]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ps2: correctly handle 'get/set scancode' command
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes, compacted);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
310 DECLARE_BITMAP(compacted, nodes_nb);
311
312 if (d->phys_map.skip) {
53cb28cb 313 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 314 }
315}
316
29cb533d
FZ		 317static inline bool section_covers_addr(const MemoryRegionSection *section,
318 hwaddr addr)
319{
320 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
321 * the section must cover the entire address space.
322 */
323 return section->size.hi ||
324 range_covers_byte(section->offset_within_address_space,
325 section->size.lo, addr);
326}
327
97115a8d 328static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 329 Node *nodes, MemoryRegionSection *sections)
92e873b9 330{
31ab2b4a 331 PhysPageEntry *p;
97115a8d 332 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 333 int i;
f1f6e3b8 334
9736e55b 335 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 336 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 337 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 338 }
9affd6fc 339 p = nodes[lp.ptr];
03f49957 340 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 341 }
b35ba30f 342
29cb533d 343 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 344 return &sections[lp.ptr];
345 } else {
346 return &sections[PHYS_SECTION_UNASSIGNED];
347 }
f3705d53
AK		 348}
349
e5548617
BS		 350bool memory_region_is_unassigned(MemoryRegion *mr)
351{
2a8e7499 352 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 353 && mr != &io_mem_watch;
fd6ce8f6 354}
149f54b5 355
79e2b9ae 356/* Called from RCU critical section */
c7086b4a 357static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 358 hwaddr addr,
359 bool resolve_subpage)
9f029603 360{
729633c2 361 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 362 subpage_t *subpage;
729633c2 363 bool update;
90260c6c 364
729633c2
FZ		 365 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
366 section_covers_addr(section, addr)) {
367 update = false;
368 } else {
369 section = phys_page_find(d->phys_map, addr, d->map.nodes,
370 d->map.sections);
371 update = true;
372 }
90260c6c
JK		 373 if (resolve_subpage && section->mr->subpage) {
374 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 375 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 376 }
729633c2
FZ		 377 if (update) {
378 atomic_set(&d->mru_section, section);
379 }
90260c6c 380 return section;
9f029603
JK		 381}
382
79e2b9ae 383/* Called from RCU critical section */
90260c6c 384static MemoryRegionSection *
c7086b4a 385address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 386 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 387{
388 MemoryRegionSection *section;
965eb2fc 389 MemoryRegion *mr;
a87f3954 390 Int128 diff;
149f54b5 391
c7086b4a 392 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 393 /* Compute offset within MemoryRegionSection */
394 addr -= section->offset_within_address_space;
395
396 /* Compute offset within MemoryRegion */
397 *xlat = addr + section->offset_within_region;
398
965eb2fc 399 mr = section->mr;
b242e0e0
PB		 400
401 /* MMIO registers can be expected to perform full-width accesses based only
402 * on their address, without considering adjacent registers that could
403 * decode to completely different MemoryRegions. When such registers
404 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
405 * regions overlap wildly. For this reason we cannot clamp the accesses
406 * here.
407 *
408 * If the length is small (as is the case for address_space_ldl/stl),
409 * everything works fine. If the incoming length is large, however,
410 * the caller really has to do the clamping through memory_access_size.
411 */
965eb2fc 412 if (memory_region_is_ram(mr)) {
e4a511f8 413 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 414 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
415 }
149f54b5
PB		 416 return section;
417}
90260c6c 418
41063e1e 419/* Called from RCU critical section */
5c8a00ce
PB		 420MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
421 hwaddr *xlat, hwaddr *plen,
422 bool is_write)
90260c6c 423{
30951157
AK		 424 IOMMUTLBEntry iotlb;
425 MemoryRegionSection *section;
426 MemoryRegion *mr;
30951157
AK		 427
428 for (;;) {
79e2b9ae
PB		 429 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
430 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 431 mr = section->mr;
432
433 if (!mr->iommu_ops) {
434 break;
435 }
436
8d7b8cb9 437 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 438 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
439 | (addr & iotlb.addr_mask));
23820dbf 440 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 441 if (!(iotlb.perm & (1 << is_write))) {
442 mr = &io_mem_unassigned;
443 break;
444 }
445
446 as = iotlb.target_as;
447 }
448
fe680d0d 449 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 450 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 451 *plen = MIN(page, *plen);
a87f3954
PB		 452 }
453
30951157
AK		 454 *xlat = addr;
455 return mr;
90260c6c
JK		 456}
457
79e2b9ae 458/* Called from RCU critical section */
90260c6c 459MemoryRegionSection *
d7898cda 460address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 461 hwaddr *xlat, hwaddr *plen)
90260c6c 462{
30951157 463 MemoryRegionSection *section;
d7898cda
PM		 464 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
465
466 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 467
468 assert(!section->mr->iommu_ops);
469 return section;
90260c6c 470}
5b6dd868 471#endif
fd6ce8f6 472
b170fce3 473#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 474
475static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 476{
259186a7 477 CPUState *cpu = opaque;
a513fe19 478
5b6dd868
BS		 479 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
480 version_id is increased. */
259186a7 481 cpu->interrupt_request &= ~0x01;
c01a71c1 482 tlb_flush(cpu, 1);
5b6dd868
BS		 483
484 return 0;
a513fe19 485}
7501267e 486
6c3bff0e
PD		 487static int cpu_common_pre_load(void *opaque)
488{
489 CPUState *cpu = opaque;
490
adee6424 491 cpu->exception_index = -1;
6c3bff0e
PD		 492
493 return 0;
494}
495
496static bool cpu_common_exception_index_needed(void *opaque)
497{
498 CPUState *cpu = opaque;
499
adee6424 500 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 501}
502
503static const VMStateDescription vmstate_cpu_common_exception_index = {
504 .name = "cpu_common/exception_index",
505 .version_id = 1,
506 .minimum_version_id = 1,
5cd8cada 507 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 508 .fields = (VMStateField[]) {
509 VMSTATE_INT32(exception_index, CPUState),
510 VMSTATE_END_OF_LIST()
511 }
512};
513
bac05aa9
AS		 514static bool cpu_common_crash_occurred_needed(void *opaque)
515{
516 CPUState *cpu = opaque;
517
518 return cpu->crash_occurred;
519}
520
521static const VMStateDescription vmstate_cpu_common_crash_occurred = {
522 .name = "cpu_common/crash_occurred",
523 .version_id = 1,
524 .minimum_version_id = 1,
525 .needed = cpu_common_crash_occurred_needed,
526 .fields = (VMStateField[]) {
527 VMSTATE_BOOL(crash_occurred, CPUState),
528 VMSTATE_END_OF_LIST()
529 }
530};
531
1a1562f5 532const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 533 .name = "cpu_common",
534 .version_id = 1,
535 .minimum_version_id = 1,
6c3bff0e 536 .pre_load = cpu_common_pre_load,
5b6dd868 537 .post_load = cpu_common_post_load,
35d08458 538 .fields = (VMStateField[]) {
259186a7
AF		 539 VMSTATE_UINT32(halted, CPUState),
540 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 541 VMSTATE_END_OF_LIST()
6c3bff0e 542 },
5cd8cada
JQ		 543 .subsections = (const VMStateDescription*[]) {
544 &vmstate_cpu_common_exception_index,
bac05aa9 545 &vmstate_cpu_common_crash_occurred,
5cd8cada 546 NULL
5b6dd868
BS		 547 }
548};
1a1562f5 549
5b6dd868 550#endif
ea041c0e 551
38d8f5c8 552CPUState *qemu_get_cpu(int index)
ea041c0e 553{
bdc44640 554 CPUState *cpu;
ea041c0e 555
bdc44640 556 CPU_FOREACH(cpu) {
55e5c285 557 if (cpu->cpu_index == index) {
bdc44640 558 return cpu;
55e5c285 559 }
ea041c0e 560 }
5b6dd868 561
bdc44640 562 return NULL;
ea041c0e
FB		 563}
564
09daed84 565#if !defined(CONFIG_USER_ONLY)
56943e8c 566void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 567{
12ebc9a7
PM		 568 CPUAddressSpace *newas;
569
570 /* Target code should have set num_ases before calling us */
571 assert(asidx < cpu->num_ases);
572
56943e8c
PM		 573 if (asidx == 0) {
574 /* address space 0 gets the convenience alias */
575 cpu->as = as;
576 }
577
12ebc9a7
PM		 578 /* KVM cannot currently support multiple address spaces. */
579 assert(asidx == 0 || !kvm_enabled());
09daed84 580
12ebc9a7
PM		 581 if (!cpu->cpu_ases) {
582 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 583 }
32857f4d 584
12ebc9a7
PM		 585 newas = &cpu->cpu_ases[asidx];
586 newas->cpu = cpu;
587 newas->as = as;
56943e8c 588 if (tcg_enabled()) {
12ebc9a7
PM		 589 newas->tcg_as_listener.commit = tcg_commit;
590 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 591 }
09daed84 592}
651a5bc0
PM		 593
594AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
595{
596 /* Return the AddressSpace corresponding to the specified index */
597 return cpu->cpu_ases[asidx].as;
598}
09daed84
EI		 599#endif
600
630eb0fa
IM		 601static bool cpu_index_auto_assigned;
602
a07f953e 603static int cpu_get_free_index(void)
b7bca733
BR		 604{
605 CPUState *some_cpu;
606 int cpu_index = 0;
607
630eb0fa 608 cpu_index_auto_assigned = true;
b7bca733
BR		 609 CPU_FOREACH(some_cpu) {
610 cpu_index++;
611 }
612 return cpu_index;
613}
614
1c59eb39
BR		 615void cpu_exec_exit(CPUState *cpu)
616{
9dfeca7c
BR		 617 CPUClass *cc = CPU_GET_CLASS(cpu);
618
1c59eb39 619 cpu_list_lock();
3b8c1761 620 if (!QTAILQ_IN_USE(cpu, node)) {
8b1b8350 621 /* there is nothing to undo since cpu_exec_init() hasn't been called */
1c59eb39 622 cpu_list_unlock();
1c59eb39
BR		 623 return;
624 }
625
630eb0fa
IM		 626 assert(!(cpu_index_auto_assigned && cpu != QTAILQ_LAST(&cpus, CPUTailQ)));
627
1c59eb39 628 QTAILQ_REMOVE(&cpus, cpu, node);
a07f953e 629 cpu->cpu_index = UNASSIGNED_CPU_INDEX;
1c59eb39 630 cpu_list_unlock();
9dfeca7c
BR		 631
632 if (cc->vmsd != NULL) {
633 vmstate_unregister(NULL, cc->vmsd, cpu);
634 }
635 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
636 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
637 }
1c59eb39
BR		 638}
639
4bad9e39 640void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 641{
1bc7e522 642 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
a07f953e 643 Error *local_err ATTRIBUTE_UNUSED = NULL;
5b6dd868 644
56943e8c 645 cpu->as = NULL;
12ebc9a7 646 cpu->num_ases = 0;
56943e8c 647
291135b5 648#ifndef CONFIG_USER_ONLY
291135b5 649 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 650
651 /* This is a softmmu CPU object, so create a property for it
652 * so users can wire up its memory. (This can't go in qom/cpu.c
653 * because that file is compiled only once for both user-mode
654 * and system builds.) The default if no link is set up is to use
655 * the system address space.
656 */
657 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
658 (Object **)&cpu->memory,
659 qdev_prop_allow_set_link_before_realize,
660 OBJ_PROP_LINK_UNREF_ON_RELEASE,
661 &error_abort);
662 cpu->memory = system_memory;
663 object_ref(OBJECT(cpu->memory));
291135b5
EH		 664#endif
665
5b6dd868 666 cpu_list_lock();
a07f953e
IM		 667 if (cpu->cpu_index == UNASSIGNED_CPU_INDEX) {
668 cpu->cpu_index = cpu_get_free_index();
669 assert(cpu->cpu_index != UNASSIGNED_CPU_INDEX);
630eb0fa
IM		 670 } else {
671 assert(!cpu_index_auto_assigned);
5b6dd868 672 }
bdc44640 673 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 674 cpu_list_unlock();
1bc7e522
IM		 675
676#ifndef CONFIG_USER_ONLY
e0d47944 677 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 678 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 679 }
b170fce3 680 if (cc->vmsd != NULL) {
741da0d3 681 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 682 }
741da0d3 683#endif
ea041c0e
FB		 684}
685
94df27fd 686#if defined(CONFIG_USER_ONLY)
00b941e5 687static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 688{
689 tb_invalidate_phys_page_range(pc, pc + 1, 0);
690}
691#else
00b941e5 692static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 693{
5232e4c7
PM		 694 MemTxAttrs attrs;
695 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
696 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 697 if (phys != -1) {
5232e4c7 698 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 699 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 700 }
1e7855a5 701}
c27004ec 702#endif
d720b93d 703
c527ee8f 704#if defined(CONFIG_USER_ONLY)
75a34036 705void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 706
707{
708}
709
3ee887e8
PM		 710int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
711 int flags)
712{
713 return -ENOSYS;
714}
715
716void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
717{
718}
719
75a34036 720int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 721 int flags, CPUWatchpoint **watchpoint)
722{
723 return -ENOSYS;
724}
725#else
6658ffb8 726/* Add a watchpoint. */
75a34036 727int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 728 int flags, CPUWatchpoint **watchpoint)
6658ffb8 729{
c0ce998e 730 CPUWatchpoint *wp;
6658ffb8 731
05068c0d 732 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 733 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 734 error_report("tried to set invalid watchpoint at %"
735 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 736 return -EINVAL;
737 }
7267c094 738 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 739
740 wp->vaddr = addr;
05068c0d 741 wp->len = len;
a1d1bb31
AL		 742 wp->flags = flags;
743
2dc9f411 744 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 745 if (flags & BP_GDB) {
746 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
747 } else {
748 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
749 }
6658ffb8 750
31b030d4 751 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 752
753 if (watchpoint)
754 *watchpoint = wp;
755 return 0;
6658ffb8
PB		 756}
757
a1d1bb31 758/* Remove a specific watchpoint. */
75a34036 759int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 760 int flags)
6658ffb8 761{
a1d1bb31 762 CPUWatchpoint *wp;
6658ffb8 763
ff4700b0 764 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 765 if (addr == wp->vaddr && len == wp->len
6e140f28 766 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 767 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 768 return 0;
769 }
770 }
a1d1bb31 771 return -ENOENT;
6658ffb8
PB		 772}
773
a1d1bb31 774/* Remove a specific watchpoint by reference. */
75a34036 775void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 776{
ff4700b0 777 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 778
31b030d4 779 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 780
7267c094 781 g_free(watchpoint);
a1d1bb31
AL		 782}
783
784/* Remove all matching watchpoints. */
75a34036 785void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 786{
c0ce998e 787 CPUWatchpoint *wp, *next;
a1d1bb31 788
ff4700b0 789 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 790 if (wp->flags & mask) {
791 cpu_watchpoint_remove_by_ref(cpu, wp);
792 }
c0ce998e 793 }
7d03f82f 794}
05068c0d
PM		 795
796/* Return true if this watchpoint address matches the specified
797 * access (ie the address range covered by the watchpoint overlaps
798 * partially or completely with the address range covered by the
799 * access).
800 */
801static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
802 vaddr addr,
803 vaddr len)
804{
805 /* We know the lengths are non-zero, but a little caution is
806 * required to avoid errors in the case where the range ends
807 * exactly at the top of the address space and so addr + len
808 * wraps round to zero.
809 */
810 vaddr wpend = wp->vaddr + wp->len - 1;
811 vaddr addrend = addr + len - 1;
812
813 return !(addr > wpend || wp->vaddr > addrend);
814}
815
c527ee8f 816#endif
7d03f82f 817
a1d1bb31 818/* Add a breakpoint. */
b3310ab3 819int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 820 CPUBreakpoint **breakpoint)
4c3a88a2 821{
c0ce998e 822 CPUBreakpoint *bp;
3b46e624 823
7267c094 824 bp = g_malloc(sizeof(*bp));
4c3a88a2 825
a1d1bb31
AL		 826 bp->pc = pc;
827 bp->flags = flags;
828
2dc9f411 829 /* keep all GDB-injected breakpoints in front */
00b941e5 830 if (flags & BP_GDB) {
f0c3c505 831 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 832 } else {
f0c3c505 833 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 834 }
3b46e624 835
f0c3c505 836 breakpoint_invalidate(cpu, pc);
a1d1bb31 837
00b941e5 838 if (breakpoint) {
a1d1bb31 839 *breakpoint = bp;
00b941e5 840 }
4c3a88a2 841 return 0;
4c3a88a2
FB		 842}
843
a1d1bb31 844/* Remove a specific breakpoint. */
b3310ab3 845int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 846{
a1d1bb31
AL		 847 CPUBreakpoint *bp;
848
f0c3c505 849 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 850 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 851 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 852 return 0;
853 }
7d03f82f 854 }
a1d1bb31 855 return -ENOENT;
7d03f82f
EI		 856}
857
a1d1bb31 858/* Remove a specific breakpoint by reference. */
b3310ab3 859void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 860{
f0c3c505
AF		 861 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
862
863 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 864
7267c094 865 g_free(breakpoint);
a1d1bb31
AL		 866}
867
868/* Remove all matching breakpoints. */
b3310ab3 869void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 870{
c0ce998e 871 CPUBreakpoint *bp, *next;
a1d1bb31 872
f0c3c505 873 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 874 if (bp->flags & mask) {
875 cpu_breakpoint_remove_by_ref(cpu, bp);
876 }
c0ce998e 877 }
4c3a88a2
FB		 878}
879
c33a346e
FB		 880/* enable or disable single step mode. EXCP_DEBUG is returned by the
881 CPU loop after each instruction */
3825b28f 882void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 883{
ed2803da
AF		 884 if (cpu->singlestep_enabled != enabled) {
885 cpu->singlestep_enabled = enabled;
886 if (kvm_enabled()) {
38e478ec 887 kvm_update_guest_debug(cpu, 0);
ed2803da 888 } else {
ccbb4d44 889 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 890 /* XXX: only flush what is necessary */
bbd77c18 891 tb_flush(cpu);
e22a25c9 892 }
c33a346e 893 }
c33a346e
FB		 894}
895
a47dddd7 896void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 897{
898 va_list ap;
493ae1f0 899 va_list ap2;
7501267e
FB		 900
901 va_start(ap, fmt);
493ae1f0 902 va_copy(ap2, ap);
7501267e
FB		 903 fprintf(stderr, "qemu: fatal: ");
904 vfprintf(stderr, fmt, ap);
905 fprintf(stderr, "\n");
878096ee 906 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 907 if (qemu_log_separate()) {
93fcfe39
AL		 908 qemu_log("qemu: fatal: ");
909 qemu_log_vprintf(fmt, ap2);
910 qemu_log("\n");
a0762859 911 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 912 qemu_log_flush();
93fcfe39 913 qemu_log_close();
924edcae 914 }
493ae1f0 915 va_end(ap2);
f9373291 916 va_end(ap);
7615936e 917 replay_finish();
fd052bf6
RV		 918#if defined(CONFIG_USER_ONLY)
919 {
920 struct sigaction act;
921 sigfillset(&act.sa_mask);
922 act.sa_handler = SIG_DFL;
923 sigaction(SIGABRT, &act, NULL);
924 }
925#endif
7501267e
FB		 926 abort();
927}
928
0124311e 929#if !defined(CONFIG_USER_ONLY)
0dc3f44a 930/* Called from RCU critical section */
041603fe
PB		 931static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
932{
933 RAMBlock *block;
934
43771539 935 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 936 if (block && addr - block->offset < block->max_length) {
68851b98 937 return block;
041603fe 938 }
0dc3f44a 939 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 940 if (addr - block->offset < block->max_length) {
041603fe
PB		 941 goto found;
942 }
943 }
944
945 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
946 abort();
947
948found:
43771539
PB		 949 /* It is safe to write mru_block outside the iothread lock. This
950 * is what happens:
951 *
952 * mru_block = xxx
953 * rcu_read_unlock()
954 * xxx removed from list
955 * rcu_read_lock()
956 * read mru_block
957 * mru_block = NULL;
958 * call_rcu(reclaim_ramblock, xxx);
959 * rcu_read_unlock()
960 *
961 * atomic_rcu_set is not needed here. The block was already published
962 * when it was placed into the list. Here we're just making an extra
963 * copy of the pointer.
964 */
041603fe
PB		 965 ram_list.mru_block = block;
966 return block;
967}
968
a2f4d5be 969static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 970{
9a13565d 971 CPUState *cpu;
041603fe 972 ram_addr_t start1;
a2f4d5be
JQ		 973 RAMBlock *block;
974 ram_addr_t end;
975
976 end = TARGET_PAGE_ALIGN(start + length);
977 start &= TARGET_PAGE_MASK;
d24981d3 978
0dc3f44a 979 rcu_read_lock();
041603fe
PB		 980 block = qemu_get_ram_block(start);
981 assert(block == qemu_get_ram_block(end - 1));
1240be24 982 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 983 CPU_FOREACH(cpu) {
984 tlb_reset_dirty(cpu, start1, length);
985 }
0dc3f44a 986 rcu_read_unlock();
d24981d3
JQ		 987}
988
5579c7f3 989/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 990bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
991 ram_addr_t length,
992 unsigned client)
1ccde1cb 993{
5b82b703 994 DirtyMemoryBlocks *blocks;
03eebc9e 995 unsigned long end, page;
5b82b703 996 bool dirty = false;
03eebc9e
SH		 997
998 if (length == 0) {
999 return false;
1000 }
f23db169 1001
03eebc9e
SH		 1002 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1003 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1004
1005 rcu_read_lock();
1006
1007 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1008
1009 while (page < end) {
1010 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1011 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1012 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1013
1014 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1015 offset, num);
1016 page += num;
1017 }
1018
1019 rcu_read_unlock();
03eebc9e
SH		 1020
1021 if (dirty && tcg_enabled()) {
a2f4d5be 1022 tlb_reset_dirty_range_all(start, length);
5579c7f3 1023 }
03eebc9e
SH		 1024
1025 return dirty;
1ccde1cb
FB		 1026}
1027
79e2b9ae 1028/* Called from RCU critical section */
bb0e627a 1029hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1030 MemoryRegionSection *section,
1031 target_ulong vaddr,
1032 hwaddr paddr, hwaddr xlat,
1033 int prot,
1034 target_ulong *address)
e5548617 1035{
a8170e5e 1036 hwaddr iotlb;
e5548617
BS		 1037 CPUWatchpoint *wp;
1038
cc5bea60 1039 if (memory_region_is_ram(section->mr)) {
e5548617 1040 /* Normal RAM. */
e4e69794 1041 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1042 if (!section->readonly) {
b41aac4f 1043 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1044 } else {
b41aac4f 1045 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1046 }
1047 } else {
0b8e2c10
PM		 1048 AddressSpaceDispatch *d;
1049
1050 d = atomic_rcu_read(&section->address_space->dispatch);
1051 iotlb = section - d->map.sections;
149f54b5 1052 iotlb += xlat;
e5548617
BS		 1053 }
1054
1055 /* Make accesses to pages with watchpoints go via the
1056 watchpoint trap routines. */
ff4700b0 1057 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1058 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1059 /* Avoid trapping reads of pages with a write breakpoint. */
1060 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1061 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1062 *address |= TLB_MMIO;
1063 break;
1064 }
1065 }
1066 }
1067
1068 return iotlb;
1069}
9fa3e853
FB		 1070#endif /* defined(CONFIG_USER_ONLY) */
1071
e2eef170 1072#if !defined(CONFIG_USER_ONLY)
8da3ff18 1073
c227f099 1074static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1075 uint16_t section);
acc9d80b 1076static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1077
a2b257d6
IM		 1078static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1079 qemu_anon_ram_alloc;
91138037
MA		 1080
1081/*
1082 * Set a custom physical guest memory alloator.
1083 * Accelerators with unusual needs may need this. Hopefully, we can
1084 * get rid of it eventually.
1085 */
a2b257d6 1086void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1087{
1088 phys_mem_alloc = alloc;
1089}
1090
53cb28cb
MA		 1091static uint16_t phys_section_add(PhysPageMap *map,
1092 MemoryRegionSection *section)
5312bd8b 1093{
68f3f65b
PB		 1094 /* The physical section number is ORed with a page-aligned
1095 * pointer to produce the iotlb entries. Thus it should
1096 * never overflow into the page-aligned value.
1097 */
53cb28cb 1098 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1099
53cb28cb
MA		 1100 if (map->sections_nb == map->sections_nb_alloc) {
1101 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1102 map->sections = g_renew(MemoryRegionSection, map->sections,
1103 map->sections_nb_alloc);
5312bd8b 1104 }
53cb28cb 1105 map->sections[map->sections_nb] = *section;
dfde4e6e 1106 memory_region_ref(section->mr);
53cb28cb 1107 return map->sections_nb++;
5312bd8b
AK		 1108}
1109
058bc4b5
PB		 1110static void phys_section_destroy(MemoryRegion *mr)
1111{
55b4e80b
DS		 1112 bool have_sub_page = mr->subpage;
1113
dfde4e6e
PB		 1114 memory_region_unref(mr);
1115
55b4e80b 1116 if (have_sub_page) {
058bc4b5 1117 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1118 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1119 g_free(subpage);
1120 }
1121}
1122
6092666e 1123static void phys_sections_free(PhysPageMap *map)
5312bd8b 1124{
9affd6fc
PB		 1125 while (map->sections_nb > 0) {
1126 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1127 phys_section_destroy(section->mr);
1128 }
9affd6fc
PB		 1129 g_free(map->sections);
1130 g_free(map->nodes);
5312bd8b
AK		 1131}
1132
ac1970fb 1133static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1134{
1135 subpage_t *subpage;
a8170e5e 1136 hwaddr base = section->offset_within_address_space
0f0cb164 1137 & TARGET_PAGE_MASK;
97115a8d 1138 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1139 d->map.nodes, d->map.sections);
0f0cb164
AK		 1140 MemoryRegionSection subsection = {
1141 .offset_within_address_space = base,
052e87b0 1142 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1143 };
a8170e5e 1144 hwaddr start, end;
0f0cb164 1145
f3705d53 1146 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1147
f3705d53 1148 if (!(existing->mr->subpage)) {
acc9d80b 1149 subpage = subpage_init(d->as, base);
3be91e86 1150 subsection.address_space = d->as;
0f0cb164 1151 subsection.mr = &subpage->iomem;
ac1970fb 1152 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1153 phys_section_add(&d->map, &subsection));
0f0cb164 1154 } else {
f3705d53 1155 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1156 }
1157 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1158 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1159 subpage_register(subpage, start, end,
1160 phys_section_add(&d->map, section));
0f0cb164
AK		 1161}
1162
1163
052e87b0
PB		 1164static void register_multipage(AddressSpaceDispatch *d,
1165 MemoryRegionSection *section)
33417e70 1166{
a8170e5e 1167 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1168 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1169 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1170 TARGET_PAGE_BITS));
dd81124b 1171
733d5ef5
PB		 1172 assert(num_pages);
1173 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1174}
1175
ac1970fb 1176static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1177{
89ae337a 1178 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1179 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1180 MemoryRegionSection now = *section, remain = *section;
052e87b0 1181 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1182
733d5ef5
PB		 1183 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1184 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1185 - now.offset_within_address_space;
1186
052e87b0 1187 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1188 register_subpage(d, &now);
733d5ef5 1189 } else {
052e87b0 1190 now.size = int128_zero();
733d5ef5 1191 }
052e87b0
PB		 1192 while (int128_ne(remain.size, now.size)) {
1193 remain.size = int128_sub(remain.size, now.size);
1194 remain.offset_within_address_space += int128_get64(now.size);
1195 remain.offset_within_region += int128_get64(now.size);
69b67646 1196 now = remain;
052e87b0 1197 if (int128_lt(remain.size, page_size)) {
733d5ef5 1198 register_subpage(d, &now);
88266249 1199 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1200 now.size = page_size;
ac1970fb 1201 register_subpage(d, &now);
69b67646 1202 } else {
052e87b0 1203 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1204 register_multipage(d, &now);
69b67646 1205 }
0f0cb164
AK		 1206 }
1207}
1208
62a2744c
SY		 1209void qemu_flush_coalesced_mmio_buffer(void)
1210{
1211 if (kvm_enabled())
1212 kvm_flush_coalesced_mmio_buffer();
1213}
1214
b2a8658e
UD		 1215void qemu_mutex_lock_ramlist(void)
1216{
1217 qemu_mutex_lock(&ram_list.mutex);
1218}
1219
1220void qemu_mutex_unlock_ramlist(void)
1221{
1222 qemu_mutex_unlock(&ram_list.mutex);
1223}
1224
e1e84ba0 1225#ifdef __linux__
04b16653
AW		 1226static void *file_ram_alloc(RAMBlock *block,
1227 ram_addr_t memory,
7f56e740
PB		 1228 const char *path,
1229 Error **errp)
c902760f 1230{
fd97fd44 1231 bool unlink_on_error = false;
c902760f 1232 char *filename;
8ca761f6
PF		 1233 char *sanitized_name;
1234 char *c;
056b68af 1235 void *area = MAP_FAILED;
5c3ece79 1236 int fd = -1;
e1fb6471 1237 int64_t page_size;
c902760f
MT		 1238
1239 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1240 error_setg(errp,
1241 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1242 return NULL;
c902760f
MT		 1243 }
1244
fd97fd44
MA		 1245 for (;;) {
1246 fd = open(path, O_RDWR);
1247 if (fd >= 0) {
1248 /* @path names an existing file, use it */
1249 break;
8d31d6b6 1250 }
fd97fd44
MA		 1251 if (errno == ENOENT) {
1252 /* @path names a file that doesn't exist, create it */
1253 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1254 if (fd >= 0) {
1255 unlink_on_error = true;
1256 break;
1257 }
1258 } else if (errno == EISDIR) {
1259 /* @path names a directory, create a file there */
1260 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1261 sanitized_name = g_strdup(memory_region_name(block->mr));
1262 for (c = sanitized_name; *c != '\0'; c++) {
1263 if (*c == '/') {
1264 *c = '_';
1265 }
1266 }
8ca761f6 1267
fd97fd44
MA		 1268 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1269 sanitized_name);
1270 g_free(sanitized_name);
8d31d6b6 1271
fd97fd44
MA		 1272 fd = mkstemp(filename);
1273 if (fd >= 0) {
1274 unlink(filename);
1275 g_free(filename);
1276 break;
1277 }
1278 g_free(filename);
8d31d6b6 1279 }
fd97fd44
MA		 1280 if (errno != EEXIST && errno != EINTR) {
1281 error_setg_errno(errp, errno,
1282 "can't open backing store %s for guest RAM",
1283 path);
1284 goto error;
1285 }
1286 /*
1287 * Try again on EINTR and EEXIST. The latter happens when
1288 * something else creates the file between our two open().
1289 */
8d31d6b6 1290 }
c902760f 1291
e1fb6471 1292 page_size = qemu_fd_getpagesize(fd);
d2f39add 1293 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1294
e1fb6471 1295 if (memory < page_size) {
fd97fd44
MA		 1296 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1297 "or larger than page size 0x%" PRIx64,
e1fb6471 1298 memory, page_size);
f9a49dfa 1299 goto error;
c902760f 1300 }
c902760f 1301
e1fb6471 1302 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1303
1304 /*
1305 * ftruncate is not supported by hugetlbfs in older
1306 * hosts, so don't bother bailing out on errors.
1307 * If anything goes wrong with it under other filesystems,
1308 * mmap will fail.
1309 */
7f56e740 1310 if (ftruncate(fd, memory)) {
9742bf26 1311 perror("ftruncate");
7f56e740 1312 }
c902760f 1313
d2f39add
DD		 1314 area = qemu_ram_mmap(fd, memory, block->mr->align,
1315 block->flags & RAM_SHARED);
c902760f 1316 if (area == MAP_FAILED) {
7f56e740 1317 error_setg_errno(errp, errno,
fd97fd44 1318 "unable to map backing store for guest RAM");
f9a49dfa 1319 goto error;
c902760f 1320 }
ef36fa14
MT		 1321
1322 if (mem_prealloc) {
056b68af
IM		 1323 os_mem_prealloc(fd, area, memory, errp);
1324 if (errp && *errp) {
1325 goto error;
1326 }
ef36fa14
MT		 1327 }
1328
04b16653 1329 block->fd = fd;
c902760f 1330 return area;
f9a49dfa
MT		 1331
1332error:
056b68af
IM		 1333 if (area != MAP_FAILED) {
1334 qemu_ram_munmap(area, memory);
1335 }
fd97fd44
MA		 1336 if (unlink_on_error) {
1337 unlink(path);
1338 }
5c3ece79
PB		 1339 if (fd != -1) {
1340 close(fd);
1341 }
f9a49dfa 1342 return NULL;
c902760f
MT		 1343}
1344#endif
1345
0dc3f44a 1346/* Called with the ramlist lock held. */
d17b5288 1347static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1348{
1349 RAMBlock *block, *next_block;
3e837b2c 1350 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1351
49cd9ac6
SH		 1352 assert(size != 0); /* it would hand out same offset multiple times */
1353
0dc3f44a 1354 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1355 return 0;
0d53d9fe 1356 }
04b16653 1357
0dc3f44a 1358 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1359 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1360
62be4e3a 1361 end = block->offset + block->max_length;
04b16653 1362
0dc3f44a 1363 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1364 if (next_block->offset >= end) {
1365 next = MIN(next, next_block->offset);
1366 }
1367 }
1368 if (next - end >= size && next - end < mingap) {
3e837b2c 1369 offset = end;
04b16653
AW		 1370 mingap = next - end;
1371 }
1372 }
3e837b2c
AW		 1373
1374 if (offset == RAM_ADDR_MAX) {
1375 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1376 (uint64_t)size);
1377 abort();
1378 }
1379
04b16653
AW		 1380 return offset;
1381}
1382
652d7ec2 1383ram_addr_t last_ram_offset(void)
d17b5288
AW		 1384{
1385 RAMBlock *block;
1386 ram_addr_t last = 0;
1387
0dc3f44a
MD		 1388 rcu_read_lock();
1389 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1390 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1391 }
0dc3f44a 1392 rcu_read_unlock();
d17b5288
AW		 1393 return last;
1394}
1395
ddb97f1d
JB		 1396static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1397{
1398 int ret;
ddb97f1d
JB		 1399
1400 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1401 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1402 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1403 if (ret) {
1404 perror("qemu_madvise");
1405 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1406 "but dump_guest_core=off specified\n");
1407 }
1408 }
1409}
1410
422148d3
DDAG		 1411const char *qemu_ram_get_idstr(RAMBlock *rb)
1412{
1413 return rb->idstr;
1414}
1415
ae3a7047 1416/* Called with iothread lock held. */
fa53a0e5 1417void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1418{
fa53a0e5 1419 RAMBlock *block;
20cfe881 1420
c5705a77
AK		 1421 assert(new_block);
1422 assert(!new_block->idstr[0]);
84b89d78 1423
09e5ab63
AL		 1424 if (dev) {
1425 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1426 if (id) {
1427 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1428 g_free(id);
84b89d78
CM		 1429 }
1430 }
1431 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1432
ab0a9956 1433 rcu_read_lock();
0dc3f44a 1434 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1435 if (block != new_block &&
1436 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1437 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1438 new_block->idstr);
1439 abort();
1440 }
1441 }
0dc3f44a 1442 rcu_read_unlock();
c5705a77
AK		 1443}
1444
ae3a7047 1445/* Called with iothread lock held. */
fa53a0e5 1446void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1447{
ae3a7047
MD		 1448 /* FIXME: arch_init.c assumes that this is not called throughout
1449 * migration. Ignore the problem since hot-unplug during migration
1450 * does not work anyway.
1451 */
20cfe881
HT		 1452 if (block) {
1453 memset(block->idstr, 0, sizeof(block->idstr));
1454 }
1455}
1456
8490fc78
LC		 1457static int memory_try_enable_merging(void *addr, size_t len)
1458{
75cc7f01 1459 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1460 /* disabled by the user */
1461 return 0;
1462 }
1463
1464 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1465}
1466
62be4e3a
MT		 1467/* Only legal before guest might have detected the memory size: e.g. on
1468 * incoming migration, or right after reset.
1469 *
1470 * As memory core doesn't know how is memory accessed, it is up to
1471 * resize callback to update device state and/or add assertions to detect
1472 * misuse, if necessary.
1473 */
fa53a0e5 1474int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1475{
62be4e3a
MT		 1476 assert(block);
1477
4ed023ce 1478 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1479
62be4e3a
MT		 1480 if (block->used_length == newsize) {
1481 return 0;
1482 }
1483
1484 if (!(block->flags & RAM_RESIZEABLE)) {
1485 error_setg_errno(errp, EINVAL,
1486 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1487 " in != 0x" RAM_ADDR_FMT, block->idstr,
1488 newsize, block->used_length);
1489 return -EINVAL;
1490 }
1491
1492 if (block->max_length < newsize) {
1493 error_setg_errno(errp, EINVAL,
1494 "Length too large: %s: 0x" RAM_ADDR_FMT
1495 " > 0x" RAM_ADDR_FMT, block->idstr,
1496 newsize, block->max_length);
1497 return -EINVAL;
1498 }
1499
1500 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1501 block->used_length = newsize;
58d2707e
PB		 1502 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1503 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1504 memory_region_set_size(block->mr, newsize);
1505 if (block->resized) {
1506 block->resized(block->idstr, newsize, block->host);
1507 }
1508 return 0;
1509}
1510
5b82b703
SH		 1511/* Called with ram_list.mutex held */
1512static void dirty_memory_extend(ram_addr_t old_ram_size,
1513 ram_addr_t new_ram_size)
1514{
1515 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1516 DIRTY_MEMORY_BLOCK_SIZE);
1517 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1518 DIRTY_MEMORY_BLOCK_SIZE);
1519 int i;
1520
1521 /* Only need to extend if block count increased */
1522 if (new_num_blocks <= old_num_blocks) {
1523 return;
1524 }
1525
1526 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1527 DirtyMemoryBlocks *old_blocks;
1528 DirtyMemoryBlocks *new_blocks;
1529 int j;
1530
1531 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1532 new_blocks = g_malloc(sizeof(*new_blocks) +
1533 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1534
1535 if (old_num_blocks) {
1536 memcpy(new_blocks->blocks, old_blocks->blocks,
1537 old_num_blocks * sizeof(old_blocks->blocks[0]));
1538 }
1539
1540 for (j = old_num_blocks; j < new_num_blocks; j++) {
1541 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1542 }
1543
1544 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1545
1546 if (old_blocks) {
1547 g_free_rcu(old_blocks, rcu);
1548 }
1549 }
1550}
1551
528f46af 1552static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1553{
e1c57ab8 1554 RAMBlock *block;
0d53d9fe 1555 RAMBlock *last_block = NULL;
2152f5ca 1556 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1557 Error *err = NULL;
2152f5ca
JQ		 1558
1559 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1560
b2a8658e 1561 qemu_mutex_lock_ramlist();
9b8424d5 1562 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1563
1564 if (!new_block->host) {
1565 if (xen_enabled()) {
9b8424d5 1566 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1567 new_block->mr, &err);
1568 if (err) {
1569 error_propagate(errp, err);
1570 qemu_mutex_unlock_ramlist();
39c350ee 1571 return;
37aa7a0e 1572 }
e1c57ab8 1573 } else {
9b8424d5 1574 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1575 &new_block->mr->align);
39228250 1576 if (!new_block->host) {
ef701d7b
HT		 1577 error_setg_errno(errp, errno,
1578 "cannot set up guest memory '%s'",
1579 memory_region_name(new_block->mr));
1580 qemu_mutex_unlock_ramlist();
39c350ee 1581 return;
39228250 1582 }
9b8424d5 1583 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1584 }
c902760f 1585 }
94a6b54f 1586
dd631697
LZ		 1587 new_ram_size = MAX(old_ram_size,
1588 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1589 if (new_ram_size > old_ram_size) {
1590 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1591 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1592 }
0d53d9fe
MD		 1593 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1594 * QLIST (which has an RCU-friendly variant) does not have insertion at
1595 * tail, so save the last element in last_block.
1596 */
0dc3f44a 1597 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1598 last_block = block;
9b8424d5 1599 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1600 break;
1601 }
1602 }
1603 if (block) {
0dc3f44a 1604 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1605 } else if (last_block) {
0dc3f44a 1606 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1607 } else { /* list is empty */
0dc3f44a 1608 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1609 }
0d6d3c87 1610 ram_list.mru_block = NULL;
94a6b54f 1611
0dc3f44a
MD		 1612 /* Write list before version */
1613 smp_wmb();
f798b07f 1614 ram_list.version++;
b2a8658e 1615 qemu_mutex_unlock_ramlist();
f798b07f 1616
9b8424d5 1617 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1618 new_block->used_length,
1619 DIRTY_CLIENTS_ALL);
94a6b54f 1620
a904c911
PB		 1621 if (new_block->host) {
1622 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1623 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1624 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1625 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1626 }
94a6b54f 1627}
e9a1ab19 1628
0b183fc8 1629#ifdef __linux__
528f46af
FZ		 1630RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1631 bool share, const char *mem_path,
1632 Error **errp)
e1c57ab8
PB		 1633{
1634 RAMBlock *new_block;
ef701d7b 1635 Error *local_err = NULL;
e1c57ab8
PB		 1636
1637 if (xen_enabled()) {
7f56e740 1638 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1639 return NULL;
e1c57ab8
PB		 1640 }
1641
1642 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1643 /*
1644 * file_ram_alloc() needs to allocate just like
1645 * phys_mem_alloc, but we haven't bothered to provide
1646 * a hook there.
1647 */
7f56e740
PB		 1648 error_setg(errp,
1649 "-mem-path not supported with this accelerator");
528f46af 1650 return NULL;
e1c57ab8
PB		 1651 }
1652
4ed023ce 1653 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1654 new_block = g_malloc0(sizeof(*new_block));
1655 new_block->mr = mr;
9b8424d5
MT		 1656 new_block->used_length = size;
1657 new_block->max_length = size;
dbcb8981 1658 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1659 new_block->host = file_ram_alloc(new_block, size,
1660 mem_path, errp);
1661 if (!new_block->host) {
1662 g_free(new_block);
528f46af 1663 return NULL;
7f56e740
PB		 1664 }
1665
528f46af 1666 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1667 if (local_err) {
1668 g_free(new_block);
1669 error_propagate(errp, local_err);
528f46af 1670 return NULL;
ef701d7b 1671 }
528f46af 1672 return new_block;
e1c57ab8 1673}
0b183fc8 1674#endif
e1c57ab8 1675
62be4e3a 1676static
528f46af
FZ		 1677RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1678 void (*resized)(const char*,
1679 uint64_t length,
1680 void *host),
1681 void *host, bool resizeable,
1682 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1683{
1684 RAMBlock *new_block;
ef701d7b 1685 Error *local_err = NULL;
e1c57ab8 1686
4ed023ce
DDAG		 1687 size = HOST_PAGE_ALIGN(size);
1688 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1689 new_block = g_malloc0(sizeof(*new_block));
1690 new_block->mr = mr;
62be4e3a 1691 new_block->resized = resized;
9b8424d5
MT		 1692 new_block->used_length = size;
1693 new_block->max_length = max_size;
62be4e3a 1694 assert(max_size >= size);
e1c57ab8
PB		 1695 new_block->fd = -1;
1696 new_block->host = host;
1697 if (host) {
7bd4f430 1698 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1699 }
62be4e3a
MT		 1700 if (resizeable) {
1701 new_block->flags |= RAM_RESIZEABLE;
1702 }
528f46af 1703 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1704 if (local_err) {
1705 g_free(new_block);
1706 error_propagate(errp, local_err);
528f46af 1707 return NULL;
ef701d7b 1708 }
528f46af 1709 return new_block;
e1c57ab8
PB		 1710}
1711
528f46af 1712RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1713 MemoryRegion *mr, Error **errp)
1714{
1715 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1716}
1717
528f46af 1718RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1719{
62be4e3a
MT		 1720 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1721}
1722
528f46af 1723RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1724 void (*resized)(const char*,
1725 uint64_t length,
1726 void *host),
1727 MemoryRegion *mr, Error **errp)
1728{
1729 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1730}
1731
43771539
PB		 1732static void reclaim_ramblock(RAMBlock *block)
1733{
1734 if (block->flags & RAM_PREALLOC) {
1735 ;
1736 } else if (xen_enabled()) {
1737 xen_invalidate_map_cache_entry(block->host);
1738#ifndef _WIN32
1739 } else if (block->fd >= 0) {
2f3a2bb1 1740 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1741 close(block->fd);
1742#endif
1743 } else {
1744 qemu_anon_ram_free(block->host, block->max_length);
1745 }
1746 g_free(block);
1747}
1748
f1060c55 1749void qemu_ram_free(RAMBlock *block)
e9a1ab19 1750{
85bc2a15
MAL		 1751 if (!block) {
1752 return;
1753 }
1754
b2a8658e 1755 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1756 QLIST_REMOVE_RCU(block, next);
1757 ram_list.mru_block = NULL;
1758 /* Write list before version */
1759 smp_wmb();
1760 ram_list.version++;
1761 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1762 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1763}
1764
cd19cfa2
HY		 1765#ifndef _WIN32
1766void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1767{
1768 RAMBlock *block;
1769 ram_addr_t offset;
1770 int flags;
1771 void *area, *vaddr;
1772
0dc3f44a 1773 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1774 offset = addr - block->offset;
9b8424d5 1775 if (offset < block->max_length) {
1240be24 1776 vaddr = ramblock_ptr(block, offset);
7bd4f430 1777 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1778 ;
dfeaf2ab
MA		 1779 } else if (xen_enabled()) {
1780 abort();
cd19cfa2
HY		 1781 } else {
1782 flags = MAP_FIXED;
3435f395 1783 if (block->fd >= 0) {
dbcb8981
PB		 1784 flags |= (block->flags & RAM_SHARED ?
1785 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1786 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1787 flags, block->fd, offset);
cd19cfa2 1788 } else {
2eb9fbaa
MA		 1789 /*
1790 * Remap needs to match alloc. Accelerators that
1791 * set phys_mem_alloc never remap. If they did,
1792 * we'd need a remap hook here.
1793 */
1794 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1795
cd19cfa2
HY		 1796 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1797 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1798 flags, -1, 0);
cd19cfa2
HY		 1799 }
1800 if (area != vaddr) {
f15fbc4b
AP		 1801 fprintf(stderr, "Could not remap addr: "
1802 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1803 length, addr);
1804 exit(1);
1805 }
8490fc78 1806 memory_try_enable_merging(vaddr, length);
ddb97f1d 1807 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1808 }
cd19cfa2
HY		 1809 }
1810 }
1811}
1812#endif /* !_WIN32 */
1813
1b5ec234 1814/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1815 * This should not be used for general purpose DMA. Use address_space_map
1816 * or address_space_rw instead. For local memory (e.g. video ram) that the
1817 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1818 *
49b24afc 1819 * Called within RCU critical section.
1b5ec234 1820 */
0878d0e1 1821void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1822{
3655cb9c
GA		 1823 RAMBlock *block = ram_block;
1824
1825 if (block == NULL) {
1826 block = qemu_get_ram_block(addr);
0878d0e1 1827 addr -= block->offset;
3655cb9c 1828 }
ae3a7047
MD		 1829
1830 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map until the end of the page.
1834 */
1835 if (block->offset == 0) {
49b24afc 1836 return xen_map_cache(addr, 0, 0);
0d6d3c87 1837 }
ae3a7047
MD		 1838
1839 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1840 }
0878d0e1 1841 return ramblock_ptr(block, addr);
dc828ca1
PB		 1842}
1843
0878d0e1 1844/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1845 * but takes a size argument.
0dc3f44a 1846 *
e81bcda5 1847 * Called within RCU critical section.
ae3a7047 1848 */
3655cb9c
GA		 1849static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1850 hwaddr *size)
38bee5dc 1851{
3655cb9c 1852 RAMBlock *block = ram_block;
8ab934f9
SS		 1853 if (*size == 0) {
1854 return NULL;
1855 }
e81bcda5 1856
3655cb9c
GA		 1857 if (block == NULL) {
1858 block = qemu_get_ram_block(addr);
0878d0e1 1859 addr -= block->offset;
3655cb9c 1860 }
0878d0e1 1861 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1862
1863 if (xen_enabled() && block->host == NULL) {
1864 /* We need to check if the requested address is in the RAM
1865 * because we don't want to map the entire memory in QEMU.
1866 * In that case just map the requested area.
1867 */
1868 if (block->offset == 0) {
1869 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1870 }
1871
e81bcda5 1872 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1873 }
e81bcda5 1874
0878d0e1 1875 return ramblock_ptr(block, addr);
38bee5dc
SS		 1876}
1877
422148d3
DDAG		 1878/*
1879 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1880 * in that RAMBlock.
1881 *
1882 * ptr: Host pointer to look up
1883 * round_offset: If true round the result offset down to a page boundary
1884 * *ram_addr: set to result ram_addr
1885 * *offset: set to result offset within the RAMBlock
1886 *
1887 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1888 *
1889 * By the time this function returns, the returned pointer is not protected
1890 * by RCU anymore. If the caller is not within an RCU critical section and
1891 * does not hold the iothread lock, it must have other means of protecting the
1892 * pointer, such as a reference to the region that includes the incoming
1893 * ram_addr_t.
1894 */
422148d3 1895RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1896 ram_addr_t *offset)
5579c7f3 1897{
94a6b54f
PB		 1898 RAMBlock *block;
1899 uint8_t *host = ptr;
1900
868bb33f 1901 if (xen_enabled()) {
f615f396 1902 ram_addr_t ram_addr;
0dc3f44a 1903 rcu_read_lock();
f615f396
PB		 1904 ram_addr = xen_ram_addr_from_mapcache(ptr);
1905 block = qemu_get_ram_block(ram_addr);
422148d3 1906 if (block) {
d6b6aec4 1907 *offset = ram_addr - block->offset;
422148d3 1908 }
0dc3f44a 1909 rcu_read_unlock();
422148d3 1910 return block;
712c2b41
SS		 1911 }
1912
0dc3f44a
MD		 1913 rcu_read_lock();
1914 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1915 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1916 goto found;
1917 }
1918
0dc3f44a 1919 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1920 /* This case append when the block is not mapped. */
1921 if (block->host == NULL) {
1922 continue;
1923 }
9b8424d5 1924 if (host - block->host < block->max_length) {
23887b79 1925 goto found;
f471a17e 1926 }
94a6b54f 1927 }
432d268c 1928
0dc3f44a 1929 rcu_read_unlock();
1b5ec234 1930 return NULL;
23887b79
PB		 1931
1932found:
422148d3
DDAG		 1933 *offset = (host - block->host);
1934 if (round_offset) {
1935 *offset &= TARGET_PAGE_MASK;
1936 }
0dc3f44a 1937 rcu_read_unlock();
422148d3
DDAG		 1938 return block;
1939}
1940
e3dd7493
DDAG		 1941/*
1942 * Finds the named RAMBlock
1943 *
1944 * name: The name of RAMBlock to find
1945 *
1946 * Returns: RAMBlock (or NULL if not found)
1947 */
1948RAMBlock *qemu_ram_block_by_name(const char *name)
1949{
1950 RAMBlock *block;
1951
1952 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1953 if (!strcmp(name, block->idstr)) {
1954 return block;
1955 }
1956 }
1957
1958 return NULL;
1959}
1960
422148d3
DDAG		 1961/* Some of the softmmu routines need to translate from a host pointer
1962 (typically a TLB entry) back to a ram offset. */
07bdaa41 1963ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1964{
1965 RAMBlock *block;
f615f396 1966 ram_addr_t offset;
422148d3 1967
f615f396 1968 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1969 if (!block) {
07bdaa41 1970 return RAM_ADDR_INVALID;
422148d3
DDAG		 1971 }
1972
07bdaa41 1973 return block->offset + offset;
e890261f 1974}
f471a17e 1975
49b24afc 1976/* Called within RCU critical section. */
a8170e5e 1977static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1978 uint64_t val, unsigned size)
9fa3e853 1979{
52159192 1980 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1981 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1982 }
0e0df1e2
AK		 1983 switch (size) {
1984 case 1:
0878d0e1 1985 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1986 break;
1987 case 2:
0878d0e1 1988 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1989 break;
1990 case 4:
0878d0e1 1991 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1992 break;
1993 default:
1994 abort();
3a7d929e 1995 }
58d2707e
PB		 1996 /* Set both VGA and migration bits for simplicity and to remove
1997 * the notdirty callback faster.
1998 */
1999 cpu_physical_memory_set_dirty_range(ram_addr, size,
2000 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2001 /* we remove the notdirty callback only if the code has been
2002 flushed */
a2cd8c85 2003 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2004 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2005 }
9fa3e853
FB		 2006}
2007
b018ddf6
PB		 2008static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2009 unsigned size, bool is_write)
2010{
2011 return is_write;
2012}
2013
0e0df1e2 2014static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2015 .write = notdirty_mem_write,
b018ddf6 2016 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2017 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2018};
2019
0f459d16 2020/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2021static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2022{
93afeade 2023 CPUState *cpu = current_cpu;
568496c0 2024 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2025 CPUArchState *env = cpu->env_ptr;
06d55cc1 2026 target_ulong pc, cs_base;
0f459d16 2027 target_ulong vaddr;
a1d1bb31 2028 CPUWatchpoint *wp;
89fee74a 2029 uint32_t cpu_flags;
0f459d16 2030
ff4700b0 2031 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2032 /* We re-entered the check after replacing the TB. Now raise
2033 * the debug interrupt so that is will trigger after the
2034 * current instruction. */
93afeade 2035 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2036 return;
2037 }
93afeade 2038 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2039 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2040 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2041 && (wp->flags & flags)) {
08225676
PM		 2042 if (flags == BP_MEM_READ) {
2043 wp->flags |= BP_WATCHPOINT_HIT_READ;
2044 } else {
2045 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2046 }
2047 wp->hitaddr = vaddr;
66b9b43c 2048 wp->hitattrs = attrs;
ff4700b0 2049 if (!cpu->watchpoint_hit) {
568496c0
SF		 2050 if (wp->flags & BP_CPU &&
2051 !cc->debug_check_watchpoint(cpu, wp)) {
2052 wp->flags &= ~BP_WATCHPOINT_HIT;
2053 continue;
2054 }
ff4700b0 2055 cpu->watchpoint_hit = wp;
239c51a5 2056 tb_check_watchpoint(cpu);
6e140f28 2057 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2058 cpu->exception_index = EXCP_DEBUG;
5638d180 2059 cpu_loop_exit(cpu);
6e140f28
AL		 2060 } else {
2061 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2062 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2063 cpu_loop_exit_noexc(cpu);
6e140f28 2064 }
06d55cc1 2065 }
6e140f28
AL		 2066 } else {
2067 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2068 }
2069 }
2070}
2071
6658ffb8
PB		 2072/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2073 so these check for a hit then pass through to the normal out-of-line
2074 phys routines. */
66b9b43c
PM		 2075static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2076 unsigned size, MemTxAttrs attrs)
6658ffb8 2077{
66b9b43c
PM		 2078 MemTxResult res;
2079 uint64_t data;
79ed0416
PM		 2080 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2081 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2084 switch (size) {
66b9b43c 2085 case 1:
79ed0416 2086 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2087 break;
2088 case 2:
79ed0416 2089 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2090 break;
2091 case 4:
79ed0416 2092 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2093 break;
1ec9b909
AK		 2094 default: abort();
2095 }
66b9b43c
PM		 2096 *pdata = data;
2097 return res;
6658ffb8
PB		 2098}
2099
66b9b43c
PM		 2100static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2101 uint64_t val, unsigned size,
2102 MemTxAttrs attrs)
6658ffb8 2103{
66b9b43c 2104 MemTxResult res;
79ed0416
PM		 2105 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2106 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2107
2108 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2109 switch (size) {
67364150 2110 case 1:
79ed0416 2111 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2112 break;
2113 case 2:
79ed0416 2114 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2115 break;
2116 case 4:
79ed0416 2117 address_space_stl(as, addr, val, attrs, &res);
67364150 2118 break;
1ec9b909
AK		 2119 default: abort();
2120 }
66b9b43c 2121 return res;
6658ffb8
PB		 2122}
2123
1ec9b909 2124static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2125 .read_with_attrs = watch_mem_read,
2126 .write_with_attrs = watch_mem_write,
1ec9b909 2127 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2128};
6658ffb8 2129
f25a49e0
PM		 2130static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2131 unsigned len, MemTxAttrs attrs)
db7b5426 2132{
acc9d80b 2133 subpage_t *subpage = opaque;
ff6cff75 2134 uint8_t buf[8];
5c9eb028 2135 MemTxResult res;
791af8c8 2136
db7b5426 2137#if defined(DEBUG_SUBPAGE)
016e9d62 2138 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2139 subpage, len, addr);
db7b5426 2140#endif
5c9eb028
PM		 2141 res = address_space_read(subpage->as, addr + subpage->base,
2142 attrs, buf, len);
2143 if (res) {
2144 return res;
f25a49e0 2145 }
acc9d80b
JK		 2146 switch (len) {
2147 case 1:
f25a49e0
PM		 2148 *data = ldub_p(buf);
2149 return MEMTX_OK;
acc9d80b 2150 case 2:
f25a49e0
PM		 2151 *data = lduw_p(buf);
2152 return MEMTX_OK;
acc9d80b 2153 case 4:
f25a49e0
PM		 2154 *data = ldl_p(buf);
2155 return MEMTX_OK;
ff6cff75 2156 case 8:
f25a49e0
PM		 2157 *data = ldq_p(buf);
2158 return MEMTX_OK;
acc9d80b
JK		 2159 default:
2160 abort();
2161 }
db7b5426
BS		 2162}
2163
f25a49e0
PM		 2164static MemTxResult subpage_write(void *opaque, hwaddr addr,
2165 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2166{
acc9d80b 2167 subpage_t *subpage = opaque;
ff6cff75 2168 uint8_t buf[8];
acc9d80b 2169
db7b5426 2170#if defined(DEBUG_SUBPAGE)
016e9d62 2171 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2172 " value %"PRIx64"\n",
2173 __func__, subpage, len, addr, value);
db7b5426 2174#endif
acc9d80b
JK		 2175 switch (len) {
2176 case 1:
2177 stb_p(buf, value);
2178 break;
2179 case 2:
2180 stw_p(buf, value);
2181 break;
2182 case 4:
2183 stl_p(buf, value);
2184 break;
ff6cff75
PB		 2185 case 8:
2186 stq_p(buf, value);
2187 break;
acc9d80b
JK		 2188 default:
2189 abort();
2190 }
5c9eb028
PM		 2191 return address_space_write(subpage->as, addr + subpage->base,
2192 attrs, buf, len);
db7b5426
BS		 2193}
2194
c353e4cc 2195static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2196 unsigned len, bool is_write)
c353e4cc 2197{
acc9d80b 2198 subpage_t *subpage = opaque;
c353e4cc 2199#if defined(DEBUG_SUBPAGE)
016e9d62 2200 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2201 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2202#endif
2203
acc9d80b 2204 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2205 len, is_write);
c353e4cc
PB		 2206}
2207
70c68e44 2208static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2209 .read_with_attrs = subpage_read,
2210 .write_with_attrs = subpage_write,
ff6cff75
PB		 2211 .impl.min_access_size = 1,
2212 .impl.max_access_size = 8,
2213 .valid.min_access_size = 1,
2214 .valid.max_access_size = 8,
c353e4cc 2215 .valid.accepts = subpage_accepts,
70c68e44 2216 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2217};
2218
c227f099 2219static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2220 uint16_t section)
db7b5426
BS		 2221{
2222 int idx, eidx;
2223
2224 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2225 return -1;
2226 idx = SUBPAGE_IDX(start);
2227 eidx = SUBPAGE_IDX(end);
2228#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2229 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2230 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2231#endif
db7b5426 2232 for (; idx <= eidx; idx++) {
5312bd8b 2233 mmio->sub_section[idx] = section;
db7b5426
BS		 2234 }
2235
2236 return 0;
2237}
2238
acc9d80b 2239static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2240{
c227f099 2241 subpage_t *mmio;
db7b5426 2242
7267c094 2243 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2244
acc9d80b 2245 mmio->as = as;
1eec614b 2246 mmio->base = base;
2c9b15ca 2247 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2248 NULL, TARGET_PAGE_SIZE);
b3b00c78 2249 mmio->iomem.subpage = true;
db7b5426 2250#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2251 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2252 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2253#endif
b41aac4f 2254 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2255
2256 return mmio;
2257}
2258
a656e22f
PC		 2259static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2260 MemoryRegion *mr)
5312bd8b 2261{
a656e22f 2262 assert(as);
5312bd8b 2263 MemoryRegionSection section = {
a656e22f 2264 .address_space = as,
5312bd8b
AK		 2265 .mr = mr,
2266 .offset_within_address_space = 0,
2267 .offset_within_region = 0,
052e87b0 2268 .size = int128_2_64(),
5312bd8b
AK		 2269 };
2270
53cb28cb 2271 return phys_section_add(map, &section);
5312bd8b
AK		 2272}
2273
a54c87b6 2274MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2275{
a54c87b6
PM		 2276 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2277 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2278 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2279 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2280
2281 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2282}
2283
e9179ce1
AK		 2284static void io_mem_init(void)
2285{
1f6245e5 2286 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2287 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2288 NULL, UINT64_MAX);
2c9b15ca 2289 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2290 NULL, UINT64_MAX);
2c9b15ca 2291 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2292 NULL, UINT64_MAX);
e9179ce1
AK		 2293}
2294
ac1970fb 2295static void mem_begin(MemoryListener *listener)
00752703
PB		 2296{
2297 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2298 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2299 uint16_t n;
2300
a656e22f 2301 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2302 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2303 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2304 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2305 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2306 assert(n == PHYS_SECTION_ROM);
a656e22f 2307 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2308 assert(n == PHYS_SECTION_WATCH);
00752703 2309
9736e55b 2310 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2311 d->as = as;
2312 as->next_dispatch = d;
2313}
2314
79e2b9ae
PB		 2315static void address_space_dispatch_free(AddressSpaceDispatch *d)
2316{
2317 phys_sections_free(&d->map);
2318 g_free(d);
2319}
2320
00752703 2321static void mem_commit(MemoryListener *listener)
ac1970fb 2322{
89ae337a 2323 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2324 AddressSpaceDispatch *cur = as->dispatch;
2325 AddressSpaceDispatch *next = as->next_dispatch;
2326
53cb28cb 2327 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2328
79e2b9ae 2329 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2330 if (cur) {
79e2b9ae 2331 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2332 }
9affd6fc
PB		 2333}
2334
1d71148e 2335static void tcg_commit(MemoryListener *listener)
50c1e149 2336{
32857f4d
PM		 2337 CPUAddressSpace *cpuas;
2338 AddressSpaceDispatch *d;
117712c3
AK		 2339
2340 /* since each CPU stores ram addresses in its TLB cache, we must
2341 reset the modified entries */
32857f4d
PM		 2342 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2343 cpu_reloading_memory_map();
2344 /* The CPU and TLB are protected by the iothread lock.
2345 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2346 * may have split the RCU critical section.
2347 */
2348 d = atomic_rcu_read(&cpuas->as->dispatch);
2349 cpuas->memory_dispatch = d;
2350 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2351}
2352
ac1970fb
AK		 2353void address_space_init_dispatch(AddressSpace *as)
2354{
00752703 2355 as->dispatch = NULL;
89ae337a 2356 as->dispatch_listener = (MemoryListener) {
ac1970fb 2357 .begin = mem_begin,
00752703 2358 .commit = mem_commit,
ac1970fb
AK		 2359 .region_add = mem_add,
2360 .region_nop = mem_add,
2361 .priority = 0,
2362 };
89ae337a 2363 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2364}
2365
6e48e8f9
PB		 2366void address_space_unregister(AddressSpace *as)
2367{
2368 memory_listener_unregister(&as->dispatch_listener);
2369}
2370
83f3c251
AK		 2371void address_space_destroy_dispatch(AddressSpace *as)
2372{
2373 AddressSpaceDispatch *d = as->dispatch;
2374
79e2b9ae
PB		 2375 atomic_rcu_set(&as->dispatch, NULL);
2376 if (d) {
2377 call_rcu(d, address_space_dispatch_free, rcu);
2378 }
83f3c251
AK		 2379}
2380
62152b8a
AK		 2381static void memory_map_init(void)
2382{
7267c094 2383 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2384
57271d63 2385 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2386 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2387
7267c094 2388 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2389 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2390 65536);
7dca8043 2391 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2392}
2393
2394MemoryRegion *get_system_memory(void)
2395{
2396 return system_memory;
2397}
2398
309cb471
AK		 2399MemoryRegion *get_system_io(void)
2400{
2401 return system_io;
2402}
2403
e2eef170
PB		 2404#endif /* !defined(CONFIG_USER_ONLY) */
2405
13eb76e0
FB		 2406/* physical memory access (slow version, mainly for debug) */
2407#if defined(CONFIG_USER_ONLY)
f17ec444 2408int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2409 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2410{
2411 int l, flags;
2412 target_ulong page;
53a5960a 2413 void * p;
13eb76e0
FB		 2414
2415 while (len > 0) {
2416 page = addr & TARGET_PAGE_MASK;
2417 l = (page + TARGET_PAGE_SIZE) - addr;
2418 if (l > len)
2419 l = len;
2420 flags = page_get_flags(page);
2421 if (!(flags & PAGE_VALID))
a68fe89c 2422 return -1;
13eb76e0
FB		 2423 if (is_write) {
2424 if (!(flags & PAGE_WRITE))
a68fe89c 2425 return -1;
579a97f7 2426 /* XXX: this code should not depend on lock_user */
72fb7daa 2427 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2428 return -1;
72fb7daa
AJ		 2429 memcpy(p, buf, l);
2430 unlock_user(p, addr, l);
13eb76e0
FB		 2431 } else {
2432 if (!(flags & PAGE_READ))
a68fe89c 2433 return -1;
579a97f7 2434 /* XXX: this code should not depend on lock_user */
72fb7daa 2435 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2436 return -1;
72fb7daa 2437 memcpy(buf, p, l);
5b257578 2438 unlock_user(p, addr, 0);
13eb76e0
FB		 2439 }
2440 len -= l;
2441 buf += l;
2442 addr += l;
2443 }
a68fe89c 2444 return 0;
13eb76e0 2445}
8df1cd07 2446
13eb76e0 2447#else
51d7a9eb 2448
845b6214 2449static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2450 hwaddr length)
51d7a9eb 2451{
e87f7778 2452 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2453 addr += memory_region_get_ram_addr(mr);
2454
e87f7778
PB		 2455 /* No early return if dirty_log_mask is or becomes 0, because
2456 * cpu_physical_memory_set_dirty_range will still call
2457 * xen_modified_memory.
2458 */
2459 if (dirty_log_mask) {
2460 dirty_log_mask =
2461 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2462 }
2463 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2464 tb_invalidate_phys_range(addr, addr + length);
2465 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2466 }
e87f7778 2467 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2468}
2469
23326164 2470static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2471{
e1622f4b 2472 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2473
2474 /* Regions are assumed to support 1-4 byte accesses unless
2475 otherwise specified. */
23326164
RH		 2476 if (access_size_max == 0) {
2477 access_size_max = 4;
2478 }
2479
2480 /* Bound the maximum access by the alignment of the address. */
2481 if (!mr->ops->impl.unaligned) {
2482 unsigned align_size_max = addr & -addr;
2483 if (align_size_max != 0 && align_size_max < access_size_max) {
2484 access_size_max = align_size_max;
2485 }
82f2563f 2486 }
23326164
RH		 2487
2488 /* Don't attempt accesses larger than the maximum. */
2489 if (l > access_size_max) {
2490 l = access_size_max;
82f2563f 2491 }
6554f5c0 2492 l = pow2floor(l);
23326164
RH		 2493
2494 return l;
82f2563f
PB		 2495}
2496
4840f10e 2497static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2498{
4840f10e
JK		 2499 bool unlocked = !qemu_mutex_iothread_locked();
2500 bool release_lock = false;
2501
2502 if (unlocked && mr->global_locking) {
2503 qemu_mutex_lock_iothread();
2504 unlocked = false;
2505 release_lock = true;
2506 }
125b3806 2507 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2508 if (unlocked) {
2509 qemu_mutex_lock_iothread();
2510 }
125b3806 2511 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2512 if (unlocked) {
2513 qemu_mutex_unlock_iothread();
2514 }
125b3806 2515 }
4840f10e
JK		 2516
2517 return release_lock;
125b3806
PB		 2518}
2519
a203ac70
PB		 2520/* Called within RCU critical section. */
2521static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2522 MemTxAttrs attrs,
2523 const uint8_t *buf,
2524 int len, hwaddr addr1,
2525 hwaddr l, MemoryRegion *mr)
13eb76e0 2526{
13eb76e0 2527 uint8_t *ptr;
791af8c8 2528 uint64_t val;
3b643495 2529 MemTxResult result = MEMTX_OK;
4840f10e 2530 bool release_lock = false;
3b46e624 2531
a203ac70 2532 for (;;) {
eb7eeb88
PB		 2533 if (!memory_access_is_direct(mr, true)) {
2534 release_lock |= prepare_mmio_access(mr);
2535 l = memory_access_size(mr, l, addr1);
2536 /* XXX: could force current_cpu to NULL to avoid
2537 potential bugs */
2538 switch (l) {
2539 case 8:
2540 /* 64 bit write access */
2541 val = ldq_p(buf);
2542 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2543 attrs);
2544 break;
2545 case 4:
2546 /* 32 bit write access */
2547 val = ldl_p(buf);
2548 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2549 attrs);
2550 break;
2551 case 2:
2552 /* 16 bit write access */
2553 val = lduw_p(buf);
2554 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2555 attrs);
2556 break;
2557 case 1:
2558 /* 8 bit write access */
2559 val = ldub_p(buf);
2560 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2561 attrs);
2562 break;
2563 default:
2564 abort();
13eb76e0
FB		 2565 }
2566 } else {
eb7eeb88 2567 /* RAM case */
0878d0e1 2568 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2569 memcpy(ptr, buf, l);
2570 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2571 }
4840f10e
JK		 2572
2573 if (release_lock) {
2574 qemu_mutex_unlock_iothread();
2575 release_lock = false;
2576 }
2577
13eb76e0
FB		 2578 len -= l;
2579 buf += l;
2580 addr += l;
a203ac70
PB		 2581
2582 if (!len) {
2583 break;
2584 }
2585
2586 l = len;
2587 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2588 }
fd8aaa76 2589
3b643495 2590 return result;
13eb76e0 2591}
8df1cd07 2592
a203ac70
PB		 2593MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2594 const uint8_t *buf, int len)
ac1970fb 2595{
eb7eeb88 2596 hwaddr l;
eb7eeb88
PB		 2597 hwaddr addr1;
2598 MemoryRegion *mr;
2599 MemTxResult result = MEMTX_OK;
eb7eeb88 2600
a203ac70
PB		 2601 if (len > 0) {
2602 rcu_read_lock();
eb7eeb88 2603 l = len;
a203ac70
PB		 2604 mr = address_space_translate(as, addr, &addr1, &l, true);
2605 result = address_space_write_continue(as, addr, attrs, buf, len,
2606 addr1, l, mr);
2607 rcu_read_unlock();
2608 }
2609
2610 return result;
2611}
2612
2613/* Called within RCU critical section. */
2614MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2615 MemTxAttrs attrs, uint8_t *buf,
2616 int len, hwaddr addr1, hwaddr l,
2617 MemoryRegion *mr)
2618{
2619 uint8_t *ptr;
2620 uint64_t val;
2621 MemTxResult result = MEMTX_OK;
2622 bool release_lock = false;
eb7eeb88 2623
a203ac70 2624 for (;;) {
eb7eeb88
PB		 2625 if (!memory_access_is_direct(mr, false)) {
2626 /* I/O case */
2627 release_lock |= prepare_mmio_access(mr);
2628 l = memory_access_size(mr, l, addr1);
2629 switch (l) {
2630 case 8:
2631 /* 64 bit read access */
2632 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2633 attrs);
2634 stq_p(buf, val);
2635 break;
2636 case 4:
2637 /* 32 bit read access */
2638 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2639 attrs);
2640 stl_p(buf, val);
2641 break;
2642 case 2:
2643 /* 16 bit read access */
2644 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2645 attrs);
2646 stw_p(buf, val);
2647 break;
2648 case 1:
2649 /* 8 bit read access */
2650 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2651 attrs);
2652 stb_p(buf, val);
2653 break;
2654 default:
2655 abort();
2656 }
2657 } else {
2658 /* RAM case */
0878d0e1 2659 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2660 memcpy(buf, ptr, l);
2661 }
2662
2663 if (release_lock) {
2664 qemu_mutex_unlock_iothread();
2665 release_lock = false;
2666 }
2667
2668 len -= l;
2669 buf += l;
2670 addr += l;
a203ac70
PB		 2671
2672 if (!len) {
2673 break;
2674 }
2675
2676 l = len;
2677 mr = address_space_translate(as, addr, &addr1, &l, false);
2678 }
2679
2680 return result;
2681}
2682
3cc8f884
PB		 2683MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2684 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2685{
2686 hwaddr l;
2687 hwaddr addr1;
2688 MemoryRegion *mr;
2689 MemTxResult result = MEMTX_OK;
2690
2691 if (len > 0) {
2692 rcu_read_lock();
2693 l = len;
2694 mr = address_space_translate(as, addr, &addr1, &l, false);
2695 result = address_space_read_continue(as, addr, attrs, buf, len,
2696 addr1, l, mr);
2697 rcu_read_unlock();
eb7eeb88 2698 }
eb7eeb88
PB		 2699
2700 return result;
ac1970fb
AK		 2701}
2702
eb7eeb88
PB		 2703MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2704 uint8_t *buf, int len, bool is_write)
2705{
2706 if (is_write) {
2707 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2708 } else {
2709 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2710 }
2711}
ac1970fb 2712
a8170e5e 2713void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2714 int len, int is_write)
2715{
5c9eb028
PM		 2716 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2717 buf, len, is_write);
ac1970fb
AK		 2718}
2719
582b55a9
AG		 2720enum write_rom_type {
2721 WRITE_DATA,
2722 FLUSH_CACHE,
2723};
2724
2a221651 2725static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2726 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2727{
149f54b5 2728 hwaddr l;
d0ecd2aa 2729 uint8_t *ptr;
149f54b5 2730 hwaddr addr1;
5c8a00ce 2731 MemoryRegion *mr;
3b46e624 2732
41063e1e 2733 rcu_read_lock();
d0ecd2aa 2734 while (len > 0) {
149f54b5 2735 l = len;
2a221651 2736 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2737
5c8a00ce
PB		 2738 if (!(memory_region_is_ram(mr) ||
2739 memory_region_is_romd(mr))) {
b242e0e0 2740 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2741 } else {
d0ecd2aa 2742 /* ROM/RAM case */
0878d0e1 2743 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2744 switch (type) {
2745 case WRITE_DATA:
2746 memcpy(ptr, buf, l);
845b6214 2747 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2748 break;
2749 case FLUSH_CACHE:
2750 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2751 break;
2752 }
d0ecd2aa
FB		 2753 }
2754 len -= l;
2755 buf += l;
2756 addr += l;
2757 }
41063e1e 2758 rcu_read_unlock();
d0ecd2aa
FB		 2759}
2760
582b55a9 2761/* used for ROM loading : can write in RAM and ROM */
2a221651 2762void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2763 const uint8_t *buf, int len)
2764{
2a221651 2765 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2766}
2767
2768void cpu_flush_icache_range(hwaddr start, int len)
2769{
2770 /*
2771 * This function should do the same thing as an icache flush that was
2772 * triggered from within the guest. For TCG we are always cache coherent,
2773 * so there is no need to flush anything. For KVM / Xen we need to flush
2774 * the host's instruction cache at least.
2775 */
2776 if (tcg_enabled()) {
2777 return;
2778 }
2779
2a221651
EI		 2780 cpu_physical_memory_write_rom_internal(&address_space_memory,
2781 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2782}
2783
6d16c2f8 2784typedef struct {
d3e71559 2785 MemoryRegion *mr;
6d16c2f8 2786 void *buffer;
a8170e5e
AK		 2787 hwaddr addr;
2788 hwaddr len;
c2cba0ff 2789 bool in_use;
6d16c2f8
AL		 2790} BounceBuffer;
2791
2792static BounceBuffer bounce;
2793
ba223c29 2794typedef struct MapClient {
e95205e1 2795 QEMUBH *bh;
72cf2d4f 2796 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2797} MapClient;
2798
38e047b5 2799QemuMutex map_client_list_lock;
72cf2d4f
BS		 2800static QLIST_HEAD(map_client_list, MapClient) map_client_list
2801 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2802
e95205e1
FZ		 2803static void cpu_unregister_map_client_do(MapClient *client)
2804{
2805 QLIST_REMOVE(client, link);
2806 g_free(client);
2807}
2808
33b6c2ed
FZ		 2809static void cpu_notify_map_clients_locked(void)
2810{
2811 MapClient *client;
2812
2813 while (!QLIST_EMPTY(&map_client_list)) {
2814 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2815 qemu_bh_schedule(client->bh);
2816 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2817 }
2818}
2819
e95205e1 2820void cpu_register_map_client(QEMUBH *bh)
ba223c29 2821{
7267c094 2822 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2823
38e047b5 2824 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2825 client->bh = bh;
72cf2d4f 2826 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2827 if (!atomic_read(&bounce.in_use)) {
2828 cpu_notify_map_clients_locked();
2829 }
38e047b5 2830 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2831}
2832
38e047b5 2833void cpu_exec_init_all(void)
ba223c29 2834{
38e047b5 2835 qemu_mutex_init(&ram_list.mutex);
38e047b5 2836 io_mem_init();
680a4783 2837 memory_map_init();
38e047b5 2838 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2839}
2840
e95205e1 2841void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2842{
2843 MapClient *client;
2844
e95205e1
FZ		 2845 qemu_mutex_lock(&map_client_list_lock);
2846 QLIST_FOREACH(client, &map_client_list, link) {
2847 if (client->bh == bh) {
2848 cpu_unregister_map_client_do(client);
2849 break;
2850 }
ba223c29 2851 }
e95205e1 2852 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2853}
2854
2855static void cpu_notify_map_clients(void)
2856{
38e047b5 2857 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2858 cpu_notify_map_clients_locked();
38e047b5 2859 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2860}
2861
51644ab7
PB		 2862bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2863{
5c8a00ce 2864 MemoryRegion *mr;
51644ab7
PB		 2865 hwaddr l, xlat;
2866
41063e1e 2867 rcu_read_lock();
51644ab7
PB		 2868 while (len > 0) {
2869 l = len;
5c8a00ce
PB		 2870 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2871 if (!memory_access_is_direct(mr, is_write)) {
2872 l = memory_access_size(mr, l, addr);
2873 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2874 return false;
2875 }
2876 }
2877
2878 len -= l;
2879 addr += l;
2880 }
41063e1e 2881 rcu_read_unlock();
51644ab7
PB		 2882 return true;
2883}
2884
6d16c2f8
AL		 2885/* Map a physical memory region into a host virtual address.
2886 * May map a subset of the requested range, given by and returned in *plen.
2887 * May return NULL if resources needed to perform the mapping are exhausted.
2888 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2889 * Use cpu_register_map_client() to know when retrying the map operation is
2890 * likely to succeed.
6d16c2f8 2891 */
ac1970fb 2892void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2893 hwaddr addr,
2894 hwaddr *plen,
ac1970fb 2895 bool is_write)
6d16c2f8 2896{
a8170e5e 2897 hwaddr len = *plen;
e3127ae0
PB		 2898 hwaddr done = 0;
2899 hwaddr l, xlat, base;
2900 MemoryRegion *mr, *this_mr;
e81bcda5 2901 void *ptr;
6d16c2f8 2902
e3127ae0
PB		 2903 if (len == 0) {
2904 return NULL;
2905 }
38bee5dc 2906
e3127ae0 2907 l = len;
41063e1e 2908 rcu_read_lock();
e3127ae0 2909 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2910
e3127ae0 2911 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2912 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2913 rcu_read_unlock();
e3127ae0 2914 return NULL;
6d16c2f8 2915 }
e85d9db5
KW		 2916 /* Avoid unbounded allocations */
2917 l = MIN(l, TARGET_PAGE_SIZE);
2918 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2919 bounce.addr = addr;
2920 bounce.len = l;
d3e71559
PB		 2921
2922 memory_region_ref(mr);
2923 bounce.mr = mr;
e3127ae0 2924 if (!is_write) {
5c9eb028
PM		 2925 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2926 bounce.buffer, l);
8ab934f9 2927 }
6d16c2f8 2928
41063e1e 2929 rcu_read_unlock();
e3127ae0
PB		 2930 *plen = l;
2931 return bounce.buffer;
2932 }
2933
2934 base = xlat;
e3127ae0
PB		 2935
2936 for (;;) {
6d16c2f8
AL		 2937 len -= l;
2938 addr += l;
e3127ae0
PB		 2939 done += l;
2940 if (len == 0) {
2941 break;
2942 }
2943
2944 l = len;
2945 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2946 if (this_mr != mr || xlat != base + done) {
2947 break;
2948 }
6d16c2f8 2949 }
e3127ae0 2950
d3e71559 2951 memory_region_ref(mr);
e3127ae0 2952 *plen = done;
0878d0e1 2953 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2954 rcu_read_unlock();
2955
2956 return ptr;
6d16c2f8
AL		 2957}
2958
ac1970fb 2959/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2960 * Will also mark the memory as dirty if is_write == 1. access_len gives
2961 * the amount of memory that was actually read or written by the caller.
2962 */
a8170e5e
AK		 2963void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2964 int is_write, hwaddr access_len)
6d16c2f8
AL		 2965{
2966 if (buffer != bounce.buffer) {
d3e71559
PB		 2967 MemoryRegion *mr;
2968 ram_addr_t addr1;
2969
07bdaa41 2970 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2971 assert(mr != NULL);
6d16c2f8 2972 if (is_write) {
845b6214 2973 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2974 }
868bb33f 2975 if (xen_enabled()) {
e41d7c69 2976 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2977 }
d3e71559 2978 memory_region_unref(mr);
6d16c2f8
AL		 2979 return;
2980 }
2981 if (is_write) {
5c9eb028
PM		 2982 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2983 bounce.buffer, access_len);
6d16c2f8 2984 }
f8a83245 2985 qemu_vfree(bounce.buffer);
6d16c2f8 2986 bounce.buffer = NULL;
d3e71559 2987 memory_region_unref(bounce.mr);
c2cba0ff 2988 atomic_mb_set(&bounce.in_use, false);
ba223c29 2989 cpu_notify_map_clients();
6d16c2f8 2990}
d0ecd2aa 2991
a8170e5e
AK		 2992void *cpu_physical_memory_map(hwaddr addr,
2993 hwaddr *plen,
ac1970fb
AK		 2994 int is_write)
2995{
2996 return address_space_map(&address_space_memory, addr, plen, is_write);
2997}
2998
a8170e5e
AK		 2999void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3000 int is_write, hwaddr access_len)
ac1970fb
AK		 3001{
3002 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3003}
3004
8df1cd07 3005/* warning: addr must be aligned */
50013115
PM		 3006static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3007 MemTxAttrs attrs,
3008 MemTxResult *result,
3009 enum device_endian endian)
8df1cd07 3010{
8df1cd07 3011 uint8_t *ptr;
791af8c8 3012 uint64_t val;
5c8a00ce 3013 MemoryRegion *mr;
149f54b5
PB		 3014 hwaddr l = 4;
3015 hwaddr addr1;
50013115 3016 MemTxResult r;
4840f10e 3017 bool release_lock = false;
8df1cd07 3018
41063e1e 3019 rcu_read_lock();
fdfba1a2 3020 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3021 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3022 release_lock |= prepare_mmio_access(mr);
125b3806 3023
8df1cd07 3024 /* I/O case */
50013115 3025 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3026#if defined(TARGET_WORDS_BIGENDIAN)
3027 if (endian == DEVICE_LITTLE_ENDIAN) {
3028 val = bswap32(val);
3029 }
3030#else
3031 if (endian == DEVICE_BIG_ENDIAN) {
3032 val = bswap32(val);
3033 }
3034#endif
8df1cd07
FB		 3035 } else {
3036 /* RAM case */
0878d0e1 3037 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3038 switch (endian) {
3039 case DEVICE_LITTLE_ENDIAN:
3040 val = ldl_le_p(ptr);
3041 break;
3042 case DEVICE_BIG_ENDIAN:
3043 val = ldl_be_p(ptr);
3044 break;
3045 default:
3046 val = ldl_p(ptr);
3047 break;
3048 }
50013115
PM		 3049 r = MEMTX_OK;
3050 }
3051 if (result) {
3052 *result = r;
8df1cd07 3053 }
4840f10e
JK		 3054 if (release_lock) {
3055 qemu_mutex_unlock_iothread();
3056 }
41063e1e 3057 rcu_read_unlock();
8df1cd07
FB		 3058 return val;
3059}
3060
50013115
PM		 3061uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3062 MemTxAttrs attrs, MemTxResult *result)
3063{
3064 return address_space_ldl_internal(as, addr, attrs, result,
3065 DEVICE_NATIVE_ENDIAN);
3066}
3067
3068uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3069 MemTxAttrs attrs, MemTxResult *result)
3070{
3071 return address_space_ldl_internal(as, addr, attrs, result,
3072 DEVICE_LITTLE_ENDIAN);
3073}
3074
3075uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3076 MemTxAttrs attrs, MemTxResult *result)
3077{
3078 return address_space_ldl_internal(as, addr, attrs, result,
3079 DEVICE_BIG_ENDIAN);
3080}
3081
fdfba1a2 3082uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3083{
50013115 3084 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3085}
3086
fdfba1a2 3087uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3088{
50013115 3089 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3090}
3091
fdfba1a2 3092uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3093{
50013115 3094 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3095}
3096
84b7b8e7 3097/* warning: addr must be aligned */
50013115
PM		 3098static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3099 MemTxAttrs attrs,
3100 MemTxResult *result,
3101 enum device_endian endian)
84b7b8e7 3102{
84b7b8e7
FB		 3103 uint8_t *ptr;
3104 uint64_t val;
5c8a00ce 3105 MemoryRegion *mr;
149f54b5
PB		 3106 hwaddr l = 8;
3107 hwaddr addr1;
50013115 3108 MemTxResult r;
4840f10e 3109 bool release_lock = false;
84b7b8e7 3110
41063e1e 3111 rcu_read_lock();
2c17449b 3112 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3113 false);
3114 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3115 release_lock |= prepare_mmio_access(mr);
125b3806 3116
84b7b8e7 3117 /* I/O case */
50013115 3118 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3119#if defined(TARGET_WORDS_BIGENDIAN)
3120 if (endian == DEVICE_LITTLE_ENDIAN) {
3121 val = bswap64(val);
3122 }
3123#else
3124 if (endian == DEVICE_BIG_ENDIAN) {
3125 val = bswap64(val);
3126 }
84b7b8e7
FB		 3127#endif
3128 } else {
3129 /* RAM case */
0878d0e1 3130 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3131 switch (endian) {
3132 case DEVICE_LITTLE_ENDIAN:
3133 val = ldq_le_p(ptr);
3134 break;
3135 case DEVICE_BIG_ENDIAN:
3136 val = ldq_be_p(ptr);
3137 break;
3138 default:
3139 val = ldq_p(ptr);
3140 break;
3141 }
50013115
PM		 3142 r = MEMTX_OK;
3143 }
3144 if (result) {
3145 *result = r;
84b7b8e7 3146 }
4840f10e
JK		 3147 if (release_lock) {
3148 qemu_mutex_unlock_iothread();
3149 }
41063e1e 3150 rcu_read_unlock();
84b7b8e7
FB		 3151 return val;
3152}
3153
50013115
PM		 3154uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3155 MemTxAttrs attrs, MemTxResult *result)
3156{
3157 return address_space_ldq_internal(as, addr, attrs, result,
3158 DEVICE_NATIVE_ENDIAN);
3159}
3160
3161uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3162 MemTxAttrs attrs, MemTxResult *result)
3163{
3164 return address_space_ldq_internal(as, addr, attrs, result,
3165 DEVICE_LITTLE_ENDIAN);
3166}
3167
3168uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3169 MemTxAttrs attrs, MemTxResult *result)
3170{
3171 return address_space_ldq_internal(as, addr, attrs, result,
3172 DEVICE_BIG_ENDIAN);
3173}
3174
2c17449b 3175uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3176{
50013115 3177 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3178}
3179
2c17449b 3180uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3181{
50013115 3182 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3183}
3184
2c17449b 3185uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3186{
50013115 3187 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3188}
3189
aab33094 3190/* XXX: optimize */
50013115
PM		 3191uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3192 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3193{
3194 uint8_t val;
50013115
PM		 3195 MemTxResult r;
3196
3197 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3198 if (result) {
3199 *result = r;
3200 }
aab33094
FB		 3201 return val;
3202}
3203
50013115
PM		 3204uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3205{
3206 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3207}
3208
733f0b02 3209/* warning: addr must be aligned */
50013115
PM		 3210static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3211 hwaddr addr,
3212 MemTxAttrs attrs,
3213 MemTxResult *result,
3214 enum device_endian endian)
aab33094 3215{
733f0b02
MT		 3216 uint8_t *ptr;
3217 uint64_t val;
5c8a00ce 3218 MemoryRegion *mr;
149f54b5
PB		 3219 hwaddr l = 2;
3220 hwaddr addr1;
50013115 3221 MemTxResult r;
4840f10e 3222 bool release_lock = false;
733f0b02 3223
41063e1e 3224 rcu_read_lock();
41701aa4 3225 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3226 false);
3227 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3228 release_lock |= prepare_mmio_access(mr);
125b3806 3229
733f0b02 3230 /* I/O case */
50013115 3231 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3232#if defined(TARGET_WORDS_BIGENDIAN)
3233 if (endian == DEVICE_LITTLE_ENDIAN) {
3234 val = bswap16(val);
3235 }
3236#else
3237 if (endian == DEVICE_BIG_ENDIAN) {
3238 val = bswap16(val);
3239 }
3240#endif
733f0b02
MT		 3241 } else {
3242 /* RAM case */
0878d0e1 3243 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3244 switch (endian) {
3245 case DEVICE_LITTLE_ENDIAN:
3246 val = lduw_le_p(ptr);
3247 break;
3248 case DEVICE_BIG_ENDIAN:
3249 val = lduw_be_p(ptr);
3250 break;
3251 default:
3252 val = lduw_p(ptr);
3253 break;
3254 }
50013115
PM		 3255 r = MEMTX_OK;
3256 }
3257 if (result) {
3258 *result = r;
733f0b02 3259 }
4840f10e
JK		 3260 if (release_lock) {
3261 qemu_mutex_unlock_iothread();
3262 }
41063e1e 3263 rcu_read_unlock();
733f0b02 3264 return val;
aab33094
FB		 3265}
3266
50013115
PM		 3267uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3268 MemTxAttrs attrs, MemTxResult *result)
3269{
3270 return address_space_lduw_internal(as, addr, attrs, result,
3271 DEVICE_NATIVE_ENDIAN);
3272}
3273
3274uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3275 MemTxAttrs attrs, MemTxResult *result)
3276{
3277 return address_space_lduw_internal(as, addr, attrs, result,
3278 DEVICE_LITTLE_ENDIAN);
3279}
3280
3281uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3282 MemTxAttrs attrs, MemTxResult *result)
3283{
3284 return address_space_lduw_internal(as, addr, attrs, result,
3285 DEVICE_BIG_ENDIAN);
3286}
3287
41701aa4 3288uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3289{
50013115 3290 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3291}
3292
41701aa4 3293uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3294{
50013115 3295 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3296}
3297
41701aa4 3298uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3299{
50013115 3300 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3301}
3302
8df1cd07
FB		 3303/* warning: addr must be aligned. The ram page is not masked as dirty
3304 and the code inside is not invalidated. It is useful if the dirty
3305 bits are used to track modified PTEs */
50013115
PM		 3306void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3307 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3308{
8df1cd07 3309 uint8_t *ptr;
5c8a00ce 3310 MemoryRegion *mr;
149f54b5
PB		 3311 hwaddr l = 4;
3312 hwaddr addr1;
50013115 3313 MemTxResult r;
845b6214 3314 uint8_t dirty_log_mask;
4840f10e 3315 bool release_lock = false;
8df1cd07 3316
41063e1e 3317 rcu_read_lock();
2198a121 3318 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3319 true);
3320 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3321 release_lock |= prepare_mmio_access(mr);
125b3806 3322
50013115 3323 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3324 } else {
0878d0e1 3325 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3326 stl_p(ptr, val);
74576198 3327
845b6214
PB		 3328 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3329 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3330 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3331 4, dirty_log_mask);
50013115
PM		 3332 r = MEMTX_OK;
3333 }
3334 if (result) {
3335 *result = r;
8df1cd07 3336 }
4840f10e
JK		 3337 if (release_lock) {
3338 qemu_mutex_unlock_iothread();
3339 }
41063e1e 3340 rcu_read_unlock();
8df1cd07
FB		 3341}
3342
50013115
PM		 3343void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3344{
3345 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3346}
3347
8df1cd07 3348/* warning: addr must be aligned */
50013115
PM		 3349static inline void address_space_stl_internal(AddressSpace *as,
3350 hwaddr addr, uint32_t val,
3351 MemTxAttrs attrs,
3352 MemTxResult *result,
3353 enum device_endian endian)
8df1cd07 3354{
8df1cd07 3355 uint8_t *ptr;
5c8a00ce 3356 MemoryRegion *mr;
149f54b5
PB		 3357 hwaddr l = 4;
3358 hwaddr addr1;
50013115 3359 MemTxResult r;
4840f10e 3360 bool release_lock = false;
8df1cd07 3361
41063e1e 3362 rcu_read_lock();
ab1da857 3363 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3364 true);
3365 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3366 release_lock |= prepare_mmio_access(mr);
125b3806 3367
1e78bcc1
AG		 3368#if defined(TARGET_WORDS_BIGENDIAN)
3369 if (endian == DEVICE_LITTLE_ENDIAN) {
3370 val = bswap32(val);
3371 }
3372#else
3373 if (endian == DEVICE_BIG_ENDIAN) {
3374 val = bswap32(val);
3375 }
3376#endif
50013115 3377 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3378 } else {
8df1cd07 3379 /* RAM case */
0878d0e1 3380 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3381 switch (endian) {
3382 case DEVICE_LITTLE_ENDIAN:
3383 stl_le_p(ptr, val);
3384 break;
3385 case DEVICE_BIG_ENDIAN:
3386 stl_be_p(ptr, val);
3387 break;
3388 default:
3389 stl_p(ptr, val);
3390 break;
3391 }
845b6214 3392 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3393 r = MEMTX_OK;
3394 }
3395 if (result) {
3396 *result = r;
8df1cd07 3397 }
4840f10e
JK		 3398 if (release_lock) {
3399 qemu_mutex_unlock_iothread();
3400 }
41063e1e 3401 rcu_read_unlock();
8df1cd07
FB		 3402}
3403
50013115
PM		 3404void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3405 MemTxAttrs attrs, MemTxResult *result)
3406{
3407 address_space_stl_internal(as, addr, val, attrs, result,
3408 DEVICE_NATIVE_ENDIAN);
3409}
3410
3411void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3412 MemTxAttrs attrs, MemTxResult *result)
3413{
3414 address_space_stl_internal(as, addr, val, attrs, result,
3415 DEVICE_LITTLE_ENDIAN);
3416}
3417
3418void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3419 MemTxAttrs attrs, MemTxResult *result)
3420{
3421 address_space_stl_internal(as, addr, val, attrs, result,
3422 DEVICE_BIG_ENDIAN);
3423}
3424
ab1da857 3425void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3426{
50013115 3427 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3428}
3429
ab1da857 3430void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3431{
50013115 3432 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3433}
3434
ab1da857 3435void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3436{
50013115 3437 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3438}
3439
aab33094 3440/* XXX: optimize */
50013115
PM		 3441void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3442 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3443{
3444 uint8_t v = val;
50013115
PM		 3445 MemTxResult r;
3446
3447 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3448 if (result) {
3449 *result = r;
3450 }
3451}
3452
3453void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3454{
3455 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3456}
3457
733f0b02 3458/* warning: addr must be aligned */
50013115
PM		 3459static inline void address_space_stw_internal(AddressSpace *as,
3460 hwaddr addr, uint32_t val,
3461 MemTxAttrs attrs,
3462 MemTxResult *result,
3463 enum device_endian endian)
aab33094 3464{
733f0b02 3465 uint8_t *ptr;
5c8a00ce 3466 MemoryRegion *mr;
149f54b5
PB		 3467 hwaddr l = 2;
3468 hwaddr addr1;
50013115 3469 MemTxResult r;
4840f10e 3470 bool release_lock = false;
733f0b02 3471
41063e1e 3472 rcu_read_lock();
5ce5944d 3473 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3474 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3475 release_lock |= prepare_mmio_access(mr);
125b3806 3476
1e78bcc1
AG		 3477#if defined(TARGET_WORDS_BIGENDIAN)
3478 if (endian == DEVICE_LITTLE_ENDIAN) {
3479 val = bswap16(val);
3480 }
3481#else
3482 if (endian == DEVICE_BIG_ENDIAN) {
3483 val = bswap16(val);
3484 }
3485#endif
50013115 3486 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3487 } else {
733f0b02 3488 /* RAM case */
0878d0e1 3489 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3490 switch (endian) {
3491 case DEVICE_LITTLE_ENDIAN:
3492 stw_le_p(ptr, val);
3493 break;
3494 case DEVICE_BIG_ENDIAN:
3495 stw_be_p(ptr, val);
3496 break;
3497 default:
3498 stw_p(ptr, val);
3499 break;
3500 }
845b6214 3501 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3502 r = MEMTX_OK;
3503 }
3504 if (result) {
3505 *result = r;
733f0b02 3506 }
4840f10e
JK		 3507 if (release_lock) {
3508 qemu_mutex_unlock_iothread();
3509 }
41063e1e 3510 rcu_read_unlock();
aab33094
FB		 3511}
3512
50013115
PM		 3513void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3514 MemTxAttrs attrs, MemTxResult *result)
3515{
3516 address_space_stw_internal(as, addr, val, attrs, result,
3517 DEVICE_NATIVE_ENDIAN);
3518}
3519
3520void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3521 MemTxAttrs attrs, MemTxResult *result)
3522{
3523 address_space_stw_internal(as, addr, val, attrs, result,
3524 DEVICE_LITTLE_ENDIAN);
3525}
3526
3527void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3528 MemTxAttrs attrs, MemTxResult *result)
3529{
3530 address_space_stw_internal(as, addr, val, attrs, result,
3531 DEVICE_BIG_ENDIAN);
3532}
3533
5ce5944d 3534void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3535{
50013115 3536 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3537}
3538
5ce5944d 3539void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3540{
50013115 3541 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3542}
3543
5ce5944d 3544void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3545{
50013115 3546 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3547}
3548
aab33094 3549/* XXX: optimize */
50013115
PM		 3550void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3551 MemTxAttrs attrs, MemTxResult *result)
aab33094 3552{
50013115 3553 MemTxResult r;
aab33094 3554 val = tswap64(val);
50013115
PM		 3555 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3556 if (result) {
3557 *result = r;
3558 }
aab33094
FB		 3559}
3560
50013115
PM		 3561void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3562 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3563{
50013115 3564 MemTxResult r;
1e78bcc1 3565 val = cpu_to_le64(val);
50013115
PM		 3566 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3567 if (result) {
3568 *result = r;
3569 }
3570}
3571void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3572 MemTxAttrs attrs, MemTxResult *result)
3573{
3574 MemTxResult r;
3575 val = cpu_to_be64(val);
3576 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3577 if (result) {
3578 *result = r;
3579 }
3580}
3581
3582void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3583{
3584 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3585}
3586
3587void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3588{
3589 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3590}
3591
f606604f 3592void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3593{
50013115 3594 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3595}
3596
5e2972fd 3597/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3598int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3599 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3600{
3601 int l;
a8170e5e 3602 hwaddr phys_addr;
9b3c35e0 3603 target_ulong page;
13eb76e0
FB		 3604
3605 while (len > 0) {
5232e4c7
PM		 3606 int asidx;
3607 MemTxAttrs attrs;
3608
13eb76e0 3609 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3610 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3611 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3612 /* if no physical page mapped, return an error */
3613 if (phys_addr == -1)
3614 return -1;
3615 l = (page + TARGET_PAGE_SIZE) - addr;
3616 if (l > len)
3617 l = len;
5e2972fd 3618 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3619 if (is_write) {
5232e4c7
PM		 3620 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3621 phys_addr, buf, l);
2e38847b 3622 } else {
5232e4c7
PM		 3623 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3624 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3625 buf, l, 0);
2e38847b 3626 }
13eb76e0
FB		 3627 len -= l;
3628 buf += l;
3629 addr += l;
3630 }
3631 return 0;
3632}
038629a6
DDAG		 3633
3634/*
3635 * Allows code that needs to deal with migration bitmaps etc to still be built
3636 * target independent.
3637 */
3638size_t qemu_target_page_bits(void)
3639{
3640 return TARGET_PAGE_BITS;
3641}
3642
a68fe89c 3643#endif
13eb76e0 3644
8e4a424b
BS		 3645/*
3646 * A helper function for the _utterly broken_ virtio device model to find out if
3647 * it's running on a big endian machine. Don't do this at home kids!
3648 */
98ed8ecf
GK		 3649bool target_words_bigendian(void);
3650bool target_words_bigendian(void)
8e4a424b
BS		 3651{
3652#if defined(TARGET_WORDS_BIGENDIAN)
3653 return true;
3654#else
3655 return false;
3656#endif
3657}
3658
76f35538 3659#ifndef CONFIG_USER_ONLY
a8170e5e 3660bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3661{
5c8a00ce 3662 MemoryRegion*mr;
149f54b5 3663 hwaddr l = 1;
41063e1e 3664 bool res;
76f35538 3665
41063e1e 3666 rcu_read_lock();
5c8a00ce
PB		 3667 mr = address_space_translate(&address_space_memory,
3668 phys_addr, &phys_addr, &l, false);
76f35538 3669
41063e1e
PB		 3670 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3671 rcu_read_unlock();
3672 return res;
76f35538 3673}
bd2fa51f 3674
e3807054 3675int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3676{
3677 RAMBlock *block;
e3807054 3678 int ret = 0;
bd2fa51f 3679
0dc3f44a
MD		 3680 rcu_read_lock();
3681 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3682 ret = func(block->idstr, block->host, block->offset,
3683 block->used_length, opaque);
3684 if (ret) {
3685 break;
3686 }
bd2fa51f 3687 }
0dc3f44a 3688 rcu_read_unlock();
e3807054 3689 return ret;
bd2fa51f 3690}
ec3f8c99 3691#endif
QEMU mirror