]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
migration: make migration-{tcp,unix} consistent
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
fd6ce8f6 60//#define DEBUG_TB_INVALIDATE
66e85a21 61//#define DEBUG_FLUSH
9fa3e853 62//#define DEBUG_TLB
67d3b957 63//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 64
65/* make various TB consistency checks */
5fafdf24
TS		 66//#define DEBUG_TB_CHECK
67//#define DEBUG_TLB_CHECK
fd6ce8f6 68
1196be37 69//#define DEBUG_IOPORT
db7b5426 70//#define DEBUG_SUBPAGE
1196be37 71
99773bd4
PB		 72#if !defined(CONFIG_USER_ONLY)
73/* TB consistency checks only implemented for usermode emulation. */
74#undef DEBUG_TB_CHECK
75#endif
76
9fa3e853
FB		 77#define SMC_BITMAP_USE_THRESHOLD 10
78
bdaf78e0 79static TranslationBlock *tbs;
24ab68ac 80static int code_gen_max_blocks;
9fa3e853 81TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 82static int nb_tbs;
eb51d102 83/* any access to the tbs or the page table must use this lock */
c227f099 84spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 85
141ac468
BS		 86#if defined(__arm__) || defined(__sparc_v9__)
87/* The prologue must be reachable with a direct jump. ARM and Sparc64
88 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 89 section close to code segment. */
90#define code_gen_section \
91 __attribute__((__section__(".gen_code"))) \
92 __attribute__((aligned (32)))
f8e2af11
SW		 93#elif defined(_WIN32)
94/* Maximum alignment for Win32 is 16. */
95#define code_gen_section \
96 __attribute__((aligned (16)))
d03d860b
BS		 97#else
98#define code_gen_section \
99 __attribute__((aligned (32)))
100#endif
101
102uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 103static uint8_t *code_gen_buffer;
104static unsigned long code_gen_buffer_size;
26a5f13b 105/* threshold to flush the translated code buffer */
bdaf78e0 106static unsigned long code_gen_buffer_max_size;
24ab68ac 107static uint8_t *code_gen_ptr;
fd6ce8f6 108
e2eef170 109#if !defined(CONFIG_USER_ONLY)
9fa3e853 110int phys_ram_fd;
74576198 111static int in_migration;
94a6b54f 112
85d59fef 113RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 114
115static MemoryRegion *system_memory;
309cb471 116static MemoryRegion *system_io;
62152b8a 117
e2eef170 118#endif
9fa3e853 119
6a00d601
FB		 120CPUState *first_cpu;
121/* current CPU in the current thread. It is only valid inside
122 cpu_exec() */
5fafdf24 123CPUState *cpu_single_env;
2e70f6ef 124/* 0 = Do not count executed instructions.
bf20dc07 125 1 = Precise instruction counting.
2e70f6ef
PB		 126 2 = Adaptive rate instruction counting. */
127int use_icount = 0;
128/* Current instruction counter. While executing translated code this may
129 include some instructions that have not yet been executed. */
130int64_t qemu_icount;
6a00d601 131
54936004 132typedef struct PageDesc {
92e873b9 133 /* list of TBs intersecting this ram page */
fd6ce8f6 134 TranslationBlock *first_tb;
9fa3e853
FB		 135 /* in order to optimize self modifying code, we count the number
136 of lookups we do to a given page to use a bitmap */
137 unsigned int code_write_count;
138 uint8_t *code_bitmap;
139#if defined(CONFIG_USER_ONLY)
140 unsigned long flags;
141#endif
54936004
FB		 142} PageDesc;
143
41c1b1c9 144/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 145 while in user mode we want it to be based on virtual addresses. */
146#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 147#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
148# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149#else
5cd2c5b6 150# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 151#endif
bedb69ea 152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 154#endif
54936004 155
5cd2c5b6
RH		 156/* Size of the L2 (and L3, etc) page tables. */
157#define L2_BITS 10
54936004
FB		 158#define L2_SIZE (1 << L2_BITS)
159
5cd2c5b6
RH		 160/* The bits remaining after N lower levels of page tables. */
161#define P_L1_BITS_REM \
162 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
163#define V_L1_BITS_REM \
164 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165
166/* Size of the L1 page table. Avoid silly small sizes. */
167#if P_L1_BITS_REM < 4
168#define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169#else
170#define P_L1_BITS P_L1_BITS_REM
171#endif
172
173#if V_L1_BITS_REM < 4
174#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175#else
176#define V_L1_BITS V_L1_BITS_REM
177#endif
178
179#define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
180#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181
182#define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
183#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184
83fb7adf 185unsigned long qemu_real_host_page_size;
83fb7adf
FB		 186unsigned long qemu_host_page_size;
187unsigned long qemu_host_page_mask;
54936004 188
5cd2c5b6
RH		 189/* This is a multi-level map on the virtual address space.
190 The bottom level has pointers to PageDesc. */
191static void *l1_map[V_L1_SIZE];
54936004 192
e2eef170 193#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 194typedef struct PhysPageDesc {
195 /* offset in host memory of the page + io_index in the low bits */
196 ram_addr_t phys_offset;
197 ram_addr_t region_offset;
198} PhysPageDesc;
199
5cd2c5b6
RH		 200/* This is a multi-level map on the physical address space.
201 The bottom level has pointers to PhysPageDesc. */
202static void *l1_phys_map[P_L1_SIZE];
6d9a1304 203
e2eef170 204static void io_mem_init(void);
62152b8a 205static void memory_map_init(void);
e2eef170 206
33417e70 207/* io memory support */
33417e70
FB		 208CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
209CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
a4193c8a 210void *io_mem_opaque[IO_MEM_NB_ENTRIES];
511d2b14 211static char io_mem_used[IO_MEM_NB_ENTRIES];
6658ffb8
PB		 212static int io_mem_watch;
213#endif
33417e70 214
34865134 215/* log support */
1e8b27ca
JR		 216#ifdef WIN32
217static const char *logfilename = "qemu.log";
218#else
d9b630fd 219static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 220#endif
34865134
FB		 221FILE *logfile;
222int loglevel;
e735b91c 223static int log_append = 0;
34865134 224
e3db7226 225/* statistics */
b3755a91 226#if !defined(CONFIG_USER_ONLY)
e3db7226 227static int tlb_flush_count;
b3755a91 228#endif
e3db7226
FB		 229static int tb_flush_count;
230static int tb_phys_invalidate_count;
231
7cb69cae
FB		 232#ifdef _WIN32
233static void map_exec(void *addr, long size)
234{
235 DWORD old_protect;
236 VirtualProtect(addr, size,
237 PAGE_EXECUTE_READWRITE, &old_protect);
238
239}
240#else
241static void map_exec(void *addr, long size)
242{
4369415f 243 unsigned long start, end, page_size;
7cb69cae 244
4369415f 245 page_size = getpagesize();
7cb69cae 246 start = (unsigned long)addr;
4369415f 247 start &= ~(page_size - 1);
7cb69cae
FB		 248
249 end = (unsigned long)addr + size;
4369415f
FB		 250 end += page_size - 1;
251 end &= ~(page_size - 1);
7cb69cae
FB		 252
253 mprotect((void *)start, end - start,
254 PROT_READ | PROT_WRITE | PROT_EXEC);
255}
256#endif
257
b346ff46 258static void page_init(void)
54936004 259{
83fb7adf 260 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 261 TARGET_PAGE_SIZE */
c2b48b69
AL		 262#ifdef _WIN32
263 {
264 SYSTEM_INFO system_info;
265
266 GetSystemInfo(&system_info);
267 qemu_real_host_page_size = system_info.dwPageSize;
268 }
269#else
270 qemu_real_host_page_size = getpagesize();
271#endif
83fb7adf
FB		 272 if (qemu_host_page_size == 0)
273 qemu_host_page_size = qemu_real_host_page_size;
274 if (qemu_host_page_size < TARGET_PAGE_SIZE)
275 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 276 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 277
2e9a5713 278#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 279 {
f01576f1
JL		 280#ifdef HAVE_KINFO_GETVMMAP
281 struct kinfo_vmentry *freep;
282 int i, cnt;
283
284 freep = kinfo_getvmmap(getpid(), &cnt);
285 if (freep) {
286 mmap_lock();
287 for (i = 0; i < cnt; i++) {
288 unsigned long startaddr, endaddr;
289
290 startaddr = freep[i].kve_start;
291 endaddr = freep[i].kve_end;
292 if (h2g_valid(startaddr)) {
293 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
294
295 if (h2g_valid(endaddr)) {
296 endaddr = h2g(endaddr);
fd436907 297 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 298 } else {
299#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
300 endaddr = ~0ul;
fd436907 301 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 302#endif
303 }
304 }
305 }
306 free(freep);
307 mmap_unlock();
308 }
309#else
50a9569b 310 FILE *f;
50a9569b 311
0776590d 312 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 313
fd436907 314 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 315 if (f) {
5cd2c5b6
RH		 316 mmap_lock();
317
50a9569b 318 do {
5cd2c5b6
RH		 319 unsigned long startaddr, endaddr;
320 int n;
321
322 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
323
324 if (n == 2 && h2g_valid(startaddr)) {
325 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
326
327 if (h2g_valid(endaddr)) {
328 endaddr = h2g(endaddr);
329 } else {
330 endaddr = ~0ul;
331 }
332 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 333 }
334 } while (!feof(f));
5cd2c5b6 335
50a9569b 336 fclose(f);
5cd2c5b6 337 mmap_unlock();
50a9569b 338 }
f01576f1 339#endif
50a9569b
AZ		 340 }
341#endif
54936004
FB		 342}
343
41c1b1c9 344static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 345{
41c1b1c9
PB		 346 PageDesc *pd;
347 void **lp;
348 int i;
349
5cd2c5b6 350#if defined(CONFIG_USER_ONLY)
7267c094 351 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 352# define ALLOC(P, SIZE) \
353 do { \
354 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
355 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 356 } while (0)
357#else
358# define ALLOC(P, SIZE) \
7267c094 359 do { P = g_malloc0(SIZE); } while (0)
17e2377a 360#endif
434929bf 361
5cd2c5b6
RH		 362 /* Level 1. Always allocated. */
363 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
364
365 /* Level 2..N-1. */
366 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
367 void **p = *lp;
368
369 if (p == NULL) {
370 if (!alloc) {
371 return NULL;
372 }
373 ALLOC(p, sizeof(void *) * L2_SIZE);
374 *lp = p;
17e2377a 375 }
5cd2c5b6
RH		 376
377 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
378 }
379
380 pd = *lp;
381 if (pd == NULL) {
382 if (!alloc) {
383 return NULL;
384 }
385 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
386 *lp = pd;
54936004 387 }
5cd2c5b6
RH		 388
389#undef ALLOC
5cd2c5b6
RH		 390
391 return pd + (index & (L2_SIZE - 1));
54936004
FB		 392}
393
41c1b1c9 394static inline PageDesc *page_find(tb_page_addr_t index)
54936004 395{
5cd2c5b6 396 return page_find_alloc(index, 0);
fd6ce8f6
FB		 397}
398
6d9a1304 399#if !defined(CONFIG_USER_ONLY)
c227f099 400static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 401{
e3f4e2a4 402 PhysPageDesc *pd;
5cd2c5b6
RH		 403 void **lp;
404 int i;
92e873b9 405
5cd2c5b6
RH		 406 /* Level 1. Always allocated. */
407 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
108c49b8 408
5cd2c5b6
RH		 409 /* Level 2..N-1. */
410 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
411 void **p = *lp;
412 if (p == NULL) {
413 if (!alloc) {
414 return NULL;
415 }
7267c094 416 *lp = p = g_malloc0(sizeof(void *) * L2_SIZE);
5cd2c5b6
RH		 417 }
418 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
108c49b8 419 }
5cd2c5b6 420
e3f4e2a4 421 pd = *lp;
5cd2c5b6 422 if (pd == NULL) {
e3f4e2a4 423 int i;
5cd2c5b6
RH		 424
425 if (!alloc) {
108c49b8 426 return NULL;
5cd2c5b6
RH		 427 }
428
7267c094 429 *lp = pd = g_malloc(sizeof(PhysPageDesc) * L2_SIZE);
5cd2c5b6 430
67c4d23c 431 for (i = 0; i < L2_SIZE; i++) {
5cd2c5b6
RH		 432 pd[i].phys_offset = IO_MEM_UNASSIGNED;
433 pd[i].region_offset = (index + i) << TARGET_PAGE_BITS;
67c4d23c 434 }
92e873b9 435 }
5cd2c5b6
RH		 436
437 return pd + (index & (L2_SIZE - 1));
92e873b9
FB		 438}
439
c227f099 440static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
92e873b9 441{
108c49b8 442 return phys_page_find_alloc(index, 0);
92e873b9
FB		 443}
444
c227f099
AL		 445static void tlb_protect_code(ram_addr_t ram_addr);
446static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 447 target_ulong vaddr);
c8a706fe
PB		 448#define mmap_lock() do { } while(0)
449#define mmap_unlock() do { } while(0)
9fa3e853 450#endif
fd6ce8f6 451
4369415f
FB		 452#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
453
454#if defined(CONFIG_USER_ONLY)
ccbb4d44 455/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 456 user mode. It will change when a dedicated libc will be used */
457#define USE_STATIC_CODE_GEN_BUFFER
458#endif
459
460#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 461static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
462 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 463#endif
464
8fcd3692 465static void code_gen_alloc(unsigned long tb_size)
26a5f13b 466{
4369415f
FB		 467#ifdef USE_STATIC_CODE_GEN_BUFFER
468 code_gen_buffer = static_code_gen_buffer;
469 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
470 map_exec(code_gen_buffer, code_gen_buffer_size);
471#else
26a5f13b
FB		 472 code_gen_buffer_size = tb_size;
473 if (code_gen_buffer_size == 0) {
4369415f
FB		 474#if defined(CONFIG_USER_ONLY)
475 /* in user mode, phys_ram_size is not meaningful */
476 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
477#else
ccbb4d44 478 /* XXX: needs adjustments */
94a6b54f 479 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 480#endif
26a5f13b
FB		 481 }
482 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
483 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
484 /* The code gen buffer location may have constraints depending on
485 the host cpu and OS */
486#if defined(__linux__)
487 {
488 int flags;
141ac468
BS		 489 void *start = NULL;
490
26a5f13b
FB		 491 flags = MAP_PRIVATE | MAP_ANONYMOUS;
492#if defined(__x86_64__)
493 flags |= MAP_32BIT;
494 /* Cannot map more than that */
495 if (code_gen_buffer_size > (800 * 1024 * 1024))
496 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 497#elif defined(__sparc_v9__)
498 // Map the buffer below 2G, so we can use direct calls and branches
499 flags |= MAP_FIXED;
500 start = (void *) 0x60000000UL;
501 if (code_gen_buffer_size > (512 * 1024 * 1024))
502 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 503#elif defined(__arm__)
63d41246 504 /* Map the buffer below 32M, so we can use direct calls and branches */
1cb0661e
AZ		 505 flags |= MAP_FIXED;
506 start = (void *) 0x01000000UL;
507 if (code_gen_buffer_size > 16 * 1024 * 1024)
508 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 509#elif defined(__s390x__)
510 /* Map the buffer so that we can use direct calls and branches. */
511 /* We have a +- 4GB range on the branches; leave some slop. */
512 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
513 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
514 }
515 start = (void *)0x90000000UL;
26a5f13b 516#endif
141ac468
BS		 517 code_gen_buffer = mmap(start, code_gen_buffer_size,
518 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 519 flags, -1, 0);
520 if (code_gen_buffer == MAP_FAILED) {
521 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
522 exit(1);
523 }
524 }
cbb608a5 525#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 526 || defined(__DragonFly__) || defined(__OpenBSD__) \
527 || defined(__NetBSD__)
06e67a82
AL		 528 {
529 int flags;
530 void *addr = NULL;
531 flags = MAP_PRIVATE | MAP_ANONYMOUS;
532#if defined(__x86_64__)
533 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
534 * 0x40000000 is free */
535 flags |= MAP_FIXED;
536 addr = (void *)0x40000000;
537 /* Cannot map more than that */
538 if (code_gen_buffer_size > (800 * 1024 * 1024))
539 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 540#elif defined(__sparc_v9__)
541 // Map the buffer below 2G, so we can use direct calls and branches
542 flags |= MAP_FIXED;
543 addr = (void *) 0x60000000UL;
544 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
545 code_gen_buffer_size = (512 * 1024 * 1024);
546 }
06e67a82
AL		 547#endif
548 code_gen_buffer = mmap(addr, code_gen_buffer_size,
549 PROT_WRITE | PROT_READ | PROT_EXEC,
550 flags, -1, 0);
551 if (code_gen_buffer == MAP_FAILED) {
552 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
553 exit(1);
554 }
555 }
26a5f13b 556#else
7267c094 557 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 558 map_exec(code_gen_buffer, code_gen_buffer_size);
559#endif
4369415f 560#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 561 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 562 code_gen_buffer_max_size = code_gen_buffer_size -
563 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 564 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 565 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 566}
567
568/* Must be called before using the QEMU cpus. 'tb_size' is the size
569 (in bytes) allocated to the translation buffer. Zero means default
570 size. */
d5ab9713 571void tcg_exec_init(unsigned long tb_size)
26a5f13b 572{
26a5f13b
FB		 573 cpu_gen_init();
574 code_gen_alloc(tb_size);
575 code_gen_ptr = code_gen_buffer;
4369415f 576 page_init();
9002ec79
RH		 577#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
578 /* There's no guest base to take into account, so go ahead and
579 initialize the prologue now. */
580 tcg_prologue_init(&tcg_ctx);
581#endif
26a5f13b
FB		 582}
583
d5ab9713
JK		 584bool tcg_enabled(void)
585{
586 return code_gen_buffer != NULL;
587}
588
589void cpu_exec_init_all(void)
590{
591#if !defined(CONFIG_USER_ONLY)
592 memory_map_init();
593 io_mem_init();
594#endif
595}
596
9656f324
PB		 597#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
598
e59fb374 599static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 600{
601 CPUState *env = opaque;
9656f324 602
3098dba0
AJ		 603 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
604 version_id is increased. */
605 env->interrupt_request &= ~0x01;
9656f324
PB		 606 tlb_flush(env, 1);
607
608 return 0;
609}
e7f4eff7
JQ		 610
611static const VMStateDescription vmstate_cpu_common = {
612 .name = "cpu_common",
613 .version_id = 1,
614 .minimum_version_id = 1,
615 .minimum_version_id_old = 1,
e7f4eff7
JQ		 616 .post_load = cpu_common_post_load,
617 .fields = (VMStateField []) {
618 VMSTATE_UINT32(halted, CPUState),
619 VMSTATE_UINT32(interrupt_request, CPUState),
620 VMSTATE_END_OF_LIST()
621 }
622};
9656f324
PB		 623#endif
624
950f1472
GC		 625CPUState *qemu_get_cpu(int cpu)
626{
627 CPUState *env = first_cpu;
628
629 while (env) {
630 if (env->cpu_index == cpu)
631 break;
632 env = env->next_cpu;
633 }
634
635 return env;
636}
637
6a00d601 638void cpu_exec_init(CPUState *env)
fd6ce8f6 639{
6a00d601
FB		 640 CPUState **penv;
641 int cpu_index;
642
c2764719
PB		 643#if defined(CONFIG_USER_ONLY)
644 cpu_list_lock();
645#endif
6a00d601
FB		 646 env->next_cpu = NULL;
647 penv = &first_cpu;
648 cpu_index = 0;
649 while (*penv != NULL) {
1e9fa730 650 penv = &(*penv)->next_cpu;
6a00d601
FB		 651 cpu_index++;
652 }
653 env->cpu_index = cpu_index;
268a362c 654 env->numa_node = 0;
72cf2d4f
BS		 655 QTAILQ_INIT(&env->breakpoints);
656 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 657#ifndef CONFIG_USER_ONLY
658 env->thread_id = qemu_get_thread_id();
659#endif
6a00d601 660 *penv = env;
c2764719
PB		 661#if defined(CONFIG_USER_ONLY)
662 cpu_list_unlock();
663#endif
b3c7724c 664#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 665 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
666 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 667 cpu_save, cpu_load, env);
668#endif
fd6ce8f6
FB		 669}
670
d1a1eb74
TG		 671/* Allocate a new translation block. Flush the translation buffer if
672 too many translation blocks or too much generated code. */
673static TranslationBlock *tb_alloc(target_ulong pc)
674{
675 TranslationBlock *tb;
676
677 if (nb_tbs >= code_gen_max_blocks ||
678 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
679 return NULL;
680 tb = &tbs[nb_tbs++];
681 tb->pc = pc;
682 tb->cflags = 0;
683 return tb;
684}
685
686void tb_free(TranslationBlock *tb)
687{
688 /* In practice this is mostly used for single use temporary TB
689 Ignore the hard cases and just back up if this TB happens to
690 be the last one generated. */
691 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
692 code_gen_ptr = tb->tc_ptr;
693 nb_tbs--;
694 }
695}
696
9fa3e853
FB		 697static inline void invalidate_page_bitmap(PageDesc *p)
698{
699 if (p->code_bitmap) {
7267c094 700 g_free(p->code_bitmap);
9fa3e853
FB		 701 p->code_bitmap = NULL;
702 }
703 p->code_write_count = 0;
704}
705
5cd2c5b6
RH		 706/* Set to NULL all the 'first_tb' fields in all PageDescs. */
707
708static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 709{
5cd2c5b6 710 int i;
fd6ce8f6 711
5cd2c5b6
RH		 712 if (*lp == NULL) {
713 return;
714 }
715 if (level == 0) {
716 PageDesc *pd = *lp;
7296abac 717 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 718 pd[i].first_tb = NULL;
719 invalidate_page_bitmap(pd + i);
fd6ce8f6 720 }
5cd2c5b6
RH		 721 } else {
722 void **pp = *lp;
7296abac 723 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 724 page_flush_tb_1 (level - 1, pp + i);
725 }
726 }
727}
728
729static void page_flush_tb(void)
730{
731 int i;
732 for (i = 0; i < V_L1_SIZE; i++) {
733 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 734 }
735}
736
737/* flush all the translation blocks */
d4e8164f 738/* XXX: tb_flush is currently not thread safe */
6a00d601 739void tb_flush(CPUState *env1)
fd6ce8f6 740{
6a00d601 741 CPUState *env;
0124311e 742#if defined(DEBUG_FLUSH)
ab3d1727
BS		 743 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
744 (unsigned long)(code_gen_ptr - code_gen_buffer),
745 nb_tbs, nb_tbs > 0 ?
746 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 747#endif
26a5f13b 748 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 749 cpu_abort(env1, "Internal error: code buffer overflow\n");
750
fd6ce8f6 751 nb_tbs = 0;
3b46e624 752
6a00d601
FB		 753 for(env = first_cpu; env != NULL; env = env->next_cpu) {
754 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
755 }
9fa3e853 756
8a8a608f 757 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 758 page_flush_tb();
9fa3e853 759
fd6ce8f6 760 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 761 /* XXX: flush processor icache at this point if cache flush is
762 expensive */
e3db7226 763 tb_flush_count++;
fd6ce8f6
FB		 764}
765
766#ifdef DEBUG_TB_CHECK
767
bc98a7ef 768static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 769{
770 TranslationBlock *tb;
771 int i;
772 address &= TARGET_PAGE_MASK;
99773bd4
PB		 773 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
774 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 775 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
776 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 777 printf("ERROR invalidate: address=" TARGET_FMT_lx
778 " PC=%08lx size=%04x\n",
99773bd4 779 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 780 }
781 }
782 }
783}
784
785/* verify that all the pages have correct rights for code */
786static void tb_page_check(void)
787{
788 TranslationBlock *tb;
789 int i, flags1, flags2;
3b46e624 790
99773bd4
PB		 791 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
792 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 793 flags1 = page_get_flags(tb->pc);
794 flags2 = page_get_flags(tb->pc + tb->size - 1);
795 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
796 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 797 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 798 }
799 }
800 }
801}
802
803#endif
804
805/* invalidate one TB */
806static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
807 int next_offset)
808{
809 TranslationBlock *tb1;
810 for(;;) {
811 tb1 = *ptb;
812 if (tb1 == tb) {
813 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
814 break;
815 }
816 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
817 }
818}
819
9fa3e853
FB		 820static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
821{
822 TranslationBlock *tb1;
823 unsigned int n1;
824
825 for(;;) {
826 tb1 = *ptb;
827 n1 = (long)tb1 & 3;
828 tb1 = (TranslationBlock *)((long)tb1 & ~3);
829 if (tb1 == tb) {
830 *ptb = tb1->page_next[n1];
831 break;
832 }
833 ptb = &tb1->page_next[n1];
834 }
835}
836
d4e8164f
FB		 837static inline void tb_jmp_remove(TranslationBlock *tb, int n)
838{
839 TranslationBlock *tb1, **ptb;
840 unsigned int n1;
841
842 ptb = &tb->jmp_next[n];
843 tb1 = *ptb;
844 if (tb1) {
845 /* find tb(n) in circular list */
846 for(;;) {
847 tb1 = *ptb;
848 n1 = (long)tb1 & 3;
849 tb1 = (TranslationBlock *)((long)tb1 & ~3);
850 if (n1 == n && tb1 == tb)
851 break;
852 if (n1 == 2) {
853 ptb = &tb1->jmp_first;
854 } else {
855 ptb = &tb1->jmp_next[n1];
856 }
857 }
858 /* now we can suppress tb(n) from the list */
859 *ptb = tb->jmp_next[n];
860
861 tb->jmp_next[n] = NULL;
862 }
863}
864
865/* reset the jump entry 'n' of a TB so that it is not chained to
866 another TB */
867static inline void tb_reset_jump(TranslationBlock *tb, int n)
868{
869 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
870}
871
41c1b1c9 872void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 873{
6a00d601 874 CPUState *env;
8a40a180 875 PageDesc *p;
d4e8164f 876 unsigned int h, n1;
41c1b1c9 877 tb_page_addr_t phys_pc;
8a40a180 878 TranslationBlock *tb1, *tb2;
3b46e624 879
8a40a180
FB		 880 /* remove the TB from the hash list */
881 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
882 h = tb_phys_hash_func(phys_pc);
5fafdf24 883 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 884 offsetof(TranslationBlock, phys_hash_next));
885
886 /* remove the TB from the page list */
887 if (tb->page_addr[0] != page_addr) {
888 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
889 tb_page_remove(&p->first_tb, tb);
890 invalidate_page_bitmap(p);
891 }
892 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
893 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
894 tb_page_remove(&p->first_tb, tb);
895 invalidate_page_bitmap(p);
896 }
897
36bdbe54 898 tb_invalidated_flag = 1;
59817ccb 899
fd6ce8f6 900 /* remove the TB from the hash list */
8a40a180 901 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 902 for(env = first_cpu; env != NULL; env = env->next_cpu) {
903 if (env->tb_jmp_cache[h] == tb)
904 env->tb_jmp_cache[h] = NULL;
905 }
d4e8164f
FB		 906
907 /* suppress this TB from the two jump lists */
908 tb_jmp_remove(tb, 0);
909 tb_jmp_remove(tb, 1);
910
911 /* suppress any remaining jumps to this TB */
912 tb1 = tb->jmp_first;
913 for(;;) {
914 n1 = (long)tb1 & 3;
915 if (n1 == 2)
916 break;
917 tb1 = (TranslationBlock *)((long)tb1 & ~3);
918 tb2 = tb1->jmp_next[n1];
919 tb_reset_jump(tb1, n1);
920 tb1->jmp_next[n1] = NULL;
921 tb1 = tb2;
922 }
923 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 924
e3db7226 925 tb_phys_invalidate_count++;
9fa3e853
FB		 926}
927
928static inline void set_bits(uint8_t *tab, int start, int len)
929{
930 int end, mask, end1;
931
932 end = start + len;
933 tab += start >> 3;
934 mask = 0xff << (start & 7);
935 if ((start & ~7) == (end & ~7)) {
936 if (start < end) {
937 mask &= ~(0xff << (end & 7));
938 *tab |= mask;
939 }
940 } else {
941 *tab++ |= mask;
942 start = (start + 8) & ~7;
943 end1 = end & ~7;
944 while (start < end1) {
945 *tab++ = 0xff;
946 start += 8;
947 }
948 if (start < end) {
949 mask = ~(0xff << (end & 7));
950 *tab |= mask;
951 }
952 }
953}
954
955static void build_page_bitmap(PageDesc *p)
956{
957 int n, tb_start, tb_end;
958 TranslationBlock *tb;
3b46e624 959
7267c094 960 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 961
962 tb = p->first_tb;
963 while (tb != NULL) {
964 n = (long)tb & 3;
965 tb = (TranslationBlock *)((long)tb & ~3);
966 /* NOTE: this is subtle as a TB may span two physical pages */
967 if (n == 0) {
968 /* NOTE: tb_end may be after the end of the page, but
969 it is not a problem */
970 tb_start = tb->pc & ~TARGET_PAGE_MASK;
971 tb_end = tb_start + tb->size;
972 if (tb_end > TARGET_PAGE_SIZE)
973 tb_end = TARGET_PAGE_SIZE;
974 } else {
975 tb_start = 0;
976 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
977 }
978 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
979 tb = tb->page_next[n];
980 }
981}
982
2e70f6ef
PB		 983TranslationBlock *tb_gen_code(CPUState *env,
984 target_ulong pc, target_ulong cs_base,
985 int flags, int cflags)
d720b93d
FB		 986{
987 TranslationBlock *tb;
988 uint8_t *tc_ptr;
41c1b1c9
PB		 989 tb_page_addr_t phys_pc, phys_page2;
990 target_ulong virt_page2;
d720b93d
FB		 991 int code_gen_size;
992
41c1b1c9 993 phys_pc = get_page_addr_code(env, pc);
c27004ec 994 tb = tb_alloc(pc);
d720b93d
FB		 995 if (!tb) {
996 /* flush must be done */
997 tb_flush(env);
998 /* cannot fail at this point */
c27004ec 999 tb = tb_alloc(pc);
2e70f6ef
PB		 1000 /* Don't forget to invalidate previous TB info. */
1001 tb_invalidated_flag = 1;
d720b93d
FB		 1002 }
1003 tc_ptr = code_gen_ptr;
1004 tb->tc_ptr = tc_ptr;
1005 tb->cs_base = cs_base;
1006 tb->flags = flags;
1007 tb->cflags = cflags;
d07bde88 1008 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1009 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1010
d720b93d 1011 /* check next page if needed */
c27004ec 1012 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1013 phys_page2 = -1;
c27004ec 1014 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1015 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1016 }
41c1b1c9 1017 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1018 return tb;
d720b93d 1019}
3b46e624 1020
9fa3e853
FB		 1021/* invalidate all TBs which intersect with the target physical page
1022 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1023 the same physical page. 'is_cpu_write_access' should be true if called
1024 from a real cpu write access: the virtual CPU will exit the current
1025 TB if code is modified inside this TB. */
41c1b1c9 1026void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1027 int is_cpu_write_access)
1028{
6b917547 1029 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1030 CPUState *env = cpu_single_env;
41c1b1c9 1031 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1032 PageDesc *p;
1033 int n;
1034#ifdef TARGET_HAS_PRECISE_SMC
1035 int current_tb_not_found = is_cpu_write_access;
1036 TranslationBlock *current_tb = NULL;
1037 int current_tb_modified = 0;
1038 target_ulong current_pc = 0;
1039 target_ulong current_cs_base = 0;
1040 int current_flags = 0;
1041#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1042
1043 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1044 if (!p)
9fa3e853 1045 return;
5fafdf24 1046 if (!p->code_bitmap &&
d720b93d
FB		 1047 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1048 is_cpu_write_access) {
9fa3e853
FB		 1049 /* build code bitmap */
1050 build_page_bitmap(p);
1051 }
1052
1053 /* we remove all the TBs in the range [start, end[ */
1054 /* XXX: see if in some cases it could be faster to invalidate all the code */
1055 tb = p->first_tb;
1056 while (tb != NULL) {
1057 n = (long)tb & 3;
1058 tb = (TranslationBlock *)((long)tb & ~3);
1059 tb_next = tb->page_next[n];
1060 /* NOTE: this is subtle as a TB may span two physical pages */
1061 if (n == 0) {
1062 /* NOTE: tb_end may be after the end of the page, but
1063 it is not a problem */
1064 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1065 tb_end = tb_start + tb->size;
1066 } else {
1067 tb_start = tb->page_addr[1];
1068 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1069 }
1070 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1071#ifdef TARGET_HAS_PRECISE_SMC
1072 if (current_tb_not_found) {
1073 current_tb_not_found = 0;
1074 current_tb = NULL;
2e70f6ef 1075 if (env->mem_io_pc) {
d720b93d 1076 /* now we have a real cpu fault */
2e70f6ef 1077 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1078 }
1079 }
1080 if (current_tb == tb &&
2e70f6ef 1081 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1082 /* If we are modifying the current TB, we must stop
1083 its execution. We could be more precise by checking
1084 that the modification is after the current PC, but it
1085 would require a specialized function to partially
1086 restore the CPU state */
3b46e624 1087
d720b93d 1088 current_tb_modified = 1;
618ba8e6 1089 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1090 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1091 &current_flags);
d720b93d
FB		 1092 }
1093#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1094 /* we need to do that to handle the case where a signal
1095 occurs while doing tb_phys_invalidate() */
1096 saved_tb = NULL;
1097 if (env) {
1098 saved_tb = env->current_tb;
1099 env->current_tb = NULL;
1100 }
9fa3e853 1101 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1102 if (env) {
1103 env->current_tb = saved_tb;
1104 if (env->interrupt_request && env->current_tb)
1105 cpu_interrupt(env, env->interrupt_request);
1106 }
9fa3e853
FB		 1107 }
1108 tb = tb_next;
1109 }
1110#if !defined(CONFIG_USER_ONLY)
1111 /* if no code remaining, no need to continue to use slow writes */
1112 if (!p->first_tb) {
1113 invalidate_page_bitmap(p);
d720b93d 1114 if (is_cpu_write_access) {
2e70f6ef 1115 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1116 }
1117 }
1118#endif
1119#ifdef TARGET_HAS_PRECISE_SMC
1120 if (current_tb_modified) {
1121 /* we generate a block containing just the instruction
1122 modifying the memory. It will ensure that it cannot modify
1123 itself */
ea1c1802 1124 env->current_tb = NULL;
2e70f6ef 1125 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1126 cpu_resume_from_signal(env, NULL);
9fa3e853 1127 }
fd6ce8f6 1128#endif
9fa3e853 1129}
fd6ce8f6 1130
9fa3e853 1131/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1132static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1133{
1134 PageDesc *p;
1135 int offset, b;
59817ccb 1136#if 0
a4193c8a 1137 if (1) {
93fcfe39
AL		 1138 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1139 cpu_single_env->mem_io_vaddr, len,
1140 cpu_single_env->eip,
1141 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1142 }
1143#endif
9fa3e853 1144 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1145 if (!p)
9fa3e853
FB		 1146 return;
1147 if (p->code_bitmap) {
1148 offset = start & ~TARGET_PAGE_MASK;
1149 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1150 if (b & ((1 << len) - 1))
1151 goto do_invalidate;
1152 } else {
1153 do_invalidate:
d720b93d 1154 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1155 }
1156}
1157
9fa3e853 1158#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1159static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1160 unsigned long pc, void *puc)
9fa3e853 1161{
6b917547 1162 TranslationBlock *tb;
9fa3e853 1163 PageDesc *p;
6b917547 1164 int n;
d720b93d 1165#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1166 TranslationBlock *current_tb = NULL;
d720b93d 1167 CPUState *env = cpu_single_env;
6b917547
AL		 1168 int current_tb_modified = 0;
1169 target_ulong current_pc = 0;
1170 target_ulong current_cs_base = 0;
1171 int current_flags = 0;
d720b93d 1172#endif
9fa3e853
FB		 1173
1174 addr &= TARGET_PAGE_MASK;
1175 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1176 if (!p)
9fa3e853
FB		 1177 return;
1178 tb = p->first_tb;
d720b93d
FB		 1179#ifdef TARGET_HAS_PRECISE_SMC
1180 if (tb && pc != 0) {
1181 current_tb = tb_find_pc(pc);
1182 }
1183#endif
9fa3e853
FB		 1184 while (tb != NULL) {
1185 n = (long)tb & 3;
1186 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1187#ifdef TARGET_HAS_PRECISE_SMC
1188 if (current_tb == tb &&
2e70f6ef 1189 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1190 /* If we are modifying the current TB, we must stop
1191 its execution. We could be more precise by checking
1192 that the modification is after the current PC, but it
1193 would require a specialized function to partially
1194 restore the CPU state */
3b46e624 1195
d720b93d 1196 current_tb_modified = 1;
618ba8e6 1197 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1198 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1199 &current_flags);
d720b93d
FB		 1200 }
1201#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1202 tb_phys_invalidate(tb, addr);
1203 tb = tb->page_next[n];
1204 }
fd6ce8f6 1205 p->first_tb = NULL;
d720b93d
FB		 1206#ifdef TARGET_HAS_PRECISE_SMC
1207 if (current_tb_modified) {
1208 /* we generate a block containing just the instruction
1209 modifying the memory. It will ensure that it cannot modify
1210 itself */
ea1c1802 1211 env->current_tb = NULL;
2e70f6ef 1212 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1213 cpu_resume_from_signal(env, puc);
1214 }
1215#endif
fd6ce8f6 1216}
9fa3e853 1217#endif
fd6ce8f6
FB		 1218
1219/* add the tb in the target page and protect it if necessary */
5fafdf24 1220static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1221 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1222{
1223 PageDesc *p;
4429ab44
JQ		 1224#ifndef CONFIG_USER_ONLY
1225 bool page_already_protected;
1226#endif
9fa3e853
FB		 1227
1228 tb->page_addr[n] = page_addr;
5cd2c5b6 1229 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1230 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1231#ifndef CONFIG_USER_ONLY
1232 page_already_protected = p->first_tb != NULL;
1233#endif
9fa3e853
FB		 1234 p->first_tb = (TranslationBlock *)((long)tb | n);
1235 invalidate_page_bitmap(p);
fd6ce8f6 1236
107db443 1237#if defined(TARGET_HAS_SMC) || 1
d720b93d 1238
9fa3e853 1239#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1240 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1241 target_ulong addr;
1242 PageDesc *p2;
9fa3e853
FB		 1243 int prot;
1244
fd6ce8f6
FB		 1245 /* force the host page as non writable (writes will have a
1246 page fault + mprotect overhead) */
53a5960a 1247 page_addr &= qemu_host_page_mask;
fd6ce8f6 1248 prot = 0;
53a5960a
PB		 1249 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1250 addr += TARGET_PAGE_SIZE) {
1251
1252 p2 = page_find (addr >> TARGET_PAGE_BITS);
1253 if (!p2)
1254 continue;
1255 prot |= p2->flags;
1256 p2->flags &= ~PAGE_WRITE;
53a5960a 1257 }
5fafdf24 1258 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1259 (prot & PAGE_BITS) & ~PAGE_WRITE);
1260#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1261 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1262 page_addr);
fd6ce8f6 1263#endif
fd6ce8f6 1264 }
9fa3e853
FB		 1265#else
1266 /* if some code is already present, then the pages are already
1267 protected. So we handle the case where only the first TB is
1268 allocated in a physical page */
4429ab44 1269 if (!page_already_protected) {
6a00d601 1270 tlb_protect_code(page_addr);
9fa3e853
FB		 1271 }
1272#endif
d720b93d
FB		 1273
1274#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1275}
1276
9fa3e853
FB		 1277/* add a new TB and link it to the physical page tables. phys_page2 is
1278 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1279void tb_link_page(TranslationBlock *tb,
1280 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1281{
9fa3e853
FB		 1282 unsigned int h;
1283 TranslationBlock **ptb;
1284
c8a706fe
PB		 1285 /* Grab the mmap lock to stop another thread invalidating this TB
1286 before we are done. */
1287 mmap_lock();
9fa3e853
FB		 1288 /* add in the physical hash table */
1289 h = tb_phys_hash_func(phys_pc);
1290 ptb = &tb_phys_hash[h];
1291 tb->phys_hash_next = *ptb;
1292 *ptb = tb;
fd6ce8f6
FB		 1293
1294 /* add in the page list */
9fa3e853
FB		 1295 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1296 if (phys_page2 != -1)
1297 tb_alloc_page(tb, 1, phys_page2);
1298 else
1299 tb->page_addr[1] = -1;
9fa3e853 1300
d4e8164f
FB		 1301 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1302 tb->jmp_next[0] = NULL;
1303 tb->jmp_next[1] = NULL;
1304
1305 /* init original jump addresses */
1306 if (tb->tb_next_offset[0] != 0xffff)
1307 tb_reset_jump(tb, 0);
1308 if (tb->tb_next_offset[1] != 0xffff)
1309 tb_reset_jump(tb, 1);
8a40a180
FB		 1310
1311#ifdef DEBUG_TB_CHECK
1312 tb_page_check();
1313#endif
c8a706fe 1314 mmap_unlock();
fd6ce8f6
FB		 1315}
1316
9fa3e853
FB		 1317/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1318 tb[1].tc_ptr. Return NULL if not found */
1319TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1320{
9fa3e853
FB		 1321 int m_min, m_max, m;
1322 unsigned long v;
1323 TranslationBlock *tb;
a513fe19
FB		 1324
1325 if (nb_tbs <= 0)
1326 return NULL;
1327 if (tc_ptr < (unsigned long)code_gen_buffer ||
1328 tc_ptr >= (unsigned long)code_gen_ptr)
1329 return NULL;
1330 /* binary search (cf Knuth) */
1331 m_min = 0;
1332 m_max = nb_tbs - 1;
1333 while (m_min <= m_max) {
1334 m = (m_min + m_max) >> 1;
1335 tb = &tbs[m];
1336 v = (unsigned long)tb->tc_ptr;
1337 if (v == tc_ptr)
1338 return tb;
1339 else if (tc_ptr < v) {
1340 m_max = m - 1;
1341 } else {
1342 m_min = m + 1;
1343 }
5fafdf24 1344 }
a513fe19
FB		 1345 return &tbs[m_max];
1346}
7501267e 1347
ea041c0e
FB		 1348static void tb_reset_jump_recursive(TranslationBlock *tb);
1349
1350static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1351{
1352 TranslationBlock *tb1, *tb_next, **ptb;
1353 unsigned int n1;
1354
1355 tb1 = tb->jmp_next[n];
1356 if (tb1 != NULL) {
1357 /* find head of list */
1358 for(;;) {
1359 n1 = (long)tb1 & 3;
1360 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1361 if (n1 == 2)
1362 break;
1363 tb1 = tb1->jmp_next[n1];
1364 }
1365 /* we are now sure now that tb jumps to tb1 */
1366 tb_next = tb1;
1367
1368 /* remove tb from the jmp_first list */
1369 ptb = &tb_next->jmp_first;
1370 for(;;) {
1371 tb1 = *ptb;
1372 n1 = (long)tb1 & 3;
1373 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1374 if (n1 == n && tb1 == tb)
1375 break;
1376 ptb = &tb1->jmp_next[n1];
1377 }
1378 *ptb = tb->jmp_next[n];
1379 tb->jmp_next[n] = NULL;
3b46e624 1380
ea041c0e
FB		 1381 /* suppress the jump to next tb in generated code */
1382 tb_reset_jump(tb, n);
1383
0124311e 1384 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1385 tb_reset_jump_recursive(tb_next);
1386 }
1387}
1388
1389static void tb_reset_jump_recursive(TranslationBlock *tb)
1390{
1391 tb_reset_jump_recursive2(tb, 0);
1392 tb_reset_jump_recursive2(tb, 1);
1393}
1394
1fddef4b 1395#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1396#if defined(CONFIG_USER_ONLY)
1397static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1398{
1399 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1400}
1401#else
d720b93d
FB		 1402static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1403{
c227f099 1404 target_phys_addr_t addr;
9b3c35e0 1405 target_ulong pd;
c227f099 1406 ram_addr_t ram_addr;
c2f07f81 1407 PhysPageDesc *p;
d720b93d 1408
c2f07f81
PB		 1409 addr = cpu_get_phys_page_debug(env, pc);
1410 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1411 if (!p) {
1412 pd = IO_MEM_UNASSIGNED;
1413 } else {
1414 pd = p->phys_offset;
1415 }
1416 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1417 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1418}
c27004ec 1419#endif
94df27fd 1420#endif /* TARGET_HAS_ICE */
d720b93d 1421
c527ee8f
PB		 1422#if defined(CONFIG_USER_ONLY)
1423void cpu_watchpoint_remove_all(CPUState *env, int mask)
1424
1425{
1426}
1427
1428int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1429 int flags, CPUWatchpoint **watchpoint)
1430{
1431 return -ENOSYS;
1432}
1433#else
6658ffb8 1434/* Add a watchpoint. */
a1d1bb31
AL		 1435int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1436 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1437{
b4051334 1438 target_ulong len_mask = ~(len - 1);
c0ce998e 1439 CPUWatchpoint *wp;
6658ffb8 1440
b4051334
AL		 1441 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1442 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1443 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1444 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1445 return -EINVAL;
1446 }
7267c094 1447 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1448
1449 wp->vaddr = addr;
b4051334 1450 wp->len_mask = len_mask;
a1d1bb31
AL		 1451 wp->flags = flags;
1452
2dc9f411 1453 /* keep all GDB-injected watchpoints in front */
c0ce998e 1454 if (flags & BP_GDB)
72cf2d4f 1455 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1456 else
72cf2d4f 1457 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1458
6658ffb8 1459 tlb_flush_page(env, addr);
a1d1bb31
AL		 1460
1461 if (watchpoint)
1462 *watchpoint = wp;
1463 return 0;
6658ffb8
PB		 1464}
1465
a1d1bb31
AL		 1466/* Remove a specific watchpoint. */
1467int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1468 int flags)
6658ffb8 1469{
b4051334 1470 target_ulong len_mask = ~(len - 1);
a1d1bb31 1471 CPUWatchpoint *wp;
6658ffb8 1472
72cf2d4f 1473 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1474 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1475 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1476 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1477 return 0;
1478 }
1479 }
a1d1bb31 1480 return -ENOENT;
6658ffb8
PB		 1481}
1482
a1d1bb31
AL		 1483/* Remove a specific watchpoint by reference. */
1484void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1485{
72cf2d4f 1486 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1487
a1d1bb31
AL		 1488 tlb_flush_page(env, watchpoint->vaddr);
1489
7267c094 1490 g_free(watchpoint);
a1d1bb31
AL		 1491}
1492
1493/* Remove all matching watchpoints. */
1494void cpu_watchpoint_remove_all(CPUState *env, int mask)
1495{
c0ce998e 1496 CPUWatchpoint *wp, *next;
a1d1bb31 1497
72cf2d4f 1498 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1499 if (wp->flags & mask)
1500 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1501 }
7d03f82f 1502}
c527ee8f 1503#endif
7d03f82f 1504
a1d1bb31
AL		 1505/* Add a breakpoint. */
1506int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1507 CPUBreakpoint **breakpoint)
4c3a88a2 1508{
1fddef4b 1509#if defined(TARGET_HAS_ICE)
c0ce998e 1510 CPUBreakpoint *bp;
3b46e624 1511
7267c094 1512 bp = g_malloc(sizeof(*bp));
4c3a88a2 1513
a1d1bb31
AL		 1514 bp->pc = pc;
1515 bp->flags = flags;
1516
2dc9f411 1517 /* keep all GDB-injected breakpoints in front */
c0ce998e 1518 if (flags & BP_GDB)
72cf2d4f 1519 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1520 else
72cf2d4f 1521 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1522
d720b93d 1523 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1524
1525 if (breakpoint)
1526 *breakpoint = bp;
4c3a88a2
FB		 1527 return 0;
1528#else
a1d1bb31 1529 return -ENOSYS;
4c3a88a2
FB		 1530#endif
1531}
1532
a1d1bb31
AL		 1533/* Remove a specific breakpoint. */
1534int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1535{
7d03f82f 1536#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1537 CPUBreakpoint *bp;
1538
72cf2d4f 1539 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1540 if (bp->pc == pc && bp->flags == flags) {
1541 cpu_breakpoint_remove_by_ref(env, bp);
1542 return 0;
1543 }
7d03f82f 1544 }
a1d1bb31
AL		 1545 return -ENOENT;
1546#else
1547 return -ENOSYS;
7d03f82f
EI		 1548#endif
1549}
1550
a1d1bb31
AL		 1551/* Remove a specific breakpoint by reference. */
1552void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1553{
1fddef4b 1554#if defined(TARGET_HAS_ICE)
72cf2d4f 1555 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1556
a1d1bb31
AL		 1557 breakpoint_invalidate(env, breakpoint->pc);
1558
7267c094 1559 g_free(breakpoint);
a1d1bb31
AL		 1560#endif
1561}
1562
1563/* Remove all matching breakpoints. */
1564void cpu_breakpoint_remove_all(CPUState *env, int mask)
1565{
1566#if defined(TARGET_HAS_ICE)
c0ce998e 1567 CPUBreakpoint *bp, *next;
a1d1bb31 1568
72cf2d4f 1569 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1570 if (bp->flags & mask)
1571 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1572 }
4c3a88a2
FB		 1573#endif
1574}
1575
c33a346e
FB		 1576/* enable or disable single step mode. EXCP_DEBUG is returned by the
1577 CPU loop after each instruction */
1578void cpu_single_step(CPUState *env, int enabled)
1579{
1fddef4b 1580#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1581 if (env->singlestep_enabled != enabled) {
1582 env->singlestep_enabled = enabled;
e22a25c9
AL		 1583 if (kvm_enabled())
1584 kvm_update_guest_debug(env, 0);
1585 else {
ccbb4d44 1586 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1587 /* XXX: only flush what is necessary */
1588 tb_flush(env);
1589 }
c33a346e
FB		 1590 }
1591#endif
1592}
1593
34865134
FB		 1594/* enable or disable low levels log */
1595void cpu_set_log(int log_flags)
1596{
1597 loglevel = log_flags;
1598 if (loglevel && !logfile) {
11fcfab4 1599 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1600 if (!logfile) {
1601 perror(logfilename);
1602 _exit(1);
1603 }
9fa3e853
FB		 1604#if !defined(CONFIG_SOFTMMU)
1605 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1606 {
b55266b5 1607 static char logfile_buf[4096];
9fa3e853
FB		 1608 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1609 }
bf65f53f
FN		 1610#elif !defined(_WIN32)
1611 /* Win32 doesn't support line-buffering and requires size >= 2 */
34865134 1612 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1613#endif
e735b91c
PB		 1614 log_append = 1;
1615 }
1616 if (!loglevel && logfile) {
1617 fclose(logfile);
1618 logfile = NULL;
34865134
FB		 1619 }
1620}
1621
1622void cpu_set_log_filename(const char *filename)
1623{
1624 logfilename = strdup(filename);
e735b91c
PB		 1625 if (logfile) {
1626 fclose(logfile);
1627 logfile = NULL;
1628 }
1629 cpu_set_log(loglevel);
34865134 1630}
c33a346e 1631
3098dba0 1632static void cpu_unlink_tb(CPUState *env)
ea041c0e 1633{
3098dba0
AJ		 1634 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1635 problem and hope the cpu will stop of its own accord. For userspace
1636 emulation this often isn't actually as bad as it sounds. Often
1637 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1638 TranslationBlock *tb;
c227f099 1639 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1640
cab1b4bd 1641 spin_lock(&interrupt_lock);
3098dba0
AJ		 1642 tb = env->current_tb;
1643 /* if the cpu is currently executing code, we must unlink it and
1644 all the potentially executing TB */
f76cfe56 1645 if (tb) {
3098dba0
AJ		 1646 env->current_tb = NULL;
1647 tb_reset_jump_recursive(tb);
be214e6c 1648 }
cab1b4bd 1649 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1650}
1651
97ffbd8d 1652#ifndef CONFIG_USER_ONLY
3098dba0 1653/* mask must never be zero, except for A20 change call */
ec6959d0 1654static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1655{
1656 int old_mask;
be214e6c 1657
2e70f6ef 1658 old_mask = env->interrupt_request;
68a79315 1659 env->interrupt_request |= mask;
3098dba0 1660
8edac960
AL		 1661 /*
1662 * If called from iothread context, wake the target cpu in
1663 * case its halted.
1664 */
b7680cb6 1665 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1666 qemu_cpu_kick(env);
1667 return;
1668 }
8edac960 1669
2e70f6ef 1670 if (use_icount) {
266910c4 1671 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1672 if (!can_do_io(env)
be214e6c 1673 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1674 cpu_abort(env, "Raised interrupt while not in I/O function");
1675 }
2e70f6ef 1676 } else {
3098dba0 1677 cpu_unlink_tb(env);
ea041c0e
FB		 1678 }
1679}
1680
ec6959d0
JK		 1681CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1682
97ffbd8d
JK		 1683#else /* CONFIG_USER_ONLY */
1684
1685void cpu_interrupt(CPUState *env, int mask)
1686{
1687 env->interrupt_request |= mask;
1688 cpu_unlink_tb(env);
1689}
1690#endif /* CONFIG_USER_ONLY */
1691
b54ad049
FB		 1692void cpu_reset_interrupt(CPUState *env, int mask)
1693{
1694 env->interrupt_request &= ~mask;
1695}
1696
3098dba0
AJ		 1697void cpu_exit(CPUState *env)
1698{
1699 env->exit_request = 1;
1700 cpu_unlink_tb(env);
1701}
1702
c7cd6a37 1703const CPULogItem cpu_log_items[] = {
5fafdf24 1704 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1705 "show generated host assembly code for each compiled TB" },
1706 { CPU_LOG_TB_IN_ASM, "in_asm",
1707 "show target assembly code for each compiled TB" },
5fafdf24 1708 { CPU_LOG_TB_OP, "op",
57fec1fe 1709 "show micro ops for each compiled TB" },
f193c797 1710 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1711 "show micro ops "
1712#ifdef TARGET_I386
1713 "before eflags optimization and "
f193c797 1714#endif
e01a1157 1715 "after liveness analysis" },
f193c797
FB		 1716 { CPU_LOG_INT, "int",
1717 "show interrupts/exceptions in short format" },
1718 { CPU_LOG_EXEC, "exec",
1719 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1720 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1721 "show CPU state before block translation" },
f193c797
FB		 1722#ifdef TARGET_I386
1723 { CPU_LOG_PCALL, "pcall",
1724 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1725 { CPU_LOG_RESET, "cpu_reset",
1726 "show CPU state before CPU resets" },
f193c797 1727#endif
8e3a9fd2 1728#ifdef DEBUG_IOPORT
fd872598
FB		 1729 { CPU_LOG_IOPORT, "ioport",
1730 "show all i/o ports accesses" },
8e3a9fd2 1731#endif
f193c797
FB		 1732 { 0, NULL, NULL },
1733};
1734
f6f3fbca
MT		 1735#ifndef CONFIG_USER_ONLY
1736static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1737 = QLIST_HEAD_INITIALIZER(memory_client_list);
1738
1739static void cpu_notify_set_memory(target_phys_addr_t start_addr,
9742bf26 1740 ram_addr_t size,
0fd542fb
MT		 1741 ram_addr_t phys_offset,
1742 bool log_dirty)
f6f3fbca
MT		 1743{
1744 CPUPhysMemoryClient *client;
1745 QLIST_FOREACH(client, &memory_client_list, list) {
0fd542fb 1746 client->set_memory(client, start_addr, size, phys_offset, log_dirty);
f6f3fbca
MT		 1747 }
1748}
1749
1750static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
9742bf26 1751 target_phys_addr_t end)
f6f3fbca
MT		 1752{
1753 CPUPhysMemoryClient *client;
1754 QLIST_FOREACH(client, &memory_client_list, list) {
1755 int r = client->sync_dirty_bitmap(client, start, end);
1756 if (r < 0)
1757 return r;
1758 }
1759 return 0;
1760}
1761
1762static int cpu_notify_migration_log(int enable)
1763{
1764 CPUPhysMemoryClient *client;
1765 QLIST_FOREACH(client, &memory_client_list, list) {
1766 int r = client->migration_log(client, enable);
1767 if (r < 0)
1768 return r;
1769 }
1770 return 0;
1771}
1772
2173a75f
AW		 1773struct last_map {
1774 target_phys_addr_t start_addr;
1775 ram_addr_t size;
1776 ram_addr_t phys_offset;
1777};
1778
8d4c78e7
AW		 1779/* The l1_phys_map provides the upper P_L1_BITs of the guest physical
1780 * address. Each intermediate table provides the next L2_BITs of guest
1781 * physical address space. The number of levels vary based on host and
1782 * guest configuration, making it efficient to build the final guest
1783 * physical address by seeding the L1 offset and shifting and adding in
1784 * each L2 offset as we recurse through them. */
2173a75f
AW		 1785static void phys_page_for_each_1(CPUPhysMemoryClient *client, int level,
1786 void **lp, target_phys_addr_t addr,
1787 struct last_map *map)
f6f3fbca 1788{
5cd2c5b6 1789 int i;
f6f3fbca 1790
5cd2c5b6
RH		 1791 if (*lp == NULL) {
1792 return;
1793 }
1794 if (level == 0) {
1795 PhysPageDesc *pd = *lp;
8d4c78e7 1796 addr <<= L2_BITS + TARGET_PAGE_BITS;
7296abac 1797 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6 1798 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
2173a75f
AW		 1799 target_phys_addr_t start_addr = addr | i << TARGET_PAGE_BITS;
1800
1801 if (map->size &&
1802 start_addr == map->start_addr + map->size &&
1803 pd[i].phys_offset == map->phys_offset + map->size) {
1804
1805 map->size += TARGET_PAGE_SIZE;
1806 continue;
1807 } else if (map->size) {
1808 client->set_memory(client, map->start_addr,
1809 map->size, map->phys_offset, false);
1810 }
1811
1812 map->start_addr = start_addr;
1813 map->size = TARGET_PAGE_SIZE;
1814 map->phys_offset = pd[i].phys_offset;
f6f3fbca 1815 }
5cd2c5b6
RH		 1816 }
1817 } else {
1818 void **pp = *lp;
7296abac 1819 for (i = 0; i < L2_SIZE; ++i) {
8d4c78e7 1820 phys_page_for_each_1(client, level - 1, pp + i,
2173a75f 1821 (addr << L2_BITS) | i, map);
f6f3fbca
MT		 1822 }
1823 }
1824}
1825
1826static void phys_page_for_each(CPUPhysMemoryClient *client)
1827{
5cd2c5b6 1828 int i;
2173a75f
AW		 1829 struct last_map map = { };
1830
5cd2c5b6
RH		 1831 for (i = 0; i < P_L1_SIZE; ++i) {
1832 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
2173a75f
AW		 1833 l1_phys_map + i, i, &map);
1834 }
1835 if (map.size) {
1836 client->set_memory(client, map.start_addr, map.size, map.phys_offset,
1837 false);
f6f3fbca 1838 }
f6f3fbca
MT		 1839}
1840
1841void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1842{
1843 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1844 phys_page_for_each(client);
1845}
1846
1847void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1848{
1849 QLIST_REMOVE(client, list);
1850}
1851#endif
1852
f193c797
FB		 1853static int cmp1(const char *s1, int n, const char *s2)
1854{
1855 if (strlen(s2) != n)
1856 return 0;
1857 return memcmp(s1, s2, n) == 0;
1858}
3b46e624 1859
f193c797
FB		 1860/* takes a comma separated list of log masks. Return 0 if error. */
1861int cpu_str_to_log_mask(const char *str)
1862{
c7cd6a37 1863 const CPULogItem *item;
f193c797
FB		 1864 int mask;
1865 const char *p, *p1;
1866
1867 p = str;
1868 mask = 0;
1869 for(;;) {
1870 p1 = strchr(p, ',');
1871 if (!p1)
1872 p1 = p + strlen(p);
9742bf26
YT		 1873 if(cmp1(p,p1-p,"all")) {
1874 for(item = cpu_log_items; item->mask != 0; item++) {
1875 mask |= item->mask;
1876 }
1877 } else {
1878 for(item = cpu_log_items; item->mask != 0; item++) {
1879 if (cmp1(p, p1 - p, item->name))
1880 goto found;
1881 }
1882 return 0;
f193c797 1883 }
f193c797
FB		 1884 found:
1885 mask |= item->mask;
1886 if (*p1 != ',')
1887 break;
1888 p = p1 + 1;
1889 }
1890 return mask;
1891}
ea041c0e 1892
7501267e
FB		 1893void cpu_abort(CPUState *env, const char *fmt, ...)
1894{
1895 va_list ap;
493ae1f0 1896 va_list ap2;
7501267e
FB		 1897
1898 va_start(ap, fmt);
493ae1f0 1899 va_copy(ap2, ap);
7501267e
FB		 1900 fprintf(stderr, "qemu: fatal: ");
1901 vfprintf(stderr, fmt, ap);
1902 fprintf(stderr, "\n");
1903#ifdef TARGET_I386
7fe48483
FB		 1904 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1905#else
1906 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1907#endif
93fcfe39
AL		 1908 if (qemu_log_enabled()) {
1909 qemu_log("qemu: fatal: ");
1910 qemu_log_vprintf(fmt, ap2);
1911 qemu_log("\n");
f9373291 1912#ifdef TARGET_I386
93fcfe39 1913 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1914#else
93fcfe39 1915 log_cpu_state(env, 0);
f9373291 1916#endif
31b1a7b4 1917 qemu_log_flush();
93fcfe39 1918 qemu_log_close();
924edcae 1919 }
493ae1f0 1920 va_end(ap2);
f9373291 1921 va_end(ap);
fd052bf6
RV		 1922#if defined(CONFIG_USER_ONLY)
1923 {
1924 struct sigaction act;
1925 sigfillset(&act.sa_mask);
1926 act.sa_handler = SIG_DFL;
1927 sigaction(SIGABRT, &act, NULL);
1928 }
1929#endif
7501267e
FB		 1930 abort();
1931}
1932
c5be9f08
TS		 1933CPUState *cpu_copy(CPUState *env)
1934{
01ba9816 1935 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1936 CPUState *next_cpu = new_env->next_cpu;
1937 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1938#if defined(TARGET_HAS_ICE)
1939 CPUBreakpoint *bp;
1940 CPUWatchpoint *wp;
1941#endif
1942
c5be9f08 1943 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1944
1945 /* Preserve chaining and index. */
c5be9f08
TS		 1946 new_env->next_cpu = next_cpu;
1947 new_env->cpu_index = cpu_index;
5a38f081
AL		 1948
1949 /* Clone all break/watchpoints.
1950 Note: Once we support ptrace with hw-debug register access, make sure
1951 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1952 QTAILQ_INIT(&env->breakpoints);
1953 QTAILQ_INIT(&env->watchpoints);
5a38f081 1954#if defined(TARGET_HAS_ICE)
72cf2d4f 1955 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1956 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1957 }
72cf2d4f 1958 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1959 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1960 wp->flags, NULL);
1961 }
1962#endif
1963
c5be9f08
TS		 1964 return new_env;
1965}
1966
0124311e
FB		 1967#if !defined(CONFIG_USER_ONLY)
1968
5c751e99
EI		 1969static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1970{
1971 unsigned int i;
1972
1973 /* Discard jump cache entries for any tb which might potentially
1974 overlap the flushed page. */
1975 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1976 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1977 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1978
1979 i = tb_jmp_cache_hash_page(addr);
1980 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1981 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1982}
1983
08738984
IK		 1984static CPUTLBEntry s_cputlb_empty_entry = {
1985 .addr_read = -1,
1986 .addr_write = -1,
1987 .addr_code = -1,
1988 .addend = -1,
1989};
1990
ee8b7021
FB		 1991/* NOTE: if flush_global is true, also flush global entries (not
1992 implemented yet) */
1993void tlb_flush(CPUState *env, int flush_global)
33417e70 1994{
33417e70 1995 int i;
0124311e 1996
9fa3e853
FB		 1997#if defined(DEBUG_TLB)
1998 printf("tlb_flush:\n");
1999#endif
0124311e
FB		 2000 /* must reset current TB so that interrupts cannot modify the
2001 links while we are modifying them */
2002 env->current_tb = NULL;
2003
33417e70 2004 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 2005 int mmu_idx;
2006 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 2007 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 2008 }
33417e70 2009 }
9fa3e853 2010
8a40a180 2011 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 2012
d4c430a8
PB		 2013 env->tlb_flush_addr = -1;
2014 env->tlb_flush_mask = 0;
e3db7226 2015 tlb_flush_count++;
33417e70
FB		 2016}
2017
274da6b2 2018static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 2019{
5fafdf24 2020 if (addr == (tlb_entry->addr_read &
84b7b8e7 2021 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 2022 addr == (tlb_entry->addr_write &
84b7b8e7 2023 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 2024 addr == (tlb_entry->addr_code &
84b7b8e7 2025 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 2026 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 2027 }
61382a50
FB		 2028}
2029
2e12669a 2030void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 2031{
8a40a180 2032 int i;
cfde4bd9 2033 int mmu_idx;
0124311e 2034
9fa3e853 2035#if defined(DEBUG_TLB)
108c49b8 2036 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 2037#endif
d4c430a8
PB		 2038 /* Check if we need to flush due to large pages. */
2039 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
2040#if defined(DEBUG_TLB)
2041 printf("tlb_flush_page: forced full flush ("
2042 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2043 env->tlb_flush_addr, env->tlb_flush_mask);
2044#endif
2045 tlb_flush(env, 1);
2046 return;
2047 }
0124311e
FB		 2048 /* must reset current TB so that interrupts cannot modify the
2049 links while we are modifying them */
2050 env->current_tb = NULL;
61382a50
FB		 2051
2052 addr &= TARGET_PAGE_MASK;
2053 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2054 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2055 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 2056
5c751e99 2057 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 2058}
2059
9fa3e853
FB		 2060/* update the TLBs so that writes to code in the virtual page 'addr'
2061 can be detected */
c227f099 2062static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 2063{
5fafdf24 2064 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 2065 ram_addr + TARGET_PAGE_SIZE,
2066 CODE_DIRTY_FLAG);
9fa3e853
FB		 2067}
2068
9fa3e853 2069/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 2070 tested for self modifying code */
c227f099 2071static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 2072 target_ulong vaddr)
9fa3e853 2073{
f7c11b53 2074 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 2075}
2076
5fafdf24 2077static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 2078 unsigned long start, unsigned long length)
2079{
2080 unsigned long addr;
84b7b8e7
FB		 2081 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2082 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 2083 if ((addr - start) < length) {
0f459d16 2084 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 2085 }
2086 }
2087}
2088
5579c7f3 2089/* Note: start and end must be within the same ram block. */
c227f099 2090void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 2091 int dirty_flags)
1ccde1cb
FB		 2092{
2093 CPUState *env;
4f2ac237 2094 unsigned long length, start1;
f7c11b53 2095 int i;
1ccde1cb
FB		 2096
2097 start &= TARGET_PAGE_MASK;
2098 end = TARGET_PAGE_ALIGN(end);
2099
2100 length = end - start;
2101 if (length == 0)
2102 return;
f7c11b53 2103 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2104
1ccde1cb
FB		 2105 /* we modify the TLB cache so that the dirty bit will be set again
2106 when accessing the range */
b2e0a138 2107 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2108 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2109 address comparisons below. */
b2e0a138 2110 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2111 != (end - 1) - start) {
2112 abort();
2113 }
2114
6a00d601 2115 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2116 int mmu_idx;
2117 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2118 for(i = 0; i < CPU_TLB_SIZE; i++)
2119 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2120 start1, length);
2121 }
6a00d601 2122 }
1ccde1cb
FB		 2123}
2124
74576198
AL		 2125int cpu_physical_memory_set_dirty_tracking(int enable)
2126{
f6f3fbca 2127 int ret = 0;
74576198 2128 in_migration = enable;
f6f3fbca
MT		 2129 ret = cpu_notify_migration_log(!!enable);
2130 return ret;
74576198
AL		 2131}
2132
2133int cpu_physical_memory_get_dirty_tracking(void)
2134{
2135 return in_migration;
2136}
2137
c227f099
AL		 2138int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2139 target_phys_addr_t end_addr)
2bec46dc 2140{
7b8f3b78 2141 int ret;
151f7749 2142
f6f3fbca 2143 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
151f7749 2144 return ret;
2bec46dc
AL		 2145}
2146
e5896b12
AP		 2147int cpu_physical_log_start(target_phys_addr_t start_addr,
2148 ram_addr_t size)
2149{
2150 CPUPhysMemoryClient *client;
2151 QLIST_FOREACH(client, &memory_client_list, list) {
2152 if (client->log_start) {
2153 int r = client->log_start(client, start_addr, size);
2154 if (r < 0) {
2155 return r;
2156 }
2157 }
2158 }
2159 return 0;
2160}
2161
2162int cpu_physical_log_stop(target_phys_addr_t start_addr,
2163 ram_addr_t size)
2164{
2165 CPUPhysMemoryClient *client;
2166 QLIST_FOREACH(client, &memory_client_list, list) {
2167 if (client->log_stop) {
2168 int r = client->log_stop(client, start_addr, size);
2169 if (r < 0) {
2170 return r;
2171 }
2172 }
2173 }
2174 return 0;
2175}
2176
3a7d929e
FB		 2177static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2178{
c227f099 2179 ram_addr_t ram_addr;
5579c7f3 2180 void *p;
3a7d929e 2181
84b7b8e7 2182 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
5579c7f3
PB		 2183 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2184 + tlb_entry->addend);
e890261f 2185 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2186 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2187 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2188 }
2189 }
2190}
2191
2192/* update the TLB according to the current state of the dirty bits */
2193void cpu_tlb_update_dirty(CPUState *env)
2194{
2195 int i;
cfde4bd9
IY		 2196 int mmu_idx;
2197 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2198 for(i = 0; i < CPU_TLB_SIZE; i++)
2199 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2200 }
3a7d929e
FB		 2201}
2202
0f459d16 2203static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2204{
0f459d16
PB		 2205 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2206 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2207}
2208
0f459d16
PB		 2209/* update the TLB corresponding to virtual page vaddr
2210 so that it is no longer dirty */
2211static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2212{
1ccde1cb 2213 int i;
cfde4bd9 2214 int mmu_idx;
1ccde1cb 2215
0f459d16 2216 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2217 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2218 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2219 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2220}
2221
d4c430a8
PB		 2222/* Our TLB does not support large pages, so remember the area covered by
2223 large pages and trigger a full TLB flush if these are invalidated. */
2224static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2225 target_ulong size)
2226{
2227 target_ulong mask = ~(size - 1);
2228
2229 if (env->tlb_flush_addr == (target_ulong)-1) {
2230 env->tlb_flush_addr = vaddr & mask;
2231 env->tlb_flush_mask = mask;
2232 return;
2233 }
2234 /* Extend the existing region to include the new page.
2235 This is a compromise between unnecessary flushes and the cost
2236 of maintaining a full variable size TLB. */
2237 mask &= env->tlb_flush_mask;
2238 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2239 mask <<= 1;
2240 }
2241 env->tlb_flush_addr &= mask;
2242 env->tlb_flush_mask = mask;
2243}
2244
2245/* Add a new TLB entry. At most one entry for a given virtual address
2246 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2247 supplied size is only used by tlb_flush_page. */
2248void tlb_set_page(CPUState *env, target_ulong vaddr,
2249 target_phys_addr_t paddr, int prot,
2250 int mmu_idx, target_ulong size)
9fa3e853 2251{
92e873b9 2252 PhysPageDesc *p;
4f2ac237 2253 unsigned long pd;
9fa3e853 2254 unsigned int index;
4f2ac237 2255 target_ulong address;
0f459d16 2256 target_ulong code_address;
355b1943 2257 unsigned long addend;
84b7b8e7 2258 CPUTLBEntry *te;
a1d1bb31 2259 CPUWatchpoint *wp;
c227f099 2260 target_phys_addr_t iotlb;
9fa3e853 2261
d4c430a8
PB		 2262 assert(size >= TARGET_PAGE_SIZE);
2263 if (size != TARGET_PAGE_SIZE) {
2264 tlb_add_large_page(env, vaddr, size);
2265 }
92e873b9 2266 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
9fa3e853
FB		 2267 if (!p) {
2268 pd = IO_MEM_UNASSIGNED;
9fa3e853
FB		 2269 } else {
2270 pd = p->phys_offset;
9fa3e853
FB		 2271 }
2272#if defined(DEBUG_TLB)
7fd3f494
SW		 2273 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2274 " prot=%x idx=%d pd=0x%08lx\n",
2275 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2276#endif
2277
0f459d16
PB		 2278 address = vaddr;
2279 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2280 /* IO memory case (romd handled later) */
2281 address |= TLB_MMIO;
2282 }
5579c7f3 2283 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
0f459d16
PB		 2284 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2285 /* Normal RAM. */
2286 iotlb = pd & TARGET_PAGE_MASK;
2287 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2288 iotlb |= IO_MEM_NOTDIRTY;
2289 else
2290 iotlb |= IO_MEM_ROM;
2291 } else {
ccbb4d44 2292 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2293 It would be nice to pass an offset from the base address
2294 of that region. This would avoid having to special case RAM,
2295 and avoid full address decoding in every device.
2296 We can't use the high bits of pd for this because
2297 IO_MEM_ROMD uses these as a ram address. */
8da3ff18
PB		 2298 iotlb = (pd & ~TARGET_PAGE_MASK);
2299 if (p) {
8da3ff18
PB		 2300 iotlb += p->region_offset;
2301 } else {
2302 iotlb += paddr;
2303 }
0f459d16
PB		 2304 }
2305
2306 code_address = address;
2307 /* Make accesses to pages with watchpoints go via the
2308 watchpoint trap routines. */
72cf2d4f 2309 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2310 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2311 /* Avoid trapping reads of pages with a write breakpoint. */
2312 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2313 iotlb = io_mem_watch + paddr;
2314 address |= TLB_MMIO;
2315 break;
2316 }
6658ffb8 2317 }
0f459d16 2318 }
d79acba4 2319
0f459d16
PB		 2320 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2321 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2322 te = &env->tlb_table[mmu_idx][index];
2323 te->addend = addend - vaddr;
2324 if (prot & PAGE_READ) {
2325 te->addr_read = address;
2326 } else {
2327 te->addr_read = -1;
2328 }
5c751e99 2329
0f459d16
PB		 2330 if (prot & PAGE_EXEC) {
2331 te->addr_code = code_address;
2332 } else {
2333 te->addr_code = -1;
2334 }
2335 if (prot & PAGE_WRITE) {
2336 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2337 (pd & IO_MEM_ROMD)) {
2338 /* Write access calls the I/O callback. */
2339 te->addr_write = address | TLB_MMIO;
2340 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2341 !cpu_physical_memory_is_dirty(pd)) {
2342 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2343 } else {
0f459d16 2344 te->addr_write = address;
9fa3e853 2345 }
0f459d16
PB		 2346 } else {
2347 te->addr_write = -1;
9fa3e853 2348 }
9fa3e853
FB		 2349}
2350
0124311e
FB		 2351#else
2352
ee8b7021 2353void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2354{
2355}
2356
2e12669a 2357void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2358{
2359}
2360
edf8e2af
MW		 2361/*
2362 * Walks guest process memory "regions" one by one
2363 * and calls callback function 'fn' for each region.
2364 */
5cd2c5b6
RH		 2365
2366struct walk_memory_regions_data
2367{
2368 walk_memory_regions_fn fn;
2369 void *priv;
2370 unsigned long start;
2371 int prot;
2372};
2373
2374static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2375 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2376{
2377 if (data->start != -1ul) {
2378 int rc = data->fn(data->priv, data->start, end, data->prot);
2379 if (rc != 0) {
2380 return rc;
2381 }
2382 }
2383
2384 data->start = (new_prot ? end : -1ul);
2385 data->prot = new_prot;
2386
2387 return 0;
2388}
2389
2390static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2391 abi_ulong base, int level, void **lp)
5cd2c5b6 2392{
b480d9b7 2393 abi_ulong pa;
5cd2c5b6
RH		 2394 int i, rc;
2395
2396 if (*lp == NULL) {
2397 return walk_memory_regions_end(data, base, 0);
2398 }
2399
2400 if (level == 0) {
2401 PageDesc *pd = *lp;
7296abac 2402 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2403 int prot = pd[i].flags;
2404
2405 pa = base | (i << TARGET_PAGE_BITS);
2406 if (prot != data->prot) {
2407 rc = walk_memory_regions_end(data, pa, prot);
2408 if (rc != 0) {
2409 return rc;
9fa3e853 2410 }
9fa3e853 2411 }
5cd2c5b6
RH		 2412 }
2413 } else {
2414 void **pp = *lp;
7296abac 2415 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2416 pa = base | ((abi_ulong)i <<
2417 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2418 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2419 if (rc != 0) {
2420 return rc;
2421 }
2422 }
2423 }
2424
2425 return 0;
2426}
2427
2428int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2429{
2430 struct walk_memory_regions_data data;
2431 unsigned long i;
2432
2433 data.fn = fn;
2434 data.priv = priv;
2435 data.start = -1ul;
2436 data.prot = 0;
2437
2438 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2439 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2440 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2441 if (rc != 0) {
2442 return rc;
9fa3e853 2443 }
33417e70 2444 }
5cd2c5b6
RH		 2445
2446 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2447}
2448
b480d9b7
PB		 2449static int dump_region(void *priv, abi_ulong start,
2450 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2451{
2452 FILE *f = (FILE *)priv;
2453
b480d9b7
PB		 2454 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2455 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2456 start, end, end - start,
2457 ((prot & PAGE_READ) ? 'r' : '-'),
2458 ((prot & PAGE_WRITE) ? 'w' : '-'),
2459 ((prot & PAGE_EXEC) ? 'x' : '-'));
2460
2461 return (0);
2462}
2463
2464/* dump memory mappings */
2465void page_dump(FILE *f)
2466{
2467 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2468 "start", "end", "size", "prot");
2469 walk_memory_regions(f, dump_region);
33417e70
FB		 2470}
2471
53a5960a 2472int page_get_flags(target_ulong address)
33417e70 2473{
9fa3e853
FB		 2474 PageDesc *p;
2475
2476 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2477 if (!p)
9fa3e853
FB		 2478 return 0;
2479 return p->flags;
2480}
2481
376a7909
RH		 2482/* Modify the flags of a page and invalidate the code if necessary.
2483 The flag PAGE_WRITE_ORG is positioned automatically depending
2484 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2485void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2486{
376a7909
RH		 2487 target_ulong addr, len;
2488
2489 /* This function should never be called with addresses outside the
2490 guest address space. If this assert fires, it probably indicates
2491 a missing call to h2g_valid. */
b480d9b7
PB		 2492#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2493 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2494#endif
2495 assert(start < end);
9fa3e853
FB		 2496
2497 start = start & TARGET_PAGE_MASK;
2498 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2499
2500 if (flags & PAGE_WRITE) {
9fa3e853 2501 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2502 }
2503
2504 for (addr = start, len = end - start;
2505 len != 0;
2506 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2507 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2508
2509 /* If the write protection bit is set, then we invalidate
2510 the code inside. */
5fafdf24 2511 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2512 (flags & PAGE_WRITE) &&
2513 p->first_tb) {
d720b93d 2514 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2515 }
2516 p->flags = flags;
2517 }
33417e70
FB		 2518}
2519
3d97b40b
TS		 2520int page_check_range(target_ulong start, target_ulong len, int flags)
2521{
2522 PageDesc *p;
2523 target_ulong end;
2524 target_ulong addr;
2525
376a7909
RH		 2526 /* This function should never be called with addresses outside the
2527 guest address space. If this assert fires, it probably indicates
2528 a missing call to h2g_valid. */
338e9e6c
BS		 2529#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2530 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2531#endif
2532
3e0650a9
RH		 2533 if (len == 0) {
2534 return 0;
2535 }
376a7909
RH		 2536 if (start + len - 1 < start) {
2537 /* We've wrapped around. */
55f280c9 2538 return -1;
376a7909 2539 }
55f280c9 2540
3d97b40b
TS		 2541 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2542 start = start & TARGET_PAGE_MASK;
2543
376a7909
RH		 2544 for (addr = start, len = end - start;
2545 len != 0;
2546 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2547 p = page_find(addr >> TARGET_PAGE_BITS);
2548 if( !p )
2549 return -1;
2550 if( !(p->flags & PAGE_VALID) )
2551 return -1;
2552
dae3270c 2553 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2554 return -1;
dae3270c
FB		 2555 if (flags & PAGE_WRITE) {
2556 if (!(p->flags & PAGE_WRITE_ORG))
2557 return -1;
2558 /* unprotect the page if it was put read-only because it
2559 contains translated code */
2560 if (!(p->flags & PAGE_WRITE)) {
2561 if (!page_unprotect(addr, 0, NULL))
2562 return -1;
2563 }
2564 return 0;
2565 }
3d97b40b
TS		 2566 }
2567 return 0;
2568}
2569
9fa3e853 2570/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2571 page. Return TRUE if the fault was successfully handled. */
53a5960a 2572int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2573{
45d679d6
AJ		 2574 unsigned int prot;
2575 PageDesc *p;
53a5960a 2576 target_ulong host_start, host_end, addr;
9fa3e853 2577
c8a706fe
PB		 2578 /* Technically this isn't safe inside a signal handler. However we
2579 know this only ever happens in a synchronous SEGV handler, so in
2580 practice it seems to be ok. */
2581 mmap_lock();
2582
45d679d6
AJ		 2583 p = page_find(address >> TARGET_PAGE_BITS);
2584 if (!p) {
c8a706fe 2585 mmap_unlock();
9fa3e853 2586 return 0;
c8a706fe 2587 }
45d679d6 2588
9fa3e853
FB		 2589 /* if the page was really writable, then we change its
2590 protection back to writable */
45d679d6
AJ		 2591 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2592 host_start = address & qemu_host_page_mask;
2593 host_end = host_start + qemu_host_page_size;
2594
2595 prot = 0;
2596 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2597 p = page_find(addr >> TARGET_PAGE_BITS);
2598 p->flags |= PAGE_WRITE;
2599 prot |= p->flags;
2600
9fa3e853
FB		 2601 /* and since the content will be modified, we must invalidate
2602 the corresponding translated code. */
45d679d6 2603 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2604#ifdef DEBUG_TB_CHECK
45d679d6 2605 tb_invalidate_check(addr);
9fa3e853 2606#endif
9fa3e853 2607 }
45d679d6
AJ		 2608 mprotect((void *)g2h(host_start), qemu_host_page_size,
2609 prot & PAGE_BITS);
2610
2611 mmap_unlock();
2612 return 1;
9fa3e853 2613 }
c8a706fe 2614 mmap_unlock();
9fa3e853
FB		 2615 return 0;
2616}
2617
6a00d601
FB		 2618static inline void tlb_set_dirty(CPUState *env,
2619 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2620{
2621}
9fa3e853
FB		 2622#endif /* defined(CONFIG_USER_ONLY) */
2623
e2eef170 2624#if !defined(CONFIG_USER_ONLY)
8da3ff18 2625
c04b2b78
PB		 2626#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2627typedef struct subpage_t {
2628 target_phys_addr_t base;
f6405247
RH		 2629 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2630 ram_addr_t region_offset[TARGET_PAGE_SIZE];
c04b2b78
PB		 2631} subpage_t;
2632
c227f099
AL		 2633static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2634 ram_addr_t memory, ram_addr_t region_offset);
f6405247
RH		 2635static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2636 ram_addr_t orig_memory,
2637 ram_addr_t region_offset);
db7b5426
BS		 2638#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2639 need_subpage) \
2640 do { \
2641 if (addr > start_addr) \
2642 start_addr2 = 0; \
2643 else { \
2644 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2645 if (start_addr2 > 0) \
2646 need_subpage = 1; \
2647 } \
2648 \
49e9fba2 2649 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2650 end_addr2 = TARGET_PAGE_SIZE - 1; \
2651 else { \
2652 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2653 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2654 need_subpage = 1; \
2655 } \
2656 } while (0)
2657
8f2498f9
MT		 2658/* register physical memory.
2659 For RAM, 'size' must be a multiple of the target page size.
2660 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2661 io memory page. The address used when calling the IO function is
2662 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2663 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2664 before calculating this offset. This should not be a problem unless
2665 the low bits of start_addr and region_offset differ. */
0fd542fb 2666void cpu_register_physical_memory_log(target_phys_addr_t start_addr,
c227f099
AL		 2667 ram_addr_t size,
2668 ram_addr_t phys_offset,
0fd542fb
MT		 2669 ram_addr_t region_offset,
2670 bool log_dirty)
33417e70 2671{
c227f099 2672 target_phys_addr_t addr, end_addr;
92e873b9 2673 PhysPageDesc *p;
9d42037b 2674 CPUState *env;
c227f099 2675 ram_addr_t orig_size = size;
f6405247 2676 subpage_t *subpage;
33417e70 2677
3b8e6a2d 2678 assert(size);
0fd542fb 2679 cpu_notify_set_memory(start_addr, size, phys_offset, log_dirty);
f6f3fbca 2680
67c4d23c
PB		 2681 if (phys_offset == IO_MEM_UNASSIGNED) {
2682 region_offset = start_addr;
2683 }
8da3ff18 2684 region_offset &= TARGET_PAGE_MASK;
5fd386f6 2685 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2686 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2687
2688 addr = start_addr;
2689 do {
db7b5426
BS		 2690 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2691 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
c227f099
AL		 2692 ram_addr_t orig_memory = p->phys_offset;
2693 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2694 int need_subpage = 0;
2695
2696 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2697 need_subpage);
f6405247 2698 if (need_subpage) {
db7b5426
BS		 2699 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2700 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18
PB		 2701 &p->phys_offset, orig_memory,
2702 p->region_offset);
db7b5426
BS		 2703 } else {
2704 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2705 >> IO_MEM_SHIFT];
2706 }
8da3ff18
PB		 2707 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2708 region_offset);
2709 p->region_offset = 0;
db7b5426
BS		 2710 } else {
2711 p->phys_offset = phys_offset;
2712 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2713 (phys_offset & IO_MEM_ROMD))
2714 phys_offset += TARGET_PAGE_SIZE;
2715 }
2716 } else {
2717 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2718 p->phys_offset = phys_offset;
8da3ff18 2719 p->region_offset = region_offset;
db7b5426 2720 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
8da3ff18 2721 (phys_offset & IO_MEM_ROMD)) {
db7b5426 2722 phys_offset += TARGET_PAGE_SIZE;
0e8f0967 2723 } else {
c227f099 2724 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2725 int need_subpage = 0;
2726
2727 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2728 end_addr2, need_subpage);
2729
f6405247 2730 if (need_subpage) {
db7b5426 2731 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18 2732 &p->phys_offset, IO_MEM_UNASSIGNED,
67c4d23c 2733 addr & TARGET_PAGE_MASK);
db7b5426 2734 subpage_register(subpage, start_addr2, end_addr2,
8da3ff18
PB		 2735 phys_offset, region_offset);
2736 p->region_offset = 0;
db7b5426
BS		 2737 }
2738 }
2739 }
8da3ff18 2740 region_offset += TARGET_PAGE_SIZE;
3b8e6a2d
EI		 2741 addr += TARGET_PAGE_SIZE;
2742 } while (addr != end_addr);
3b46e624 2743
9d42037b
FB		 2744 /* since each CPU stores ram addresses in its TLB cache, we must
2745 reset the modified entries */
2746 /* XXX: slow ! */
2747 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2748 tlb_flush(env, 1);
2749 }
33417e70
FB		 2750}
2751
ba863458 2752/* XXX: temporary until new memory mapping API */
c227f099 2753ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
ba863458
FB		 2754{
2755 PhysPageDesc *p;
2756
2757 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2758 if (!p)
2759 return IO_MEM_UNASSIGNED;
2760 return p->phys_offset;
2761}
2762
c227f099 2763void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2764{
2765 if (kvm_enabled())
2766 kvm_coalesce_mmio_region(addr, size);
2767}
2768
c227f099 2769void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2770{
2771 if (kvm_enabled())
2772 kvm_uncoalesce_mmio_region(addr, size);
2773}
2774
62a2744c
SY		 2775void qemu_flush_coalesced_mmio_buffer(void)
2776{
2777 if (kvm_enabled())
2778 kvm_flush_coalesced_mmio_buffer();
2779}
2780
c902760f
MT		 2781#if defined(__linux__) && !defined(TARGET_S390X)
2782
2783#include <sys/vfs.h>
2784
2785#define HUGETLBFS_MAGIC 0x958458f6
2786
2787static long gethugepagesize(const char *path)
2788{
2789 struct statfs fs;
2790 int ret;
2791
2792 do {
9742bf26 2793 ret = statfs(path, &fs);
c902760f
MT		 2794 } while (ret != 0 && errno == EINTR);
2795
2796 if (ret != 0) {
9742bf26
YT		 2797 perror(path);
2798 return 0;
c902760f
MT		 2799 }
2800
2801 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2802 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2803
2804 return fs.f_bsize;
2805}
2806
04b16653
AW		 2807static void *file_ram_alloc(RAMBlock *block,
2808 ram_addr_t memory,
2809 const char *path)
c902760f
MT		 2810{
2811 char *filename;
2812 void *area;
2813 int fd;
2814#ifdef MAP_POPULATE
2815 int flags;
2816#endif
2817 unsigned long hpagesize;
2818
2819 hpagesize = gethugepagesize(path);
2820 if (!hpagesize) {
9742bf26 2821 return NULL;
c902760f
MT		 2822 }
2823
2824 if (memory < hpagesize) {
2825 return NULL;
2826 }
2827
2828 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2829 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2830 return NULL;
2831 }
2832
2833 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2834 return NULL;
c902760f
MT		 2835 }
2836
2837 fd = mkstemp(filename);
2838 if (fd < 0) {
9742bf26
YT		 2839 perror("unable to create backing store for hugepages");
2840 free(filename);
2841 return NULL;
c902760f
MT		 2842 }
2843 unlink(filename);
2844 free(filename);
2845
2846 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2847
2848 /*
2849 * ftruncate is not supported by hugetlbfs in older
2850 * hosts, so don't bother bailing out on errors.
2851 * If anything goes wrong with it under other filesystems,
2852 * mmap will fail.
2853 */
2854 if (ftruncate(fd, memory))
9742bf26 2855 perror("ftruncate");
c902760f
MT		 2856
2857#ifdef MAP_POPULATE
2858 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2859 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2860 * to sidestep this quirk.
2861 */
2862 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2863 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2864#else
2865 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2866#endif
2867 if (area == MAP_FAILED) {
9742bf26
YT		 2868 perror("file_ram_alloc: can't mmap RAM pages");
2869 close(fd);
2870 return (NULL);
c902760f 2871 }
04b16653 2872 block->fd = fd;
c902760f
MT		 2873 return area;
2874}
2875#endif
2876
d17b5288 2877static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2878{
2879 RAMBlock *block, *next_block;
f15fbc4b 2880 ram_addr_t offset = 0, mingap = RAM_ADDR_MAX;
04b16653
AW		 2881
2882 if (QLIST_EMPTY(&ram_list.blocks))
2883 return 0;
2884
2885 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2886 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2887
2888 end = block->offset + block->length;
2889
2890 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2891 if (next_block->offset >= end) {
2892 next = MIN(next, next_block->offset);
2893 }
2894 }
2895 if (next - end >= size && next - end < mingap) {
2896 offset = end;
2897 mingap = next - end;
2898 }
2899 }
2900 return offset;
2901}
2902
2903static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2904{
2905 RAMBlock *block;
2906 ram_addr_t last = 0;
2907
2908 QLIST_FOREACH(block, &ram_list.blocks, next)
2909 last = MAX(last, block->offset + block->length);
2910
2911 return last;
2912}
2913
84b89d78 2914ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
6977dfe6 2915 ram_addr_t size, void *host)
84b89d78
CM		 2916{
2917 RAMBlock *new_block, *block;
2918
2919 size = TARGET_PAGE_ALIGN(size);
7267c094 2920 new_block = g_malloc0(sizeof(*new_block));
84b89d78
CM		 2921
2922 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2923 char *id = dev->parent_bus->info->get_dev_path(dev);
2924 if (id) {
2925 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2926 g_free(id);
84b89d78
CM		 2927 }
2928 }
2929 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2930
2931 QLIST_FOREACH(block, &ram_list.blocks, next) {
2932 if (!strcmp(block->idstr, new_block->idstr)) {
2933 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2934 new_block->idstr);
2935 abort();
2936 }
2937 }
2938
432d268c 2939 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2940 if (host) {
2941 new_block->host = host;
cd19cfa2 2942 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2943 } else {
2944 if (mem_path) {
c902760f 2945#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2946 new_block->host = file_ram_alloc(new_block, size, mem_path);
2947 if (!new_block->host) {
2948 new_block->host = qemu_vmalloc(size);
e78815a5 2949 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2950 }
c902760f 2951#else
6977dfe6
YT		 2952 fprintf(stderr, "-mem-path option unsupported\n");
2953 exit(1);
c902760f 2954#endif
6977dfe6 2955 } else {
6b02494d 2956#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2957 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2958 an system defined value, which is at least 256GB. Larger systems
2959 have larger values. We put the guest between the end of data
2960 segment (system break) and this value. We use 32GB as a base to
2961 have enough room for the system break to grow. */
2962 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2963 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2964 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2965 if (new_block->host == MAP_FAILED) {
2966 fprintf(stderr, "Allocating RAM failed\n");
2967 abort();
2968 }
6b02494d 2969#else
868bb33f 2970 if (xen_enabled()) {
432d268c
JN		 2971 xen_ram_alloc(new_block->offset, size);
2972 } else {
2973 new_block->host = qemu_vmalloc(size);
2974 }
6b02494d 2975#endif
e78815a5 2976 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2977 }
c902760f 2978 }
94a6b54f
PB		 2979 new_block->length = size;
2980
f471a17e 2981 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2982
7267c094 2983 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2984 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2985 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2986 0xff, size >> TARGET_PAGE_BITS);
2987
6f0437e8
JK		 2988 if (kvm_enabled())
2989 kvm_setup_guest_memory(new_block->host, size);
2990
94a6b54f
PB		 2991 return new_block->offset;
2992}
e9a1ab19 2993
6977dfe6
YT		 2994ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size)
2995{
2996 return qemu_ram_alloc_from_ptr(dev, name, size, NULL);
2997}
2998
1f2e98b6
AW		 2999void qemu_ram_free_from_ptr(ram_addr_t addr)
3000{
3001 RAMBlock *block;
3002
3003 QLIST_FOREACH(block, &ram_list.blocks, next) {
3004 if (addr == block->offset) {
3005 QLIST_REMOVE(block, next);
7267c094 3006 g_free(block);
1f2e98b6
AW		 3007 return;
3008 }
3009 }
3010}
3011
c227f099 3012void qemu_ram_free(ram_addr_t addr)
e9a1ab19 3013{
04b16653
AW		 3014 RAMBlock *block;
3015
3016 QLIST_FOREACH(block, &ram_list.blocks, next) {
3017 if (addr == block->offset) {
3018 QLIST_REMOVE(block, next);
cd19cfa2
HY		 3019 if (block->flags & RAM_PREALLOC_MASK) {
3020 ;
3021 } else if (mem_path) {
04b16653
AW		 3022#if defined (__linux__) && !defined(TARGET_S390X)
3023 if (block->fd) {
3024 munmap(block->host, block->length);
3025 close(block->fd);
3026 } else {
3027 qemu_vfree(block->host);
3028 }
fd28aa13
JK		 3029#else
3030 abort();
04b16653
AW		 3031#endif
3032 } else {
3033#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3034 munmap(block->host, block->length);
3035#else
868bb33f 3036 if (xen_enabled()) {
e41d7c69 3037 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 3038 } else {
3039 qemu_vfree(block->host);
3040 }
04b16653
AW		 3041#endif
3042 }
7267c094 3043 g_free(block);
04b16653
AW		 3044 return;
3045 }
3046 }
3047
e9a1ab19
FB		 3048}
3049
cd19cfa2
HY		 3050#ifndef _WIN32
3051void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3052{
3053 RAMBlock *block;
3054 ram_addr_t offset;
3055 int flags;
3056 void *area, *vaddr;
3057
3058 QLIST_FOREACH(block, &ram_list.blocks, next) {
3059 offset = addr - block->offset;
3060 if (offset < block->length) {
3061 vaddr = block->host + offset;
3062 if (block->flags & RAM_PREALLOC_MASK) {
3063 ;
3064 } else {
3065 flags = MAP_FIXED;
3066 munmap(vaddr, length);
3067 if (mem_path) {
3068#if defined(__linux__) && !defined(TARGET_S390X)
3069 if (block->fd) {
3070#ifdef MAP_POPULATE
3071 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3072 MAP_PRIVATE;
3073#else
3074 flags |= MAP_PRIVATE;
3075#endif
3076 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3077 flags, block->fd, offset);
3078 } else {
3079 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3080 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3081 flags, -1, 0);
3082 }
fd28aa13
JK		 3083#else
3084 abort();
cd19cfa2
HY		 3085#endif
3086 } else {
3087#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3088 flags |= MAP_SHARED | MAP_ANONYMOUS;
3089 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3090 flags, -1, 0);
3091#else
3092 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3093 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3094 flags, -1, 0);
3095#endif
3096 }
3097 if (area != vaddr) {
f15fbc4b
AP		 3098 fprintf(stderr, "Could not remap addr: "
3099 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3100 length, addr);
3101 exit(1);
3102 }
3103 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3104 }
3105 return;
3106 }
3107 }
3108}
3109#endif /* !_WIN32 */
3110
dc828ca1 3111/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3112 With the exception of the softmmu code in this file, this should
3113 only be used for local memory (e.g. video ram) that the device owns,
3114 and knows it isn't going to access beyond the end of the block.
3115
3116 It should not be used for general purpose DMA.
3117 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3118 */
c227f099 3119void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3120{
94a6b54f
PB		 3121 RAMBlock *block;
3122
f471a17e
AW		 3123 QLIST_FOREACH(block, &ram_list.blocks, next) {
3124 if (addr - block->offset < block->length) {
7d82af38
VP		 3125 /* Move this entry to to start of the list. */
3126 if (block != QLIST_FIRST(&ram_list.blocks)) {
3127 QLIST_REMOVE(block, next);
3128 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3129 }
868bb33f 3130 if (xen_enabled()) {
432d268c
JN		 3131 /* We need to check if the requested address is in the RAM
3132 * because we don't want to map the entire memory in QEMU.
712c2b41 3133 * In that case just map until the end of the page.
432d268c
JN		 3134 */
3135 if (block->offset == 0) {
e41d7c69 3136 return xen_map_cache(addr, 0, 0);
432d268c 3137 } else if (block->host == NULL) {
e41d7c69
JK		 3138 block->host =
3139 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3140 }
3141 }
f471a17e
AW		 3142 return block->host + (addr - block->offset);
3143 }
94a6b54f 3144 }
f471a17e
AW		 3145
3146 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3147 abort();
3148
3149 return NULL;
dc828ca1
PB		 3150}
3151
b2e0a138
MT		 3152/* Return a host pointer to ram allocated with qemu_ram_alloc.
3153 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3154 */
3155void *qemu_safe_ram_ptr(ram_addr_t addr)
3156{
3157 RAMBlock *block;
3158
3159 QLIST_FOREACH(block, &ram_list.blocks, next) {
3160 if (addr - block->offset < block->length) {
868bb33f 3161 if (xen_enabled()) {
432d268c
JN		 3162 /* We need to check if the requested address is in the RAM
3163 * because we don't want to map the entire memory in QEMU.
712c2b41 3164 * In that case just map until the end of the page.
432d268c
JN		 3165 */
3166 if (block->offset == 0) {
e41d7c69 3167 return xen_map_cache(addr, 0, 0);
432d268c 3168 } else if (block->host == NULL) {
e41d7c69
JK		 3169 block->host =
3170 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3171 }
3172 }
b2e0a138
MT		 3173 return block->host + (addr - block->offset);
3174 }
3175 }
3176
3177 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3178 abort();
3179
3180 return NULL;
3181}
3182
38bee5dc
SS		 3183/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3184 * but takes a size argument */
8ab934f9 3185void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3186{
8ab934f9
SS		 3187 if (*size == 0) {
3188 return NULL;
3189 }
868bb33f 3190 if (xen_enabled()) {
e41d7c69 3191 return xen_map_cache(addr, *size, 1);
868bb33f 3192 } else {
38bee5dc
SS		 3193 RAMBlock *block;
3194
3195 QLIST_FOREACH(block, &ram_list.blocks, next) {
3196 if (addr - block->offset < block->length) {
3197 if (addr - block->offset + *size > block->length)
3198 *size = block->length - addr + block->offset;
3199 return block->host + (addr - block->offset);
3200 }
3201 }
3202
3203 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3204 abort();
38bee5dc
SS		 3205 }
3206}
3207
050a0ddf
AP		 3208void qemu_put_ram_ptr(void *addr)
3209{
3210 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3211}
3212
e890261f 3213int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3214{
94a6b54f
PB		 3215 RAMBlock *block;
3216 uint8_t *host = ptr;
3217
868bb33f 3218 if (xen_enabled()) {
e41d7c69 3219 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3220 return 0;
3221 }
3222
f471a17e 3223 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3224 /* This case append when the block is not mapped. */
3225 if (block->host == NULL) {
3226 continue;
3227 }
f471a17e 3228 if (host - block->host < block->length) {
e890261f
MT		 3229 *ram_addr = block->offset + (host - block->host);
3230 return 0;
f471a17e 3231 }
94a6b54f 3232 }
432d268c 3233
e890261f
MT		 3234 return -1;
3235}
f471a17e 3236
e890261f
MT		 3237/* Some of the softmmu routines need to translate from a host pointer
3238 (typically a TLB entry) back to a ram offset. */
3239ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3240{
3241 ram_addr_t ram_addr;
f471a17e 3242
e890261f
MT		 3243 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3244 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3245 abort();
3246 }
3247 return ram_addr;
5579c7f3
PB		 3248}
3249
c227f099 3250static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
33417e70 3251{
67d3b957 3252#ifdef DEBUG_UNASSIGNED
ab3d1727 3253 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
b4f0a316 3254#endif
5b450407 3255#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3256 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 1);
e18231a3
BS		 3257#endif
3258 return 0;
3259}
3260
c227f099 3261static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
e18231a3
BS		 3262{
3263#ifdef DEBUG_UNASSIGNED
3264 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3265#endif
5b450407 3266#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3267 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 2);
e18231a3
BS		 3268#endif
3269 return 0;
3270}
3271
c227f099 3272static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
e18231a3
BS		 3273{
3274#ifdef DEBUG_UNASSIGNED
3275 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3276#endif
5b450407 3277#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3278 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 4);
67d3b957 3279#endif
33417e70
FB		 3280 return 0;
3281}
3282
c227f099 3283static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
33417e70 3284{
67d3b957 3285#ifdef DEBUG_UNASSIGNED
ab3d1727 3286 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
67d3b957 3287#endif
5b450407 3288#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3289 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 1);
e18231a3
BS		 3290#endif
3291}
3292
c227f099 3293static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
e18231a3
BS		 3294{
3295#ifdef DEBUG_UNASSIGNED
3296 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3297#endif
5b450407 3298#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3299 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 2);
e18231a3
BS		 3300#endif
3301}
3302
c227f099 3303static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
e18231a3
BS		 3304{
3305#ifdef DEBUG_UNASSIGNED
3306 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3307#endif
5b450407 3308#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
b14ef7c9 3309 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 4);
b4f0a316 3310#endif
33417e70
FB		 3311}
3312
d60efc6b 3313static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
33417e70 3314 unassigned_mem_readb,
e18231a3
BS		 3315 unassigned_mem_readw,
3316 unassigned_mem_readl,
33417e70
FB		 3317};
3318
d60efc6b 3319static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
33417e70 3320 unassigned_mem_writeb,
e18231a3
BS		 3321 unassigned_mem_writew,
3322 unassigned_mem_writel,
33417e70
FB		 3323};
3324
c227f099 3325static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
0f459d16 3326 uint32_t val)
9fa3e853 3327{
3a7d929e 3328 int dirty_flags;
f7c11b53 3329 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3330 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3331#if !defined(CONFIG_USER_ONLY)
3a7d929e 3332 tb_invalidate_phys_page_fast(ram_addr, 1);
f7c11b53 3333 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3334#endif
3a7d929e 3335 }
5579c7f3 3336 stb_p(qemu_get_ram_ptr(ram_addr), val);
f23db169 3337 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3338 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3339 /* we remove the notdirty callback only if the code has been
3340 flushed */
3341 if (dirty_flags == 0xff)
2e70f6ef 3342 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3343}
3344
c227f099 3345static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
0f459d16 3346 uint32_t val)
9fa3e853 3347{
3a7d929e 3348 int dirty_flags;
f7c11b53 3349 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3350 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3351#if !defined(CONFIG_USER_ONLY)
3a7d929e 3352 tb_invalidate_phys_page_fast(ram_addr, 2);
f7c11b53 3353 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3354#endif
3a7d929e 3355 }
5579c7f3 3356 stw_p(qemu_get_ram_ptr(ram_addr), val);
f23db169 3357 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3358 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3359 /* we remove the notdirty callback only if the code has been
3360 flushed */
3361 if (dirty_flags == 0xff)
2e70f6ef 3362 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3363}
3364
c227f099 3365static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
0f459d16 3366 uint32_t val)
9fa3e853 3367{
3a7d929e 3368 int dirty_flags;
f7c11b53 3369 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3370 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3371#if !defined(CONFIG_USER_ONLY)
3a7d929e 3372 tb_invalidate_phys_page_fast(ram_addr, 4);
f7c11b53 3373 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3374#endif
3a7d929e 3375 }
5579c7f3 3376 stl_p(qemu_get_ram_ptr(ram_addr), val);
f23db169 3377 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3378 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3379 /* we remove the notdirty callback only if the code has been
3380 flushed */
3381 if (dirty_flags == 0xff)
2e70f6ef 3382 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3383}
3384
d60efc6b 3385static CPUReadMemoryFunc * const error_mem_read[3] = {
9fa3e853
FB		 3386 NULL, /* never used */
3387 NULL, /* never used */
3388 NULL, /* never used */
3389};
3390
d60efc6b 3391static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
1ccde1cb
FB		 3392 notdirty_mem_writeb,
3393 notdirty_mem_writew,
3394 notdirty_mem_writel,
3395};
3396
0f459d16 3397/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3398static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3399{
3400 CPUState *env = cpu_single_env;
06d55cc1
AL		 3401 target_ulong pc, cs_base;
3402 TranslationBlock *tb;
0f459d16 3403 target_ulong vaddr;
a1d1bb31 3404 CPUWatchpoint *wp;
06d55cc1 3405 int cpu_flags;
0f459d16 3406
06d55cc1
AL		 3407 if (env->watchpoint_hit) {
3408 /* We re-entered the check after replacing the TB. Now raise
3409 * the debug interrupt so that is will trigger after the
3410 * current instruction. */
3411 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3412 return;
3413 }
2e70f6ef 3414 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3415 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3416 if ((vaddr == (wp->vaddr & len_mask) ||
3417 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3418 wp->flags |= BP_WATCHPOINT_HIT;
3419 if (!env->watchpoint_hit) {
3420 env->watchpoint_hit = wp;
3421 tb = tb_find_pc(env->mem_io_pc);
3422 if (!tb) {
3423 cpu_abort(env, "check_watchpoint: could not find TB for "
3424 "pc=%p", (void *)env->mem_io_pc);
3425 }
618ba8e6 3426 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3427 tb_phys_invalidate(tb, -1);
3428 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3429 env->exception_index = EXCP_DEBUG;
3430 } else {
3431 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3432 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3433 }
3434 cpu_resume_from_signal(env, NULL);
06d55cc1 3435 }
6e140f28
AL		 3436 } else {
3437 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3438 }
3439 }
3440}
3441
6658ffb8
PB		 3442/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3443 so these check for a hit then pass through to the normal out-of-line
3444 phys routines. */
c227f099 3445static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
6658ffb8 3446{
b4051334 3447 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
6658ffb8
PB		 3448 return ldub_phys(addr);
3449}
3450
c227f099 3451static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
6658ffb8 3452{
b4051334 3453 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
6658ffb8
PB		 3454 return lduw_phys(addr);
3455}
3456
c227f099 3457static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
6658ffb8 3458{
b4051334 3459 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
6658ffb8
PB		 3460 return ldl_phys(addr);
3461}
3462
c227f099 3463static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
6658ffb8
PB		 3464 uint32_t val)
3465{
b4051334 3466 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
6658ffb8
PB		 3467 stb_phys(addr, val);
3468}
3469
c227f099 3470static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
6658ffb8
PB		 3471 uint32_t val)
3472{
b4051334 3473 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
6658ffb8
PB		 3474 stw_phys(addr, val);
3475}
3476
c227f099 3477static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
6658ffb8
PB		 3478 uint32_t val)
3479{
b4051334 3480 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
6658ffb8
PB		 3481 stl_phys(addr, val);
3482}
3483
d60efc6b 3484static CPUReadMemoryFunc * const watch_mem_read[3] = {
6658ffb8
PB		 3485 watch_mem_readb,
3486 watch_mem_readw,
3487 watch_mem_readl,
3488};
3489
d60efc6b 3490static CPUWriteMemoryFunc * const watch_mem_write[3] = {
6658ffb8
PB		 3491 watch_mem_writeb,
3492 watch_mem_writew,
3493 watch_mem_writel,
3494};
6658ffb8 3495
f6405247
RH		 3496static inline uint32_t subpage_readlen (subpage_t *mmio,
3497 target_phys_addr_t addr,
3498 unsigned int len)
db7b5426 3499{
f6405247 3500 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426
BS		 3501#if defined(DEBUG_SUBPAGE)
3502 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3503 mmio, len, addr, idx);
3504#endif
db7b5426 3505
f6405247
RH		 3506 addr += mmio->region_offset[idx];
3507 idx = mmio->sub_io_index[idx];
3508 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
db7b5426
BS		 3509}
3510
c227f099 3511static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
f6405247 3512 uint32_t value, unsigned int len)
db7b5426 3513{
f6405247 3514 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426 3515#if defined(DEBUG_SUBPAGE)
f6405247
RH		 3516 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3517 __func__, mmio, len, addr, idx, value);
db7b5426 3518#endif
f6405247
RH		 3519
3520 addr += mmio->region_offset[idx];
3521 idx = mmio->sub_io_index[idx];
3522 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
db7b5426
BS		 3523}
3524
c227f099 3525static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
db7b5426 3526{
db7b5426
BS		 3527 return subpage_readlen(opaque, addr, 0);
3528}
3529
c227f099 3530static void subpage_writeb (void *opaque, target_phys_addr_t addr,
db7b5426
BS		 3531 uint32_t value)
3532{
db7b5426
BS		 3533 subpage_writelen(opaque, addr, value, 0);
3534}
3535
c227f099 3536static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
db7b5426 3537{
db7b5426
BS		 3538 return subpage_readlen(opaque, addr, 1);
3539}
3540
c227f099 3541static void subpage_writew (void *opaque, target_phys_addr_t addr,
db7b5426
BS		 3542 uint32_t value)
3543{
db7b5426
BS		 3544 subpage_writelen(opaque, addr, value, 1);
3545}
3546
c227f099 3547static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
db7b5426 3548{
db7b5426
BS		 3549 return subpage_readlen(opaque, addr, 2);
3550}
3551
f6405247
RH		 3552static void subpage_writel (void *opaque, target_phys_addr_t addr,
3553 uint32_t value)
db7b5426 3554{
db7b5426
BS		 3555 subpage_writelen(opaque, addr, value, 2);
3556}
3557
d60efc6b 3558static CPUReadMemoryFunc * const subpage_read[] = {
db7b5426
BS		 3559 &subpage_readb,
3560 &subpage_readw,
3561 &subpage_readl,
3562};
3563
d60efc6b 3564static CPUWriteMemoryFunc * const subpage_write[] = {
db7b5426
BS		 3565 &subpage_writeb,
3566 &subpage_writew,
3567 &subpage_writel,
3568};
3569
c227f099
AL		 3570static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3571 ram_addr_t memory, ram_addr_t region_offset)
db7b5426
BS		 3572{
3573 int idx, eidx;
3574
3575 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3576 return -1;
3577 idx = SUBPAGE_IDX(start);
3578 eidx = SUBPAGE_IDX(end);
3579#if defined(DEBUG_SUBPAGE)
0bf9e31a 3580 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3581 mmio, start, end, idx, eidx, memory);
3582#endif
95c318f5
GN		 3583 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
3584 memory = IO_MEM_UNASSIGNED;
f6405247 3585 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
db7b5426 3586 for (; idx <= eidx; idx++) {
f6405247
RH		 3587 mmio->sub_io_index[idx] = memory;
3588 mmio->region_offset[idx] = region_offset;
db7b5426
BS		 3589 }
3590
3591 return 0;
3592}
3593
f6405247
RH		 3594static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3595 ram_addr_t orig_memory,
3596 ram_addr_t region_offset)
db7b5426 3597{
c227f099 3598 subpage_t *mmio;
db7b5426
BS		 3599 int subpage_memory;
3600
7267c094 3601 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3602
3603 mmio->base = base;
2507c12a
AG		 3604 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio,
3605 DEVICE_NATIVE_ENDIAN);
db7b5426 3606#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3607 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3608 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3609#endif
1eec614b 3610 *phys = subpage_memory | IO_MEM_SUBPAGE;
f6405247 3611 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
db7b5426
BS		 3612
3613 return mmio;
3614}
3615
88715657
AL		 3616static int get_free_io_mem_idx(void)
3617{
3618 int i;
3619
3620 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3621 if (!io_mem_used[i]) {
3622 io_mem_used[i] = 1;
3623 return i;
3624 }
c6703b47 3625 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3626 return -1;
3627}
3628
dd310534
AG		 3629/*
3630 * Usually, devices operate in little endian mode. There are devices out
3631 * there that operate in big endian too. Each device gets byte swapped
3632 * mmio if plugged onto a CPU that does the other endianness.
3633 *
3634 * CPU Device swap?
3635 *
3636 * little little no
3637 * little big yes
3638 * big little yes
3639 * big big no
3640 */
3641
3642typedef struct SwapEndianContainer {
3643 CPUReadMemoryFunc *read[3];
3644 CPUWriteMemoryFunc *write[3];
3645 void *opaque;
3646} SwapEndianContainer;
3647
3648static uint32_t swapendian_mem_readb (void *opaque, target_phys_addr_t addr)
3649{
3650 uint32_t val;
3651 SwapEndianContainer *c = opaque;
3652 val = c->read[0](c->opaque, addr);
3653 return val;
3654}
3655
3656static uint32_t swapendian_mem_readw(void *opaque, target_phys_addr_t addr)
3657{
3658 uint32_t val;
3659 SwapEndianContainer *c = opaque;
3660 val = bswap16(c->read[1](c->opaque, addr));
3661 return val;
3662}
3663
3664static uint32_t swapendian_mem_readl(void *opaque, target_phys_addr_t addr)
3665{
3666 uint32_t val;
3667 SwapEndianContainer *c = opaque;
3668 val = bswap32(c->read[2](c->opaque, addr));
3669 return val;
3670}
3671
3672static CPUReadMemoryFunc * const swapendian_readfn[3]={
3673 swapendian_mem_readb,
3674 swapendian_mem_readw,
3675 swapendian_mem_readl
3676};
3677
3678static void swapendian_mem_writeb(void *opaque, target_phys_addr_t addr,
3679 uint32_t val)
3680{
3681 SwapEndianContainer *c = opaque;
3682 c->write[0](c->opaque, addr, val);
3683}
3684
3685static void swapendian_mem_writew(void *opaque, target_phys_addr_t addr,
3686 uint32_t val)
3687{
3688 SwapEndianContainer *c = opaque;
3689 c->write[1](c->opaque, addr, bswap16(val));
3690}
3691
3692static void swapendian_mem_writel(void *opaque, target_phys_addr_t addr,
3693 uint32_t val)
3694{
3695 SwapEndianContainer *c = opaque;
3696 c->write[2](c->opaque, addr, bswap32(val));
3697}
3698
3699static CPUWriteMemoryFunc * const swapendian_writefn[3]={
3700 swapendian_mem_writeb,
3701 swapendian_mem_writew,
3702 swapendian_mem_writel
3703};
3704
3705static void swapendian_init(int io_index)
3706{
7267c094 3707 SwapEndianContainer *c = g_malloc(sizeof(SwapEndianContainer));
dd310534
AG		 3708 int i;
3709
3710 /* Swap mmio for big endian targets */
3711 c->opaque = io_mem_opaque[io_index];
3712 for (i = 0; i < 3; i++) {
3713 c->read[i] = io_mem_read[io_index][i];
3714 c->write[i] = io_mem_write[io_index][i];
3715
3716 io_mem_read[io_index][i] = swapendian_readfn[i];
3717 io_mem_write[io_index][i] = swapendian_writefn[i];
3718 }
3719 io_mem_opaque[io_index] = c;
3720}
3721
3722static void swapendian_del(int io_index)
3723{
3724 if (io_mem_read[io_index][0] == swapendian_readfn[0]) {
7267c094 3725 g_free(io_mem_opaque[io_index]);
dd310534
AG		 3726 }
3727}
3728
33417e70
FB		 3729/* mem_read and mem_write are arrays of functions containing the
3730 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3731 2). Functions can be omitted with a NULL function pointer.
3ee89922 3732 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3733 modified. If it is zero, a new io zone is allocated. The return
3734 value can be used with cpu_register_physical_memory(). (-1) is
3735 returned if error. */
1eed09cb 3736static int cpu_register_io_memory_fixed(int io_index,
d60efc6b
BS		 3737 CPUReadMemoryFunc * const *mem_read,
3738 CPUWriteMemoryFunc * const *mem_write,
dd310534 3739 void *opaque, enum device_endian endian)
33417e70 3740{
3cab721d
RH		 3741 int i;
3742
33417e70 3743 if (io_index <= 0) {
88715657
AL		 3744 io_index = get_free_io_mem_idx();
3745 if (io_index == -1)
3746 return io_index;
33417e70 3747 } else {
1eed09cb 3748 io_index >>= IO_MEM_SHIFT;
33417e70
FB		 3749 if (io_index >= IO_MEM_NB_ENTRIES)
3750 return -1;
3751 }
b5ff1b31 3752
3cab721d
RH		 3753 for (i = 0; i < 3; ++i) {
3754 io_mem_read[io_index][i]
3755 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3756 }
3757 for (i = 0; i < 3; ++i) {
3758 io_mem_write[io_index][i]
3759 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3760 }
a4193c8a 3761 io_mem_opaque[io_index] = opaque;
f6405247 3762
dd310534
AG		 3763 switch (endian) {
3764 case DEVICE_BIG_ENDIAN:
3765#ifndef TARGET_WORDS_BIGENDIAN
3766 swapendian_init(io_index);
3767#endif
3768 break;
3769 case DEVICE_LITTLE_ENDIAN:
3770#ifdef TARGET_WORDS_BIGENDIAN
3771 swapendian_init(io_index);
3772#endif
3773 break;
3774 case DEVICE_NATIVE_ENDIAN:
3775 default:
3776 break;
3777 }
3778
f6405247 3779 return (io_index << IO_MEM_SHIFT);
33417e70 3780}
61382a50 3781
d60efc6b
BS		 3782int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3783 CPUWriteMemoryFunc * const *mem_write,
dd310534 3784 void *opaque, enum device_endian endian)
1eed09cb 3785{
2507c12a 3786 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque, endian);
1eed09cb
AK		 3787}
3788
88715657
AL		 3789void cpu_unregister_io_memory(int io_table_address)
3790{
3791 int i;
3792 int io_index = io_table_address >> IO_MEM_SHIFT;
3793
dd310534
AG		 3794 swapendian_del(io_index);
3795
88715657
AL		 3796 for (i=0;i < 3; i++) {
3797 io_mem_read[io_index][i] = unassigned_mem_read[i];
3798 io_mem_write[io_index][i] = unassigned_mem_write[i];
3799 }
3800 io_mem_opaque[io_index] = NULL;
3801 io_mem_used[io_index] = 0;
3802}
3803
e9179ce1
AK		 3804static void io_mem_init(void)
3805{
3806 int i;
3807
2507c12a
AG		 3808 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read,
3809 unassigned_mem_write, NULL,
3810 DEVICE_NATIVE_ENDIAN);
3811 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read,
3812 unassigned_mem_write, NULL,
3813 DEVICE_NATIVE_ENDIAN);
3814 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read,
3815 notdirty_mem_write, NULL,
3816 DEVICE_NATIVE_ENDIAN);
e9179ce1
AK		 3817 for (i=0; i<5; i++)
3818 io_mem_used[i] = 1;
3819
3820 io_mem_watch = cpu_register_io_memory(watch_mem_read,
2507c12a
AG		 3821 watch_mem_write, NULL,
3822 DEVICE_NATIVE_ENDIAN);
e9179ce1
AK		 3823}
3824
62152b8a
AK		 3825static void memory_map_init(void)
3826{
7267c094 3827 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3828 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3829 set_system_memory_map(system_memory);
309cb471 3830
7267c094 3831 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3832 memory_region_init(system_io, "io", 65536);
3833 set_system_io_map(system_io);
62152b8a
AK		 3834}
3835
3836MemoryRegion *get_system_memory(void)
3837{
3838 return system_memory;
3839}
3840
309cb471
AK		 3841MemoryRegion *get_system_io(void)
3842{
3843 return system_io;
3844}
3845
e2eef170
PB		 3846#endif /* !defined(CONFIG_USER_ONLY) */
3847
13eb76e0
FB		 3848/* physical memory access (slow version, mainly for debug) */
3849#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3850int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3851 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3852{
3853 int l, flags;
3854 target_ulong page;
53a5960a 3855 void * p;
13eb76e0
FB		 3856
3857 while (len > 0) {
3858 page = addr & TARGET_PAGE_MASK;
3859 l = (page + TARGET_PAGE_SIZE) - addr;
3860 if (l > len)
3861 l = len;
3862 flags = page_get_flags(page);
3863 if (!(flags & PAGE_VALID))
a68fe89c 3864 return -1;
13eb76e0
FB		 3865 if (is_write) {
3866 if (!(flags & PAGE_WRITE))
a68fe89c 3867 return -1;
579a97f7 3868 /* XXX: this code should not depend on lock_user */
72fb7daa 3869 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3870 return -1;
72fb7daa
AJ		 3871 memcpy(p, buf, l);
3872 unlock_user(p, addr, l);
13eb76e0
FB		 3873 } else {
3874 if (!(flags & PAGE_READ))
a68fe89c 3875 return -1;
579a97f7 3876 /* XXX: this code should not depend on lock_user */
72fb7daa 3877 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3878 return -1;
72fb7daa 3879 memcpy(buf, p, l);
5b257578 3880 unlock_user(p, addr, 0);
13eb76e0
FB		 3881 }
3882 len -= l;
3883 buf += l;
3884 addr += l;
3885 }
a68fe89c 3886 return 0;
13eb76e0 3887}
8df1cd07 3888
13eb76e0 3889#else
c227f099 3890void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3891 int len, int is_write)
3892{
3893 int l, io_index;
3894 uint8_t *ptr;
3895 uint32_t val;
c227f099 3896 target_phys_addr_t page;
8ca5692d 3897 ram_addr_t pd;
92e873b9 3898 PhysPageDesc *p;
3b46e624 3899
13eb76e0
FB		 3900 while (len > 0) {
3901 page = addr & TARGET_PAGE_MASK;
3902 l = (page + TARGET_PAGE_SIZE) - addr;
3903 if (l > len)
3904 l = len;
92e873b9 3905 p = phys_page_find(page >> TARGET_PAGE_BITS);
13eb76e0
FB		 3906 if (!p) {
3907 pd = IO_MEM_UNASSIGNED;
3908 } else {
3909 pd = p->phys_offset;
3910 }
3b46e624 3911
13eb76e0 3912 if (is_write) {
3a7d929e 3913 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
c227f099 3914 target_phys_addr_t addr1 = addr;
13eb76e0 3915 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18 3916 if (p)
6c2934db 3917 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
6a00d601
FB		 3918 /* XXX: could force cpu_single_env to NULL to avoid
3919 potential bugs */
6c2934db 3920 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3921 /* 32 bit write access */
c27004ec 3922 val = ldl_p(buf);
6c2934db 3923 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
13eb76e0 3924 l = 4;
6c2934db 3925 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3926 /* 16 bit write access */
c27004ec 3927 val = lduw_p(buf);
6c2934db 3928 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
13eb76e0
FB		 3929 l = 2;
3930 } else {
1c213d19 3931 /* 8 bit write access */
c27004ec 3932 val = ldub_p(buf);
6c2934db 3933 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
13eb76e0
FB		 3934 l = 1;
3935 }
3936 } else {
8ca5692d 3937 ram_addr_t addr1;
b448f2f3 3938 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3939 /* RAM case */
5579c7f3 3940 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3941 memcpy(ptr, buf, l);
3a7d929e
FB		 3942 if (!cpu_physical_memory_is_dirty(addr1)) {
3943 /* invalidate code */
3944 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3945 /* set dirty bit */
f7c11b53
YT		 3946 cpu_physical_memory_set_dirty_flags(
3947 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3948 }
050a0ddf 3949 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3950 }
3951 } else {
5fafdf24 3952 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2a4188a3 3953 !(pd & IO_MEM_ROMD)) {
c227f099 3954 target_phys_addr_t addr1 = addr;
13eb76e0
FB		 3955 /* I/O case */
3956 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18 3957 if (p)
6c2934db
AJ		 3958 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3959 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3960 /* 32 bit read access */
6c2934db 3961 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
c27004ec 3962 stl_p(buf, val);
13eb76e0 3963 l = 4;
6c2934db 3964 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3965 /* 16 bit read access */
6c2934db 3966 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
c27004ec 3967 stw_p(buf, val);
13eb76e0
FB		 3968 l = 2;
3969 } else {
1c213d19 3970 /* 8 bit read access */
6c2934db 3971 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
c27004ec 3972 stb_p(buf, val);
13eb76e0
FB		 3973 l = 1;
3974 }
3975 } else {
3976 /* RAM case */
050a0ddf
AP		 3977 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3978 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3979 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3980 }
3981 }
3982 len -= l;
3983 buf += l;
3984 addr += l;
3985 }
3986}
8df1cd07 3987
d0ecd2aa 3988/* used for ROM loading : can write in RAM and ROM */
c227f099 3989void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3990 const uint8_t *buf, int len)
3991{
3992 int l;
3993 uint8_t *ptr;
c227f099 3994 target_phys_addr_t page;
d0ecd2aa
FB		 3995 unsigned long pd;
3996 PhysPageDesc *p;
3b46e624 3997
d0ecd2aa
FB		 3998 while (len > 0) {
3999 page = addr & TARGET_PAGE_MASK;
4000 l = (page + TARGET_PAGE_SIZE) - addr;
4001 if (l > len)
4002 l = len;
4003 p = phys_page_find(page >> TARGET_PAGE_BITS);
4004 if (!p) {
4005 pd = IO_MEM_UNASSIGNED;
4006 } else {
4007 pd = p->phys_offset;
4008 }
3b46e624 4009
d0ecd2aa 4010 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2a4188a3
FB		 4011 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
4012 !(pd & IO_MEM_ROMD)) {
d0ecd2aa
FB		 4013 /* do nothing */
4014 } else {
4015 unsigned long addr1;
4016 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4017 /* ROM/RAM case */
5579c7f3 4018 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 4019 memcpy(ptr, buf, l);
050a0ddf 4020 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 4021 }
4022 len -= l;
4023 buf += l;
4024 addr += l;
4025 }
4026}
4027
6d16c2f8
AL		 4028typedef struct {
4029 void *buffer;
c227f099
AL		 4030 target_phys_addr_t addr;
4031 target_phys_addr_t len;
6d16c2f8
AL		 4032} BounceBuffer;
4033
4034static BounceBuffer bounce;
4035
ba223c29
AL		 4036typedef struct MapClient {
4037 void *opaque;
4038 void (*callback)(void *opaque);
72cf2d4f 4039 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 4040} MapClient;
4041
72cf2d4f
BS		 4042static QLIST_HEAD(map_client_list, MapClient) map_client_list
4043 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 4044
4045void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
4046{
7267c094 4047 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 4048
4049 client->opaque = opaque;
4050 client->callback = callback;
72cf2d4f 4051 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 4052 return client;
4053}
4054
4055void cpu_unregister_map_client(void *_client)
4056{
4057 MapClient *client = (MapClient *)_client;
4058
72cf2d4f 4059 QLIST_REMOVE(client, link);
7267c094 4060 g_free(client);
ba223c29
AL		 4061}
4062
4063static void cpu_notify_map_clients(void)
4064{
4065 MapClient *client;
4066
72cf2d4f
BS		 4067 while (!QLIST_EMPTY(&map_client_list)) {
4068 client = QLIST_FIRST(&map_client_list);
ba223c29 4069 client->callback(client->opaque);
34d5e948 4070 cpu_unregister_map_client(client);
ba223c29
AL		 4071 }
4072}
4073
6d16c2f8
AL		 4074/* Map a physical memory region into a host virtual address.
4075 * May map a subset of the requested range, given by and returned in *plen.
4076 * May return NULL if resources needed to perform the mapping are exhausted.
4077 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 4078 * Use cpu_register_map_client() to know when retrying the map operation is
4079 * likely to succeed.
6d16c2f8 4080 */
c227f099
AL		 4081void *cpu_physical_memory_map(target_phys_addr_t addr,
4082 target_phys_addr_t *plen,
6d16c2f8
AL		 4083 int is_write)
4084{
c227f099 4085 target_phys_addr_t len = *plen;
38bee5dc 4086 target_phys_addr_t todo = 0;
6d16c2f8 4087 int l;
c227f099 4088 target_phys_addr_t page;
6d16c2f8
AL		 4089 unsigned long pd;
4090 PhysPageDesc *p;
f15fbc4b 4091 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 4092 ram_addr_t rlen;
4093 void *ret;
6d16c2f8
AL		 4094
4095 while (len > 0) {
4096 page = addr & TARGET_PAGE_MASK;
4097 l = (page + TARGET_PAGE_SIZE) - addr;
4098 if (l > len)
4099 l = len;
4100 p = phys_page_find(page >> TARGET_PAGE_BITS);
4101 if (!p) {
4102 pd = IO_MEM_UNASSIGNED;
4103 } else {
4104 pd = p->phys_offset;
4105 }
4106
4107 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
38bee5dc 4108 if (todo || bounce.buffer) {
6d16c2f8
AL		 4109 break;
4110 }
4111 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4112 bounce.addr = addr;
4113 bounce.len = l;
4114 if (!is_write) {
54f7b4a3 4115 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 4116 }
38bee5dc
SS		 4117
4118 *plen = l;
4119 return bounce.buffer;
6d16c2f8 4120 }
8ab934f9
SS		 4121 if (!todo) {
4122 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4123 }
6d16c2f8
AL		 4124
4125 len -= l;
4126 addr += l;
38bee5dc 4127 todo += l;
6d16c2f8 4128 }
8ab934f9
SS		 4129 rlen = todo;
4130 ret = qemu_ram_ptr_length(raddr, &rlen);
4131 *plen = rlen;
4132 return ret;
6d16c2f8
AL		 4133}
4134
4135/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4136 * Will also mark the memory as dirty if is_write == 1. access_len gives
4137 * the amount of memory that was actually read or written by the caller.
4138 */
c227f099
AL		 4139void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4140 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4141{
4142 if (buffer != bounce.buffer) {
4143 if (is_write) {
e890261f 4144 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4145 while (access_len) {
4146 unsigned l;
4147 l = TARGET_PAGE_SIZE;
4148 if (l > access_len)
4149 l = access_len;
4150 if (!cpu_physical_memory_is_dirty(addr1)) {
4151 /* invalidate code */
4152 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4153 /* set dirty bit */
f7c11b53
YT		 4154 cpu_physical_memory_set_dirty_flags(
4155 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4156 }
4157 addr1 += l;
4158 access_len -= l;
4159 }
4160 }
868bb33f 4161 if (xen_enabled()) {
e41d7c69 4162 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4163 }
6d16c2f8
AL		 4164 return;
4165 }
4166 if (is_write) {
4167 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4168 }
f8a83245 4169 qemu_vfree(bounce.buffer);
6d16c2f8 4170 bounce.buffer = NULL;
ba223c29 4171 cpu_notify_map_clients();
6d16c2f8 4172}
d0ecd2aa 4173
8df1cd07 4174/* warning: addr must be aligned */
1e78bcc1
AG		 4175static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4176 enum device_endian endian)
8df1cd07
FB		 4177{
4178 int io_index;
4179 uint8_t *ptr;
4180 uint32_t val;
4181 unsigned long pd;
4182 PhysPageDesc *p;
4183
4184 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4185 if (!p) {
4186 pd = IO_MEM_UNASSIGNED;
4187 } else {
4188 pd = p->phys_offset;
4189 }
3b46e624 4190
5fafdf24 4191 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
2a4188a3 4192 !(pd & IO_MEM_ROMD)) {
8df1cd07
FB		 4193 /* I/O case */
4194 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4195 if (p)
4196 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
8df1cd07 4197 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
1e78bcc1
AG		 4198#if defined(TARGET_WORDS_BIGENDIAN)
4199 if (endian == DEVICE_LITTLE_ENDIAN) {
4200 val = bswap32(val);
4201 }
4202#else
4203 if (endian == DEVICE_BIG_ENDIAN) {
4204 val = bswap32(val);
4205 }
4206#endif
8df1cd07
FB		 4207 } else {
4208 /* RAM case */
5579c7f3 4209 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4210 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4211 switch (endian) {
4212 case DEVICE_LITTLE_ENDIAN:
4213 val = ldl_le_p(ptr);
4214 break;
4215 case DEVICE_BIG_ENDIAN:
4216 val = ldl_be_p(ptr);
4217 break;
4218 default:
4219 val = ldl_p(ptr);
4220 break;
4221 }
8df1cd07
FB		 4222 }
4223 return val;
4224}
4225
1e78bcc1
AG		 4226uint32_t ldl_phys(target_phys_addr_t addr)
4227{
4228 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4229}
4230
4231uint32_t ldl_le_phys(target_phys_addr_t addr)
4232{
4233 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4234}
4235
4236uint32_t ldl_be_phys(target_phys_addr_t addr)
4237{
4238 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4239}
4240
84b7b8e7 4241/* warning: addr must be aligned */
1e78bcc1
AG		 4242static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4243 enum device_endian endian)
84b7b8e7
FB		 4244{
4245 int io_index;
4246 uint8_t *ptr;
4247 uint64_t val;
4248 unsigned long pd;
4249 PhysPageDesc *p;
4250
4251 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4252 if (!p) {
4253 pd = IO_MEM_UNASSIGNED;
4254 } else {
4255 pd = p->phys_offset;
4256 }
3b46e624 4257
2a4188a3
FB		 4258 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4259 !(pd & IO_MEM_ROMD)) {
84b7b8e7
FB		 4260 /* I/O case */
4261 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4262 if (p)
4263 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
1e78bcc1
AG		 4264
4265 /* XXX This is broken when device endian != cpu endian.
4266 Fix and add "endian" variable check */
84b7b8e7
FB		 4267#ifdef TARGET_WORDS_BIGENDIAN
4268 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
4269 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
4270#else
4271 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4272 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
4273#endif
4274 } else {
4275 /* RAM case */
5579c7f3 4276 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4277 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4278 switch (endian) {
4279 case DEVICE_LITTLE_ENDIAN:
4280 val = ldq_le_p(ptr);
4281 break;
4282 case DEVICE_BIG_ENDIAN:
4283 val = ldq_be_p(ptr);
4284 break;
4285 default:
4286 val = ldq_p(ptr);
4287 break;
4288 }
84b7b8e7
FB		 4289 }
4290 return val;
4291}
4292
1e78bcc1
AG		 4293uint64_t ldq_phys(target_phys_addr_t addr)
4294{
4295 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4296}
4297
4298uint64_t ldq_le_phys(target_phys_addr_t addr)
4299{
4300 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4301}
4302
4303uint64_t ldq_be_phys(target_phys_addr_t addr)
4304{
4305 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4306}
4307
aab33094 4308/* XXX: optimize */
c227f099 4309uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4310{
4311 uint8_t val;
4312 cpu_physical_memory_read(addr, &val, 1);
4313 return val;
4314}
4315
733f0b02 4316/* warning: addr must be aligned */
1e78bcc1
AG		 4317static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4318 enum device_endian endian)
aab33094 4319{
733f0b02
MT		 4320 int io_index;
4321 uint8_t *ptr;
4322 uint64_t val;
4323 unsigned long pd;
4324 PhysPageDesc *p;
4325
4326 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4327 if (!p) {
4328 pd = IO_MEM_UNASSIGNED;
4329 } else {
4330 pd = p->phys_offset;
4331 }
4332
4333 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4334 !(pd & IO_MEM_ROMD)) {
4335 /* I/O case */
4336 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4337 if (p)
4338 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4339 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
1e78bcc1
AG		 4340#if defined(TARGET_WORDS_BIGENDIAN)
4341 if (endian == DEVICE_LITTLE_ENDIAN) {
4342 val = bswap16(val);
4343 }
4344#else
4345 if (endian == DEVICE_BIG_ENDIAN) {
4346 val = bswap16(val);
4347 }
4348#endif
733f0b02
MT		 4349 } else {
4350 /* RAM case */
4351 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4352 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4353 switch (endian) {
4354 case DEVICE_LITTLE_ENDIAN:
4355 val = lduw_le_p(ptr);
4356 break;
4357 case DEVICE_BIG_ENDIAN:
4358 val = lduw_be_p(ptr);
4359 break;
4360 default:
4361 val = lduw_p(ptr);
4362 break;
4363 }
733f0b02
MT		 4364 }
4365 return val;
aab33094
FB		 4366}
4367
1e78bcc1
AG		 4368uint32_t lduw_phys(target_phys_addr_t addr)
4369{
4370 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4371}
4372
4373uint32_t lduw_le_phys(target_phys_addr_t addr)
4374{
4375 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4376}
4377
4378uint32_t lduw_be_phys(target_phys_addr_t addr)
4379{
4380 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4381}
4382
8df1cd07
FB		 4383/* warning: addr must be aligned. The ram page is not masked as dirty
4384 and the code inside is not invalidated. It is useful if the dirty
4385 bits are used to track modified PTEs */
c227f099 4386void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4387{
4388 int io_index;
4389 uint8_t *ptr;
4390 unsigned long pd;
4391 PhysPageDesc *p;
4392
4393 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4394 if (!p) {
4395 pd = IO_MEM_UNASSIGNED;
4396 } else {
4397 pd = p->phys_offset;
4398 }
3b46e624 4399
3a7d929e 4400 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
8df1cd07 4401 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4402 if (p)
4403 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
8df1cd07
FB		 4404 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4405 } else {
74576198 4406 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4407 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4408 stl_p(ptr, val);
74576198
AL		 4409
4410 if (unlikely(in_migration)) {
4411 if (!cpu_physical_memory_is_dirty(addr1)) {
4412 /* invalidate code */
4413 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4414 /* set dirty bit */
f7c11b53
YT		 4415 cpu_physical_memory_set_dirty_flags(
4416 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4417 }
4418 }
8df1cd07
FB		 4419 }
4420}
4421
c227f099 4422void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4423{
4424 int io_index;
4425 uint8_t *ptr;
4426 unsigned long pd;
4427 PhysPageDesc *p;
4428
4429 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4430 if (!p) {
4431 pd = IO_MEM_UNASSIGNED;
4432 } else {
4433 pd = p->phys_offset;
4434 }
3b46e624 4435
bc98a7ef
JM		 4436 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4437 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4438 if (p)
4439 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
bc98a7ef
JM		 4440#ifdef TARGET_WORDS_BIGENDIAN
4441 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
4442 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
4443#else
4444 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4445 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
4446#endif
4447 } else {
5579c7f3 4448 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4449 (addr & ~TARGET_PAGE_MASK);
4450 stq_p(ptr, val);
4451 }
4452}
4453
8df1cd07 4454/* warning: addr must be aligned */
1e78bcc1
AG		 4455static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4456 enum device_endian endian)
8df1cd07
FB		 4457{
4458 int io_index;
4459 uint8_t *ptr;
4460 unsigned long pd;
4461 PhysPageDesc *p;
4462
4463 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4464 if (!p) {
4465 pd = IO_MEM_UNASSIGNED;
4466 } else {
4467 pd = p->phys_offset;
4468 }
3b46e624 4469
3a7d929e 4470 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
8df1cd07 4471 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
8da3ff18
PB		 4472 if (p)
4473 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
1e78bcc1
AG		 4474#if defined(TARGET_WORDS_BIGENDIAN)
4475 if (endian == DEVICE_LITTLE_ENDIAN) {
4476 val = bswap32(val);
4477 }
4478#else
4479 if (endian == DEVICE_BIG_ENDIAN) {
4480 val = bswap32(val);
4481 }
4482#endif
8df1cd07
FB		 4483 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4484 } else {
4485 unsigned long addr1;
4486 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4487 /* RAM case */
5579c7f3 4488 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4489 switch (endian) {
4490 case DEVICE_LITTLE_ENDIAN:
4491 stl_le_p(ptr, val);
4492 break;
4493 case DEVICE_BIG_ENDIAN:
4494 stl_be_p(ptr, val);
4495 break;
4496 default:
4497 stl_p(ptr, val);
4498 break;
4499 }
3a7d929e
FB		 4500 if (!cpu_physical_memory_is_dirty(addr1)) {
4501 /* invalidate code */
4502 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4503 /* set dirty bit */
f7c11b53
YT		 4504 cpu_physical_memory_set_dirty_flags(addr1,
4505 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4506 }
8df1cd07
FB		 4507 }
4508}
4509
1e78bcc1
AG		 4510void stl_phys(target_phys_addr_t addr, uint32_t val)
4511{
4512 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4513}
4514
4515void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4516{
4517 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4518}
4519
4520void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4521{
4522 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4523}
4524
aab33094 4525/* XXX: optimize */
c227f099 4526void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4527{
4528 uint8_t v = val;
4529 cpu_physical_memory_write(addr, &v, 1);
4530}
4531
733f0b02 4532/* warning: addr must be aligned */
1e78bcc1
AG		 4533static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4534 enum device_endian endian)
aab33094 4535{
733f0b02
MT		 4536 int io_index;
4537 uint8_t *ptr;
4538 unsigned long pd;
4539 PhysPageDesc *p;
4540
4541 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4542 if (!p) {
4543 pd = IO_MEM_UNASSIGNED;
4544 } else {
4545 pd = p->phys_offset;
4546 }
4547
4548 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4549 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4550 if (p)
4551 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
1e78bcc1
AG		 4552#if defined(TARGET_WORDS_BIGENDIAN)
4553 if (endian == DEVICE_LITTLE_ENDIAN) {
4554 val = bswap16(val);
4555 }
4556#else
4557 if (endian == DEVICE_BIG_ENDIAN) {
4558 val = bswap16(val);
4559 }
4560#endif
733f0b02
MT		 4561 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4562 } else {
4563 unsigned long addr1;
4564 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4565 /* RAM case */
4566 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4567 switch (endian) {
4568 case DEVICE_LITTLE_ENDIAN:
4569 stw_le_p(ptr, val);
4570 break;
4571 case DEVICE_BIG_ENDIAN:
4572 stw_be_p(ptr, val);
4573 break;
4574 default:
4575 stw_p(ptr, val);
4576 break;
4577 }
733f0b02
MT		 4578 if (!cpu_physical_memory_is_dirty(addr1)) {
4579 /* invalidate code */
4580 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4581 /* set dirty bit */
4582 cpu_physical_memory_set_dirty_flags(addr1,
4583 (0xff & ~CODE_DIRTY_FLAG));
4584 }
4585 }
aab33094
FB		 4586}
4587
1e78bcc1
AG		 4588void stw_phys(target_phys_addr_t addr, uint32_t val)
4589{
4590 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4591}
4592
4593void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4594{
4595 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4596}
4597
4598void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4599{
4600 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4601}
4602
aab33094 4603/* XXX: optimize */
c227f099 4604void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4605{
4606 val = tswap64(val);
71d2b725 4607 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4608}
4609
1e78bcc1
AG		 4610void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4611{
4612 val = cpu_to_le64(val);
4613 cpu_physical_memory_write(addr, &val, 8);
4614}
4615
4616void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4617{
4618 val = cpu_to_be64(val);
4619 cpu_physical_memory_write(addr, &val, 8);
4620}
4621
5e2972fd 4622/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4623int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4624 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4625{
4626 int l;
c227f099 4627 target_phys_addr_t phys_addr;
9b3c35e0 4628 target_ulong page;
13eb76e0
FB		 4629
4630 while (len > 0) {
4631 page = addr & TARGET_PAGE_MASK;
4632 phys_addr = cpu_get_phys_page_debug(env, page);
4633 /* if no physical page mapped, return an error */
4634 if (phys_addr == -1)
4635 return -1;
4636 l = (page + TARGET_PAGE_SIZE) - addr;
4637 if (l > len)
4638 l = len;
5e2972fd 4639 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4640 if (is_write)
4641 cpu_physical_memory_write_rom(phys_addr, buf, l);
4642 else
5e2972fd 4643 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4644 len -= l;
4645 buf += l;
4646 addr += l;
4647 }
4648 return 0;
4649}
a68fe89c 4650#endif
13eb76e0 4651
2e70f6ef
PB		 4652/* in deterministic execution mode, instructions doing device I/Os
4653 must be at the end of the TB */
4654void cpu_io_recompile(CPUState *env, void *retaddr)
4655{
4656 TranslationBlock *tb;
4657 uint32_t n, cflags;
4658 target_ulong pc, cs_base;
4659 uint64_t flags;
4660
4661 tb = tb_find_pc((unsigned long)retaddr);
4662 if (!tb) {
4663 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4664 retaddr);
4665 }
4666 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4667 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4668 /* Calculate how many instructions had been executed before the fault
bf20dc07 4669 occurred. */
2e70f6ef
PB		 4670 n = n - env->icount_decr.u16.low;
4671 /* Generate a new TB ending on the I/O insn. */
4672 n++;
4673 /* On MIPS and SH, delay slot instructions can only be restarted if
4674 they were already the first instruction in the TB. If this is not
bf20dc07 4675 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4676 branch. */
4677#if defined(TARGET_MIPS)
4678 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4679 env->active_tc.PC -= 4;
4680 env->icount_decr.u16.low++;
4681 env->hflags &= ~MIPS_HFLAG_BMASK;
4682 }
4683#elif defined(TARGET_SH4)
4684 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4685 && n > 1) {
4686 env->pc -= 2;
4687 env->icount_decr.u16.low++;
4688 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4689 }
4690#endif
4691 /* This should never happen. */
4692 if (n > CF_COUNT_MASK)
4693 cpu_abort(env, "TB too big during recompile");
4694
4695 cflags = n | CF_LAST_IO;
4696 pc = tb->pc;
4697 cs_base = tb->cs_base;
4698 flags = tb->flags;
4699 tb_phys_invalidate(tb, -1);
4700 /* FIXME: In theory this could raise an exception. In practice
4701 we have already translated the block once so it's probably ok. */
4702 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4703 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4704 the first in the TB) then we end up generating a whole new TB and
4705 repeating the fault, which is horribly inefficient.
4706 Better would be to execute just this insn uncached, or generate a
4707 second new TB. */
4708 cpu_resume_from_signal(env, NULL);
4709}
4710
b3755a91
PB		 4711#if !defined(CONFIG_USER_ONLY)
4712
055403b2 4713void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4714{
4715 int i, target_code_size, max_target_code_size;
4716 int direct_jmp_count, direct_jmp2_count, cross_page;
4717 TranslationBlock *tb;
3b46e624 4718
e3db7226
FB		 4719 target_code_size = 0;
4720 max_target_code_size = 0;
4721 cross_page = 0;
4722 direct_jmp_count = 0;
4723 direct_jmp2_count = 0;
4724 for(i = 0; i < nb_tbs; i++) {
4725 tb = &tbs[i];
4726 target_code_size += tb->size;
4727 if (tb->size > max_target_code_size)
4728 max_target_code_size = tb->size;
4729 if (tb->page_addr[1] != -1)
4730 cross_page++;
4731 if (tb->tb_next_offset[0] != 0xffff) {
4732 direct_jmp_count++;
4733 if (tb->tb_next_offset[1] != 0xffff) {
4734 direct_jmp2_count++;
4735 }
4736 }
4737 }
4738 /* XXX: avoid using doubles ? */
57fec1fe 4739 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4740 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4741 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4742 cpu_fprintf(f, "TB count %d/%d\n",
4743 nb_tbs, code_gen_max_blocks);
5fafdf24 4744 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4745 nb_tbs ? target_code_size / nb_tbs : 0,
4746 max_target_code_size);
055403b2 4747 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4748 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4749 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4750 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4751 cross_page,
e3db7226
FB		 4752 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4753 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4754 direct_jmp_count,
e3db7226
FB		 4755 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4756 direct_jmp2_count,
4757 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4758 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4759 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4760 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4761 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4762 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4763}
4764
61382a50 4765#define MMUSUFFIX _cmmu
3917149d 4766#undef GETPC
61382a50
FB		 4767#define GETPC() NULL
4768#define env cpu_single_env
b769d8fe 4769#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4770
4771#define SHIFT 0
4772#include "softmmu_template.h"
4773
4774#define SHIFT 1
4775#include "softmmu_template.h"
4776
4777#define SHIFT 2
4778#include "softmmu_template.h"
4779
4780#define SHIFT 3
4781#include "softmmu_template.h"
4782
4783#undef env
4784
4785#endif
Qemu copy for testing