]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
virtio-balloon: convert VMSTATE_VIRTIO_DEVICE
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes, compacted);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
310 DECLARE_BITMAP(compacted, nodes_nb);
311
312 if (d->phys_map.skip) {
53cb28cb 313 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 314 }
315}
316
29cb533d
FZ		 317static inline bool section_covers_addr(const MemoryRegionSection *section,
318 hwaddr addr)
319{
320 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
321 * the section must cover the entire address space.
322 */
323 return section->size.hi ||
324 range_covers_byte(section->offset_within_address_space,
325 section->size.lo, addr);
326}
327
97115a8d 328static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 329 Node *nodes, MemoryRegionSection *sections)
92e873b9 330{
31ab2b4a 331 PhysPageEntry *p;
97115a8d 332 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 333 int i;
f1f6e3b8 334
9736e55b 335 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 336 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 337 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 338 }
9affd6fc 339 p = nodes[lp.ptr];
03f49957 340 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 341 }
b35ba30f 342
29cb533d 343 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 344 return &sections[lp.ptr];
345 } else {
346 return &sections[PHYS_SECTION_UNASSIGNED];
347 }
f3705d53
AK		 348}
349
e5548617
BS		 350bool memory_region_is_unassigned(MemoryRegion *mr)
351{
2a8e7499 352 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 353 && mr != &io_mem_watch;
fd6ce8f6 354}
149f54b5 355
79e2b9ae 356/* Called from RCU critical section */
c7086b4a 357static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 358 hwaddr addr,
359 bool resolve_subpage)
9f029603 360{
729633c2 361 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 362 subpage_t *subpage;
729633c2 363 bool update;
90260c6c 364
729633c2
FZ		 365 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
366 section_covers_addr(section, addr)) {
367 update = false;
368 } else {
369 section = phys_page_find(d->phys_map, addr, d->map.nodes,
370 d->map.sections);
371 update = true;
372 }
90260c6c
JK		 373 if (resolve_subpage && section->mr->subpage) {
374 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 375 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 376 }
729633c2
FZ		 377 if (update) {
378 atomic_set(&d->mru_section, section);
379 }
90260c6c 380 return section;
9f029603
JK		 381}
382
79e2b9ae 383/* Called from RCU critical section */
90260c6c 384static MemoryRegionSection *
c7086b4a 385address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 386 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 387{
388 MemoryRegionSection *section;
965eb2fc 389 MemoryRegion *mr;
a87f3954 390 Int128 diff;
149f54b5 391
c7086b4a 392 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 393 /* Compute offset within MemoryRegionSection */
394 addr -= section->offset_within_address_space;
395
396 /* Compute offset within MemoryRegion */
397 *xlat = addr + section->offset_within_region;
398
965eb2fc 399 mr = section->mr;
b242e0e0
PB		 400
401 /* MMIO registers can be expected to perform full-width accesses based only
402 * on their address, without considering adjacent registers that could
403 * decode to completely different MemoryRegions. When such registers
404 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
405 * regions overlap wildly. For this reason we cannot clamp the accesses
406 * here.
407 *
408 * If the length is small (as is the case for address_space_ldl/stl),
409 * everything works fine. If the incoming length is large, however,
410 * the caller really has to do the clamping through memory_access_size.
411 */
965eb2fc 412 if (memory_region_is_ram(mr)) {
e4a511f8 413 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 414 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
415 }
149f54b5
PB		 416 return section;
417}
90260c6c 418
41063e1e 419/* Called from RCU critical section */
5c8a00ce
PB		 420MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
421 hwaddr *xlat, hwaddr *plen,
422 bool is_write)
90260c6c 423{
30951157
AK		 424 IOMMUTLBEntry iotlb;
425 MemoryRegionSection *section;
426 MemoryRegion *mr;
30951157
AK		 427
428 for (;;) {
79e2b9ae
PB		 429 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
430 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 431 mr = section->mr;
432
433 if (!mr->iommu_ops) {
434 break;
435 }
436
8d7b8cb9 437 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 438 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
439 | (addr & iotlb.addr_mask));
23820dbf 440 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 441 if (!(iotlb.perm & (1 << is_write))) {
442 mr = &io_mem_unassigned;
443 break;
444 }
445
446 as = iotlb.target_as;
447 }
448
fe680d0d 449 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 450 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 451 *plen = MIN(page, *plen);
a87f3954
PB		 452 }
453
30951157
AK		 454 *xlat = addr;
455 return mr;
90260c6c
JK		 456}
457
79e2b9ae 458/* Called from RCU critical section */
90260c6c 459MemoryRegionSection *
d7898cda 460address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 461 hwaddr *xlat, hwaddr *plen)
90260c6c 462{
30951157 463 MemoryRegionSection *section;
d7898cda
PM		 464 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
465
466 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 467
468 assert(!section->mr->iommu_ops);
469 return section;
90260c6c 470}
5b6dd868 471#endif
fd6ce8f6 472
b170fce3 473#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 474
475static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 476{
259186a7 477 CPUState *cpu = opaque;
a513fe19 478
5b6dd868
BS		 479 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
480 version_id is increased. */
259186a7 481 cpu->interrupt_request &= ~0x01;
c01a71c1 482 tlb_flush(cpu, 1);
5b6dd868
BS		 483
484 return 0;
a513fe19 485}
7501267e 486
6c3bff0e
PD		 487static int cpu_common_pre_load(void *opaque)
488{
489 CPUState *cpu = opaque;
490
adee6424 491 cpu->exception_index = -1;
6c3bff0e
PD		 492
493 return 0;
494}
495
496static bool cpu_common_exception_index_needed(void *opaque)
497{
498 CPUState *cpu = opaque;
499
adee6424 500 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 501}
502
503static const VMStateDescription vmstate_cpu_common_exception_index = {
504 .name = "cpu_common/exception_index",
505 .version_id = 1,
506 .minimum_version_id = 1,
5cd8cada 507 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 508 .fields = (VMStateField[]) {
509 VMSTATE_INT32(exception_index, CPUState),
510 VMSTATE_END_OF_LIST()
511 }
512};
513
bac05aa9
AS		 514static bool cpu_common_crash_occurred_needed(void *opaque)
515{
516 CPUState *cpu = opaque;
517
518 return cpu->crash_occurred;
519}
520
521static const VMStateDescription vmstate_cpu_common_crash_occurred = {
522 .name = "cpu_common/crash_occurred",
523 .version_id = 1,
524 .minimum_version_id = 1,
525 .needed = cpu_common_crash_occurred_needed,
526 .fields = (VMStateField[]) {
527 VMSTATE_BOOL(crash_occurred, CPUState),
528 VMSTATE_END_OF_LIST()
529 }
530};
531
1a1562f5 532const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 533 .name = "cpu_common",
534 .version_id = 1,
535 .minimum_version_id = 1,
6c3bff0e 536 .pre_load = cpu_common_pre_load,
5b6dd868 537 .post_load = cpu_common_post_load,
35d08458 538 .fields = (VMStateField[]) {
259186a7
AF		 539 VMSTATE_UINT32(halted, CPUState),
540 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 541 VMSTATE_END_OF_LIST()
6c3bff0e 542 },
5cd8cada
JQ		 543 .subsections = (const VMStateDescription*[]) {
544 &vmstate_cpu_common_exception_index,
bac05aa9 545 &vmstate_cpu_common_crash_occurred,
5cd8cada 546 NULL
5b6dd868
BS		 547 }
548};
1a1562f5 549
5b6dd868 550#endif
ea041c0e 551
38d8f5c8 552CPUState *qemu_get_cpu(int index)
ea041c0e 553{
bdc44640 554 CPUState *cpu;
ea041c0e 555
bdc44640 556 CPU_FOREACH(cpu) {
55e5c285 557 if (cpu->cpu_index == index) {
bdc44640 558 return cpu;
55e5c285 559 }
ea041c0e 560 }
5b6dd868 561
bdc44640 562 return NULL;
ea041c0e
FB		 563}
564
09daed84 565#if !defined(CONFIG_USER_ONLY)
56943e8c 566void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 567{
12ebc9a7
PM		 568 CPUAddressSpace *newas;
569
570 /* Target code should have set num_ases before calling us */
571 assert(asidx < cpu->num_ases);
572
56943e8c
PM		 573 if (asidx == 0) {
574 /* address space 0 gets the convenience alias */
575 cpu->as = as;
576 }
577
12ebc9a7
PM		 578 /* KVM cannot currently support multiple address spaces. */
579 assert(asidx == 0 || !kvm_enabled());
09daed84 580
12ebc9a7
PM		 581 if (!cpu->cpu_ases) {
582 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 583 }
32857f4d 584
12ebc9a7
PM		 585 newas = &cpu->cpu_ases[asidx];
586 newas->cpu = cpu;
587 newas->as = as;
56943e8c 588 if (tcg_enabled()) {
12ebc9a7
PM		 589 newas->tcg_as_listener.commit = tcg_commit;
590 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 591 }
09daed84 592}
651a5bc0
PM		 593
594AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
595{
596 /* Return the AddressSpace corresponding to the specified index */
597 return cpu->cpu_ases[asidx].as;
598}
09daed84
EI		 599#endif
600
1c59eb39
BR		 601void cpu_exec_exit(CPUState *cpu)
602{
9dfeca7c
BR		 603 CPUClass *cc = CPU_GET_CLASS(cpu);
604
267f685b 605 cpu_list_remove(cpu);
9dfeca7c
BR		 606
607 if (cc->vmsd != NULL) {
608 vmstate_unregister(NULL, cc->vmsd, cpu);
609 }
610 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
611 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
612 }
1c59eb39
BR		 613}
614
4bad9e39 615void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 616{
1bc7e522 617 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
a07f953e 618 Error *local_err ATTRIBUTE_UNUSED = NULL;
5b6dd868 619
56943e8c 620 cpu->as = NULL;
12ebc9a7 621 cpu->num_ases = 0;
56943e8c 622
291135b5 623#ifndef CONFIG_USER_ONLY
291135b5 624 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 625
626 /* This is a softmmu CPU object, so create a property for it
627 * so users can wire up its memory. (This can't go in qom/cpu.c
628 * because that file is compiled only once for both user-mode
629 * and system builds.) The default if no link is set up is to use
630 * the system address space.
631 */
632 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
633 (Object **)&cpu->memory,
634 qdev_prop_allow_set_link_before_realize,
635 OBJ_PROP_LINK_UNREF_ON_RELEASE,
636 &error_abort);
637 cpu->memory = system_memory;
638 object_ref(OBJECT(cpu->memory));
291135b5
EH		 639#endif
640
267f685b 641 cpu_list_add(cpu);
1bc7e522
IM		 642
643#ifndef CONFIG_USER_ONLY
e0d47944 644 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 645 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 646 }
b170fce3 647 if (cc->vmsd != NULL) {
741da0d3 648 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 649 }
741da0d3 650#endif
ea041c0e
FB		 651}
652
94df27fd 653#if defined(CONFIG_USER_ONLY)
00b941e5 654static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 655{
656 tb_invalidate_phys_page_range(pc, pc + 1, 0);
657}
658#else
00b941e5 659static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 660{
5232e4c7
PM		 661 MemTxAttrs attrs;
662 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
663 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 664 if (phys != -1) {
5232e4c7 665 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 666 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 667 }
1e7855a5 668}
c27004ec 669#endif
d720b93d 670
c527ee8f 671#if defined(CONFIG_USER_ONLY)
75a34036 672void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 673
674{
675}
676
3ee887e8
PM		 677int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
678 int flags)
679{
680 return -ENOSYS;
681}
682
683void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
684{
685}
686
75a34036 687int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 688 int flags, CPUWatchpoint **watchpoint)
689{
690 return -ENOSYS;
691}
692#else
6658ffb8 693/* Add a watchpoint. */
75a34036 694int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 695 int flags, CPUWatchpoint **watchpoint)
6658ffb8 696{
c0ce998e 697 CPUWatchpoint *wp;
6658ffb8 698
05068c0d 699 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 700 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 701 error_report("tried to set invalid watchpoint at %"
702 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 703 return -EINVAL;
704 }
7267c094 705 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 706
707 wp->vaddr = addr;
05068c0d 708 wp->len = len;
a1d1bb31
AL		 709 wp->flags = flags;
710
2dc9f411 711 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 712 if (flags & BP_GDB) {
713 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
714 } else {
715 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
716 }
6658ffb8 717
31b030d4 718 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 719
720 if (watchpoint)
721 *watchpoint = wp;
722 return 0;
6658ffb8
PB		 723}
724
a1d1bb31 725/* Remove a specific watchpoint. */
75a34036 726int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 727 int flags)
6658ffb8 728{
a1d1bb31 729 CPUWatchpoint *wp;
6658ffb8 730
ff4700b0 731 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 732 if (addr == wp->vaddr && len == wp->len
6e140f28 733 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 734 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 735 return 0;
736 }
737 }
a1d1bb31 738 return -ENOENT;
6658ffb8
PB		 739}
740
a1d1bb31 741/* Remove a specific watchpoint by reference. */
75a34036 742void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 743{
ff4700b0 744 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 745
31b030d4 746 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 747
7267c094 748 g_free(watchpoint);
a1d1bb31
AL		 749}
750
751/* Remove all matching watchpoints. */
75a34036 752void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 753{
c0ce998e 754 CPUWatchpoint *wp, *next;
a1d1bb31 755
ff4700b0 756 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 757 if (wp->flags & mask) {
758 cpu_watchpoint_remove_by_ref(cpu, wp);
759 }
c0ce998e 760 }
7d03f82f 761}
05068c0d
PM		 762
763/* Return true if this watchpoint address matches the specified
764 * access (ie the address range covered by the watchpoint overlaps
765 * partially or completely with the address range covered by the
766 * access).
767 */
768static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
769 vaddr addr,
770 vaddr len)
771{
772 /* We know the lengths are non-zero, but a little caution is
773 * required to avoid errors in the case where the range ends
774 * exactly at the top of the address space and so addr + len
775 * wraps round to zero.
776 */
777 vaddr wpend = wp->vaddr + wp->len - 1;
778 vaddr addrend = addr + len - 1;
779
780 return !(addr > wpend || wp->vaddr > addrend);
781}
782
c527ee8f 783#endif
7d03f82f 784
a1d1bb31 785/* Add a breakpoint. */
b3310ab3 786int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 787 CPUBreakpoint **breakpoint)
4c3a88a2 788{
c0ce998e 789 CPUBreakpoint *bp;
3b46e624 790
7267c094 791 bp = g_malloc(sizeof(*bp));
4c3a88a2 792
a1d1bb31
AL		 793 bp->pc = pc;
794 bp->flags = flags;
795
2dc9f411 796 /* keep all GDB-injected breakpoints in front */
00b941e5 797 if (flags & BP_GDB) {
f0c3c505 798 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 799 } else {
f0c3c505 800 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 801 }
3b46e624 802
f0c3c505 803 breakpoint_invalidate(cpu, pc);
a1d1bb31 804
00b941e5 805 if (breakpoint) {
a1d1bb31 806 *breakpoint = bp;
00b941e5 807 }
4c3a88a2 808 return 0;
4c3a88a2
FB		 809}
810
a1d1bb31 811/* Remove a specific breakpoint. */
b3310ab3 812int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 813{
a1d1bb31
AL		 814 CPUBreakpoint *bp;
815
f0c3c505 816 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 817 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 818 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 819 return 0;
820 }
7d03f82f 821 }
a1d1bb31 822 return -ENOENT;
7d03f82f
EI		 823}
824
a1d1bb31 825/* Remove a specific breakpoint by reference. */
b3310ab3 826void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 827{
f0c3c505
AF		 828 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
829
830 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 831
7267c094 832 g_free(breakpoint);
a1d1bb31
AL		 833}
834
835/* Remove all matching breakpoints. */
b3310ab3 836void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 837{
c0ce998e 838 CPUBreakpoint *bp, *next;
a1d1bb31 839
f0c3c505 840 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 841 if (bp->flags & mask) {
842 cpu_breakpoint_remove_by_ref(cpu, bp);
843 }
c0ce998e 844 }
4c3a88a2
FB		 845}
846
c33a346e
FB		 847/* enable or disable single step mode. EXCP_DEBUG is returned by the
848 CPU loop after each instruction */
3825b28f 849void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 850{
ed2803da
AF		 851 if (cpu->singlestep_enabled != enabled) {
852 cpu->singlestep_enabled = enabled;
853 if (kvm_enabled()) {
38e478ec 854 kvm_update_guest_debug(cpu, 0);
ed2803da 855 } else {
ccbb4d44 856 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 857 /* XXX: only flush what is necessary */
bbd77c18 858 tb_flush(cpu);
e22a25c9 859 }
c33a346e 860 }
c33a346e
FB		 861}
862
a47dddd7 863void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 864{
865 va_list ap;
493ae1f0 866 va_list ap2;
7501267e
FB		 867
868 va_start(ap, fmt);
493ae1f0 869 va_copy(ap2, ap);
7501267e
FB		 870 fprintf(stderr, "qemu: fatal: ");
871 vfprintf(stderr, fmt, ap);
872 fprintf(stderr, "\n");
878096ee 873 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 874 if (qemu_log_separate()) {
93fcfe39
AL		 875 qemu_log("qemu: fatal: ");
876 qemu_log_vprintf(fmt, ap2);
877 qemu_log("\n");
a0762859 878 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 879 qemu_log_flush();
93fcfe39 880 qemu_log_close();
924edcae 881 }
493ae1f0 882 va_end(ap2);
f9373291 883 va_end(ap);
7615936e 884 replay_finish();
fd052bf6
RV		 885#if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892#endif
7501267e
FB		 893 abort();
894}
895
0124311e 896#if !defined(CONFIG_USER_ONLY)
0dc3f44a 897/* Called from RCU critical section */
041603fe
PB		 898static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899{
900 RAMBlock *block;
901
43771539 902 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 903 if (block && addr - block->offset < block->max_length) {
68851b98 904 return block;
041603fe 905 }
0dc3f44a 906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 907 if (addr - block->offset < block->max_length) {
041603fe
PB		 908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915found:
43771539
PB		 916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
041603fe
PB		 932 ram_list.mru_block = block;
933 return block;
934}
935
a2f4d5be 936static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 937{
9a13565d 938 CPUState *cpu;
041603fe 939 ram_addr_t start1;
a2f4d5be
JQ		 940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
d24981d3 945
0dc3f44a 946 rcu_read_lock();
041603fe
PB		 947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
1240be24 949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
0dc3f44a 953 rcu_read_unlock();
d24981d3
JQ		 954}
955
5579c7f3 956/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 957bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
1ccde1cb 960{
5b82b703 961 DirtyMemoryBlocks *blocks;
03eebc9e 962 unsigned long end, page;
5b82b703 963 bool dirty = false;
03eebc9e
SH		 964
965 if (length == 0) {
966 return false;
967 }
f23db169 968
03eebc9e
SH		 969 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
970 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 971
972 rcu_read_lock();
973
974 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
975
976 while (page < end) {
977 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
978 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
979 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
980
981 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
982 offset, num);
983 page += num;
984 }
985
986 rcu_read_unlock();
03eebc9e
SH		 987
988 if (dirty && tcg_enabled()) {
a2f4d5be 989 tlb_reset_dirty_range_all(start, length);
5579c7f3 990 }
03eebc9e
SH		 991
992 return dirty;
1ccde1cb
FB		 993}
994
79e2b9ae 995/* Called from RCU critical section */
bb0e627a 996hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 997 MemoryRegionSection *section,
998 target_ulong vaddr,
999 hwaddr paddr, hwaddr xlat,
1000 int prot,
1001 target_ulong *address)
e5548617 1002{
a8170e5e 1003 hwaddr iotlb;
e5548617
BS		 1004 CPUWatchpoint *wp;
1005
cc5bea60 1006 if (memory_region_is_ram(section->mr)) {
e5548617 1007 /* Normal RAM. */
e4e69794 1008 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1009 if (!section->readonly) {
b41aac4f 1010 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1011 } else {
b41aac4f 1012 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1013 }
1014 } else {
0b8e2c10
PM		 1015 AddressSpaceDispatch *d;
1016
1017 d = atomic_rcu_read(&section->address_space->dispatch);
1018 iotlb = section - d->map.sections;
149f54b5 1019 iotlb += xlat;
e5548617
BS		 1020 }
1021
1022 /* Make accesses to pages with watchpoints go via the
1023 watchpoint trap routines. */
ff4700b0 1024 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1025 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1026 /* Avoid trapping reads of pages with a write breakpoint. */
1027 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1028 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1029 *address |= TLB_MMIO;
1030 break;
1031 }
1032 }
1033 }
1034
1035 return iotlb;
1036}
9fa3e853
FB		 1037#endif /* defined(CONFIG_USER_ONLY) */
1038
e2eef170 1039#if !defined(CONFIG_USER_ONLY)
8da3ff18 1040
c227f099 1041static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1042 uint16_t section);
acc9d80b 1043static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1044
a2b257d6
IM		 1045static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1046 qemu_anon_ram_alloc;
91138037
MA		 1047
1048/*
1049 * Set a custom physical guest memory alloator.
1050 * Accelerators with unusual needs may need this. Hopefully, we can
1051 * get rid of it eventually.
1052 */
a2b257d6 1053void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1054{
1055 phys_mem_alloc = alloc;
1056}
1057
53cb28cb
MA		 1058static uint16_t phys_section_add(PhysPageMap *map,
1059 MemoryRegionSection *section)
5312bd8b 1060{
68f3f65b
PB		 1061 /* The physical section number is ORed with a page-aligned
1062 * pointer to produce the iotlb entries. Thus it should
1063 * never overflow into the page-aligned value.
1064 */
53cb28cb 1065 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1066
53cb28cb
MA		 1067 if (map->sections_nb == map->sections_nb_alloc) {
1068 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1069 map->sections = g_renew(MemoryRegionSection, map->sections,
1070 map->sections_nb_alloc);
5312bd8b 1071 }
53cb28cb 1072 map->sections[map->sections_nb] = *section;
dfde4e6e 1073 memory_region_ref(section->mr);
53cb28cb 1074 return map->sections_nb++;
5312bd8b
AK		 1075}
1076
058bc4b5
PB		 1077static void phys_section_destroy(MemoryRegion *mr)
1078{
55b4e80b
DS		 1079 bool have_sub_page = mr->subpage;
1080
dfde4e6e
PB		 1081 memory_region_unref(mr);
1082
55b4e80b 1083 if (have_sub_page) {
058bc4b5 1084 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1085 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1086 g_free(subpage);
1087 }
1088}
1089
6092666e 1090static void phys_sections_free(PhysPageMap *map)
5312bd8b 1091{
9affd6fc
PB		 1092 while (map->sections_nb > 0) {
1093 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1094 phys_section_destroy(section->mr);
1095 }
9affd6fc
PB		 1096 g_free(map->sections);
1097 g_free(map->nodes);
5312bd8b
AK		 1098}
1099
ac1970fb 1100static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1101{
1102 subpage_t *subpage;
a8170e5e 1103 hwaddr base = section->offset_within_address_space
0f0cb164 1104 & TARGET_PAGE_MASK;
97115a8d 1105 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1106 d->map.nodes, d->map.sections);
0f0cb164
AK		 1107 MemoryRegionSection subsection = {
1108 .offset_within_address_space = base,
052e87b0 1109 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1110 };
a8170e5e 1111 hwaddr start, end;
0f0cb164 1112
f3705d53 1113 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1114
f3705d53 1115 if (!(existing->mr->subpage)) {
acc9d80b 1116 subpage = subpage_init(d->as, base);
3be91e86 1117 subsection.address_space = d->as;
0f0cb164 1118 subsection.mr = &subpage->iomem;
ac1970fb 1119 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1120 phys_section_add(&d->map, &subsection));
0f0cb164 1121 } else {
f3705d53 1122 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1123 }
1124 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1125 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1126 subpage_register(subpage, start, end,
1127 phys_section_add(&d->map, section));
0f0cb164
AK		 1128}
1129
1130
052e87b0
PB		 1131static void register_multipage(AddressSpaceDispatch *d,
1132 MemoryRegionSection *section)
33417e70 1133{
a8170e5e 1134 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1135 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1136 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1137 TARGET_PAGE_BITS));
dd81124b 1138
733d5ef5
PB		 1139 assert(num_pages);
1140 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1141}
1142
ac1970fb 1143static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1144{
89ae337a 1145 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1146 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1147 MemoryRegionSection now = *section, remain = *section;
052e87b0 1148 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1149
733d5ef5
PB		 1150 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1152 - now.offset_within_address_space;
1153
052e87b0 1154 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1155 register_subpage(d, &now);
733d5ef5 1156 } else {
052e87b0 1157 now.size = int128_zero();
733d5ef5 1158 }
052e87b0
PB		 1159 while (int128_ne(remain.size, now.size)) {
1160 remain.size = int128_sub(remain.size, now.size);
1161 remain.offset_within_address_space += int128_get64(now.size);
1162 remain.offset_within_region += int128_get64(now.size);
69b67646 1163 now = remain;
052e87b0 1164 if (int128_lt(remain.size, page_size)) {
733d5ef5 1165 register_subpage(d, &now);
88266249 1166 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1167 now.size = page_size;
ac1970fb 1168 register_subpage(d, &now);
69b67646 1169 } else {
052e87b0 1170 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1171 register_multipage(d, &now);
69b67646 1172 }
0f0cb164
AK		 1173 }
1174}
1175
62a2744c
SY		 1176void qemu_flush_coalesced_mmio_buffer(void)
1177{
1178 if (kvm_enabled())
1179 kvm_flush_coalesced_mmio_buffer();
1180}
1181
b2a8658e
UD		 1182void qemu_mutex_lock_ramlist(void)
1183{
1184 qemu_mutex_lock(&ram_list.mutex);
1185}
1186
1187void qemu_mutex_unlock_ramlist(void)
1188{
1189 qemu_mutex_unlock(&ram_list.mutex);
1190}
1191
e1e84ba0 1192#ifdef __linux__
04b16653
AW		 1193static void *file_ram_alloc(RAMBlock *block,
1194 ram_addr_t memory,
7f56e740
PB		 1195 const char *path,
1196 Error **errp)
c902760f 1197{
fd97fd44 1198 bool unlink_on_error = false;
c902760f 1199 char *filename;
8ca761f6
PF		 1200 char *sanitized_name;
1201 char *c;
056b68af 1202 void *area = MAP_FAILED;
5c3ece79 1203 int fd = -1;
e1fb6471 1204 int64_t page_size;
c902760f
MT		 1205
1206 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1207 error_setg(errp,
1208 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1209 return NULL;
c902760f
MT		 1210 }
1211
fd97fd44
MA		 1212 for (;;) {
1213 fd = open(path, O_RDWR);
1214 if (fd >= 0) {
1215 /* @path names an existing file, use it */
1216 break;
8d31d6b6 1217 }
fd97fd44
MA		 1218 if (errno == ENOENT) {
1219 /* @path names a file that doesn't exist, create it */
1220 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1221 if (fd >= 0) {
1222 unlink_on_error = true;
1223 break;
1224 }
1225 } else if (errno == EISDIR) {
1226 /* @path names a directory, create a file there */
1227 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1228 sanitized_name = g_strdup(memory_region_name(block->mr));
1229 for (c = sanitized_name; *c != '\0'; c++) {
1230 if (*c == '/') {
1231 *c = '_';
1232 }
1233 }
8ca761f6 1234
fd97fd44
MA		 1235 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1236 sanitized_name);
1237 g_free(sanitized_name);
8d31d6b6 1238
fd97fd44
MA		 1239 fd = mkstemp(filename);
1240 if (fd >= 0) {
1241 unlink(filename);
1242 g_free(filename);
1243 break;
1244 }
1245 g_free(filename);
8d31d6b6 1246 }
fd97fd44
MA		 1247 if (errno != EEXIST && errno != EINTR) {
1248 error_setg_errno(errp, errno,
1249 "can't open backing store %s for guest RAM",
1250 path);
1251 goto error;
1252 }
1253 /*
1254 * Try again on EINTR and EEXIST. The latter happens when
1255 * something else creates the file between our two open().
1256 */
8d31d6b6 1257 }
c902760f 1258
e1fb6471 1259 page_size = qemu_fd_getpagesize(fd);
d2f39add 1260 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1261
e1fb6471 1262 if (memory < page_size) {
fd97fd44
MA		 1263 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1264 "or larger than page size 0x%" PRIx64,
e1fb6471 1265 memory, page_size);
f9a49dfa 1266 goto error;
c902760f 1267 }
c902760f 1268
e1fb6471 1269 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1270
1271 /*
1272 * ftruncate is not supported by hugetlbfs in older
1273 * hosts, so don't bother bailing out on errors.
1274 * If anything goes wrong with it under other filesystems,
1275 * mmap will fail.
1276 */
7f56e740 1277 if (ftruncate(fd, memory)) {
9742bf26 1278 perror("ftruncate");
7f56e740 1279 }
c902760f 1280
d2f39add
DD		 1281 area = qemu_ram_mmap(fd, memory, block->mr->align,
1282 block->flags & RAM_SHARED);
c902760f 1283 if (area == MAP_FAILED) {
7f56e740 1284 error_setg_errno(errp, errno,
fd97fd44 1285 "unable to map backing store for guest RAM");
f9a49dfa 1286 goto error;
c902760f 1287 }
ef36fa14
MT		 1288
1289 if (mem_prealloc) {
056b68af
IM		 1290 os_mem_prealloc(fd, area, memory, errp);
1291 if (errp && *errp) {
1292 goto error;
1293 }
ef36fa14
MT		 1294 }
1295
04b16653 1296 block->fd = fd;
c902760f 1297 return area;
f9a49dfa
MT		 1298
1299error:
056b68af
IM		 1300 if (area != MAP_FAILED) {
1301 qemu_ram_munmap(area, memory);
1302 }
fd97fd44
MA		 1303 if (unlink_on_error) {
1304 unlink(path);
1305 }
5c3ece79
PB		 1306 if (fd != -1) {
1307 close(fd);
1308 }
f9a49dfa 1309 return NULL;
c902760f
MT		 1310}
1311#endif
1312
0dc3f44a 1313/* Called with the ramlist lock held. */
d17b5288 1314static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1315{
1316 RAMBlock *block, *next_block;
3e837b2c 1317 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1318
49cd9ac6
SH		 1319 assert(size != 0); /* it would hand out same offset multiple times */
1320
0dc3f44a 1321 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1322 return 0;
0d53d9fe 1323 }
04b16653 1324
0dc3f44a 1325 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1326 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1327
62be4e3a 1328 end = block->offset + block->max_length;
04b16653 1329
0dc3f44a 1330 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1331 if (next_block->offset >= end) {
1332 next = MIN(next, next_block->offset);
1333 }
1334 }
1335 if (next - end >= size && next - end < mingap) {
3e837b2c 1336 offset = end;
04b16653
AW		 1337 mingap = next - end;
1338 }
1339 }
3e837b2c
AW		 1340
1341 if (offset == RAM_ADDR_MAX) {
1342 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1343 (uint64_t)size);
1344 abort();
1345 }
1346
04b16653
AW		 1347 return offset;
1348}
1349
652d7ec2 1350ram_addr_t last_ram_offset(void)
d17b5288
AW		 1351{
1352 RAMBlock *block;
1353 ram_addr_t last = 0;
1354
0dc3f44a
MD		 1355 rcu_read_lock();
1356 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1357 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1358 }
0dc3f44a 1359 rcu_read_unlock();
d17b5288
AW		 1360 return last;
1361}
1362
ddb97f1d
JB		 1363static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1364{
1365 int ret;
ddb97f1d
JB		 1366
1367 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1368 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1369 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1370 if (ret) {
1371 perror("qemu_madvise");
1372 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1373 "but dump_guest_core=off specified\n");
1374 }
1375 }
1376}
1377
422148d3
DDAG		 1378const char *qemu_ram_get_idstr(RAMBlock *rb)
1379{
1380 return rb->idstr;
1381}
1382
ae3a7047 1383/* Called with iothread lock held. */
fa53a0e5 1384void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1385{
fa53a0e5 1386 RAMBlock *block;
20cfe881 1387
c5705a77
AK		 1388 assert(new_block);
1389 assert(!new_block->idstr[0]);
84b89d78 1390
09e5ab63
AL		 1391 if (dev) {
1392 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1393 if (id) {
1394 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1395 g_free(id);
84b89d78
CM		 1396 }
1397 }
1398 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1399
ab0a9956 1400 rcu_read_lock();
0dc3f44a 1401 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1402 if (block != new_block &&
1403 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1404 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1405 new_block->idstr);
1406 abort();
1407 }
1408 }
0dc3f44a 1409 rcu_read_unlock();
c5705a77
AK		 1410}
1411
ae3a7047 1412/* Called with iothread lock held. */
fa53a0e5 1413void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1414{
ae3a7047
MD		 1415 /* FIXME: arch_init.c assumes that this is not called throughout
1416 * migration. Ignore the problem since hot-unplug during migration
1417 * does not work anyway.
1418 */
20cfe881
HT		 1419 if (block) {
1420 memset(block->idstr, 0, sizeof(block->idstr));
1421 }
1422}
1423
8490fc78
LC		 1424static int memory_try_enable_merging(void *addr, size_t len)
1425{
75cc7f01 1426 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1427 /* disabled by the user */
1428 return 0;
1429 }
1430
1431 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1432}
1433
62be4e3a
MT		 1434/* Only legal before guest might have detected the memory size: e.g. on
1435 * incoming migration, or right after reset.
1436 *
1437 * As memory core doesn't know how is memory accessed, it is up to
1438 * resize callback to update device state and/or add assertions to detect
1439 * misuse, if necessary.
1440 */
fa53a0e5 1441int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1442{
62be4e3a
MT		 1443 assert(block);
1444
4ed023ce 1445 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1446
62be4e3a
MT		 1447 if (block->used_length == newsize) {
1448 return 0;
1449 }
1450
1451 if (!(block->flags & RAM_RESIZEABLE)) {
1452 error_setg_errno(errp, EINVAL,
1453 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1454 " in != 0x" RAM_ADDR_FMT, block->idstr,
1455 newsize, block->used_length);
1456 return -EINVAL;
1457 }
1458
1459 if (block->max_length < newsize) {
1460 error_setg_errno(errp, EINVAL,
1461 "Length too large: %s: 0x" RAM_ADDR_FMT
1462 " > 0x" RAM_ADDR_FMT, block->idstr,
1463 newsize, block->max_length);
1464 return -EINVAL;
1465 }
1466
1467 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1468 block->used_length = newsize;
58d2707e
PB		 1469 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1470 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1471 memory_region_set_size(block->mr, newsize);
1472 if (block->resized) {
1473 block->resized(block->idstr, newsize, block->host);
1474 }
1475 return 0;
1476}
1477
5b82b703
SH		 1478/* Called with ram_list.mutex held */
1479static void dirty_memory_extend(ram_addr_t old_ram_size,
1480 ram_addr_t new_ram_size)
1481{
1482 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1483 DIRTY_MEMORY_BLOCK_SIZE);
1484 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1485 DIRTY_MEMORY_BLOCK_SIZE);
1486 int i;
1487
1488 /* Only need to extend if block count increased */
1489 if (new_num_blocks <= old_num_blocks) {
1490 return;
1491 }
1492
1493 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1494 DirtyMemoryBlocks *old_blocks;
1495 DirtyMemoryBlocks *new_blocks;
1496 int j;
1497
1498 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1499 new_blocks = g_malloc(sizeof(*new_blocks) +
1500 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1501
1502 if (old_num_blocks) {
1503 memcpy(new_blocks->blocks, old_blocks->blocks,
1504 old_num_blocks * sizeof(old_blocks->blocks[0]));
1505 }
1506
1507 for (j = old_num_blocks; j < new_num_blocks; j++) {
1508 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1509 }
1510
1511 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1512
1513 if (old_blocks) {
1514 g_free_rcu(old_blocks, rcu);
1515 }
1516 }
1517}
1518
528f46af 1519static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1520{
e1c57ab8 1521 RAMBlock *block;
0d53d9fe 1522 RAMBlock *last_block = NULL;
2152f5ca 1523 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1524 Error *err = NULL;
2152f5ca
JQ		 1525
1526 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1527
b2a8658e 1528 qemu_mutex_lock_ramlist();
9b8424d5 1529 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1530
1531 if (!new_block->host) {
1532 if (xen_enabled()) {
9b8424d5 1533 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1534 new_block->mr, &err);
1535 if (err) {
1536 error_propagate(errp, err);
1537 qemu_mutex_unlock_ramlist();
39c350ee 1538 return;
37aa7a0e 1539 }
e1c57ab8 1540 } else {
9b8424d5 1541 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1542 &new_block->mr->align);
39228250 1543 if (!new_block->host) {
ef701d7b
HT		 1544 error_setg_errno(errp, errno,
1545 "cannot set up guest memory '%s'",
1546 memory_region_name(new_block->mr));
1547 qemu_mutex_unlock_ramlist();
39c350ee 1548 return;
39228250 1549 }
9b8424d5 1550 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1551 }
c902760f 1552 }
94a6b54f 1553
dd631697
LZ		 1554 new_ram_size = MAX(old_ram_size,
1555 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1556 if (new_ram_size > old_ram_size) {
1557 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1558 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1559 }
0d53d9fe
MD		 1560 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1561 * QLIST (which has an RCU-friendly variant) does not have insertion at
1562 * tail, so save the last element in last_block.
1563 */
0dc3f44a 1564 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1565 last_block = block;
9b8424d5 1566 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1567 break;
1568 }
1569 }
1570 if (block) {
0dc3f44a 1571 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1572 } else if (last_block) {
0dc3f44a 1573 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1574 } else { /* list is empty */
0dc3f44a 1575 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1576 }
0d6d3c87 1577 ram_list.mru_block = NULL;
94a6b54f 1578
0dc3f44a
MD		 1579 /* Write list before version */
1580 smp_wmb();
f798b07f 1581 ram_list.version++;
b2a8658e 1582 qemu_mutex_unlock_ramlist();
f798b07f 1583
9b8424d5 1584 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1585 new_block->used_length,
1586 DIRTY_CLIENTS_ALL);
94a6b54f 1587
a904c911
PB		 1588 if (new_block->host) {
1589 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1590 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1591 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1592 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1593 }
94a6b54f 1594}
e9a1ab19 1595
0b183fc8 1596#ifdef __linux__
528f46af
FZ		 1597RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1598 bool share, const char *mem_path,
1599 Error **errp)
e1c57ab8
PB		 1600{
1601 RAMBlock *new_block;
ef701d7b 1602 Error *local_err = NULL;
e1c57ab8
PB		 1603
1604 if (xen_enabled()) {
7f56e740 1605 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1606 return NULL;
e1c57ab8
PB		 1607 }
1608
1609 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1610 /*
1611 * file_ram_alloc() needs to allocate just like
1612 * phys_mem_alloc, but we haven't bothered to provide
1613 * a hook there.
1614 */
7f56e740
PB		 1615 error_setg(errp,
1616 "-mem-path not supported with this accelerator");
528f46af 1617 return NULL;
e1c57ab8
PB		 1618 }
1619
4ed023ce 1620 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1621 new_block = g_malloc0(sizeof(*new_block));
1622 new_block->mr = mr;
9b8424d5
MT		 1623 new_block->used_length = size;
1624 new_block->max_length = size;
dbcb8981 1625 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1626 new_block->host = file_ram_alloc(new_block, size,
1627 mem_path, errp);
1628 if (!new_block->host) {
1629 g_free(new_block);
528f46af 1630 return NULL;
7f56e740
PB		 1631 }
1632
528f46af 1633 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1634 if (local_err) {
1635 g_free(new_block);
1636 error_propagate(errp, local_err);
528f46af 1637 return NULL;
ef701d7b 1638 }
528f46af 1639 return new_block;
e1c57ab8 1640}
0b183fc8 1641#endif
e1c57ab8 1642
62be4e3a 1643static
528f46af
FZ		 1644RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1645 void (*resized)(const char*,
1646 uint64_t length,
1647 void *host),
1648 void *host, bool resizeable,
1649 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1650{
1651 RAMBlock *new_block;
ef701d7b 1652 Error *local_err = NULL;
e1c57ab8 1653
4ed023ce
DDAG		 1654 size = HOST_PAGE_ALIGN(size);
1655 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1656 new_block = g_malloc0(sizeof(*new_block));
1657 new_block->mr = mr;
62be4e3a 1658 new_block->resized = resized;
9b8424d5
MT		 1659 new_block->used_length = size;
1660 new_block->max_length = max_size;
62be4e3a 1661 assert(max_size >= size);
e1c57ab8
PB		 1662 new_block->fd = -1;
1663 new_block->host = host;
1664 if (host) {
7bd4f430 1665 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1666 }
62be4e3a
MT		 1667 if (resizeable) {
1668 new_block->flags |= RAM_RESIZEABLE;
1669 }
528f46af 1670 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1671 if (local_err) {
1672 g_free(new_block);
1673 error_propagate(errp, local_err);
528f46af 1674 return NULL;
ef701d7b 1675 }
528f46af 1676 return new_block;
e1c57ab8
PB		 1677}
1678
528f46af 1679RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1680 MemoryRegion *mr, Error **errp)
1681{
1682 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1683}
1684
528f46af 1685RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1686{
62be4e3a
MT		 1687 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1688}
1689
528f46af 1690RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1691 void (*resized)(const char*,
1692 uint64_t length,
1693 void *host),
1694 MemoryRegion *mr, Error **errp)
1695{
1696 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1697}
1698
43771539
PB		 1699static void reclaim_ramblock(RAMBlock *block)
1700{
1701 if (block->flags & RAM_PREALLOC) {
1702 ;
1703 } else if (xen_enabled()) {
1704 xen_invalidate_map_cache_entry(block->host);
1705#ifndef _WIN32
1706 } else if (block->fd >= 0) {
2f3a2bb1 1707 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1708 close(block->fd);
1709#endif
1710 } else {
1711 qemu_anon_ram_free(block->host, block->max_length);
1712 }
1713 g_free(block);
1714}
1715
f1060c55 1716void qemu_ram_free(RAMBlock *block)
e9a1ab19 1717{
85bc2a15
MAL		 1718 if (!block) {
1719 return;
1720 }
1721
b2a8658e 1722 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1723 QLIST_REMOVE_RCU(block, next);
1724 ram_list.mru_block = NULL;
1725 /* Write list before version */
1726 smp_wmb();
1727 ram_list.version++;
1728 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1729 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1730}
1731
cd19cfa2
HY		 1732#ifndef _WIN32
1733void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1734{
1735 RAMBlock *block;
1736 ram_addr_t offset;
1737 int flags;
1738 void *area, *vaddr;
1739
0dc3f44a 1740 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1741 offset = addr - block->offset;
9b8424d5 1742 if (offset < block->max_length) {
1240be24 1743 vaddr = ramblock_ptr(block, offset);
7bd4f430 1744 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1745 ;
dfeaf2ab
MA		 1746 } else if (xen_enabled()) {
1747 abort();
cd19cfa2
HY		 1748 } else {
1749 flags = MAP_FIXED;
3435f395 1750 if (block->fd >= 0) {
dbcb8981
PB		 1751 flags |= (block->flags & RAM_SHARED ?
1752 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1753 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1754 flags, block->fd, offset);
cd19cfa2 1755 } else {
2eb9fbaa
MA		 1756 /*
1757 * Remap needs to match alloc. Accelerators that
1758 * set phys_mem_alloc never remap. If they did,
1759 * we'd need a remap hook here.
1760 */
1761 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1762
cd19cfa2
HY		 1763 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1764 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1765 flags, -1, 0);
cd19cfa2
HY		 1766 }
1767 if (area != vaddr) {
f15fbc4b
AP		 1768 fprintf(stderr, "Could not remap addr: "
1769 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1770 length, addr);
1771 exit(1);
1772 }
8490fc78 1773 memory_try_enable_merging(vaddr, length);
ddb97f1d 1774 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1775 }
cd19cfa2
HY		 1776 }
1777 }
1778}
1779#endif /* !_WIN32 */
1780
1b5ec234 1781/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1782 * This should not be used for general purpose DMA. Use address_space_map
1783 * or address_space_rw instead. For local memory (e.g. video ram) that the
1784 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1785 *
49b24afc 1786 * Called within RCU critical section.
1b5ec234 1787 */
0878d0e1 1788void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1789{
3655cb9c
GA		 1790 RAMBlock *block = ram_block;
1791
1792 if (block == NULL) {
1793 block = qemu_get_ram_block(addr);
0878d0e1 1794 addr -= block->offset;
3655cb9c 1795 }
ae3a7047
MD		 1796
1797 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1798 /* We need to check if the requested address is in the RAM
1799 * because we don't want to map the entire memory in QEMU.
1800 * In that case just map until the end of the page.
1801 */
1802 if (block->offset == 0) {
49b24afc 1803 return xen_map_cache(addr, 0, 0);
0d6d3c87 1804 }
ae3a7047
MD		 1805
1806 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1807 }
0878d0e1 1808 return ramblock_ptr(block, addr);
dc828ca1
PB		 1809}
1810
0878d0e1 1811/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1812 * but takes a size argument.
0dc3f44a 1813 *
e81bcda5 1814 * Called within RCU critical section.
ae3a7047 1815 */
3655cb9c
GA		 1816static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1817 hwaddr *size)
38bee5dc 1818{
3655cb9c 1819 RAMBlock *block = ram_block;
8ab934f9
SS		 1820 if (*size == 0) {
1821 return NULL;
1822 }
e81bcda5 1823
3655cb9c
GA		 1824 if (block == NULL) {
1825 block = qemu_get_ram_block(addr);
0878d0e1 1826 addr -= block->offset;
3655cb9c 1827 }
0878d0e1 1828 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1829
1830 if (xen_enabled() && block->host == NULL) {
1831 /* We need to check if the requested address is in the RAM
1832 * because we don't want to map the entire memory in QEMU.
1833 * In that case just map the requested area.
1834 */
1835 if (block->offset == 0) {
1836 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1837 }
1838
e81bcda5 1839 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1840 }
e81bcda5 1841
0878d0e1 1842 return ramblock_ptr(block, addr);
38bee5dc
SS		 1843}
1844
422148d3
DDAG		 1845/*
1846 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1847 * in that RAMBlock.
1848 *
1849 * ptr: Host pointer to look up
1850 * round_offset: If true round the result offset down to a page boundary
1851 * *ram_addr: set to result ram_addr
1852 * *offset: set to result offset within the RAMBlock
1853 *
1854 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1855 *
1856 * By the time this function returns, the returned pointer is not protected
1857 * by RCU anymore. If the caller is not within an RCU critical section and
1858 * does not hold the iothread lock, it must have other means of protecting the
1859 * pointer, such as a reference to the region that includes the incoming
1860 * ram_addr_t.
1861 */
422148d3 1862RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1863 ram_addr_t *offset)
5579c7f3 1864{
94a6b54f
PB		 1865 RAMBlock *block;
1866 uint8_t *host = ptr;
1867
868bb33f 1868 if (xen_enabled()) {
f615f396 1869 ram_addr_t ram_addr;
0dc3f44a 1870 rcu_read_lock();
f615f396
PB		 1871 ram_addr = xen_ram_addr_from_mapcache(ptr);
1872 block = qemu_get_ram_block(ram_addr);
422148d3 1873 if (block) {
d6b6aec4 1874 *offset = ram_addr - block->offset;
422148d3 1875 }
0dc3f44a 1876 rcu_read_unlock();
422148d3 1877 return block;
712c2b41
SS		 1878 }
1879
0dc3f44a
MD		 1880 rcu_read_lock();
1881 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1882 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1883 goto found;
1884 }
1885
0dc3f44a 1886 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1887 /* This case append when the block is not mapped. */
1888 if (block->host == NULL) {
1889 continue;
1890 }
9b8424d5 1891 if (host - block->host < block->max_length) {
23887b79 1892 goto found;
f471a17e 1893 }
94a6b54f 1894 }
432d268c 1895
0dc3f44a 1896 rcu_read_unlock();
1b5ec234 1897 return NULL;
23887b79
PB		 1898
1899found:
422148d3
DDAG		 1900 *offset = (host - block->host);
1901 if (round_offset) {
1902 *offset &= TARGET_PAGE_MASK;
1903 }
0dc3f44a 1904 rcu_read_unlock();
422148d3
DDAG		 1905 return block;
1906}
1907
e3dd7493
DDAG		 1908/*
1909 * Finds the named RAMBlock
1910 *
1911 * name: The name of RAMBlock to find
1912 *
1913 * Returns: RAMBlock (or NULL if not found)
1914 */
1915RAMBlock *qemu_ram_block_by_name(const char *name)
1916{
1917 RAMBlock *block;
1918
1919 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1920 if (!strcmp(name, block->idstr)) {
1921 return block;
1922 }
1923 }
1924
1925 return NULL;
1926}
1927
422148d3
DDAG		 1928/* Some of the softmmu routines need to translate from a host pointer
1929 (typically a TLB entry) back to a ram offset. */
07bdaa41 1930ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1931{
1932 RAMBlock *block;
f615f396 1933 ram_addr_t offset;
422148d3 1934
f615f396 1935 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1936 if (!block) {
07bdaa41 1937 return RAM_ADDR_INVALID;
422148d3
DDAG		 1938 }
1939
07bdaa41 1940 return block->offset + offset;
e890261f 1941}
f471a17e 1942
49b24afc 1943/* Called within RCU critical section. */
a8170e5e 1944static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1945 uint64_t val, unsigned size)
9fa3e853 1946{
52159192 1947 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1948 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1949 }
0e0df1e2
AK		 1950 switch (size) {
1951 case 1:
0878d0e1 1952 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1953 break;
1954 case 2:
0878d0e1 1955 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1956 break;
1957 case 4:
0878d0e1 1958 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1959 break;
1960 default:
1961 abort();
3a7d929e 1962 }
58d2707e
PB		 1963 /* Set both VGA and migration bits for simplicity and to remove
1964 * the notdirty callback faster.
1965 */
1966 cpu_physical_memory_set_dirty_range(ram_addr, size,
1967 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1968 /* we remove the notdirty callback only if the code has been
1969 flushed */
a2cd8c85 1970 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1971 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1972 }
9fa3e853
FB		 1973}
1974
b018ddf6
PB		 1975static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1976 unsigned size, bool is_write)
1977{
1978 return is_write;
1979}
1980
0e0df1e2 1981static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1982 .write = notdirty_mem_write,
b018ddf6 1983 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1984 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1985};
1986
0f459d16 1987/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1988static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1989{
93afeade 1990 CPUState *cpu = current_cpu;
568496c0 1991 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 1992 CPUArchState *env = cpu->env_ptr;
06d55cc1 1993 target_ulong pc, cs_base;
0f459d16 1994 target_ulong vaddr;
a1d1bb31 1995 CPUWatchpoint *wp;
89fee74a 1996 uint32_t cpu_flags;
0f459d16 1997
ff4700b0 1998 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1999 /* We re-entered the check after replacing the TB. Now raise
2000 * the debug interrupt so that is will trigger after the
2001 * current instruction. */
93afeade 2002 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2003 return;
2004 }
93afeade 2005 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2006 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2007 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2008 && (wp->flags & flags)) {
08225676
PM		 2009 if (flags == BP_MEM_READ) {
2010 wp->flags |= BP_WATCHPOINT_HIT_READ;
2011 } else {
2012 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2013 }
2014 wp->hitaddr = vaddr;
66b9b43c 2015 wp->hitattrs = attrs;
ff4700b0 2016 if (!cpu->watchpoint_hit) {
568496c0
SF		 2017 if (wp->flags & BP_CPU &&
2018 !cc->debug_check_watchpoint(cpu, wp)) {
2019 wp->flags &= ~BP_WATCHPOINT_HIT;
2020 continue;
2021 }
ff4700b0 2022 cpu->watchpoint_hit = wp;
239c51a5 2023 tb_check_watchpoint(cpu);
6e140f28 2024 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2025 cpu->exception_index = EXCP_DEBUG;
5638d180 2026 cpu_loop_exit(cpu);
6e140f28
AL		 2027 } else {
2028 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2029 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2030 cpu_loop_exit_noexc(cpu);
6e140f28 2031 }
06d55cc1 2032 }
6e140f28
AL		 2033 } else {
2034 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2035 }
2036 }
2037}
2038
6658ffb8
PB		 2039/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2040 so these check for a hit then pass through to the normal out-of-line
2041 phys routines. */
66b9b43c
PM		 2042static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2043 unsigned size, MemTxAttrs attrs)
6658ffb8 2044{
66b9b43c
PM		 2045 MemTxResult res;
2046 uint64_t data;
79ed0416
PM		 2047 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2048 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2049
2050 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2051 switch (size) {
66b9b43c 2052 case 1:
79ed0416 2053 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2054 break;
2055 case 2:
79ed0416 2056 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2057 break;
2058 case 4:
79ed0416 2059 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2060 break;
1ec9b909
AK		 2061 default: abort();
2062 }
66b9b43c
PM		 2063 *pdata = data;
2064 return res;
6658ffb8
PB		 2065}
2066
66b9b43c
PM		 2067static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2068 uint64_t val, unsigned size,
2069 MemTxAttrs attrs)
6658ffb8 2070{
66b9b43c 2071 MemTxResult res;
79ed0416
PM		 2072 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2073 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2074
2075 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2076 switch (size) {
67364150 2077 case 1:
79ed0416 2078 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2079 break;
2080 case 2:
79ed0416 2081 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2082 break;
2083 case 4:
79ed0416 2084 address_space_stl(as, addr, val, attrs, &res);
67364150 2085 break;
1ec9b909
AK		 2086 default: abort();
2087 }
66b9b43c 2088 return res;
6658ffb8
PB		 2089}
2090
1ec9b909 2091static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2092 .read_with_attrs = watch_mem_read,
2093 .write_with_attrs = watch_mem_write,
1ec9b909 2094 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2095};
6658ffb8 2096
f25a49e0
PM		 2097static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2098 unsigned len, MemTxAttrs attrs)
db7b5426 2099{
acc9d80b 2100 subpage_t *subpage = opaque;
ff6cff75 2101 uint8_t buf[8];
5c9eb028 2102 MemTxResult res;
791af8c8 2103
db7b5426 2104#if defined(DEBUG_SUBPAGE)
016e9d62 2105 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2106 subpage, len, addr);
db7b5426 2107#endif
5c9eb028
PM		 2108 res = address_space_read(subpage->as, addr + subpage->base,
2109 attrs, buf, len);
2110 if (res) {
2111 return res;
f25a49e0 2112 }
acc9d80b
JK		 2113 switch (len) {
2114 case 1:
f25a49e0
PM		 2115 *data = ldub_p(buf);
2116 return MEMTX_OK;
acc9d80b 2117 case 2:
f25a49e0
PM		 2118 *data = lduw_p(buf);
2119 return MEMTX_OK;
acc9d80b 2120 case 4:
f25a49e0
PM		 2121 *data = ldl_p(buf);
2122 return MEMTX_OK;
ff6cff75 2123 case 8:
f25a49e0
PM		 2124 *data = ldq_p(buf);
2125 return MEMTX_OK;
acc9d80b
JK		 2126 default:
2127 abort();
2128 }
db7b5426
BS		 2129}
2130
f25a49e0
PM		 2131static MemTxResult subpage_write(void *opaque, hwaddr addr,
2132 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2133{
acc9d80b 2134 subpage_t *subpage = opaque;
ff6cff75 2135 uint8_t buf[8];
acc9d80b 2136
db7b5426 2137#if defined(DEBUG_SUBPAGE)
016e9d62 2138 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2139 " value %"PRIx64"\n",
2140 __func__, subpage, len, addr, value);
db7b5426 2141#endif
acc9d80b
JK		 2142 switch (len) {
2143 case 1:
2144 stb_p(buf, value);
2145 break;
2146 case 2:
2147 stw_p(buf, value);
2148 break;
2149 case 4:
2150 stl_p(buf, value);
2151 break;
ff6cff75
PB		 2152 case 8:
2153 stq_p(buf, value);
2154 break;
acc9d80b
JK		 2155 default:
2156 abort();
2157 }
5c9eb028
PM		 2158 return address_space_write(subpage->as, addr + subpage->base,
2159 attrs, buf, len);
db7b5426
BS		 2160}
2161
c353e4cc 2162static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2163 unsigned len, bool is_write)
c353e4cc 2164{
acc9d80b 2165 subpage_t *subpage = opaque;
c353e4cc 2166#if defined(DEBUG_SUBPAGE)
016e9d62 2167 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2168 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2169#endif
2170
acc9d80b 2171 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2172 len, is_write);
c353e4cc
PB		 2173}
2174
70c68e44 2175static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2176 .read_with_attrs = subpage_read,
2177 .write_with_attrs = subpage_write,
ff6cff75
PB		 2178 .impl.min_access_size = 1,
2179 .impl.max_access_size = 8,
2180 .valid.min_access_size = 1,
2181 .valid.max_access_size = 8,
c353e4cc 2182 .valid.accepts = subpage_accepts,
70c68e44 2183 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2184};
2185
c227f099 2186static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2187 uint16_t section)
db7b5426
BS		 2188{
2189 int idx, eidx;
2190
2191 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2192 return -1;
2193 idx = SUBPAGE_IDX(start);
2194 eidx = SUBPAGE_IDX(end);
2195#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2196 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2197 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2198#endif
db7b5426 2199 for (; idx <= eidx; idx++) {
5312bd8b 2200 mmio->sub_section[idx] = section;
db7b5426
BS		 2201 }
2202
2203 return 0;
2204}
2205
acc9d80b 2206static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2207{
c227f099 2208 subpage_t *mmio;
db7b5426 2209
7267c094 2210 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2211
acc9d80b 2212 mmio->as = as;
1eec614b 2213 mmio->base = base;
2c9b15ca 2214 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2215 NULL, TARGET_PAGE_SIZE);
b3b00c78 2216 mmio->iomem.subpage = true;
db7b5426 2217#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2218 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2219 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2220#endif
b41aac4f 2221 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2222
2223 return mmio;
2224}
2225
a656e22f
PC		 2226static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2227 MemoryRegion *mr)
5312bd8b 2228{
a656e22f 2229 assert(as);
5312bd8b 2230 MemoryRegionSection section = {
a656e22f 2231 .address_space = as,
5312bd8b
AK		 2232 .mr = mr,
2233 .offset_within_address_space = 0,
2234 .offset_within_region = 0,
052e87b0 2235 .size = int128_2_64(),
5312bd8b
AK		 2236 };
2237
53cb28cb 2238 return phys_section_add(map, &section);
5312bd8b
AK		 2239}
2240
a54c87b6 2241MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2242{
a54c87b6
PM		 2243 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2244 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2245 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2246 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2247
2248 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2249}
2250
e9179ce1
AK		 2251static void io_mem_init(void)
2252{
1f6245e5 2253 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2254 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2255 NULL, UINT64_MAX);
2c9b15ca 2256 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2257 NULL, UINT64_MAX);
2c9b15ca 2258 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2259 NULL, UINT64_MAX);
e9179ce1
AK		 2260}
2261
ac1970fb 2262static void mem_begin(MemoryListener *listener)
00752703
PB		 2263{
2264 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2265 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2266 uint16_t n;
2267
a656e22f 2268 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2269 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2270 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2271 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2272 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2273 assert(n == PHYS_SECTION_ROM);
a656e22f 2274 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2275 assert(n == PHYS_SECTION_WATCH);
00752703 2276
9736e55b 2277 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2278 d->as = as;
2279 as->next_dispatch = d;
2280}
2281
79e2b9ae
PB		 2282static void address_space_dispatch_free(AddressSpaceDispatch *d)
2283{
2284 phys_sections_free(&d->map);
2285 g_free(d);
2286}
2287
00752703 2288static void mem_commit(MemoryListener *listener)
ac1970fb 2289{
89ae337a 2290 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2291 AddressSpaceDispatch *cur = as->dispatch;
2292 AddressSpaceDispatch *next = as->next_dispatch;
2293
53cb28cb 2294 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2295
79e2b9ae 2296 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2297 if (cur) {
79e2b9ae 2298 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2299 }
9affd6fc
PB		 2300}
2301
1d71148e 2302static void tcg_commit(MemoryListener *listener)
50c1e149 2303{
32857f4d
PM		 2304 CPUAddressSpace *cpuas;
2305 AddressSpaceDispatch *d;
117712c3
AK		 2306
2307 /* since each CPU stores ram addresses in its TLB cache, we must
2308 reset the modified entries */
32857f4d
PM		 2309 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2310 cpu_reloading_memory_map();
2311 /* The CPU and TLB are protected by the iothread lock.
2312 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2313 * may have split the RCU critical section.
2314 */
2315 d = atomic_rcu_read(&cpuas->as->dispatch);
2316 cpuas->memory_dispatch = d;
2317 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2318}
2319
ac1970fb
AK		 2320void address_space_init_dispatch(AddressSpace *as)
2321{
00752703 2322 as->dispatch = NULL;
89ae337a 2323 as->dispatch_listener = (MemoryListener) {
ac1970fb 2324 .begin = mem_begin,
00752703 2325 .commit = mem_commit,
ac1970fb
AK		 2326 .region_add = mem_add,
2327 .region_nop = mem_add,
2328 .priority = 0,
2329 };
89ae337a 2330 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2331}
2332
6e48e8f9
PB		 2333void address_space_unregister(AddressSpace *as)
2334{
2335 memory_listener_unregister(&as->dispatch_listener);
2336}
2337
83f3c251
AK		 2338void address_space_destroy_dispatch(AddressSpace *as)
2339{
2340 AddressSpaceDispatch *d = as->dispatch;
2341
79e2b9ae
PB		 2342 atomic_rcu_set(&as->dispatch, NULL);
2343 if (d) {
2344 call_rcu(d, address_space_dispatch_free, rcu);
2345 }
83f3c251
AK		 2346}
2347
62152b8a
AK		 2348static void memory_map_init(void)
2349{
7267c094 2350 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2351
57271d63 2352 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2353 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2354
7267c094 2355 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2356 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2357 65536);
7dca8043 2358 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2359}
2360
2361MemoryRegion *get_system_memory(void)
2362{
2363 return system_memory;
2364}
2365
309cb471
AK		 2366MemoryRegion *get_system_io(void)
2367{
2368 return system_io;
2369}
2370
e2eef170
PB		 2371#endif /* !defined(CONFIG_USER_ONLY) */
2372
13eb76e0
FB		 2373/* physical memory access (slow version, mainly for debug) */
2374#if defined(CONFIG_USER_ONLY)
f17ec444 2375int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2376 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2377{
2378 int l, flags;
2379 target_ulong page;
53a5960a 2380 void * p;
13eb76e0
FB		 2381
2382 while (len > 0) {
2383 page = addr & TARGET_PAGE_MASK;
2384 l = (page + TARGET_PAGE_SIZE) - addr;
2385 if (l > len)
2386 l = len;
2387 flags = page_get_flags(page);
2388 if (!(flags & PAGE_VALID))
a68fe89c 2389 return -1;
13eb76e0
FB		 2390 if (is_write) {
2391 if (!(flags & PAGE_WRITE))
a68fe89c 2392 return -1;
579a97f7 2393 /* XXX: this code should not depend on lock_user */
72fb7daa 2394 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2395 return -1;
72fb7daa
AJ		 2396 memcpy(p, buf, l);
2397 unlock_user(p, addr, l);
13eb76e0
FB		 2398 } else {
2399 if (!(flags & PAGE_READ))
a68fe89c 2400 return -1;
579a97f7 2401 /* XXX: this code should not depend on lock_user */
72fb7daa 2402 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2403 return -1;
72fb7daa 2404 memcpy(buf, p, l);
5b257578 2405 unlock_user(p, addr, 0);
13eb76e0
FB		 2406 }
2407 len -= l;
2408 buf += l;
2409 addr += l;
2410 }
a68fe89c 2411 return 0;
13eb76e0 2412}
8df1cd07 2413
13eb76e0 2414#else
51d7a9eb 2415
845b6214 2416static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2417 hwaddr length)
51d7a9eb 2418{
e87f7778 2419 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2420 addr += memory_region_get_ram_addr(mr);
2421
e87f7778
PB		 2422 /* No early return if dirty_log_mask is or becomes 0, because
2423 * cpu_physical_memory_set_dirty_range will still call
2424 * xen_modified_memory.
2425 */
2426 if (dirty_log_mask) {
2427 dirty_log_mask =
2428 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2429 }
2430 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2431 tb_invalidate_phys_range(addr, addr + length);
2432 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2433 }
e87f7778 2434 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2435}
2436
23326164 2437static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2438{
e1622f4b 2439 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2440
2441 /* Regions are assumed to support 1-4 byte accesses unless
2442 otherwise specified. */
23326164
RH		 2443 if (access_size_max == 0) {
2444 access_size_max = 4;
2445 }
2446
2447 /* Bound the maximum access by the alignment of the address. */
2448 if (!mr->ops->impl.unaligned) {
2449 unsigned align_size_max = addr & -addr;
2450 if (align_size_max != 0 && align_size_max < access_size_max) {
2451 access_size_max = align_size_max;
2452 }
82f2563f 2453 }
23326164
RH		 2454
2455 /* Don't attempt accesses larger than the maximum. */
2456 if (l > access_size_max) {
2457 l = access_size_max;
82f2563f 2458 }
6554f5c0 2459 l = pow2floor(l);
23326164
RH		 2460
2461 return l;
82f2563f
PB		 2462}
2463
4840f10e 2464static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2465{
4840f10e
JK		 2466 bool unlocked = !qemu_mutex_iothread_locked();
2467 bool release_lock = false;
2468
2469 if (unlocked && mr->global_locking) {
2470 qemu_mutex_lock_iothread();
2471 unlocked = false;
2472 release_lock = true;
2473 }
125b3806 2474 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2475 if (unlocked) {
2476 qemu_mutex_lock_iothread();
2477 }
125b3806 2478 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2479 if (unlocked) {
2480 qemu_mutex_unlock_iothread();
2481 }
125b3806 2482 }
4840f10e
JK		 2483
2484 return release_lock;
125b3806
PB		 2485}
2486
a203ac70
PB		 2487/* Called within RCU critical section. */
2488static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2489 MemTxAttrs attrs,
2490 const uint8_t *buf,
2491 int len, hwaddr addr1,
2492 hwaddr l, MemoryRegion *mr)
13eb76e0 2493{
13eb76e0 2494 uint8_t *ptr;
791af8c8 2495 uint64_t val;
3b643495 2496 MemTxResult result = MEMTX_OK;
4840f10e 2497 bool release_lock = false;
3b46e624 2498
a203ac70 2499 for (;;) {
eb7eeb88
PB		 2500 if (!memory_access_is_direct(mr, true)) {
2501 release_lock |= prepare_mmio_access(mr);
2502 l = memory_access_size(mr, l, addr1);
2503 /* XXX: could force current_cpu to NULL to avoid
2504 potential bugs */
2505 switch (l) {
2506 case 8:
2507 /* 64 bit write access */
2508 val = ldq_p(buf);
2509 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2510 attrs);
2511 break;
2512 case 4:
2513 /* 32 bit write access */
2514 val = ldl_p(buf);
2515 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2516 attrs);
2517 break;
2518 case 2:
2519 /* 16 bit write access */
2520 val = lduw_p(buf);
2521 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2522 attrs);
2523 break;
2524 case 1:
2525 /* 8 bit write access */
2526 val = ldub_p(buf);
2527 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2528 attrs);
2529 break;
2530 default:
2531 abort();
13eb76e0
FB		 2532 }
2533 } else {
eb7eeb88 2534 /* RAM case */
0878d0e1 2535 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2536 memcpy(ptr, buf, l);
2537 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2538 }
4840f10e
JK		 2539
2540 if (release_lock) {
2541 qemu_mutex_unlock_iothread();
2542 release_lock = false;
2543 }
2544
13eb76e0
FB		 2545 len -= l;
2546 buf += l;
2547 addr += l;
a203ac70
PB		 2548
2549 if (!len) {
2550 break;
2551 }
2552
2553 l = len;
2554 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2555 }
fd8aaa76 2556
3b643495 2557 return result;
13eb76e0 2558}
8df1cd07 2559
a203ac70
PB		 2560MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2561 const uint8_t *buf, int len)
ac1970fb 2562{
eb7eeb88 2563 hwaddr l;
eb7eeb88
PB		 2564 hwaddr addr1;
2565 MemoryRegion *mr;
2566 MemTxResult result = MEMTX_OK;
eb7eeb88 2567
a203ac70
PB		 2568 if (len > 0) {
2569 rcu_read_lock();
eb7eeb88 2570 l = len;
a203ac70
PB		 2571 mr = address_space_translate(as, addr, &addr1, &l, true);
2572 result = address_space_write_continue(as, addr, attrs, buf, len,
2573 addr1, l, mr);
2574 rcu_read_unlock();
2575 }
2576
2577 return result;
2578}
2579
2580/* Called within RCU critical section. */
2581MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2582 MemTxAttrs attrs, uint8_t *buf,
2583 int len, hwaddr addr1, hwaddr l,
2584 MemoryRegion *mr)
2585{
2586 uint8_t *ptr;
2587 uint64_t val;
2588 MemTxResult result = MEMTX_OK;
2589 bool release_lock = false;
eb7eeb88 2590
a203ac70 2591 for (;;) {
eb7eeb88
PB		 2592 if (!memory_access_is_direct(mr, false)) {
2593 /* I/O case */
2594 release_lock |= prepare_mmio_access(mr);
2595 l = memory_access_size(mr, l, addr1);
2596 switch (l) {
2597 case 8:
2598 /* 64 bit read access */
2599 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2600 attrs);
2601 stq_p(buf, val);
2602 break;
2603 case 4:
2604 /* 32 bit read access */
2605 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2606 attrs);
2607 stl_p(buf, val);
2608 break;
2609 case 2:
2610 /* 16 bit read access */
2611 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2612 attrs);
2613 stw_p(buf, val);
2614 break;
2615 case 1:
2616 /* 8 bit read access */
2617 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2618 attrs);
2619 stb_p(buf, val);
2620 break;
2621 default:
2622 abort();
2623 }
2624 } else {
2625 /* RAM case */
0878d0e1 2626 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2627 memcpy(buf, ptr, l);
2628 }
2629
2630 if (release_lock) {
2631 qemu_mutex_unlock_iothread();
2632 release_lock = false;
2633 }
2634
2635 len -= l;
2636 buf += l;
2637 addr += l;
a203ac70
PB		 2638
2639 if (!len) {
2640 break;
2641 }
2642
2643 l = len;
2644 mr = address_space_translate(as, addr, &addr1, &l, false);
2645 }
2646
2647 return result;
2648}
2649
3cc8f884
PB		 2650MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2651 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2652{
2653 hwaddr l;
2654 hwaddr addr1;
2655 MemoryRegion *mr;
2656 MemTxResult result = MEMTX_OK;
2657
2658 if (len > 0) {
2659 rcu_read_lock();
2660 l = len;
2661 mr = address_space_translate(as, addr, &addr1, &l, false);
2662 result = address_space_read_continue(as, addr, attrs, buf, len,
2663 addr1, l, mr);
2664 rcu_read_unlock();
eb7eeb88 2665 }
eb7eeb88
PB		 2666
2667 return result;
ac1970fb
AK		 2668}
2669
eb7eeb88
PB		 2670MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2671 uint8_t *buf, int len, bool is_write)
2672{
2673 if (is_write) {
2674 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2675 } else {
2676 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2677 }
2678}
ac1970fb 2679
a8170e5e 2680void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2681 int len, int is_write)
2682{
5c9eb028
PM		 2683 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2684 buf, len, is_write);
ac1970fb
AK		 2685}
2686
582b55a9
AG		 2687enum write_rom_type {
2688 WRITE_DATA,
2689 FLUSH_CACHE,
2690};
2691
2a221651 2692static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2693 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2694{
149f54b5 2695 hwaddr l;
d0ecd2aa 2696 uint8_t *ptr;
149f54b5 2697 hwaddr addr1;
5c8a00ce 2698 MemoryRegion *mr;
3b46e624 2699
41063e1e 2700 rcu_read_lock();
d0ecd2aa 2701 while (len > 0) {
149f54b5 2702 l = len;
2a221651 2703 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2704
5c8a00ce
PB		 2705 if (!(memory_region_is_ram(mr) ||
2706 memory_region_is_romd(mr))) {
b242e0e0 2707 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2708 } else {
d0ecd2aa 2709 /* ROM/RAM case */
0878d0e1 2710 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2711 switch (type) {
2712 case WRITE_DATA:
2713 memcpy(ptr, buf, l);
845b6214 2714 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2715 break;
2716 case FLUSH_CACHE:
2717 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2718 break;
2719 }
d0ecd2aa
FB		 2720 }
2721 len -= l;
2722 buf += l;
2723 addr += l;
2724 }
41063e1e 2725 rcu_read_unlock();
d0ecd2aa
FB		 2726}
2727
582b55a9 2728/* used for ROM loading : can write in RAM and ROM */
2a221651 2729void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2730 const uint8_t *buf, int len)
2731{
2a221651 2732 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2733}
2734
2735void cpu_flush_icache_range(hwaddr start, int len)
2736{
2737 /*
2738 * This function should do the same thing as an icache flush that was
2739 * triggered from within the guest. For TCG we are always cache coherent,
2740 * so there is no need to flush anything. For KVM / Xen we need to flush
2741 * the host's instruction cache at least.
2742 */
2743 if (tcg_enabled()) {
2744 return;
2745 }
2746
2a221651
EI		 2747 cpu_physical_memory_write_rom_internal(&address_space_memory,
2748 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2749}
2750
6d16c2f8 2751typedef struct {
d3e71559 2752 MemoryRegion *mr;
6d16c2f8 2753 void *buffer;
a8170e5e
AK		 2754 hwaddr addr;
2755 hwaddr len;
c2cba0ff 2756 bool in_use;
6d16c2f8
AL		 2757} BounceBuffer;
2758
2759static BounceBuffer bounce;
2760
ba223c29 2761typedef struct MapClient {
e95205e1 2762 QEMUBH *bh;
72cf2d4f 2763 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2764} MapClient;
2765
38e047b5 2766QemuMutex map_client_list_lock;
72cf2d4f
BS		 2767static QLIST_HEAD(map_client_list, MapClient) map_client_list
2768 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2769
e95205e1
FZ		 2770static void cpu_unregister_map_client_do(MapClient *client)
2771{
2772 QLIST_REMOVE(client, link);
2773 g_free(client);
2774}
2775
33b6c2ed
FZ		 2776static void cpu_notify_map_clients_locked(void)
2777{
2778 MapClient *client;
2779
2780 while (!QLIST_EMPTY(&map_client_list)) {
2781 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2782 qemu_bh_schedule(client->bh);
2783 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2784 }
2785}
2786
e95205e1 2787void cpu_register_map_client(QEMUBH *bh)
ba223c29 2788{
7267c094 2789 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2790
38e047b5 2791 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2792 client->bh = bh;
72cf2d4f 2793 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2794 if (!atomic_read(&bounce.in_use)) {
2795 cpu_notify_map_clients_locked();
2796 }
38e047b5 2797 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2798}
2799
38e047b5 2800void cpu_exec_init_all(void)
ba223c29 2801{
38e047b5 2802 qemu_mutex_init(&ram_list.mutex);
38e047b5 2803 io_mem_init();
680a4783 2804 memory_map_init();
38e047b5 2805 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2806}
2807
e95205e1 2808void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2809{
2810 MapClient *client;
2811
e95205e1
FZ		 2812 qemu_mutex_lock(&map_client_list_lock);
2813 QLIST_FOREACH(client, &map_client_list, link) {
2814 if (client->bh == bh) {
2815 cpu_unregister_map_client_do(client);
2816 break;
2817 }
ba223c29 2818 }
e95205e1 2819 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2820}
2821
2822static void cpu_notify_map_clients(void)
2823{
38e047b5 2824 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2825 cpu_notify_map_clients_locked();
38e047b5 2826 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2827}
2828
51644ab7
PB		 2829bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2830{
5c8a00ce 2831 MemoryRegion *mr;
51644ab7
PB		 2832 hwaddr l, xlat;
2833
41063e1e 2834 rcu_read_lock();
51644ab7
PB		 2835 while (len > 0) {
2836 l = len;
5c8a00ce
PB		 2837 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2838 if (!memory_access_is_direct(mr, is_write)) {
2839 l = memory_access_size(mr, l, addr);
2840 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2841 return false;
2842 }
2843 }
2844
2845 len -= l;
2846 addr += l;
2847 }
41063e1e 2848 rcu_read_unlock();
51644ab7
PB		 2849 return true;
2850}
2851
6d16c2f8
AL		 2852/* Map a physical memory region into a host virtual address.
2853 * May map a subset of the requested range, given by and returned in *plen.
2854 * May return NULL if resources needed to perform the mapping are exhausted.
2855 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2856 * Use cpu_register_map_client() to know when retrying the map operation is
2857 * likely to succeed.
6d16c2f8 2858 */
ac1970fb 2859void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2860 hwaddr addr,
2861 hwaddr *plen,
ac1970fb 2862 bool is_write)
6d16c2f8 2863{
a8170e5e 2864 hwaddr len = *plen;
e3127ae0
PB		 2865 hwaddr done = 0;
2866 hwaddr l, xlat, base;
2867 MemoryRegion *mr, *this_mr;
e81bcda5 2868 void *ptr;
6d16c2f8 2869
e3127ae0
PB		 2870 if (len == 0) {
2871 return NULL;
2872 }
38bee5dc 2873
e3127ae0 2874 l = len;
41063e1e 2875 rcu_read_lock();
e3127ae0 2876 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2877
e3127ae0 2878 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2879 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2880 rcu_read_unlock();
e3127ae0 2881 return NULL;
6d16c2f8 2882 }
e85d9db5
KW		 2883 /* Avoid unbounded allocations */
2884 l = MIN(l, TARGET_PAGE_SIZE);
2885 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2886 bounce.addr = addr;
2887 bounce.len = l;
d3e71559
PB		 2888
2889 memory_region_ref(mr);
2890 bounce.mr = mr;
e3127ae0 2891 if (!is_write) {
5c9eb028
PM		 2892 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2893 bounce.buffer, l);
8ab934f9 2894 }
6d16c2f8 2895
41063e1e 2896 rcu_read_unlock();
e3127ae0
PB		 2897 *plen = l;
2898 return bounce.buffer;
2899 }
2900
2901 base = xlat;
e3127ae0
PB		 2902
2903 for (;;) {
6d16c2f8
AL		 2904 len -= l;
2905 addr += l;
e3127ae0
PB		 2906 done += l;
2907 if (len == 0) {
2908 break;
2909 }
2910
2911 l = len;
2912 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2913 if (this_mr != mr || xlat != base + done) {
2914 break;
2915 }
6d16c2f8 2916 }
e3127ae0 2917
d3e71559 2918 memory_region_ref(mr);
e3127ae0 2919 *plen = done;
0878d0e1 2920 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2921 rcu_read_unlock();
2922
2923 return ptr;
6d16c2f8
AL		 2924}
2925
ac1970fb 2926/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2927 * Will also mark the memory as dirty if is_write == 1. access_len gives
2928 * the amount of memory that was actually read or written by the caller.
2929 */
a8170e5e
AK		 2930void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2931 int is_write, hwaddr access_len)
6d16c2f8
AL		 2932{
2933 if (buffer != bounce.buffer) {
d3e71559
PB		 2934 MemoryRegion *mr;
2935 ram_addr_t addr1;
2936
07bdaa41 2937 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2938 assert(mr != NULL);
6d16c2f8 2939 if (is_write) {
845b6214 2940 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2941 }
868bb33f 2942 if (xen_enabled()) {
e41d7c69 2943 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2944 }
d3e71559 2945 memory_region_unref(mr);
6d16c2f8
AL		 2946 return;
2947 }
2948 if (is_write) {
5c9eb028
PM		 2949 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2950 bounce.buffer, access_len);
6d16c2f8 2951 }
f8a83245 2952 qemu_vfree(bounce.buffer);
6d16c2f8 2953 bounce.buffer = NULL;
d3e71559 2954 memory_region_unref(bounce.mr);
c2cba0ff 2955 atomic_mb_set(&bounce.in_use, false);
ba223c29 2956 cpu_notify_map_clients();
6d16c2f8 2957}
d0ecd2aa 2958
a8170e5e
AK		 2959void *cpu_physical_memory_map(hwaddr addr,
2960 hwaddr *plen,
ac1970fb
AK		 2961 int is_write)
2962{
2963 return address_space_map(&address_space_memory, addr, plen, is_write);
2964}
2965
a8170e5e
AK		 2966void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2967 int is_write, hwaddr access_len)
ac1970fb
AK		 2968{
2969 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2970}
2971
8df1cd07 2972/* warning: addr must be aligned */
50013115
PM		 2973static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2974 MemTxAttrs attrs,
2975 MemTxResult *result,
2976 enum device_endian endian)
8df1cd07 2977{
8df1cd07 2978 uint8_t *ptr;
791af8c8 2979 uint64_t val;
5c8a00ce 2980 MemoryRegion *mr;
149f54b5
PB		 2981 hwaddr l = 4;
2982 hwaddr addr1;
50013115 2983 MemTxResult r;
4840f10e 2984 bool release_lock = false;
8df1cd07 2985
41063e1e 2986 rcu_read_lock();
fdfba1a2 2987 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2988 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2989 release_lock |= prepare_mmio_access(mr);
125b3806 2990
8df1cd07 2991 /* I/O case */
50013115 2992 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2993#if defined(TARGET_WORDS_BIGENDIAN)
2994 if (endian == DEVICE_LITTLE_ENDIAN) {
2995 val = bswap32(val);
2996 }
2997#else
2998 if (endian == DEVICE_BIG_ENDIAN) {
2999 val = bswap32(val);
3000 }
3001#endif
8df1cd07
FB		 3002 } else {
3003 /* RAM case */
0878d0e1 3004 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3005 switch (endian) {
3006 case DEVICE_LITTLE_ENDIAN:
3007 val = ldl_le_p(ptr);
3008 break;
3009 case DEVICE_BIG_ENDIAN:
3010 val = ldl_be_p(ptr);
3011 break;
3012 default:
3013 val = ldl_p(ptr);
3014 break;
3015 }
50013115
PM		 3016 r = MEMTX_OK;
3017 }
3018 if (result) {
3019 *result = r;
8df1cd07 3020 }
4840f10e
JK		 3021 if (release_lock) {
3022 qemu_mutex_unlock_iothread();
3023 }
41063e1e 3024 rcu_read_unlock();
8df1cd07
FB		 3025 return val;
3026}
3027
50013115
PM		 3028uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3029 MemTxAttrs attrs, MemTxResult *result)
3030{
3031 return address_space_ldl_internal(as, addr, attrs, result,
3032 DEVICE_NATIVE_ENDIAN);
3033}
3034
3035uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3036 MemTxAttrs attrs, MemTxResult *result)
3037{
3038 return address_space_ldl_internal(as, addr, attrs, result,
3039 DEVICE_LITTLE_ENDIAN);
3040}
3041
3042uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3043 MemTxAttrs attrs, MemTxResult *result)
3044{
3045 return address_space_ldl_internal(as, addr, attrs, result,
3046 DEVICE_BIG_ENDIAN);
3047}
3048
fdfba1a2 3049uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3050{
50013115 3051 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3052}
3053
fdfba1a2 3054uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3055{
50013115 3056 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3057}
3058
fdfba1a2 3059uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3060{
50013115 3061 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3062}
3063
84b7b8e7 3064/* warning: addr must be aligned */
50013115
PM		 3065static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3066 MemTxAttrs attrs,
3067 MemTxResult *result,
3068 enum device_endian endian)
84b7b8e7 3069{
84b7b8e7
FB		 3070 uint8_t *ptr;
3071 uint64_t val;
5c8a00ce 3072 MemoryRegion *mr;
149f54b5
PB		 3073 hwaddr l = 8;
3074 hwaddr addr1;
50013115 3075 MemTxResult r;
4840f10e 3076 bool release_lock = false;
84b7b8e7 3077
41063e1e 3078 rcu_read_lock();
2c17449b 3079 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3080 false);
3081 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3082 release_lock |= prepare_mmio_access(mr);
125b3806 3083
84b7b8e7 3084 /* I/O case */
50013115 3085 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3086#if defined(TARGET_WORDS_BIGENDIAN)
3087 if (endian == DEVICE_LITTLE_ENDIAN) {
3088 val = bswap64(val);
3089 }
3090#else
3091 if (endian == DEVICE_BIG_ENDIAN) {
3092 val = bswap64(val);
3093 }
84b7b8e7
FB		 3094#endif
3095 } else {
3096 /* RAM case */
0878d0e1 3097 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3098 switch (endian) {
3099 case DEVICE_LITTLE_ENDIAN:
3100 val = ldq_le_p(ptr);
3101 break;
3102 case DEVICE_BIG_ENDIAN:
3103 val = ldq_be_p(ptr);
3104 break;
3105 default:
3106 val = ldq_p(ptr);
3107 break;
3108 }
50013115
PM		 3109 r = MEMTX_OK;
3110 }
3111 if (result) {
3112 *result = r;
84b7b8e7 3113 }
4840f10e
JK		 3114 if (release_lock) {
3115 qemu_mutex_unlock_iothread();
3116 }
41063e1e 3117 rcu_read_unlock();
84b7b8e7
FB		 3118 return val;
3119}
3120
50013115
PM		 3121uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3122 MemTxAttrs attrs, MemTxResult *result)
3123{
3124 return address_space_ldq_internal(as, addr, attrs, result,
3125 DEVICE_NATIVE_ENDIAN);
3126}
3127
3128uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs, MemTxResult *result)
3130{
3131 return address_space_ldq_internal(as, addr, attrs, result,
3132 DEVICE_LITTLE_ENDIAN);
3133}
3134
3135uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3137{
3138 return address_space_ldq_internal(as, addr, attrs, result,
3139 DEVICE_BIG_ENDIAN);
3140}
3141
2c17449b 3142uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3143{
50013115 3144 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3145}
3146
2c17449b 3147uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3148{
50013115 3149 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3150}
3151
2c17449b 3152uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3153{
50013115 3154 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3155}
3156
aab33094 3157/* XXX: optimize */
50013115
PM		 3158uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3159 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3160{
3161 uint8_t val;
50013115
PM		 3162 MemTxResult r;
3163
3164 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3165 if (result) {
3166 *result = r;
3167 }
aab33094
FB		 3168 return val;
3169}
3170
50013115
PM		 3171uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3172{
3173 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3174}
3175
733f0b02 3176/* warning: addr must be aligned */
50013115
PM		 3177static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3178 hwaddr addr,
3179 MemTxAttrs attrs,
3180 MemTxResult *result,
3181 enum device_endian endian)
aab33094 3182{
733f0b02
MT		 3183 uint8_t *ptr;
3184 uint64_t val;
5c8a00ce 3185 MemoryRegion *mr;
149f54b5
PB		 3186 hwaddr l = 2;
3187 hwaddr addr1;
50013115 3188 MemTxResult r;
4840f10e 3189 bool release_lock = false;
733f0b02 3190
41063e1e 3191 rcu_read_lock();
41701aa4 3192 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3193 false);
3194 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3195 release_lock |= prepare_mmio_access(mr);
125b3806 3196
733f0b02 3197 /* I/O case */
50013115 3198 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3199#if defined(TARGET_WORDS_BIGENDIAN)
3200 if (endian == DEVICE_LITTLE_ENDIAN) {
3201 val = bswap16(val);
3202 }
3203#else
3204 if (endian == DEVICE_BIG_ENDIAN) {
3205 val = bswap16(val);
3206 }
3207#endif
733f0b02
MT		 3208 } else {
3209 /* RAM case */
0878d0e1 3210 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3211 switch (endian) {
3212 case DEVICE_LITTLE_ENDIAN:
3213 val = lduw_le_p(ptr);
3214 break;
3215 case DEVICE_BIG_ENDIAN:
3216 val = lduw_be_p(ptr);
3217 break;
3218 default:
3219 val = lduw_p(ptr);
3220 break;
3221 }
50013115
PM		 3222 r = MEMTX_OK;
3223 }
3224 if (result) {
3225 *result = r;
733f0b02 3226 }
4840f10e
JK		 3227 if (release_lock) {
3228 qemu_mutex_unlock_iothread();
3229 }
41063e1e 3230 rcu_read_unlock();
733f0b02 3231 return val;
aab33094
FB		 3232}
3233
50013115
PM		 3234uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3235 MemTxAttrs attrs, MemTxResult *result)
3236{
3237 return address_space_lduw_internal(as, addr, attrs, result,
3238 DEVICE_NATIVE_ENDIAN);
3239}
3240
3241uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3243{
3244 return address_space_lduw_internal(as, addr, attrs, result,
3245 DEVICE_LITTLE_ENDIAN);
3246}
3247
3248uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3249 MemTxAttrs attrs, MemTxResult *result)
3250{
3251 return address_space_lduw_internal(as, addr, attrs, result,
3252 DEVICE_BIG_ENDIAN);
3253}
3254
41701aa4 3255uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3256{
50013115 3257 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3258}
3259
41701aa4 3260uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3261{
50013115 3262 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3263}
3264
41701aa4 3265uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3266{
50013115 3267 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3268}
3269
8df1cd07
FB		 3270/* warning: addr must be aligned. The ram page is not masked as dirty
3271 and the code inside is not invalidated. It is useful if the dirty
3272 bits are used to track modified PTEs */
50013115
PM		 3273void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3274 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3275{
8df1cd07 3276 uint8_t *ptr;
5c8a00ce 3277 MemoryRegion *mr;
149f54b5
PB		 3278 hwaddr l = 4;
3279 hwaddr addr1;
50013115 3280 MemTxResult r;
845b6214 3281 uint8_t dirty_log_mask;
4840f10e 3282 bool release_lock = false;
8df1cd07 3283
41063e1e 3284 rcu_read_lock();
2198a121 3285 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3286 true);
3287 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3288 release_lock |= prepare_mmio_access(mr);
125b3806 3289
50013115 3290 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3291 } else {
0878d0e1 3292 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3293 stl_p(ptr, val);
74576198 3294
845b6214
PB		 3295 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3296 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3297 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3298 4, dirty_log_mask);
50013115
PM		 3299 r = MEMTX_OK;
3300 }
3301 if (result) {
3302 *result = r;
8df1cd07 3303 }
4840f10e
JK		 3304 if (release_lock) {
3305 qemu_mutex_unlock_iothread();
3306 }
41063e1e 3307 rcu_read_unlock();
8df1cd07
FB		 3308}
3309
50013115
PM		 3310void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3311{
3312 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3313}
3314
8df1cd07 3315/* warning: addr must be aligned */
50013115
PM		 3316static inline void address_space_stl_internal(AddressSpace *as,
3317 hwaddr addr, uint32_t val,
3318 MemTxAttrs attrs,
3319 MemTxResult *result,
3320 enum device_endian endian)
8df1cd07 3321{
8df1cd07 3322 uint8_t *ptr;
5c8a00ce 3323 MemoryRegion *mr;
149f54b5
PB		 3324 hwaddr l = 4;
3325 hwaddr addr1;
50013115 3326 MemTxResult r;
4840f10e 3327 bool release_lock = false;
8df1cd07 3328
41063e1e 3329 rcu_read_lock();
ab1da857 3330 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3331 true);
3332 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3333 release_lock |= prepare_mmio_access(mr);
125b3806 3334
1e78bcc1
AG		 3335#if defined(TARGET_WORDS_BIGENDIAN)
3336 if (endian == DEVICE_LITTLE_ENDIAN) {
3337 val = bswap32(val);
3338 }
3339#else
3340 if (endian == DEVICE_BIG_ENDIAN) {
3341 val = bswap32(val);
3342 }
3343#endif
50013115 3344 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3345 } else {
8df1cd07 3346 /* RAM case */
0878d0e1 3347 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3348 switch (endian) {
3349 case DEVICE_LITTLE_ENDIAN:
3350 stl_le_p(ptr, val);
3351 break;
3352 case DEVICE_BIG_ENDIAN:
3353 stl_be_p(ptr, val);
3354 break;
3355 default:
3356 stl_p(ptr, val);
3357 break;
3358 }
845b6214 3359 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3360 r = MEMTX_OK;
3361 }
3362 if (result) {
3363 *result = r;
8df1cd07 3364 }
4840f10e
JK		 3365 if (release_lock) {
3366 qemu_mutex_unlock_iothread();
3367 }
41063e1e 3368 rcu_read_unlock();
8df1cd07
FB		 3369}
3370
50013115
PM		 3371void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3372 MemTxAttrs attrs, MemTxResult *result)
3373{
3374 address_space_stl_internal(as, addr, val, attrs, result,
3375 DEVICE_NATIVE_ENDIAN);
3376}
3377
3378void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3379 MemTxAttrs attrs, MemTxResult *result)
3380{
3381 address_space_stl_internal(as, addr, val, attrs, result,
3382 DEVICE_LITTLE_ENDIAN);
3383}
3384
3385void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3387{
3388 address_space_stl_internal(as, addr, val, attrs, result,
3389 DEVICE_BIG_ENDIAN);
3390}
3391
ab1da857 3392void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3393{
50013115 3394 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3395}
3396
ab1da857 3397void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3398{
50013115 3399 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3400}
3401
ab1da857 3402void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3403{
50013115 3404 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3405}
3406
aab33094 3407/* XXX: optimize */
50013115
PM		 3408void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3409 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3410{
3411 uint8_t v = val;
50013115
PM		 3412 MemTxResult r;
3413
3414 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3415 if (result) {
3416 *result = r;
3417 }
3418}
3419
3420void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3421{
3422 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3423}
3424
733f0b02 3425/* warning: addr must be aligned */
50013115
PM		 3426static inline void address_space_stw_internal(AddressSpace *as,
3427 hwaddr addr, uint32_t val,
3428 MemTxAttrs attrs,
3429 MemTxResult *result,
3430 enum device_endian endian)
aab33094 3431{
733f0b02 3432 uint8_t *ptr;
5c8a00ce 3433 MemoryRegion *mr;
149f54b5
PB		 3434 hwaddr l = 2;
3435 hwaddr addr1;
50013115 3436 MemTxResult r;
4840f10e 3437 bool release_lock = false;
733f0b02 3438
41063e1e 3439 rcu_read_lock();
5ce5944d 3440 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3441 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3442 release_lock |= prepare_mmio_access(mr);
125b3806 3443
1e78bcc1
AG		 3444#if defined(TARGET_WORDS_BIGENDIAN)
3445 if (endian == DEVICE_LITTLE_ENDIAN) {
3446 val = bswap16(val);
3447 }
3448#else
3449 if (endian == DEVICE_BIG_ENDIAN) {
3450 val = bswap16(val);
3451 }
3452#endif
50013115 3453 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3454 } else {
733f0b02 3455 /* RAM case */
0878d0e1 3456 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3457 switch (endian) {
3458 case DEVICE_LITTLE_ENDIAN:
3459 stw_le_p(ptr, val);
3460 break;
3461 case DEVICE_BIG_ENDIAN:
3462 stw_be_p(ptr, val);
3463 break;
3464 default:
3465 stw_p(ptr, val);
3466 break;
3467 }
845b6214 3468 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3469 r = MEMTX_OK;
3470 }
3471 if (result) {
3472 *result = r;
733f0b02 3473 }
4840f10e
JK		 3474 if (release_lock) {
3475 qemu_mutex_unlock_iothread();
3476 }
41063e1e 3477 rcu_read_unlock();
aab33094
FB		 3478}
3479
50013115
PM		 3480void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3481 MemTxAttrs attrs, MemTxResult *result)
3482{
3483 address_space_stw_internal(as, addr, val, attrs, result,
3484 DEVICE_NATIVE_ENDIAN);
3485}
3486
3487void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
3489{
3490 address_space_stw_internal(as, addr, val, attrs, result,
3491 DEVICE_LITTLE_ENDIAN);
3492}
3493
3494void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3495 MemTxAttrs attrs, MemTxResult *result)
3496{
3497 address_space_stw_internal(as, addr, val, attrs, result,
3498 DEVICE_BIG_ENDIAN);
3499}
3500
5ce5944d 3501void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3502{
50013115 3503 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3504}
3505
5ce5944d 3506void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3507{
50013115 3508 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3509}
3510
5ce5944d 3511void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3512{
50013115 3513 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3514}
3515
aab33094 3516/* XXX: optimize */
50013115
PM		 3517void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3518 MemTxAttrs attrs, MemTxResult *result)
aab33094 3519{
50013115 3520 MemTxResult r;
aab33094 3521 val = tswap64(val);
50013115
PM		 3522 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3523 if (result) {
3524 *result = r;
3525 }
aab33094
FB		 3526}
3527
50013115
PM		 3528void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3529 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3530{
50013115 3531 MemTxResult r;
1e78bcc1 3532 val = cpu_to_le64(val);
50013115
PM		 3533 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3534 if (result) {
3535 *result = r;
3536 }
3537}
3538void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3539 MemTxAttrs attrs, MemTxResult *result)
3540{
3541 MemTxResult r;
3542 val = cpu_to_be64(val);
3543 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3544 if (result) {
3545 *result = r;
3546 }
3547}
3548
3549void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3550{
3551 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3552}
3553
3554void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3555{
3556 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3557}
3558
f606604f 3559void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3560{
50013115 3561 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3562}
3563
5e2972fd 3564/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3565int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3566 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3567{
3568 int l;
a8170e5e 3569 hwaddr phys_addr;
9b3c35e0 3570 target_ulong page;
13eb76e0
FB		 3571
3572 while (len > 0) {
5232e4c7
PM		 3573 int asidx;
3574 MemTxAttrs attrs;
3575
13eb76e0 3576 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3577 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3578 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3579 /* if no physical page mapped, return an error */
3580 if (phys_addr == -1)
3581 return -1;
3582 l = (page + TARGET_PAGE_SIZE) - addr;
3583 if (l > len)
3584 l = len;
5e2972fd 3585 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3586 if (is_write) {
5232e4c7
PM		 3587 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3588 phys_addr, buf, l);
2e38847b 3589 } else {
5232e4c7
PM		 3590 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3591 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3592 buf, l, 0);
2e38847b 3593 }
13eb76e0
FB		 3594 len -= l;
3595 buf += l;
3596 addr += l;
3597 }
3598 return 0;
3599}
038629a6
DDAG		 3600
3601/*
3602 * Allows code that needs to deal with migration bitmaps etc to still be built
3603 * target independent.
3604 */
3605size_t qemu_target_page_bits(void)
3606{
3607 return TARGET_PAGE_BITS;
3608}
3609
a68fe89c 3610#endif
13eb76e0 3611
8e4a424b
BS		 3612/*
3613 * A helper function for the _utterly broken_ virtio device model to find out if
3614 * it's running on a big endian machine. Don't do this at home kids!
3615 */
98ed8ecf
GK		 3616bool target_words_bigendian(void);
3617bool target_words_bigendian(void)
8e4a424b
BS		 3618{
3619#if defined(TARGET_WORDS_BIGENDIAN)
3620 return true;
3621#else
3622 return false;
3623#endif
3624}
3625
76f35538 3626#ifndef CONFIG_USER_ONLY
a8170e5e 3627bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3628{
5c8a00ce 3629 MemoryRegion*mr;
149f54b5 3630 hwaddr l = 1;
41063e1e 3631 bool res;
76f35538 3632
41063e1e 3633 rcu_read_lock();
5c8a00ce
PB		 3634 mr = address_space_translate(&address_space_memory,
3635 phys_addr, &phys_addr, &l, false);
76f35538 3636
41063e1e
PB		 3637 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3638 rcu_read_unlock();
3639 return res;
76f35538 3640}
bd2fa51f 3641
e3807054 3642int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3643{
3644 RAMBlock *block;
e3807054 3645 int ret = 0;
bd2fa51f 3646
0dc3f44a
MD		 3647 rcu_read_lock();
3648 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3649 ret = func(block->idstr, block->host, block->offset,
3650 block->used_length, opaque);
3651 if (ret) {
3652 break;
3653 }
bd2fa51f 3654 }
0dc3f44a 3655 rcu_read_unlock();
e3807054 3656 return ret;
bd2fa51f 3657}
ec3f8c99 3658#endif
QEMU mirror