]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'pmaydell/tags/pull-target-arm-20130715-1' into staging
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
1de7afc9 32#include "qemu/osdep.h"
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
0d09e41a 35#include "hw/xen/xen.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
54936004 48
022c62cb 49#include "exec/cputlb.h"
5b6dd868 50#include "translate-all.h"
0cac1b66 51
022c62cb 52#include "exec/memory-internal.h"
67d95c15 53
db7b5426 54//#define DEBUG_SUBPAGE
1196be37 55
e2eef170 56#if !defined(CONFIG_USER_ONLY)
74576198 57static int in_migration;
94a6b54f 58
a3161038 59RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 60
61static MemoryRegion *system_memory;
309cb471 62static MemoryRegion *system_io;
62152b8a 63
f6790af6
AK		 64AddressSpace address_space_io;
65AddressSpace address_space_memory;
2673a5da 66
0844e007 67MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 68static MemoryRegion io_mem_unassigned;
0e0df1e2 69
e2eef170 70#endif
9fa3e853 71
182735ef 72CPUState *first_cpu;
6a00d601
FB		 73/* current CPU in the current thread. It is only valid inside
74 cpu_exec() */
4917cf44 75DEFINE_TLS(CPUState *, current_cpu);
2e70f6ef 76/* 0 = Do not count executed instructions.
bf20dc07 77 1 = Precise instruction counting.
2e70f6ef 78 2 = Adaptive rate instruction counting. */
5708fc66 79int use_icount;
6a00d601 80
e2eef170 81#if !defined(CONFIG_USER_ONLY)
4346ae3e 82
1db8abb1
PB		 83typedef struct PhysPageEntry PhysPageEntry;
84
85struct PhysPageEntry {
86 uint16_t is_leaf : 1;
87 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
88 uint16_t ptr : 15;
89};
90
0475d94f
PB		 91typedef PhysPageEntry Node[L2_SIZE];
92
1db8abb1
PB		 93struct AddressSpaceDispatch {
94 /* This is a multi-level map on the physical address space.
95 * The bottom level has pointers to MemoryRegionSections.
96 */
97 PhysPageEntry phys_map;
0475d94f
PB		 98 Node *nodes;
99 MemoryRegionSection *sections;
acc9d80b 100 AddressSpace *as;
1db8abb1
PB		 101};
102
90260c6c
JK		 103#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
104typedef struct subpage_t {
105 MemoryRegion iomem;
acc9d80b 106 AddressSpace *as;
90260c6c
JK		 107 hwaddr base;
108 uint16_t sub_section[TARGET_PAGE_SIZE];
109} subpage_t;
110
b41aac4f
LPF		 111#define PHYS_SECTION_UNASSIGNED 0
112#define PHYS_SECTION_NOTDIRTY 1
113#define PHYS_SECTION_ROM 2
114#define PHYS_SECTION_WATCH 3
5312bd8b 115
9affd6fc
PB		 116typedef struct PhysPageMap {
117 unsigned sections_nb;
118 unsigned sections_nb_alloc;
119 unsigned nodes_nb;
120 unsigned nodes_nb_alloc;
121 Node *nodes;
122 MemoryRegionSection *sections;
123} PhysPageMap;
124
6092666e 125static PhysPageMap *prev_map;
9affd6fc 126static PhysPageMap next_map;
d6f2ea22 127
07f07b31 128#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 129
e2eef170 130static void io_mem_init(void);
62152b8a 131static void memory_map_init(void);
8b9c99d9 132static void *qemu_safe_ram_ptr(ram_addr_t addr);
e2eef170 133
1ec9b909 134static MemoryRegion io_mem_watch;
6658ffb8 135#endif
fd6ce8f6 136
6d9a1304 137#if !defined(CONFIG_USER_ONLY)
d6f2ea22 138
f7bf5461 139static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 140{
9affd6fc
PB		 141 if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) {
142 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2,
143 16);
144 next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc,
145 next_map.nodes_nb + nodes);
146 next_map.nodes = g_renew(Node, next_map.nodes,
147 next_map.nodes_nb_alloc);
d6f2ea22 148 }
f7bf5461
AK		 149}
150
151static uint16_t phys_map_node_alloc(void)
152{
153 unsigned i;
154 uint16_t ret;
155
9affd6fc 156 ret = next_map.nodes_nb++;
f7bf5461 157 assert(ret != PHYS_MAP_NODE_NIL);
9affd6fc 158 assert(ret != next_map.nodes_nb_alloc);
d6f2ea22 159 for (i = 0; i < L2_SIZE; ++i) {
9affd6fc
PB		 160 next_map.nodes[ret][i].is_leaf = 0;
161 next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 162 }
f7bf5461 163 return ret;
d6f2ea22
AK		 164}
165
a8170e5e
AK		 166static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
167 hwaddr *nb, uint16_t leaf,
2999097b 168 int level)
f7bf5461
AK		 169{
170 PhysPageEntry *p;
171 int i;
a8170e5e 172 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 173
07f07b31 174 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800 175 lp->ptr = phys_map_node_alloc();
9affd6fc 176 p = next_map.nodes[lp->ptr];
f7bf5461
AK		 177 if (level == 0) {
178 for (i = 0; i < L2_SIZE; i++) {
07f07b31 179 p[i].is_leaf = 1;
b41aac4f 180 p[i].ptr = PHYS_SECTION_UNASSIGNED;
4346ae3e 181 }
67c4d23c 182 }
f7bf5461 183 } else {
9affd6fc 184 p = next_map.nodes[lp->ptr];
92e873b9 185 }
2999097b 186 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 187
2999097b 188 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 189 if ((*index & (step - 1)) == 0 && *nb >= step) {
190 lp->is_leaf = true;
c19e8800 191 lp->ptr = leaf;
07f07b31
AK		 192 *index += step;
193 *nb -= step;
2999097b
AK		 194 } else {
195 phys_page_set_level(lp, index, nb, leaf, level - 1);
196 }
197 ++lp;
f7bf5461
AK		 198 }
199}
200
ac1970fb 201static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 202 hwaddr index, hwaddr nb,
2999097b 203 uint16_t leaf)
f7bf5461 204{
2999097b 205 /* Wildly overreserve - it doesn't matter much. */
07f07b31 206 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 207
ac1970fb 208 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 209}
210
9affd6fc
PB		 211static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index,
212 Node *nodes, MemoryRegionSection *sections)
92e873b9 213{
31ab2b4a
AK		 214 PhysPageEntry *p;
215 int i;
f1f6e3b8 216
07f07b31 217 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 218 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 219 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 220 }
9affd6fc 221 p = nodes[lp.ptr];
31ab2b4a 222 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 223 }
9affd6fc 224 return &sections[lp.ptr];
f3705d53
AK		 225}
226
e5548617
BS		 227bool memory_region_is_unassigned(MemoryRegion *mr)
228{
2a8e7499 229 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 230 && mr != &io_mem_watch;
fd6ce8f6 231}
149f54b5 232
c7086b4a 233static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 234 hwaddr addr,
235 bool resolve_subpage)
9f029603 236{
90260c6c
JK		 237 MemoryRegionSection *section;
238 subpage_t *subpage;
239
0475d94f
PB		 240 section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS,
241 d->nodes, d->sections);
90260c6c
JK		 242 if (resolve_subpage && section->mr->subpage) {
243 subpage = container_of(section->mr, subpage_t, iomem);
0475d94f 244 section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 245 }
246 return section;
9f029603
JK		 247}
248
90260c6c 249static MemoryRegionSection *
c7086b4a 250address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 251 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 252{
253 MemoryRegionSection *section;
254 Int128 diff;
255
c7086b4a 256 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 257 /* Compute offset within MemoryRegionSection */
258 addr -= section->offset_within_address_space;
259
260 /* Compute offset within MemoryRegion */
261 *xlat = addr + section->offset_within_region;
262
263 diff = int128_sub(section->mr->size, int128_make64(addr));
3752a036 264 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
149f54b5
PB		 265 return section;
266}
90260c6c 267
5c8a00ce
PB		 268MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
269 hwaddr *xlat, hwaddr *plen,
270 bool is_write)
90260c6c 271{
30951157
AK		 272 IOMMUTLBEntry iotlb;
273 MemoryRegionSection *section;
274 MemoryRegion *mr;
275 hwaddr len = *plen;
276
277 for (;;) {
c7086b4a 278 section = address_space_translate_internal(as->dispatch, addr, &addr, plen, true);
30951157
AK		 279 mr = section->mr;
280
281 if (!mr->iommu_ops) {
282 break;
283 }
284
285 iotlb = mr->iommu_ops->translate(mr, addr);
286 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
287 | (addr & iotlb.addr_mask));
288 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
289 if (!(iotlb.perm & (1 << is_write))) {
290 mr = &io_mem_unassigned;
291 break;
292 }
293
294 as = iotlb.target_as;
295 }
296
297 *plen = len;
298 *xlat = addr;
299 return mr;
90260c6c
JK		 300}
301
302MemoryRegionSection *
303address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
304 hwaddr *plen)
305{
30951157 306 MemoryRegionSection *section;
c7086b4a 307 section = address_space_translate_internal(as->dispatch, addr, xlat, plen, false);
30951157
AK		 308
309 assert(!section->mr->iommu_ops);
310 return section;
90260c6c 311}
5b6dd868 312#endif
fd6ce8f6 313
5b6dd868 314void cpu_exec_init_all(void)
fdbb84d1 315{
5b6dd868 316#if !defined(CONFIG_USER_ONLY)
b2a8658e 317 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 318 memory_map_init();
319 io_mem_init();
fdbb84d1 320#endif
5b6dd868 321}
fdbb84d1 322
b170fce3 323#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 324
325static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 326{
259186a7 327 CPUState *cpu = opaque;
a513fe19 328
5b6dd868
BS		 329 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
330 version_id is increased. */
259186a7
AF		 331 cpu->interrupt_request &= ~0x01;
332 tlb_flush(cpu->env_ptr, 1);
5b6dd868
BS		 333
334 return 0;
a513fe19 335}
7501267e 336
1a1562f5 337const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 338 .name = "cpu_common",
339 .version_id = 1,
340 .minimum_version_id = 1,
341 .minimum_version_id_old = 1,
342 .post_load = cpu_common_post_load,
343 .fields = (VMStateField []) {
259186a7
AF		 344 VMSTATE_UINT32(halted, CPUState),
345 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868
BS		 346 VMSTATE_END_OF_LIST()
347 }
348};
1a1562f5 349
5b6dd868 350#endif
ea041c0e 351
38d8f5c8 352CPUState *qemu_get_cpu(int index)
ea041c0e 353{
182735ef 354 CPUState *cpu = first_cpu;
ea041c0e 355
182735ef 356 while (cpu) {
55e5c285 357 if (cpu->cpu_index == index) {
5b6dd868 358 break;
55e5c285 359 }
182735ef 360 cpu = cpu->next_cpu;
ea041c0e 361 }
5b6dd868 362
182735ef 363 return cpu;
ea041c0e
FB		 364}
365
d6b9e0d6
MT		 366void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
367{
182735ef 368 CPUState *cpu;
d6b9e0d6 369
182735ef
AF		 370 cpu = first_cpu;
371 while (cpu) {
372 func(cpu, data);
373 cpu = cpu->next_cpu;
d6b9e0d6
MT		 374 }
375}
376
5b6dd868 377void cpu_exec_init(CPUArchState *env)
ea041c0e 378{
5b6dd868 379 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 380 CPUClass *cc = CPU_GET_CLASS(cpu);
182735ef 381 CPUState **pcpu;
5b6dd868
BS		 382 int cpu_index;
383
384#if defined(CONFIG_USER_ONLY)
385 cpu_list_lock();
386#endif
182735ef
AF		 387 cpu->next_cpu = NULL;
388 pcpu = &first_cpu;
5b6dd868 389 cpu_index = 0;
182735ef
AF		 390 while (*pcpu != NULL) {
391 pcpu = &(*pcpu)->next_cpu;
5b6dd868
BS		 392 cpu_index++;
393 }
55e5c285 394 cpu->cpu_index = cpu_index;
1b1ed8dc 395 cpu->numa_node = 0;
5b6dd868
BS		 396 QTAILQ_INIT(&env->breakpoints);
397 QTAILQ_INIT(&env->watchpoints);
398#ifndef CONFIG_USER_ONLY
399 cpu->thread_id = qemu_get_thread_id();
400#endif
182735ef 401 *pcpu = cpu;
5b6dd868
BS		 402#if defined(CONFIG_USER_ONLY)
403 cpu_list_unlock();
404#endif
259186a7 405 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
5b6dd868 406#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 407 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
408 cpu_save, cpu_load, env);
b170fce3 409 assert(cc->vmsd == NULL);
5b6dd868 410#endif
b170fce3
AF		 411 if (cc->vmsd != NULL) {
412 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
413 }
ea041c0e
FB		 414}
415
1fddef4b 416#if defined(TARGET_HAS_ICE)
94df27fd 417#if defined(CONFIG_USER_ONLY)
9349b4f9 418static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 419{
420 tb_invalidate_phys_page_range(pc, pc + 1, 0);
421}
422#else
1e7855a5
MF		 423static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
424{
9d70c4b7
MF		 425 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
426 (pc & ~TARGET_PAGE_MASK));
1e7855a5 427}
c27004ec 428#endif
94df27fd 429#endif /* TARGET_HAS_ICE */
d720b93d 430
c527ee8f 431#if defined(CONFIG_USER_ONLY)
9349b4f9 432void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 433
434{
435}
436
9349b4f9 437int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 438 int flags, CPUWatchpoint **watchpoint)
439{
440 return -ENOSYS;
441}
442#else
6658ffb8 443/* Add a watchpoint. */
9349b4f9 444int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 445 int flags, CPUWatchpoint **watchpoint)
6658ffb8 446{
b4051334 447 target_ulong len_mask = ~(len - 1);
c0ce998e 448 CPUWatchpoint *wp;
6658ffb8 449
b4051334 450 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 451 if ((len & (len - 1)) || (addr & ~len_mask) ||
452 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 453 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
454 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
455 return -EINVAL;
456 }
7267c094 457 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 458
459 wp->vaddr = addr;
b4051334 460 wp->len_mask = len_mask;
a1d1bb31
AL		 461 wp->flags = flags;
462
2dc9f411 463 /* keep all GDB-injected watchpoints in front */
c0ce998e 464 if (flags & BP_GDB)
72cf2d4f 465 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 466 else
72cf2d4f 467 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 468
6658ffb8 469 tlb_flush_page(env, addr);
a1d1bb31
AL		 470
471 if (watchpoint)
472 *watchpoint = wp;
473 return 0;
6658ffb8
PB		 474}
475
a1d1bb31 476/* Remove a specific watchpoint. */
9349b4f9 477int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 478 int flags)
6658ffb8 479{
b4051334 480 target_ulong len_mask = ~(len - 1);
a1d1bb31 481 CPUWatchpoint *wp;
6658ffb8 482
72cf2d4f 483 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 484 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 485 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 486 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 487 return 0;
488 }
489 }
a1d1bb31 490 return -ENOENT;
6658ffb8
PB		 491}
492
a1d1bb31 493/* Remove a specific watchpoint by reference. */
9349b4f9 494void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 495{
72cf2d4f 496 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 497
a1d1bb31
AL		 498 tlb_flush_page(env, watchpoint->vaddr);
499
7267c094 500 g_free(watchpoint);
a1d1bb31
AL		 501}
502
503/* Remove all matching watchpoints. */
9349b4f9 504void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 505{
c0ce998e 506 CPUWatchpoint *wp, *next;
a1d1bb31 507
72cf2d4f 508 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 509 if (wp->flags & mask)
510 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 511 }
7d03f82f 512}
c527ee8f 513#endif
7d03f82f 514
a1d1bb31 515/* Add a breakpoint. */
9349b4f9 516int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 517 CPUBreakpoint **breakpoint)
4c3a88a2 518{
1fddef4b 519#if defined(TARGET_HAS_ICE)
c0ce998e 520 CPUBreakpoint *bp;
3b46e624 521
7267c094 522 bp = g_malloc(sizeof(*bp));
4c3a88a2 523
a1d1bb31
AL		 524 bp->pc = pc;
525 bp->flags = flags;
526
2dc9f411 527 /* keep all GDB-injected breakpoints in front */
c0ce998e 528 if (flags & BP_GDB)
72cf2d4f 529 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 530 else
72cf2d4f 531 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 532
d720b93d 533 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 534
535 if (breakpoint)
536 *breakpoint = bp;
4c3a88a2
FB		 537 return 0;
538#else
a1d1bb31 539 return -ENOSYS;
4c3a88a2
FB		 540#endif
541}
542
a1d1bb31 543/* Remove a specific breakpoint. */
9349b4f9 544int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 545{
7d03f82f 546#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 547 CPUBreakpoint *bp;
548
72cf2d4f 549 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 550 if (bp->pc == pc && bp->flags == flags) {
551 cpu_breakpoint_remove_by_ref(env, bp);
552 return 0;
553 }
7d03f82f 554 }
a1d1bb31
AL		 555 return -ENOENT;
556#else
557 return -ENOSYS;
7d03f82f
EI		 558#endif
559}
560
a1d1bb31 561/* Remove a specific breakpoint by reference. */
9349b4f9 562void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 563{
1fddef4b 564#if defined(TARGET_HAS_ICE)
72cf2d4f 565 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 566
a1d1bb31
AL		 567 breakpoint_invalidate(env, breakpoint->pc);
568
7267c094 569 g_free(breakpoint);
a1d1bb31
AL		 570#endif
571}
572
573/* Remove all matching breakpoints. */
9349b4f9 574void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 575{
576#if defined(TARGET_HAS_ICE)
c0ce998e 577 CPUBreakpoint *bp, *next;
a1d1bb31 578
72cf2d4f 579 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 580 if (bp->flags & mask)
581 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 582 }
4c3a88a2
FB		 583#endif
584}
585
c33a346e
FB		 586/* enable or disable single step mode. EXCP_DEBUG is returned by the
587 CPU loop after each instruction */
9349b4f9 588void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 589{
1fddef4b 590#if defined(TARGET_HAS_ICE)
c33a346e
FB		 591 if (env->singlestep_enabled != enabled) {
592 env->singlestep_enabled = enabled;
e22a25c9
AL		 593 if (kvm_enabled())
594 kvm_update_guest_debug(env, 0);
595 else {
ccbb4d44 596 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 597 /* XXX: only flush what is necessary */
598 tb_flush(env);
599 }
c33a346e
FB		 600 }
601#endif
602}
603
9349b4f9 604void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e 605{
878096ee 606 CPUState *cpu = ENV_GET_CPU(env);
7501267e 607 va_list ap;
493ae1f0 608 va_list ap2;
7501267e
FB		 609
610 va_start(ap, fmt);
493ae1f0 611 va_copy(ap2, ap);
7501267e
FB		 612 fprintf(stderr, "qemu: fatal: ");
613 vfprintf(stderr, fmt, ap);
614 fprintf(stderr, "\n");
878096ee 615 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 616 if (qemu_log_enabled()) {
617 qemu_log("qemu: fatal: ");
618 qemu_log_vprintf(fmt, ap2);
619 qemu_log("\n");
a0762859 620 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 621 qemu_log_flush();
93fcfe39 622 qemu_log_close();
924edcae 623 }
493ae1f0 624 va_end(ap2);
f9373291 625 va_end(ap);
fd052bf6
RV		 626#if defined(CONFIG_USER_ONLY)
627 {
628 struct sigaction act;
629 sigfillset(&act.sa_mask);
630 act.sa_handler = SIG_DFL;
631 sigaction(SIGABRT, &act, NULL);
632 }
633#endif
7501267e
FB		 634 abort();
635}
636
9349b4f9 637CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 638{
9349b4f9 639 CPUArchState *new_env = cpu_init(env->cpu_model_str);
5a38f081
AL		 640#if defined(TARGET_HAS_ICE)
641 CPUBreakpoint *bp;
642 CPUWatchpoint *wp;
643#endif
644
9349b4f9 645 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081 646
5a38f081
AL		 647 /* Clone all break/watchpoints.
648 Note: Once we support ptrace with hw-debug register access, make sure
649 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 650 QTAILQ_INIT(&env->breakpoints);
651 QTAILQ_INIT(&env->watchpoints);
5a38f081 652#if defined(TARGET_HAS_ICE)
72cf2d4f 653 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 654 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
655 }
72cf2d4f 656 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 657 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
658 wp->flags, NULL);
659 }
660#endif
661
c5be9f08
TS		 662 return new_env;
663}
664
0124311e 665#if !defined(CONFIG_USER_ONLY)
d24981d3
JQ		 666static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
667 uintptr_t length)
668{
669 uintptr_t start1;
670
671 /* we modify the TLB cache so that the dirty bit will be set again
672 when accessing the range */
673 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
674 /* Check that we don't span multiple blocks - this breaks the
675 address comparisons below. */
676 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
677 != (end - 1) - start) {
678 abort();
679 }
680 cpu_tlb_reset_dirty_all(start1, length);
681
682}
683
5579c7f3 684/* Note: start and end must be within the same ram block. */
c227f099 685void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 686 int dirty_flags)
1ccde1cb 687{
d24981d3 688 uintptr_t length;
1ccde1cb
FB		 689
690 start &= TARGET_PAGE_MASK;
691 end = TARGET_PAGE_ALIGN(end);
692
693 length = end - start;
694 if (length == 0)
695 return;
f7c11b53 696 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 697
d24981d3
JQ		 698 if (tcg_enabled()) {
699 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 700 }
1ccde1cb
FB		 701}
702
8b9c99d9 703static int cpu_physical_memory_set_dirty_tracking(int enable)
74576198 704{
f6f3fbca 705 int ret = 0;
74576198 706 in_migration = enable;
f6f3fbca 707 return ret;
74576198
AL		 708}
709
a8170e5e 710hwaddr memory_region_section_get_iotlb(CPUArchState *env,
149f54b5
PB		 711 MemoryRegionSection *section,
712 target_ulong vaddr,
713 hwaddr paddr, hwaddr xlat,
714 int prot,
715 target_ulong *address)
e5548617 716{
a8170e5e 717 hwaddr iotlb;
e5548617
BS		 718 CPUWatchpoint *wp;
719
cc5bea60 720 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 721 /* Normal RAM. */
722 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 723 + xlat;
e5548617 724 if (!section->readonly) {
b41aac4f 725 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 726 } else {
b41aac4f 727 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 728 }
729 } else {
0475d94f 730 iotlb = section - address_space_memory.dispatch->sections;
149f54b5 731 iotlb += xlat;
e5548617
BS		 732 }
733
734 /* Make accesses to pages with watchpoints go via the
735 watchpoint trap routines. */
736 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
737 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
738 /* Avoid trapping reads of pages with a write breakpoint. */
739 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 740 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 741 *address |= TLB_MMIO;
742 break;
743 }
744 }
745 }
746
747 return iotlb;
748}
9fa3e853
FB		 749#endif /* defined(CONFIG_USER_ONLY) */
750
e2eef170 751#if !defined(CONFIG_USER_ONLY)
8da3ff18 752
c227f099 753static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 754 uint16_t section);
acc9d80b 755static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 756
5312bd8b
AK		 757static uint16_t phys_section_add(MemoryRegionSection *section)
758{
68f3f65b
PB		 759 /* The physical section number is ORed with a page-aligned
760 * pointer to produce the iotlb entries. Thus it should
761 * never overflow into the page-aligned value.
762 */
9affd6fc 763 assert(next_map.sections_nb < TARGET_PAGE_SIZE);
68f3f65b 764
9affd6fc
PB		 765 if (next_map.sections_nb == next_map.sections_nb_alloc) {
766 next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2,
767 16);
768 next_map.sections = g_renew(MemoryRegionSection, next_map.sections,
769 next_map.sections_nb_alloc);
5312bd8b 770 }
9affd6fc 771 next_map.sections[next_map.sections_nb] = *section;
dfde4e6e 772 memory_region_ref(section->mr);
9affd6fc 773 return next_map.sections_nb++;
5312bd8b
AK		 774}
775
058bc4b5
PB		 776static void phys_section_destroy(MemoryRegion *mr)
777{
dfde4e6e
PB		 778 memory_region_unref(mr);
779
058bc4b5
PB		 780 if (mr->subpage) {
781 subpage_t *subpage = container_of(mr, subpage_t, iomem);
782 memory_region_destroy(&subpage->iomem);
783 g_free(subpage);
784 }
785}
786
6092666e 787static void phys_sections_free(PhysPageMap *map)
5312bd8b 788{
9affd6fc
PB		 789 while (map->sections_nb > 0) {
790 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 791 phys_section_destroy(section->mr);
792 }
9affd6fc
PB		 793 g_free(map->sections);
794 g_free(map->nodes);
6092666e 795 g_free(map);
5312bd8b
AK		 796}
797
ac1970fb 798static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 799{
800 subpage_t *subpage;
a8170e5e 801 hwaddr base = section->offset_within_address_space
0f0cb164 802 & TARGET_PAGE_MASK;
9affd6fc
PB		 803 MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS,
804 next_map.nodes, next_map.sections);
0f0cb164
AK		 805 MemoryRegionSection subsection = {
806 .offset_within_address_space = base,
052e87b0 807 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 808 };
a8170e5e 809 hwaddr start, end;
0f0cb164 810
f3705d53 811 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 812
f3705d53 813 if (!(existing->mr->subpage)) {
acc9d80b 814 subpage = subpage_init(d->as, base);
0f0cb164 815 subsection.mr = &subpage->iomem;
ac1970fb 816 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 817 phys_section_add(&subsection));
0f0cb164 818 } else {
f3705d53 819 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 820 }
821 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 822 end = start + int128_get64(section->size) - 1;
0f0cb164
AK		 823 subpage_register(subpage, start, end, phys_section_add(section));
824}
825
826
052e87b0
PB		 827static void register_multipage(AddressSpaceDispatch *d,
828 MemoryRegionSection *section)
33417e70 829{
a8170e5e 830 hwaddr start_addr = section->offset_within_address_space;
5312bd8b 831 uint16_t section_index = phys_section_add(section);
052e87b0
PB		 832 uint64_t num_pages = int128_get64(int128_rshift(section->size,
833 TARGET_PAGE_BITS));
dd81124b 834
733d5ef5
PB		 835 assert(num_pages);
836 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 837}
838
ac1970fb 839static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 840{
89ae337a 841 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 842 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 843 MemoryRegionSection now = *section, remain = *section;
052e87b0 844 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 845
733d5ef5
PB		 846 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
847 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
848 - now.offset_within_address_space;
849
052e87b0 850 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 851 register_subpage(d, &now);
733d5ef5 852 } else {
052e87b0 853 now.size = int128_zero();
733d5ef5 854 }
052e87b0
PB		 855 while (int128_ne(remain.size, now.size)) {
856 remain.size = int128_sub(remain.size, now.size);
857 remain.offset_within_address_space += int128_get64(now.size);
858 remain.offset_within_region += int128_get64(now.size);
69b67646 859 now = remain;
052e87b0 860 if (int128_lt(remain.size, page_size)) {
733d5ef5
PB		 861 register_subpage(d, &now);
862 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
052e87b0 863 now.size = page_size;
ac1970fb 864 register_subpage(d, &now);
69b67646 865 } else {
052e87b0 866 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 867 register_multipage(d, &now);
69b67646 868 }
0f0cb164
AK		 869 }
870}
871
62a2744c
SY		 872void qemu_flush_coalesced_mmio_buffer(void)
873{
874 if (kvm_enabled())
875 kvm_flush_coalesced_mmio_buffer();
876}
877
b2a8658e
UD		 878void qemu_mutex_lock_ramlist(void)
879{
880 qemu_mutex_lock(&ram_list.mutex);
881}
882
883void qemu_mutex_unlock_ramlist(void)
884{
885 qemu_mutex_unlock(&ram_list.mutex);
886}
887
c902760f
MT		 888#if defined(__linux__) && !defined(TARGET_S390X)
889
890#include <sys/vfs.h>
891
892#define HUGETLBFS_MAGIC 0x958458f6
893
894static long gethugepagesize(const char *path)
895{
896 struct statfs fs;
897 int ret;
898
899 do {
9742bf26 900 ret = statfs(path, &fs);
c902760f
MT		 901 } while (ret != 0 && errno == EINTR);
902
903 if (ret != 0) {
9742bf26
YT		 904 perror(path);
905 return 0;
c902760f
MT		 906 }
907
908 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 909 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 910
911 return fs.f_bsize;
912}
913
04b16653
AW		 914static void *file_ram_alloc(RAMBlock *block,
915 ram_addr_t memory,
916 const char *path)
c902760f
MT		 917{
918 char *filename;
8ca761f6
PF		 919 char *sanitized_name;
920 char *c;
c902760f
MT		 921 void *area;
922 int fd;
923#ifdef MAP_POPULATE
924 int flags;
925#endif
926 unsigned long hpagesize;
927
928 hpagesize = gethugepagesize(path);
929 if (!hpagesize) {
9742bf26 930 return NULL;
c902760f
MT		 931 }
932
933 if (memory < hpagesize) {
934 return NULL;
935 }
936
937 if (kvm_enabled() && !kvm_has_sync_mmu()) {
938 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
939 return NULL;
940 }
941
8ca761f6
PF		 942 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
943 sanitized_name = g_strdup(block->mr->name);
944 for (c = sanitized_name; *c != '\0'; c++) {
945 if (*c == '/')
946 *c = '_';
947 }
948
949 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
950 sanitized_name);
951 g_free(sanitized_name);
c902760f
MT		 952
953 fd = mkstemp(filename);
954 if (fd < 0) {
9742bf26 955 perror("unable to create backing store for hugepages");
e4ada482 956 g_free(filename);
9742bf26 957 return NULL;
c902760f
MT		 958 }
959 unlink(filename);
e4ada482 960 g_free(filename);
c902760f
MT		 961
962 memory = (memory+hpagesize-1) & ~(hpagesize-1);
963
964 /*
965 * ftruncate is not supported by hugetlbfs in older
966 * hosts, so don't bother bailing out on errors.
967 * If anything goes wrong with it under other filesystems,
968 * mmap will fail.
969 */
970 if (ftruncate(fd, memory))
9742bf26 971 perror("ftruncate");
c902760f
MT		 972
973#ifdef MAP_POPULATE
974 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
975 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
976 * to sidestep this quirk.
977 */
978 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
979 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
980#else
981 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
982#endif
983 if (area == MAP_FAILED) {
9742bf26
YT		 984 perror("file_ram_alloc: can't mmap RAM pages");
985 close(fd);
986 return (NULL);
c902760f 987 }
04b16653 988 block->fd = fd;
c902760f
MT		 989 return area;
990}
991#endif
992
d17b5288 993static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 994{
995 RAMBlock *block, *next_block;
3e837b2c 996 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 997
49cd9ac6
SH		 998 assert(size != 0); /* it would hand out same offset multiple times */
999
a3161038 1000 if (QTAILQ_EMPTY(&ram_list.blocks))
04b16653
AW		 1001 return 0;
1002
a3161038 1003 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 1004 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 1005
1006 end = block->offset + block->length;
1007
a3161038 1008 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
04b16653
AW		 1009 if (next_block->offset >= end) {
1010 next = MIN(next, next_block->offset);
1011 }
1012 }
1013 if (next - end >= size && next - end < mingap) {
3e837b2c 1014 offset = end;
04b16653
AW		 1015 mingap = next - end;
1016 }
1017 }
3e837b2c
AW		 1018
1019 if (offset == RAM_ADDR_MAX) {
1020 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1021 (uint64_t)size);
1022 abort();
1023 }
1024
04b16653
AW		 1025 return offset;
1026}
1027
652d7ec2 1028ram_addr_t last_ram_offset(void)
d17b5288
AW		 1029{
1030 RAMBlock *block;
1031 ram_addr_t last = 0;
1032
a3161038 1033 QTAILQ_FOREACH(block, &ram_list.blocks, next)
d17b5288
AW		 1034 last = MAX(last, block->offset + block->length);
1035
1036 return last;
1037}
1038
ddb97f1d
JB		 1039static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1040{
1041 int ret;
ddb97f1d
JB		 1042
1043 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2ff3de68
MA		 1044 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1045 "dump-guest-core", true)) {
ddb97f1d
JB		 1046 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1047 if (ret) {
1048 perror("qemu_madvise");
1049 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1050 "but dump_guest_core=off specified\n");
1051 }
1052 }
1053}
1054
c5705a77 1055void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 1056{
1057 RAMBlock *new_block, *block;
1058
c5705a77 1059 new_block = NULL;
a3161038 1060 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77
AK		 1061 if (block->offset == addr) {
1062 new_block = block;
1063 break;
1064 }
1065 }
1066 assert(new_block);
1067 assert(!new_block->idstr[0]);
84b89d78 1068
09e5ab63
AL		 1069 if (dev) {
1070 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1071 if (id) {
1072 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1073 g_free(id);
84b89d78
CM		 1074 }
1075 }
1076 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1077
b2a8658e
UD		 1078 /* This assumes the iothread lock is taken here too. */
1079 qemu_mutex_lock_ramlist();
a3161038 1080 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77 1081 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1082 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1083 new_block->idstr);
1084 abort();
1085 }
1086 }
b2a8658e 1087 qemu_mutex_unlock_ramlist();
c5705a77
AK		 1088}
1089
8490fc78
LC		 1090static int memory_try_enable_merging(void *addr, size_t len)
1091{
2ff3de68 1092 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
8490fc78
LC		 1093 /* disabled by the user */
1094 return 0;
1095 }
1096
1097 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1098}
1099
c5705a77
AK		 1100ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1101 MemoryRegion *mr)
1102{
abb26d63 1103 RAMBlock *block, *new_block;
c5705a77
AK		 1104
1105 size = TARGET_PAGE_ALIGN(size);
1106 new_block = g_malloc0(sizeof(*new_block));
84b89d78 1107
b2a8658e
UD		 1108 /* This assumes the iothread lock is taken here too. */
1109 qemu_mutex_lock_ramlist();
7c637366 1110 new_block->mr = mr;
432d268c 1111 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 1112 if (host) {
1113 new_block->host = host;
cd19cfa2 1114 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 1115 } else {
1116 if (mem_path) {
c902760f 1117#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 1118 new_block->host = file_ram_alloc(new_block, size, mem_path);
1119 if (!new_block->host) {
6eebf958 1120 new_block->host = qemu_anon_ram_alloc(size);
8490fc78 1121 memory_try_enable_merging(new_block->host, size);
6977dfe6 1122 }
c902760f 1123#else
6977dfe6
YT		 1124 fprintf(stderr, "-mem-path option unsupported\n");
1125 exit(1);
c902760f 1126#endif
6977dfe6 1127 } else {
868bb33f 1128 if (xen_enabled()) {
fce537d4 1129 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 1130 } else if (kvm_enabled()) {
1131 /* some s390/kvm configurations have special constraints */
6eebf958 1132 new_block->host = kvm_ram_alloc(size);
432d268c 1133 } else {
6eebf958 1134 new_block->host = qemu_anon_ram_alloc(size);
432d268c 1135 }
8490fc78 1136 memory_try_enable_merging(new_block->host, size);
6977dfe6 1137 }
c902760f 1138 }
94a6b54f
PB		 1139 new_block->length = size;
1140
abb26d63
PB		 1141 /* Keep the list sorted from biggest to smallest block. */
1142 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1143 if (block->length < new_block->length) {
1144 break;
1145 }
1146 }
1147 if (block) {
1148 QTAILQ_INSERT_BEFORE(block, new_block, next);
1149 } else {
1150 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1151 }
0d6d3c87 1152 ram_list.mru_block = NULL;
94a6b54f 1153
f798b07f 1154 ram_list.version++;
b2a8658e 1155 qemu_mutex_unlock_ramlist();
f798b07f 1156
7267c094 1157 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 1158 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 1159 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1160 0, size >> TARGET_PAGE_BITS);
1720aeee 1161 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 1162
ddb97f1d 1163 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 1164 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 1165
6f0437e8
JK		 1166 if (kvm_enabled())
1167 kvm_setup_guest_memory(new_block->host, size);
1168
94a6b54f
PB		 1169 return new_block->offset;
1170}
e9a1ab19 1171
c5705a77 1172ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 1173{
c5705a77 1174 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 1175}
1176
1f2e98b6
AW		 1177void qemu_ram_free_from_ptr(ram_addr_t addr)
1178{
1179 RAMBlock *block;
1180
b2a8658e
UD		 1181 /* This assumes the iothread lock is taken here too. */
1182 qemu_mutex_lock_ramlist();
a3161038 1183 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1f2e98b6 1184 if (addr == block->offset) {
a3161038 1185 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1186 ram_list.mru_block = NULL;
f798b07f 1187 ram_list.version++;
7267c094 1188 g_free(block);
b2a8658e 1189 break;
1f2e98b6
AW		 1190 }
1191 }
b2a8658e 1192 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1193}
1194
c227f099 1195void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1196{
04b16653
AW		 1197 RAMBlock *block;
1198
b2a8658e
UD		 1199 /* This assumes the iothread lock is taken here too. */
1200 qemu_mutex_lock_ramlist();
a3161038 1201 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
04b16653 1202 if (addr == block->offset) {
a3161038 1203 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1204 ram_list.mru_block = NULL;
f798b07f 1205 ram_list.version++;
cd19cfa2
HY		 1206 if (block->flags & RAM_PREALLOC_MASK) {
1207 ;
1208 } else if (mem_path) {
04b16653
AW		 1209#if defined (__linux__) && !defined(TARGET_S390X)
1210 if (block->fd) {
1211 munmap(block->host, block->length);
1212 close(block->fd);
1213 } else {
e7a09b92 1214 qemu_anon_ram_free(block->host, block->length);
04b16653 1215 }
fd28aa13
JK		 1216#else
1217 abort();
04b16653
AW		 1218#endif
1219 } else {
868bb33f 1220 if (xen_enabled()) {
e41d7c69 1221 xen_invalidate_map_cache_entry(block->host);
432d268c 1222 } else {
e7a09b92 1223 qemu_anon_ram_free(block->host, block->length);
432d268c 1224 }
04b16653 1225 }
7267c094 1226 g_free(block);
b2a8658e 1227 break;
04b16653
AW		 1228 }
1229 }
b2a8658e 1230 qemu_mutex_unlock_ramlist();
04b16653 1231
e9a1ab19
FB		 1232}
1233
cd19cfa2
HY		 1234#ifndef _WIN32
1235void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1236{
1237 RAMBlock *block;
1238 ram_addr_t offset;
1239 int flags;
1240 void *area, *vaddr;
1241
a3161038 1242 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
cd19cfa2
HY		 1243 offset = addr - block->offset;
1244 if (offset < block->length) {
1245 vaddr = block->host + offset;
1246 if (block->flags & RAM_PREALLOC_MASK) {
1247 ;
1248 } else {
1249 flags = MAP_FIXED;
1250 munmap(vaddr, length);
1251 if (mem_path) {
1252#if defined(__linux__) && !defined(TARGET_S390X)
1253 if (block->fd) {
1254#ifdef MAP_POPULATE
1255 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1256 MAP_PRIVATE;
1257#else
1258 flags |= MAP_PRIVATE;
1259#endif
1260 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1261 flags, block->fd, offset);
1262 } else {
1263 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1264 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1265 flags, -1, 0);
1266 }
fd28aa13
JK		 1267#else
1268 abort();
cd19cfa2
HY		 1269#endif
1270 } else {
1271#if defined(TARGET_S390X) && defined(CONFIG_KVM)
1272 flags |= MAP_SHARED | MAP_ANONYMOUS;
1273 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1274 flags, -1, 0);
1275#else
1276 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1277 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1278 flags, -1, 0);
1279#endif
1280 }
1281 if (area != vaddr) {
f15fbc4b
AP		 1282 fprintf(stderr, "Could not remap addr: "
1283 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1284 length, addr);
1285 exit(1);
1286 }
8490fc78 1287 memory_try_enable_merging(vaddr, length);
ddb97f1d 1288 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 1289 }
1290 return;
1291 }
1292 }
1293}
1294#endif /* !_WIN32 */
1295
1b5ec234 1296static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
dc828ca1 1297{
94a6b54f
PB		 1298 RAMBlock *block;
1299
b2a8658e 1300 /* The list is protected by the iothread lock here. */
0d6d3c87
PB		 1301 block = ram_list.mru_block;
1302 if (block && addr - block->offset < block->length) {
1303 goto found;
1304 }
a3161038 1305 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f471a17e 1306 if (addr - block->offset < block->length) {
0d6d3c87 1307 goto found;
f471a17e 1308 }
94a6b54f 1309 }
f471a17e
AW		 1310
1311 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1312 abort();
1313
0d6d3c87
PB		 1314found:
1315 ram_list.mru_block = block;
1b5ec234
PB		 1316 return block;
1317}
1318
1319/* Return a host pointer to ram allocated with qemu_ram_alloc.
1320 With the exception of the softmmu code in this file, this should
1321 only be used for local memory (e.g. video ram) that the device owns,
1322 and knows it isn't going to access beyond the end of the block.
1323
1324 It should not be used for general purpose DMA.
1325 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1326 */
1327void *qemu_get_ram_ptr(ram_addr_t addr)
1328{
1329 RAMBlock *block = qemu_get_ram_block(addr);
1330
0d6d3c87
PB		 1331 if (xen_enabled()) {
1332 /* We need to check if the requested address is in the RAM
1333 * because we don't want to map the entire memory in QEMU.
1334 * In that case just map until the end of the page.
1335 */
1336 if (block->offset == 0) {
1337 return xen_map_cache(addr, 0, 0);
1338 } else if (block->host == NULL) {
1339 block->host =
1340 xen_map_cache(block->offset, block->length, 1);
1341 }
1342 }
1343 return block->host + (addr - block->offset);
dc828ca1
PB		 1344}
1345
0d6d3c87
PB		 1346/* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1347 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1348 *
1349 * ??? Is this still necessary?
b2e0a138 1350 */
8b9c99d9 1351static void *qemu_safe_ram_ptr(ram_addr_t addr)
b2e0a138
MT		 1352{
1353 RAMBlock *block;
1354
b2a8658e 1355 /* The list is protected by the iothread lock here. */
a3161038 1356 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
b2e0a138 1357 if (addr - block->offset < block->length) {
868bb33f 1358 if (xen_enabled()) {
432d268c
JN		 1359 /* We need to check if the requested address is in the RAM
1360 * because we don't want to map the entire memory in QEMU.
712c2b41 1361 * In that case just map until the end of the page.
432d268c
JN		 1362 */
1363 if (block->offset == 0) {
e41d7c69 1364 return xen_map_cache(addr, 0, 0);
432d268c 1365 } else if (block->host == NULL) {
e41d7c69
JK		 1366 block->host =
1367 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 1368 }
1369 }
b2e0a138
MT		 1370 return block->host + (addr - block->offset);
1371 }
1372 }
1373
1374 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1375 abort();
1376
1377 return NULL;
1378}
1379
38bee5dc
SS		 1380/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1381 * but takes a size argument */
8b9c99d9 1382static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 1383{
8ab934f9
SS		 1384 if (*size == 0) {
1385 return NULL;
1386 }
868bb33f 1387 if (xen_enabled()) {
e41d7c69 1388 return xen_map_cache(addr, *size, 1);
868bb33f 1389 } else {
38bee5dc
SS		 1390 RAMBlock *block;
1391
a3161038 1392 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
38bee5dc
SS		 1393 if (addr - block->offset < block->length) {
1394 if (addr - block->offset + *size > block->length)
1395 *size = block->length - addr + block->offset;
1396 return block->host + (addr - block->offset);
1397 }
1398 }
1399
1400 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1401 abort();
38bee5dc
SS		 1402 }
1403}
1404
7443b437
PB		 1405/* Some of the softmmu routines need to translate from a host pointer
1406 (typically a TLB entry) back to a ram offset. */
1b5ec234 1407MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1408{
94a6b54f
PB		 1409 RAMBlock *block;
1410 uint8_t *host = ptr;
1411
868bb33f 1412 if (xen_enabled()) {
e41d7c69 1413 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1b5ec234 1414 return qemu_get_ram_block(*ram_addr)->mr;
712c2b41
SS		 1415 }
1416
23887b79
PB		 1417 block = ram_list.mru_block;
1418 if (block && block->host && host - block->host < block->length) {
1419 goto found;
1420 }
1421
a3161038 1422 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 1423 /* This case append when the block is not mapped. */
1424 if (block->host == NULL) {
1425 continue;
1426 }
f471a17e 1427 if (host - block->host < block->length) {
23887b79 1428 goto found;
f471a17e 1429 }
94a6b54f 1430 }
432d268c 1431
1b5ec234 1432 return NULL;
23887b79
PB		 1433
1434found:
1435 *ram_addr = block->offset + (host - block->host);
1b5ec234 1436 return block->mr;
e890261f 1437}
f471a17e 1438
a8170e5e 1439static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1440 uint64_t val, unsigned size)
9fa3e853 1441{
3a7d929e 1442 int dirty_flags;
f7c11b53 1443 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1444 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
0e0df1e2 1445 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 1446 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1447 }
0e0df1e2
AK		 1448 switch (size) {
1449 case 1:
1450 stb_p(qemu_get_ram_ptr(ram_addr), val);
1451 break;
1452 case 2:
1453 stw_p(qemu_get_ram_ptr(ram_addr), val);
1454 break;
1455 case 4:
1456 stl_p(qemu_get_ram_ptr(ram_addr), val);
1457 break;
1458 default:
1459 abort();
3a7d929e 1460 }
f23db169 1461 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 1462 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 1463 /* we remove the notdirty callback only if the code has been
1464 flushed */
4917cf44
AF		 1465 if (dirty_flags == 0xff) {
1466 CPUArchState *env = current_cpu->env_ptr;
1467 tlb_set_dirty(env, env->mem_io_vaddr);
1468 }
9fa3e853
FB		 1469}
1470
b018ddf6
PB		 1471static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1472 unsigned size, bool is_write)
1473{
1474 return is_write;
1475}
1476
0e0df1e2 1477static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1478 .write = notdirty_mem_write,
b018ddf6 1479 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1480 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1481};
1482
0f459d16 1483/* Generate a debug exception if a watchpoint has been hit. */
b4051334 1484static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 1485{
4917cf44 1486 CPUArchState *env = current_cpu->env_ptr;
06d55cc1 1487 target_ulong pc, cs_base;
0f459d16 1488 target_ulong vaddr;
a1d1bb31 1489 CPUWatchpoint *wp;
06d55cc1 1490 int cpu_flags;
0f459d16 1491
06d55cc1
AL		 1492 if (env->watchpoint_hit) {
1493 /* We re-entered the check after replacing the TB. Now raise
1494 * the debug interrupt so that is will trigger after the
1495 * current instruction. */
c3affe56 1496 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1497 return;
1498 }
2e70f6ef 1499 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 1500 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 1501 if ((vaddr == (wp->vaddr & len_mask) ||
1502 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 1503 wp->flags |= BP_WATCHPOINT_HIT;
1504 if (!env->watchpoint_hit) {
1505 env->watchpoint_hit = wp;
5a316526 1506 tb_check_watchpoint(env);
6e140f28
AL		 1507 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1508 env->exception_index = EXCP_DEBUG;
488d6577 1509 cpu_loop_exit(env);
6e140f28
AL		 1510 } else {
1511 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1512 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 1513 cpu_resume_from_signal(env, NULL);
6e140f28 1514 }
06d55cc1 1515 }
6e140f28
AL		 1516 } else {
1517 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1518 }
1519 }
1520}
1521
6658ffb8
PB		 1522/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1523 so these check for a hit then pass through to the normal out-of-line
1524 phys routines. */
a8170e5e 1525static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1526 unsigned size)
6658ffb8 1527{
1ec9b909
AK		 1528 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1529 switch (size) {
1530 case 1: return ldub_phys(addr);
1531 case 2: return lduw_phys(addr);
1532 case 4: return ldl_phys(addr);
1533 default: abort();
1534 }
6658ffb8
PB		 1535}
1536
a8170e5e 1537static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1538 uint64_t val, unsigned size)
6658ffb8 1539{
1ec9b909
AK		 1540 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1541 switch (size) {
67364150
MF		 1542 case 1:
1543 stb_phys(addr, val);
1544 break;
1545 case 2:
1546 stw_phys(addr, val);
1547 break;
1548 case 4:
1549 stl_phys(addr, val);
1550 break;
1ec9b909
AK		 1551 default: abort();
1552 }
6658ffb8
PB		 1553}
1554
1ec9b909
AK		 1555static const MemoryRegionOps watch_mem_ops = {
1556 .read = watch_mem_read,
1557 .write = watch_mem_write,
1558 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1559};
6658ffb8 1560
a8170e5e 1561static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1562 unsigned len)
db7b5426 1563{
acc9d80b
JK		 1564 subpage_t *subpage = opaque;
1565 uint8_t buf[4];
791af8c8 1566
db7b5426 1567#if defined(DEBUG_SUBPAGE)
acc9d80b
JK		 1568 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1569 subpage, len, addr);
db7b5426 1570#endif
acc9d80b
JK		 1571 address_space_read(subpage->as, addr + subpage->base, buf, len);
1572 switch (len) {
1573 case 1:
1574 return ldub_p(buf);
1575 case 2:
1576 return lduw_p(buf);
1577 case 4:
1578 return ldl_p(buf);
1579 default:
1580 abort();
1581 }
db7b5426
BS		 1582}
1583
a8170e5e 1584static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1585 uint64_t value, unsigned len)
db7b5426 1586{
acc9d80b
JK		 1587 subpage_t *subpage = opaque;
1588 uint8_t buf[4];
1589
db7b5426 1590#if defined(DEBUG_SUBPAGE)
70c68e44 1591 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
acc9d80b
JK		 1592 " value %"PRIx64"\n",
1593 __func__, subpage, len, addr, value);
db7b5426 1594#endif
acc9d80b
JK		 1595 switch (len) {
1596 case 1:
1597 stb_p(buf, value);
1598 break;
1599 case 2:
1600 stw_p(buf, value);
1601 break;
1602 case 4:
1603 stl_p(buf, value);
1604 break;
1605 default:
1606 abort();
1607 }
1608 address_space_write(subpage->as, addr + subpage->base, buf, len);
db7b5426
BS		 1609}
1610
c353e4cc
PB		 1611static bool subpage_accepts(void *opaque, hwaddr addr,
1612 unsigned size, bool is_write)
1613{
acc9d80b 1614 subpage_t *subpage = opaque;
c353e4cc 1615#if defined(DEBUG_SUBPAGE)
acc9d80b
JK		 1616 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1617 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 1618#endif
1619
acc9d80b
JK		 1620 return address_space_access_valid(subpage->as, addr + subpage->base,
1621 size, is_write);
c353e4cc
PB		 1622}
1623
70c68e44
AK		 1624static const MemoryRegionOps subpage_ops = {
1625 .read = subpage_read,
1626 .write = subpage_write,
c353e4cc 1627 .valid.accepts = subpage_accepts,
70c68e44 1628 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 1629};
1630
c227f099 1631static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1632 uint16_t section)
db7b5426
BS		 1633{
1634 int idx, eidx;
1635
1636 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1637 return -1;
1638 idx = SUBPAGE_IDX(start);
1639 eidx = SUBPAGE_IDX(end);
1640#if defined(DEBUG_SUBPAGE)
0bf9e31a 1641 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 1642 mmio, start, end, idx, eidx, memory);
1643#endif
db7b5426 1644 for (; idx <= eidx; idx++) {
5312bd8b 1645 mmio->sub_section[idx] = section;
db7b5426
BS		 1646 }
1647
1648 return 0;
1649}
1650
acc9d80b 1651static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 1652{
c227f099 1653 subpage_t *mmio;
db7b5426 1654
7267c094 1655 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 1656
acc9d80b 1657 mmio->as = as;
1eec614b 1658 mmio->base = base;
2c9b15ca 1659 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
70c68e44 1660 "subpage", TARGET_PAGE_SIZE);
b3b00c78 1661 mmio->iomem.subpage = true;
db7b5426 1662#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 1663 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1664 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 1665#endif
b41aac4f 1666 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 1667
1668 return mmio;
1669}
1670
5312bd8b
AK		 1671static uint16_t dummy_section(MemoryRegion *mr)
1672{
1673 MemoryRegionSection section = {
1674 .mr = mr,
1675 .offset_within_address_space = 0,
1676 .offset_within_region = 0,
052e87b0 1677 .size = int128_2_64(),
5312bd8b
AK		 1678 };
1679
1680 return phys_section_add(&section);
1681}
1682
a8170e5e 1683MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 1684{
0475d94f 1685 return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 1686}
1687
e9179ce1
AK		 1688static void io_mem_init(void)
1689{
2c9b15ca
PB		 1690 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1691 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
0e0df1e2 1692 "unassigned", UINT64_MAX);
2c9b15ca 1693 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
0e0df1e2 1694 "notdirty", UINT64_MAX);
2c9b15ca 1695 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1ec9b909 1696 "watch", UINT64_MAX);
e9179ce1
AK		 1697}
1698
ac1970fb 1699static void mem_begin(MemoryListener *listener)
00752703
PB		 1700{
1701 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1702 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1703
1704 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1705 d->as = as;
1706 as->next_dispatch = d;
1707}
1708
1709static void mem_commit(MemoryListener *listener)
ac1970fb 1710{
89ae337a 1711 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 1712 AddressSpaceDispatch *cur = as->dispatch;
1713 AddressSpaceDispatch *next = as->next_dispatch;
1714
1715 next->nodes = next_map.nodes;
1716 next->sections = next_map.sections;
ac1970fb 1717
0475d94f
PB		 1718 as->dispatch = next;
1719 g_free(cur);
ac1970fb
AK		 1720}
1721
50c1e149
AK		 1722static void core_begin(MemoryListener *listener)
1723{
b41aac4f
LPF		 1724 uint16_t n;
1725
6092666e
PB		 1726 prev_map = g_new(PhysPageMap, 1);
1727 *prev_map = next_map;
1728
9affd6fc 1729 memset(&next_map, 0, sizeof(next_map));
b41aac4f
LPF		 1730 n = dummy_section(&io_mem_unassigned);
1731 assert(n == PHYS_SECTION_UNASSIGNED);
1732 n = dummy_section(&io_mem_notdirty);
1733 assert(n == PHYS_SECTION_NOTDIRTY);
1734 n = dummy_section(&io_mem_rom);
1735 assert(n == PHYS_SECTION_ROM);
1736 n = dummy_section(&io_mem_watch);
1737 assert(n == PHYS_SECTION_WATCH);
50c1e149
AK		 1738}
1739
9affd6fc
PB		 1740/* This listener's commit run after the other AddressSpaceDispatch listeners'.
1741 * All AddressSpaceDispatch instances have switched to the next map.
1742 */
1743static void core_commit(MemoryListener *listener)
1744{
6092666e 1745 phys_sections_free(prev_map);
9affd6fc
PB		 1746}
1747
1d71148e 1748static void tcg_commit(MemoryListener *listener)
50c1e149 1749{
182735ef 1750 CPUState *cpu;
117712c3
AK		 1751
1752 /* since each CPU stores ram addresses in its TLB cache, we must
1753 reset the modified entries */
1754 /* XXX: slow ! */
182735ef
AF		 1755 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
1756 CPUArchState *env = cpu->env_ptr;
1757
117712c3
AK		 1758 tlb_flush(env, 1);
1759 }
50c1e149
AK		 1760}
1761
93632747
AK		 1762static void core_log_global_start(MemoryListener *listener)
1763{
1764 cpu_physical_memory_set_dirty_tracking(1);
1765}
1766
1767static void core_log_global_stop(MemoryListener *listener)
1768{
1769 cpu_physical_memory_set_dirty_tracking(0);
1770}
1771
93632747 1772static MemoryListener core_memory_listener = {
50c1e149 1773 .begin = core_begin,
9affd6fc 1774 .commit = core_commit,
93632747
AK		 1775 .log_global_start = core_log_global_start,
1776 .log_global_stop = core_log_global_stop,
ac1970fb 1777 .priority = 1,
93632747
AK		 1778};
1779
1d71148e
AK		 1780static MemoryListener tcg_memory_listener = {
1781 .commit = tcg_commit,
1782};
1783
ac1970fb
AK		 1784void address_space_init_dispatch(AddressSpace *as)
1785{
00752703 1786 as->dispatch = NULL;
89ae337a 1787 as->dispatch_listener = (MemoryListener) {
ac1970fb 1788 .begin = mem_begin,
00752703 1789 .commit = mem_commit,
ac1970fb
AK		 1790 .region_add = mem_add,
1791 .region_nop = mem_add,
1792 .priority = 0,
1793 };
89ae337a 1794 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 1795}
1796
83f3c251
AK		 1797void address_space_destroy_dispatch(AddressSpace *as)
1798{
1799 AddressSpaceDispatch *d = as->dispatch;
1800
89ae337a 1801 memory_listener_unregister(&as->dispatch_listener);
83f3c251
AK		 1802 g_free(d);
1803 as->dispatch = NULL;
1804}
1805
62152b8a
AK		 1806static void memory_map_init(void)
1807{
7267c094 1808 system_memory = g_malloc(sizeof(*system_memory));
2c9b15ca 1809 memory_region_init(system_memory, NULL, "system", INT64_MAX);
7dca8043 1810 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 1811
7267c094 1812 system_io = g_malloc(sizeof(*system_io));
2c9b15ca 1813 memory_region_init(system_io, NULL, "io", 65536);
7dca8043 1814 address_space_init(&address_space_io, system_io, "I/O");
93632747 1815
f6790af6 1816 memory_listener_register(&core_memory_listener, &address_space_memory);
f6790af6 1817 memory_listener_register(&tcg_memory_listener, &address_space_memory);
62152b8a
AK		 1818}
1819
1820MemoryRegion *get_system_memory(void)
1821{
1822 return system_memory;
1823}
1824
309cb471
AK		 1825MemoryRegion *get_system_io(void)
1826{
1827 return system_io;
1828}
1829
e2eef170
PB		 1830#endif /* !defined(CONFIG_USER_ONLY) */
1831
13eb76e0
FB		 1832/* physical memory access (slow version, mainly for debug) */
1833#if defined(CONFIG_USER_ONLY)
9349b4f9 1834int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 1835 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 1836{
1837 int l, flags;
1838 target_ulong page;
53a5960a 1839 void * p;
13eb76e0
FB		 1840
1841 while (len > 0) {
1842 page = addr & TARGET_PAGE_MASK;
1843 l = (page + TARGET_PAGE_SIZE) - addr;
1844 if (l > len)
1845 l = len;
1846 flags = page_get_flags(page);
1847 if (!(flags & PAGE_VALID))
a68fe89c 1848 return -1;
13eb76e0
FB		 1849 if (is_write) {
1850 if (!(flags & PAGE_WRITE))
a68fe89c 1851 return -1;
579a97f7 1852 /* XXX: this code should not depend on lock_user */
72fb7daa 1853 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 1854 return -1;
72fb7daa
AJ		 1855 memcpy(p, buf, l);
1856 unlock_user(p, addr, l);
13eb76e0
FB		 1857 } else {
1858 if (!(flags & PAGE_READ))
a68fe89c 1859 return -1;
579a97f7 1860 /* XXX: this code should not depend on lock_user */
72fb7daa 1861 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 1862 return -1;
72fb7daa 1863 memcpy(buf, p, l);
5b257578 1864 unlock_user(p, addr, 0);
13eb76e0
FB		 1865 }
1866 len -= l;
1867 buf += l;
1868 addr += l;
1869 }
a68fe89c 1870 return 0;
13eb76e0 1871}
8df1cd07 1872
13eb76e0 1873#else
51d7a9eb 1874
a8170e5e
AK		 1875static void invalidate_and_set_dirty(hwaddr addr,
1876 hwaddr length)
51d7a9eb
AP		 1877{
1878 if (!cpu_physical_memory_is_dirty(addr)) {
1879 /* invalidate code */
1880 tb_invalidate_phys_page_range(addr, addr + length, 0);
1881 /* set dirty bit */
1882 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1883 }
e226939d 1884 xen_modified_memory(addr, length);
51d7a9eb
AP		 1885}
1886
2bbfa05d
PB		 1887static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1888{
1889 if (memory_region_is_ram(mr)) {
1890 return !(is_write && mr->readonly);
1891 }
1892 if (memory_region_is_romd(mr)) {
1893 return !is_write;
1894 }
1895
1896 return false;
1897}
1898
23326164 1899static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 1900{
23326164
RH		 1901 unsigned access_size_min = mr->ops->impl.min_access_size;
1902 unsigned access_size_max = mr->ops->impl.max_access_size;
1903
1904 /* Regions are assumed to support 1-4 byte accesses unless
1905 otherwise specified. */
1906 if (access_size_min == 0) {
1907 access_size_min = 1;
1908 }
1909 if (access_size_max == 0) {
1910 access_size_max = 4;
1911 }
1912
1913 /* Bound the maximum access by the alignment of the address. */
1914 if (!mr->ops->impl.unaligned) {
1915 unsigned align_size_max = addr & -addr;
1916 if (align_size_max != 0 && align_size_max < access_size_max) {
1917 access_size_max = align_size_max;
1918 }
82f2563f 1919 }
23326164
RH		 1920
1921 /* Don't attempt accesses larger than the maximum. */
1922 if (l > access_size_max) {
1923 l = access_size_max;
82f2563f 1924 }
23326164
RH		 1925 /* ??? The users of this function are wrong, not supporting minimums larger
1926 than the remaining length. C.f. memory.c:access_with_adjusted_size. */
1927 assert(l >= access_size_min);
1928
1929 return l;
82f2563f
PB		 1930}
1931
fd8aaa76 1932bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 1933 int len, bool is_write)
13eb76e0 1934{
149f54b5 1935 hwaddr l;
13eb76e0 1936 uint8_t *ptr;
791af8c8 1937 uint64_t val;
149f54b5 1938 hwaddr addr1;
5c8a00ce 1939 MemoryRegion *mr;
fd8aaa76 1940 bool error = false;
3b46e624 1941
13eb76e0 1942 while (len > 0) {
149f54b5 1943 l = len;
5c8a00ce 1944 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 1945
13eb76e0 1946 if (is_write) {
5c8a00ce
PB		 1947 if (!memory_access_is_direct(mr, is_write)) {
1948 l = memory_access_size(mr, l, addr1);
4917cf44 1949 /* XXX: could force current_cpu to NULL to avoid
6a00d601 1950 potential bugs */
23326164
RH		 1951 switch (l) {
1952 case 8:
1953 /* 64 bit write access */
1954 val = ldq_p(buf);
1955 error |= io_mem_write(mr, addr1, val, 8);
1956 break;
1957 case 4:
1c213d19 1958 /* 32 bit write access */
c27004ec 1959 val = ldl_p(buf);
5c8a00ce 1960 error |= io_mem_write(mr, addr1, val, 4);
23326164
RH		 1961 break;
1962 case 2:
1c213d19 1963 /* 16 bit write access */
c27004ec 1964 val = lduw_p(buf);
5c8a00ce 1965 error |= io_mem_write(mr, addr1, val, 2);
23326164
RH		 1966 break;
1967 case 1:
1c213d19 1968 /* 8 bit write access */
c27004ec 1969 val = ldub_p(buf);
5c8a00ce 1970 error |= io_mem_write(mr, addr1, val, 1);
23326164
RH		 1971 break;
1972 default:
1973 abort();
13eb76e0 1974 }
2bbfa05d 1975 } else {
5c8a00ce 1976 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 1977 /* RAM case */
5579c7f3 1978 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 1979 memcpy(ptr, buf, l);
51d7a9eb 1980 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 1981 }
1982 } else {
5c8a00ce 1983 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 1984 /* I/O case */
5c8a00ce 1985 l = memory_access_size(mr, l, addr1);
23326164
RH		 1986 switch (l) {
1987 case 8:
1988 /* 64 bit read access */
1989 error |= io_mem_read(mr, addr1, &val, 8);
1990 stq_p(buf, val);
1991 break;
1992 case 4:
13eb76e0 1993 /* 32 bit read access */
5c8a00ce 1994 error |= io_mem_read(mr, addr1, &val, 4);
c27004ec 1995 stl_p(buf, val);
23326164
RH		 1996 break;
1997 case 2:
13eb76e0 1998 /* 16 bit read access */
5c8a00ce 1999 error |= io_mem_read(mr, addr1, &val, 2);
c27004ec 2000 stw_p(buf, val);
23326164
RH		 2001 break;
2002 case 1:
1c213d19 2003 /* 8 bit read access */
5c8a00ce 2004 error |= io_mem_read(mr, addr1, &val, 1);
c27004ec 2005 stb_p(buf, val);
23326164
RH		 2006 break;
2007 default:
2008 abort();
13eb76e0
FB		 2009 }
2010 } else {
2011 /* RAM case */
5c8a00ce 2012 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2013 memcpy(buf, ptr, l);
13eb76e0
FB		 2014 }
2015 }
2016 len -= l;
2017 buf += l;
2018 addr += l;
2019 }
fd8aaa76
PB		 2020
2021 return error;
13eb76e0 2022}
8df1cd07 2023
fd8aaa76 2024bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 2025 const uint8_t *buf, int len)
2026{
fd8aaa76 2027 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 2028}
2029
fd8aaa76 2030bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 2031{
fd8aaa76 2032 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 2033}
2034
2035
a8170e5e 2036void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2037 int len, int is_write)
2038{
fd8aaa76 2039 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 2040}
2041
d0ecd2aa 2042/* used for ROM loading : can write in RAM and ROM */
a8170e5e 2043void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 2044 const uint8_t *buf, int len)
2045{
149f54b5 2046 hwaddr l;
d0ecd2aa 2047 uint8_t *ptr;
149f54b5 2048 hwaddr addr1;
5c8a00ce 2049 MemoryRegion *mr;
3b46e624 2050
d0ecd2aa 2051 while (len > 0) {
149f54b5 2052 l = len;
5c8a00ce
PB		 2053 mr = address_space_translate(&address_space_memory,
2054 addr, &addr1, &l, true);
3b46e624 2055
5c8a00ce
PB		 2056 if (!(memory_region_is_ram(mr) ||
2057 memory_region_is_romd(mr))) {
d0ecd2aa
FB		 2058 /* do nothing */
2059 } else {
5c8a00ce 2060 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2061 /* ROM/RAM case */
5579c7f3 2062 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 2063 memcpy(ptr, buf, l);
51d7a9eb 2064 invalidate_and_set_dirty(addr1, l);
d0ecd2aa
FB		 2065 }
2066 len -= l;
2067 buf += l;
2068 addr += l;
2069 }
2070}
2071
6d16c2f8 2072typedef struct {
d3e71559 2073 MemoryRegion *mr;
6d16c2f8 2074 void *buffer;
a8170e5e
AK		 2075 hwaddr addr;
2076 hwaddr len;
6d16c2f8
AL		 2077} BounceBuffer;
2078
2079static BounceBuffer bounce;
2080
ba223c29
AL		 2081typedef struct MapClient {
2082 void *opaque;
2083 void (*callback)(void *opaque);
72cf2d4f 2084 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2085} MapClient;
2086
72cf2d4f
BS		 2087static QLIST_HEAD(map_client_list, MapClient) map_client_list
2088 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2089
2090void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2091{
7267c094 2092 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2093
2094 client->opaque = opaque;
2095 client->callback = callback;
72cf2d4f 2096 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2097 return client;
2098}
2099
8b9c99d9 2100static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2101{
2102 MapClient *client = (MapClient *)_client;
2103
72cf2d4f 2104 QLIST_REMOVE(client, link);
7267c094 2105 g_free(client);
ba223c29
AL		 2106}
2107
2108static void cpu_notify_map_clients(void)
2109{
2110 MapClient *client;
2111
72cf2d4f
BS		 2112 while (!QLIST_EMPTY(&map_client_list)) {
2113 client = QLIST_FIRST(&map_client_list);
ba223c29 2114 client->callback(client->opaque);
34d5e948 2115 cpu_unregister_map_client(client);
ba223c29
AL		 2116 }
2117}
2118
51644ab7
PB		 2119bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2120{
5c8a00ce 2121 MemoryRegion *mr;
51644ab7
PB		 2122 hwaddr l, xlat;
2123
2124 while (len > 0) {
2125 l = len;
5c8a00ce
PB		 2126 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2127 if (!memory_access_is_direct(mr, is_write)) {
2128 l = memory_access_size(mr, l, addr);
2129 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2130 return false;
2131 }
2132 }
2133
2134 len -= l;
2135 addr += l;
2136 }
2137 return true;
2138}
2139
6d16c2f8
AL		 2140/* Map a physical memory region into a host virtual address.
2141 * May map a subset of the requested range, given by and returned in *plen.
2142 * May return NULL if resources needed to perform the mapping are exhausted.
2143 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2144 * Use cpu_register_map_client() to know when retrying the map operation is
2145 * likely to succeed.
6d16c2f8 2146 */
ac1970fb 2147void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2148 hwaddr addr,
2149 hwaddr *plen,
ac1970fb 2150 bool is_write)
6d16c2f8 2151{
a8170e5e 2152 hwaddr len = *plen;
e3127ae0
PB		 2153 hwaddr done = 0;
2154 hwaddr l, xlat, base;
2155 MemoryRegion *mr, *this_mr;
2156 ram_addr_t raddr;
6d16c2f8 2157
e3127ae0
PB		 2158 if (len == 0) {
2159 return NULL;
2160 }
38bee5dc 2161
e3127ae0
PB		 2162 l = len;
2163 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2164 if (!memory_access_is_direct(mr, is_write)) {
2165 if (bounce.buffer) {
2166 return NULL;
6d16c2f8 2167 }
e3127ae0
PB		 2168 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2169 bounce.addr = addr;
2170 bounce.len = l;
d3e71559
PB		 2171
2172 memory_region_ref(mr);
2173 bounce.mr = mr;
e3127ae0
PB		 2174 if (!is_write) {
2175 address_space_read(as, addr, bounce.buffer, l);
8ab934f9 2176 }
6d16c2f8 2177
e3127ae0
PB		 2178 *plen = l;
2179 return bounce.buffer;
2180 }
2181
2182 base = xlat;
2183 raddr = memory_region_get_ram_addr(mr);
2184
2185 for (;;) {
6d16c2f8
AL		 2186 len -= l;
2187 addr += l;
e3127ae0
PB		 2188 done += l;
2189 if (len == 0) {
2190 break;
2191 }
2192
2193 l = len;
2194 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2195 if (this_mr != mr || xlat != base + done) {
2196 break;
2197 }
6d16c2f8 2198 }
e3127ae0 2199
d3e71559 2200 memory_region_ref(mr);
e3127ae0
PB		 2201 *plen = done;
2202 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2203}
2204
ac1970fb 2205/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2206 * Will also mark the memory as dirty if is_write == 1. access_len gives
2207 * the amount of memory that was actually read or written by the caller.
2208 */
a8170e5e
AK		 2209void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2210 int is_write, hwaddr access_len)
6d16c2f8
AL		 2211{
2212 if (buffer != bounce.buffer) {
d3e71559
PB		 2213 MemoryRegion *mr;
2214 ram_addr_t addr1;
2215
2216 mr = qemu_ram_addr_from_host(buffer, &addr1);
2217 assert(mr != NULL);
6d16c2f8 2218 if (is_write) {
6d16c2f8
AL		 2219 while (access_len) {
2220 unsigned l;
2221 l = TARGET_PAGE_SIZE;
2222 if (l > access_len)
2223 l = access_len;
51d7a9eb 2224 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 2225 addr1 += l;
2226 access_len -= l;
2227 }
2228 }
868bb33f 2229 if (xen_enabled()) {
e41d7c69 2230 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2231 }
d3e71559 2232 memory_region_unref(mr);
6d16c2f8
AL		 2233 return;
2234 }
2235 if (is_write) {
ac1970fb 2236 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2237 }
f8a83245 2238 qemu_vfree(bounce.buffer);
6d16c2f8 2239 bounce.buffer = NULL;
d3e71559 2240 memory_region_unref(bounce.mr);
ba223c29 2241 cpu_notify_map_clients();
6d16c2f8 2242}
d0ecd2aa 2243
a8170e5e
AK		 2244void *cpu_physical_memory_map(hwaddr addr,
2245 hwaddr *plen,
ac1970fb
AK		 2246 int is_write)
2247{
2248 return address_space_map(&address_space_memory, addr, plen, is_write);
2249}
2250
a8170e5e
AK		 2251void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2252 int is_write, hwaddr access_len)
ac1970fb
AK		 2253{
2254 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2255}
2256
8df1cd07 2257/* warning: addr must be aligned */
a8170e5e 2258static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 2259 enum device_endian endian)
8df1cd07 2260{
8df1cd07 2261 uint8_t *ptr;
791af8c8 2262 uint64_t val;
5c8a00ce 2263 MemoryRegion *mr;
149f54b5
PB		 2264 hwaddr l = 4;
2265 hwaddr addr1;
8df1cd07 2266
5c8a00ce
PB		 2267 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2268 false);
2269 if (l < 4 || !memory_access_is_direct(mr, false)) {
8df1cd07 2270 /* I/O case */
5c8a00ce 2271 io_mem_read(mr, addr1, &val, 4);
1e78bcc1
AG		 2272#if defined(TARGET_WORDS_BIGENDIAN)
2273 if (endian == DEVICE_LITTLE_ENDIAN) {
2274 val = bswap32(val);
2275 }
2276#else
2277 if (endian == DEVICE_BIG_ENDIAN) {
2278 val = bswap32(val);
2279 }
2280#endif
8df1cd07
FB		 2281 } else {
2282 /* RAM case */
5c8a00ce 2283 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2284 & TARGET_PAGE_MASK)
149f54b5 2285 + addr1);
1e78bcc1
AG		 2286 switch (endian) {
2287 case DEVICE_LITTLE_ENDIAN:
2288 val = ldl_le_p(ptr);
2289 break;
2290 case DEVICE_BIG_ENDIAN:
2291 val = ldl_be_p(ptr);
2292 break;
2293 default:
2294 val = ldl_p(ptr);
2295 break;
2296 }
8df1cd07
FB		 2297 }
2298 return val;
2299}
2300
a8170e5e 2301uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 2302{
2303 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2304}
2305
a8170e5e 2306uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 2307{
2308 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2309}
2310
a8170e5e 2311uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 2312{
2313 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2314}
2315
84b7b8e7 2316/* warning: addr must be aligned */
a8170e5e 2317static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 2318 enum device_endian endian)
84b7b8e7 2319{
84b7b8e7
FB		 2320 uint8_t *ptr;
2321 uint64_t val;
5c8a00ce 2322 MemoryRegion *mr;
149f54b5
PB		 2323 hwaddr l = 8;
2324 hwaddr addr1;
84b7b8e7 2325
5c8a00ce
PB		 2326 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2327 false);
2328 if (l < 8 || !memory_access_is_direct(mr, false)) {
84b7b8e7 2329 /* I/O case */
5c8a00ce 2330 io_mem_read(mr, addr1, &val, 8);
968a5627
PB		 2331#if defined(TARGET_WORDS_BIGENDIAN)
2332 if (endian == DEVICE_LITTLE_ENDIAN) {
2333 val = bswap64(val);
2334 }
2335#else
2336 if (endian == DEVICE_BIG_ENDIAN) {
2337 val = bswap64(val);
2338 }
84b7b8e7
FB		 2339#endif
2340 } else {
2341 /* RAM case */
5c8a00ce 2342 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2343 & TARGET_PAGE_MASK)
149f54b5 2344 + addr1);
1e78bcc1
AG		 2345 switch (endian) {
2346 case DEVICE_LITTLE_ENDIAN:
2347 val = ldq_le_p(ptr);
2348 break;
2349 case DEVICE_BIG_ENDIAN:
2350 val = ldq_be_p(ptr);
2351 break;
2352 default:
2353 val = ldq_p(ptr);
2354 break;
2355 }
84b7b8e7
FB		 2356 }
2357 return val;
2358}
2359
a8170e5e 2360uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 2361{
2362 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2363}
2364
a8170e5e 2365uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 2366{
2367 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2368}
2369
a8170e5e 2370uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 2371{
2372 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2373}
2374
aab33094 2375/* XXX: optimize */
a8170e5e 2376uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 2377{
2378 uint8_t val;
2379 cpu_physical_memory_read(addr, &val, 1);
2380 return val;
2381}
2382
733f0b02 2383/* warning: addr must be aligned */
a8170e5e 2384static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 2385 enum device_endian endian)
aab33094 2386{
733f0b02
MT		 2387 uint8_t *ptr;
2388 uint64_t val;
5c8a00ce 2389 MemoryRegion *mr;
149f54b5
PB		 2390 hwaddr l = 2;
2391 hwaddr addr1;
733f0b02 2392
5c8a00ce
PB		 2393 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2394 false);
2395 if (l < 2 || !memory_access_is_direct(mr, false)) {
733f0b02 2396 /* I/O case */
5c8a00ce 2397 io_mem_read(mr, addr1, &val, 2);
1e78bcc1
AG		 2398#if defined(TARGET_WORDS_BIGENDIAN)
2399 if (endian == DEVICE_LITTLE_ENDIAN) {
2400 val = bswap16(val);
2401 }
2402#else
2403 if (endian == DEVICE_BIG_ENDIAN) {
2404 val = bswap16(val);
2405 }
2406#endif
733f0b02
MT		 2407 } else {
2408 /* RAM case */
5c8a00ce 2409 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2410 & TARGET_PAGE_MASK)
149f54b5 2411 + addr1);
1e78bcc1
AG		 2412 switch (endian) {
2413 case DEVICE_LITTLE_ENDIAN:
2414 val = lduw_le_p(ptr);
2415 break;
2416 case DEVICE_BIG_ENDIAN:
2417 val = lduw_be_p(ptr);
2418 break;
2419 default:
2420 val = lduw_p(ptr);
2421 break;
2422 }
733f0b02
MT		 2423 }
2424 return val;
aab33094
FB		 2425}
2426
a8170e5e 2427uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 2428{
2429 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2430}
2431
a8170e5e 2432uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 2433{
2434 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2435}
2436
a8170e5e 2437uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 2438{
2439 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2440}
2441
8df1cd07
FB		 2442/* warning: addr must be aligned. The ram page is not masked as dirty
2443 and the code inside is not invalidated. It is useful if the dirty
2444 bits are used to track modified PTEs */
a8170e5e 2445void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 2446{
8df1cd07 2447 uint8_t *ptr;
5c8a00ce 2448 MemoryRegion *mr;
149f54b5
PB		 2449 hwaddr l = 4;
2450 hwaddr addr1;
8df1cd07 2451
5c8a00ce
PB		 2452 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2453 true);
2454 if (l < 4 || !memory_access_is_direct(mr, true)) {
2455 io_mem_write(mr, addr1, val, 4);
8df1cd07 2456 } else {
5c8a00ce 2457 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2458 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2459 stl_p(ptr, val);
74576198
AL		 2460
2461 if (unlikely(in_migration)) {
2462 if (!cpu_physical_memory_is_dirty(addr1)) {
2463 /* invalidate code */
2464 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2465 /* set dirty bit */
f7c11b53
YT		 2466 cpu_physical_memory_set_dirty_flags(
2467 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 2468 }
2469 }
8df1cd07
FB		 2470 }
2471}
2472
2473/* warning: addr must be aligned */
a8170e5e 2474static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2475 enum device_endian endian)
8df1cd07 2476{
8df1cd07 2477 uint8_t *ptr;
5c8a00ce 2478 MemoryRegion *mr;
149f54b5
PB		 2479 hwaddr l = 4;
2480 hwaddr addr1;
8df1cd07 2481
5c8a00ce
PB		 2482 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2483 true);
2484 if (l < 4 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2485#if defined(TARGET_WORDS_BIGENDIAN)
2486 if (endian == DEVICE_LITTLE_ENDIAN) {
2487 val = bswap32(val);
2488 }
2489#else
2490 if (endian == DEVICE_BIG_ENDIAN) {
2491 val = bswap32(val);
2492 }
2493#endif
5c8a00ce 2494 io_mem_write(mr, addr1, val, 4);
8df1cd07 2495 } else {
8df1cd07 2496 /* RAM case */
5c8a00ce 2497 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2498 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2499 switch (endian) {
2500 case DEVICE_LITTLE_ENDIAN:
2501 stl_le_p(ptr, val);
2502 break;
2503 case DEVICE_BIG_ENDIAN:
2504 stl_be_p(ptr, val);
2505 break;
2506 default:
2507 stl_p(ptr, val);
2508 break;
2509 }
51d7a9eb 2510 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2511 }
2512}
2513
a8170e5e 2514void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2515{
2516 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2517}
2518
a8170e5e 2519void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2520{
2521 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2522}
2523
a8170e5e 2524void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2525{
2526 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2527}
2528
aab33094 2529/* XXX: optimize */
a8170e5e 2530void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 2531{
2532 uint8_t v = val;
2533 cpu_physical_memory_write(addr, &v, 1);
2534}
2535
733f0b02 2536/* warning: addr must be aligned */
a8170e5e 2537static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2538 enum device_endian endian)
aab33094 2539{
733f0b02 2540 uint8_t *ptr;
5c8a00ce 2541 MemoryRegion *mr;
149f54b5
PB		 2542 hwaddr l = 2;
2543 hwaddr addr1;
733f0b02 2544
5c8a00ce
PB		 2545 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2546 true);
2547 if (l < 2 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2548#if defined(TARGET_WORDS_BIGENDIAN)
2549 if (endian == DEVICE_LITTLE_ENDIAN) {
2550 val = bswap16(val);
2551 }
2552#else
2553 if (endian == DEVICE_BIG_ENDIAN) {
2554 val = bswap16(val);
2555 }
2556#endif
5c8a00ce 2557 io_mem_write(mr, addr1, val, 2);
733f0b02 2558 } else {
733f0b02 2559 /* RAM case */
5c8a00ce 2560 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 2561 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2562 switch (endian) {
2563 case DEVICE_LITTLE_ENDIAN:
2564 stw_le_p(ptr, val);
2565 break;
2566 case DEVICE_BIG_ENDIAN:
2567 stw_be_p(ptr, val);
2568 break;
2569 default:
2570 stw_p(ptr, val);
2571 break;
2572 }
51d7a9eb 2573 invalidate_and_set_dirty(addr1, 2);
733f0b02 2574 }
aab33094
FB		 2575}
2576
a8170e5e 2577void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2578{
2579 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2580}
2581
a8170e5e 2582void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2583{
2584 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2585}
2586
a8170e5e 2587void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2588{
2589 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2590}
2591
aab33094 2592/* XXX: optimize */
a8170e5e 2593void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 2594{
2595 val = tswap64(val);
71d2b725 2596 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 2597}
2598
a8170e5e 2599void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2600{
2601 val = cpu_to_le64(val);
2602 cpu_physical_memory_write(addr, &val, 8);
2603}
2604
a8170e5e 2605void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2606{
2607 val = cpu_to_be64(val);
2608 cpu_physical_memory_write(addr, &val, 8);
2609}
2610
5e2972fd 2611/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 2612int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 2613 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2614{
2615 int l;
a8170e5e 2616 hwaddr phys_addr;
9b3c35e0 2617 target_ulong page;
13eb76e0
FB		 2618
2619 while (len > 0) {
2620 page = addr & TARGET_PAGE_MASK;
2621 phys_addr = cpu_get_phys_page_debug(env, page);
2622 /* if no physical page mapped, return an error */
2623 if (phys_addr == -1)
2624 return -1;
2625 l = (page + TARGET_PAGE_SIZE) - addr;
2626 if (l > len)
2627 l = len;
5e2972fd 2628 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 2629 if (is_write)
2630 cpu_physical_memory_write_rom(phys_addr, buf, l);
2631 else
5e2972fd 2632 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 2633 len -= l;
2634 buf += l;
2635 addr += l;
2636 }
2637 return 0;
2638}
a68fe89c 2639#endif
13eb76e0 2640
8e4a424b
BS		 2641#if !defined(CONFIG_USER_ONLY)
2642
2643/*
2644 * A helper function for the _utterly broken_ virtio device model to find out if
2645 * it's running on a big endian machine. Don't do this at home kids!
2646 */
2647bool virtio_is_big_endian(void);
2648bool virtio_is_big_endian(void)
2649{
2650#if defined(TARGET_WORDS_BIGENDIAN)
2651 return true;
2652#else
2653 return false;
2654#endif
2655}
2656
2657#endif
2658
76f35538 2659#ifndef CONFIG_USER_ONLY
a8170e5e 2660bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 2661{
5c8a00ce 2662 MemoryRegion*mr;
149f54b5 2663 hwaddr l = 1;
76f35538 2664
5c8a00ce
PB		 2665 mr = address_space_translate(&address_space_memory,
2666 phys_addr, &phys_addr, &l, false);
76f35538 2667
5c8a00ce
PB		 2668 return !(memory_region_is_ram(mr) ||
2669 memory_region_is_romd(mr));
76f35538 2670}
bd2fa51f
MH		 2671
2672void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
2673{
2674 RAMBlock *block;
2675
2676 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
2677 func(block->host, block->offset, block->length, opaque);
2678 }
2679}
ec3f8c99 2680#endif
QEMU mirror