flags)
2077{
2078 PageDesc *p;
2079 target_ulong end;
2080 target_ulong addr;
2081
376a7909
RH		 2082 /* This function should never be called with addresses outside the
2083 guest address space. If this assert fires, it probably indicates
2084 a missing call to h2g_valid. */
338e9e6c
BS		 2085#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2086 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2087#endif
2088
3e0650a9
RH		 2089 if (len == 0) {
2090 return 0;
2091 }
376a7909
RH		 2092 if (start + len - 1 < start) {
2093 /* We've wrapped around. */
55f280c9 2094 return -1;
376a7909 2095 }
55f280c9 2096
3d97b40b
TS		 2097 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2098 start = start & TARGET_PAGE_MASK;
2099
376a7909
RH		 2100 for (addr = start, len = end - start;
2101 len != 0;
2102 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2103 p = page_find(addr >> TARGET_PAGE_BITS);
2104 if( !p )
2105 return -1;
2106 if( !(p->flags & PAGE_VALID) )
2107 return -1;
2108
dae3270c 2109 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2110 return -1;
dae3270c
FB		 2111 if (flags & PAGE_WRITE) {
2112 if (!(p->flags & PAGE_WRITE_ORG))
2113 return -1;
2114 /* unprotect the page if it was put read-only because it
2115 contains translated code */
2116 if (!(p->flags & PAGE_WRITE)) {
2117 if (!page_unprotect(addr, 0, NULL))
2118 return -1;
2119 }
2120 return 0;
2121 }
3d97b40b
TS		 2122 }
2123 return 0;
2124}
2125
9fa3e853 2126/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2127 page. Return TRUE if the fault was successfully handled. */
6375e09e 2128int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2129{
45d679d6
AJ		 2130 unsigned int prot;
2131 PageDesc *p;
53a5960a 2132 target_ulong host_start, host_end, addr;
9fa3e853 2133
c8a706fe
PB		 2134 /* Technically this isn't safe inside a signal handler. However we
2135 know this only ever happens in a synchronous SEGV handler, so in
2136 practice it seems to be ok. */
2137 mmap_lock();
2138
45d679d6
AJ		 2139 p = page_find(address >> TARGET_PAGE_BITS);
2140 if (!p) {
c8a706fe 2141 mmap_unlock();
9fa3e853 2142 return 0;
c8a706fe 2143 }
45d679d6 2144
9fa3e853
FB		 2145 /* if the page was really writable, then we change its
2146 protection back to writable */
45d679d6
AJ		 2147 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2148 host_start = address & qemu_host_page_mask;
2149 host_end = host_start + qemu_host_page_size;
2150
2151 prot = 0;
2152 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2153 p = page_find(addr >> TARGET_PAGE_BITS);
2154 p->flags |= PAGE_WRITE;
2155 prot |= p->flags;
2156
9fa3e853
FB		 2157 /* and since the content will be modified, we must invalidate
2158 the corresponding translated code. */
45d679d6 2159 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2160#ifdef DEBUG_TB_CHECK
45d679d6 2161 tb_invalidate_check(addr);
9fa3e853 2162#endif
9fa3e853 2163 }
45d679d6
AJ		 2164 mprotect((void *)g2h(host_start), qemu_host_page_size,
2165 prot & PAGE_BITS);
2166
2167 mmap_unlock();
2168 return 1;
9fa3e853 2169 }
c8a706fe 2170 mmap_unlock();
9fa3e853
FB		 2171 return 0;
2172}
9fa3e853
FB		 2173#endif /* defined(CONFIG_USER_ONLY) */
2174
e2eef170 2175#if !defined(CONFIG_USER_ONLY)
8da3ff18 2176
c04b2b78
PB		 2177#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2178typedef struct subpage_t {
70c68e44 2179 MemoryRegion iomem;
a8170e5e 2180 hwaddr base;
5312bd8b 2181 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2182} subpage_t;
2183
c227f099 2184static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2185 uint16_t section);
a8170e5e 2186static subpage_t *subpage_init(hwaddr base);
5312bd8b 2187static void destroy_page_desc(uint16_t section_index)
54688b1e 2188{
5312bd8b
AK		 2189 MemoryRegionSection *section = &phys_sections[section_index];
2190 MemoryRegion *mr = section->mr;
54688b1e
AK		 2191
2192 if (mr->subpage) {
2193 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2194 memory_region_destroy(&subpage->iomem);
2195 g_free(subpage);
2196 }
2197}
2198
4346ae3e 2199static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2200{
2201 unsigned i;
d6f2ea22 2202 PhysPageEntry *p;
54688b1e 2203
c19e8800 2204 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2205 return;
2206 }
2207
c19e8800 2208 p = phys_map_nodes[lp->ptr];
4346ae3e 2209 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2210 if (!p[i].is_leaf) {
54688b1e 2211 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2212 } else {
c19e8800 2213 destroy_page_desc(p[i].ptr);
54688b1e 2214 }
54688b1e 2215 }
07f07b31 2216 lp->is_leaf = 0;
c19e8800 2217 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2218}
2219
ac1970fb 2220static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 2221{
ac1970fb 2222 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 2223 phys_map_nodes_reset();
54688b1e
AK		 2224}
2225
5312bd8b
AK		 2226static uint16_t phys_section_add(MemoryRegionSection *section)
2227{
2228 if (phys_sections_nb == phys_sections_nb_alloc) {
2229 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2230 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2231 phys_sections_nb_alloc);
2232 }
2233 phys_sections[phys_sections_nb] = *section;
2234 return phys_sections_nb++;
2235}
2236
2237static void phys_sections_clear(void)
2238{
2239 phys_sections_nb = 0;
2240}
2241
ac1970fb 2242static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 2243{
2244 subpage_t *subpage;
a8170e5e 2245 hwaddr base = section->offset_within_address_space
0f0cb164 2246 & TARGET_PAGE_MASK;
ac1970fb 2247 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2248 MemoryRegionSection subsection = {
2249 .offset_within_address_space = base,
2250 .size = TARGET_PAGE_SIZE,
2251 };
a8170e5e 2252 hwaddr start, end;
0f0cb164 2253
f3705d53 2254 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2255
f3705d53 2256 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2257 subpage = subpage_init(base);
2258 subsection.mr = &subpage->iomem;
ac1970fb 2259 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 2260 phys_section_add(&subsection));
0f0cb164 2261 } else {
f3705d53 2262 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2263 }
2264 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2265 end = start + section->size - 1;
0f0cb164
AK		 2266 subpage_register(subpage, start, end, phys_section_add(section));
2267}
2268
2269
ac1970fb 2270static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 2271{
a8170e5e 2272 hwaddr start_addr = section->offset_within_address_space;
dd81124b 2273 ram_addr_t size = section->size;
a8170e5e 2274 hwaddr addr;
5312bd8b 2275 uint16_t section_index = phys_section_add(section);
dd81124b 2276
3b8e6a2d 2277 assert(size);
f6f3fbca 2278
3b8e6a2d 2279 addr = start_addr;
ac1970fb 2280 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 2281 section_index);
33417e70
FB		 2282}
2283
ac1970fb 2284static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 2285{
ac1970fb 2286 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
0f0cb164
AK		 2287 MemoryRegionSection now = *section, remain = *section;
2288
2289 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2290 || (now.size < TARGET_PAGE_SIZE)) {
2291 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2292 - now.offset_within_address_space,
2293 now.size);
ac1970fb 2294 register_subpage(d, &now);
0f0cb164
AK		 2295 remain.size -= now.size;
2296 remain.offset_within_address_space += now.size;
2297 remain.offset_within_region += now.size;
2298 }
69b67646
TH		 2299 while (remain.size >= TARGET_PAGE_SIZE) {
2300 now = remain;
2301 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2302 now.size = TARGET_PAGE_SIZE;
ac1970fb 2303 register_subpage(d, &now);
69b67646
TH		 2304 } else {
2305 now.size &= TARGET_PAGE_MASK;
ac1970fb 2306 register_multipage(d, &now);
69b67646 2307 }
0f0cb164
AK		 2308 remain.size -= now.size;
2309 remain.offset_within_address_space += now.size;
2310 remain.offset_within_region += now.size;
2311 }
2312 now = remain;
2313 if (now.size) {
ac1970fb 2314 register_subpage(d, &now);
0f0cb164
AK		 2315 }
2316}
2317
62a2744c
SY		 2318void qemu_flush_coalesced_mmio_buffer(void)
2319{
2320 if (kvm_enabled())
2321 kvm_flush_coalesced_mmio_buffer();
2322}
2323
c902760f
MT		 2324#if defined(__linux__) && !defined(TARGET_S390X)
2325
2326#include <sys/vfs.h>
2327
2328#define HUGETLBFS_MAGIC 0x958458f6
2329
2330static long gethugepagesize(const char *path)
2331{
2332 struct statfs fs;
2333 int ret;
2334
2335 do {
9742bf26 2336 ret = statfs(path, &fs);
c902760f
MT		 2337 } while (ret != 0 && errno == EINTR);
2338
2339 if (ret != 0) {
9742bf26
YT		 2340 perror(path);
2341 return 0;
c902760f
MT		 2342 }
2343
2344 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2345 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2346
2347 return fs.f_bsize;
2348}
2349
04b16653
AW		 2350static void *file_ram_alloc(RAMBlock *block,
2351 ram_addr_t memory,
2352 const char *path)
c902760f
MT		 2353{
2354 char *filename;
2355 void *area;
2356 int fd;
2357#ifdef MAP_POPULATE
2358 int flags;
2359#endif
2360 unsigned long hpagesize;
2361
2362 hpagesize = gethugepagesize(path);
2363 if (!hpagesize) {
9742bf26 2364 return NULL;
c902760f
MT		 2365 }
2366
2367 if (memory < hpagesize) {
2368 return NULL;
2369 }
2370
2371 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2372 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2373 return NULL;
2374 }
2375
2376 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2377 return NULL;
c902760f
MT		 2378 }
2379
2380 fd = mkstemp(filename);
2381 if (fd < 0) {
9742bf26
YT		 2382 perror("unable to create backing store for hugepages");
2383 free(filename);
2384 return NULL;
c902760f
MT		 2385 }
2386 unlink(filename);
2387 free(filename);
2388
2389 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2390
2391 /*
2392 * ftruncate is not supported by hugetlbfs in older
2393 * hosts, so don't bother bailing out on errors.
2394 * If anything goes wrong with it under other filesystems,
2395 * mmap will fail.
2396 */
2397 if (ftruncate(fd, memory))
9742bf26 2398 perror("ftruncate");
c902760f
MT		 2399
2400#ifdef MAP_POPULATE
2401 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2402 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2403 * to sidestep this quirk.
2404 */
2405 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2406 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2407#else
2408 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2409#endif
2410 if (area == MAP_FAILED) {
9742bf26
YT		 2411 perror("file_ram_alloc: can't mmap RAM pages");
2412 close(fd);
2413 return (NULL);
c902760f 2414 }
04b16653 2415 block->fd = fd;
c902760f
MT		 2416 return area;
2417}
2418#endif
2419
d17b5288 2420static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2421{
2422 RAMBlock *block, *next_block;
3e837b2c 2423 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2424
2425 if (QLIST_EMPTY(&ram_list.blocks))
2426 return 0;
2427
2428 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2429 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2430
2431 end = block->offset + block->length;
2432
2433 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2434 if (next_block->offset >= end) {
2435 next = MIN(next, next_block->offset);
2436 }
2437 }
2438 if (next - end >= size && next - end < mingap) {
3e837b2c 2439 offset = end;
04b16653
AW		 2440 mingap = next - end;
2441 }
2442 }
3e837b2c
AW		 2443
2444 if (offset == RAM_ADDR_MAX) {
2445 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2446 (uint64_t)size);
2447 abort();
2448 }
2449
04b16653
AW		 2450 return offset;
2451}
2452
652d7ec2 2453ram_addr_t last_ram_offset(void)
d17b5288
AW		 2454{
2455 RAMBlock *block;
2456 ram_addr_t last = 0;
2457
2458 QLIST_FOREACH(block, &ram_list.blocks, next)
2459 last = MAX(last, block->offset + block->length);
2460
2461 return last;
2462}
2463
ddb97f1d
JB		 2464static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2465{
2466 int ret;
2467 QemuOpts *machine_opts;
2468
2469 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2470 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2471 if (machine_opts &&
2472 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2473 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2474 if (ret) {
2475 perror("qemu_madvise");
2476 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2477 "but dump_guest_core=off specified\n");
2478 }
2479 }
2480}
2481
c5705a77 2482void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2483{
2484 RAMBlock *new_block, *block;
2485
c5705a77
AK		 2486 new_block = NULL;
2487 QLIST_FOREACH(block, &ram_list.blocks, next) {
2488 if (block->offset == addr) {
2489 new_block = block;
2490 break;
2491 }
2492 }
2493 assert(new_block);
2494 assert(!new_block->idstr[0]);
84b89d78 2495
09e5ab63
AL		 2496 if (dev) {
2497 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2498 if (id) {
2499 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2500 g_free(id);
84b89d78
CM		 2501 }
2502 }
2503 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2504
2505 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2506 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2507 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2508 new_block->idstr);
2509 abort();
2510 }
2511 }
c5705a77
AK		 2512}
2513
8490fc78
LC		 2514static int memory_try_enable_merging(void *addr, size_t len)
2515{
2516 QemuOpts *opts;
2517
2518 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2519 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2520 /* disabled by the user */
2521 return 0;
2522 }
2523
2524 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2525}
2526
c5705a77
AK		 2527ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2528 MemoryRegion *mr)
2529{
2530 RAMBlock *new_block;
2531
2532 size = TARGET_PAGE_ALIGN(size);
2533 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2534
7c637366 2535 new_block->mr = mr;
432d268c 2536 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2537 if (host) {
2538 new_block->host = host;
cd19cfa2 2539 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2540 } else {
2541 if (mem_path) {
c902760f 2542#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2543 new_block->host = file_ram_alloc(new_block, size, mem_path);
2544 if (!new_block->host) {
2545 new_block->host = qemu_vmalloc(size);
8490fc78 2546 memory_try_enable_merging(new_block->host, size);
6977dfe6 2547 }
c902760f 2548#else
6977dfe6
YT		 2549 fprintf(stderr, "-mem-path option unsupported\n");
2550 exit(1);
c902760f 2551#endif
6977dfe6 2552 } else {
868bb33f 2553 if (xen_enabled()) {
fce537d4 2554 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2555 } else if (kvm_enabled()) {
2556 /* some s390/kvm configurations have special constraints */
2557 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2558 } else {
2559 new_block->host = qemu_vmalloc(size);
2560 }
8490fc78 2561 memory_try_enable_merging(new_block->host, size);
6977dfe6 2562 }
c902760f 2563 }
94a6b54f
PB		 2564 new_block->length = size;
2565
f471a17e 2566 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2567
7267c094 2568 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2569 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2570 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2571 0, size >> TARGET_PAGE_BITS);
1720aeee 2572 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2573
ddb97f1d 2574 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 2575 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 2576
6f0437e8
JK		 2577 if (kvm_enabled())
2578 kvm_setup_guest_memory(new_block->host, size);
2579
94a6b54f
PB		 2580 return new_block->offset;
2581}
e9a1ab19 2582
c5705a77 2583ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2584{
c5705a77 2585 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2586}
2587
1f2e98b6
AW		 2588void qemu_ram_free_from_ptr(ram_addr_t addr)
2589{
2590 RAMBlock *block;
2591
2592 QLIST_FOREACH(block, &ram_list.blocks, next) {
2593 if (addr == block->offset) {
2594 QLIST_REMOVE(block, next);
7267c094 2595 g_free(block);
1f2e98b6
AW		 2596 return;
2597 }
2598 }
2599}
2600
c227f099 2601void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2602{
04b16653
AW		 2603 RAMBlock *block;
2604
2605 QLIST_FOREACH(block, &ram_list.blocks, next) {
2606 if (addr == block->offset) {
2607 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2608 if (block->flags & RAM_PREALLOC_MASK) {
2609 ;
2610 } else if (mem_path) {
04b16653
AW		 2611#if defined (__linux__) && !defined(TARGET_S390X)
2612 if (block->fd) {
2613 munmap(block->host, block->length);
2614 close(block->fd);
2615 } else {
2616 qemu_vfree(block->host);
2617 }
fd28aa13
JK		 2618#else
2619 abort();
04b16653
AW		 2620#endif
2621 } else {
2622#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2623 munmap(block->host, block->length);
2624#else
868bb33f 2625 if (xen_enabled()) {
e41d7c69 2626 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2627 } else {
2628 qemu_vfree(block->host);
2629 }
04b16653
AW		 2630#endif
2631 }
7267c094 2632 g_free(block);
04b16653
AW		 2633 return;
2634 }
2635 }
2636
e9a1ab19
FB		 2637}
2638
cd19cfa2
HY		 2639#ifndef _WIN32
2640void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2641{
2642 RAMBlock *block;
2643 ram_addr_t offset;
2644 int flags;
2645 void *area, *vaddr;
2646
2647 QLIST_FOREACH(block, &ram_list.blocks, next) {
2648 offset = addr - block->offset;
2649 if (offset < block->length) {
2650 vaddr = block->host + offset;
2651 if (block->flags & RAM_PREALLOC_MASK) {
2652 ;
2653 } else {
2654 flags = MAP_FIXED;
2655 munmap(vaddr, length);
2656 if (mem_path) {
2657#if defined(__linux__) && !defined(TARGET_S390X)
2658 if (block->fd) {
2659#ifdef MAP_POPULATE
2660 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2661 MAP_PRIVATE;
2662#else
2663 flags |= MAP_PRIVATE;
2664#endif
2665 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2666 flags, block->fd, offset);
2667 } else {
2668 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2669 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2670 flags, -1, 0);
2671 }
fd28aa13
JK		 2672#else
2673 abort();
cd19cfa2
HY		 2674#endif
2675 } else {
2676#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2677 flags |= MAP_SHARED | MAP_ANONYMOUS;
2678 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2679 flags, -1, 0);
2680#else
2681 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2682 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2683 flags, -1, 0);
2684#endif
2685 }
2686 if (area != vaddr) {
f15fbc4b
AP		 2687 fprintf(stderr, "Could not remap addr: "
2688 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2689 length, addr);
2690 exit(1);
2691 }
8490fc78 2692 memory_try_enable_merging(vaddr, length);
ddb97f1d 2693 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2694 }
2695 return;
2696 }
2697 }
2698}
2699#endif /* !_WIN32 */
2700
dc828ca1 2701/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2702 With the exception of the softmmu code in this file, this should
2703 only be used for local memory (e.g. video ram) that the device owns,
2704 and knows it isn't going to access beyond the end of the block.
2705
2706 It should not be used for general purpose DMA.
2707 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2708 */
c227f099 2709void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2710{
94a6b54f
PB		 2711 RAMBlock *block;
2712
f471a17e
AW		 2713 QLIST_FOREACH(block, &ram_list.blocks, next) {
2714 if (addr - block->offset < block->length) {
7d82af38
VP		 2715 /* Move this entry to to start of the list. */
2716 if (block != QLIST_FIRST(&ram_list.blocks)) {
2717 QLIST_REMOVE(block, next);
2718 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2719 }
868bb33f 2720 if (xen_enabled()) {
432d268c
JN		 2721 /* We need to check if the requested address is in the RAM
2722 * because we don't want to map the entire memory in QEMU.
712c2b41 2723 * In that case just map until the end of the page.
432d268c
JN		 2724 */
2725 if (block->offset == 0) {
e41d7c69 2726 return xen_map_cache(addr, 0, 0);
432d268c 2727 } else if (block->host == NULL) {
e41d7c69
JK		 2728 block->host =
2729 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2730 }
2731 }
f471a17e
AW		 2732 return block->host + (addr - block->offset);
2733 }
94a6b54f 2734 }
f471a17e
AW		 2735
2736 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2737 abort();
2738
2739 return NULL;
dc828ca1
PB		 2740}
2741
b2e0a138
MT		 2742/* Return a host pointer to ram allocated with qemu_ram_alloc.
2743 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2744 */
2745void *qemu_safe_ram_ptr(ram_addr_t addr)
2746{
2747 RAMBlock *block;
2748
2749 QLIST_FOREACH(block, &ram_list.blocks, next) {
2750 if (addr - block->offset < block->length) {
868bb33f 2751 if (xen_enabled()) {
432d268c
JN		 2752 /* We need to check if the requested address is in the RAM
2753 * because we don't want to map the entire memory in QEMU.
712c2b41 2754 * In that case just map until the end of the page.
432d268c
JN		 2755 */
2756 if (block->offset == 0) {
e41d7c69 2757 return xen_map_cache(addr, 0, 0);
432d268c 2758 } else if (block->host == NULL) {
e41d7c69
JK		 2759 block->host =
2760 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2761 }
2762 }
b2e0a138
MT		 2763 return block->host + (addr - block->offset);
2764 }
2765 }
2766
2767 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2768 abort();
2769
2770 return NULL;
2771}
2772
38bee5dc
SS		 2773/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2774 * but takes a size argument */
8ab934f9 2775void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2776{
8ab934f9
SS		 2777 if (*size == 0) {
2778 return NULL;
2779 }
868bb33f 2780 if (xen_enabled()) {
e41d7c69 2781 return xen_map_cache(addr, *size, 1);
868bb33f 2782 } else {
38bee5dc
SS		 2783 RAMBlock *block;
2784
2785 QLIST_FOREACH(block, &ram_list.blocks, next) {
2786 if (addr - block->offset < block->length) {
2787 if (addr - block->offset + *size > block->length)
2788 *size = block->length - addr + block->offset;
2789 return block->host + (addr - block->offset);
2790 }
2791 }
2792
2793 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2794 abort();
38bee5dc
SS		 2795 }
2796}
2797
050a0ddf
AP		 2798void qemu_put_ram_ptr(void *addr)
2799{
2800 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2801}
2802
e890261f 2803int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2804{
94a6b54f
PB		 2805 RAMBlock *block;
2806 uint8_t *host = ptr;
2807
868bb33f 2808 if (xen_enabled()) {
e41d7c69 2809 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2810 return 0;
2811 }
2812
f471a17e 2813 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2814 /* This case append when the block is not mapped. */
2815 if (block->host == NULL) {
2816 continue;
2817 }
f471a17e 2818 if (host - block->host < block->length) {
e890261f
MT		 2819 *ram_addr = block->offset + (host - block->host);
2820 return 0;
f471a17e 2821 }
94a6b54f 2822 }
432d268c 2823
e890261f
MT		 2824 return -1;
2825}
f471a17e 2826
e890261f
MT		 2827/* Some of the softmmu routines need to translate from a host pointer
2828 (typically a TLB entry) back to a ram offset. */
2829ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2830{
2831 ram_addr_t ram_addr;
f471a17e 2832
e890261f
MT		 2833 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2834 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2835 abort();
2836 }
2837 return ram_addr;
5579c7f3
PB		 2838}
2839
a8170e5e 2840static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2841 unsigned size)
e18231a3
BS		 2842{
2843#ifdef DEBUG_UNASSIGNED
2844 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2845#endif
5b450407 2846#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2847 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2848#endif
2849 return 0;
2850}
2851
a8170e5e 2852static void unassigned_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2853 uint64_t val, unsigned size)
e18231a3
BS		 2854{
2855#ifdef DEBUG_UNASSIGNED
0e0df1e2 2856 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2857#endif
5b450407 2858#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2859 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2860#endif
33417e70
FB		 2861}
2862
0e0df1e2
AK		 2863static const MemoryRegionOps unassigned_mem_ops = {
2864 .read = unassigned_mem_read,
2865 .write = unassigned_mem_write,
2866 .endianness = DEVICE_NATIVE_ENDIAN,
2867};
e18231a3 2868
a8170e5e 2869static uint64_t error_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2870 unsigned size)
e18231a3 2871{
0e0df1e2 2872 abort();
e18231a3
BS		 2873}
2874
a8170e5e 2875static void error_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2876 uint64_t value, unsigned size)
e18231a3 2877{
0e0df1e2 2878 abort();
33417e70
FB		 2879}
2880
0e0df1e2
AK		 2881static const MemoryRegionOps error_mem_ops = {
2882 .read = error_mem_read,
2883 .write = error_mem_write,
2884 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2885};
2886
0e0df1e2
AK		 2887static const MemoryRegionOps rom_mem_ops = {
2888 .read = error_mem_read,
2889 .write = unassigned_mem_write,
2890 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2891};
2892
a8170e5e 2893static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2894 uint64_t val, unsigned size)
9fa3e853 2895{
3a7d929e 2896 int dirty_flags;
f7c11b53 2897 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2898 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2899#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2900 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2901 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2902#endif
3a7d929e 2903 }
0e0df1e2
AK		 2904 switch (size) {
2905 case 1:
2906 stb_p(qemu_get_ram_ptr(ram_addr), val);
2907 break;
2908 case 2:
2909 stw_p(qemu_get_ram_ptr(ram_addr), val);
2910 break;
2911 case 4:
2912 stl_p(qemu_get_ram_ptr(ram_addr), val);
2913 break;
2914 default:
2915 abort();
3a7d929e 2916 }
f23db169 2917 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2918 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2919 /* we remove the notdirty callback only if the code has been
2920 flushed */
2921 if (dirty_flags == 0xff)
2e70f6ef 2922 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2923}
2924
0e0df1e2
AK		 2925static const MemoryRegionOps notdirty_mem_ops = {
2926 .read = error_mem_read,
2927 .write = notdirty_mem_write,
2928 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2929};
2930
0f459d16 2931/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2932static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2933{
9349b4f9 2934 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2935 target_ulong pc, cs_base;
2936 TranslationBlock *tb;
0f459d16 2937 target_ulong vaddr;
a1d1bb31 2938 CPUWatchpoint *wp;
06d55cc1 2939 int cpu_flags;
0f459d16 2940
06d55cc1
AL		 2941 if (env->watchpoint_hit) {
2942 /* We re-entered the check after replacing the TB. Now raise
2943 * the debug interrupt so that is will trigger after the
2944 * current instruction. */
2945 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2946 return;
2947 }
2e70f6ef 2948 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2949 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2950 if ((vaddr == (wp->vaddr & len_mask) ||
2951 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2952 wp->flags |= BP_WATCHPOINT_HIT;
2953 if (!env->watchpoint_hit) {
2954 env->watchpoint_hit = wp;
2955 tb = tb_find_pc(env->mem_io_pc);
2956 if (!tb) {
2957 cpu_abort(env, "check_watchpoint: could not find TB for "
2958 "pc=%p", (void *)env->mem_io_pc);
2959 }
618ba8e6 2960 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2961 tb_phys_invalidate(tb, -1);
2962 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2963 env->exception_index = EXCP_DEBUG;
488d6577 2964 cpu_loop_exit(env);
6e140f28
AL		 2965 } else {
2966 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2967 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2968 cpu_resume_from_signal(env, NULL);
6e140f28 2969 }
06d55cc1 2970 }
6e140f28
AL		 2971 } else {
2972 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2973 }
2974 }
2975}
2976
6658ffb8
PB		 2977/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2978 so these check for a hit then pass through to the normal out-of-line
2979 phys routines. */
a8170e5e 2980static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 2981 unsigned size)
6658ffb8 2982{
1ec9b909
AK		 2983 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2984 switch (size) {
2985 case 1: return ldub_phys(addr);
2986 case 2: return lduw_phys(addr);
2987 case 4: return ldl_phys(addr);
2988 default: abort();
2989 }
6658ffb8
PB		 2990}
2991
a8170e5e 2992static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 2993 uint64_t val, unsigned size)
6658ffb8 2994{
1ec9b909
AK		 2995 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
2996 switch (size) {
67364150
MF		 2997 case 1:
2998 stb_phys(addr, val);
2999 break;
3000 case 2:
3001 stw_phys(addr, val);
3002 break;
3003 case 4:
3004 stl_phys(addr, val);
3005 break;
1ec9b909
AK		 3006 default: abort();
3007 }
6658ffb8
PB		 3008}
3009
1ec9b909
AK		 3010static const MemoryRegionOps watch_mem_ops = {
3011 .read = watch_mem_read,
3012 .write = watch_mem_write,
3013 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3014};
6658ffb8 3015
a8170e5e 3016static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 3017 unsigned len)
db7b5426 3018{
70c68e44 3019 subpage_t *mmio = opaque;
f6405247 3020 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3021 MemoryRegionSection *section;
db7b5426
BS		 3022#if defined(DEBUG_SUBPAGE)
3023 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3024 mmio, len, addr, idx);
3025#endif
db7b5426 3026
5312bd8b
AK		 3027 section = &phys_sections[mmio->sub_section[idx]];
3028 addr += mmio->base;
3029 addr -= section->offset_within_address_space;
3030 addr += section->offset_within_region;
37ec01d4 3031 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3032}
3033
a8170e5e 3034static void subpage_write(void *opaque, hwaddr addr,
70c68e44 3035 uint64_t value, unsigned len)
db7b5426 3036{
70c68e44 3037 subpage_t *mmio = opaque;
f6405247 3038 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3039 MemoryRegionSection *section;
db7b5426 3040#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3041 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3042 " idx %d value %"PRIx64"\n",
f6405247 3043 __func__, mmio, len, addr, idx, value);
db7b5426 3044#endif
f6405247 3045
5312bd8b
AK		 3046 section = &phys_sections[mmio->sub_section[idx]];
3047 addr += mmio->base;
3048 addr -= section->offset_within_address_space;
3049 addr += section->offset_within_region;
37ec01d4 3050 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3051}
3052
70c68e44
AK		 3053static const MemoryRegionOps subpage_ops = {
3054 .read = subpage_read,
3055 .write = subpage_write,
3056 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3057};
3058
a8170e5e 3059static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
de712f94 3060 unsigned size)
56384e8b
AF		 3061{
3062 ram_addr_t raddr = addr;
3063 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3064 switch (size) {
3065 case 1: return ldub_p(ptr);
3066 case 2: return lduw_p(ptr);
3067 case 4: return ldl_p(ptr);
3068 default: abort();
3069 }
56384e8b
AF		 3070}
3071
a8170e5e 3072static void subpage_ram_write(void *opaque, hwaddr addr,
de712f94 3073 uint64_t value, unsigned size)
56384e8b
AF		 3074{
3075 ram_addr_t raddr = addr;
3076 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3077 switch (size) {
3078 case 1: return stb_p(ptr, value);
3079 case 2: return stw_p(ptr, value);
3080 case 4: return stl_p(ptr, value);
3081 default: abort();
3082 }
56384e8b
AF		 3083}
3084
de712f94
AK		 3085static const MemoryRegionOps subpage_ram_ops = {
3086 .read = subpage_ram_read,
3087 .write = subpage_ram_write,
3088 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3089};
3090
c227f099 3091static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3092 uint16_t section)
db7b5426
BS		 3093{
3094 int idx, eidx;
3095
3096 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3097 return -1;
3098 idx = SUBPAGE_IDX(start);
3099 eidx = SUBPAGE_IDX(end);
3100#if defined(DEBUG_SUBPAGE)
0bf9e31a 3101 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3102 mmio, start, end, idx, eidx, memory);
3103#endif
5312bd8b
AK		 3104 if (memory_region_is_ram(phys_sections[section].mr)) {
3105 MemoryRegionSection new_section = phys_sections[section];
3106 new_section.mr = &io_mem_subpage_ram;
3107 section = phys_section_add(&new_section);
56384e8b 3108 }
db7b5426 3109 for (; idx <= eidx; idx++) {
5312bd8b 3110 mmio->sub_section[idx] = section;
db7b5426
BS		 3111 }
3112
3113 return 0;
3114}
3115
a8170e5e 3116static subpage_t *subpage_init(hwaddr base)
db7b5426 3117{
c227f099 3118 subpage_t *mmio;
db7b5426 3119
7267c094 3120 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3121
3122 mmio->base = base;
70c68e44
AK		 3123 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3124 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3125 mmio->iomem.subpage = true;
db7b5426 3126#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3127 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3128 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3129#endif
0f0cb164 3130 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3131
3132 return mmio;
3133}
3134
5312bd8b
AK		 3135static uint16_t dummy_section(MemoryRegion *mr)
3136{
3137 MemoryRegionSection section = {
3138 .mr = mr,
3139 .offset_within_address_space = 0,
3140 .offset_within_region = 0,
3141 .size = UINT64_MAX,
3142 };
3143
3144 return phys_section_add(&section);
3145}
3146
a8170e5e 3147MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 3148{
37ec01d4 3149 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3150}
3151
e9179ce1
AK		 3152static void io_mem_init(void)
3153{
0e0df1e2 3154 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3155 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3156 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3157 "unassigned", UINT64_MAX);
3158 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3159 "notdirty", UINT64_MAX);
de712f94
AK		 3160 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3161 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3162 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3163 "watch", UINT64_MAX);
e9179ce1
AK		 3164}
3165
ac1970fb
AK		 3166static void mem_begin(MemoryListener *listener)
3167{
3168 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3169
3170 destroy_all_mappings(d);
3171 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3172}
3173
50c1e149
AK		 3174static void core_begin(MemoryListener *listener)
3175{
5312bd8b
AK		 3176 phys_sections_clear();
3177 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3178 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3179 phys_section_rom = dummy_section(&io_mem_rom);
3180 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3181}
3182
1d71148e 3183static void tcg_commit(MemoryListener *listener)
50c1e149 3184{
9349b4f9 3185 CPUArchState *env;
117712c3
AK		 3186
3187 /* since each CPU stores ram addresses in its TLB cache, we must
3188 reset the modified entries */
3189 /* XXX: slow ! */
3190 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3191 tlb_flush(env, 1);
3192 }
50c1e149
AK		 3193}
3194
93632747
AK		 3195static void core_log_global_start(MemoryListener *listener)
3196{
3197 cpu_physical_memory_set_dirty_tracking(1);
3198}
3199
3200static void core_log_global_stop(MemoryListener *listener)
3201{
3202 cpu_physical_memory_set_dirty_tracking(0);
3203}
3204
4855d41a
AK		 3205static void io_region_add(MemoryListener *listener,
3206 MemoryRegionSection *section)
3207{
a2d33521
AK		 3208 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3209
3210 mrio->mr = section->mr;
3211 mrio->offset = section->offset_within_region;
3212 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3213 section->offset_within_address_space, section->size);
a2d33521 3214 ioport_register(&mrio->iorange);
4855d41a
AK		 3215}
3216
3217static void io_region_del(MemoryListener *listener,
3218 MemoryRegionSection *section)
3219{
3220 isa_unassign_ioport(section->offset_within_address_space, section->size);
3221}
3222
93632747 3223static MemoryListener core_memory_listener = {
50c1e149 3224 .begin = core_begin,
93632747
AK		 3225 .log_global_start = core_log_global_start,
3226 .log_global_stop = core_log_global_stop,
ac1970fb 3227 .priority = 1,
93632747
AK		 3228};
3229
4855d41a
AK		 3230static MemoryListener io_memory_listener = {
3231 .region_add = io_region_add,
3232 .region_del = io_region_del,
4855d41a
AK		 3233 .priority = 0,
3234};
3235
1d71148e
AK		 3236static MemoryListener tcg_memory_listener = {
3237 .commit = tcg_commit,
3238};
3239
ac1970fb
AK		 3240void address_space_init_dispatch(AddressSpace *as)
3241{
3242 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3243
3244 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3245 d->listener = (MemoryListener) {
3246 .begin = mem_begin,
3247 .region_add = mem_add,
3248 .region_nop = mem_add,
3249 .priority = 0,
3250 };
3251 as->dispatch = d;
3252 memory_listener_register(&d->listener, as);
3253}
3254
83f3c251
AK		 3255void address_space_destroy_dispatch(AddressSpace *as)
3256{
3257 AddressSpaceDispatch *d = as->dispatch;
3258
3259 memory_listener_unregister(&d->listener);
3260 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
3261 g_free(d);
3262 as->dispatch = NULL;
3263}
3264
62152b8a
AK		 3265static void memory_map_init(void)
3266{
7267c094 3267 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3268 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 3269 address_space_init(&address_space_memory, system_memory);
3270 address_space_memory.name = "memory";
309cb471 3271
7267c094 3272 system_io = g_malloc(sizeof(*system_io));
309cb471 3273 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 3274 address_space_init(&address_space_io, system_io);
3275 address_space_io.name = "I/O";
93632747 3276
f6790af6
AK		 3277 memory_listener_register(&core_memory_listener, &address_space_memory);
3278 memory_listener_register(&io_memory_listener, &address_space_io);
3279 memory_listener_register(&tcg_memory_listener, &address_space_memory);
62152b8a
AK		 3280}
3281
3282MemoryRegion *get_system_memory(void)
3283{
3284 return system_memory;
3285}
3286
309cb471
AK		 3287MemoryRegion *get_system_io(void)
3288{
3289 return system_io;
3290}
3291
e2eef170
PB		 3292#endif /* !defined(CONFIG_USER_ONLY) */
3293
13eb76e0
FB		 3294/* physical memory access (slow version, mainly for debug) */
3295#if defined(CONFIG_USER_ONLY)
9349b4f9 3296int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3297 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3298{
3299 int l, flags;
3300 target_ulong page;
53a5960a 3301 void * p;
13eb76e0
FB		 3302
3303 while (len > 0) {
3304 page = addr & TARGET_PAGE_MASK;
3305 l = (page + TARGET_PAGE_SIZE) - addr;
3306 if (l > len)
3307 l = len;
3308 flags = page_get_flags(page);
3309 if (!(flags & PAGE_VALID))
a68fe89c 3310 return -1;
13eb76e0
FB		 3311 if (is_write) {
3312 if (!(flags & PAGE_WRITE))
a68fe89c 3313 return -1;
579a97f7 3314 /* XXX: this code should not depend on lock_user */
72fb7daa 3315 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3316 return -1;
72fb7daa
AJ		 3317 memcpy(p, buf, l);
3318 unlock_user(p, addr, l);
13eb76e0
FB		 3319 } else {
3320 if (!(flags & PAGE_READ))
a68fe89c 3321 return -1;
579a97f7 3322 /* XXX: this code should not depend on lock_user */
72fb7daa 3323 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3324 return -1;
72fb7daa 3325 memcpy(buf, p, l);
5b257578 3326 unlock_user(p, addr, 0);
13eb76e0
FB		 3327 }
3328 len -= l;
3329 buf += l;
3330 addr += l;
3331 }
a68fe89c 3332 return 0;
13eb76e0 3333}
8df1cd07 3334
13eb76e0 3335#else
51d7a9eb 3336
a8170e5e
AK		 3337static void invalidate_and_set_dirty(hwaddr addr,
3338 hwaddr length)
51d7a9eb
AP		 3339{
3340 if (!cpu_physical_memory_is_dirty(addr)) {
3341 /* invalidate code */
3342 tb_invalidate_phys_page_range(addr, addr + length, 0);
3343 /* set dirty bit */
3344 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3345 }
e226939d 3346 xen_modified_memory(addr, length);
51d7a9eb
AP		 3347}
3348
a8170e5e 3349void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 3350 int len, bool is_write)
13eb76e0 3351{
ac1970fb 3352 AddressSpaceDispatch *d = as->dispatch;
37ec01d4 3353 int l;
13eb76e0
FB		 3354 uint8_t *ptr;
3355 uint32_t val;
a8170e5e 3356 hwaddr page;
f3705d53 3357 MemoryRegionSection *section;
3b46e624 3358
13eb76e0
FB		 3359 while (len > 0) {
3360 page = addr & TARGET_PAGE_MASK;
3361 l = (page + TARGET_PAGE_SIZE) - addr;
3362 if (l > len)
3363 l = len;
ac1970fb 3364 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3365
13eb76e0 3366 if (is_write) {
f3705d53 3367 if (!memory_region_is_ram(section->mr)) {
a8170e5e 3368 hwaddr addr1;
cc5bea60 3369 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3370 /* XXX: could force cpu_single_env to NULL to avoid
3371 potential bugs */
6c2934db 3372 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3373 /* 32 bit write access */
c27004ec 3374 val = ldl_p(buf);
37ec01d4 3375 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3376 l = 4;
6c2934db 3377 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3378 /* 16 bit write access */
c27004ec 3379 val = lduw_p(buf);
37ec01d4 3380 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3381 l = 2;
3382 } else {
1c213d19 3383 /* 8 bit write access */
c27004ec 3384 val = ldub_p(buf);
37ec01d4 3385 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3386 l = 1;
3387 }
f3705d53 3388 } else if (!section->readonly) {
8ca5692d 3389 ram_addr_t addr1;
f3705d53 3390 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3391 + memory_region_section_addr(section, addr);
13eb76e0 3392 /* RAM case */
5579c7f3 3393 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3394 memcpy(ptr, buf, l);
51d7a9eb 3395 invalidate_and_set_dirty(addr1, l);
050a0ddf 3396 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3397 }
3398 } else {
cc5bea60
BS		 3399 if (!(memory_region_is_ram(section->mr) ||
3400 memory_region_is_romd(section->mr))) {
a8170e5e 3401 hwaddr addr1;
13eb76e0 3402 /* I/O case */
cc5bea60 3403 addr1 = memory_region_section_addr(section, addr);
6c2934db 3404 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3405 /* 32 bit read access */
37ec01d4 3406 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3407 stl_p(buf, val);
13eb76e0 3408 l = 4;
6c2934db 3409 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3410 /* 16 bit read access */
37ec01d4 3411 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3412 stw_p(buf, val);
13eb76e0
FB		 3413 l = 2;
3414 } else {
1c213d19 3415 /* 8 bit read access */
37ec01d4 3416 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3417 stb_p(buf, val);
13eb76e0
FB		 3418 l = 1;
3419 }
3420 } else {
3421 /* RAM case */
0a1b357f 3422 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3423 + memory_region_section_addr(section,
3424 addr));
f3705d53 3425 memcpy(buf, ptr, l);
050a0ddf 3426 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3427 }
3428 }
3429 len -= l;
3430 buf += l;
3431 addr += l;
3432 }
3433}
8df1cd07 3434
a8170e5e 3435void address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 3436 const uint8_t *buf, int len)
3437{
3438 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3439}
3440
3441/**
3442 * address_space_read: read from an address space.
3443 *
3444 * @as: #AddressSpace to be accessed
3445 * @addr: address within that address space
3446 * @buf: buffer with the data transferred
3447 */
a8170e5e 3448void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb
AK		 3449{
3450 address_space_rw(as, addr, buf, len, false);
3451}
3452
3453
a8170e5e 3454void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 3455 int len, int is_write)
3456{
3457 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3458}
3459
d0ecd2aa 3460/* used for ROM loading : can write in RAM and ROM */
a8170e5e 3461void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 3462 const uint8_t *buf, int len)
3463{
ac1970fb 3464 AddressSpaceDispatch *d = address_space_memory.dispatch;
d0ecd2aa
FB		 3465 int l;
3466 uint8_t *ptr;
a8170e5e 3467 hwaddr page;
f3705d53 3468 MemoryRegionSection *section;
3b46e624 3469
d0ecd2aa
FB		 3470 while (len > 0) {
3471 page = addr & TARGET_PAGE_MASK;
3472 l = (page + TARGET_PAGE_SIZE) - addr;
3473 if (l > len)
3474 l = len;
ac1970fb 3475 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3476
cc5bea60
BS		 3477 if (!(memory_region_is_ram(section->mr) ||
3478 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3479 /* do nothing */
3480 } else {
3481 unsigned long addr1;
f3705d53 3482 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3483 + memory_region_section_addr(section, addr);
d0ecd2aa 3484 /* ROM/RAM case */
5579c7f3 3485 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3486 memcpy(ptr, buf, l);
51d7a9eb 3487 invalidate_and_set_dirty(addr1, l);
050a0ddf 3488 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3489 }
3490 len -= l;
3491 buf += l;
3492 addr += l;
3493 }
3494}
3495
6d16c2f8
AL		 3496typedef struct {
3497 void *buffer;
a8170e5e
AK		 3498 hwaddr addr;
3499 hwaddr len;
6d16c2f8
AL		 3500} BounceBuffer;
3501
3502static BounceBuffer bounce;
3503
ba223c29
AL		 3504typedef struct MapClient {
3505 void *opaque;
3506 void (*callback)(void *opaque);
72cf2d4f 3507 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3508} MapClient;
3509
72cf2d4f
BS		 3510static QLIST_HEAD(map_client_list, MapClient) map_client_list
3511 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3512
3513void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3514{
7267c094 3515 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3516
3517 client->opaque = opaque;
3518 client->callback = callback;
72cf2d4f 3519 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3520 return client;
3521}
3522
3523void cpu_unregister_map_client(void *_client)
3524{
3525 MapClient *client = (MapClient *)_client;
3526
72cf2d4f 3527 QLIST_REMOVE(client, link);
7267c094 3528 g_free(client);
ba223c29
AL		 3529}
3530
3531static void cpu_notify_map_clients(void)
3532{
3533 MapClient *client;
3534
72cf2d4f
BS		 3535 while (!QLIST_EMPTY(&map_client_list)) {
3536 client = QLIST_FIRST(&map_client_list);
ba223c29 3537 client->callback(client->opaque);
34d5e948 3538 cpu_unregister_map_client(client);
ba223c29
AL		 3539 }
3540}
3541
6d16c2f8
AL		 3542/* Map a physical memory region into a host virtual address.
3543 * May map a subset of the requested range, given by and returned in *plen.
3544 * May return NULL if resources needed to perform the mapping are exhausted.
3545 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3546 * Use cpu_register_map_client() to know when retrying the map operation is
3547 * likely to succeed.
6d16c2f8 3548 */
ac1970fb 3549void *address_space_map(AddressSpace *as,
a8170e5e
AK		 3550 hwaddr addr,
3551 hwaddr *plen,
ac1970fb 3552 bool is_write)
6d16c2f8 3553{
ac1970fb 3554 AddressSpaceDispatch *d = as->dispatch;
a8170e5e
AK		 3555 hwaddr len = *plen;
3556 hwaddr todo = 0;
6d16c2f8 3557 int l;
a8170e5e 3558 hwaddr page;
f3705d53 3559 MemoryRegionSection *section;
f15fbc4b 3560 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3561 ram_addr_t rlen;
3562 void *ret;
6d16c2f8
AL		 3563
3564 while (len > 0) {
3565 page = addr & TARGET_PAGE_MASK;
3566 l = (page + TARGET_PAGE_SIZE) - addr;
3567 if (l > len)
3568 l = len;
ac1970fb 3569 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
6d16c2f8 3570
f3705d53 3571 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3572 if (todo || bounce.buffer) {
6d16c2f8
AL		 3573 break;
3574 }
3575 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3576 bounce.addr = addr;
3577 bounce.len = l;
3578 if (!is_write) {
ac1970fb 3579 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 3580 }
38bee5dc
SS		 3581
3582 *plen = l;
3583 return bounce.buffer;
6d16c2f8 3584 }
8ab934f9 3585 if (!todo) {
f3705d53 3586 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3587 + memory_region_section_addr(section, addr);
8ab934f9 3588 }
6d16c2f8
AL		 3589
3590 len -= l;
3591 addr += l;
38bee5dc 3592 todo += l;
6d16c2f8 3593 }
8ab934f9
SS		 3594 rlen = todo;
3595 ret = qemu_ram_ptr_length(raddr, &rlen);
3596 *plen = rlen;
3597 return ret;
6d16c2f8
AL		 3598}
3599
ac1970fb 3600/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3601 * Will also mark the memory as dirty if is_write == 1. access_len gives
3602 * the amount of memory that was actually read or written by the caller.
3603 */
a8170e5e
AK		 3604void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3605 int is_write, hwaddr access_len)
6d16c2f8
AL		 3606{
3607 if (buffer != bounce.buffer) {
3608 if (is_write) {
e890261f 3609 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3610 while (access_len) {
3611 unsigned l;
3612 l = TARGET_PAGE_SIZE;
3613 if (l > access_len)
3614 l = access_len;
51d7a9eb 3615 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3616 addr1 += l;
3617 access_len -= l;
3618 }
3619 }
868bb33f 3620 if (xen_enabled()) {
e41d7c69 3621 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3622 }
6d16c2f8
AL		 3623 return;
3624 }
3625 if (is_write) {
ac1970fb 3626 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 3627 }
f8a83245 3628 qemu_vfree(bounce.buffer);
6d16c2f8 3629 bounce.buffer = NULL;
ba223c29 3630 cpu_notify_map_clients();
6d16c2f8 3631}
d0ecd2aa 3632
a8170e5e
AK		 3633void *cpu_physical_memory_map(hwaddr addr,
3634 hwaddr *plen,
ac1970fb
AK		 3635 int is_write)
3636{
3637 return address_space_map(&address_space_memory, addr, plen, is_write);
3638}
3639
a8170e5e
AK		 3640void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3641 int is_write, hwaddr access_len)
ac1970fb
AK		 3642{
3643 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3644}
3645
8df1cd07 3646/* warning: addr must be aligned */
a8170e5e 3647static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 3648 enum device_endian endian)
8df1cd07 3649{
8df1cd07
FB		 3650 uint8_t *ptr;
3651 uint32_t val;
f3705d53 3652 MemoryRegionSection *section;
8df1cd07 3653
ac1970fb 3654 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3655
cc5bea60
BS		 3656 if (!(memory_region_is_ram(section->mr) ||
3657 memory_region_is_romd(section->mr))) {
8df1cd07 3658 /* I/O case */
cc5bea60 3659 addr = memory_region_section_addr(section, addr);
37ec01d4 3660 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3661#if defined(TARGET_WORDS_BIGENDIAN)
3662 if (endian == DEVICE_LITTLE_ENDIAN) {
3663 val = bswap32(val);
3664 }
3665#else
3666 if (endian == DEVICE_BIG_ENDIAN) {
3667 val = bswap32(val);
3668 }
3669#endif
8df1cd07
FB		 3670 } else {
3671 /* RAM case */
f3705d53 3672 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3673 & TARGET_PAGE_MASK)
cc5bea60 3674 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3675 switch (endian) {
3676 case DEVICE_LITTLE_ENDIAN:
3677 val = ldl_le_p(ptr);
3678 break;
3679 case DEVICE_BIG_ENDIAN:
3680 val = ldl_be_p(ptr);
3681 break;
3682 default:
3683 val = ldl_p(ptr);
3684 break;
3685 }
8df1cd07
FB		 3686 }
3687 return val;
3688}
3689
a8170e5e 3690uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 3691{
3692 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3693}
3694
a8170e5e 3695uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 3696{
3697 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3698}
3699
a8170e5e 3700uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 3701{
3702 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3703}
3704
84b7b8e7 3705/* warning: addr must be aligned */
a8170e5e 3706static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 3707 enum device_endian endian)
84b7b8e7 3708{
84b7b8e7
FB		 3709 uint8_t *ptr;
3710 uint64_t val;
f3705d53 3711 MemoryRegionSection *section;
84b7b8e7 3712
ac1970fb 3713 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3714
cc5bea60
BS		 3715 if (!(memory_region_is_ram(section->mr) ||
3716 memory_region_is_romd(section->mr))) {
84b7b8e7 3717 /* I/O case */
cc5bea60 3718 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3719
3720 /* XXX This is broken when device endian != cpu endian.
3721 Fix and add "endian" variable check */
84b7b8e7 3722#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3723 val = io_mem_read(section->mr, addr, 4) << 32;
3724 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3725#else
37ec01d4
AK		 3726 val = io_mem_read(section->mr, addr, 4);
3727 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3728#endif
3729 } else {
3730 /* RAM case */
f3705d53 3731 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3732 & TARGET_PAGE_MASK)
cc5bea60 3733 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3734 switch (endian) {
3735 case DEVICE_LITTLE_ENDIAN:
3736 val = ldq_le_p(ptr);
3737 break;
3738 case DEVICE_BIG_ENDIAN:
3739 val = ldq_be_p(ptr);
3740 break;
3741 default:
3742 val = ldq_p(ptr);
3743 break;
3744 }
84b7b8e7
FB		 3745 }
3746 return val;
3747}
3748
a8170e5e 3749uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 3750{
3751 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3752}
3753
a8170e5e 3754uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 3755{
3756 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3757}
3758
a8170e5e 3759uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 3760{
3761 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3762}
3763
aab33094 3764/* XXX: optimize */
a8170e5e 3765uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 3766{
3767 uint8_t val;
3768 cpu_physical_memory_read(addr, &val, 1);
3769 return val;
3770}
3771
733f0b02 3772/* warning: addr must be aligned */
a8170e5e 3773static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 3774 enum device_endian endian)
aab33094 3775{
733f0b02
MT		 3776 uint8_t *ptr;
3777 uint64_t val;
f3705d53 3778 MemoryRegionSection *section;
733f0b02 3779
ac1970fb 3780 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3781
cc5bea60
BS		 3782 if (!(memory_region_is_ram(section->mr) ||
3783 memory_region_is_romd(section->mr))) {
733f0b02 3784 /* I/O case */
cc5bea60 3785 addr = memory_region_section_addr(section, addr);
37ec01d4 3786 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3787#if defined(TARGET_WORDS_BIGENDIAN)
3788 if (endian == DEVICE_LITTLE_ENDIAN) {
3789 val = bswap16(val);
3790 }
3791#else
3792 if (endian == DEVICE_BIG_ENDIAN) {
3793 val = bswap16(val);
3794 }
3795#endif
733f0b02
MT		 3796 } else {
3797 /* RAM case */
f3705d53 3798 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3799 & TARGET_PAGE_MASK)
cc5bea60 3800 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3801 switch (endian) {
3802 case DEVICE_LITTLE_ENDIAN:
3803 val = lduw_le_p(ptr);
3804 break;
3805 case DEVICE_BIG_ENDIAN:
3806 val = lduw_be_p(ptr);
3807 break;
3808 default:
3809 val = lduw_p(ptr);
3810 break;
3811 }
733f0b02
MT		 3812 }
3813 return val;
aab33094
FB		 3814}
3815
a8170e5e 3816uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 3817{
3818 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3819}
3820
a8170e5e 3821uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 3822{
3823 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3824}
3825
a8170e5e 3826uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 3827{
3828 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3829}
3830
8df1cd07
FB		 3831/* warning: addr must be aligned. The ram page is not masked as dirty
3832 and the code inside is not invalidated. It is useful if the dirty
3833 bits are used to track modified PTEs */
a8170e5e 3834void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 3835{
8df1cd07 3836 uint8_t *ptr;
f3705d53 3837 MemoryRegionSection *section;
8df1cd07 3838
ac1970fb 3839 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3840
f3705d53 3841 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3842 addr = memory_region_section_addr(section, addr);
f3705d53 3843 if (memory_region_is_ram(section->mr)) {
37ec01d4 3844 section = &phys_sections[phys_section_rom];
06ef3525 3845 }
37ec01d4 3846 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3847 } else {
f3705d53 3848 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3849 & TARGET_PAGE_MASK)
cc5bea60 3850 + memory_region_section_addr(section, addr);
5579c7f3 3851 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3852 stl_p(ptr, val);
74576198
AL		 3853
3854 if (unlikely(in_migration)) {
3855 if (!cpu_physical_memory_is_dirty(addr1)) {
3856 /* invalidate code */
3857 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3858 /* set dirty bit */
f7c11b53
YT		 3859 cpu_physical_memory_set_dirty_flags(
3860 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3861 }
3862 }
8df1cd07
FB		 3863 }
3864}
3865
a8170e5e 3866void stq_phys_notdirty(hwaddr addr, uint64_t val)
bc98a7ef 3867{
bc98a7ef 3868 uint8_t *ptr;
f3705d53 3869 MemoryRegionSection *section;
bc98a7ef 3870
ac1970fb 3871 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3872
f3705d53 3873 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3874 addr = memory_region_section_addr(section, addr);
f3705d53 3875 if (memory_region_is_ram(section->mr)) {
37ec01d4 3876 section = &phys_sections[phys_section_rom];
06ef3525 3877 }
bc98a7ef 3878#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3879 io_mem_write(section->mr, addr, val >> 32, 4);
3880 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3881#else
37ec01d4
AK		 3882 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3883 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3884#endif
3885 } else {
f3705d53 3886 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3887 & TARGET_PAGE_MASK)
cc5bea60 3888 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3889 stq_p(ptr, val);
3890 }
3891}
3892
8df1cd07 3893/* warning: addr must be aligned */
a8170e5e 3894static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3895 enum device_endian endian)
8df1cd07 3896{
8df1cd07 3897 uint8_t *ptr;
f3705d53 3898 MemoryRegionSection *section;
8df1cd07 3899
ac1970fb 3900 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3901
f3705d53 3902 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3903 addr = memory_region_section_addr(section, addr);
f3705d53 3904 if (memory_region_is_ram(section->mr)) {
37ec01d4 3905 section = &phys_sections[phys_section_rom];
06ef3525 3906 }
1e78bcc1
AG		 3907#if defined(TARGET_WORDS_BIGENDIAN)
3908 if (endian == DEVICE_LITTLE_ENDIAN) {
3909 val = bswap32(val);
3910 }
3911#else
3912 if (endian == DEVICE_BIG_ENDIAN) {
3913 val = bswap32(val);
3914 }
3915#endif
37ec01d4 3916 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3917 } else {
3918 unsigned long addr1;
f3705d53 3919 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3920 + memory_region_section_addr(section, addr);
8df1cd07 3921 /* RAM case */
5579c7f3 3922 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3923 switch (endian) {
3924 case DEVICE_LITTLE_ENDIAN:
3925 stl_le_p(ptr, val);
3926 break;
3927 case DEVICE_BIG_ENDIAN:
3928 stl_be_p(ptr, val);
3929 break;
3930 default:
3931 stl_p(ptr, val);
3932 break;
3933 }
51d7a9eb 3934 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3935 }
3936}
3937
a8170e5e 3938void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3939{
3940 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3941}
3942
a8170e5e 3943void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3944{
3945 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3946}
3947
a8170e5e 3948void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3949{
3950 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3951}
3952
aab33094 3953/* XXX: optimize */
a8170e5e 3954void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 3955{
3956 uint8_t v = val;
3957 cpu_physical_memory_write(addr, &v, 1);
3958}
3959
733f0b02 3960/* warning: addr must be aligned */
a8170e5e 3961static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3962 enum device_endian endian)
aab33094 3963{
733f0b02 3964 uint8_t *ptr;
f3705d53 3965 MemoryRegionSection *section;
733f0b02 3966
ac1970fb 3967 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3968
f3705d53 3969 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3970 addr = memory_region_section_addr(section, addr);
f3705d53 3971 if (memory_region_is_ram(section->mr)) {
37ec01d4 3972 section = &phys_sections[phys_section_rom];
06ef3525 3973 }
1e78bcc1
AG		 3974#if defined(TARGET_WORDS_BIGENDIAN)
3975 if (endian == DEVICE_LITTLE_ENDIAN) {
3976 val = bswap16(val);
3977 }
3978#else
3979 if (endian == DEVICE_BIG_ENDIAN) {
3980 val = bswap16(val);
3981 }
3982#endif
37ec01d4 3983 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 3984 } else {
3985 unsigned long addr1;
f3705d53 3986 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3987 + memory_region_section_addr(section, addr);
733f0b02
MT		 3988 /* RAM case */
3989 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3990 switch (endian) {
3991 case DEVICE_LITTLE_ENDIAN:
3992 stw_le_p(ptr, val);
3993 break;
3994 case DEVICE_BIG_ENDIAN:
3995 stw_be_p(ptr, val);
3996 break;
3997 default:
3998 stw_p(ptr, val);
3999 break;
4000 }
51d7a9eb 4001 invalidate_and_set_dirty(addr1, 2);
733f0b02 4002 }
aab33094
FB		 4003}
4004
a8170e5e 4005void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4006{
4007 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4008}
4009
a8170e5e 4010void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4011{
4012 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4013}
4014
a8170e5e 4015void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4016{
4017 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4018}
4019
aab33094 4020/* XXX: optimize */
a8170e5e 4021void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 4022{
4023 val = tswap64(val);
71d2b725 4024 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4025}
4026
a8170e5e 4027void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4028{
4029 val = cpu_to_le64(val);
4030 cpu_physical_memory_write(addr, &val, 8);
4031}
4032
a8170e5e 4033void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4034{
4035 val = cpu_to_be64(val);
4036 cpu_physical_memory_write(addr, &val, 8);
4037}
4038
5e2972fd 4039/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4040int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4041 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4042{
4043 int l;
a8170e5e 4044 hwaddr phys_addr;
9b3c35e0 4045 target_ulong page;
13eb76e0
FB		 4046
4047 while (len > 0) {
4048 page = addr & TARGET_PAGE_MASK;
4049 phys_addr = cpu_get_phys_page_debug(env, page);
4050 /* if no physical page mapped, return an error */
4051 if (phys_addr == -1)
4052 return -1;
4053 l = (page + TARGET_PAGE_SIZE) - addr;
4054 if (l > len)
4055 l = len;
5e2972fd 4056 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4057 if (is_write)
4058 cpu_physical_memory_write_rom(phys_addr, buf, l);
4059 else
5e2972fd 4060 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4061 len -= l;
4062 buf += l;
4063 addr += l;
4064 }
4065 return 0;
4066}
a68fe89c 4067#endif
13eb76e0 4068
2e70f6ef
PB		 4069/* in deterministic execution mode, instructions doing device I/Os
4070 must be at the end of the TB */
20503968 4071void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4072{
4073 TranslationBlock *tb;
4074 uint32_t n, cflags;
4075 target_ulong pc, cs_base;
4076 uint64_t flags;
4077
20503968 4078 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4079 if (!tb) {
4080 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4081 (void *)retaddr);
2e70f6ef
PB		 4082 }
4083 n = env->icount_decr.u16.low + tb->icount;
20503968 4084 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4085 /* Calculate how many instructions had been executed before the fault
bf20dc07 4086 occurred. */
2e70f6ef
PB		 4087 n = n - env->icount_decr.u16.low;
4088 /* Generate a new TB ending on the I/O insn. */
4089 n++;
4090 /* On MIPS and SH, delay slot instructions can only be restarted if
4091 they were already the first instruction in the TB. If this is not
bf20dc07 4092 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4093 branch. */
4094#if defined(TARGET_MIPS)
4095 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4096 env->active_tc.PC -= 4;
4097 env->icount_decr.u16.low++;
4098 env->hflags &= ~MIPS_HFLAG_BMASK;
4099 }
4100#elif defined(TARGET_SH4)
4101 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4102 && n > 1) {
4103 env->pc -= 2;
4104 env->icount_decr.u16.low++;
4105 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4106 }
4107#endif
4108 /* This should never happen. */
4109 if (n > CF_COUNT_MASK)
4110 cpu_abort(env, "TB too big during recompile");
4111
4112 cflags = n | CF_LAST_IO;
4113 pc = tb->pc;
4114 cs_base = tb->cs_base;
4115 flags = tb->flags;
4116 tb_phys_invalidate(tb, -1);
4117 /* FIXME: In theory this could raise an exception. In practice
4118 we have already translated the block once so it's probably ok. */
4119 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4120 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4121 the first in the TB) then we end up generating a whole new TB and
4122 repeating the fault, which is horribly inefficient.
4123 Better would be to execute just this insn uncached, or generate a
4124 second new TB. */
4125 cpu_resume_from_signal(env, NULL);
4126}
4127
b3755a91
PB		 4128#if !defined(CONFIG_USER_ONLY)
4129
055403b2 4130void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4131{
4132 int i, target_code_size, max_target_code_size;
4133 int direct_jmp_count, direct_jmp2_count, cross_page;
4134 TranslationBlock *tb;
3b46e624 4135
e3db7226
FB		 4136 target_code_size = 0;
4137 max_target_code_size = 0;
4138 cross_page = 0;
4139 direct_jmp_count = 0;
4140 direct_jmp2_count = 0;
4141 for(i = 0; i < nb_tbs; i++) {
4142 tb = &tbs[i];
4143 target_code_size += tb->size;
4144 if (tb->size > max_target_code_size)
4145 max_target_code_size = tb->size;
4146 if (tb->page_addr[1] != -1)
4147 cross_page++;
4148 if (tb->tb_next_offset[0] != 0xffff) {
4149 direct_jmp_count++;
4150 if (tb->tb_next_offset[1] != 0xffff) {
4151 direct_jmp2_count++;
4152 }
4153 }
4154 }
4155 /* XXX: avoid using doubles ? */
57fec1fe 4156 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4157 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4158 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4159 cpu_fprintf(f, "TB count %d/%d\n",
4160 nb_tbs, code_gen_max_blocks);
5fafdf24 4161 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4162 nb_tbs ? target_code_size / nb_tbs : 0,
4163 max_target_code_size);
055403b2 4164 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4165 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4166 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4167 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4168 cross_page,
e3db7226
FB		 4169 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4170 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4171 direct_jmp_count,
e3db7226
FB		 4172 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4173 direct_jmp2_count,
4174 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4175 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4176 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4177 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4178 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4179 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4180}
4181
82afa586
BH		 4182/*
4183 * A helper function for the _utterly broken_ virtio device model to find out if
4184 * it's running on a big endian machine. Don't do this at home kids!
4185 */
4186bool virtio_is_big_endian(void);
4187bool virtio_is_big_endian(void)
4188{
4189#if defined(TARGET_WORDS_BIGENDIAN)
4190 return true;
4191#else
4192 return false;
4193#endif
4194}
4195
61382a50 4196#endif
76f35538
WC		 4197
4198#ifndef CONFIG_USER_ONLY
a8170e5e 4199bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538
WC		 4200{
4201 MemoryRegionSection *section;
4202
ac1970fb
AK		 4203 section = phys_page_find(address_space_memory.dispatch,
4204 phys_addr >> TARGET_PAGE_BITS);
76f35538
WC		 4205
4206 return !(memory_region_is_ram(section->mr) ||
4207 memory_region_is_romd(section->mr));
4208}
4209#endif
Qemu copy for testing