]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block: resize backing image during active layer commit, if needed
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
1de7afc9 32#include "qemu/osdep.h"
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
0d09e41a 35#include "hw/xen/xen.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
54936004 48
022c62cb 49#include "exec/cputlb.h"
5b6dd868 50#include "translate-all.h"
0cac1b66 51
022c62cb 52#include "exec/memory-internal.h"
220c3ebd 53#include "exec/ram_addr.h"
582b55a9 54#include "qemu/cache-utils.h"
67d95c15 55
b35ba30f
MT		 56#include "qemu/range.h"
57
db7b5426 58//#define DEBUG_SUBPAGE
1196be37 59
e2eef170 60#if !defined(CONFIG_USER_ONLY)
981fdf23 61static bool in_migration;
94a6b54f 62
a3161038 63RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 64
65static MemoryRegion *system_memory;
309cb471 66static MemoryRegion *system_io;
62152b8a 67
f6790af6
AK		 68AddressSpace address_space_io;
69AddressSpace address_space_memory;
2673a5da 70
0844e007 71MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 72static MemoryRegion io_mem_unassigned;
0e0df1e2 73
e2eef170 74#endif
9fa3e853 75
bdc44640 76struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 77/* current CPU in the current thread. It is only valid inside
78 cpu_exec() */
4917cf44 79DEFINE_TLS(CPUState *, current_cpu);
2e70f6ef 80/* 0 = Do not count executed instructions.
bf20dc07 81 1 = Precise instruction counting.
2e70f6ef 82 2 = Adaptive rate instruction counting. */
5708fc66 83int use_icount;
6a00d601 84
e2eef170 85#if !defined(CONFIG_USER_ONLY)
4346ae3e 86
1db8abb1
PB		 87typedef struct PhysPageEntry PhysPageEntry;
88
89struct PhysPageEntry {
9736e55b 90 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 91 uint32_t skip : 6;
9736e55b 92 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 93 uint32_t ptr : 26;
1db8abb1
PB		 94};
95
8b795765
MT		 96#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
97
03f49957 98/* Size of the L2 (and L3, etc) page tables. */
57271d63 99#define ADDR_SPACE_BITS 64
03f49957 100
026736ce 101#define P_L2_BITS 9
03f49957
PB		 102#define P_L2_SIZE (1 << P_L2_BITS)
103
104#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
105
106typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 107
53cb28cb
MA		 108typedef struct PhysPageMap {
109 unsigned sections_nb;
110 unsigned sections_nb_alloc;
111 unsigned nodes_nb;
112 unsigned nodes_nb_alloc;
113 Node *nodes;
114 MemoryRegionSection *sections;
115} PhysPageMap;
116
1db8abb1
PB		 117struct AddressSpaceDispatch {
118 /* This is a multi-level map on the physical address space.
119 * The bottom level has pointers to MemoryRegionSections.
120 */
121 PhysPageEntry phys_map;
53cb28cb 122 PhysPageMap map;
acc9d80b 123 AddressSpace *as;
1db8abb1
PB		 124};
125
90260c6c
JK		 126#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
127typedef struct subpage_t {
128 MemoryRegion iomem;
acc9d80b 129 AddressSpace *as;
90260c6c
JK		 130 hwaddr base;
131 uint16_t sub_section[TARGET_PAGE_SIZE];
132} subpage_t;
133
b41aac4f
LPF		 134#define PHYS_SECTION_UNASSIGNED 0
135#define PHYS_SECTION_NOTDIRTY 1
136#define PHYS_SECTION_ROM 2
137#define PHYS_SECTION_WATCH 3
5312bd8b 138
e2eef170 139static void io_mem_init(void);
62152b8a 140static void memory_map_init(void);
e2eef170 141
1ec9b909 142static MemoryRegion io_mem_watch;
6658ffb8 143#endif
fd6ce8f6 144
6d9a1304 145#if !defined(CONFIG_USER_ONLY)
d6f2ea22 146
53cb28cb 147static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 148{
53cb28cb
MA		 149 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
150 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
151 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
152 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 153 }
f7bf5461
AK		 154}
155
53cb28cb 156static uint32_t phys_map_node_alloc(PhysPageMap *map)
f7bf5461
AK		 157{
158 unsigned i;
8b795765 159 uint32_t ret;
f7bf5461 160
53cb28cb 161 ret = map->nodes_nb++;
f7bf5461 162 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 163 assert(ret != map->nodes_nb_alloc);
03f49957 164 for (i = 0; i < P_L2_SIZE; ++i) {
53cb28cb
MA		 165 map->nodes[ret][i].skip = 1;
166 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 167 }
f7bf5461 168 return ret;
d6f2ea22
AK		 169}
170
53cb28cb
MA		 171static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
172 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 173 int level)
f7bf5461
AK		 174{
175 PhysPageEntry *p;
176 int i;
03f49957 177 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 178
9736e55b 179 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
53cb28cb
MA		 180 lp->ptr = phys_map_node_alloc(map);
181 p = map->nodes[lp->ptr];
f7bf5461 182 if (level == 0) {
03f49957 183 for (i = 0; i < P_L2_SIZE; i++) {
9736e55b 184 p[i].skip = 0;
b41aac4f 185 p[i].ptr = PHYS_SECTION_UNASSIGNED;
4346ae3e 186 }
67c4d23c 187 }
f7bf5461 188 } else {
53cb28cb 189 p = map->nodes[lp->ptr];
92e873b9 190 }
03f49957 191 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 192
03f49957 193 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 194 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 195 lp->skip = 0;
c19e8800 196 lp->ptr = leaf;
07f07b31
AK		 197 *index += step;
198 *nb -= step;
2999097b 199 } else {
53cb28cb 200 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 201 }
202 ++lp;
f7bf5461
AK		 203 }
204}
205
ac1970fb 206static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 207 hwaddr index, hwaddr nb,
2999097b 208 uint16_t leaf)
f7bf5461 209{
2999097b 210 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 211 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 212
53cb28cb 213 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 214}
215
b35ba30f
MT		 216/* Compact a non leaf page entry. Simply detect that the entry has a single child,
217 * and update our entry so we can skip it and go directly to the destination.
218 */
219static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
220{
221 unsigned valid_ptr = P_L2_SIZE;
222 int valid = 0;
223 PhysPageEntry *p;
224 int i;
225
226 if (lp->ptr == PHYS_MAP_NODE_NIL) {
227 return;
228 }
229
230 p = nodes[lp->ptr];
231 for (i = 0; i < P_L2_SIZE; i++) {
232 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
233 continue;
234 }
235
236 valid_ptr = i;
237 valid++;
238 if (p[i].skip) {
239 phys_page_compact(&p[i], nodes, compacted);
240 }
241 }
242
243 /* We can only compress if there's only one child. */
244 if (valid != 1) {
245 return;
246 }
247
248 assert(valid_ptr < P_L2_SIZE);
249
250 /* Don't compress if it won't fit in the # of bits we have. */
251 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
252 return;
253 }
254
255 lp->ptr = p[valid_ptr].ptr;
256 if (!p[valid_ptr].skip) {
257 /* If our only child is a leaf, make this a leaf. */
258 /* By design, we should have made this node a leaf to begin with so we
259 * should never reach here.
260 * But since it's so simple to handle this, let's do it just in case we
261 * change this rule.
262 */
263 lp->skip = 0;
264 } else {
265 lp->skip += p[valid_ptr].skip;
266 }
267}
268
269static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
270{
271 DECLARE_BITMAP(compacted, nodes_nb);
272
273 if (d->phys_map.skip) {
53cb28cb 274 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 275 }
276}
277
97115a8d 278static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 279 Node *nodes, MemoryRegionSection *sections)
92e873b9 280{
31ab2b4a 281 PhysPageEntry *p;
97115a8d 282 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 283 int i;
f1f6e3b8 284
9736e55b 285 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 286 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 287 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 288 }
9affd6fc 289 p = nodes[lp.ptr];
03f49957 290 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 291 }
b35ba30f
MT		 292
293 if (sections[lp.ptr].size.hi ||
294 range_covers_byte(sections[lp.ptr].offset_within_address_space,
295 sections[lp.ptr].size.lo, addr)) {
296 return &sections[lp.ptr];
297 } else {
298 return &sections[PHYS_SECTION_UNASSIGNED];
299 }
f3705d53
AK		 300}
301
e5548617
BS		 302bool memory_region_is_unassigned(MemoryRegion *mr)
303{
2a8e7499 304 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 305 && mr != &io_mem_watch;
fd6ce8f6 306}
149f54b5 307
c7086b4a 308static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 309 hwaddr addr,
310 bool resolve_subpage)
9f029603 311{
90260c6c
JK		 312 MemoryRegionSection *section;
313 subpage_t *subpage;
314
53cb28cb 315 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 316 if (resolve_subpage && section->mr->subpage) {
317 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 318 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 319 }
320 return section;
9f029603
JK		 321}
322
90260c6c 323static MemoryRegionSection *
c7086b4a 324address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 325 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 326{
327 MemoryRegionSection *section;
328 Int128 diff;
329
c7086b4a 330 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 331 /* Compute offset within MemoryRegionSection */
332 addr -= section->offset_within_address_space;
333
334 /* Compute offset within MemoryRegion */
335 *xlat = addr + section->offset_within_region;
336
337 diff = int128_sub(section->mr->size, int128_make64(addr));
3752a036 338 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
149f54b5
PB		 339 return section;
340}
90260c6c 341
5c8a00ce
PB		 342MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
343 hwaddr *xlat, hwaddr *plen,
344 bool is_write)
90260c6c 345{
30951157
AK		 346 IOMMUTLBEntry iotlb;
347 MemoryRegionSection *section;
348 MemoryRegion *mr;
349 hwaddr len = *plen;
350
351 for (;;) {
c7086b4a 352 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
30951157
AK		 353 mr = section->mr;
354
355 if (!mr->iommu_ops) {
356 break;
357 }
358
359 iotlb = mr->iommu_ops->translate(mr, addr);
360 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
361 | (addr & iotlb.addr_mask));
362 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
363 if (!(iotlb.perm & (1 << is_write))) {
364 mr = &io_mem_unassigned;
365 break;
366 }
367
368 as = iotlb.target_as;
369 }
370
371 *plen = len;
372 *xlat = addr;
373 return mr;
90260c6c
JK		 374}
375
376MemoryRegionSection *
377address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
378 hwaddr *plen)
379{
30951157 380 MemoryRegionSection *section;
c7086b4a 381 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
30951157
AK		 382
383 assert(!section->mr->iommu_ops);
384 return section;
90260c6c 385}
5b6dd868 386#endif
fd6ce8f6 387
5b6dd868 388void cpu_exec_init_all(void)
fdbb84d1 389{
5b6dd868 390#if !defined(CONFIG_USER_ONLY)
b2a8658e 391 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 392 memory_map_init();
393 io_mem_init();
fdbb84d1 394#endif
5b6dd868 395}
fdbb84d1 396
b170fce3 397#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 398
399static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 400{
259186a7 401 CPUState *cpu = opaque;
a513fe19 402
5b6dd868
BS		 403 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
404 version_id is increased. */
259186a7
AF		 405 cpu->interrupt_request &= ~0x01;
406 tlb_flush(cpu->env_ptr, 1);
5b6dd868
BS		 407
408 return 0;
a513fe19 409}
7501267e 410
1a1562f5 411const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 412 .name = "cpu_common",
413 .version_id = 1,
414 .minimum_version_id = 1,
415 .minimum_version_id_old = 1,
416 .post_load = cpu_common_post_load,
417 .fields = (VMStateField []) {
259186a7
AF		 418 VMSTATE_UINT32(halted, CPUState),
419 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868
BS		 420 VMSTATE_END_OF_LIST()
421 }
422};
1a1562f5 423
5b6dd868 424#endif
ea041c0e 425
38d8f5c8 426CPUState *qemu_get_cpu(int index)
ea041c0e 427{
bdc44640 428 CPUState *cpu;
ea041c0e 429
bdc44640 430 CPU_FOREACH(cpu) {
55e5c285 431 if (cpu->cpu_index == index) {
bdc44640 432 return cpu;
55e5c285 433 }
ea041c0e 434 }
5b6dd868 435
bdc44640 436 return NULL;
ea041c0e
FB		 437}
438
5b6dd868 439void cpu_exec_init(CPUArchState *env)
ea041c0e 440{
5b6dd868 441 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 442 CPUClass *cc = CPU_GET_CLASS(cpu);
bdc44640 443 CPUState *some_cpu;
5b6dd868
BS		 444 int cpu_index;
445
446#if defined(CONFIG_USER_ONLY)
447 cpu_list_lock();
448#endif
5b6dd868 449 cpu_index = 0;
bdc44640 450 CPU_FOREACH(some_cpu) {
5b6dd868
BS		 451 cpu_index++;
452 }
55e5c285 453 cpu->cpu_index = cpu_index;
1b1ed8dc 454 cpu->numa_node = 0;
5b6dd868
BS		 455 QTAILQ_INIT(&env->breakpoints);
456 QTAILQ_INIT(&env->watchpoints);
457#ifndef CONFIG_USER_ONLY
458 cpu->thread_id = qemu_get_thread_id();
459#endif
bdc44640 460 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 461#if defined(CONFIG_USER_ONLY)
462 cpu_list_unlock();
463#endif
e0d47944
AF		 464 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
465 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
466 }
5b6dd868 467#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 468 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
469 cpu_save, cpu_load, env);
b170fce3 470 assert(cc->vmsd == NULL);
e0d47944 471 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 472#endif
b170fce3
AF		 473 if (cc->vmsd != NULL) {
474 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
475 }
ea041c0e
FB		 476}
477
1fddef4b 478#if defined(TARGET_HAS_ICE)
94df27fd 479#if defined(CONFIG_USER_ONLY)
00b941e5 480static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 481{
482 tb_invalidate_phys_page_range(pc, pc + 1, 0);
483}
484#else
00b941e5 485static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 486{
e8262a1b
MF		 487 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
488 if (phys != -1) {
489 tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
490 }
1e7855a5 491}
c27004ec 492#endif
94df27fd 493#endif /* TARGET_HAS_ICE */
d720b93d 494
c527ee8f 495#if defined(CONFIG_USER_ONLY)
9349b4f9 496void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 497
498{
499}
500
9349b4f9 501int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 502 int flags, CPUWatchpoint **watchpoint)
503{
504 return -ENOSYS;
505}
506#else
6658ffb8 507/* Add a watchpoint. */
9349b4f9 508int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 509 int flags, CPUWatchpoint **watchpoint)
6658ffb8 510{
b4051334 511 target_ulong len_mask = ~(len - 1);
c0ce998e 512 CPUWatchpoint *wp;
6658ffb8 513
b4051334 514 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 515 if ((len & (len - 1)) || (addr & ~len_mask) ||
516 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 517 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
518 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
519 return -EINVAL;
520 }
7267c094 521 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 522
523 wp->vaddr = addr;
b4051334 524 wp->len_mask = len_mask;
a1d1bb31
AL		 525 wp->flags = flags;
526
2dc9f411 527 /* keep all GDB-injected watchpoints in front */
c0ce998e 528 if (flags & BP_GDB)
72cf2d4f 529 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 530 else
72cf2d4f 531 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 532
6658ffb8 533 tlb_flush_page(env, addr);
a1d1bb31
AL		 534
535 if (watchpoint)
536 *watchpoint = wp;
537 return 0;
6658ffb8
PB		 538}
539
a1d1bb31 540/* Remove a specific watchpoint. */
9349b4f9 541int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 542 int flags)
6658ffb8 543{
b4051334 544 target_ulong len_mask = ~(len - 1);
a1d1bb31 545 CPUWatchpoint *wp;
6658ffb8 546
72cf2d4f 547 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 548 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 549 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 550 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 551 return 0;
552 }
553 }
a1d1bb31 554 return -ENOENT;
6658ffb8
PB		 555}
556
a1d1bb31 557/* Remove a specific watchpoint by reference. */
9349b4f9 558void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 559{
72cf2d4f 560 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 561
a1d1bb31
AL		 562 tlb_flush_page(env, watchpoint->vaddr);
563
7267c094 564 g_free(watchpoint);
a1d1bb31
AL		 565}
566
567/* Remove all matching watchpoints. */
9349b4f9 568void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 569{
c0ce998e 570 CPUWatchpoint *wp, *next;
a1d1bb31 571
72cf2d4f 572 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 573 if (wp->flags & mask)
574 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 575 }
7d03f82f 576}
c527ee8f 577#endif
7d03f82f 578
a1d1bb31 579/* Add a breakpoint. */
9349b4f9 580int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 581 CPUBreakpoint **breakpoint)
4c3a88a2 582{
1fddef4b 583#if defined(TARGET_HAS_ICE)
c0ce998e 584 CPUBreakpoint *bp;
3b46e624 585
7267c094 586 bp = g_malloc(sizeof(*bp));
4c3a88a2 587
a1d1bb31
AL		 588 bp->pc = pc;
589 bp->flags = flags;
590
2dc9f411 591 /* keep all GDB-injected breakpoints in front */
00b941e5 592 if (flags & BP_GDB) {
72cf2d4f 593 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
00b941e5 594 } else {
72cf2d4f 595 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
00b941e5 596 }
3b46e624 597
00b941e5 598 breakpoint_invalidate(ENV_GET_CPU(env), pc);
a1d1bb31 599
00b941e5 600 if (breakpoint) {
a1d1bb31 601 *breakpoint = bp;
00b941e5 602 }
4c3a88a2
FB		 603 return 0;
604#else
a1d1bb31 605 return -ENOSYS;
4c3a88a2
FB		 606#endif
607}
608
a1d1bb31 609/* Remove a specific breakpoint. */
9349b4f9 610int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 611{
7d03f82f 612#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 613 CPUBreakpoint *bp;
614
72cf2d4f 615 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 616 if (bp->pc == pc && bp->flags == flags) {
617 cpu_breakpoint_remove_by_ref(env, bp);
618 return 0;
619 }
7d03f82f 620 }
a1d1bb31
AL		 621 return -ENOENT;
622#else
623 return -ENOSYS;
7d03f82f
EI		 624#endif
625}
626
a1d1bb31 627/* Remove a specific breakpoint by reference. */
9349b4f9 628void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 629{
1fddef4b 630#if defined(TARGET_HAS_ICE)
72cf2d4f 631 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 632
00b941e5 633 breakpoint_invalidate(ENV_GET_CPU(env), breakpoint->pc);
a1d1bb31 634
7267c094 635 g_free(breakpoint);
a1d1bb31
AL		 636#endif
637}
638
639/* Remove all matching breakpoints. */
9349b4f9 640void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 641{
642#if defined(TARGET_HAS_ICE)
c0ce998e 643 CPUBreakpoint *bp, *next;
a1d1bb31 644
72cf2d4f 645 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 646 if (bp->flags & mask)
647 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 648 }
4c3a88a2
FB		 649#endif
650}
651
c33a346e
FB		 652/* enable or disable single step mode. EXCP_DEBUG is returned by the
653 CPU loop after each instruction */
3825b28f 654void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 655{
1fddef4b 656#if defined(TARGET_HAS_ICE)
ed2803da
AF		 657 if (cpu->singlestep_enabled != enabled) {
658 cpu->singlestep_enabled = enabled;
659 if (kvm_enabled()) {
38e478ec 660 kvm_update_guest_debug(cpu, 0);
ed2803da 661 } else {
ccbb4d44 662 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 663 /* XXX: only flush what is necessary */
38e478ec 664 CPUArchState *env = cpu->env_ptr;
e22a25c9
AL		 665 tb_flush(env);
666 }
c33a346e
FB		 667 }
668#endif
669}
670
9349b4f9 671void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e 672{
878096ee 673 CPUState *cpu = ENV_GET_CPU(env);
7501267e 674 va_list ap;
493ae1f0 675 va_list ap2;
7501267e
FB		 676
677 va_start(ap, fmt);
493ae1f0 678 va_copy(ap2, ap);
7501267e
FB		 679 fprintf(stderr, "qemu: fatal: ");
680 vfprintf(stderr, fmt, ap);
681 fprintf(stderr, "\n");
878096ee 682 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 683 if (qemu_log_enabled()) {
684 qemu_log("qemu: fatal: ");
685 qemu_log_vprintf(fmt, ap2);
686 qemu_log("\n");
a0762859 687 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 688 qemu_log_flush();
93fcfe39 689 qemu_log_close();
924edcae 690 }
493ae1f0 691 va_end(ap2);
f9373291 692 va_end(ap);
fd052bf6
RV		 693#if defined(CONFIG_USER_ONLY)
694 {
695 struct sigaction act;
696 sigfillset(&act.sa_mask);
697 act.sa_handler = SIG_DFL;
698 sigaction(SIGABRT, &act, NULL);
699 }
700#endif
7501267e
FB		 701 abort();
702}
703
0124311e 704#if !defined(CONFIG_USER_ONLY)
041603fe
PB		 705static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
706{
707 RAMBlock *block;
708
709 /* The list is protected by the iothread lock here. */
710 block = ram_list.mru_block;
711 if (block && addr - block->offset < block->length) {
712 goto found;
713 }
714 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
715 if (addr - block->offset < block->length) {
716 goto found;
717 }
718 }
719
720 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
721 abort();
722
723found:
724 ram_list.mru_block = block;
725 return block;
726}
727
a2f4d5be 728static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 729{
041603fe 730 ram_addr_t start1;
a2f4d5be
JQ		 731 RAMBlock *block;
732 ram_addr_t end;
733
734 end = TARGET_PAGE_ALIGN(start + length);
735 start &= TARGET_PAGE_MASK;
d24981d3 736
041603fe
PB		 737 block = qemu_get_ram_block(start);
738 assert(block == qemu_get_ram_block(end - 1));
739 start1 = (uintptr_t)block->host + (start - block->offset);
740 cpu_tlb_reset_dirty_all(start1, length);
d24981d3
JQ		 741}
742
5579c7f3 743/* Note: start and end must be within the same ram block. */
a2f4d5be 744void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
52159192 745 unsigned client)
1ccde1cb 746{
1ccde1cb
FB		 747 if (length == 0)
748 return;
ace694cc 749 cpu_physical_memory_clear_dirty_range(start, length, client);
f23db169 750
d24981d3 751 if (tcg_enabled()) {
a2f4d5be 752 tlb_reset_dirty_range_all(start, length);
5579c7f3 753 }
1ccde1cb
FB		 754}
755
981fdf23 756static void cpu_physical_memory_set_dirty_tracking(bool enable)
74576198
AL		 757{
758 in_migration = enable;
74576198
AL		 759}
760
a8170e5e 761hwaddr memory_region_section_get_iotlb(CPUArchState *env,
149f54b5
PB		 762 MemoryRegionSection *section,
763 target_ulong vaddr,
764 hwaddr paddr, hwaddr xlat,
765 int prot,
766 target_ulong *address)
e5548617 767{
a8170e5e 768 hwaddr iotlb;
e5548617
BS		 769 CPUWatchpoint *wp;
770
cc5bea60 771 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 772 /* Normal RAM. */
773 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 774 + xlat;
e5548617 775 if (!section->readonly) {
b41aac4f 776 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 777 } else {
b41aac4f 778 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 779 }
780 } else {
53cb28cb 781 iotlb = section - address_space_memory.dispatch->map.sections;
149f54b5 782 iotlb += xlat;
e5548617
BS		 783 }
784
785 /* Make accesses to pages with watchpoints go via the
786 watchpoint trap routines. */
787 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
788 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
789 /* Avoid trapping reads of pages with a write breakpoint. */
790 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 791 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 792 *address |= TLB_MMIO;
793 break;
794 }
795 }
796 }
797
798 return iotlb;
799}
9fa3e853
FB		 800#endif /* defined(CONFIG_USER_ONLY) */
801
e2eef170 802#if !defined(CONFIG_USER_ONLY)
8da3ff18 803
c227f099 804static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 805 uint16_t section);
acc9d80b 806static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 807
575ddeb4 808static void *(*phys_mem_alloc)(size_t size) = qemu_anon_ram_alloc;
91138037
MA		 809
810/*
811 * Set a custom physical guest memory alloator.
812 * Accelerators with unusual needs may need this. Hopefully, we can
813 * get rid of it eventually.
814 */
575ddeb4 815void phys_mem_set_alloc(void *(*alloc)(size_t))
91138037
MA		 816{
817 phys_mem_alloc = alloc;
818}
819
53cb28cb
MA		 820static uint16_t phys_section_add(PhysPageMap *map,
821 MemoryRegionSection *section)
5312bd8b 822{
68f3f65b
PB		 823 /* The physical section number is ORed with a page-aligned
824 * pointer to produce the iotlb entries. Thus it should
825 * never overflow into the page-aligned value.
826 */
53cb28cb 827 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 828
53cb28cb
MA		 829 if (map->sections_nb == map->sections_nb_alloc) {
830 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
831 map->sections = g_renew(MemoryRegionSection, map->sections,
832 map->sections_nb_alloc);
5312bd8b 833 }
53cb28cb 834 map->sections[map->sections_nb] = *section;
dfde4e6e 835 memory_region_ref(section->mr);
53cb28cb 836 return map->sections_nb++;
5312bd8b
AK		 837}
838
058bc4b5
PB		 839static void phys_section_destroy(MemoryRegion *mr)
840{
dfde4e6e
PB		 841 memory_region_unref(mr);
842
058bc4b5
PB		 843 if (mr->subpage) {
844 subpage_t *subpage = container_of(mr, subpage_t, iomem);
845 memory_region_destroy(&subpage->iomem);
846 g_free(subpage);
847 }
848}
849
6092666e 850static void phys_sections_free(PhysPageMap *map)
5312bd8b 851{
9affd6fc
PB		 852 while (map->sections_nb > 0) {
853 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 854 phys_section_destroy(section->mr);
855 }
9affd6fc
PB		 856 g_free(map->sections);
857 g_free(map->nodes);
5312bd8b
AK		 858}
859
ac1970fb 860static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 861{
862 subpage_t *subpage;
a8170e5e 863 hwaddr base = section->offset_within_address_space
0f0cb164 864 & TARGET_PAGE_MASK;
97115a8d 865 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 866 d->map.nodes, d->map.sections);
0f0cb164
AK		 867 MemoryRegionSection subsection = {
868 .offset_within_address_space = base,
052e87b0 869 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 870 };
a8170e5e 871 hwaddr start, end;
0f0cb164 872
f3705d53 873 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 874
f3705d53 875 if (!(existing->mr->subpage)) {
acc9d80b 876 subpage = subpage_init(d->as, base);
0f0cb164 877 subsection.mr = &subpage->iomem;
ac1970fb 878 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 879 phys_section_add(&d->map, &subsection));
0f0cb164 880 } else {
f3705d53 881 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 882 }
883 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 884 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 885 subpage_register(subpage, start, end,
886 phys_section_add(&d->map, section));
0f0cb164
AK		 887}
888
889
052e87b0
PB		 890static void register_multipage(AddressSpaceDispatch *d,
891 MemoryRegionSection *section)
33417e70 892{
a8170e5e 893 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 894 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 895 uint64_t num_pages = int128_get64(int128_rshift(section->size,
896 TARGET_PAGE_BITS));
dd81124b 897
733d5ef5
PB		 898 assert(num_pages);
899 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 900}
901
ac1970fb 902static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 903{
89ae337a 904 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 905 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 906 MemoryRegionSection now = *section, remain = *section;
052e87b0 907 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 908
733d5ef5
PB		 909 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
910 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
911 - now.offset_within_address_space;
912
052e87b0 913 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 914 register_subpage(d, &now);
733d5ef5 915 } else {
052e87b0 916 now.size = int128_zero();
733d5ef5 917 }
052e87b0
PB		 918 while (int128_ne(remain.size, now.size)) {
919 remain.size = int128_sub(remain.size, now.size);
920 remain.offset_within_address_space += int128_get64(now.size);
921 remain.offset_within_region += int128_get64(now.size);
69b67646 922 now = remain;
052e87b0 923 if (int128_lt(remain.size, page_size)) {
733d5ef5 924 register_subpage(d, &now);
88266249 925 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 926 now.size = page_size;
ac1970fb 927 register_subpage(d, &now);
69b67646 928 } else {
052e87b0 929 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 930 register_multipage(d, &now);
69b67646 931 }
0f0cb164
AK		 932 }
933}
934
62a2744c
SY		 935void qemu_flush_coalesced_mmio_buffer(void)
936{
937 if (kvm_enabled())
938 kvm_flush_coalesced_mmio_buffer();
939}
940
b2a8658e
UD		 941void qemu_mutex_lock_ramlist(void)
942{
943 qemu_mutex_lock(&ram_list.mutex);
944}
945
946void qemu_mutex_unlock_ramlist(void)
947{
948 qemu_mutex_unlock(&ram_list.mutex);
949}
950
e1e84ba0 951#ifdef __linux__
c902760f
MT		 952
953#include <sys/vfs.h>
954
955#define HUGETLBFS_MAGIC 0x958458f6
956
957static long gethugepagesize(const char *path)
958{
959 struct statfs fs;
960 int ret;
961
962 do {
9742bf26 963 ret = statfs(path, &fs);
c902760f
MT		 964 } while (ret != 0 && errno == EINTR);
965
966 if (ret != 0) {
9742bf26
YT		 967 perror(path);
968 return 0;
c902760f
MT		 969 }
970
971 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 972 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 973
974 return fs.f_bsize;
975}
976
ef36fa14
MT		 977static sigjmp_buf sigjump;
978
979static void sigbus_handler(int signal)
980{
981 siglongjmp(sigjump, 1);
982}
983
04b16653
AW		 984static void *file_ram_alloc(RAMBlock *block,
985 ram_addr_t memory,
986 const char *path)
c902760f
MT		 987{
988 char *filename;
8ca761f6
PF		 989 char *sanitized_name;
990 char *c;
c902760f
MT		 991 void *area;
992 int fd;
c902760f
MT		 993 unsigned long hpagesize;
994
995 hpagesize = gethugepagesize(path);
996 if (!hpagesize) {
9742bf26 997 return NULL;
c902760f
MT		 998 }
999
1000 if (memory < hpagesize) {
1001 return NULL;
1002 }
1003
1004 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1005 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
1006 return NULL;
1007 }
1008
8ca761f6
PF		 1009 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1010 sanitized_name = g_strdup(block->mr->name);
1011 for (c = sanitized_name; *c != '\0'; c++) {
1012 if (*c == '/')
1013 *c = '_';
1014 }
1015
1016 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1017 sanitized_name);
1018 g_free(sanitized_name);
c902760f
MT		 1019
1020 fd = mkstemp(filename);
1021 if (fd < 0) {
9742bf26 1022 perror("unable to create backing store for hugepages");
e4ada482 1023 g_free(filename);
9742bf26 1024 return NULL;
c902760f
MT		 1025 }
1026 unlink(filename);
e4ada482 1027 g_free(filename);
c902760f
MT		 1028
1029 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1030
1031 /*
1032 * ftruncate is not supported by hugetlbfs in older
1033 * hosts, so don't bother bailing out on errors.
1034 * If anything goes wrong with it under other filesystems,
1035 * mmap will fail.
1036 */
1037 if (ftruncate(fd, memory))
9742bf26 1038 perror("ftruncate");
c902760f 1039
c902760f 1040 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
c902760f 1041 if (area == MAP_FAILED) {
9742bf26
YT		 1042 perror("file_ram_alloc: can't mmap RAM pages");
1043 close(fd);
1044 return (NULL);
c902760f 1045 }
ef36fa14
MT		 1046
1047 if (mem_prealloc) {
1048 int ret, i;
1049 struct sigaction act, oldact;
1050 sigset_t set, oldset;
1051
1052 memset(&act, 0, sizeof(act));
1053 act.sa_handler = &sigbus_handler;
1054 act.sa_flags = 0;
1055
1056 ret = sigaction(SIGBUS, &act, &oldact);
1057 if (ret) {
1058 perror("file_ram_alloc: failed to install signal handler");
1059 exit(1);
1060 }
1061
1062 /* unblock SIGBUS */
1063 sigemptyset(&set);
1064 sigaddset(&set, SIGBUS);
1065 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
1066
1067 if (sigsetjmp(sigjump, 1)) {
1068 fprintf(stderr, "file_ram_alloc: failed to preallocate pages\n");
1069 exit(1);
1070 }
1071
1072 /* MAP_POPULATE silently ignores failures */
1073 for (i = 0; i < (memory/hpagesize)-1; i++) {
1074 memset(area + (hpagesize*i), 0, 1);
1075 }
1076
1077 ret = sigaction(SIGBUS, &oldact, NULL);
1078 if (ret) {
1079 perror("file_ram_alloc: failed to reinstall signal handler");
1080 exit(1);
1081 }
1082
1083 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
1084 }
1085
04b16653 1086 block->fd = fd;
c902760f
MT		 1087 return area;
1088}
e1e84ba0
MA		 1089#else
1090static void *file_ram_alloc(RAMBlock *block,
1091 ram_addr_t memory,
1092 const char *path)
1093{
1094 fprintf(stderr, "-mem-path not supported on this host\n");
1095 exit(1);
1096}
c902760f
MT		 1097#endif
1098
d17b5288 1099static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1100{
1101 RAMBlock *block, *next_block;
3e837b2c 1102 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1103
49cd9ac6
SH		 1104 assert(size != 0); /* it would hand out same offset multiple times */
1105
a3161038 1106 if (QTAILQ_EMPTY(&ram_list.blocks))
04b16653
AW		 1107 return 0;
1108
a3161038 1109 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 1110 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 1111
1112 end = block->offset + block->length;
1113
a3161038 1114 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
04b16653
AW		 1115 if (next_block->offset >= end) {
1116 next = MIN(next, next_block->offset);
1117 }
1118 }
1119 if (next - end >= size && next - end < mingap) {
3e837b2c 1120 offset = end;
04b16653
AW		 1121 mingap = next - end;
1122 }
1123 }
3e837b2c
AW		 1124
1125 if (offset == RAM_ADDR_MAX) {
1126 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1127 (uint64_t)size);
1128 abort();
1129 }
1130
04b16653
AW		 1131 return offset;
1132}
1133
652d7ec2 1134ram_addr_t last_ram_offset(void)
d17b5288
AW		 1135{
1136 RAMBlock *block;
1137 ram_addr_t last = 0;
1138
a3161038 1139 QTAILQ_FOREACH(block, &ram_list.blocks, next)
d17b5288
AW		 1140 last = MAX(last, block->offset + block->length);
1141
1142 return last;
1143}
1144
ddb97f1d
JB		 1145static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1146{
1147 int ret;
ddb97f1d
JB		 1148
1149 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2ff3de68
MA		 1150 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1151 "dump-guest-core", true)) {
ddb97f1d
JB		 1152 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1153 if (ret) {
1154 perror("qemu_madvise");
1155 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1156 "but dump_guest_core=off specified\n");
1157 }
1158 }
1159}
1160
c5705a77 1161void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 1162{
1163 RAMBlock *new_block, *block;
1164
c5705a77 1165 new_block = NULL;
a3161038 1166 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77
AK		 1167 if (block->offset == addr) {
1168 new_block = block;
1169 break;
1170 }
1171 }
1172 assert(new_block);
1173 assert(!new_block->idstr[0]);
84b89d78 1174
09e5ab63
AL		 1175 if (dev) {
1176 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1177 if (id) {
1178 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1179 g_free(id);
84b89d78
CM		 1180 }
1181 }
1182 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1183
b2a8658e
UD		 1184 /* This assumes the iothread lock is taken here too. */
1185 qemu_mutex_lock_ramlist();
a3161038 1186 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77 1187 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1188 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1189 new_block->idstr);
1190 abort();
1191 }
1192 }
b2a8658e 1193 qemu_mutex_unlock_ramlist();
c5705a77
AK		 1194}
1195
8490fc78
LC		 1196static int memory_try_enable_merging(void *addr, size_t len)
1197{
2ff3de68 1198 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
8490fc78
LC		 1199 /* disabled by the user */
1200 return 0;
1201 }
1202
1203 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1204}
1205
c5705a77
AK		 1206ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1207 MemoryRegion *mr)
1208{
abb26d63 1209 RAMBlock *block, *new_block;
2152f5ca
JQ		 1210 ram_addr_t old_ram_size, new_ram_size;
1211
1212 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77
AK		 1213
1214 size = TARGET_PAGE_ALIGN(size);
1215 new_block = g_malloc0(sizeof(*new_block));
3435f395 1216 new_block->fd = -1;
84b89d78 1217
b2a8658e
UD		 1218 /* This assumes the iothread lock is taken here too. */
1219 qemu_mutex_lock_ramlist();
7c637366 1220 new_block->mr = mr;
432d268c 1221 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 1222 if (host) {
1223 new_block->host = host;
cd19cfa2 1224 new_block->flags |= RAM_PREALLOC_MASK;
dfeaf2ab
MA		 1225 } else if (xen_enabled()) {
1226 if (mem_path) {
1227 fprintf(stderr, "-mem-path not supported with Xen\n");
1228 exit(1);
1229 }
1230 xen_ram_alloc(new_block->offset, size, mr);
6977dfe6
YT		 1231 } else {
1232 if (mem_path) {
e1e84ba0
MA		 1233 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1234 /*
1235 * file_ram_alloc() needs to allocate just like
1236 * phys_mem_alloc, but we haven't bothered to provide
1237 * a hook there.
1238 */
1239 fprintf(stderr,
1240 "-mem-path not supported with this accelerator\n");
1241 exit(1);
1242 }
6977dfe6 1243 new_block->host = file_ram_alloc(new_block, size, mem_path);
0628c182
MA		 1244 }
1245 if (!new_block->host) {
91138037 1246 new_block->host = phys_mem_alloc(size);
39228250
MA		 1247 if (!new_block->host) {
1248 fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
1249 new_block->mr->name, strerror(errno));
1250 exit(1);
1251 }
8490fc78 1252 memory_try_enable_merging(new_block->host, size);
6977dfe6 1253 }
c902760f 1254 }
94a6b54f
PB		 1255 new_block->length = size;
1256
abb26d63
PB		 1257 /* Keep the list sorted from biggest to smallest block. */
1258 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1259 if (block->length < new_block->length) {
1260 break;
1261 }
1262 }
1263 if (block) {
1264 QTAILQ_INSERT_BEFORE(block, new_block, next);
1265 } else {
1266 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1267 }
0d6d3c87 1268 ram_list.mru_block = NULL;
94a6b54f 1269
f798b07f 1270 ram_list.version++;
b2a8658e 1271 qemu_mutex_unlock_ramlist();
f798b07f 1272
2152f5ca
JQ		 1273 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1274
1275 if (new_ram_size > old_ram_size) {
1ab4c8ce
JQ		 1276 int i;
1277 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1278 ram_list.dirty_memory[i] =
1279 bitmap_zero_extend(ram_list.dirty_memory[i],
1280 old_ram_size, new_ram_size);
1281 }
2152f5ca 1282 }
75218e7f 1283 cpu_physical_memory_set_dirty_range(new_block->offset, size);
94a6b54f 1284
ddb97f1d 1285 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 1286 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
3e469dbf 1287 qemu_madvise(new_block->host, size, QEMU_MADV_DONTFORK);
ddb97f1d 1288
6f0437e8
JK		 1289 if (kvm_enabled())
1290 kvm_setup_guest_memory(new_block->host, size);
1291
94a6b54f
PB		 1292 return new_block->offset;
1293}
e9a1ab19 1294
c5705a77 1295ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 1296{
c5705a77 1297 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 1298}
1299
1f2e98b6
AW		 1300void qemu_ram_free_from_ptr(ram_addr_t addr)
1301{
1302 RAMBlock *block;
1303
b2a8658e
UD		 1304 /* This assumes the iothread lock is taken here too. */
1305 qemu_mutex_lock_ramlist();
a3161038 1306 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1f2e98b6 1307 if (addr == block->offset) {
a3161038 1308 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1309 ram_list.mru_block = NULL;
f798b07f 1310 ram_list.version++;
7267c094 1311 g_free(block);
b2a8658e 1312 break;
1f2e98b6
AW		 1313 }
1314 }
b2a8658e 1315 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1316}
1317
c227f099 1318void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1319{
04b16653
AW		 1320 RAMBlock *block;
1321
b2a8658e
UD		 1322 /* This assumes the iothread lock is taken here too. */
1323 qemu_mutex_lock_ramlist();
a3161038 1324 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
04b16653 1325 if (addr == block->offset) {
a3161038 1326 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1327 ram_list.mru_block = NULL;
f798b07f 1328 ram_list.version++;
cd19cfa2
HY		 1329 if (block->flags & RAM_PREALLOC_MASK) {
1330 ;
dfeaf2ab
MA		 1331 } else if (xen_enabled()) {
1332 xen_invalidate_map_cache_entry(block->host);
089f3f76 1333#ifndef _WIN32
3435f395
MA		 1334 } else if (block->fd >= 0) {
1335 munmap(block->host, block->length);
1336 close(block->fd);
089f3f76 1337#endif
04b16653 1338 } else {
dfeaf2ab 1339 qemu_anon_ram_free(block->host, block->length);
04b16653 1340 }
7267c094 1341 g_free(block);
b2a8658e 1342 break;
04b16653
AW		 1343 }
1344 }
b2a8658e 1345 qemu_mutex_unlock_ramlist();
04b16653 1346
e9a1ab19
FB		 1347}
1348
cd19cfa2
HY		 1349#ifndef _WIN32
1350void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1351{
1352 RAMBlock *block;
1353 ram_addr_t offset;
1354 int flags;
1355 void *area, *vaddr;
1356
a3161038 1357 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
cd19cfa2
HY		 1358 offset = addr - block->offset;
1359 if (offset < block->length) {
1360 vaddr = block->host + offset;
1361 if (block->flags & RAM_PREALLOC_MASK) {
1362 ;
dfeaf2ab
MA		 1363 } else if (xen_enabled()) {
1364 abort();
cd19cfa2
HY		 1365 } else {
1366 flags = MAP_FIXED;
1367 munmap(vaddr, length);
3435f395 1368 if (block->fd >= 0) {
cd19cfa2 1369#ifdef MAP_POPULATE
3435f395
MA		 1370 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1371 MAP_PRIVATE;
fd28aa13 1372#else
3435f395 1373 flags |= MAP_PRIVATE;
cd19cfa2 1374#endif
3435f395
MA		 1375 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1376 flags, block->fd, offset);
cd19cfa2 1377 } else {
2eb9fbaa
MA		 1378 /*
1379 * Remap needs to match alloc. Accelerators that
1380 * set phys_mem_alloc never remap. If they did,
1381 * we'd need a remap hook here.
1382 */
1383 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1384
cd19cfa2
HY		 1385 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1386 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1387 flags, -1, 0);
cd19cfa2
HY		 1388 }
1389 if (area != vaddr) {
f15fbc4b
AP		 1390 fprintf(stderr, "Could not remap addr: "
1391 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1392 length, addr);
1393 exit(1);
1394 }
8490fc78 1395 memory_try_enable_merging(vaddr, length);
ddb97f1d 1396 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 1397 }
1398 return;
1399 }
1400 }
1401}
1402#endif /* !_WIN32 */
1403
1b5ec234
PB		 1404/* Return a host pointer to ram allocated with qemu_ram_alloc.
1405 With the exception of the softmmu code in this file, this should
1406 only be used for local memory (e.g. video ram) that the device owns,
1407 and knows it isn't going to access beyond the end of the block.
1408
1409 It should not be used for general purpose DMA.
1410 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1411 */
1412void *qemu_get_ram_ptr(ram_addr_t addr)
1413{
1414 RAMBlock *block = qemu_get_ram_block(addr);
1415
0d6d3c87
PB		 1416 if (xen_enabled()) {
1417 /* We need to check if the requested address is in the RAM
1418 * because we don't want to map the entire memory in QEMU.
1419 * In that case just map until the end of the page.
1420 */
1421 if (block->offset == 0) {
1422 return xen_map_cache(addr, 0, 0);
1423 } else if (block->host == NULL) {
1424 block->host =
1425 xen_map_cache(block->offset, block->length, 1);
1426 }
1427 }
1428 return block->host + (addr - block->offset);
dc828ca1
PB		 1429}
1430
38bee5dc
SS		 1431/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1432 * but takes a size argument */
cb85f7ab 1433static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1434{
8ab934f9
SS		 1435 if (*size == 0) {
1436 return NULL;
1437 }
868bb33f 1438 if (xen_enabled()) {
e41d7c69 1439 return xen_map_cache(addr, *size, 1);
868bb33f 1440 } else {
38bee5dc
SS		 1441 RAMBlock *block;
1442
a3161038 1443 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
38bee5dc
SS		 1444 if (addr - block->offset < block->length) {
1445 if (addr - block->offset + *size > block->length)
1446 *size = block->length - addr + block->offset;
1447 return block->host + (addr - block->offset);
1448 }
1449 }
1450
1451 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1452 abort();
38bee5dc
SS		 1453 }
1454}
1455
7443b437
PB		 1456/* Some of the softmmu routines need to translate from a host pointer
1457 (typically a TLB entry) back to a ram offset. */
1b5ec234 1458MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1459{
94a6b54f
PB		 1460 RAMBlock *block;
1461 uint8_t *host = ptr;
1462
868bb33f 1463 if (xen_enabled()) {
e41d7c69 1464 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1b5ec234 1465 return qemu_get_ram_block(*ram_addr)->mr;
712c2b41
SS		 1466 }
1467
23887b79
PB		 1468 block = ram_list.mru_block;
1469 if (block && block->host && host - block->host < block->length) {
1470 goto found;
1471 }
1472
a3161038 1473 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 1474 /* This case append when the block is not mapped. */
1475 if (block->host == NULL) {
1476 continue;
1477 }
f471a17e 1478 if (host - block->host < block->length) {
23887b79 1479 goto found;
f471a17e 1480 }
94a6b54f 1481 }
432d268c 1482
1b5ec234 1483 return NULL;
23887b79
PB		 1484
1485found:
1486 *ram_addr = block->offset + (host - block->host);
1b5ec234 1487 return block->mr;
e890261f 1488}
f471a17e 1489
a8170e5e 1490static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1491 uint64_t val, unsigned size)
9fa3e853 1492{
52159192 1493 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1494 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1495 }
0e0df1e2
AK		 1496 switch (size) {
1497 case 1:
1498 stb_p(qemu_get_ram_ptr(ram_addr), val);
1499 break;
1500 case 2:
1501 stw_p(qemu_get_ram_ptr(ram_addr), val);
1502 break;
1503 case 4:
1504 stl_p(qemu_get_ram_ptr(ram_addr), val);
1505 break;
1506 default:
1507 abort();
3a7d929e 1508 }
52159192
JQ		 1509 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_MIGRATION);
1510 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_VGA);
f23db169
FB		 1511 /* we remove the notdirty callback only if the code has been
1512 flushed */
a2cd8c85 1513 if (!cpu_physical_memory_is_clean(ram_addr)) {
4917cf44
AF		 1514 CPUArchState *env = current_cpu->env_ptr;
1515 tlb_set_dirty(env, env->mem_io_vaddr);
1516 }
9fa3e853
FB		 1517}
1518
b018ddf6
PB		 1519static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1520 unsigned size, bool is_write)
1521{
1522 return is_write;
1523}
1524
0e0df1e2 1525static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1526 .write = notdirty_mem_write,
b018ddf6 1527 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1528 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1529};
1530
0f459d16 1531/* Generate a debug exception if a watchpoint has been hit. */
b4051334 1532static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 1533{
4917cf44 1534 CPUArchState *env = current_cpu->env_ptr;
06d55cc1 1535 target_ulong pc, cs_base;
0f459d16 1536 target_ulong vaddr;
a1d1bb31 1537 CPUWatchpoint *wp;
06d55cc1 1538 int cpu_flags;
0f459d16 1539
06d55cc1
AL		 1540 if (env->watchpoint_hit) {
1541 /* We re-entered the check after replacing the TB. Now raise
1542 * the debug interrupt so that is will trigger after the
1543 * current instruction. */
c3affe56 1544 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1545 return;
1546 }
2e70f6ef 1547 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 1548 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 1549 if ((vaddr == (wp->vaddr & len_mask) ||
1550 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 1551 wp->flags |= BP_WATCHPOINT_HIT;
1552 if (!env->watchpoint_hit) {
1553 env->watchpoint_hit = wp;
5a316526 1554 tb_check_watchpoint(env);
6e140f28
AL		 1555 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1556 env->exception_index = EXCP_DEBUG;
488d6577 1557 cpu_loop_exit(env);
6e140f28
AL		 1558 } else {
1559 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1560 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 1561 cpu_resume_from_signal(env, NULL);
6e140f28 1562 }
06d55cc1 1563 }
6e140f28
AL		 1564 } else {
1565 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1566 }
1567 }
1568}
1569
6658ffb8
PB		 1570/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1571 so these check for a hit then pass through to the normal out-of-line
1572 phys routines. */
a8170e5e 1573static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1574 unsigned size)
6658ffb8 1575{
1ec9b909
AK		 1576 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1577 switch (size) {
1578 case 1: return ldub_phys(addr);
1579 case 2: return lduw_phys(addr);
1580 case 4: return ldl_phys(addr);
1581 default: abort();
1582 }
6658ffb8
PB		 1583}
1584
a8170e5e 1585static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1586 uint64_t val, unsigned size)
6658ffb8 1587{
1ec9b909
AK		 1588 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1589 switch (size) {
67364150
MF		 1590 case 1:
1591 stb_phys(addr, val);
1592 break;
1593 case 2:
1594 stw_phys(addr, val);
1595 break;
1596 case 4:
1597 stl_phys(addr, val);
1598 break;
1ec9b909
AK		 1599 default: abort();
1600 }
6658ffb8
PB		 1601}
1602
1ec9b909
AK		 1603static const MemoryRegionOps watch_mem_ops = {
1604 .read = watch_mem_read,
1605 .write = watch_mem_write,
1606 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1607};
6658ffb8 1608
a8170e5e 1609static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1610 unsigned len)
db7b5426 1611{
acc9d80b
JK		 1612 subpage_t *subpage = opaque;
1613 uint8_t buf[4];
791af8c8 1614
db7b5426 1615#if defined(DEBUG_SUBPAGE)
016e9d62 1616 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 1617 subpage, len, addr);
db7b5426 1618#endif
acc9d80b
JK		 1619 address_space_read(subpage->as, addr + subpage->base, buf, len);
1620 switch (len) {
1621 case 1:
1622 return ldub_p(buf);
1623 case 2:
1624 return lduw_p(buf);
1625 case 4:
1626 return ldl_p(buf);
1627 default:
1628 abort();
1629 }
db7b5426
BS		 1630}
1631
a8170e5e 1632static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1633 uint64_t value, unsigned len)
db7b5426 1634{
acc9d80b
JK		 1635 subpage_t *subpage = opaque;
1636 uint8_t buf[4];
1637
db7b5426 1638#if defined(DEBUG_SUBPAGE)
016e9d62 1639 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 1640 " value %"PRIx64"\n",
1641 __func__, subpage, len, addr, value);
db7b5426 1642#endif
acc9d80b
JK		 1643 switch (len) {
1644 case 1:
1645 stb_p(buf, value);
1646 break;
1647 case 2:
1648 stw_p(buf, value);
1649 break;
1650 case 4:
1651 stl_p(buf, value);
1652 break;
1653 default:
1654 abort();
1655 }
1656 address_space_write(subpage->as, addr + subpage->base, buf, len);
db7b5426
BS		 1657}
1658
c353e4cc 1659static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 1660 unsigned len, bool is_write)
c353e4cc 1661{
acc9d80b 1662 subpage_t *subpage = opaque;
c353e4cc 1663#if defined(DEBUG_SUBPAGE)
016e9d62 1664 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 1665 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 1666#endif
1667
acc9d80b 1668 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 1669 len, is_write);
c353e4cc
PB		 1670}
1671
70c68e44
AK		 1672static const MemoryRegionOps subpage_ops = {
1673 .read = subpage_read,
1674 .write = subpage_write,
c353e4cc 1675 .valid.accepts = subpage_accepts,
70c68e44 1676 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 1677};
1678
c227f099 1679static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1680 uint16_t section)
db7b5426
BS		 1681{
1682 int idx, eidx;
1683
1684 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1685 return -1;
1686 idx = SUBPAGE_IDX(start);
1687 eidx = SUBPAGE_IDX(end);
1688#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 1689 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1690 __func__, mmio, start, end, idx, eidx, section);
db7b5426 1691#endif
db7b5426 1692 for (; idx <= eidx; idx++) {
5312bd8b 1693 mmio->sub_section[idx] = section;
db7b5426
BS		 1694 }
1695
1696 return 0;
1697}
1698
acc9d80b 1699static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 1700{
c227f099 1701 subpage_t *mmio;
db7b5426 1702
7267c094 1703 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 1704
acc9d80b 1705 mmio->as = as;
1eec614b 1706 mmio->base = base;
2c9b15ca 1707 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
70c68e44 1708 "subpage", TARGET_PAGE_SIZE);
b3b00c78 1709 mmio->iomem.subpage = true;
db7b5426 1710#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 1711 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
1712 mmio, base, TARGET_PAGE_SIZE);
db7b5426 1713#endif
b41aac4f 1714 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 1715
1716 return mmio;
1717}
1718
53cb28cb 1719static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr)
5312bd8b
AK		 1720{
1721 MemoryRegionSection section = {
1722 .mr = mr,
1723 .offset_within_address_space = 0,
1724 .offset_within_region = 0,
052e87b0 1725 .size = int128_2_64(),
5312bd8b
AK		 1726 };
1727
53cb28cb 1728 return phys_section_add(map, &section);
5312bd8b
AK		 1729}
1730
a8170e5e 1731MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 1732{
53cb28cb
MA		 1733 return address_space_memory.dispatch->map.sections[
1734 index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 1735}
1736
e9179ce1
AK		 1737static void io_mem_init(void)
1738{
2c9b15ca
PB		 1739 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1740 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
0e0df1e2 1741 "unassigned", UINT64_MAX);
2c9b15ca 1742 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
0e0df1e2 1743 "notdirty", UINT64_MAX);
2c9b15ca 1744 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1ec9b909 1745 "watch", UINT64_MAX);
e9179ce1
AK		 1746}
1747
ac1970fb 1748static void mem_begin(MemoryListener *listener)
00752703
PB		 1749{
1750 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 1751 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
1752 uint16_t n;
1753
1754 n = dummy_section(&d->map, &io_mem_unassigned);
1755 assert(n == PHYS_SECTION_UNASSIGNED);
1756 n = dummy_section(&d->map, &io_mem_notdirty);
1757 assert(n == PHYS_SECTION_NOTDIRTY);
1758 n = dummy_section(&d->map, &io_mem_rom);
1759 assert(n == PHYS_SECTION_ROM);
1760 n = dummy_section(&d->map, &io_mem_watch);
1761 assert(n == PHYS_SECTION_WATCH);
00752703 1762
9736e55b 1763 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 1764 d->as = as;
1765 as->next_dispatch = d;
1766}
1767
1768static void mem_commit(MemoryListener *listener)
ac1970fb 1769{
89ae337a 1770 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 1771 AddressSpaceDispatch *cur = as->dispatch;
1772 AddressSpaceDispatch *next = as->next_dispatch;
1773
53cb28cb 1774 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 1775
0475d94f 1776 as->dispatch = next;
b41aac4f 1777
53cb28cb
MA		 1778 if (cur) {
1779 phys_sections_free(&cur->map);
1780 g_free(cur);
1781 }
9affd6fc
PB		 1782}
1783
1d71148e 1784static void tcg_commit(MemoryListener *listener)
50c1e149 1785{
182735ef 1786 CPUState *cpu;
117712c3
AK		 1787
1788 /* since each CPU stores ram addresses in its TLB cache, we must
1789 reset the modified entries */
1790 /* XXX: slow ! */
bdc44640 1791 CPU_FOREACH(cpu) {
182735ef
AF		 1792 CPUArchState *env = cpu->env_ptr;
1793
117712c3
AK		 1794 tlb_flush(env, 1);
1795 }
50c1e149
AK		 1796}
1797
93632747
AK		 1798static void core_log_global_start(MemoryListener *listener)
1799{
981fdf23 1800 cpu_physical_memory_set_dirty_tracking(true);
93632747
AK		 1801}
1802
1803static void core_log_global_stop(MemoryListener *listener)
1804{
981fdf23 1805 cpu_physical_memory_set_dirty_tracking(false);
93632747
AK		 1806}
1807
93632747 1808static MemoryListener core_memory_listener = {
93632747
AK		 1809 .log_global_start = core_log_global_start,
1810 .log_global_stop = core_log_global_stop,
ac1970fb 1811 .priority = 1,
93632747
AK		 1812};
1813
1d71148e
AK		 1814static MemoryListener tcg_memory_listener = {
1815 .commit = tcg_commit,
1816};
1817
ac1970fb
AK		 1818void address_space_init_dispatch(AddressSpace *as)
1819{
00752703 1820 as->dispatch = NULL;
89ae337a 1821 as->dispatch_listener = (MemoryListener) {
ac1970fb 1822 .begin = mem_begin,
00752703 1823 .commit = mem_commit,
ac1970fb
AK		 1824 .region_add = mem_add,
1825 .region_nop = mem_add,
1826 .priority = 0,
1827 };
89ae337a 1828 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 1829}
1830
83f3c251
AK		 1831void address_space_destroy_dispatch(AddressSpace *as)
1832{
1833 AddressSpaceDispatch *d = as->dispatch;
1834
89ae337a 1835 memory_listener_unregister(&as->dispatch_listener);
83f3c251
AK		 1836 g_free(d);
1837 as->dispatch = NULL;
1838}
1839
62152b8a
AK		 1840static void memory_map_init(void)
1841{
7267c094 1842 system_memory = g_malloc(sizeof(*system_memory));
03f49957 1843
57271d63 1844 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 1845 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 1846
7267c094 1847 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 1848 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
1849 65536);
7dca8043 1850 address_space_init(&address_space_io, system_io, "I/O");
93632747 1851
f6790af6 1852 memory_listener_register(&core_memory_listener, &address_space_memory);
2641689a
LG		 1853 if (tcg_enabled()) {
1854 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1855 }
62152b8a
AK		 1856}
1857
1858MemoryRegion *get_system_memory(void)
1859{
1860 return system_memory;
1861}
1862
309cb471
AK		 1863MemoryRegion *get_system_io(void)
1864{
1865 return system_io;
1866}
1867
e2eef170
PB		 1868#endif /* !defined(CONFIG_USER_ONLY) */
1869
13eb76e0
FB		 1870/* physical memory access (slow version, mainly for debug) */
1871#if defined(CONFIG_USER_ONLY)
f17ec444 1872int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 1873 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 1874{
1875 int l, flags;
1876 target_ulong page;
53a5960a 1877 void * p;
13eb76e0
FB		 1878
1879 while (len > 0) {
1880 page = addr & TARGET_PAGE_MASK;
1881 l = (page + TARGET_PAGE_SIZE) - addr;
1882 if (l > len)
1883 l = len;
1884 flags = page_get_flags(page);
1885 if (!(flags & PAGE_VALID))
a68fe89c 1886 return -1;
13eb76e0
FB		 1887 if (is_write) {
1888 if (!(flags & PAGE_WRITE))
a68fe89c 1889 return -1;
579a97f7 1890 /* XXX: this code should not depend on lock_user */
72fb7daa 1891 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 1892 return -1;
72fb7daa
AJ		 1893 memcpy(p, buf, l);
1894 unlock_user(p, addr, l);
13eb76e0
FB		 1895 } else {
1896 if (!(flags & PAGE_READ))
a68fe89c 1897 return -1;
579a97f7 1898 /* XXX: this code should not depend on lock_user */
72fb7daa 1899 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 1900 return -1;
72fb7daa 1901 memcpy(buf, p, l);
5b257578 1902 unlock_user(p, addr, 0);
13eb76e0
FB		 1903 }
1904 len -= l;
1905 buf += l;
1906 addr += l;
1907 }
a68fe89c 1908 return 0;
13eb76e0 1909}
8df1cd07 1910
13eb76e0 1911#else
51d7a9eb 1912
a8170e5e
AK		 1913static void invalidate_and_set_dirty(hwaddr addr,
1914 hwaddr length)
51d7a9eb 1915{
a2cd8c85 1916 if (cpu_physical_memory_is_clean(addr)) {
51d7a9eb
AP		 1917 /* invalidate code */
1918 tb_invalidate_phys_page_range(addr, addr + length, 0);
1919 /* set dirty bit */
52159192
JQ		 1920 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_VGA);
1921 cpu_physical_memory_set_dirty_flag(addr, DIRTY_MEMORY_MIGRATION);
51d7a9eb 1922 }
e226939d 1923 xen_modified_memory(addr, length);
51d7a9eb
AP		 1924}
1925
2bbfa05d
PB		 1926static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1927{
1928 if (memory_region_is_ram(mr)) {
1929 return !(is_write && mr->readonly);
1930 }
1931 if (memory_region_is_romd(mr)) {
1932 return !is_write;
1933 }
1934
1935 return false;
1936}
1937
23326164 1938static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 1939{
e1622f4b 1940 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 1941
1942 /* Regions are assumed to support 1-4 byte accesses unless
1943 otherwise specified. */
23326164
RH		 1944 if (access_size_max == 0) {
1945 access_size_max = 4;
1946 }
1947
1948 /* Bound the maximum access by the alignment of the address. */
1949 if (!mr->ops->impl.unaligned) {
1950 unsigned align_size_max = addr & -addr;
1951 if (align_size_max != 0 && align_size_max < access_size_max) {
1952 access_size_max = align_size_max;
1953 }
82f2563f 1954 }
23326164
RH		 1955
1956 /* Don't attempt accesses larger than the maximum. */
1957 if (l > access_size_max) {
1958 l = access_size_max;
82f2563f 1959 }
098178f2
PB		 1960 if (l & (l - 1)) {
1961 l = 1 << (qemu_fls(l) - 1);
1962 }
23326164
RH		 1963
1964 return l;
82f2563f
PB		 1965}
1966
fd8aaa76 1967bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 1968 int len, bool is_write)
13eb76e0 1969{
149f54b5 1970 hwaddr l;
13eb76e0 1971 uint8_t *ptr;
791af8c8 1972 uint64_t val;
149f54b5 1973 hwaddr addr1;
5c8a00ce 1974 MemoryRegion *mr;
fd8aaa76 1975 bool error = false;
3b46e624 1976
13eb76e0 1977 while (len > 0) {
149f54b5 1978 l = len;
5c8a00ce 1979 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 1980
13eb76e0 1981 if (is_write) {
5c8a00ce
PB		 1982 if (!memory_access_is_direct(mr, is_write)) {
1983 l = memory_access_size(mr, l, addr1);
4917cf44 1984 /* XXX: could force current_cpu to NULL to avoid
6a00d601 1985 potential bugs */
23326164
RH		 1986 switch (l) {
1987 case 8:
1988 /* 64 bit write access */
1989 val = ldq_p(buf);
1990 error |= io_mem_write(mr, addr1, val, 8);
1991 break;
1992 case 4:
1c213d19 1993 /* 32 bit write access */
c27004ec 1994 val = ldl_p(buf);
5c8a00ce 1995 error |= io_mem_write(mr, addr1, val, 4);
23326164
RH		 1996 break;
1997 case 2:
1c213d19 1998 /* 16 bit write access */
c27004ec 1999 val = lduw_p(buf);
5c8a00ce 2000 error |= io_mem_write(mr, addr1, val, 2);
23326164
RH		 2001 break;
2002 case 1:
1c213d19 2003 /* 8 bit write access */
c27004ec 2004 val = ldub_p(buf);
5c8a00ce 2005 error |= io_mem_write(mr, addr1, val, 1);
23326164
RH		 2006 break;
2007 default:
2008 abort();
13eb76e0 2009 }
2bbfa05d 2010 } else {
5c8a00ce 2011 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2012 /* RAM case */
5579c7f3 2013 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2014 memcpy(ptr, buf, l);
51d7a9eb 2015 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 2016 }
2017 } else {
5c8a00ce 2018 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2019 /* I/O case */
5c8a00ce 2020 l = memory_access_size(mr, l, addr1);
23326164
RH		 2021 switch (l) {
2022 case 8:
2023 /* 64 bit read access */
2024 error |= io_mem_read(mr, addr1, &val, 8);
2025 stq_p(buf, val);
2026 break;
2027 case 4:
13eb76e0 2028 /* 32 bit read access */
5c8a00ce 2029 error |= io_mem_read(mr, addr1, &val, 4);
c27004ec 2030 stl_p(buf, val);
23326164
RH		 2031 break;
2032 case 2:
13eb76e0 2033 /* 16 bit read access */
5c8a00ce 2034 error |= io_mem_read(mr, addr1, &val, 2);
c27004ec 2035 stw_p(buf, val);
23326164
RH		 2036 break;
2037 case 1:
1c213d19 2038 /* 8 bit read access */
5c8a00ce 2039 error |= io_mem_read(mr, addr1, &val, 1);
c27004ec 2040 stb_p(buf, val);
23326164
RH		 2041 break;
2042 default:
2043 abort();
13eb76e0
FB		 2044 }
2045 } else {
2046 /* RAM case */
5c8a00ce 2047 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2048 memcpy(buf, ptr, l);
13eb76e0
FB		 2049 }
2050 }
2051 len -= l;
2052 buf += l;
2053 addr += l;
2054 }
fd8aaa76
PB		 2055
2056 return error;
13eb76e0 2057}
8df1cd07 2058
fd8aaa76 2059bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 2060 const uint8_t *buf, int len)
2061{
fd8aaa76 2062 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 2063}
2064
fd8aaa76 2065bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 2066{
fd8aaa76 2067 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 2068}
2069
2070
a8170e5e 2071void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2072 int len, int is_write)
2073{
fd8aaa76 2074 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 2075}
2076
582b55a9
AG		 2077enum write_rom_type {
2078 WRITE_DATA,
2079 FLUSH_CACHE,
2080};
2081
2082static inline void cpu_physical_memory_write_rom_internal(
2083 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2084{
149f54b5 2085 hwaddr l;
d0ecd2aa 2086 uint8_t *ptr;
149f54b5 2087 hwaddr addr1;
5c8a00ce 2088 MemoryRegion *mr;
3b46e624 2089
d0ecd2aa 2090 while (len > 0) {
149f54b5 2091 l = len;
5c8a00ce
PB		 2092 mr = address_space_translate(&address_space_memory,
2093 addr, &addr1, &l, true);
3b46e624 2094
5c8a00ce
PB		 2095 if (!(memory_region_is_ram(mr) ||
2096 memory_region_is_romd(mr))) {
d0ecd2aa
FB		 2097 /* do nothing */
2098 } else {
5c8a00ce 2099 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2100 /* ROM/RAM case */
5579c7f3 2101 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2102 switch (type) {
2103 case WRITE_DATA:
2104 memcpy(ptr, buf, l);
2105 invalidate_and_set_dirty(addr1, l);
2106 break;
2107 case FLUSH_CACHE:
2108 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2109 break;
2110 }
d0ecd2aa
FB		 2111 }
2112 len -= l;
2113 buf += l;
2114 addr += l;
2115 }
2116}
2117
582b55a9
AG		 2118/* used for ROM loading : can write in RAM and ROM */
2119void cpu_physical_memory_write_rom(hwaddr addr,
2120 const uint8_t *buf, int len)
2121{
2122 cpu_physical_memory_write_rom_internal(addr, buf, len, WRITE_DATA);
2123}
2124
2125void cpu_flush_icache_range(hwaddr start, int len)
2126{
2127 /*
2128 * This function should do the same thing as an icache flush that was
2129 * triggered from within the guest. For TCG we are always cache coherent,
2130 * so there is no need to flush anything. For KVM / Xen we need to flush
2131 * the host's instruction cache at least.
2132 */
2133 if (tcg_enabled()) {
2134 return;
2135 }
2136
2137 cpu_physical_memory_write_rom_internal(start, NULL, len, FLUSH_CACHE);
2138}
2139
6d16c2f8 2140typedef struct {
d3e71559 2141 MemoryRegion *mr;
6d16c2f8 2142 void *buffer;
a8170e5e
AK		 2143 hwaddr addr;
2144 hwaddr len;
6d16c2f8
AL		 2145} BounceBuffer;
2146
2147static BounceBuffer bounce;
2148
ba223c29
AL		 2149typedef struct MapClient {
2150 void *opaque;
2151 void (*callback)(void *opaque);
72cf2d4f 2152 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2153} MapClient;
2154
72cf2d4f
BS		 2155static QLIST_HEAD(map_client_list, MapClient) map_client_list
2156 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2157
2158void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2159{
7267c094 2160 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2161
2162 client->opaque = opaque;
2163 client->callback = callback;
72cf2d4f 2164 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2165 return client;
2166}
2167
8b9c99d9 2168static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2169{
2170 MapClient *client = (MapClient *)_client;
2171
72cf2d4f 2172 QLIST_REMOVE(client, link);
7267c094 2173 g_free(client);
ba223c29
AL		 2174}
2175
2176static void cpu_notify_map_clients(void)
2177{
2178 MapClient *client;
2179
72cf2d4f
BS		 2180 while (!QLIST_EMPTY(&map_client_list)) {
2181 client = QLIST_FIRST(&map_client_list);
ba223c29 2182 client->callback(client->opaque);
34d5e948 2183 cpu_unregister_map_client(client);
ba223c29
AL		 2184 }
2185}
2186
51644ab7
PB		 2187bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2188{
5c8a00ce 2189 MemoryRegion *mr;
51644ab7
PB		 2190 hwaddr l, xlat;
2191
2192 while (len > 0) {
2193 l = len;
5c8a00ce
PB		 2194 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2195 if (!memory_access_is_direct(mr, is_write)) {
2196 l = memory_access_size(mr, l, addr);
2197 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2198 return false;
2199 }
2200 }
2201
2202 len -= l;
2203 addr += l;
2204 }
2205 return true;
2206}
2207
6d16c2f8
AL		 2208/* Map a physical memory region into a host virtual address.
2209 * May map a subset of the requested range, given by and returned in *plen.
2210 * May return NULL if resources needed to perform the mapping are exhausted.
2211 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2212 * Use cpu_register_map_client() to know when retrying the map operation is
2213 * likely to succeed.
6d16c2f8 2214 */
ac1970fb 2215void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2216 hwaddr addr,
2217 hwaddr *plen,
ac1970fb 2218 bool is_write)
6d16c2f8 2219{
a8170e5e 2220 hwaddr len = *plen;
e3127ae0
PB		 2221 hwaddr done = 0;
2222 hwaddr l, xlat, base;
2223 MemoryRegion *mr, *this_mr;
2224 ram_addr_t raddr;
6d16c2f8 2225
e3127ae0
PB		 2226 if (len == 0) {
2227 return NULL;
2228 }
38bee5dc 2229
e3127ae0
PB		 2230 l = len;
2231 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2232 if (!memory_access_is_direct(mr, is_write)) {
2233 if (bounce.buffer) {
2234 return NULL;
6d16c2f8 2235 }
e85d9db5
KW		 2236 /* Avoid unbounded allocations */
2237 l = MIN(l, TARGET_PAGE_SIZE);
2238 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2239 bounce.addr = addr;
2240 bounce.len = l;
d3e71559
PB		 2241
2242 memory_region_ref(mr);
2243 bounce.mr = mr;
e3127ae0
PB		 2244 if (!is_write) {
2245 address_space_read(as, addr, bounce.buffer, l);
8ab934f9 2246 }
6d16c2f8 2247
e3127ae0
PB		 2248 *plen = l;
2249 return bounce.buffer;
2250 }
2251
2252 base = xlat;
2253 raddr = memory_region_get_ram_addr(mr);
2254
2255 for (;;) {
6d16c2f8
AL		 2256 len -= l;
2257 addr += l;
e3127ae0
PB		 2258 done += l;
2259 if (len == 0) {
2260 break;
2261 }
2262
2263 l = len;
2264 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2265 if (this_mr != mr || xlat != base + done) {
2266 break;
2267 }
6d16c2f8 2268 }
e3127ae0 2269
d3e71559 2270 memory_region_ref(mr);
e3127ae0
PB		 2271 *plen = done;
2272 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2273}
2274
ac1970fb 2275/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2276 * Will also mark the memory as dirty if is_write == 1. access_len gives
2277 * the amount of memory that was actually read or written by the caller.
2278 */
a8170e5e
AK		 2279void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2280 int is_write, hwaddr access_len)
6d16c2f8
AL		 2281{
2282 if (buffer != bounce.buffer) {
d3e71559
PB		 2283 MemoryRegion *mr;
2284 ram_addr_t addr1;
2285
2286 mr = qemu_ram_addr_from_host(buffer, &addr1);
2287 assert(mr != NULL);
6d16c2f8 2288 if (is_write) {
6d16c2f8
AL		 2289 while (access_len) {
2290 unsigned l;
2291 l = TARGET_PAGE_SIZE;
2292 if (l > access_len)
2293 l = access_len;
51d7a9eb 2294 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 2295 addr1 += l;
2296 access_len -= l;
2297 }
2298 }
868bb33f 2299 if (xen_enabled()) {
e41d7c69 2300 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2301 }
d3e71559 2302 memory_region_unref(mr);
6d16c2f8
AL		 2303 return;
2304 }
2305 if (is_write) {
ac1970fb 2306 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2307 }
f8a83245 2308 qemu_vfree(bounce.buffer);
6d16c2f8 2309 bounce.buffer = NULL;
d3e71559 2310 memory_region_unref(bounce.mr);
ba223c29 2311 cpu_notify_map_clients();
6d16c2f8 2312}
d0ecd2aa 2313
a8170e5e
AK		 2314void *cpu_physical_memory_map(hwaddr addr,
2315 hwaddr *plen,
ac1970fb
AK		 2316 int is_write)
2317{
2318 return address_space_map(&address_space_memory, addr, plen, is_write);
2319}
2320
a8170e5e
AK		 2321void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2322 int is_write, hwaddr access_len)
ac1970fb
AK		 2323{
2324 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2325}
2326
8df1cd07 2327/* warning: addr must be aligned */
a8170e5e 2328static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 2329 enum device_endian endian)
8df1cd07 2330{
8df1cd07 2331 uint8_t *ptr;
791af8c8 2332 uint64_t val;
5c8a00ce 2333 MemoryRegion *mr;
149f54b5
PB		 2334 hwaddr l = 4;
2335 hwaddr addr1;
8df1cd07 2336
5c8a00ce
PB		 2337 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2338 false);
2339 if (l < 4 || !memory_access_is_direct(mr, false)) {
8df1cd07 2340 /* I/O case */
5c8a00ce 2341 io_mem_read(mr, addr1, &val, 4);
1e78bcc1
AG		 2342#if defined(TARGET_WORDS_BIGENDIAN)
2343 if (endian == DEVICE_LITTLE_ENDIAN) {
2344 val = bswap32(val);
2345 }
2346#else
2347 if (endian == DEVICE_BIG_ENDIAN) {
2348 val = bswap32(val);
2349 }
2350#endif
8df1cd07
FB		 2351 } else {
2352 /* RAM case */
5c8a00ce 2353 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2354 & TARGET_PAGE_MASK)
149f54b5 2355 + addr1);
1e78bcc1
AG		 2356 switch (endian) {
2357 case DEVICE_LITTLE_ENDIAN:
2358 val = ldl_le_p(ptr);
2359 break;
2360 case DEVICE_BIG_ENDIAN:
2361 val = ldl_be_p(ptr);
2362 break;
2363 default:
2364 val = ldl_p(ptr);
2365 break;
2366 }
8df1cd07
FB		 2367 }
2368 return val;
2369}
2370
a8170e5e 2371uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 2372{
2373 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2374}
2375
a8170e5e 2376uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 2377{
2378 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2379}
2380
a8170e5e 2381uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 2382{
2383 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2384}
2385
84b7b8e7 2386/* warning: addr must be aligned */
a8170e5e 2387static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 2388 enum device_endian endian)
84b7b8e7 2389{
84b7b8e7
FB		 2390 uint8_t *ptr;
2391 uint64_t val;
5c8a00ce 2392 MemoryRegion *mr;
149f54b5
PB		 2393 hwaddr l = 8;
2394 hwaddr addr1;
84b7b8e7 2395
5c8a00ce
PB		 2396 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2397 false);
2398 if (l < 8 || !memory_access_is_direct(mr, false)) {
84b7b8e7 2399 /* I/O case */
5c8a00ce 2400 io_mem_read(mr, addr1, &val, 8);
968a5627
PB		 2401#if defined(TARGET_WORDS_BIGENDIAN)
2402 if (endian == DEVICE_LITTLE_ENDIAN) {
2403 val = bswap64(val);
2404 }
2405#else
2406 if (endian == DEVICE_BIG_ENDIAN) {
2407 val = bswap64(val);
2408 }
84b7b8e7
FB		 2409#endif
2410 } else {
2411 /* RAM case */
5c8a00ce 2412 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2413 & TARGET_PAGE_MASK)
149f54b5 2414 + addr1);
1e78bcc1
AG		 2415 switch (endian) {
2416 case DEVICE_LITTLE_ENDIAN:
2417 val = ldq_le_p(ptr);
2418 break;
2419 case DEVICE_BIG_ENDIAN:
2420 val = ldq_be_p(ptr);
2421 break;
2422 default:
2423 val = ldq_p(ptr);
2424 break;
2425 }
84b7b8e7
FB		 2426 }
2427 return val;
2428}
2429
a8170e5e 2430uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 2431{
2432 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2433}
2434
a8170e5e 2435uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 2436{
2437 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2438}
2439
a8170e5e 2440uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 2441{
2442 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2443}
2444
aab33094 2445/* XXX: optimize */
a8170e5e 2446uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 2447{
2448 uint8_t val;
2449 cpu_physical_memory_read(addr, &val, 1);
2450 return val;
2451}
2452
733f0b02 2453/* warning: addr must be aligned */
a8170e5e 2454static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 2455 enum device_endian endian)
aab33094 2456{
733f0b02
MT		 2457 uint8_t *ptr;
2458 uint64_t val;
5c8a00ce 2459 MemoryRegion *mr;
149f54b5
PB		 2460 hwaddr l = 2;
2461 hwaddr addr1;
733f0b02 2462
5c8a00ce
PB		 2463 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2464 false);
2465 if (l < 2 || !memory_access_is_direct(mr, false)) {
733f0b02 2466 /* I/O case */
5c8a00ce 2467 io_mem_read(mr, addr1, &val, 2);
1e78bcc1
AG		 2468#if defined(TARGET_WORDS_BIGENDIAN)
2469 if (endian == DEVICE_LITTLE_ENDIAN) {
2470 val = bswap16(val);
2471 }
2472#else
2473 if (endian == DEVICE_BIG_ENDIAN) {
2474 val = bswap16(val);
2475 }
2476#endif
733f0b02
MT		 2477 } else {
2478 /* RAM case */
5c8a00ce 2479 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2480 & TARGET_PAGE_MASK)
149f54b5 2481 + addr1);
1e78bcc1
AG		 2482 switch (endian) {
2483 case DEVICE_LITTLE_ENDIAN:
2484 val = lduw_le_p(ptr);
2485 break;
2486 case DEVICE_BIG_ENDIAN:
2487 val = lduw_be_p(ptr);
2488 break;
2489 default:
2490 val = lduw_p(ptr);
2491 break;
2492 }
733f0b02
MT		 2493 }
2494 return val;
aab33094
FB		 2495}
2496
a8170e5e 2497uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 2498{
2499 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2500}
2501
a8170e5e 2502uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 2503{
2504 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2505}
2506
a8170e5e 2507uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 2508{
2509 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2510}
2511
8df1cd07
FB		 2512/* warning: addr must be aligned. The ram page is not masked as dirty
2513 and the code inside is not invalidated. It is useful if the dirty
2514 bits are used to track modified PTEs */
a8170e5e 2515void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 2516{
8df1cd07 2517 uint8_t *ptr;
5c8a00ce 2518 MemoryRegion *mr;
149f54b5
PB		 2519 hwaddr l = 4;
2520 hwaddr addr1;
8df1cd07 2521
5c8a00ce
PB		 2522 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2523 true);
2524 if (l < 4 || !memory_access_is_direct(mr, true)) {
2525 io_mem_write(mr, addr1, val, 4);
8df1cd07 2526 } else {
5c8a00ce 2527 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2528 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2529 stl_p(ptr, val);
74576198
AL		 2530
2531 if (unlikely(in_migration)) {
a2cd8c85 2532 if (cpu_physical_memory_is_clean(addr1)) {
74576198
AL		 2533 /* invalidate code */
2534 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2535 /* set dirty bit */
52159192
JQ		 2536 cpu_physical_memory_set_dirty_flag(addr1,
2537 DIRTY_MEMORY_MIGRATION);
2538 cpu_physical_memory_set_dirty_flag(addr1, DIRTY_MEMORY_VGA);
74576198
AL		 2539 }
2540 }
8df1cd07
FB		 2541 }
2542}
2543
2544/* warning: addr must be aligned */
a8170e5e 2545static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2546 enum device_endian endian)
8df1cd07 2547{
8df1cd07 2548 uint8_t *ptr;
5c8a00ce 2549 MemoryRegion *mr;
149f54b5
PB		 2550 hwaddr l = 4;
2551 hwaddr addr1;
8df1cd07 2552
5c8a00ce
PB		 2553 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2554 true);
2555 if (l < 4 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2556#if defined(TARGET_WORDS_BIGENDIAN)
2557 if (endian == DEVICE_LITTLE_ENDIAN) {
2558 val = bswap32(val);
2559 }
2560#else
2561 if (endian == DEVICE_BIG_ENDIAN) {
2562 val = bswap32(val);
2563 }
2564#endif
5c8a00ce 2565 io_mem_write(mr, addr1, val, 4);
8df1cd07 2566 } else {
8df1cd07 2567 /* RAM case */
5c8a00ce 2568 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2569 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2570 switch (endian) {
2571 case DEVICE_LITTLE_ENDIAN:
2572 stl_le_p(ptr, val);
2573 break;
2574 case DEVICE_BIG_ENDIAN:
2575 stl_be_p(ptr, val);
2576 break;
2577 default:
2578 stl_p(ptr, val);
2579 break;
2580 }
51d7a9eb 2581 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2582 }
2583}
2584
a8170e5e 2585void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2586{
2587 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2588}
2589
a8170e5e 2590void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2591{
2592 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2593}
2594
a8170e5e 2595void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2596{
2597 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2598}
2599
aab33094 2600/* XXX: optimize */
a8170e5e 2601void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 2602{
2603 uint8_t v = val;
2604 cpu_physical_memory_write(addr, &v, 1);
2605}
2606
733f0b02 2607/* warning: addr must be aligned */
a8170e5e 2608static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2609 enum device_endian endian)
aab33094 2610{
733f0b02 2611 uint8_t *ptr;
5c8a00ce 2612 MemoryRegion *mr;
149f54b5
PB		 2613 hwaddr l = 2;
2614 hwaddr addr1;
733f0b02 2615
5c8a00ce
PB		 2616 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2617 true);
2618 if (l < 2 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2619#if defined(TARGET_WORDS_BIGENDIAN)
2620 if (endian == DEVICE_LITTLE_ENDIAN) {
2621 val = bswap16(val);
2622 }
2623#else
2624 if (endian == DEVICE_BIG_ENDIAN) {
2625 val = bswap16(val);
2626 }
2627#endif
5c8a00ce 2628 io_mem_write(mr, addr1, val, 2);
733f0b02 2629 } else {
733f0b02 2630 /* RAM case */
5c8a00ce 2631 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 2632 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2633 switch (endian) {
2634 case DEVICE_LITTLE_ENDIAN:
2635 stw_le_p(ptr, val);
2636 break;
2637 case DEVICE_BIG_ENDIAN:
2638 stw_be_p(ptr, val);
2639 break;
2640 default:
2641 stw_p(ptr, val);
2642 break;
2643 }
51d7a9eb 2644 invalidate_and_set_dirty(addr1, 2);
733f0b02 2645 }
aab33094
FB		 2646}
2647
a8170e5e 2648void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2649{
2650 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2651}
2652
a8170e5e 2653void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2654{
2655 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2656}
2657
a8170e5e 2658void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2659{
2660 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2661}
2662
aab33094 2663/* XXX: optimize */
a8170e5e 2664void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 2665{
2666 val = tswap64(val);
71d2b725 2667 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 2668}
2669
a8170e5e 2670void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2671{
2672 val = cpu_to_le64(val);
2673 cpu_physical_memory_write(addr, &val, 8);
2674}
2675
a8170e5e 2676void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2677{
2678 val = cpu_to_be64(val);
2679 cpu_physical_memory_write(addr, &val, 8);
2680}
2681
5e2972fd 2682/* virtual memory access for debug (includes writing to ROM) */
f17ec444 2683int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 2684 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2685{
2686 int l;
a8170e5e 2687 hwaddr phys_addr;
9b3c35e0 2688 target_ulong page;
13eb76e0
FB		 2689
2690 while (len > 0) {
2691 page = addr & TARGET_PAGE_MASK;
f17ec444 2692 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 2693 /* if no physical page mapped, return an error */
2694 if (phys_addr == -1)
2695 return -1;
2696 l = (page + TARGET_PAGE_SIZE) - addr;
2697 if (l > len)
2698 l = len;
5e2972fd 2699 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 2700 if (is_write)
2701 cpu_physical_memory_write_rom(phys_addr, buf, l);
2702 else
5e2972fd 2703 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 2704 len -= l;
2705 buf += l;
2706 addr += l;
2707 }
2708 return 0;
2709}
a68fe89c 2710#endif
13eb76e0 2711
8e4a424b
BS		 2712#if !defined(CONFIG_USER_ONLY)
2713
2714/*
2715 * A helper function for the _utterly broken_ virtio device model to find out if
2716 * it's running on a big endian machine. Don't do this at home kids!
2717 */
2718bool virtio_is_big_endian(void);
2719bool virtio_is_big_endian(void)
2720{
2721#if defined(TARGET_WORDS_BIGENDIAN)
2722 return true;
2723#else
2724 return false;
2725#endif
2726}
2727
2728#endif
2729
76f35538 2730#ifndef CONFIG_USER_ONLY
a8170e5e 2731bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 2732{
5c8a00ce 2733 MemoryRegion*mr;
149f54b5 2734 hwaddr l = 1;
76f35538 2735
5c8a00ce
PB		 2736 mr = address_space_translate(&address_space_memory,
2737 phys_addr, &phys_addr, &l, false);
76f35538 2738
5c8a00ce
PB		 2739 return !(memory_region_is_ram(mr) ||
2740 memory_region_is_romd(mr));
76f35538 2741}
bd2fa51f
MH		 2742
2743void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2744{
2745 RAMBlock *block;
2746
2747 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2748 func(block->host, block->offset, block->length, opaque);
2749 }
2750}
ec3f8c99 2751#endif
QEMU mirror