]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target-m68k/m68k-semi: Handle get_user failure
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
7762c2c1 62#include "memory-internal.h"
67d95c15 63
fd6ce8f6 64//#define DEBUG_TB_INVALIDATE
66e85a21 65//#define DEBUG_FLUSH
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24 69//#define DEBUG_TB_CHECK
fd6ce8f6 70
1196be37 71//#define DEBUG_IOPORT
db7b5426 72//#define DEBUG_SUBPAGE
1196be37 73
99773bd4
PB		 74#if !defined(CONFIG_USER_ONLY)
75/* TB consistency checks only implemented for usermode emulation. */
76#undef DEBUG_TB_CHECK
77#endif
78
9fa3e853
FB		 79#define SMC_BITMAP_USE_THRESHOLD 10
80
bdaf78e0 81static TranslationBlock *tbs;
24ab68ac 82static int code_gen_max_blocks;
9fa3e853 83TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 84static int nb_tbs;
eb51d102 85/* any access to the tbs or the page table must use this lock */
c227f099 86spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 87
4438c8a9 88uint8_t *code_gen_prologue;
bdaf78e0 89static uint8_t *code_gen_buffer;
f1bc0bcc 90static size_t code_gen_buffer_size;
26a5f13b 91/* threshold to flush the translated code buffer */
f1bc0bcc 92static size_t code_gen_buffer_max_size;
24ab68ac 93static uint8_t *code_gen_ptr;
fd6ce8f6 94
e2eef170 95#if !defined(CONFIG_USER_ONLY)
9fa3e853 96int phys_ram_fd;
74576198 97static int in_migration;
94a6b54f 98
85d59fef 99RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 100
101static MemoryRegion *system_memory;
309cb471 102static MemoryRegion *system_io;
62152b8a 103
f6790af6
AK		 104AddressSpace address_space_io;
105AddressSpace address_space_memory;
2673a5da 106
0e0df1e2 107MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 108static MemoryRegion io_mem_subpage_ram;
0e0df1e2 109
e2eef170 110#endif
9fa3e853 111
9349b4f9 112CPUArchState *first_cpu;
6a00d601
FB		 113/* current CPU in the current thread. It is only valid inside
114 cpu_exec() */
9349b4f9 115DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 116/* 0 = Do not count executed instructions.
bf20dc07 117 1 = Precise instruction counting.
2e70f6ef
PB		 118 2 = Adaptive rate instruction counting. */
119int use_icount = 0;
6a00d601 120
54936004 121typedef struct PageDesc {
92e873b9 122 /* list of TBs intersecting this ram page */
fd6ce8f6 123 TranslationBlock *first_tb;
9fa3e853
FB		 124 /* in order to optimize self modifying code, we count the number
125 of lookups we do to a given page to use a bitmap */
126 unsigned int code_write_count;
127 uint8_t *code_bitmap;
128#if defined(CONFIG_USER_ONLY)
129 unsigned long flags;
130#endif
54936004
FB		 131} PageDesc;
132
41c1b1c9 133/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 134 while in user mode we want it to be based on virtual addresses. */
135#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 136#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
137# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
138#else
5cd2c5b6 139# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 140#endif
bedb69ea 141#else
5cd2c5b6 142# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 143#endif
54936004 144
5cd2c5b6
RH		 145/* Size of the L2 (and L3, etc) page tables. */
146#define L2_BITS 10
54936004
FB		 147#define L2_SIZE (1 << L2_BITS)
148
3eef53df
AK		 149#define P_L2_LEVELS \
150 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
151
5cd2c5b6 152/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 153#define V_L1_BITS_REM \
154 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
155
5cd2c5b6
RH		 156#if V_L1_BITS_REM < 4
157#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
158#else
159#define V_L1_BITS V_L1_BITS_REM
160#endif
161
5cd2c5b6
RH		 162#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
163
5cd2c5b6
RH		 164#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
165
c6d50674
SW		 166uintptr_t qemu_real_host_page_size;
167uintptr_t qemu_host_page_size;
168uintptr_t qemu_host_page_mask;
54936004 169
5cd2c5b6
RH		 170/* This is a multi-level map on the virtual address space.
171 The bottom level has pointers to PageDesc. */
172static void *l1_map[V_L1_SIZE];
54936004 173
e2eef170 174#if !defined(CONFIG_USER_ONLY)
4346ae3e 175
5312bd8b
AK		 176static MemoryRegionSection *phys_sections;
177static unsigned phys_sections_nb, phys_sections_nb_alloc;
178static uint16_t phys_section_unassigned;
aa102231
AK		 179static uint16_t phys_section_notdirty;
180static uint16_t phys_section_rom;
181static uint16_t phys_section_watch;
5312bd8b 182
d6f2ea22
AK		 183/* Simple allocator for PhysPageEntry nodes */
184static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
185static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
186
07f07b31 187#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 188
e2eef170 189static void io_mem_init(void);
62152b8a 190static void memory_map_init(void);
e2eef170 191
1ec9b909 192static MemoryRegion io_mem_watch;
6658ffb8 193#endif
33417e70 194
e3db7226 195/* statistics */
e3db7226
FB		 196static int tb_flush_count;
197static int tb_phys_invalidate_count;
198
7cb69cae 199#ifdef _WIN32
4438c8a9 200static inline void map_exec(void *addr, long size)
7cb69cae
FB		 201{
202 DWORD old_protect;
203 VirtualProtect(addr, size,
204 PAGE_EXECUTE_READWRITE, &old_protect);
205
206}
207#else
4438c8a9 208static inline void map_exec(void *addr, long size)
7cb69cae 209{
4369415f 210 unsigned long start, end, page_size;
7cb69cae 211
4369415f 212 page_size = getpagesize();
7cb69cae 213 start = (unsigned long)addr;
4369415f 214 start &= ~(page_size - 1);
7cb69cae
FB		 215
216 end = (unsigned long)addr + size;
4369415f
FB		 217 end += page_size - 1;
218 end &= ~(page_size - 1);
7cb69cae
FB		 219
220 mprotect((void *)start, end - start,
221 PROT_READ | PROT_WRITE | PROT_EXEC);
222}
223#endif
224
b346ff46 225static void page_init(void)
54936004 226{
83fb7adf 227 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 228 TARGET_PAGE_SIZE */
c2b48b69
AL		 229#ifdef _WIN32
230 {
231 SYSTEM_INFO system_info;
232
233 GetSystemInfo(&system_info);
234 qemu_real_host_page_size = system_info.dwPageSize;
235 }
236#else
237 qemu_real_host_page_size = getpagesize();
238#endif
83fb7adf
FB		 239 if (qemu_host_page_size == 0)
240 qemu_host_page_size = qemu_real_host_page_size;
241 if (qemu_host_page_size < TARGET_PAGE_SIZE)
242 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 243 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 244
2e9a5713 245#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 246 {
f01576f1
JL		 247#ifdef HAVE_KINFO_GETVMMAP
248 struct kinfo_vmentry *freep;
249 int i, cnt;
250
251 freep = kinfo_getvmmap(getpid(), &cnt);
252 if (freep) {
253 mmap_lock();
254 for (i = 0; i < cnt; i++) {
255 unsigned long startaddr, endaddr;
256
257 startaddr = freep[i].kve_start;
258 endaddr = freep[i].kve_end;
259 if (h2g_valid(startaddr)) {
260 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
261
262 if (h2g_valid(endaddr)) {
263 endaddr = h2g(endaddr);
fd436907 264 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 265 } else {
266#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
267 endaddr = ~0ul;
fd436907 268 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 269#endif
270 }
271 }
272 }
273 free(freep);
274 mmap_unlock();
275 }
276#else
50a9569b 277 FILE *f;
50a9569b 278
0776590d 279 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 280
fd436907 281 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 282 if (f) {
5cd2c5b6
RH		 283 mmap_lock();
284
50a9569b 285 do {
5cd2c5b6
RH		 286 unsigned long startaddr, endaddr;
287 int n;
288
289 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
290
291 if (n == 2 && h2g_valid(startaddr)) {
292 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
293
294 if (h2g_valid(endaddr)) {
295 endaddr = h2g(endaddr);
296 } else {
297 endaddr = ~0ul;
298 }
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 300 }
301 } while (!feof(f));
5cd2c5b6 302
50a9569b 303 fclose(f);
5cd2c5b6 304 mmap_unlock();
50a9569b 305 }
f01576f1 306#endif
50a9569b
AZ		 307 }
308#endif
54936004
FB		 309}
310
41c1b1c9 311static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 312{
41c1b1c9
PB		 313 PageDesc *pd;
314 void **lp;
315 int i;
316
5cd2c5b6 317#if defined(CONFIG_USER_ONLY)
7267c094 318 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 319# define ALLOC(P, SIZE) \
320 do { \
321 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
322 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 323 } while (0)
324#else
325# define ALLOC(P, SIZE) \
7267c094 326 do { P = g_malloc0(SIZE); } while (0)
17e2377a 327#endif
434929bf 328
5cd2c5b6
RH		 329 /* Level 1. Always allocated. */
330 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
331
332 /* Level 2..N-1. */
333 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
334 void **p = *lp;
335
336 if (p == NULL) {
337 if (!alloc) {
338 return NULL;
339 }
340 ALLOC(p, sizeof(void *) * L2_SIZE);
341 *lp = p;
17e2377a 342 }
5cd2c5b6
RH		 343
344 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
345 }
346
347 pd = *lp;
348 if (pd == NULL) {
349 if (!alloc) {
350 return NULL;
351 }
352 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
353 *lp = pd;
54936004 354 }
5cd2c5b6
RH		 355
356#undef ALLOC
5cd2c5b6
RH		 357
358 return pd + (index & (L2_SIZE - 1));
54936004
FB		 359}
360
41c1b1c9 361static inline PageDesc *page_find(tb_page_addr_t index)
54936004 362{
5cd2c5b6 363 return page_find_alloc(index, 0);
fd6ce8f6
FB		 364}
365
6d9a1304 366#if !defined(CONFIG_USER_ONLY)
d6f2ea22 367
f7bf5461 368static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 369{
f7bf5461 370 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 371 typedef PhysPageEntry Node[L2_SIZE];
372 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 373 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
374 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 375 phys_map_nodes = g_renew(Node, phys_map_nodes,
376 phys_map_nodes_nb_alloc);
377 }
f7bf5461
AK		 378}
379
380static uint16_t phys_map_node_alloc(void)
381{
382 unsigned i;
383 uint16_t ret;
384
385 ret = phys_map_nodes_nb++;
386 assert(ret != PHYS_MAP_NODE_NIL);
387 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 388 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 389 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 390 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 391 }
f7bf5461 392 return ret;
d6f2ea22
AK		 393}
394
395static void phys_map_nodes_reset(void)
396{
397 phys_map_nodes_nb = 0;
398}
399
92e873b9 400
a8170e5e
AK		 401static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
402 hwaddr *nb, uint16_t leaf,
2999097b 403 int level)
f7bf5461
AK		 404{
405 PhysPageEntry *p;
406 int i;
a8170e5e 407 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 408
07f07b31 409 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 410 lp->ptr = phys_map_node_alloc();
411 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 412 if (level == 0) {
413 for (i = 0; i < L2_SIZE; i++) {
07f07b31 414 p[i].is_leaf = 1;
c19e8800 415 p[i].ptr = phys_section_unassigned;
4346ae3e 416 }
67c4d23c 417 }
f7bf5461 418 } else {
c19e8800 419 p = phys_map_nodes[lp->ptr];
92e873b9 420 }
2999097b 421 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 422
2999097b 423 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 424 if ((*index & (step - 1)) == 0 && *nb >= step) {
425 lp->is_leaf = true;
c19e8800 426 lp->ptr = leaf;
07f07b31
AK		 427 *index += step;
428 *nb -= step;
2999097b
AK		 429 } else {
430 phys_page_set_level(lp, index, nb, leaf, level - 1);
431 }
432 ++lp;
f7bf5461
AK		 433 }
434}
435
ac1970fb 436static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 437 hwaddr index, hwaddr nb,
2999097b 438 uint16_t leaf)
f7bf5461 439{
2999097b 440 /* Wildly overreserve - it doesn't matter much. */
07f07b31 441 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 442
ac1970fb 443 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 444}
445
a8170e5e 446MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 447{
ac1970fb 448 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 449 PhysPageEntry *p;
450 int i;
31ab2b4a 451 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 452
07f07b31 453 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 454 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 455 goto not_found;
456 }
c19e8800 457 p = phys_map_nodes[lp.ptr];
31ab2b4a 458 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 459 }
31ab2b4a 460
c19e8800 461 s_index = lp.ptr;
31ab2b4a 462not_found:
f3705d53
AK		 463 return &phys_sections[s_index];
464}
465
e5548617
BS		 466bool memory_region_is_unassigned(MemoryRegion *mr)
467{
468 return mr != &io_mem_ram && mr != &io_mem_rom
469 && mr != &io_mem_notdirty && !mr->rom_device
470 && mr != &io_mem_watch;
471}
472
c8a706fe
PB		 473#define mmap_lock() do { } while(0)
474#define mmap_unlock() do { } while(0)
9fa3e853 475#endif
fd6ce8f6 476
4369415f 477#if defined(CONFIG_USER_ONLY)
ccbb4d44 478/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 479 user mode. It will change when a dedicated libc will be used. */
480/* ??? 64-bit hosts ought to have no problem mmaping data outside the
481 region in which the guest needs to run. Revisit this. */
4369415f
FB		 482#define USE_STATIC_CODE_GEN_BUFFER
483#endif
484
f1bc0bcc
RH		 485/* ??? Should configure for this, not list operating systems here. */
486#if (defined(__linux__) \
487 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
488 || defined(__DragonFly__) || defined(__OpenBSD__) \
489 || defined(__NetBSD__))
490# define USE_MMAP
4369415f
FB		 491#endif
492
74d590c8
RH		 493/* Minimum size of the code gen buffer. This number is randomly chosen,
494 but not so small that we can't have a fair number of TB's live. */
495#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
496
f1bc0bcc
RH		 497/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
498 indicated, this is constrained by the range of direct branches on the
499 host cpu, as used by the TCG implementation of goto_tb. */
500#if defined(__x86_64__)
501# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
502#elif defined(__sparc__)
503# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504#elif defined(__arm__)
505# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
506#elif defined(__s390x__)
507 /* We have a +- 4GB range on the branches; leave some slop. */
508# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
509#else
510# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
511#endif
512
3d85a72f
RH		 513#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
514
515#define DEFAULT_CODE_GEN_BUFFER_SIZE \
516 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
517 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 518
519static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 520{
f1bc0bcc
RH		 521 /* Size the buffer. */
522 if (tb_size == 0) {
4369415f 523#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 524 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 525#else
f1bc0bcc
RH		 526 /* ??? Needs adjustments. */
527 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
528 static buffer, we could size this on RESERVED_VA, on the text
529 segment size of the executable, or continue to use the default. */
530 tb_size = (unsigned long)(ram_size / 4);
4369415f 531#endif
26a5f13b 532 }
f1bc0bcc
RH		 533 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
534 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 535 }
f1bc0bcc
RH		 536 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
537 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 538 }
f1bc0bcc
RH		 539 code_gen_buffer_size = tb_size;
540 return tb_size;
541}
542
543#ifdef USE_STATIC_CODE_GEN_BUFFER
544static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
545 __attribute__((aligned(CODE_GEN_ALIGN)));
546
547static inline void *alloc_code_gen_buffer(void)
548{
549 map_exec(static_code_gen_buffer, code_gen_buffer_size);
550 return static_code_gen_buffer;
551}
552#elif defined(USE_MMAP)
553static inline void *alloc_code_gen_buffer(void)
554{
555 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
556 uintptr_t start = 0;
557 void *buf;
558
559 /* Constrain the position of the buffer based on the host cpu.
560 Note that these addresses are chosen in concert with the
561 addresses assigned in the relevant linker script file. */
405def18
RH		 562# if defined(__PIE__) || defined(__PIC__)
563 /* Don't bother setting a preferred location if we're building
564 a position-independent executable. We're more likely to get
565 an address near the main executable if we let the kernel
566 choose the address. */
567# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 568 /* Force the memory down into low memory with the executable.
569 Leave the choice of exact location with the kernel. */
570 flags |= MAP_32BIT;
571 /* Cannot expect to map more than 800MB in low memory. */
572 if (code_gen_buffer_size > 800u * 1024 * 1024) {
573 code_gen_buffer_size = 800u * 1024 * 1024;
574 }
575# elif defined(__sparc__)
576 start = 0x40000000ul;
577# elif defined(__s390x__)
578 start = 0x90000000ul;
579# endif
580
581 buf = mmap((void *)start, code_gen_buffer_size,
582 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
583 return buf == MAP_FAILED ? NULL : buf;
584}
26a5f13b 585#else
f1bc0bcc
RH		 586static inline void *alloc_code_gen_buffer(void)
587{
588 void *buf = g_malloc(code_gen_buffer_size);
589 if (buf) {
590 map_exec(buf, code_gen_buffer_size);
591 }
592 return buf;
593}
594#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
595
596static inline void code_gen_alloc(size_t tb_size)
597{
598 code_gen_buffer_size = size_code_gen_buffer(tb_size);
599 code_gen_buffer = alloc_code_gen_buffer();
600 if (code_gen_buffer == NULL) {
601 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
602 exit(1);
603 }
604
4438c8a9
RH		 605 /* Steal room for the prologue at the end of the buffer. This ensures
606 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
607 from TB's to the prologue are going to be in range. It also means
608 that we don't need to mark (additional) portions of the data segment
609 as executable. */
610 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
611 code_gen_buffer_size -= 1024;
612
a884da8a
PM		 613 code_gen_buffer_max_size = code_gen_buffer_size -
614 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 615 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 616 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 617}
618
619/* Must be called before using the QEMU cpus. 'tb_size' is the size
620 (in bytes) allocated to the translation buffer. Zero means default
621 size. */
d5ab9713 622void tcg_exec_init(unsigned long tb_size)
26a5f13b 623{
26a5f13b
FB		 624 cpu_gen_init();
625 code_gen_alloc(tb_size);
626 code_gen_ptr = code_gen_buffer;
813da627 627 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 628 page_init();
9002ec79
RH		 629#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
630 /* There's no guest base to take into account, so go ahead and
631 initialize the prologue now. */
632 tcg_prologue_init(&tcg_ctx);
633#endif
26a5f13b
FB		 634}
635
d5ab9713
JK		 636bool tcg_enabled(void)
637{
638 return code_gen_buffer != NULL;
639}
640
641void cpu_exec_init_all(void)
642{
643#if !defined(CONFIG_USER_ONLY)
644 memory_map_init();
645 io_mem_init();
646#endif
647}
648
9656f324
PB		 649#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
650
e59fb374 651static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 652{
9349b4f9 653 CPUArchState *env = opaque;
9656f324 654
3098dba0
AJ		 655 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
656 version_id is increased. */
657 env->interrupt_request &= ~0x01;
9656f324
PB		 658 tlb_flush(env, 1);
659
660 return 0;
661}
e7f4eff7
JQ		 662
663static const VMStateDescription vmstate_cpu_common = {
664 .name = "cpu_common",
665 .version_id = 1,
666 .minimum_version_id = 1,
667 .minimum_version_id_old = 1,
e7f4eff7
JQ		 668 .post_load = cpu_common_post_load,
669 .fields = (VMStateField []) {
9349b4f9
AF		 670 VMSTATE_UINT32(halted, CPUArchState),
671 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 672 VMSTATE_END_OF_LIST()
673 }
674};
9656f324
PB		 675#endif
676
9349b4f9 677CPUArchState *qemu_get_cpu(int cpu)
950f1472 678{
9349b4f9 679 CPUArchState *env = first_cpu;
950f1472
GC		 680
681 while (env) {
682 if (env->cpu_index == cpu)
683 break;
684 env = env->next_cpu;
685 }
686
687 return env;
688}
689
9349b4f9 690void cpu_exec_init(CPUArchState *env)
fd6ce8f6 691{
9f09e18a
AF		 692#ifndef CONFIG_USER_ONLY
693 CPUState *cpu = ENV_GET_CPU(env);
694#endif
9349b4f9 695 CPUArchState **penv;
6a00d601
FB		 696 int cpu_index;
697
c2764719
PB		 698#if defined(CONFIG_USER_ONLY)
699 cpu_list_lock();
700#endif
6a00d601
FB		 701 env->next_cpu = NULL;
702 penv = &first_cpu;
703 cpu_index = 0;
704 while (*penv != NULL) {
1e9fa730 705 penv = &(*penv)->next_cpu;
6a00d601
FB		 706 cpu_index++;
707 }
708 env->cpu_index = cpu_index;
268a362c 709 env->numa_node = 0;
72cf2d4f
BS		 710 QTAILQ_INIT(&env->breakpoints);
711 QTAILQ_INIT(&env->watchpoints);
dc7a09cf 712#ifndef CONFIG_USER_ONLY
9f09e18a 713 cpu->thread_id = qemu_get_thread_id();
dc7a09cf 714#endif
6a00d601 715 *penv = env;
c2764719
PB		 716#if defined(CONFIG_USER_ONLY)
717 cpu_list_unlock();
718#endif
b3c7724c 719#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 720 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
721 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 722 cpu_save, cpu_load, env);
723#endif
fd6ce8f6
FB		 724}
725
d1a1eb74
TG		 726/* Allocate a new translation block. Flush the translation buffer if
727 too many translation blocks or too much generated code. */
728static TranslationBlock *tb_alloc(target_ulong pc)
729{
730 TranslationBlock *tb;
731
732 if (nb_tbs >= code_gen_max_blocks ||
733 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
734 return NULL;
735 tb = &tbs[nb_tbs++];
736 tb->pc = pc;
737 tb->cflags = 0;
738 return tb;
739}
740
741void tb_free(TranslationBlock *tb)
742{
743 /* In practice this is mostly used for single use temporary TB
744 Ignore the hard cases and just back up if this TB happens to
745 be the last one generated. */
746 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
747 code_gen_ptr = tb->tc_ptr;
748 nb_tbs--;
749 }
750}
751
9fa3e853
FB		 752static inline void invalidate_page_bitmap(PageDesc *p)
753{
754 if (p->code_bitmap) {
7267c094 755 g_free(p->code_bitmap);
9fa3e853
FB		 756 p->code_bitmap = NULL;
757 }
758 p->code_write_count = 0;
759}
760
5cd2c5b6
RH		 761/* Set to NULL all the 'first_tb' fields in all PageDescs. */
762
763static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 764{
5cd2c5b6 765 int i;
fd6ce8f6 766
5cd2c5b6
RH		 767 if (*lp == NULL) {
768 return;
769 }
770 if (level == 0) {
771 PageDesc *pd = *lp;
7296abac 772 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 773 pd[i].first_tb = NULL;
774 invalidate_page_bitmap(pd + i);
fd6ce8f6 775 }
5cd2c5b6
RH		 776 } else {
777 void **pp = *lp;
7296abac 778 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 779 page_flush_tb_1 (level - 1, pp + i);
780 }
781 }
782}
783
784static void page_flush_tb(void)
785{
786 int i;
787 for (i = 0; i < V_L1_SIZE; i++) {
788 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 789 }
790}
791
792/* flush all the translation blocks */
d4e8164f 793/* XXX: tb_flush is currently not thread safe */
9349b4f9 794void tb_flush(CPUArchState *env1)
fd6ce8f6 795{
9349b4f9 796 CPUArchState *env;
0124311e 797#if defined(DEBUG_FLUSH)
ab3d1727
BS		 798 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
799 (unsigned long)(code_gen_ptr - code_gen_buffer),
800 nb_tbs, nb_tbs > 0 ?
801 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 802#endif
26a5f13b 803 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 804 cpu_abort(env1, "Internal error: code buffer overflow\n");
805
fd6ce8f6 806 nb_tbs = 0;
3b46e624 807
6a00d601
FB		 808 for(env = first_cpu; env != NULL; env = env->next_cpu) {
809 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
810 }
9fa3e853 811
8a8a608f 812 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 813 page_flush_tb();
9fa3e853 814
fd6ce8f6 815 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 816 /* XXX: flush processor icache at this point if cache flush is
817 expensive */
e3db7226 818 tb_flush_count++;
fd6ce8f6
FB		 819}
820
821#ifdef DEBUG_TB_CHECK
822
bc98a7ef 823static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 824{
825 TranslationBlock *tb;
826 int i;
827 address &= TARGET_PAGE_MASK;
99773bd4
PB		 828 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
829 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 830 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
831 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 832 printf("ERROR invalidate: address=" TARGET_FMT_lx
833 " PC=%08lx size=%04x\n",
99773bd4 834 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 835 }
836 }
837 }
838}
839
840/* verify that all the pages have correct rights for code */
841static void tb_page_check(void)
842{
843 TranslationBlock *tb;
844 int i, flags1, flags2;
3b46e624 845
99773bd4
PB		 846 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
847 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 848 flags1 = page_get_flags(tb->pc);
849 flags2 = page_get_flags(tb->pc + tb->size - 1);
850 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
851 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 852 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 853 }
854 }
855 }
856}
857
858#endif
859
860/* invalidate one TB */
861static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
862 int next_offset)
863{
864 TranslationBlock *tb1;
865 for(;;) {
866 tb1 = *ptb;
867 if (tb1 == tb) {
868 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
869 break;
870 }
871 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
872 }
873}
874
9fa3e853
FB		 875static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
876{
877 TranslationBlock *tb1;
878 unsigned int n1;
879
880 for(;;) {
881 tb1 = *ptb;
8efe0ca8
SW		 882 n1 = (uintptr_t)tb1 & 3;
883 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 884 if (tb1 == tb) {
885 *ptb = tb1->page_next[n1];
886 break;
887 }
888 ptb = &tb1->page_next[n1];
889 }
890}
891
d4e8164f
FB		 892static inline void tb_jmp_remove(TranslationBlock *tb, int n)
893{
894 TranslationBlock *tb1, **ptb;
895 unsigned int n1;
896
897 ptb = &tb->jmp_next[n];
898 tb1 = *ptb;
899 if (tb1) {
900 /* find tb(n) in circular list */
901 for(;;) {
902 tb1 = *ptb;
8efe0ca8
SW		 903 n1 = (uintptr_t)tb1 & 3;
904 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 905 if (n1 == n && tb1 == tb)
906 break;
907 if (n1 == 2) {
908 ptb = &tb1->jmp_first;
909 } else {
910 ptb = &tb1->jmp_next[n1];
911 }
912 }
913 /* now we can suppress tb(n) from the list */
914 *ptb = tb->jmp_next[n];
915
916 tb->jmp_next[n] = NULL;
917 }
918}
919
920/* reset the jump entry 'n' of a TB so that it is not chained to
921 another TB */
922static inline void tb_reset_jump(TranslationBlock *tb, int n)
923{
8efe0ca8 924 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 925}
926
41c1b1c9 927void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 928{
9349b4f9 929 CPUArchState *env;
8a40a180 930 PageDesc *p;
d4e8164f 931 unsigned int h, n1;
41c1b1c9 932 tb_page_addr_t phys_pc;
8a40a180 933 TranslationBlock *tb1, *tb2;
3b46e624 934
8a40a180
FB		 935 /* remove the TB from the hash list */
936 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
937 h = tb_phys_hash_func(phys_pc);
5fafdf24 938 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 939 offsetof(TranslationBlock, phys_hash_next));
940
941 /* remove the TB from the page list */
942 if (tb->page_addr[0] != page_addr) {
943 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
944 tb_page_remove(&p->first_tb, tb);
945 invalidate_page_bitmap(p);
946 }
947 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
948 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
949 tb_page_remove(&p->first_tb, tb);
950 invalidate_page_bitmap(p);
951 }
952
36bdbe54 953 tb_invalidated_flag = 1;
59817ccb 954
fd6ce8f6 955 /* remove the TB from the hash list */
8a40a180 956 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 957 for(env = first_cpu; env != NULL; env = env->next_cpu) {
958 if (env->tb_jmp_cache[h] == tb)
959 env->tb_jmp_cache[h] = NULL;
960 }
d4e8164f
FB		 961
962 /* suppress this TB from the two jump lists */
963 tb_jmp_remove(tb, 0);
964 tb_jmp_remove(tb, 1);
965
966 /* suppress any remaining jumps to this TB */
967 tb1 = tb->jmp_first;
968 for(;;) {
8efe0ca8 969 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 970 if (n1 == 2)
971 break;
8efe0ca8 972 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 973 tb2 = tb1->jmp_next[n1];
974 tb_reset_jump(tb1, n1);
975 tb1->jmp_next[n1] = NULL;
976 tb1 = tb2;
977 }
8efe0ca8 978 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 979
e3db7226 980 tb_phys_invalidate_count++;
9fa3e853
FB		 981}
982
983static inline void set_bits(uint8_t *tab, int start, int len)
984{
985 int end, mask, end1;
986
987 end = start + len;
988 tab += start >> 3;
989 mask = 0xff << (start & 7);
990 if ((start & ~7) == (end & ~7)) {
991 if (start < end) {
992 mask &= ~(0xff << (end & 7));
993 *tab |= mask;
994 }
995 } else {
996 *tab++ |= mask;
997 start = (start + 8) & ~7;
998 end1 = end & ~7;
999 while (start < end1) {
1000 *tab++ = 0xff;
1001 start += 8;
1002 }
1003 if (start < end) {
1004 mask = ~(0xff << (end & 7));
1005 *tab |= mask;
1006 }
1007 }
1008}
1009
1010static void build_page_bitmap(PageDesc *p)
1011{
1012 int n, tb_start, tb_end;
1013 TranslationBlock *tb;
3b46e624 1014
7267c094 1015 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1016
1017 tb = p->first_tb;
1018 while (tb != NULL) {
8efe0ca8
SW		 1019 n = (uintptr_t)tb & 3;
1020 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1021 /* NOTE: this is subtle as a TB may span two physical pages */
1022 if (n == 0) {
1023 /* NOTE: tb_end may be after the end of the page, but
1024 it is not a problem */
1025 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1026 tb_end = tb_start + tb->size;
1027 if (tb_end > TARGET_PAGE_SIZE)
1028 tb_end = TARGET_PAGE_SIZE;
1029 } else {
1030 tb_start = 0;
1031 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1032 }
1033 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1034 tb = tb->page_next[n];
1035 }
1036}
1037
9349b4f9 1038TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1039 target_ulong pc, target_ulong cs_base,
1040 int flags, int cflags)
d720b93d
FB		 1041{
1042 TranslationBlock *tb;
1043 uint8_t *tc_ptr;
41c1b1c9
PB		 1044 tb_page_addr_t phys_pc, phys_page2;
1045 target_ulong virt_page2;
d720b93d
FB		 1046 int code_gen_size;
1047
41c1b1c9 1048 phys_pc = get_page_addr_code(env, pc);
c27004ec 1049 tb = tb_alloc(pc);
d720b93d
FB		 1050 if (!tb) {
1051 /* flush must be done */
1052 tb_flush(env);
1053 /* cannot fail at this point */
c27004ec 1054 tb = tb_alloc(pc);
2e70f6ef
PB		 1055 /* Don't forget to invalidate previous TB info. */
1056 tb_invalidated_flag = 1;
d720b93d
FB		 1057 }
1058 tc_ptr = code_gen_ptr;
1059 tb->tc_ptr = tc_ptr;
1060 tb->cs_base = cs_base;
1061 tb->flags = flags;
1062 tb->cflags = cflags;
d07bde88 1063 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1064 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1065 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1066
d720b93d 1067 /* check next page if needed */
c27004ec 1068 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1069 phys_page2 = -1;
c27004ec 1070 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1071 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1072 }
41c1b1c9 1073 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1074 return tb;
d720b93d 1075}
3b46e624 1076
77a8f1a5 1077/*
8e0fdce3
JK		 1078 * Invalidate all TBs which intersect with the target physical address range
1079 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1080 * 'is_cpu_write_access' should be true if called from a real cpu write
1081 * access: the virtual CPU will exit the current TB if code is modified inside
1082 * this TB.
77a8f1a5
AG		 1083 */
1084void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1085 int is_cpu_write_access)
1086{
1087 while (start < end) {
1088 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1089 start &= TARGET_PAGE_MASK;
1090 start += TARGET_PAGE_SIZE;
1091 }
1092}
1093
8e0fdce3
JK		 1094/*
1095 * Invalidate all TBs which intersect with the target physical address range
1096 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1097 * 'is_cpu_write_access' should be true if called from a real cpu write
1098 * access: the virtual CPU will exit the current TB if code is modified inside
1099 * this TB.
1100 */
41c1b1c9 1101void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1102 int is_cpu_write_access)
1103{
6b917547 1104 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1105 CPUArchState *env = cpu_single_env;
41c1b1c9 1106 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1107 PageDesc *p;
1108 int n;
1109#ifdef TARGET_HAS_PRECISE_SMC
1110 int current_tb_not_found = is_cpu_write_access;
1111 TranslationBlock *current_tb = NULL;
1112 int current_tb_modified = 0;
1113 target_ulong current_pc = 0;
1114 target_ulong current_cs_base = 0;
1115 int current_flags = 0;
1116#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1117
1118 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1119 if (!p)
9fa3e853 1120 return;
5fafdf24 1121 if (!p->code_bitmap &&
d720b93d
FB		 1122 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1123 is_cpu_write_access) {
9fa3e853
FB		 1124 /* build code bitmap */
1125 build_page_bitmap(p);
1126 }
1127
1128 /* we remove all the TBs in the range [start, end[ */
1129 /* XXX: see if in some cases it could be faster to invalidate all the code */
1130 tb = p->first_tb;
1131 while (tb != NULL) {
8efe0ca8
SW		 1132 n = (uintptr_t)tb & 3;
1133 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1134 tb_next = tb->page_next[n];
1135 /* NOTE: this is subtle as a TB may span two physical pages */
1136 if (n == 0) {
1137 /* NOTE: tb_end may be after the end of the page, but
1138 it is not a problem */
1139 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1140 tb_end = tb_start + tb->size;
1141 } else {
1142 tb_start = tb->page_addr[1];
1143 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1144 }
1145 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1146#ifdef TARGET_HAS_PRECISE_SMC
1147 if (current_tb_not_found) {
1148 current_tb_not_found = 0;
1149 current_tb = NULL;
2e70f6ef 1150 if (env->mem_io_pc) {
d720b93d 1151 /* now we have a real cpu fault */
2e70f6ef 1152 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1153 }
1154 }
1155 if (current_tb == tb &&
2e70f6ef 1156 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1157 /* If we are modifying the current TB, we must stop
1158 its execution. We could be more precise by checking
1159 that the modification is after the current PC, but it
1160 would require a specialized function to partially
1161 restore the CPU state */
3b46e624 1162
d720b93d 1163 current_tb_modified = 1;
618ba8e6 1164 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1165 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1166 &current_flags);
d720b93d
FB		 1167 }
1168#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1169 /* we need to do that to handle the case where a signal
1170 occurs while doing tb_phys_invalidate() */
1171 saved_tb = NULL;
1172 if (env) {
1173 saved_tb = env->current_tb;
1174 env->current_tb = NULL;
1175 }
9fa3e853 1176 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1177 if (env) {
1178 env->current_tb = saved_tb;
1179 if (env->interrupt_request && env->current_tb)
1180 cpu_interrupt(env, env->interrupt_request);
1181 }
9fa3e853
FB		 1182 }
1183 tb = tb_next;
1184 }
1185#if !defined(CONFIG_USER_ONLY)
1186 /* if no code remaining, no need to continue to use slow writes */
1187 if (!p->first_tb) {
1188 invalidate_page_bitmap(p);
d720b93d 1189 if (is_cpu_write_access) {
2e70f6ef 1190 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1191 }
1192 }
1193#endif
1194#ifdef TARGET_HAS_PRECISE_SMC
1195 if (current_tb_modified) {
1196 /* we generate a block containing just the instruction
1197 modifying the memory. It will ensure that it cannot modify
1198 itself */
ea1c1802 1199 env->current_tb = NULL;
2e70f6ef 1200 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1201 cpu_resume_from_signal(env, NULL);
9fa3e853 1202 }
fd6ce8f6 1203#endif
9fa3e853 1204}
fd6ce8f6 1205
9fa3e853 1206/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1207static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1208{
1209 PageDesc *p;
1210 int offset, b;
59817ccb 1211#if 0
a4193c8a 1212 if (1) {
93fcfe39
AL		 1213 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1214 cpu_single_env->mem_io_vaddr, len,
1215 cpu_single_env->eip,
8efe0ca8
SW		 1216 cpu_single_env->eip +
1217 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1218 }
1219#endif
9fa3e853 1220 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1221 if (!p)
9fa3e853
FB		 1222 return;
1223 if (p->code_bitmap) {
1224 offset = start & ~TARGET_PAGE_MASK;
1225 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1226 if (b & ((1 << len) - 1))
1227 goto do_invalidate;
1228 } else {
1229 do_invalidate:
d720b93d 1230 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1231 }
1232}
1233
9fa3e853 1234#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1235static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1236 uintptr_t pc, void *puc)
9fa3e853 1237{
6b917547 1238 TranslationBlock *tb;
9fa3e853 1239 PageDesc *p;
6b917547 1240 int n;
d720b93d 1241#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1242 TranslationBlock *current_tb = NULL;
9349b4f9 1243 CPUArchState *env = cpu_single_env;
6b917547
AL		 1244 int current_tb_modified = 0;
1245 target_ulong current_pc = 0;
1246 target_ulong current_cs_base = 0;
1247 int current_flags = 0;
d720b93d 1248#endif
9fa3e853
FB		 1249
1250 addr &= TARGET_PAGE_MASK;
1251 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1252 if (!p)
9fa3e853
FB		 1253 return;
1254 tb = p->first_tb;
d720b93d
FB		 1255#ifdef TARGET_HAS_PRECISE_SMC
1256 if (tb && pc != 0) {
1257 current_tb = tb_find_pc(pc);
1258 }
1259#endif
9fa3e853 1260 while (tb != NULL) {
8efe0ca8
SW		 1261 n = (uintptr_t)tb & 3;
1262 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1263#ifdef TARGET_HAS_PRECISE_SMC
1264 if (current_tb == tb &&
2e70f6ef 1265 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1266 /* If we are modifying the current TB, we must stop
1267 its execution. We could be more precise by checking
1268 that the modification is after the current PC, but it
1269 would require a specialized function to partially
1270 restore the CPU state */
3b46e624 1271
d720b93d 1272 current_tb_modified = 1;
618ba8e6 1273 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1274 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1275 &current_flags);
d720b93d
FB		 1276 }
1277#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1278 tb_phys_invalidate(tb, addr);
1279 tb = tb->page_next[n];
1280 }
fd6ce8f6 1281 p->first_tb = NULL;
d720b93d
FB		 1282#ifdef TARGET_HAS_PRECISE_SMC
1283 if (current_tb_modified) {
1284 /* we generate a block containing just the instruction
1285 modifying the memory. It will ensure that it cannot modify
1286 itself */
ea1c1802 1287 env->current_tb = NULL;
2e70f6ef 1288 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1289 cpu_resume_from_signal(env, puc);
1290 }
1291#endif
fd6ce8f6 1292}
9fa3e853 1293#endif
fd6ce8f6
FB		 1294
1295/* add the tb in the target page and protect it if necessary */
5fafdf24 1296static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1297 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1298{
1299 PageDesc *p;
4429ab44
JQ		 1300#ifndef CONFIG_USER_ONLY
1301 bool page_already_protected;
1302#endif
9fa3e853
FB		 1303
1304 tb->page_addr[n] = page_addr;
5cd2c5b6 1305 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1306 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1307#ifndef CONFIG_USER_ONLY
1308 page_already_protected = p->first_tb != NULL;
1309#endif
8efe0ca8 1310 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1311 invalidate_page_bitmap(p);
fd6ce8f6 1312
107db443 1313#if defined(TARGET_HAS_SMC) || 1
d720b93d 1314
9fa3e853 1315#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1316 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1317 target_ulong addr;
1318 PageDesc *p2;
9fa3e853
FB		 1319 int prot;
1320
fd6ce8f6
FB		 1321 /* force the host page as non writable (writes will have a
1322 page fault + mprotect overhead) */
53a5960a 1323 page_addr &= qemu_host_page_mask;
fd6ce8f6 1324 prot = 0;
53a5960a
PB		 1325 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1326 addr += TARGET_PAGE_SIZE) {
1327
1328 p2 = page_find (addr >> TARGET_PAGE_BITS);
1329 if (!p2)
1330 continue;
1331 prot |= p2->flags;
1332 p2->flags &= ~PAGE_WRITE;
53a5960a 1333 }
5fafdf24 1334 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1335 (prot & PAGE_BITS) & ~PAGE_WRITE);
1336#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1337 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1338 page_addr);
fd6ce8f6 1339#endif
fd6ce8f6 1340 }
9fa3e853
FB		 1341#else
1342 /* if some code is already present, then the pages are already
1343 protected. So we handle the case where only the first TB is
1344 allocated in a physical page */
4429ab44 1345 if (!page_already_protected) {
6a00d601 1346 tlb_protect_code(page_addr);
9fa3e853
FB		 1347 }
1348#endif
d720b93d
FB		 1349
1350#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1351}
1352
9fa3e853
FB		 1353/* add a new TB and link it to the physical page tables. phys_page2 is
1354 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1355void tb_link_page(TranslationBlock *tb,
1356 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1357{
9fa3e853
FB		 1358 unsigned int h;
1359 TranslationBlock **ptb;
1360
c8a706fe
PB		 1361 /* Grab the mmap lock to stop another thread invalidating this TB
1362 before we are done. */
1363 mmap_lock();
9fa3e853
FB		 1364 /* add in the physical hash table */
1365 h = tb_phys_hash_func(phys_pc);
1366 ptb = &tb_phys_hash[h];
1367 tb->phys_hash_next = *ptb;
1368 *ptb = tb;
fd6ce8f6
FB		 1369
1370 /* add in the page list */
9fa3e853
FB		 1371 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1372 if (phys_page2 != -1)
1373 tb_alloc_page(tb, 1, phys_page2);
1374 else
1375 tb->page_addr[1] = -1;
9fa3e853 1376
8efe0ca8 1377 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1378 tb->jmp_next[0] = NULL;
1379 tb->jmp_next[1] = NULL;
1380
1381 /* init original jump addresses */
1382 if (tb->tb_next_offset[0] != 0xffff)
1383 tb_reset_jump(tb, 0);
1384 if (tb->tb_next_offset[1] != 0xffff)
1385 tb_reset_jump(tb, 1);
8a40a180
FB		 1386
1387#ifdef DEBUG_TB_CHECK
1388 tb_page_check();
1389#endif
c8a706fe 1390 mmap_unlock();
fd6ce8f6
FB		 1391}
1392
9fa3e853
FB		 1393/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1394 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1395TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1396{
9fa3e853 1397 int m_min, m_max, m;
8efe0ca8 1398 uintptr_t v;
9fa3e853 1399 TranslationBlock *tb;
a513fe19
FB		 1400
1401 if (nb_tbs <= 0)
1402 return NULL;
8efe0ca8
SW		 1403 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1404 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1405 return NULL;
8efe0ca8 1406 }
a513fe19
FB		 1407 /* binary search (cf Knuth) */
1408 m_min = 0;
1409 m_max = nb_tbs - 1;
1410 while (m_min <= m_max) {
1411 m = (m_min + m_max) >> 1;
1412 tb = &tbs[m];
8efe0ca8 1413 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1414 if (v == tc_ptr)
1415 return tb;
1416 else if (tc_ptr < v) {
1417 m_max = m - 1;
1418 } else {
1419 m_min = m + 1;
1420 }
5fafdf24 1421 }
a513fe19
FB		 1422 return &tbs[m_max];
1423}
7501267e 1424
ea041c0e
FB		 1425static void tb_reset_jump_recursive(TranslationBlock *tb);
1426
1427static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1428{
1429 TranslationBlock *tb1, *tb_next, **ptb;
1430 unsigned int n1;
1431
1432 tb1 = tb->jmp_next[n];
1433 if (tb1 != NULL) {
1434 /* find head of list */
1435 for(;;) {
8efe0ca8
SW		 1436 n1 = (uintptr_t)tb1 & 3;
1437 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1438 if (n1 == 2)
1439 break;
1440 tb1 = tb1->jmp_next[n1];
1441 }
1442 /* we are now sure now that tb jumps to tb1 */
1443 tb_next = tb1;
1444
1445 /* remove tb from the jmp_first list */
1446 ptb = &tb_next->jmp_first;
1447 for(;;) {
1448 tb1 = *ptb;
8efe0ca8
SW		 1449 n1 = (uintptr_t)tb1 & 3;
1450 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1451 if (n1 == n && tb1 == tb)
1452 break;
1453 ptb = &tb1->jmp_next[n1];
1454 }
1455 *ptb = tb->jmp_next[n];
1456 tb->jmp_next[n] = NULL;
3b46e624 1457
ea041c0e
FB		 1458 /* suppress the jump to next tb in generated code */
1459 tb_reset_jump(tb, n);
1460
0124311e 1461 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1462 tb_reset_jump_recursive(tb_next);
1463 }
1464}
1465
1466static void tb_reset_jump_recursive(TranslationBlock *tb)
1467{
1468 tb_reset_jump_recursive2(tb, 0);
1469 tb_reset_jump_recursive2(tb, 1);
1470}
1471
1fddef4b 1472#if defined(TARGET_HAS_ICE)
94df27fd 1473#if defined(CONFIG_USER_ONLY)
9349b4f9 1474static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1475{
1476 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1477}
1478#else
a8170e5e 1479void tb_invalidate_phys_addr(hwaddr addr)
d720b93d 1480{
c227f099 1481 ram_addr_t ram_addr;
f3705d53 1482 MemoryRegionSection *section;
d720b93d 1483
ac1970fb 1484 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1485 if (!(memory_region_is_ram(section->mr)
1486 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1487 return;
1488 }
f3705d53 1489 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1490 + memory_region_section_addr(section, addr);
706cd4b5 1491 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1492}
1e7855a5
MF		 1493
1494static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1495{
9d70c4b7
MF		 1496 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1497 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1498}
c27004ec 1499#endif
94df27fd 1500#endif /* TARGET_HAS_ICE */
d720b93d 1501
c527ee8f 1502#if defined(CONFIG_USER_ONLY)
9349b4f9 1503void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1504
1505{
1506}
1507
9349b4f9 1508int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1509 int flags, CPUWatchpoint **watchpoint)
1510{
1511 return -ENOSYS;
1512}
1513#else
6658ffb8 1514/* Add a watchpoint. */
9349b4f9 1515int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1516 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1517{
b4051334 1518 target_ulong len_mask = ~(len - 1);
c0ce998e 1519 CPUWatchpoint *wp;
6658ffb8 1520
b4051334 1521 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1522 if ((len & (len - 1)) || (addr & ~len_mask) ||
1523 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1524 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1525 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1526 return -EINVAL;
1527 }
7267c094 1528 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1529
1530 wp->vaddr = addr;
b4051334 1531 wp->len_mask = len_mask;
a1d1bb31
AL		 1532 wp->flags = flags;
1533
2dc9f411 1534 /* keep all GDB-injected watchpoints in front */
c0ce998e 1535 if (flags & BP_GDB)
72cf2d4f 1536 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1537 else
72cf2d4f 1538 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1539
6658ffb8 1540 tlb_flush_page(env, addr);
a1d1bb31
AL		 1541
1542 if (watchpoint)
1543 *watchpoint = wp;
1544 return 0;
6658ffb8
PB		 1545}
1546
a1d1bb31 1547/* Remove a specific watchpoint. */
9349b4f9 1548int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1549 int flags)
6658ffb8 1550{
b4051334 1551 target_ulong len_mask = ~(len - 1);
a1d1bb31 1552 CPUWatchpoint *wp;
6658ffb8 1553
72cf2d4f 1554 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1555 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1556 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1557 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1558 return 0;
1559 }
1560 }
a1d1bb31 1561 return -ENOENT;
6658ffb8
PB		 1562}
1563
a1d1bb31 1564/* Remove a specific watchpoint by reference. */
9349b4f9 1565void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1566{
72cf2d4f 1567 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1568
a1d1bb31
AL		 1569 tlb_flush_page(env, watchpoint->vaddr);
1570
7267c094 1571 g_free(watchpoint);
a1d1bb31
AL		 1572}
1573
1574/* Remove all matching watchpoints. */
9349b4f9 1575void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1576{
c0ce998e 1577 CPUWatchpoint *wp, *next;
a1d1bb31 1578
72cf2d4f 1579 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1580 if (wp->flags & mask)
1581 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1582 }
7d03f82f 1583}
c527ee8f 1584#endif
7d03f82f 1585
a1d1bb31 1586/* Add a breakpoint. */
9349b4f9 1587int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1588 CPUBreakpoint **breakpoint)
4c3a88a2 1589{
1fddef4b 1590#if defined(TARGET_HAS_ICE)
c0ce998e 1591 CPUBreakpoint *bp;
3b46e624 1592
7267c094 1593 bp = g_malloc(sizeof(*bp));
4c3a88a2 1594
a1d1bb31
AL		 1595 bp->pc = pc;
1596 bp->flags = flags;
1597
2dc9f411 1598 /* keep all GDB-injected breakpoints in front */
c0ce998e 1599 if (flags & BP_GDB)
72cf2d4f 1600 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1601 else
72cf2d4f 1602 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1603
d720b93d 1604 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1605
1606 if (breakpoint)
1607 *breakpoint = bp;
4c3a88a2
FB		 1608 return 0;
1609#else
a1d1bb31 1610 return -ENOSYS;
4c3a88a2
FB		 1611#endif
1612}
1613
a1d1bb31 1614/* Remove a specific breakpoint. */
9349b4f9 1615int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1616{
7d03f82f 1617#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1618 CPUBreakpoint *bp;
1619
72cf2d4f 1620 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1621 if (bp->pc == pc && bp->flags == flags) {
1622 cpu_breakpoint_remove_by_ref(env, bp);
1623 return 0;
1624 }
7d03f82f 1625 }
a1d1bb31
AL		 1626 return -ENOENT;
1627#else
1628 return -ENOSYS;
7d03f82f
EI		 1629#endif
1630}
1631
a1d1bb31 1632/* Remove a specific breakpoint by reference. */
9349b4f9 1633void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1634{
1fddef4b 1635#if defined(TARGET_HAS_ICE)
72cf2d4f 1636 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1637
a1d1bb31
AL		 1638 breakpoint_invalidate(env, breakpoint->pc);
1639
7267c094 1640 g_free(breakpoint);
a1d1bb31
AL		 1641#endif
1642}
1643
1644/* Remove all matching breakpoints. */
9349b4f9 1645void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1646{
1647#if defined(TARGET_HAS_ICE)
c0ce998e 1648 CPUBreakpoint *bp, *next;
a1d1bb31 1649
72cf2d4f 1650 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1651 if (bp->flags & mask)
1652 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1653 }
4c3a88a2
FB		 1654#endif
1655}
1656
c33a346e
FB		 1657/* enable or disable single step mode. EXCP_DEBUG is returned by the
1658 CPU loop after each instruction */
9349b4f9 1659void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1660{
1fddef4b 1661#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1662 if (env->singlestep_enabled != enabled) {
1663 env->singlestep_enabled = enabled;
e22a25c9
AL		 1664 if (kvm_enabled())
1665 kvm_update_guest_debug(env, 0);
1666 else {
ccbb4d44 1667 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1668 /* XXX: only flush what is necessary */
1669 tb_flush(env);
1670 }
c33a346e
FB		 1671 }
1672#endif
1673}
1674
9349b4f9 1675static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1676{
3098dba0
AJ		 1677 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1678 problem and hope the cpu will stop of its own accord. For userspace
1679 emulation this often isn't actually as bad as it sounds. Often
1680 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1681 TranslationBlock *tb;
c227f099 1682 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1683
cab1b4bd 1684 spin_lock(&interrupt_lock);
3098dba0
AJ		 1685 tb = env->current_tb;
1686 /* if the cpu is currently executing code, we must unlink it and
1687 all the potentially executing TB */
f76cfe56 1688 if (tb) {
3098dba0
AJ		 1689 env->current_tb = NULL;
1690 tb_reset_jump_recursive(tb);
be214e6c 1691 }
cab1b4bd 1692 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1693}
1694
97ffbd8d 1695#ifndef CONFIG_USER_ONLY
3098dba0 1696/* mask must never be zero, except for A20 change call */
9349b4f9 1697static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0 1698{
60e82579 1699 CPUState *cpu = ENV_GET_CPU(env);
3098dba0 1700 int old_mask;
be214e6c 1701
2e70f6ef 1702 old_mask = env->interrupt_request;
68a79315 1703 env->interrupt_request |= mask;
3098dba0 1704
8edac960
AL		 1705 /*
1706 * If called from iothread context, wake the target cpu in
1707 * case its halted.
1708 */
60e82579 1709 if (!qemu_cpu_is_self(cpu)) {
c08d7424 1710 qemu_cpu_kick(cpu);
8edac960
AL		 1711 return;
1712 }
8edac960 1713
2e70f6ef 1714 if (use_icount) {
266910c4 1715 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1716 if (!can_do_io(env)
be214e6c 1717 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1718 cpu_abort(env, "Raised interrupt while not in I/O function");
1719 }
2e70f6ef 1720 } else {
3098dba0 1721 cpu_unlink_tb(env);
ea041c0e
FB		 1722 }
1723}
1724
ec6959d0
JK		 1725CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1726
97ffbd8d
JK		 1727#else /* CONFIG_USER_ONLY */
1728
9349b4f9 1729void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1730{
1731 env->interrupt_request |= mask;
1732 cpu_unlink_tb(env);
1733}
1734#endif /* CONFIG_USER_ONLY */
1735
9349b4f9 1736void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1737{
1738 env->interrupt_request &= ~mask;
1739}
1740
9349b4f9 1741void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1742{
1743 env->exit_request = 1;
1744 cpu_unlink_tb(env);
1745}
1746
9349b4f9 1747void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1748{
1749 va_list ap;
493ae1f0 1750 va_list ap2;
7501267e
FB		 1751
1752 va_start(ap, fmt);
493ae1f0 1753 va_copy(ap2, ap);
7501267e
FB		 1754 fprintf(stderr, "qemu: fatal: ");
1755 vfprintf(stderr, fmt, ap);
1756 fprintf(stderr, "\n");
6fd2a026 1757 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1758 if (qemu_log_enabled()) {
1759 qemu_log("qemu: fatal: ");
1760 qemu_log_vprintf(fmt, ap2);
1761 qemu_log("\n");
6fd2a026 1762 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1763 qemu_log_flush();
93fcfe39 1764 qemu_log_close();
924edcae 1765 }
493ae1f0 1766 va_end(ap2);
f9373291 1767 va_end(ap);
fd052bf6
RV		 1768#if defined(CONFIG_USER_ONLY)
1769 {
1770 struct sigaction act;
1771 sigfillset(&act.sa_mask);
1772 act.sa_handler = SIG_DFL;
1773 sigaction(SIGABRT, &act, NULL);
1774 }
1775#endif
7501267e
FB		 1776 abort();
1777}
1778
9349b4f9 1779CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1780{
9349b4f9
AF		 1781 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1782 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1783 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1784#if defined(TARGET_HAS_ICE)
1785 CPUBreakpoint *bp;
1786 CPUWatchpoint *wp;
1787#endif
1788
9349b4f9 1789 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1790
1791 /* Preserve chaining and index. */
c5be9f08
TS		 1792 new_env->next_cpu = next_cpu;
1793 new_env->cpu_index = cpu_index;
5a38f081
AL		 1794
1795 /* Clone all break/watchpoints.
1796 Note: Once we support ptrace with hw-debug register access, make sure
1797 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1798 QTAILQ_INIT(&env->breakpoints);
1799 QTAILQ_INIT(&env->watchpoints);
5a38f081 1800#if defined(TARGET_HAS_ICE)
72cf2d4f 1801 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1802 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1803 }
72cf2d4f 1804 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1805 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1806 wp->flags, NULL);
1807 }
1808#endif
1809
c5be9f08
TS		 1810 return new_env;
1811}
1812
0124311e 1813#if !defined(CONFIG_USER_ONLY)
0cac1b66 1814void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1815{
1816 unsigned int i;
1817
1818 /* Discard jump cache entries for any tb which might potentially
1819 overlap the flushed page. */
1820 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1821 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1822 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1823
1824 i = tb_jmp_cache_hash_page(addr);
1825 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1826 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1827}
1828
d24981d3
JQ		 1829static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1830 uintptr_t length)
1831{
1832 uintptr_t start1;
1833
1834 /* we modify the TLB cache so that the dirty bit will be set again
1835 when accessing the range */
1836 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1837 /* Check that we don't span multiple blocks - this breaks the
1838 address comparisons below. */
1839 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1840 != (end - 1) - start) {
1841 abort();
1842 }
1843 cpu_tlb_reset_dirty_all(start1, length);
1844
1845}
1846
5579c7f3 1847/* Note: start and end must be within the same ram block. */
c227f099 1848void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1849 int dirty_flags)
1ccde1cb 1850{
d24981d3 1851 uintptr_t length;
1ccde1cb
FB		 1852
1853 start &= TARGET_PAGE_MASK;
1854 end = TARGET_PAGE_ALIGN(end);
1855
1856 length = end - start;
1857 if (length == 0)
1858 return;
f7c11b53 1859 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1860
d24981d3
JQ		 1861 if (tcg_enabled()) {
1862 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1863 }
1ccde1cb
FB		 1864}
1865
74576198
AL		 1866int cpu_physical_memory_set_dirty_tracking(int enable)
1867{
f6f3fbca 1868 int ret = 0;
74576198 1869 in_migration = enable;
f6f3fbca 1870 return ret;
74576198
AL		 1871}
1872
a8170e5e 1873hwaddr memory_region_section_get_iotlb(CPUArchState *env,
e5548617
BS		 1874 MemoryRegionSection *section,
1875 target_ulong vaddr,
a8170e5e 1876 hwaddr paddr,
e5548617
BS		 1877 int prot,
1878 target_ulong *address)
1879{
a8170e5e 1880 hwaddr iotlb;
e5548617
BS		 1881 CPUWatchpoint *wp;
1882
cc5bea60 1883 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1884 /* Normal RAM. */
1885 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1886 + memory_region_section_addr(section, paddr);
e5548617
BS		 1887 if (!section->readonly) {
1888 iotlb |= phys_section_notdirty;
1889 } else {
1890 iotlb |= phys_section_rom;
1891 }
1892 } else {
1893 /* IO handlers are currently passed a physical address.
1894 It would be nice to pass an offset from the base address
1895 of that region. This would avoid having to special case RAM,
1896 and avoid full address decoding in every device.
1897 We can't use the high bits of pd for this because
1898 IO_MEM_ROMD uses these as a ram address. */
1899 iotlb = section - phys_sections;
cc5bea60 1900 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1901 }
1902
1903 /* Make accesses to pages with watchpoints go via the
1904 watchpoint trap routines. */
1905 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1906 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1907 /* Avoid trapping reads of pages with a write breakpoint. */
1908 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1909 iotlb = phys_section_watch + paddr;
1910 *address |= TLB_MMIO;
1911 break;
1912 }
1913 }
1914 }
1915
1916 return iotlb;
1917}
1918
0124311e 1919#else
edf8e2af
MW		 1920/*
1921 * Walks guest process memory "regions" one by one
1922 * and calls callback function 'fn' for each region.
1923 */
5cd2c5b6
RH		 1924
1925struct walk_memory_regions_data
1926{
1927 walk_memory_regions_fn fn;
1928 void *priv;
8efe0ca8 1929 uintptr_t start;
5cd2c5b6
RH		 1930 int prot;
1931};
1932
1933static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1934 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1935{
1936 if (data->start != -1ul) {
1937 int rc = data->fn(data->priv, data->start, end, data->prot);
1938 if (rc != 0) {
1939 return rc;
1940 }
1941 }
1942
1943 data->start = (new_prot ? end : -1ul);
1944 data->prot = new_prot;
1945
1946 return 0;
1947}
1948
1949static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1950 abi_ulong base, int level, void **lp)
5cd2c5b6 1951{
b480d9b7 1952 abi_ulong pa;
5cd2c5b6
RH		 1953 int i, rc;
1954
1955 if (*lp == NULL) {
1956 return walk_memory_regions_end(data, base, 0);
1957 }
1958
1959 if (level == 0) {
1960 PageDesc *pd = *lp;
7296abac 1961 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1962 int prot = pd[i].flags;
1963
1964 pa = base | (i << TARGET_PAGE_BITS);
1965 if (prot != data->prot) {
1966 rc = walk_memory_regions_end(data, pa, prot);
1967 if (rc != 0) {
1968 return rc;
9fa3e853 1969 }
9fa3e853 1970 }
5cd2c5b6
RH		 1971 }
1972 } else {
1973 void **pp = *lp;
7296abac 1974 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1975 pa = base | ((abi_ulong)i <<
1976 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1977 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1978 if (rc != 0) {
1979 return rc;
1980 }
1981 }
1982 }
1983
1984 return 0;
1985}
1986
1987int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1988{
1989 struct walk_memory_regions_data data;
8efe0ca8 1990 uintptr_t i;
5cd2c5b6
RH		 1991
1992 data.fn = fn;
1993 data.priv = priv;
1994 data.start = -1ul;
1995 data.prot = 0;
1996
1997 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1998 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1999 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2000 if (rc != 0) {
2001 return rc;
9fa3e853 2002 }
33417e70 2003 }
5cd2c5b6
RH		 2004
2005 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2006}
2007
b480d9b7
PB		 2008static int dump_region(void *priv, abi_ulong start,
2009 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2010{
2011 FILE *f = (FILE *)priv;
2012
b480d9b7
PB		 2013 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2014 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2015 start, end, end - start,
2016 ((prot & PAGE_READ) ? 'r' : '-'),
2017 ((prot & PAGE_WRITE) ? 'w' : '-'),
2018 ((prot & PAGE_EXEC) ? 'x' : '-'));
2019
2020 return (0);
2021}
2022
2023/* dump memory mappings */
2024void page_dump(FILE *f)
2025{
2026 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2027 "start", "end", "size", "prot");
2028 walk_memory_regions(f, dump_region);
33417e70
FB		 2029}
2030
53a5960a 2031int page_get_flags(target_ulong address)
33417e70 2032{
9fa3e853
FB		 2033 PageDesc *p;
2034
2035 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2036 if (!p)
9fa3e853
FB		 2037 return 0;
2038 return p->flags;
2039}
2040
376a7909
RH		 2041/* Modify the flags of a page and invalidate the code if necessary.
2042 The flag PAGE_WRITE_ORG is positioned automatically depending
2043 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2044void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2045{
376a7909
RH		 2046 target_ulong addr, len;
2047
2048 /* This function should never be called with addresses outside the
2049 guest address space. If this assert fires, it probably indicates
2050 a missing call to h2g_valid. */
b480d9b7
PB		 2051#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2052 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2053#endif
2054 assert(start < end);
9fa3e853
FB		 2055
2056 start = start & TARGET_PAGE_MASK;
2057 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2058
2059 if (flags & PAGE_WRITE) {
9fa3e853 2060 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2061 }
2062
2063 for (addr = start, len = end - start;
2064 len != 0;
2065 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2066 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2067
2068 /* If the write protection bit is set, then we invalidate
2069 the code inside. */
5fafdf24 2070 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2071 (flags & PAGE_WRITE) &&
2072 p->first_tb) {
d720b93d 2073 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2074 }
2075 p->flags = flags;
2076 }
33417e70
FB		 2077}
2078
3d97b40b
TS		 2079int page_check_range(target_ulong start, target_ulong len, int flags)
2080{
2081 PageDesc *p;
2082 target_ulong end;
2083 target_ulong addr;
2084
376a7909
RH		 2085 /* This function should never be called with addresses outside the
2086 guest address space. If this assert fires, it probably indicates
2087 a missing call to h2g_valid. */
338e9e6c
BS		 2088#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2089 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2090#endif
2091
3e0650a9
RH		 2092 if (len == 0) {
2093 return 0;
2094 }
376a7909
RH		 2095 if (start + len - 1 < start) {
2096 /* We've wrapped around. */
55f280c9 2097 return -1;
376a7909 2098 }
55f280c9 2099
3d97b40b
TS		 2100 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2101 start = start & TARGET_PAGE_MASK;
2102
376a7909
RH		 2103 for (addr = start, len = end - start;
2104 len != 0;
2105 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2106 p = page_find(addr >> TARGET_PAGE_BITS);
2107 if( !p )
2108 return -1;
2109 if( !(p->flags & PAGE_VALID) )
2110 return -1;
2111
dae3270c 2112 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2113 return -1;
dae3270c
FB		 2114 if (flags & PAGE_WRITE) {
2115 if (!(p->flags & PAGE_WRITE_ORG))
2116 return -1;
2117 /* unprotect the page if it was put read-only because it
2118 contains translated code */
2119 if (!(p->flags & PAGE_WRITE)) {
2120 if (!page_unprotect(addr, 0, NULL))
2121 return -1;
2122 }
2123 return 0;
2124 }
3d97b40b
TS		 2125 }
2126 return 0;
2127}
2128
9fa3e853 2129/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2130 page. Return TRUE if the fault was successfully handled. */
6375e09e 2131int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2132{
45d679d6
AJ		 2133 unsigned int prot;
2134 PageDesc *p;
53a5960a 2135 target_ulong host_start, host_end, addr;
9fa3e853 2136
c8a706fe
PB		 2137 /* Technically this isn't safe inside a signal handler. However we
2138 know this only ever happens in a synchronous SEGV handler, so in
2139 practice it seems to be ok. */
2140 mmap_lock();
2141
45d679d6
AJ		 2142 p = page_find(address >> TARGET_PAGE_BITS);
2143 if (!p) {
c8a706fe 2144 mmap_unlock();
9fa3e853 2145 return 0;
c8a706fe 2146 }
45d679d6 2147
9fa3e853
FB		 2148 /* if the page was really writable, then we change its
2149 protection back to writable */
45d679d6
AJ		 2150 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2151 host_start = address & qemu_host_page_mask;
2152 host_end = host_start + qemu_host_page_size;
2153
2154 prot = 0;
2155 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2156 p = page_find(addr >> TARGET_PAGE_BITS);
2157 p->flags |= PAGE_WRITE;
2158 prot |= p->flags;
2159
9fa3e853
FB		 2160 /* and since the content will be modified, we must invalidate
2161 the corresponding translated code. */
45d679d6 2162 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2163#ifdef DEBUG_TB_CHECK
45d679d6 2164 tb_invalidate_check(addr);
9fa3e853 2165#endif
9fa3e853 2166 }
45d679d6
AJ		 2167 mprotect((void *)g2h(host_start), qemu_host_page_size,
2168 prot & PAGE_BITS);
2169
2170 mmap_unlock();
2171 return 1;
9fa3e853 2172 }
c8a706fe 2173 mmap_unlock();
9fa3e853
FB		 2174 return 0;
2175}
9fa3e853
FB		 2176#endif /* defined(CONFIG_USER_ONLY) */
2177
e2eef170 2178#if !defined(CONFIG_USER_ONLY)
8da3ff18 2179
c04b2b78
PB		 2180#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2181typedef struct subpage_t {
70c68e44 2182 MemoryRegion iomem;
a8170e5e 2183 hwaddr base;
5312bd8b 2184 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2185} subpage_t;
2186
c227f099 2187static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2188 uint16_t section);
a8170e5e 2189static subpage_t *subpage_init(hwaddr base);
5312bd8b 2190static void destroy_page_desc(uint16_t section_index)
54688b1e 2191{
5312bd8b
AK		 2192 MemoryRegionSection *section = &phys_sections[section_index];
2193 MemoryRegion *mr = section->mr;
54688b1e
AK		 2194
2195 if (mr->subpage) {
2196 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2197 memory_region_destroy(&subpage->iomem);
2198 g_free(subpage);
2199 }
2200}
2201
4346ae3e 2202static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2203{
2204 unsigned i;
d6f2ea22 2205 PhysPageEntry *p;
54688b1e 2206
c19e8800 2207 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2208 return;
2209 }
2210
c19e8800 2211 p = phys_map_nodes[lp->ptr];
4346ae3e 2212 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2213 if (!p[i].is_leaf) {
54688b1e 2214 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2215 } else {
c19e8800 2216 destroy_page_desc(p[i].ptr);
54688b1e 2217 }
54688b1e 2218 }
07f07b31 2219 lp->is_leaf = 0;
c19e8800 2220 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2221}
2222
ac1970fb 2223static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 2224{
ac1970fb 2225 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 2226 phys_map_nodes_reset();
54688b1e
AK		 2227}
2228
5312bd8b
AK		 2229static uint16_t phys_section_add(MemoryRegionSection *section)
2230{
2231 if (phys_sections_nb == phys_sections_nb_alloc) {
2232 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2233 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2234 phys_sections_nb_alloc);
2235 }
2236 phys_sections[phys_sections_nb] = *section;
2237 return phys_sections_nb++;
2238}
2239
2240static void phys_sections_clear(void)
2241{
2242 phys_sections_nb = 0;
2243}
2244
ac1970fb 2245static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 2246{
2247 subpage_t *subpage;
a8170e5e 2248 hwaddr base = section->offset_within_address_space
0f0cb164 2249 & TARGET_PAGE_MASK;
ac1970fb 2250 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2251 MemoryRegionSection subsection = {
2252 .offset_within_address_space = base,
2253 .size = TARGET_PAGE_SIZE,
2254 };
a8170e5e 2255 hwaddr start, end;
0f0cb164 2256
f3705d53 2257 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2258
f3705d53 2259 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2260 subpage = subpage_init(base);
2261 subsection.mr = &subpage->iomem;
ac1970fb 2262 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 2263 phys_section_add(&subsection));
0f0cb164 2264 } else {
f3705d53 2265 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2266 }
2267 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2268 end = start + section->size - 1;
0f0cb164
AK		 2269 subpage_register(subpage, start, end, phys_section_add(section));
2270}
2271
2272
ac1970fb 2273static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 2274{
a8170e5e 2275 hwaddr start_addr = section->offset_within_address_space;
dd81124b 2276 ram_addr_t size = section->size;
a8170e5e 2277 hwaddr addr;
5312bd8b 2278 uint16_t section_index = phys_section_add(section);
dd81124b 2279
3b8e6a2d 2280 assert(size);
f6f3fbca 2281
3b8e6a2d 2282 addr = start_addr;
ac1970fb 2283 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 2284 section_index);
33417e70
FB		 2285}
2286
ac1970fb 2287static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 2288{
ac1970fb 2289 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
0f0cb164
AK		 2290 MemoryRegionSection now = *section, remain = *section;
2291
2292 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2293 || (now.size < TARGET_PAGE_SIZE)) {
2294 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2295 - now.offset_within_address_space,
2296 now.size);
ac1970fb 2297 register_subpage(d, &now);
0f0cb164
AK		 2298 remain.size -= now.size;
2299 remain.offset_within_address_space += now.size;
2300 remain.offset_within_region += now.size;
2301 }
69b67646
TH		 2302 while (remain.size >= TARGET_PAGE_SIZE) {
2303 now = remain;
2304 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2305 now.size = TARGET_PAGE_SIZE;
ac1970fb 2306 register_subpage(d, &now);
69b67646
TH		 2307 } else {
2308 now.size &= TARGET_PAGE_MASK;
ac1970fb 2309 register_multipage(d, &now);
69b67646 2310 }
0f0cb164
AK		 2311 remain.size -= now.size;
2312 remain.offset_within_address_space += now.size;
2313 remain.offset_within_region += now.size;
2314 }
2315 now = remain;
2316 if (now.size) {
ac1970fb 2317 register_subpage(d, &now);
0f0cb164
AK		 2318 }
2319}
2320
62a2744c
SY		 2321void qemu_flush_coalesced_mmio_buffer(void)
2322{
2323 if (kvm_enabled())
2324 kvm_flush_coalesced_mmio_buffer();
2325}
2326
c902760f
MT		 2327#if defined(__linux__) && !defined(TARGET_S390X)
2328
2329#include <sys/vfs.h>
2330
2331#define HUGETLBFS_MAGIC 0x958458f6
2332
2333static long gethugepagesize(const char *path)
2334{
2335 struct statfs fs;
2336 int ret;
2337
2338 do {
9742bf26 2339 ret = statfs(path, &fs);
c902760f
MT		 2340 } while (ret != 0 && errno == EINTR);
2341
2342 if (ret != 0) {
9742bf26
YT		 2343 perror(path);
2344 return 0;
c902760f
MT		 2345 }
2346
2347 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2348 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2349
2350 return fs.f_bsize;
2351}
2352
04b16653
AW		 2353static void *file_ram_alloc(RAMBlock *block,
2354 ram_addr_t memory,
2355 const char *path)
c902760f
MT		 2356{
2357 char *filename;
2358 void *area;
2359 int fd;
2360#ifdef MAP_POPULATE
2361 int flags;
2362#endif
2363 unsigned long hpagesize;
2364
2365 hpagesize = gethugepagesize(path);
2366 if (!hpagesize) {
9742bf26 2367 return NULL;
c902760f
MT		 2368 }
2369
2370 if (memory < hpagesize) {
2371 return NULL;
2372 }
2373
2374 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2375 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2376 return NULL;
2377 }
2378
2379 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2380 return NULL;
c902760f
MT		 2381 }
2382
2383 fd = mkstemp(filename);
2384 if (fd < 0) {
9742bf26
YT		 2385 perror("unable to create backing store for hugepages");
2386 free(filename);
2387 return NULL;
c902760f
MT		 2388 }
2389 unlink(filename);
2390 free(filename);
2391
2392 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2393
2394 /*
2395 * ftruncate is not supported by hugetlbfs in older
2396 * hosts, so don't bother bailing out on errors.
2397 * If anything goes wrong with it under other filesystems,
2398 * mmap will fail.
2399 */
2400 if (ftruncate(fd, memory))
9742bf26 2401 perror("ftruncate");
c902760f
MT		 2402
2403#ifdef MAP_POPULATE
2404 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2405 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2406 * to sidestep this quirk.
2407 */
2408 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2409 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2410#else
2411 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2412#endif
2413 if (area == MAP_FAILED) {
9742bf26
YT		 2414 perror("file_ram_alloc: can't mmap RAM pages");
2415 close(fd);
2416 return (NULL);
c902760f 2417 }
04b16653 2418 block->fd = fd;
c902760f
MT		 2419 return area;
2420}
2421#endif
2422
d17b5288 2423static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2424{
2425 RAMBlock *block, *next_block;
3e837b2c 2426 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2427
2428 if (QLIST_EMPTY(&ram_list.blocks))
2429 return 0;
2430
2431 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2432 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2433
2434 end = block->offset + block->length;
2435
2436 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2437 if (next_block->offset >= end) {
2438 next = MIN(next, next_block->offset);
2439 }
2440 }
2441 if (next - end >= size && next - end < mingap) {
3e837b2c 2442 offset = end;
04b16653
AW		 2443 mingap = next - end;
2444 }
2445 }
3e837b2c
AW		 2446
2447 if (offset == RAM_ADDR_MAX) {
2448 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2449 (uint64_t)size);
2450 abort();
2451 }
2452
04b16653
AW		 2453 return offset;
2454}
2455
652d7ec2 2456ram_addr_t last_ram_offset(void)
d17b5288
AW		 2457{
2458 RAMBlock *block;
2459 ram_addr_t last = 0;
2460
2461 QLIST_FOREACH(block, &ram_list.blocks, next)
2462 last = MAX(last, block->offset + block->length);
2463
2464 return last;
2465}
2466
ddb97f1d
JB		 2467static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2468{
2469 int ret;
2470 QemuOpts *machine_opts;
2471
2472 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2473 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2474 if (machine_opts &&
2475 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2476 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2477 if (ret) {
2478 perror("qemu_madvise");
2479 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2480 "but dump_guest_core=off specified\n");
2481 }
2482 }
2483}
2484
c5705a77 2485void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2486{
2487 RAMBlock *new_block, *block;
2488
c5705a77
AK		 2489 new_block = NULL;
2490 QLIST_FOREACH(block, &ram_list.blocks, next) {
2491 if (block->offset == addr) {
2492 new_block = block;
2493 break;
2494 }
2495 }
2496 assert(new_block);
2497 assert(!new_block->idstr[0]);
84b89d78 2498
09e5ab63
AL		 2499 if (dev) {
2500 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2501 if (id) {
2502 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2503 g_free(id);
84b89d78
CM		 2504 }
2505 }
2506 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2507
2508 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2509 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2510 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2511 new_block->idstr);
2512 abort();
2513 }
2514 }
c5705a77
AK		 2515}
2516
8490fc78
LC		 2517static int memory_try_enable_merging(void *addr, size_t len)
2518{
2519 QemuOpts *opts;
2520
2521 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2522 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2523 /* disabled by the user */
2524 return 0;
2525 }
2526
2527 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2528}
2529
c5705a77
AK		 2530ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2531 MemoryRegion *mr)
2532{
2533 RAMBlock *new_block;
2534
2535 size = TARGET_PAGE_ALIGN(size);
2536 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2537
7c637366 2538 new_block->mr = mr;
432d268c 2539 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2540 if (host) {
2541 new_block->host = host;
cd19cfa2 2542 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2543 } else {
2544 if (mem_path) {
c902760f 2545#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2546 new_block->host = file_ram_alloc(new_block, size, mem_path);
2547 if (!new_block->host) {
2548 new_block->host = qemu_vmalloc(size);
8490fc78 2549 memory_try_enable_merging(new_block->host, size);
6977dfe6 2550 }
c902760f 2551#else
6977dfe6
YT		 2552 fprintf(stderr, "-mem-path option unsupported\n");
2553 exit(1);
c902760f 2554#endif
6977dfe6 2555 } else {
868bb33f 2556 if (xen_enabled()) {
fce537d4 2557 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2558 } else if (kvm_enabled()) {
2559 /* some s390/kvm configurations have special constraints */
2560 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2561 } else {
2562 new_block->host = qemu_vmalloc(size);
2563 }
8490fc78 2564 memory_try_enable_merging(new_block->host, size);
6977dfe6 2565 }
c902760f 2566 }
94a6b54f
PB		 2567 new_block->length = size;
2568
f471a17e 2569 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2570
7267c094 2571 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2572 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2573 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2574 0, size >> TARGET_PAGE_BITS);
1720aeee 2575 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2576
ddb97f1d 2577 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 2578 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 2579
6f0437e8
JK		 2580 if (kvm_enabled())
2581 kvm_setup_guest_memory(new_block->host, size);
2582
94a6b54f
PB		 2583 return new_block->offset;
2584}
e9a1ab19 2585
c5705a77 2586ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2587{
c5705a77 2588 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2589}
2590
1f2e98b6
AW		 2591void qemu_ram_free_from_ptr(ram_addr_t addr)
2592{
2593 RAMBlock *block;
2594
2595 QLIST_FOREACH(block, &ram_list.blocks, next) {
2596 if (addr == block->offset) {
2597 QLIST_REMOVE(block, next);
7267c094 2598 g_free(block);
1f2e98b6
AW		 2599 return;
2600 }
2601 }
2602}
2603
c227f099 2604void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2605{
04b16653
AW		 2606 RAMBlock *block;
2607
2608 QLIST_FOREACH(block, &ram_list.blocks, next) {
2609 if (addr == block->offset) {
2610 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2611 if (block->flags & RAM_PREALLOC_MASK) {
2612 ;
2613 } else if (mem_path) {
04b16653
AW		 2614#if defined (__linux__) && !defined(TARGET_S390X)
2615 if (block->fd) {
2616 munmap(block->host, block->length);
2617 close(block->fd);
2618 } else {
2619 qemu_vfree(block->host);
2620 }
fd28aa13
JK		 2621#else
2622 abort();
04b16653
AW		 2623#endif
2624 } else {
2625#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2626 munmap(block->host, block->length);
2627#else
868bb33f 2628 if (xen_enabled()) {
e41d7c69 2629 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2630 } else {
2631 qemu_vfree(block->host);
2632 }
04b16653
AW		 2633#endif
2634 }
7267c094 2635 g_free(block);
04b16653
AW		 2636 return;
2637 }
2638 }
2639
e9a1ab19
FB		 2640}
2641
cd19cfa2
HY		 2642#ifndef _WIN32
2643void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2644{
2645 RAMBlock *block;
2646 ram_addr_t offset;
2647 int flags;
2648 void *area, *vaddr;
2649
2650 QLIST_FOREACH(block, &ram_list.blocks, next) {
2651 offset = addr - block->offset;
2652 if (offset < block->length) {
2653 vaddr = block->host + offset;
2654 if (block->flags & RAM_PREALLOC_MASK) {
2655 ;
2656 } else {
2657 flags = MAP_FIXED;
2658 munmap(vaddr, length);
2659 if (mem_path) {
2660#if defined(__linux__) && !defined(TARGET_S390X)
2661 if (block->fd) {
2662#ifdef MAP_POPULATE
2663 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2664 MAP_PRIVATE;
2665#else
2666 flags |= MAP_PRIVATE;
2667#endif
2668 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2669 flags, block->fd, offset);
2670 } else {
2671 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2672 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2673 flags, -1, 0);
2674 }
fd28aa13
JK		 2675#else
2676 abort();
cd19cfa2
HY		 2677#endif
2678 } else {
2679#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2680 flags |= MAP_SHARED | MAP_ANONYMOUS;
2681 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2682 flags, -1, 0);
2683#else
2684 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2685 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2686 flags, -1, 0);
2687#endif
2688 }
2689 if (area != vaddr) {
f15fbc4b
AP		 2690 fprintf(stderr, "Could not remap addr: "
2691 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2692 length, addr);
2693 exit(1);
2694 }
8490fc78 2695 memory_try_enable_merging(vaddr, length);
ddb97f1d 2696 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2697 }
2698 return;
2699 }
2700 }
2701}
2702#endif /* !_WIN32 */
2703
dc828ca1 2704/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2705 With the exception of the softmmu code in this file, this should
2706 only be used for local memory (e.g. video ram) that the device owns,
2707 and knows it isn't going to access beyond the end of the block.
2708
2709 It should not be used for general purpose DMA.
2710 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2711 */
c227f099 2712void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2713{
94a6b54f
PB		 2714 RAMBlock *block;
2715
f471a17e
AW		 2716 QLIST_FOREACH(block, &ram_list.blocks, next) {
2717 if (addr - block->offset < block->length) {
7d82af38
VP		 2718 /* Move this entry to to start of the list. */
2719 if (block != QLIST_FIRST(&ram_list.blocks)) {
2720 QLIST_REMOVE(block, next);
2721 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2722 }
868bb33f 2723 if (xen_enabled()) {
432d268c
JN		 2724 /* We need to check if the requested address is in the RAM
2725 * because we don't want to map the entire memory in QEMU.
712c2b41 2726 * In that case just map until the end of the page.
432d268c
JN		 2727 */
2728 if (block->offset == 0) {
e41d7c69 2729 return xen_map_cache(addr, 0, 0);
432d268c 2730 } else if (block->host == NULL) {
e41d7c69
JK		 2731 block->host =
2732 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2733 }
2734 }
f471a17e
AW		 2735 return block->host + (addr - block->offset);
2736 }
94a6b54f 2737 }
f471a17e
AW		 2738
2739 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2740 abort();
2741
2742 return NULL;
dc828ca1
PB		 2743}
2744
b2e0a138
MT		 2745/* Return a host pointer to ram allocated with qemu_ram_alloc.
2746 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2747 */
2748void *qemu_safe_ram_ptr(ram_addr_t addr)
2749{
2750 RAMBlock *block;
2751
2752 QLIST_FOREACH(block, &ram_list.blocks, next) {
2753 if (addr - block->offset < block->length) {
868bb33f 2754 if (xen_enabled()) {
432d268c
JN		 2755 /* We need to check if the requested address is in the RAM
2756 * because we don't want to map the entire memory in QEMU.
712c2b41 2757 * In that case just map until the end of the page.
432d268c
JN		 2758 */
2759 if (block->offset == 0) {
e41d7c69 2760 return xen_map_cache(addr, 0, 0);
432d268c 2761 } else if (block->host == NULL) {
e41d7c69
JK		 2762 block->host =
2763 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2764 }
2765 }
b2e0a138
MT		 2766 return block->host + (addr - block->offset);
2767 }
2768 }
2769
2770 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2771 abort();
2772
2773 return NULL;
2774}
2775
38bee5dc
SS		 2776/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2777 * but takes a size argument */
8ab934f9 2778void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2779{
8ab934f9
SS		 2780 if (*size == 0) {
2781 return NULL;
2782 }
868bb33f 2783 if (xen_enabled()) {
e41d7c69 2784 return xen_map_cache(addr, *size, 1);
868bb33f 2785 } else {
38bee5dc
SS		 2786 RAMBlock *block;
2787
2788 QLIST_FOREACH(block, &ram_list.blocks, next) {
2789 if (addr - block->offset < block->length) {
2790 if (addr - block->offset + *size > block->length)
2791 *size = block->length - addr + block->offset;
2792 return block->host + (addr - block->offset);
2793 }
2794 }
2795
2796 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2797 abort();
38bee5dc
SS		 2798 }
2799}
2800
050a0ddf
AP		 2801void qemu_put_ram_ptr(void *addr)
2802{
2803 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2804}
2805
e890261f 2806int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2807{
94a6b54f
PB		 2808 RAMBlock *block;
2809 uint8_t *host = ptr;
2810
868bb33f 2811 if (xen_enabled()) {
e41d7c69 2812 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2813 return 0;
2814 }
2815
f471a17e 2816 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2817 /* This case append when the block is not mapped. */
2818 if (block->host == NULL) {
2819 continue;
2820 }
f471a17e 2821 if (host - block->host < block->length) {
e890261f
MT		 2822 *ram_addr = block->offset + (host - block->host);
2823 return 0;
f471a17e 2824 }
94a6b54f 2825 }
432d268c 2826
e890261f
MT		 2827 return -1;
2828}
f471a17e 2829
e890261f
MT		 2830/* Some of the softmmu routines need to translate from a host pointer
2831 (typically a TLB entry) back to a ram offset. */
2832ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2833{
2834 ram_addr_t ram_addr;
f471a17e 2835
e890261f
MT		 2836 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2837 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2838 abort();
2839 }
2840 return ram_addr;
5579c7f3
PB		 2841}
2842
a8170e5e 2843static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2844 unsigned size)
e18231a3
BS		 2845{
2846#ifdef DEBUG_UNASSIGNED
2847 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2848#endif
5b450407 2849#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2850 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2851#endif
2852 return 0;
2853}
2854
a8170e5e 2855static void unassigned_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2856 uint64_t val, unsigned size)
e18231a3
BS		 2857{
2858#ifdef DEBUG_UNASSIGNED
0e0df1e2 2859 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2860#endif
5b450407 2861#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2862 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2863#endif
33417e70
FB		 2864}
2865
0e0df1e2
AK		 2866static const MemoryRegionOps unassigned_mem_ops = {
2867 .read = unassigned_mem_read,
2868 .write = unassigned_mem_write,
2869 .endianness = DEVICE_NATIVE_ENDIAN,
2870};
e18231a3 2871
a8170e5e 2872static uint64_t error_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2873 unsigned size)
e18231a3 2874{
0e0df1e2 2875 abort();
e18231a3
BS		 2876}
2877
a8170e5e 2878static void error_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2879 uint64_t value, unsigned size)
e18231a3 2880{
0e0df1e2 2881 abort();
33417e70
FB		 2882}
2883
0e0df1e2
AK		 2884static const MemoryRegionOps error_mem_ops = {
2885 .read = error_mem_read,
2886 .write = error_mem_write,
2887 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2888};
2889
0e0df1e2
AK		 2890static const MemoryRegionOps rom_mem_ops = {
2891 .read = error_mem_read,
2892 .write = unassigned_mem_write,
2893 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2894};
2895
a8170e5e 2896static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2897 uint64_t val, unsigned size)
9fa3e853 2898{
3a7d929e 2899 int dirty_flags;
f7c11b53 2900 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2901 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2902#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2903 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2904 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2905#endif
3a7d929e 2906 }
0e0df1e2
AK		 2907 switch (size) {
2908 case 1:
2909 stb_p(qemu_get_ram_ptr(ram_addr), val);
2910 break;
2911 case 2:
2912 stw_p(qemu_get_ram_ptr(ram_addr), val);
2913 break;
2914 case 4:
2915 stl_p(qemu_get_ram_ptr(ram_addr), val);
2916 break;
2917 default:
2918 abort();
3a7d929e 2919 }
f23db169 2920 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2921 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2922 /* we remove the notdirty callback only if the code has been
2923 flushed */
2924 if (dirty_flags == 0xff)
2e70f6ef 2925 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2926}
2927
0e0df1e2
AK		 2928static const MemoryRegionOps notdirty_mem_ops = {
2929 .read = error_mem_read,
2930 .write = notdirty_mem_write,
2931 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2932};
2933
0f459d16 2934/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2935static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2936{
9349b4f9 2937 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2938 target_ulong pc, cs_base;
2939 TranslationBlock *tb;
0f459d16 2940 target_ulong vaddr;
a1d1bb31 2941 CPUWatchpoint *wp;
06d55cc1 2942 int cpu_flags;
0f459d16 2943
06d55cc1
AL		 2944 if (env->watchpoint_hit) {
2945 /* We re-entered the check after replacing the TB. Now raise
2946 * the debug interrupt so that is will trigger after the
2947 * current instruction. */
2948 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2949 return;
2950 }
2e70f6ef 2951 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2952 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2953 if ((vaddr == (wp->vaddr & len_mask) ||
2954 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2955 wp->flags |= BP_WATCHPOINT_HIT;
2956 if (!env->watchpoint_hit) {
2957 env->watchpoint_hit = wp;
2958 tb = tb_find_pc(env->mem_io_pc);
2959 if (!tb) {
2960 cpu_abort(env, "check_watchpoint: could not find TB for "
2961 "pc=%p", (void *)env->mem_io_pc);
2962 }
618ba8e6 2963 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2964 tb_phys_invalidate(tb, -1);
2965 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2966 env->exception_index = EXCP_DEBUG;
488d6577 2967 cpu_loop_exit(env);
6e140f28
AL		 2968 } else {
2969 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2970 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2971 cpu_resume_from_signal(env, NULL);
6e140f28 2972 }
06d55cc1 2973 }
6e140f28
AL		 2974 } else {
2975 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2976 }
2977 }
2978}
2979
6658ffb8
PB		 2980/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2981 so these check for a hit then pass through to the normal out-of-line
2982 phys routines. */
a8170e5e 2983static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 2984 unsigned size)
6658ffb8 2985{
1ec9b909
AK		 2986 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2987 switch (size) {
2988 case 1: return ldub_phys(addr);
2989 case 2: return lduw_phys(addr);
2990 case 4: return ldl_phys(addr);
2991 default: abort();
2992 }
6658ffb8
PB		 2993}
2994
a8170e5e 2995static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 2996 uint64_t val, unsigned size)
6658ffb8 2997{
1ec9b909
AK		 2998 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
2999 switch (size) {
67364150
MF		 3000 case 1:
3001 stb_phys(addr, val);
3002 break;
3003 case 2:
3004 stw_phys(addr, val);
3005 break;
3006 case 4:
3007 stl_phys(addr, val);
3008 break;
1ec9b909
AK		 3009 default: abort();
3010 }
6658ffb8
PB		 3011}
3012
1ec9b909
AK		 3013static const MemoryRegionOps watch_mem_ops = {
3014 .read = watch_mem_read,
3015 .write = watch_mem_write,
3016 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3017};
6658ffb8 3018
a8170e5e 3019static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 3020 unsigned len)
db7b5426 3021{
70c68e44 3022 subpage_t *mmio = opaque;
f6405247 3023 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3024 MemoryRegionSection *section;
db7b5426
BS		 3025#if defined(DEBUG_SUBPAGE)
3026 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3027 mmio, len, addr, idx);
3028#endif
db7b5426 3029
5312bd8b
AK		 3030 section = &phys_sections[mmio->sub_section[idx]];
3031 addr += mmio->base;
3032 addr -= section->offset_within_address_space;
3033 addr += section->offset_within_region;
37ec01d4 3034 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3035}
3036
a8170e5e 3037static void subpage_write(void *opaque, hwaddr addr,
70c68e44 3038 uint64_t value, unsigned len)
db7b5426 3039{
70c68e44 3040 subpage_t *mmio = opaque;
f6405247 3041 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3042 MemoryRegionSection *section;
db7b5426 3043#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3044 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3045 " idx %d value %"PRIx64"\n",
f6405247 3046 __func__, mmio, len, addr, idx, value);
db7b5426 3047#endif
f6405247 3048
5312bd8b
AK		 3049 section = &phys_sections[mmio->sub_section[idx]];
3050 addr += mmio->base;
3051 addr -= section->offset_within_address_space;
3052 addr += section->offset_within_region;
37ec01d4 3053 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3054}
3055
70c68e44
AK		 3056static const MemoryRegionOps subpage_ops = {
3057 .read = subpage_read,
3058 .write = subpage_write,
3059 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3060};
3061
a8170e5e 3062static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
de712f94 3063 unsigned size)
56384e8b
AF		 3064{
3065 ram_addr_t raddr = addr;
3066 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3067 switch (size) {
3068 case 1: return ldub_p(ptr);
3069 case 2: return lduw_p(ptr);
3070 case 4: return ldl_p(ptr);
3071 default: abort();
3072 }
56384e8b
AF		 3073}
3074
a8170e5e 3075static void subpage_ram_write(void *opaque, hwaddr addr,
de712f94 3076 uint64_t value, unsigned size)
56384e8b
AF		 3077{
3078 ram_addr_t raddr = addr;
3079 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3080 switch (size) {
3081 case 1: return stb_p(ptr, value);
3082 case 2: return stw_p(ptr, value);
3083 case 4: return stl_p(ptr, value);
3084 default: abort();
3085 }
56384e8b
AF		 3086}
3087
de712f94
AK		 3088static const MemoryRegionOps subpage_ram_ops = {
3089 .read = subpage_ram_read,
3090 .write = subpage_ram_write,
3091 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3092};
3093
c227f099 3094static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3095 uint16_t section)
db7b5426
BS		 3096{
3097 int idx, eidx;
3098
3099 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3100 return -1;
3101 idx = SUBPAGE_IDX(start);
3102 eidx = SUBPAGE_IDX(end);
3103#if defined(DEBUG_SUBPAGE)
0bf9e31a 3104 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3105 mmio, start, end, idx, eidx, memory);
3106#endif
5312bd8b
AK		 3107 if (memory_region_is_ram(phys_sections[section].mr)) {
3108 MemoryRegionSection new_section = phys_sections[section];
3109 new_section.mr = &io_mem_subpage_ram;
3110 section = phys_section_add(&new_section);
56384e8b 3111 }
db7b5426 3112 for (; idx <= eidx; idx++) {
5312bd8b 3113 mmio->sub_section[idx] = section;
db7b5426
BS		 3114 }
3115
3116 return 0;
3117}
3118
a8170e5e 3119static subpage_t *subpage_init(hwaddr base)
db7b5426 3120{
c227f099 3121 subpage_t *mmio;
db7b5426 3122
7267c094 3123 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3124
3125 mmio->base = base;
70c68e44
AK		 3126 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3127 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3128 mmio->iomem.subpage = true;
db7b5426 3129#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3130 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3131 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3132#endif
0f0cb164 3133 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3134
3135 return mmio;
3136}
3137
5312bd8b
AK		 3138static uint16_t dummy_section(MemoryRegion *mr)
3139{
3140 MemoryRegionSection section = {
3141 .mr = mr,
3142 .offset_within_address_space = 0,
3143 .offset_within_region = 0,
3144 .size = UINT64_MAX,
3145 };
3146
3147 return phys_section_add(&section);
3148}
3149
a8170e5e 3150MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 3151{
37ec01d4 3152 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3153}
3154
e9179ce1
AK		 3155static void io_mem_init(void)
3156{
0e0df1e2 3157 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3158 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3159 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3160 "unassigned", UINT64_MAX);
3161 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3162 "notdirty", UINT64_MAX);
de712f94
AK		 3163 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3164 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3165 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3166 "watch", UINT64_MAX);
e9179ce1
AK		 3167}
3168
ac1970fb
AK		 3169static void mem_begin(MemoryListener *listener)
3170{
3171 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3172
3173 destroy_all_mappings(d);
3174 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3175}
3176
50c1e149
AK		 3177static void core_begin(MemoryListener *listener)
3178{
5312bd8b
AK		 3179 phys_sections_clear();
3180 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3181 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3182 phys_section_rom = dummy_section(&io_mem_rom);
3183 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3184}
3185
1d71148e 3186static void tcg_commit(MemoryListener *listener)
50c1e149 3187{
9349b4f9 3188 CPUArchState *env;
117712c3
AK		 3189
3190 /* since each CPU stores ram addresses in its TLB cache, we must
3191 reset the modified entries */
3192 /* XXX: slow ! */
3193 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3194 tlb_flush(env, 1);
3195 }
50c1e149
AK		 3196}
3197
93632747
AK		 3198static void core_log_global_start(MemoryListener *listener)
3199{
3200 cpu_physical_memory_set_dirty_tracking(1);
3201}
3202
3203static void core_log_global_stop(MemoryListener *listener)
3204{
3205 cpu_physical_memory_set_dirty_tracking(0);
3206}
3207
4855d41a
AK		 3208static void io_region_add(MemoryListener *listener,
3209 MemoryRegionSection *section)
3210{
a2d33521
AK		 3211 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3212
3213 mrio->mr = section->mr;
3214 mrio->offset = section->offset_within_region;
3215 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3216 section->offset_within_address_space, section->size);
a2d33521 3217 ioport_register(&mrio->iorange);
4855d41a
AK		 3218}
3219
3220static void io_region_del(MemoryListener *listener,
3221 MemoryRegionSection *section)
3222{
3223 isa_unassign_ioport(section->offset_within_address_space, section->size);
3224}
3225
93632747 3226static MemoryListener core_memory_listener = {
50c1e149 3227 .begin = core_begin,
93632747
AK		 3228 .log_global_start = core_log_global_start,
3229 .log_global_stop = core_log_global_stop,
ac1970fb 3230 .priority = 1,
93632747
AK		 3231};
3232
4855d41a
AK		 3233static MemoryListener io_memory_listener = {
3234 .region_add = io_region_add,
3235 .region_del = io_region_del,
4855d41a
AK		 3236 .priority = 0,
3237};
3238
1d71148e
AK		 3239static MemoryListener tcg_memory_listener = {
3240 .commit = tcg_commit,
3241};
3242
ac1970fb
AK		 3243void address_space_init_dispatch(AddressSpace *as)
3244{
3245 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3246
3247 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3248 d->listener = (MemoryListener) {
3249 .begin = mem_begin,
3250 .region_add = mem_add,
3251 .region_nop = mem_add,
3252 .priority = 0,
3253 };
3254 as->dispatch = d;
3255 memory_listener_register(&d->listener, as);
3256}
3257
83f3c251
AK		 3258void address_space_destroy_dispatch(AddressSpace *as)
3259{
3260 AddressSpaceDispatch *d = as->dispatch;
3261
3262 memory_listener_unregister(&d->listener);
3263 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
3264 g_free(d);
3265 as->dispatch = NULL;
3266}
3267
62152b8a
AK		 3268static void memory_map_init(void)
3269{
7267c094 3270 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3271 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 3272 address_space_init(&address_space_memory, system_memory);
3273 address_space_memory.name = "memory";
309cb471 3274
7267c094 3275 system_io = g_malloc(sizeof(*system_io));
309cb471 3276 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 3277 address_space_init(&address_space_io, system_io);
3278 address_space_io.name = "I/O";
93632747 3279
f6790af6
AK		 3280 memory_listener_register(&core_memory_listener, &address_space_memory);
3281 memory_listener_register(&io_memory_listener, &address_space_io);
3282 memory_listener_register(&tcg_memory_listener, &address_space_memory);
62152b8a
AK		 3283}
3284
3285MemoryRegion *get_system_memory(void)
3286{
3287 return system_memory;
3288}
3289
309cb471
AK		 3290MemoryRegion *get_system_io(void)
3291{
3292 return system_io;
3293}
3294
e2eef170
PB		 3295#endif /* !defined(CONFIG_USER_ONLY) */
3296
13eb76e0
FB		 3297/* physical memory access (slow version, mainly for debug) */
3298#if defined(CONFIG_USER_ONLY)
9349b4f9 3299int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3300 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3301{
3302 int l, flags;
3303 target_ulong page;
53a5960a 3304 void * p;
13eb76e0
FB		 3305
3306 while (len > 0) {
3307 page = addr & TARGET_PAGE_MASK;
3308 l = (page + TARGET_PAGE_SIZE) - addr;
3309 if (l > len)
3310 l = len;
3311 flags = page_get_flags(page);
3312 if (!(flags & PAGE_VALID))
a68fe89c 3313 return -1;
13eb76e0
FB		 3314 if (is_write) {
3315 if (!(flags & PAGE_WRITE))
a68fe89c 3316 return -1;
579a97f7 3317 /* XXX: this code should not depend on lock_user */
72fb7daa 3318 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3319 return -1;
72fb7daa
AJ		 3320 memcpy(p, buf, l);
3321 unlock_user(p, addr, l);
13eb76e0
FB		 3322 } else {
3323 if (!(flags & PAGE_READ))
a68fe89c 3324 return -1;
579a97f7 3325 /* XXX: this code should not depend on lock_user */
72fb7daa 3326 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3327 return -1;
72fb7daa 3328 memcpy(buf, p, l);
5b257578 3329 unlock_user(p, addr, 0);
13eb76e0
FB		 3330 }
3331 len -= l;
3332 buf += l;
3333 addr += l;
3334 }
a68fe89c 3335 return 0;
13eb76e0 3336}
8df1cd07 3337
13eb76e0 3338#else
51d7a9eb 3339
a8170e5e
AK		 3340static void invalidate_and_set_dirty(hwaddr addr,
3341 hwaddr length)
51d7a9eb
AP		 3342{
3343 if (!cpu_physical_memory_is_dirty(addr)) {
3344 /* invalidate code */
3345 tb_invalidate_phys_page_range(addr, addr + length, 0);
3346 /* set dirty bit */
3347 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3348 }
e226939d 3349 xen_modified_memory(addr, length);
51d7a9eb
AP		 3350}
3351
a8170e5e 3352void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 3353 int len, bool is_write)
13eb76e0 3354{
ac1970fb 3355 AddressSpaceDispatch *d = as->dispatch;
37ec01d4 3356 int l;
13eb76e0
FB		 3357 uint8_t *ptr;
3358 uint32_t val;
a8170e5e 3359 hwaddr page;
f3705d53 3360 MemoryRegionSection *section;
3b46e624 3361
13eb76e0
FB		 3362 while (len > 0) {
3363 page = addr & TARGET_PAGE_MASK;
3364 l = (page + TARGET_PAGE_SIZE) - addr;
3365 if (l > len)
3366 l = len;
ac1970fb 3367 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3368
13eb76e0 3369 if (is_write) {
f3705d53 3370 if (!memory_region_is_ram(section->mr)) {
a8170e5e 3371 hwaddr addr1;
cc5bea60 3372 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3373 /* XXX: could force cpu_single_env to NULL to avoid
3374 potential bugs */
6c2934db 3375 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3376 /* 32 bit write access */
c27004ec 3377 val = ldl_p(buf);
37ec01d4 3378 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3379 l = 4;
6c2934db 3380 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3381 /* 16 bit write access */
c27004ec 3382 val = lduw_p(buf);
37ec01d4 3383 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3384 l = 2;
3385 } else {
1c213d19 3386 /* 8 bit write access */
c27004ec 3387 val = ldub_p(buf);
37ec01d4 3388 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3389 l = 1;
3390 }
f3705d53 3391 } else if (!section->readonly) {
8ca5692d 3392 ram_addr_t addr1;
f3705d53 3393 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3394 + memory_region_section_addr(section, addr);
13eb76e0 3395 /* RAM case */
5579c7f3 3396 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3397 memcpy(ptr, buf, l);
51d7a9eb 3398 invalidate_and_set_dirty(addr1, l);
050a0ddf 3399 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3400 }
3401 } else {
cc5bea60
BS		 3402 if (!(memory_region_is_ram(section->mr) ||
3403 memory_region_is_romd(section->mr))) {
a8170e5e 3404 hwaddr addr1;
13eb76e0 3405 /* I/O case */
cc5bea60 3406 addr1 = memory_region_section_addr(section, addr);
6c2934db 3407 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3408 /* 32 bit read access */
37ec01d4 3409 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3410 stl_p(buf, val);
13eb76e0 3411 l = 4;
6c2934db 3412 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3413 /* 16 bit read access */
37ec01d4 3414 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3415 stw_p(buf, val);
13eb76e0
FB		 3416 l = 2;
3417 } else {
1c213d19 3418 /* 8 bit read access */
37ec01d4 3419 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3420 stb_p(buf, val);
13eb76e0
FB		 3421 l = 1;
3422 }
3423 } else {
3424 /* RAM case */
0a1b357f 3425 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3426 + memory_region_section_addr(section,
3427 addr));
f3705d53 3428 memcpy(buf, ptr, l);
050a0ddf 3429 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3430 }
3431 }
3432 len -= l;
3433 buf += l;
3434 addr += l;
3435 }
3436}
8df1cd07 3437
a8170e5e 3438void address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 3439 const uint8_t *buf, int len)
3440{
3441 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3442}
3443
3444/**
3445 * address_space_read: read from an address space.
3446 *
3447 * @as: #AddressSpace to be accessed
3448 * @addr: address within that address space
3449 * @buf: buffer with the data transferred
3450 */
a8170e5e 3451void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb
AK		 3452{
3453 address_space_rw(as, addr, buf, len, false);
3454}
3455
3456
a8170e5e 3457void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 3458 int len, int is_write)
3459{
3460 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3461}
3462
d0ecd2aa 3463/* used for ROM loading : can write in RAM and ROM */
a8170e5e 3464void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 3465 const uint8_t *buf, int len)
3466{
ac1970fb 3467 AddressSpaceDispatch *d = address_space_memory.dispatch;
d0ecd2aa
FB		 3468 int l;
3469 uint8_t *ptr;
a8170e5e 3470 hwaddr page;
f3705d53 3471 MemoryRegionSection *section;
3b46e624 3472
d0ecd2aa
FB		 3473 while (len > 0) {
3474 page = addr & TARGET_PAGE_MASK;
3475 l = (page + TARGET_PAGE_SIZE) - addr;
3476 if (l > len)
3477 l = len;
ac1970fb 3478 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3479
cc5bea60
BS		 3480 if (!(memory_region_is_ram(section->mr) ||
3481 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3482 /* do nothing */
3483 } else {
3484 unsigned long addr1;
f3705d53 3485 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3486 + memory_region_section_addr(section, addr);
d0ecd2aa 3487 /* ROM/RAM case */
5579c7f3 3488 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3489 memcpy(ptr, buf, l);
51d7a9eb 3490 invalidate_and_set_dirty(addr1, l);
050a0ddf 3491 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3492 }
3493 len -= l;
3494 buf += l;
3495 addr += l;
3496 }
3497}
3498
6d16c2f8
AL		 3499typedef struct {
3500 void *buffer;
a8170e5e
AK		 3501 hwaddr addr;
3502 hwaddr len;
6d16c2f8
AL		 3503} BounceBuffer;
3504
3505static BounceBuffer bounce;
3506
ba223c29
AL		 3507typedef struct MapClient {
3508 void *opaque;
3509 void (*callback)(void *opaque);
72cf2d4f 3510 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3511} MapClient;
3512
72cf2d4f
BS		 3513static QLIST_HEAD(map_client_list, MapClient) map_client_list
3514 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3515
3516void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3517{
7267c094 3518 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3519
3520 client->opaque = opaque;
3521 client->callback = callback;
72cf2d4f 3522 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3523 return client;
3524}
3525
3526void cpu_unregister_map_client(void *_client)
3527{
3528 MapClient *client = (MapClient *)_client;
3529
72cf2d4f 3530 QLIST_REMOVE(client, link);
7267c094 3531 g_free(client);
ba223c29
AL		 3532}
3533
3534static void cpu_notify_map_clients(void)
3535{
3536 MapClient *client;
3537
72cf2d4f
BS		 3538 while (!QLIST_EMPTY(&map_client_list)) {
3539 client = QLIST_FIRST(&map_client_list);
ba223c29 3540 client->callback(client->opaque);
34d5e948 3541 cpu_unregister_map_client(client);
ba223c29
AL		 3542 }
3543}
3544
6d16c2f8
AL		 3545/* Map a physical memory region into a host virtual address.
3546 * May map a subset of the requested range, given by and returned in *plen.
3547 * May return NULL if resources needed to perform the mapping are exhausted.
3548 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3549 * Use cpu_register_map_client() to know when retrying the map operation is
3550 * likely to succeed.
6d16c2f8 3551 */
ac1970fb 3552void *address_space_map(AddressSpace *as,
a8170e5e
AK		 3553 hwaddr addr,
3554 hwaddr *plen,
ac1970fb 3555 bool is_write)
6d16c2f8 3556{
ac1970fb 3557 AddressSpaceDispatch *d = as->dispatch;
a8170e5e
AK		 3558 hwaddr len = *plen;
3559 hwaddr todo = 0;
6d16c2f8 3560 int l;
a8170e5e 3561 hwaddr page;
f3705d53 3562 MemoryRegionSection *section;
f15fbc4b 3563 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3564 ram_addr_t rlen;
3565 void *ret;
6d16c2f8
AL		 3566
3567 while (len > 0) {
3568 page = addr & TARGET_PAGE_MASK;
3569 l = (page + TARGET_PAGE_SIZE) - addr;
3570 if (l > len)
3571 l = len;
ac1970fb 3572 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
6d16c2f8 3573
f3705d53 3574 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3575 if (todo || bounce.buffer) {
6d16c2f8
AL		 3576 break;
3577 }
3578 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3579 bounce.addr = addr;
3580 bounce.len = l;
3581 if (!is_write) {
ac1970fb 3582 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 3583 }
38bee5dc
SS		 3584
3585 *plen = l;
3586 return bounce.buffer;
6d16c2f8 3587 }
8ab934f9 3588 if (!todo) {
f3705d53 3589 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3590 + memory_region_section_addr(section, addr);
8ab934f9 3591 }
6d16c2f8
AL		 3592
3593 len -= l;
3594 addr += l;
38bee5dc 3595 todo += l;
6d16c2f8 3596 }
8ab934f9
SS		 3597 rlen = todo;
3598 ret = qemu_ram_ptr_length(raddr, &rlen);
3599 *plen = rlen;
3600 return ret;
6d16c2f8
AL		 3601}
3602
ac1970fb 3603/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3604 * Will also mark the memory as dirty if is_write == 1. access_len gives
3605 * the amount of memory that was actually read or written by the caller.
3606 */
a8170e5e
AK		 3607void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3608 int is_write, hwaddr access_len)
6d16c2f8
AL		 3609{
3610 if (buffer != bounce.buffer) {
3611 if (is_write) {
e890261f 3612 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3613 while (access_len) {
3614 unsigned l;
3615 l = TARGET_PAGE_SIZE;
3616 if (l > access_len)
3617 l = access_len;
51d7a9eb 3618 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3619 addr1 += l;
3620 access_len -= l;
3621 }
3622 }
868bb33f 3623 if (xen_enabled()) {
e41d7c69 3624 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3625 }
6d16c2f8
AL		 3626 return;
3627 }
3628 if (is_write) {
ac1970fb 3629 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 3630 }
f8a83245 3631 qemu_vfree(bounce.buffer);
6d16c2f8 3632 bounce.buffer = NULL;
ba223c29 3633 cpu_notify_map_clients();
6d16c2f8 3634}
d0ecd2aa 3635
a8170e5e
AK		 3636void *cpu_physical_memory_map(hwaddr addr,
3637 hwaddr *plen,
ac1970fb
AK		 3638 int is_write)
3639{
3640 return address_space_map(&address_space_memory, addr, plen, is_write);
3641}
3642
a8170e5e
AK		 3643void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3644 int is_write, hwaddr access_len)
ac1970fb
AK		 3645{
3646 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3647}
3648
8df1cd07 3649/* warning: addr must be aligned */
a8170e5e 3650static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 3651 enum device_endian endian)
8df1cd07 3652{
8df1cd07
FB		 3653 uint8_t *ptr;
3654 uint32_t val;
f3705d53 3655 MemoryRegionSection *section;
8df1cd07 3656
ac1970fb 3657 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3658
cc5bea60
BS		 3659 if (!(memory_region_is_ram(section->mr) ||
3660 memory_region_is_romd(section->mr))) {
8df1cd07 3661 /* I/O case */
cc5bea60 3662 addr = memory_region_section_addr(section, addr);
37ec01d4 3663 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3664#if defined(TARGET_WORDS_BIGENDIAN)
3665 if (endian == DEVICE_LITTLE_ENDIAN) {
3666 val = bswap32(val);
3667 }
3668#else
3669 if (endian == DEVICE_BIG_ENDIAN) {
3670 val = bswap32(val);
3671 }
3672#endif
8df1cd07
FB		 3673 } else {
3674 /* RAM case */
f3705d53 3675 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3676 & TARGET_PAGE_MASK)
cc5bea60 3677 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3678 switch (endian) {
3679 case DEVICE_LITTLE_ENDIAN:
3680 val = ldl_le_p(ptr);
3681 break;
3682 case DEVICE_BIG_ENDIAN:
3683 val = ldl_be_p(ptr);
3684 break;
3685 default:
3686 val = ldl_p(ptr);
3687 break;
3688 }
8df1cd07
FB		 3689 }
3690 return val;
3691}
3692
a8170e5e 3693uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 3694{
3695 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3696}
3697
a8170e5e 3698uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 3699{
3700 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3701}
3702
a8170e5e 3703uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 3704{
3705 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3706}
3707
84b7b8e7 3708/* warning: addr must be aligned */
a8170e5e 3709static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 3710 enum device_endian endian)
84b7b8e7 3711{
84b7b8e7
FB		 3712 uint8_t *ptr;
3713 uint64_t val;
f3705d53 3714 MemoryRegionSection *section;
84b7b8e7 3715
ac1970fb 3716 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3717
cc5bea60
BS		 3718 if (!(memory_region_is_ram(section->mr) ||
3719 memory_region_is_romd(section->mr))) {
84b7b8e7 3720 /* I/O case */
cc5bea60 3721 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3722
3723 /* XXX This is broken when device endian != cpu endian.
3724 Fix and add "endian" variable check */
84b7b8e7 3725#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3726 val = io_mem_read(section->mr, addr, 4) << 32;
3727 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3728#else
37ec01d4
AK		 3729 val = io_mem_read(section->mr, addr, 4);
3730 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3731#endif
3732 } else {
3733 /* RAM case */
f3705d53 3734 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3735 & TARGET_PAGE_MASK)
cc5bea60 3736 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3737 switch (endian) {
3738 case DEVICE_LITTLE_ENDIAN:
3739 val = ldq_le_p(ptr);
3740 break;
3741 case DEVICE_BIG_ENDIAN:
3742 val = ldq_be_p(ptr);
3743 break;
3744 default:
3745 val = ldq_p(ptr);
3746 break;
3747 }
84b7b8e7
FB		 3748 }
3749 return val;
3750}
3751
a8170e5e 3752uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 3753{
3754 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3755}
3756
a8170e5e 3757uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 3758{
3759 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3760}
3761
a8170e5e 3762uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 3763{
3764 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3765}
3766
aab33094 3767/* XXX: optimize */
a8170e5e 3768uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 3769{
3770 uint8_t val;
3771 cpu_physical_memory_read(addr, &val, 1);
3772 return val;
3773}
3774
733f0b02 3775/* warning: addr must be aligned */
a8170e5e 3776static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 3777 enum device_endian endian)
aab33094 3778{
733f0b02
MT		 3779 uint8_t *ptr;
3780 uint64_t val;
f3705d53 3781 MemoryRegionSection *section;
733f0b02 3782
ac1970fb 3783 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3784
cc5bea60
BS		 3785 if (!(memory_region_is_ram(section->mr) ||
3786 memory_region_is_romd(section->mr))) {
733f0b02 3787 /* I/O case */
cc5bea60 3788 addr = memory_region_section_addr(section, addr);
37ec01d4 3789 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3790#if defined(TARGET_WORDS_BIGENDIAN)
3791 if (endian == DEVICE_LITTLE_ENDIAN) {
3792 val = bswap16(val);
3793 }
3794#else
3795 if (endian == DEVICE_BIG_ENDIAN) {
3796 val = bswap16(val);
3797 }
3798#endif
733f0b02
MT		 3799 } else {
3800 /* RAM case */
f3705d53 3801 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3802 & TARGET_PAGE_MASK)
cc5bea60 3803 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3804 switch (endian) {
3805 case DEVICE_LITTLE_ENDIAN:
3806 val = lduw_le_p(ptr);
3807 break;
3808 case DEVICE_BIG_ENDIAN:
3809 val = lduw_be_p(ptr);
3810 break;
3811 default:
3812 val = lduw_p(ptr);
3813 break;
3814 }
733f0b02
MT		 3815 }
3816 return val;
aab33094
FB		 3817}
3818
a8170e5e 3819uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 3820{
3821 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3822}
3823
a8170e5e 3824uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 3825{
3826 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3827}
3828
a8170e5e 3829uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 3830{
3831 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3832}
3833
8df1cd07
FB		 3834/* warning: addr must be aligned. The ram page is not masked as dirty
3835 and the code inside is not invalidated. It is useful if the dirty
3836 bits are used to track modified PTEs */
a8170e5e 3837void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 3838{
8df1cd07 3839 uint8_t *ptr;
f3705d53 3840 MemoryRegionSection *section;
8df1cd07 3841
ac1970fb 3842 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3843
f3705d53 3844 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3845 addr = memory_region_section_addr(section, addr);
f3705d53 3846 if (memory_region_is_ram(section->mr)) {
37ec01d4 3847 section = &phys_sections[phys_section_rom];
06ef3525 3848 }
37ec01d4 3849 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3850 } else {
f3705d53 3851 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3852 & TARGET_PAGE_MASK)
cc5bea60 3853 + memory_region_section_addr(section, addr);
5579c7f3 3854 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3855 stl_p(ptr, val);
74576198
AL		 3856
3857 if (unlikely(in_migration)) {
3858 if (!cpu_physical_memory_is_dirty(addr1)) {
3859 /* invalidate code */
3860 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3861 /* set dirty bit */
f7c11b53
YT		 3862 cpu_physical_memory_set_dirty_flags(
3863 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3864 }
3865 }
8df1cd07
FB		 3866 }
3867}
3868
a8170e5e 3869void stq_phys_notdirty(hwaddr addr, uint64_t val)
bc98a7ef 3870{
bc98a7ef 3871 uint8_t *ptr;
f3705d53 3872 MemoryRegionSection *section;
bc98a7ef 3873
ac1970fb 3874 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3875
f3705d53 3876 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3877 addr = memory_region_section_addr(section, addr);
f3705d53 3878 if (memory_region_is_ram(section->mr)) {
37ec01d4 3879 section = &phys_sections[phys_section_rom];
06ef3525 3880 }
bc98a7ef 3881#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3882 io_mem_write(section->mr, addr, val >> 32, 4);
3883 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3884#else
37ec01d4
AK		 3885 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3886 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3887#endif
3888 } else {
f3705d53 3889 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3890 & TARGET_PAGE_MASK)
cc5bea60 3891 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3892 stq_p(ptr, val);
3893 }
3894}
3895
8df1cd07 3896/* warning: addr must be aligned */
a8170e5e 3897static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3898 enum device_endian endian)
8df1cd07 3899{
8df1cd07 3900 uint8_t *ptr;
f3705d53 3901 MemoryRegionSection *section;
8df1cd07 3902
ac1970fb 3903 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3904
f3705d53 3905 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3906 addr = memory_region_section_addr(section, addr);
f3705d53 3907 if (memory_region_is_ram(section->mr)) {
37ec01d4 3908 section = &phys_sections[phys_section_rom];
06ef3525 3909 }
1e78bcc1
AG		 3910#if defined(TARGET_WORDS_BIGENDIAN)
3911 if (endian == DEVICE_LITTLE_ENDIAN) {
3912 val = bswap32(val);
3913 }
3914#else
3915 if (endian == DEVICE_BIG_ENDIAN) {
3916 val = bswap32(val);
3917 }
3918#endif
37ec01d4 3919 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3920 } else {
3921 unsigned long addr1;
f3705d53 3922 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3923 + memory_region_section_addr(section, addr);
8df1cd07 3924 /* RAM case */
5579c7f3 3925 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3926 switch (endian) {
3927 case DEVICE_LITTLE_ENDIAN:
3928 stl_le_p(ptr, val);
3929 break;
3930 case DEVICE_BIG_ENDIAN:
3931 stl_be_p(ptr, val);
3932 break;
3933 default:
3934 stl_p(ptr, val);
3935 break;
3936 }
51d7a9eb 3937 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3938 }
3939}
3940
a8170e5e 3941void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3942{
3943 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3944}
3945
a8170e5e 3946void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3947{
3948 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3949}
3950
a8170e5e 3951void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 3952{
3953 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3954}
3955
aab33094 3956/* XXX: optimize */
a8170e5e 3957void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 3958{
3959 uint8_t v = val;
3960 cpu_physical_memory_write(addr, &v, 1);
3961}
3962
733f0b02 3963/* warning: addr must be aligned */
a8170e5e 3964static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3965 enum device_endian endian)
aab33094 3966{
733f0b02 3967 uint8_t *ptr;
f3705d53 3968 MemoryRegionSection *section;
733f0b02 3969
ac1970fb 3970 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3971
f3705d53 3972 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3973 addr = memory_region_section_addr(section, addr);
f3705d53 3974 if (memory_region_is_ram(section->mr)) {
37ec01d4 3975 section = &phys_sections[phys_section_rom];
06ef3525 3976 }
1e78bcc1
AG		 3977#if defined(TARGET_WORDS_BIGENDIAN)
3978 if (endian == DEVICE_LITTLE_ENDIAN) {
3979 val = bswap16(val);
3980 }
3981#else
3982 if (endian == DEVICE_BIG_ENDIAN) {
3983 val = bswap16(val);
3984 }
3985#endif
37ec01d4 3986 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 3987 } else {
3988 unsigned long addr1;
f3705d53 3989 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3990 + memory_region_section_addr(section, addr);
733f0b02
MT		 3991 /* RAM case */
3992 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3993 switch (endian) {
3994 case DEVICE_LITTLE_ENDIAN:
3995 stw_le_p(ptr, val);
3996 break;
3997 case DEVICE_BIG_ENDIAN:
3998 stw_be_p(ptr, val);
3999 break;
4000 default:
4001 stw_p(ptr, val);
4002 break;
4003 }
51d7a9eb 4004 invalidate_and_set_dirty(addr1, 2);
733f0b02 4005 }
aab33094
FB		 4006}
4007
a8170e5e 4008void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4009{
4010 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4011}
4012
a8170e5e 4013void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4014{
4015 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4016}
4017
a8170e5e 4018void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4019{
4020 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4021}
4022
aab33094 4023/* XXX: optimize */
a8170e5e 4024void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 4025{
4026 val = tswap64(val);
71d2b725 4027 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4028}
4029
a8170e5e 4030void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4031{
4032 val = cpu_to_le64(val);
4033 cpu_physical_memory_write(addr, &val, 8);
4034}
4035
a8170e5e 4036void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4037{
4038 val = cpu_to_be64(val);
4039 cpu_physical_memory_write(addr, &val, 8);
4040}
4041
5e2972fd 4042/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4043int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4044 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4045{
4046 int l;
a8170e5e 4047 hwaddr phys_addr;
9b3c35e0 4048 target_ulong page;
13eb76e0
FB		 4049
4050 while (len > 0) {
4051 page = addr & TARGET_PAGE_MASK;
4052 phys_addr = cpu_get_phys_page_debug(env, page);
4053 /* if no physical page mapped, return an error */
4054 if (phys_addr == -1)
4055 return -1;
4056 l = (page + TARGET_PAGE_SIZE) - addr;
4057 if (l > len)
4058 l = len;
5e2972fd 4059 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4060 if (is_write)
4061 cpu_physical_memory_write_rom(phys_addr, buf, l);
4062 else
5e2972fd 4063 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4064 len -= l;
4065 buf += l;
4066 addr += l;
4067 }
4068 return 0;
4069}
a68fe89c 4070#endif
13eb76e0 4071
2e70f6ef
PB		 4072/* in deterministic execution mode, instructions doing device I/Os
4073 must be at the end of the TB */
20503968 4074void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4075{
4076 TranslationBlock *tb;
4077 uint32_t n, cflags;
4078 target_ulong pc, cs_base;
4079 uint64_t flags;
4080
20503968 4081 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4082 if (!tb) {
4083 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4084 (void *)retaddr);
2e70f6ef
PB		 4085 }
4086 n = env->icount_decr.u16.low + tb->icount;
20503968 4087 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4088 /* Calculate how many instructions had been executed before the fault
bf20dc07 4089 occurred. */
2e70f6ef
PB		 4090 n = n - env->icount_decr.u16.low;
4091 /* Generate a new TB ending on the I/O insn. */
4092 n++;
4093 /* On MIPS and SH, delay slot instructions can only be restarted if
4094 they were already the first instruction in the TB. If this is not
bf20dc07 4095 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4096 branch. */
4097#if defined(TARGET_MIPS)
4098 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4099 env->active_tc.PC -= 4;
4100 env->icount_decr.u16.low++;
4101 env->hflags &= ~MIPS_HFLAG_BMASK;
4102 }
4103#elif defined(TARGET_SH4)
4104 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4105 && n > 1) {
4106 env->pc -= 2;
4107 env->icount_decr.u16.low++;
4108 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4109 }
4110#endif
4111 /* This should never happen. */
4112 if (n > CF_COUNT_MASK)
4113 cpu_abort(env, "TB too big during recompile");
4114
4115 cflags = n | CF_LAST_IO;
4116 pc = tb->pc;
4117 cs_base = tb->cs_base;
4118 flags = tb->flags;
4119 tb_phys_invalidate(tb, -1);
4120 /* FIXME: In theory this could raise an exception. In practice
4121 we have already translated the block once so it's probably ok. */
4122 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4123 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4124 the first in the TB) then we end up generating a whole new TB and
4125 repeating the fault, which is horribly inefficient.
4126 Better would be to execute just this insn uncached, or generate a
4127 second new TB. */
4128 cpu_resume_from_signal(env, NULL);
4129}
4130
b3755a91
PB		 4131#if !defined(CONFIG_USER_ONLY)
4132
055403b2 4133void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4134{
4135 int i, target_code_size, max_target_code_size;
4136 int direct_jmp_count, direct_jmp2_count, cross_page;
4137 TranslationBlock *tb;
3b46e624 4138
e3db7226
FB		 4139 target_code_size = 0;
4140 max_target_code_size = 0;
4141 cross_page = 0;
4142 direct_jmp_count = 0;
4143 direct_jmp2_count = 0;
4144 for(i = 0; i < nb_tbs; i++) {
4145 tb = &tbs[i];
4146 target_code_size += tb->size;
4147 if (tb->size > max_target_code_size)
4148 max_target_code_size = tb->size;
4149 if (tb->page_addr[1] != -1)
4150 cross_page++;
4151 if (tb->tb_next_offset[0] != 0xffff) {
4152 direct_jmp_count++;
4153 if (tb->tb_next_offset[1] != 0xffff) {
4154 direct_jmp2_count++;
4155 }
4156 }
4157 }
4158 /* XXX: avoid using doubles ? */
57fec1fe 4159 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4160 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4161 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4162 cpu_fprintf(f, "TB count %d/%d\n",
4163 nb_tbs, code_gen_max_blocks);
5fafdf24 4164 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4165 nb_tbs ? target_code_size / nb_tbs : 0,
4166 max_target_code_size);
055403b2 4167 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4168 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4169 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4170 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4171 cross_page,
e3db7226
FB		 4172 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4173 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4174 direct_jmp_count,
e3db7226
FB		 4175 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4176 direct_jmp2_count,
4177 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4178 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4179 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4180 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4181 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4182 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4183}
4184
82afa586
BH		 4185/*
4186 * A helper function for the _utterly broken_ virtio device model to find out if
4187 * it's running on a big endian machine. Don't do this at home kids!
4188 */
4189bool virtio_is_big_endian(void);
4190bool virtio_is_big_endian(void)
4191{
4192#if defined(TARGET_WORDS_BIGENDIAN)
4193 return true;
4194#else
4195 return false;
4196#endif
4197}
4198
61382a50 4199#endif
76f35538
WC		 4200
4201#ifndef CONFIG_USER_ONLY
a8170e5e 4202bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538
WC		 4203{
4204 MemoryRegionSection *section;
4205
ac1970fb
AK		 4206 section = phys_page_find(address_space_memory.dispatch,
4207 phys_addr >> TARGET_PAGE_BITS);
76f35538
WC		 4208
4209 return !(memory_region_is_ram(section->mr) ||
4210 memory_region_is_romd(section->mr));
4211}
4212#endif
Qemu copy for testing