]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: drop find_ram_block()
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
b35ba30f 60#include "qemu/range.h"
794e8f30
MT		 61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
b35ba30f 64
db7b5426 65//#define DEBUG_SUBPAGE
1196be37 66
e2eef170 67#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
0d53d9fe 71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 72
73static MemoryRegion *system_memory;
309cb471 74static MemoryRegion *system_io;
62152b8a 75
f6790af6
AK		 76AddressSpace address_space_io;
77AddressSpace address_space_memory;
2673a5da 78
0844e007 79MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 80static MemoryRegion io_mem_unassigned;
0e0df1e2 81
7bd4f430
PB		 82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
dbcb8981
PB		 85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
62be4e3a
MT		 88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
729633c2 141 MemoryRegionSection *mru_section;
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
29cb533d
FZ		 314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
97115a8d 325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 326 Node *nodes, MemoryRegionSection *sections)
92e873b9 327{
31ab2b4a 328 PhysPageEntry *p;
97115a8d 329 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 330 int i;
f1f6e3b8 331
9736e55b 332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 334 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 335 }
9affd6fc 336 p = nodes[lp.ptr];
03f49957 337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 338 }
b35ba30f 339
29cb533d 340 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
f3705d53
AK		 345}
346
e5548617
BS		 347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
2a8e7499 349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 350 && mr != &io_mem_watch;
fd6ce8f6 351}
149f54b5 352
79e2b9ae 353/* Called from RCU critical section */
c7086b4a 354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 355 hwaddr addr,
356 bool resolve_subpage)
9f029603 357{
729633c2 358 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 359 subpage_t *subpage;
729633c2 360 bool update;
90260c6c 361
729633c2
FZ		 362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
90260c6c
JK		 370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 373 }
729633c2
FZ		 374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
90260c6c 377 return section;
9f029603
JK		 378}
379
79e2b9ae 380/* Called from RCU critical section */
90260c6c 381static MemoryRegionSection *
c7086b4a 382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 383 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 384{
385 MemoryRegionSection *section;
965eb2fc 386 MemoryRegion *mr;
a87f3954 387 Int128 diff;
149f54b5 388
c7086b4a 389 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
965eb2fc 396 mr = section->mr;
b242e0e0
PB		 397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
965eb2fc 409 if (memory_region_is_ram(mr)) {
e4a511f8 410 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
149f54b5
PB		 413 return section;
414}
90260c6c 415
41063e1e 416/* Called from RCU critical section */
5c8a00ce
PB		 417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
90260c6c 420{
30951157
AK		 421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
30951157
AK		 424
425 for (;;) {
79e2b9ae
PB		 426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
8d7b8cb9 434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
23820dbf 437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
fe680d0d 446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 448 *plen = MIN(page, *plen);
a87f3954
PB		 449 }
450
30951157
AK		 451 *xlat = addr;
452 return mr;
90260c6c
JK		 453}
454
79e2b9ae 455/* Called from RCU critical section */
90260c6c 456MemoryRegionSection *
d7898cda 457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 458 hwaddr *xlat, hwaddr *plen)
90260c6c 459{
30951157 460 MemoryRegionSection *section;
d7898cda
PM		 461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 464
465 assert(!section->mr->iommu_ops);
466 return section;
90260c6c 467}
5b6dd868 468#endif
fd6ce8f6 469
b170fce3 470#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 471
472static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 473{
259186a7 474 CPUState *cpu = opaque;
a513fe19 475
5b6dd868
BS		 476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
259186a7 478 cpu->interrupt_request &= ~0x01;
c01a71c1 479 tlb_flush(cpu, 1);
5b6dd868
BS		 480
481 return 0;
a513fe19 482}
7501267e 483
6c3bff0e
PD		 484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 cpu->exception_index = -1;
6c3bff0e
PD		 489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
adee6424 497 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
5cd8cada 504 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
bac05aa9
AS		 511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
1a1562f5 529const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
6c3bff0e 533 .pre_load = cpu_common_pre_load,
5b6dd868 534 .post_load = cpu_common_post_load,
35d08458 535 .fields = (VMStateField[]) {
259186a7
AF		 536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 538 VMSTATE_END_OF_LIST()
6c3bff0e 539 },
5cd8cada
JQ		 540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
bac05aa9 542 &vmstate_cpu_common_crash_occurred,
5cd8cada 543 NULL
5b6dd868
BS		 544 }
545};
1a1562f5 546
5b6dd868 547#endif
ea041c0e 548
38d8f5c8 549CPUState *qemu_get_cpu(int index)
ea041c0e 550{
bdc44640 551 CPUState *cpu;
ea041c0e 552
bdc44640 553 CPU_FOREACH(cpu) {
55e5c285 554 if (cpu->cpu_index == index) {
bdc44640 555 return cpu;
55e5c285 556 }
ea041c0e 557 }
5b6dd868 558
bdc44640 559 return NULL;
ea041c0e
FB		 560}
561
09daed84 562#if !defined(CONFIG_USER_ONLY)
56943e8c 563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 564{
12ebc9a7
PM		 565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
56943e8c
PM		 570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
12ebc9a7
PM		 575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
09daed84 577
12ebc9a7
PM		 578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 580 }
32857f4d 581
12ebc9a7
PM		 582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
56943e8c 585 if (tcg_enabled()) {
12ebc9a7
PM		 586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 588 }
09daed84 589}
651a5bc0
PM		 590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
09daed84
EI		 596#endif
597
b7bca733
BR		 598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
4bad9e39 643void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 644{
b170fce3 645 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 646 Error *local_err = NULL;
5b6dd868 647
56943e8c 648 cpu->as = NULL;
12ebc9a7 649 cpu->num_ases = 0;
56943e8c 650
291135b5 651#ifndef CONFIG_USER_ONLY
291135b5 652 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
291135b5
EH		 667#endif
668
5b6dd868
BS		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
741da0d3 672 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
5b6dd868 679 }
bdc44640 680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 681#if defined(CONFIG_USER_ONLY)
741da0d3 682 (void) cc;
5b6dd868 683 cpu_list_unlock();
741da0d3 684#else
e0d47944 685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 687 }
b170fce3 688 if (cc->vmsd != NULL) {
741da0d3 689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 690 }
741da0d3 691#endif
ea041c0e
FB		 692}
693
94df27fd 694#if defined(CONFIG_USER_ONLY)
00b941e5 695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
00b941e5 700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 701{
5232e4c7
PM		 702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 705 if (phys != -1) {
5232e4c7 706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 707 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 708 }
1e7855a5 709}
c27004ec 710#endif
d720b93d 711
c527ee8f 712#if defined(CONFIG_USER_ONLY)
75a34036 713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 714
715{
716}
717
3ee887e8
PM		 718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
6658ffb8 734/* Add a watchpoint. */
75a34036 735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags, CPUWatchpoint **watchpoint)
6658ffb8 737{
c0ce998e 738 CPUWatchpoint *wp;
6658ffb8 739
05068c0d 740 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 741 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 744 return -EINVAL;
745 }
7267c094 746 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 747
748 wp->vaddr = addr;
05068c0d 749 wp->len = len;
a1d1bb31
AL		 750 wp->flags = flags;
751
2dc9f411 752 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
6658ffb8 758
31b030d4 759 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
6658ffb8
PB		 764}
765
a1d1bb31 766/* Remove a specific watchpoint. */
75a34036 767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 768 int flags)
6658ffb8 769{
a1d1bb31 770 CPUWatchpoint *wp;
6658ffb8 771
ff4700b0 772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 773 if (addr == wp->vaddr && len == wp->len
6e140f28 774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 775 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 776 return 0;
777 }
778 }
a1d1bb31 779 return -ENOENT;
6658ffb8
PB		 780}
781
a1d1bb31 782/* Remove a specific watchpoint by reference. */
75a34036 783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 784{
ff4700b0 785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 786
31b030d4 787 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 788
7267c094 789 g_free(watchpoint);
a1d1bb31
AL		 790}
791
792/* Remove all matching watchpoints. */
75a34036 793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 794{
c0ce998e 795 CPUWatchpoint *wp, *next;
a1d1bb31 796
ff4700b0 797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
c0ce998e 801 }
7d03f82f 802}
05068c0d
PM		 803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
c527ee8f 824#endif
7d03f82f 825
a1d1bb31 826/* Add a breakpoint. */
b3310ab3 827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 828 CPUBreakpoint **breakpoint)
4c3a88a2 829{
c0ce998e 830 CPUBreakpoint *bp;
3b46e624 831
7267c094 832 bp = g_malloc(sizeof(*bp));
4c3a88a2 833
a1d1bb31
AL		 834 bp->pc = pc;
835 bp->flags = flags;
836
2dc9f411 837 /* keep all GDB-injected breakpoints in front */
00b941e5 838 if (flags & BP_GDB) {
f0c3c505 839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 840 } else {
f0c3c505 841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 842 }
3b46e624 843
f0c3c505 844 breakpoint_invalidate(cpu, pc);
a1d1bb31 845
00b941e5 846 if (breakpoint) {
a1d1bb31 847 *breakpoint = bp;
00b941e5 848 }
4c3a88a2 849 return 0;
4c3a88a2
FB		 850}
851
a1d1bb31 852/* Remove a specific breakpoint. */
b3310ab3 853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 854{
a1d1bb31
AL		 855 CPUBreakpoint *bp;
856
f0c3c505 857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 858 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 859 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 860 return 0;
861 }
7d03f82f 862 }
a1d1bb31 863 return -ENOENT;
7d03f82f
EI		 864}
865
a1d1bb31 866/* Remove a specific breakpoint by reference. */
b3310ab3 867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 868{
f0c3c505
AF		 869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 872
7267c094 873 g_free(breakpoint);
a1d1bb31
AL		 874}
875
876/* Remove all matching breakpoints. */
b3310ab3 877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 878{
c0ce998e 879 CPUBreakpoint *bp, *next;
a1d1bb31 880
f0c3c505 881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
c0ce998e 885 }
4c3a88a2
FB		 886}
887
c33a346e
FB		 888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
3825b28f 890void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 891{
ed2803da
AF		 892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
38e478ec 895 kvm_update_guest_debug(cpu, 0);
ed2803da 896 } else {
ccbb4d44 897 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 898 /* XXX: only flush what is necessary */
bbd77c18 899 tb_flush(cpu);
e22a25c9 900 }
c33a346e 901 }
c33a346e
FB		 902}
903
a47dddd7 904void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 905{
906 va_list ap;
493ae1f0 907 va_list ap2;
7501267e
FB		 908
909 va_start(ap, fmt);
493ae1f0 910 va_copy(ap2, ap);
7501267e
FB		 911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
878096ee 914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 915 if (qemu_log_separate()) {
93fcfe39
AL		 916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
a0762859 919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 920 qemu_log_flush();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1048 /* Normal RAM. */
1049 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1050 + xlat;
e5548617 1051 if (!section->readonly) {
b41aac4f 1052 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1053 } else {
b41aac4f 1054 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1055 }
1056 } else {
0b8e2c10
PM		 1057 AddressSpaceDispatch *d;
1058
1059 d = atomic_rcu_read(&section->address_space->dispatch);
1060 iotlb = section - d->map.sections;
149f54b5 1061 iotlb += xlat;
e5548617
BS		 1062 }
1063
1064 /* Make accesses to pages with watchpoints go via the
1065 watchpoint trap routines. */
ff4700b0 1066 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1067 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1068 /* Avoid trapping reads of pages with a write breakpoint. */
1069 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1070 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1071 *address |= TLB_MMIO;
1072 break;
1073 }
1074 }
1075 }
1076
1077 return iotlb;
1078}
9fa3e853
FB		 1079#endif /* defined(CONFIG_USER_ONLY) */
1080
e2eef170 1081#if !defined(CONFIG_USER_ONLY)
8da3ff18 1082
c227f099 1083static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1084 uint16_t section);
acc9d80b 1085static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1086
a2b257d6
IM		 1087static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1088 qemu_anon_ram_alloc;
91138037
MA		 1089
1090/*
1091 * Set a custom physical guest memory alloator.
1092 * Accelerators with unusual needs may need this. Hopefully, we can
1093 * get rid of it eventually.
1094 */
a2b257d6 1095void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1096{
1097 phys_mem_alloc = alloc;
1098}
1099
53cb28cb
MA		 1100static uint16_t phys_section_add(PhysPageMap *map,
1101 MemoryRegionSection *section)
5312bd8b 1102{
68f3f65b
PB		 1103 /* The physical section number is ORed with a page-aligned
1104 * pointer to produce the iotlb entries. Thus it should
1105 * never overflow into the page-aligned value.
1106 */
53cb28cb 1107 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1108
53cb28cb
MA		 1109 if (map->sections_nb == map->sections_nb_alloc) {
1110 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1111 map->sections = g_renew(MemoryRegionSection, map->sections,
1112 map->sections_nb_alloc);
5312bd8b 1113 }
53cb28cb 1114 map->sections[map->sections_nb] = *section;
dfde4e6e 1115 memory_region_ref(section->mr);
53cb28cb 1116 return map->sections_nb++;
5312bd8b
AK		 1117}
1118
058bc4b5
PB		 1119static void phys_section_destroy(MemoryRegion *mr)
1120{
55b4e80b
DS		 1121 bool have_sub_page = mr->subpage;
1122
dfde4e6e
PB		 1123 memory_region_unref(mr);
1124
55b4e80b 1125 if (have_sub_page) {
058bc4b5 1126 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1127 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1128 g_free(subpage);
1129 }
1130}
1131
6092666e 1132static void phys_sections_free(PhysPageMap *map)
5312bd8b 1133{
9affd6fc
PB		 1134 while (map->sections_nb > 0) {
1135 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1136 phys_section_destroy(section->mr);
1137 }
9affd6fc
PB		 1138 g_free(map->sections);
1139 g_free(map->nodes);
5312bd8b
AK		 1140}
1141
ac1970fb 1142static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1143{
1144 subpage_t *subpage;
a8170e5e 1145 hwaddr base = section->offset_within_address_space
0f0cb164 1146 & TARGET_PAGE_MASK;
97115a8d 1147 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1148 d->map.nodes, d->map.sections);
0f0cb164
AK		 1149 MemoryRegionSection subsection = {
1150 .offset_within_address_space = base,
052e87b0 1151 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1152 };
a8170e5e 1153 hwaddr start, end;
0f0cb164 1154
f3705d53 1155 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1156
f3705d53 1157 if (!(existing->mr->subpage)) {
acc9d80b 1158 subpage = subpage_init(d->as, base);
3be91e86 1159 subsection.address_space = d->as;
0f0cb164 1160 subsection.mr = &subpage->iomem;
ac1970fb 1161 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1162 phys_section_add(&d->map, &subsection));
0f0cb164 1163 } else {
f3705d53 1164 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1165 }
1166 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1167 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1168 subpage_register(subpage, start, end,
1169 phys_section_add(&d->map, section));
0f0cb164
AK		 1170}
1171
1172
052e87b0
PB		 1173static void register_multipage(AddressSpaceDispatch *d,
1174 MemoryRegionSection *section)
33417e70 1175{
a8170e5e 1176 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1177 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1178 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1179 TARGET_PAGE_BITS));
dd81124b 1180
733d5ef5
PB		 1181 assert(num_pages);
1182 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1183}
1184
ac1970fb 1185static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1186{
89ae337a 1187 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1188 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1189 MemoryRegionSection now = *section, remain = *section;
052e87b0 1190 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1191
733d5ef5
PB		 1192 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1193 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1194 - now.offset_within_address_space;
1195
052e87b0 1196 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1197 register_subpage(d, &now);
733d5ef5 1198 } else {
052e87b0 1199 now.size = int128_zero();
733d5ef5 1200 }
052e87b0
PB		 1201 while (int128_ne(remain.size, now.size)) {
1202 remain.size = int128_sub(remain.size, now.size);
1203 remain.offset_within_address_space += int128_get64(now.size);
1204 remain.offset_within_region += int128_get64(now.size);
69b67646 1205 now = remain;
052e87b0 1206 if (int128_lt(remain.size, page_size)) {
733d5ef5 1207 register_subpage(d, &now);
88266249 1208 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1209 now.size = page_size;
ac1970fb 1210 register_subpage(d, &now);
69b67646 1211 } else {
052e87b0 1212 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1213 register_multipage(d, &now);
69b67646 1214 }
0f0cb164
AK		 1215 }
1216}
1217
62a2744c
SY		 1218void qemu_flush_coalesced_mmio_buffer(void)
1219{
1220 if (kvm_enabled())
1221 kvm_flush_coalesced_mmio_buffer();
1222}
1223
b2a8658e
UD		 1224void qemu_mutex_lock_ramlist(void)
1225{
1226 qemu_mutex_lock(&ram_list.mutex);
1227}
1228
1229void qemu_mutex_unlock_ramlist(void)
1230{
1231 qemu_mutex_unlock(&ram_list.mutex);
1232}
1233
e1e84ba0 1234#ifdef __linux__
04b16653
AW		 1235static void *file_ram_alloc(RAMBlock *block,
1236 ram_addr_t memory,
7f56e740
PB		 1237 const char *path,
1238 Error **errp)
c902760f 1239{
fd97fd44 1240 bool unlink_on_error = false;
c902760f 1241 char *filename;
8ca761f6
PF		 1242 char *sanitized_name;
1243 char *c;
794e8f30 1244 void *area;
5c3ece79 1245 int fd = -1;
e1fb6471 1246 int64_t page_size;
c902760f
MT		 1247
1248 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1249 error_setg(errp,
1250 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1251 return NULL;
c902760f
MT		 1252 }
1253
fd97fd44
MA		 1254 for (;;) {
1255 fd = open(path, O_RDWR);
1256 if (fd >= 0) {
1257 /* @path names an existing file, use it */
1258 break;
8d31d6b6 1259 }
fd97fd44
MA		 1260 if (errno == ENOENT) {
1261 /* @path names a file that doesn't exist, create it */
1262 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1263 if (fd >= 0) {
1264 unlink_on_error = true;
1265 break;
1266 }
1267 } else if (errno == EISDIR) {
1268 /* @path names a directory, create a file there */
1269 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1270 sanitized_name = g_strdup(memory_region_name(block->mr));
1271 for (c = sanitized_name; *c != '\0'; c++) {
1272 if (*c == '/') {
1273 *c = '_';
1274 }
1275 }
8ca761f6 1276
fd97fd44
MA		 1277 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1278 sanitized_name);
1279 g_free(sanitized_name);
8d31d6b6 1280
fd97fd44
MA		 1281 fd = mkstemp(filename);
1282 if (fd >= 0) {
1283 unlink(filename);
1284 g_free(filename);
1285 break;
1286 }
1287 g_free(filename);
8d31d6b6 1288 }
fd97fd44
MA		 1289 if (errno != EEXIST && errno != EINTR) {
1290 error_setg_errno(errp, errno,
1291 "can't open backing store %s for guest RAM",
1292 path);
1293 goto error;
1294 }
1295 /*
1296 * Try again on EINTR and EEXIST. The latter happens when
1297 * something else creates the file between our two open().
1298 */
8d31d6b6 1299 }
c902760f 1300
e1fb6471 1301 page_size = qemu_fd_getpagesize(fd);
d2f39add 1302 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1303
e1fb6471 1304 if (memory < page_size) {
fd97fd44
MA		 1305 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1306 "or larger than page size 0x%" PRIx64,
e1fb6471 1307 memory, page_size);
f9a49dfa 1308 goto error;
c902760f 1309 }
c902760f 1310
e1fb6471 1311 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1312
1313 /*
1314 * ftruncate is not supported by hugetlbfs in older
1315 * hosts, so don't bother bailing out on errors.
1316 * If anything goes wrong with it under other filesystems,
1317 * mmap will fail.
1318 */
7f56e740 1319 if (ftruncate(fd, memory)) {
9742bf26 1320 perror("ftruncate");
7f56e740 1321 }
c902760f 1322
d2f39add
DD		 1323 area = qemu_ram_mmap(fd, memory, block->mr->align,
1324 block->flags & RAM_SHARED);
c902760f 1325 if (area == MAP_FAILED) {
7f56e740 1326 error_setg_errno(errp, errno,
fd97fd44 1327 "unable to map backing store for guest RAM");
f9a49dfa 1328 goto error;
c902760f 1329 }
ef36fa14
MT		 1330
1331 if (mem_prealloc) {
38183310 1332 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1333 }
1334
04b16653 1335 block->fd = fd;
c902760f 1336 return area;
f9a49dfa
MT		 1337
1338error:
fd97fd44
MA		 1339 if (unlink_on_error) {
1340 unlink(path);
1341 }
5c3ece79
PB		 1342 if (fd != -1) {
1343 close(fd);
1344 }
f9a49dfa 1345 return NULL;
c902760f
MT		 1346}
1347#endif
1348
0dc3f44a 1349/* Called with the ramlist lock held. */
d17b5288 1350static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1351{
1352 RAMBlock *block, *next_block;
3e837b2c 1353 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1354
49cd9ac6
SH		 1355 assert(size != 0); /* it would hand out same offset multiple times */
1356
0dc3f44a 1357 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1358 return 0;
0d53d9fe 1359 }
04b16653 1360
0dc3f44a 1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1362 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1363
62be4e3a 1364 end = block->offset + block->max_length;
04b16653 1365
0dc3f44a 1366 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1367 if (next_block->offset >= end) {
1368 next = MIN(next, next_block->offset);
1369 }
1370 }
1371 if (next - end >= size && next - end < mingap) {
3e837b2c 1372 offset = end;
04b16653
AW		 1373 mingap = next - end;
1374 }
1375 }
3e837b2c
AW		 1376
1377 if (offset == RAM_ADDR_MAX) {
1378 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1379 (uint64_t)size);
1380 abort();
1381 }
1382
04b16653
AW		 1383 return offset;
1384}
1385
652d7ec2 1386ram_addr_t last_ram_offset(void)
d17b5288
AW		 1387{
1388 RAMBlock *block;
1389 ram_addr_t last = 0;
1390
0dc3f44a
MD		 1391 rcu_read_lock();
1392 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1393 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1394 }
0dc3f44a 1395 rcu_read_unlock();
d17b5288
AW		 1396 return last;
1397}
1398
ddb97f1d
JB		 1399static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1400{
1401 int ret;
ddb97f1d
JB		 1402
1403 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1404 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1405 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1406 if (ret) {
1407 perror("qemu_madvise");
1408 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1409 "but dump_guest_core=off specified\n");
1410 }
1411 }
1412}
1413
422148d3
DDAG		 1414const char *qemu_ram_get_idstr(RAMBlock *rb)
1415{
1416 return rb->idstr;
1417}
1418
ae3a7047 1419/* Called with iothread lock held. */
fa53a0e5 1420void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1421{
fa53a0e5 1422 RAMBlock *block;
20cfe881 1423
0dc3f44a 1424 rcu_read_lock();
fa53a0e5 1425
c5705a77
AK		 1426 assert(new_block);
1427 assert(!new_block->idstr[0]);
84b89d78 1428
09e5ab63
AL		 1429 if (dev) {
1430 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1431 if (id) {
1432 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1433 g_free(id);
84b89d78
CM		 1434 }
1435 }
1436 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1437
0dc3f44a 1438 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1439 if (block != new_block &&
1440 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1441 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1442 new_block->idstr);
1443 abort();
1444 }
1445 }
0dc3f44a 1446 rcu_read_unlock();
c5705a77
AK		 1447}
1448
ae3a7047 1449/* Called with iothread lock held. */
fa53a0e5 1450void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1451{
ae3a7047
MD		 1452 /* FIXME: arch_init.c assumes that this is not called throughout
1453 * migration. Ignore the problem since hot-unplug during migration
1454 * does not work anyway.
1455 */
1456
0dc3f44a 1457 rcu_read_lock();
20cfe881
HT		 1458 if (block) {
1459 memset(block->idstr, 0, sizeof(block->idstr));
1460 }
0dc3f44a 1461 rcu_read_unlock();
20cfe881
HT		 1462}
1463
8490fc78
LC		 1464static int memory_try_enable_merging(void *addr, size_t len)
1465{
75cc7f01 1466 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1467 /* disabled by the user */
1468 return 0;
1469 }
1470
1471 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1472}
1473
62be4e3a
MT		 1474/* Only legal before guest might have detected the memory size: e.g. on
1475 * incoming migration, or right after reset.
1476 *
1477 * As memory core doesn't know how is memory accessed, it is up to
1478 * resize callback to update device state and/or add assertions to detect
1479 * misuse, if necessary.
1480 */
fa53a0e5 1481int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1482{
62be4e3a
MT		 1483 assert(block);
1484
4ed023ce 1485 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1486
62be4e3a
MT		 1487 if (block->used_length == newsize) {
1488 return 0;
1489 }
1490
1491 if (!(block->flags & RAM_RESIZEABLE)) {
1492 error_setg_errno(errp, EINVAL,
1493 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1494 " in != 0x" RAM_ADDR_FMT, block->idstr,
1495 newsize, block->used_length);
1496 return -EINVAL;
1497 }
1498
1499 if (block->max_length < newsize) {
1500 error_setg_errno(errp, EINVAL,
1501 "Length too large: %s: 0x" RAM_ADDR_FMT
1502 " > 0x" RAM_ADDR_FMT, block->idstr,
1503 newsize, block->max_length);
1504 return -EINVAL;
1505 }
1506
1507 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1508 block->used_length = newsize;
58d2707e
PB		 1509 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1510 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1511 memory_region_set_size(block->mr, newsize);
1512 if (block->resized) {
1513 block->resized(block->idstr, newsize, block->host);
1514 }
1515 return 0;
1516}
1517
5b82b703
SH		 1518/* Called with ram_list.mutex held */
1519static void dirty_memory_extend(ram_addr_t old_ram_size,
1520 ram_addr_t new_ram_size)
1521{
1522 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1523 DIRTY_MEMORY_BLOCK_SIZE);
1524 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1525 DIRTY_MEMORY_BLOCK_SIZE);
1526 int i;
1527
1528 /* Only need to extend if block count increased */
1529 if (new_num_blocks <= old_num_blocks) {
1530 return;
1531 }
1532
1533 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1534 DirtyMemoryBlocks *old_blocks;
1535 DirtyMemoryBlocks *new_blocks;
1536 int j;
1537
1538 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1539 new_blocks = g_malloc(sizeof(*new_blocks) +
1540 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1541
1542 if (old_num_blocks) {
1543 memcpy(new_blocks->blocks, old_blocks->blocks,
1544 old_num_blocks * sizeof(old_blocks->blocks[0]));
1545 }
1546
1547 for (j = old_num_blocks; j < new_num_blocks; j++) {
1548 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1549 }
1550
1551 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1552
1553 if (old_blocks) {
1554 g_free_rcu(old_blocks, rcu);
1555 }
1556 }
1557}
1558
528f46af 1559static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1560{
e1c57ab8 1561 RAMBlock *block;
0d53d9fe 1562 RAMBlock *last_block = NULL;
2152f5ca 1563 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1564 Error *err = NULL;
2152f5ca
JQ		 1565
1566 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1567
b2a8658e 1568 qemu_mutex_lock_ramlist();
9b8424d5 1569 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1570
1571 if (!new_block->host) {
1572 if (xen_enabled()) {
9b8424d5 1573 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1574 new_block->mr, &err);
1575 if (err) {
1576 error_propagate(errp, err);
1577 qemu_mutex_unlock_ramlist();
39c350ee 1578 return;
37aa7a0e 1579 }
e1c57ab8 1580 } else {
9b8424d5 1581 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1582 &new_block->mr->align);
39228250 1583 if (!new_block->host) {
ef701d7b
HT		 1584 error_setg_errno(errp, errno,
1585 "cannot set up guest memory '%s'",
1586 memory_region_name(new_block->mr));
1587 qemu_mutex_unlock_ramlist();
39c350ee 1588 return;
39228250 1589 }
9b8424d5 1590 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1591 }
c902760f 1592 }
94a6b54f 1593
dd631697
LZ		 1594 new_ram_size = MAX(old_ram_size,
1595 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1596 if (new_ram_size > old_ram_size) {
1597 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1598 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1599 }
0d53d9fe
MD		 1600 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1601 * QLIST (which has an RCU-friendly variant) does not have insertion at
1602 * tail, so save the last element in last_block.
1603 */
0dc3f44a 1604 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1605 last_block = block;
9b8424d5 1606 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1607 break;
1608 }
1609 }
1610 if (block) {
0dc3f44a 1611 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1612 } else if (last_block) {
0dc3f44a 1613 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1614 } else { /* list is empty */
0dc3f44a 1615 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1616 }
0d6d3c87 1617 ram_list.mru_block = NULL;
94a6b54f 1618
0dc3f44a
MD		 1619 /* Write list before version */
1620 smp_wmb();
f798b07f 1621 ram_list.version++;
b2a8658e 1622 qemu_mutex_unlock_ramlist();
f798b07f 1623
9b8424d5 1624 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1625 new_block->used_length,
1626 DIRTY_CLIENTS_ALL);
94a6b54f 1627
a904c911
PB		 1628 if (new_block->host) {
1629 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1630 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1631 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1632 if (kvm_enabled()) {
1633 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1634 }
e1c57ab8 1635 }
94a6b54f 1636}
e9a1ab19 1637
0b183fc8 1638#ifdef __linux__
528f46af
FZ		 1639RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1640 bool share, const char *mem_path,
1641 Error **errp)
e1c57ab8
PB		 1642{
1643 RAMBlock *new_block;
ef701d7b 1644 Error *local_err = NULL;
e1c57ab8
PB		 1645
1646 if (xen_enabled()) {
7f56e740 1647 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1648 return NULL;
e1c57ab8
PB		 1649 }
1650
1651 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1652 /*
1653 * file_ram_alloc() needs to allocate just like
1654 * phys_mem_alloc, but we haven't bothered to provide
1655 * a hook there.
1656 */
7f56e740
PB		 1657 error_setg(errp,
1658 "-mem-path not supported with this accelerator");
528f46af 1659 return NULL;
e1c57ab8
PB		 1660 }
1661
4ed023ce 1662 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1663 new_block = g_malloc0(sizeof(*new_block));
1664 new_block->mr = mr;
9b8424d5
MT		 1665 new_block->used_length = size;
1666 new_block->max_length = size;
dbcb8981 1667 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1668 new_block->host = file_ram_alloc(new_block, size,
1669 mem_path, errp);
1670 if (!new_block->host) {
1671 g_free(new_block);
528f46af 1672 return NULL;
7f56e740
PB		 1673 }
1674
528f46af 1675 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1676 if (local_err) {
1677 g_free(new_block);
1678 error_propagate(errp, local_err);
528f46af 1679 return NULL;
ef701d7b 1680 }
528f46af 1681 return new_block;
e1c57ab8 1682}
0b183fc8 1683#endif
e1c57ab8 1684
62be4e3a 1685static
528f46af
FZ		 1686RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1687 void (*resized)(const char*,
1688 uint64_t length,
1689 void *host),
1690 void *host, bool resizeable,
1691 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1692{
1693 RAMBlock *new_block;
ef701d7b 1694 Error *local_err = NULL;
e1c57ab8 1695
4ed023ce
DDAG		 1696 size = HOST_PAGE_ALIGN(size);
1697 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1698 new_block = g_malloc0(sizeof(*new_block));
1699 new_block->mr = mr;
62be4e3a 1700 new_block->resized = resized;
9b8424d5
MT		 1701 new_block->used_length = size;
1702 new_block->max_length = max_size;
62be4e3a 1703 assert(max_size >= size);
e1c57ab8
PB		 1704 new_block->fd = -1;
1705 new_block->host = host;
1706 if (host) {
7bd4f430 1707 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1708 }
62be4e3a
MT		 1709 if (resizeable) {
1710 new_block->flags |= RAM_RESIZEABLE;
1711 }
528f46af 1712 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1713 if (local_err) {
1714 g_free(new_block);
1715 error_propagate(errp, local_err);
528f46af 1716 return NULL;
ef701d7b 1717 }
528f46af 1718 return new_block;
e1c57ab8
PB		 1719}
1720
528f46af 1721RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1722 MemoryRegion *mr, Error **errp)
1723{
1724 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1725}
1726
528f46af 1727RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1728{
62be4e3a
MT		 1729 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1730}
1731
528f46af 1732RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1733 void (*resized)(const char*,
1734 uint64_t length,
1735 void *host),
1736 MemoryRegion *mr, Error **errp)
1737{
1738 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1739}
1740
43771539
PB		 1741static void reclaim_ramblock(RAMBlock *block)
1742{
1743 if (block->flags & RAM_PREALLOC) {
1744 ;
1745 } else if (xen_enabled()) {
1746 xen_invalidate_map_cache_entry(block->host);
1747#ifndef _WIN32
1748 } else if (block->fd >= 0) {
2f3a2bb1 1749 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1750 close(block->fd);
1751#endif
1752 } else {
1753 qemu_anon_ram_free(block->host, block->max_length);
1754 }
1755 g_free(block);
1756}
1757
f1060c55 1758void qemu_ram_free(RAMBlock *block)
e9a1ab19 1759{
85bc2a15
MAL		 1760 if (!block) {
1761 return;
1762 }
1763
b2a8658e 1764 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1765 QLIST_REMOVE_RCU(block, next);
1766 ram_list.mru_block = NULL;
1767 /* Write list before version */
1768 smp_wmb();
1769 ram_list.version++;
1770 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1771 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1772}
1773
cd19cfa2
HY		 1774#ifndef _WIN32
1775void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1776{
1777 RAMBlock *block;
1778 ram_addr_t offset;
1779 int flags;
1780 void *area, *vaddr;
1781
0dc3f44a 1782 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1783 offset = addr - block->offset;
9b8424d5 1784 if (offset < block->max_length) {
1240be24 1785 vaddr = ramblock_ptr(block, offset);
7bd4f430 1786 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1787 ;
dfeaf2ab
MA		 1788 } else if (xen_enabled()) {
1789 abort();
cd19cfa2
HY		 1790 } else {
1791 flags = MAP_FIXED;
3435f395 1792 if (block->fd >= 0) {
dbcb8981
PB		 1793 flags |= (block->flags & RAM_SHARED ?
1794 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1795 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1796 flags, block->fd, offset);
cd19cfa2 1797 } else {
2eb9fbaa
MA		 1798 /*
1799 * Remap needs to match alloc. Accelerators that
1800 * set phys_mem_alloc never remap. If they did,
1801 * we'd need a remap hook here.
1802 */
1803 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1804
cd19cfa2
HY		 1805 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1806 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1807 flags, -1, 0);
cd19cfa2
HY		 1808 }
1809 if (area != vaddr) {
f15fbc4b
AP		 1810 fprintf(stderr, "Could not remap addr: "
1811 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1812 length, addr);
1813 exit(1);
1814 }
8490fc78 1815 memory_try_enable_merging(vaddr, length);
ddb97f1d 1816 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1817 }
cd19cfa2
HY		 1818 }
1819 }
1820}
1821#endif /* !_WIN32 */
1822
a35ba7be
PB		 1823int qemu_get_ram_fd(ram_addr_t addr)
1824{
ae3a7047
MD		 1825 RAMBlock *block;
1826 int fd;
a35ba7be 1827
0dc3f44a 1828 rcu_read_lock();
ae3a7047
MD		 1829 block = qemu_get_ram_block(addr);
1830 fd = block->fd;
0dc3f44a 1831 rcu_read_unlock();
ae3a7047 1832 return fd;
a35ba7be
PB		 1833}
1834
56a571d9
TM		 1835void qemu_set_ram_fd(ram_addr_t addr, int fd)
1836{
1837 RAMBlock *block;
1838
1839 rcu_read_lock();
1840 block = qemu_get_ram_block(addr);
1841 block->fd = fd;
1842 rcu_read_unlock();
1843}
1844
3fd74b84
DM		 1845void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1846{
ae3a7047
MD		 1847 RAMBlock *block;
1848 void *ptr;
3fd74b84 1849
0dc3f44a 1850 rcu_read_lock();
ae3a7047
MD		 1851 block = qemu_get_ram_block(addr);
1852 ptr = ramblock_ptr(block, 0);
0dc3f44a 1853 rcu_read_unlock();
ae3a7047 1854 return ptr;
3fd74b84
DM		 1855}
1856
1b5ec234 1857/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1858 * This should not be used for general purpose DMA. Use address_space_map
1859 * or address_space_rw instead. For local memory (e.g. video ram) that the
1860 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1861 *
49b24afc 1862 * Called within RCU critical section.
1b5ec234 1863 */
3655cb9c 1864void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1865{
3655cb9c
GA		 1866 RAMBlock *block = ram_block;
1867
1868 if (block == NULL) {
1869 block = qemu_get_ram_block(addr);
1870 }
ae3a7047
MD		 1871
1872 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1873 /* We need to check if the requested address is in the RAM
1874 * because we don't want to map the entire memory in QEMU.
1875 * In that case just map until the end of the page.
1876 */
1877 if (block->offset == 0) {
49b24afc 1878 return xen_map_cache(addr, 0, 0);
0d6d3c87 1879 }
ae3a7047
MD		 1880
1881 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1882 }
49b24afc 1883 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1884}
1885
38bee5dc 1886/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1887 * but takes a size argument.
0dc3f44a 1888 *
e81bcda5 1889 * Called within RCU critical section.
ae3a7047 1890 */
3655cb9c
GA		 1891static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1892 hwaddr *size)
38bee5dc 1893{
3655cb9c 1894 RAMBlock *block = ram_block;
e81bcda5 1895 ram_addr_t offset_inside_block;
8ab934f9
SS		 1896 if (*size == 0) {
1897 return NULL;
1898 }
e81bcda5 1899
3655cb9c
GA		 1900 if (block == NULL) {
1901 block = qemu_get_ram_block(addr);
1902 }
e81bcda5
PB		 1903 offset_inside_block = addr - block->offset;
1904 *size = MIN(*size, block->max_length - offset_inside_block);
1905
1906 if (xen_enabled() && block->host == NULL) {
1907 /* We need to check if the requested address is in the RAM
1908 * because we don't want to map the entire memory in QEMU.
1909 * In that case just map the requested area.
1910 */
1911 if (block->offset == 0) {
1912 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1913 }
1914
e81bcda5 1915 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1916 }
e81bcda5
PB		 1917
1918 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1919}
1920
422148d3
DDAG		 1921/*
1922 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1923 * in that RAMBlock.
1924 *
1925 * ptr: Host pointer to look up
1926 * round_offset: If true round the result offset down to a page boundary
1927 * *ram_addr: set to result ram_addr
1928 * *offset: set to result offset within the RAMBlock
1929 *
1930 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1931 *
1932 * By the time this function returns, the returned pointer is not protected
1933 * by RCU anymore. If the caller is not within an RCU critical section and
1934 * does not hold the iothread lock, it must have other means of protecting the
1935 * pointer, such as a reference to the region that includes the incoming
1936 * ram_addr_t.
1937 */
422148d3
DDAG		 1938RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1939 ram_addr_t *ram_addr,
1940 ram_addr_t *offset)
5579c7f3 1941{
94a6b54f
PB		 1942 RAMBlock *block;
1943 uint8_t *host = ptr;
1944
868bb33f 1945 if (xen_enabled()) {
0dc3f44a 1946 rcu_read_lock();
e41d7c69 1947 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1948 block = qemu_get_ram_block(*ram_addr);
1949 if (block) {
1950 *offset = (host - block->host);
1951 }
0dc3f44a 1952 rcu_read_unlock();
422148d3 1953 return block;
712c2b41
SS		 1954 }
1955
0dc3f44a
MD		 1956 rcu_read_lock();
1957 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1958 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1959 goto found;
1960 }
1961
0dc3f44a 1962 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1963 /* This case append when the block is not mapped. */
1964 if (block->host == NULL) {
1965 continue;
1966 }
9b8424d5 1967 if (host - block->host < block->max_length) {
23887b79 1968 goto found;
f471a17e 1969 }
94a6b54f 1970 }
432d268c 1971
0dc3f44a 1972 rcu_read_unlock();
1b5ec234 1973 return NULL;
23887b79
PB		 1974
1975found:
422148d3
DDAG		 1976 *offset = (host - block->host);
1977 if (round_offset) {
1978 *offset &= TARGET_PAGE_MASK;
1979 }
1980 *ram_addr = block->offset + *offset;
0dc3f44a 1981 rcu_read_unlock();
422148d3
DDAG		 1982 return block;
1983}
1984
e3dd7493
DDAG		 1985/*
1986 * Finds the named RAMBlock
1987 *
1988 * name: The name of RAMBlock to find
1989 *
1990 * Returns: RAMBlock (or NULL if not found)
1991 */
1992RAMBlock *qemu_ram_block_by_name(const char *name)
1993{
1994 RAMBlock *block;
1995
1996 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1997 if (!strcmp(name, block->idstr)) {
1998 return block;
1999 }
2000 }
2001
2002 return NULL;
2003}
2004
422148d3
DDAG		 2005/* Some of the softmmu routines need to translate from a host pointer
2006 (typically a TLB entry) back to a ram offset. */
2007MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2008{
2009 RAMBlock *block;
2010 ram_addr_t offset; /* Not used */
2011
2012 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2013
2014 if (!block) {
2015 return NULL;
2016 }
2017
2018 return block->mr;
e890261f 2019}
f471a17e 2020
49b24afc 2021/* Called within RCU critical section. */
a8170e5e 2022static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2023 uint64_t val, unsigned size)
9fa3e853 2024{
52159192 2025 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2026 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2027 }
0e0df1e2
AK		 2028 switch (size) {
2029 case 1:
3655cb9c 2030 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2031 break;
2032 case 2:
3655cb9c 2033 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2034 break;
2035 case 4:
3655cb9c 2036 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2037 break;
2038 default:
2039 abort();
3a7d929e 2040 }
58d2707e
PB		 2041 /* Set both VGA and migration bits for simplicity and to remove
2042 * the notdirty callback faster.
2043 */
2044 cpu_physical_memory_set_dirty_range(ram_addr, size,
2045 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2046 /* we remove the notdirty callback only if the code has been
2047 flushed */
a2cd8c85 2048 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2049 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2050 }
9fa3e853
FB		 2051}
2052
b018ddf6
PB		 2053static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2054 unsigned size, bool is_write)
2055{
2056 return is_write;
2057}
2058
0e0df1e2 2059static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2060 .write = notdirty_mem_write,
b018ddf6 2061 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2062 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2063};
2064
0f459d16 2065/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2066static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2067{
93afeade 2068 CPUState *cpu = current_cpu;
568496c0 2069 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2070 CPUArchState *env = cpu->env_ptr;
06d55cc1 2071 target_ulong pc, cs_base;
0f459d16 2072 target_ulong vaddr;
a1d1bb31 2073 CPUWatchpoint *wp;
89fee74a 2074 uint32_t cpu_flags;
0f459d16 2075
ff4700b0 2076 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2077 /* We re-entered the check after replacing the TB. Now raise
2078 * the debug interrupt so that is will trigger after the
2079 * current instruction. */
93afeade 2080 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2081 return;
2082 }
93afeade 2083 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2084 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2085 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2086 && (wp->flags & flags)) {
08225676
PM		 2087 if (flags == BP_MEM_READ) {
2088 wp->flags |= BP_WATCHPOINT_HIT_READ;
2089 } else {
2090 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2091 }
2092 wp->hitaddr = vaddr;
66b9b43c 2093 wp->hitattrs = attrs;
ff4700b0 2094 if (!cpu->watchpoint_hit) {
568496c0
SF		 2095 if (wp->flags & BP_CPU &&
2096 !cc->debug_check_watchpoint(cpu, wp)) {
2097 wp->flags &= ~BP_WATCHPOINT_HIT;
2098 continue;
2099 }
ff4700b0 2100 cpu->watchpoint_hit = wp;
239c51a5 2101 tb_check_watchpoint(cpu);
6e140f28 2102 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2103 cpu->exception_index = EXCP_DEBUG;
5638d180 2104 cpu_loop_exit(cpu);
6e140f28
AL		 2105 } else {
2106 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2107 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2108 cpu_resume_from_signal(cpu, NULL);
6e140f28 2109 }
06d55cc1 2110 }
6e140f28
AL		 2111 } else {
2112 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2113 }
2114 }
2115}
2116
6658ffb8
PB		 2117/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2118 so these check for a hit then pass through to the normal out-of-line
2119 phys routines. */
66b9b43c
PM		 2120static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2121 unsigned size, MemTxAttrs attrs)
6658ffb8 2122{
66b9b43c
PM		 2123 MemTxResult res;
2124 uint64_t data;
79ed0416
PM		 2125 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2126 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2127
2128 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2129 switch (size) {
66b9b43c 2130 case 1:
79ed0416 2131 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2132 break;
2133 case 2:
79ed0416 2134 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2135 break;
2136 case 4:
79ed0416 2137 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2138 break;
1ec9b909
AK		 2139 default: abort();
2140 }
66b9b43c
PM		 2141 *pdata = data;
2142 return res;
6658ffb8
PB		 2143}
2144
66b9b43c
PM		 2145static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2146 uint64_t val, unsigned size,
2147 MemTxAttrs attrs)
6658ffb8 2148{
66b9b43c 2149 MemTxResult res;
79ed0416
PM		 2150 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2151 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2152
2153 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2154 switch (size) {
67364150 2155 case 1:
79ed0416 2156 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2157 break;
2158 case 2:
79ed0416 2159 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2160 break;
2161 case 4:
79ed0416 2162 address_space_stl(as, addr, val, attrs, &res);
67364150 2163 break;
1ec9b909
AK		 2164 default: abort();
2165 }
66b9b43c 2166 return res;
6658ffb8
PB		 2167}
2168
1ec9b909 2169static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2170 .read_with_attrs = watch_mem_read,
2171 .write_with_attrs = watch_mem_write,
1ec9b909 2172 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2173};
6658ffb8 2174
f25a49e0
PM		 2175static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2176 unsigned len, MemTxAttrs attrs)
db7b5426 2177{
acc9d80b 2178 subpage_t *subpage = opaque;
ff6cff75 2179 uint8_t buf[8];
5c9eb028 2180 MemTxResult res;
791af8c8 2181
db7b5426 2182#if defined(DEBUG_SUBPAGE)
016e9d62 2183 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2184 subpage, len, addr);
db7b5426 2185#endif
5c9eb028
PM		 2186 res = address_space_read(subpage->as, addr + subpage->base,
2187 attrs, buf, len);
2188 if (res) {
2189 return res;
f25a49e0 2190 }
acc9d80b
JK		 2191 switch (len) {
2192 case 1:
f25a49e0
PM		 2193 *data = ldub_p(buf);
2194 return MEMTX_OK;
acc9d80b 2195 case 2:
f25a49e0
PM		 2196 *data = lduw_p(buf);
2197 return MEMTX_OK;
acc9d80b 2198 case 4:
f25a49e0
PM		 2199 *data = ldl_p(buf);
2200 return MEMTX_OK;
ff6cff75 2201 case 8:
f25a49e0
PM		 2202 *data = ldq_p(buf);
2203 return MEMTX_OK;
acc9d80b
JK		 2204 default:
2205 abort();
2206 }
db7b5426
BS		 2207}
2208
f25a49e0
PM		 2209static MemTxResult subpage_write(void *opaque, hwaddr addr,
2210 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2211{
acc9d80b 2212 subpage_t *subpage = opaque;
ff6cff75 2213 uint8_t buf[8];
acc9d80b 2214
db7b5426 2215#if defined(DEBUG_SUBPAGE)
016e9d62 2216 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2217 " value %"PRIx64"\n",
2218 __func__, subpage, len, addr, value);
db7b5426 2219#endif
acc9d80b
JK		 2220 switch (len) {
2221 case 1:
2222 stb_p(buf, value);
2223 break;
2224 case 2:
2225 stw_p(buf, value);
2226 break;
2227 case 4:
2228 stl_p(buf, value);
2229 break;
ff6cff75
PB		 2230 case 8:
2231 stq_p(buf, value);
2232 break;
acc9d80b
JK		 2233 default:
2234 abort();
2235 }
5c9eb028
PM		 2236 return address_space_write(subpage->as, addr + subpage->base,
2237 attrs, buf, len);
db7b5426
BS		 2238}
2239
c353e4cc 2240static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2241 unsigned len, bool is_write)
c353e4cc 2242{
acc9d80b 2243 subpage_t *subpage = opaque;
c353e4cc 2244#if defined(DEBUG_SUBPAGE)
016e9d62 2245 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2246 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2247#endif
2248
acc9d80b 2249 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2250 len, is_write);
c353e4cc
PB		 2251}
2252
70c68e44 2253static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2254 .read_with_attrs = subpage_read,
2255 .write_with_attrs = subpage_write,
ff6cff75
PB		 2256 .impl.min_access_size = 1,
2257 .impl.max_access_size = 8,
2258 .valid.min_access_size = 1,
2259 .valid.max_access_size = 8,
c353e4cc 2260 .valid.accepts = subpage_accepts,
70c68e44 2261 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2262};
2263
c227f099 2264static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2265 uint16_t section)
db7b5426
BS		 2266{
2267 int idx, eidx;
2268
2269 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2270 return -1;
2271 idx = SUBPAGE_IDX(start);
2272 eidx = SUBPAGE_IDX(end);
2273#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2274 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2275 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2276#endif
db7b5426 2277 for (; idx <= eidx; idx++) {
5312bd8b 2278 mmio->sub_section[idx] = section;
db7b5426
BS		 2279 }
2280
2281 return 0;
2282}
2283
acc9d80b 2284static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2285{
c227f099 2286 subpage_t *mmio;
db7b5426 2287
7267c094 2288 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2289
acc9d80b 2290 mmio->as = as;
1eec614b 2291 mmio->base = base;
2c9b15ca 2292 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2293 NULL, TARGET_PAGE_SIZE);
b3b00c78 2294 mmio->iomem.subpage = true;
db7b5426 2295#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2296 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2297 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2298#endif
b41aac4f 2299 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2300
2301 return mmio;
2302}
2303
a656e22f
PC		 2304static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2305 MemoryRegion *mr)
5312bd8b 2306{
a656e22f 2307 assert(as);
5312bd8b 2308 MemoryRegionSection section = {
a656e22f 2309 .address_space = as,
5312bd8b
AK		 2310 .mr = mr,
2311 .offset_within_address_space = 0,
2312 .offset_within_region = 0,
052e87b0 2313 .size = int128_2_64(),
5312bd8b
AK		 2314 };
2315
53cb28cb 2316 return phys_section_add(map, &section);
5312bd8b
AK		 2317}
2318
a54c87b6 2319MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2320{
a54c87b6
PM		 2321 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2322 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2323 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2324 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2325
2326 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2327}
2328
e9179ce1
AK		 2329static void io_mem_init(void)
2330{
1f6245e5 2331 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2332 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2333 NULL, UINT64_MAX);
2c9b15ca 2334 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2335 NULL, UINT64_MAX);
2c9b15ca 2336 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2337 NULL, UINT64_MAX);
e9179ce1
AK		 2338}
2339
ac1970fb 2340static void mem_begin(MemoryListener *listener)
00752703
PB		 2341{
2342 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2343 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2344 uint16_t n;
2345
a656e22f 2346 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2347 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2348 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2349 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2350 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2351 assert(n == PHYS_SECTION_ROM);
a656e22f 2352 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2353 assert(n == PHYS_SECTION_WATCH);
00752703 2354
9736e55b 2355 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2356 d->as = as;
2357 as->next_dispatch = d;
2358}
2359
79e2b9ae
PB		 2360static void address_space_dispatch_free(AddressSpaceDispatch *d)
2361{
2362 phys_sections_free(&d->map);
2363 g_free(d);
2364}
2365
00752703 2366static void mem_commit(MemoryListener *listener)
ac1970fb 2367{
89ae337a 2368 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2369 AddressSpaceDispatch *cur = as->dispatch;
2370 AddressSpaceDispatch *next = as->next_dispatch;
2371
53cb28cb 2372 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2373
79e2b9ae 2374 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2375 if (cur) {
79e2b9ae 2376 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2377 }
9affd6fc
PB		 2378}
2379
1d71148e 2380static void tcg_commit(MemoryListener *listener)
50c1e149 2381{
32857f4d
PM		 2382 CPUAddressSpace *cpuas;
2383 AddressSpaceDispatch *d;
117712c3
AK		 2384
2385 /* since each CPU stores ram addresses in its TLB cache, we must
2386 reset the modified entries */
32857f4d
PM		 2387 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2388 cpu_reloading_memory_map();
2389 /* The CPU and TLB are protected by the iothread lock.
2390 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2391 * may have split the RCU critical section.
2392 */
2393 d = atomic_rcu_read(&cpuas->as->dispatch);
2394 cpuas->memory_dispatch = d;
2395 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2396}
2397
ac1970fb
AK		 2398void address_space_init_dispatch(AddressSpace *as)
2399{
00752703 2400 as->dispatch = NULL;
89ae337a 2401 as->dispatch_listener = (MemoryListener) {
ac1970fb 2402 .begin = mem_begin,
00752703 2403 .commit = mem_commit,
ac1970fb
AK		 2404 .region_add = mem_add,
2405 .region_nop = mem_add,
2406 .priority = 0,
2407 };
89ae337a 2408 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2409}
2410
6e48e8f9
PB		 2411void address_space_unregister(AddressSpace *as)
2412{
2413 memory_listener_unregister(&as->dispatch_listener);
2414}
2415
83f3c251
AK		 2416void address_space_destroy_dispatch(AddressSpace *as)
2417{
2418 AddressSpaceDispatch *d = as->dispatch;
2419
79e2b9ae
PB		 2420 atomic_rcu_set(&as->dispatch, NULL);
2421 if (d) {
2422 call_rcu(d, address_space_dispatch_free, rcu);
2423 }
83f3c251
AK		 2424}
2425
62152b8a
AK		 2426static void memory_map_init(void)
2427{
7267c094 2428 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2429
57271d63 2430 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2431 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2432
7267c094 2433 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2434 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2435 65536);
7dca8043 2436 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2437}
2438
2439MemoryRegion *get_system_memory(void)
2440{
2441 return system_memory;
2442}
2443
309cb471
AK		 2444MemoryRegion *get_system_io(void)
2445{
2446 return system_io;
2447}
2448
e2eef170
PB		 2449#endif /* !defined(CONFIG_USER_ONLY) */
2450
13eb76e0
FB		 2451/* physical memory access (slow version, mainly for debug) */
2452#if defined(CONFIG_USER_ONLY)
f17ec444 2453int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2454 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2455{
2456 int l, flags;
2457 target_ulong page;
53a5960a 2458 void * p;
13eb76e0
FB		 2459
2460 while (len > 0) {
2461 page = addr & TARGET_PAGE_MASK;
2462 l = (page + TARGET_PAGE_SIZE) - addr;
2463 if (l > len)
2464 l = len;
2465 flags = page_get_flags(page);
2466 if (!(flags & PAGE_VALID))
a68fe89c 2467 return -1;
13eb76e0
FB		 2468 if (is_write) {
2469 if (!(flags & PAGE_WRITE))
a68fe89c 2470 return -1;
579a97f7 2471 /* XXX: this code should not depend on lock_user */
72fb7daa 2472 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2473 return -1;
72fb7daa
AJ		 2474 memcpy(p, buf, l);
2475 unlock_user(p, addr, l);
13eb76e0
FB		 2476 } else {
2477 if (!(flags & PAGE_READ))
a68fe89c 2478 return -1;
579a97f7 2479 /* XXX: this code should not depend on lock_user */
72fb7daa 2480 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2481 return -1;
72fb7daa 2482 memcpy(buf, p, l);
5b257578 2483 unlock_user(p, addr, 0);
13eb76e0
FB		 2484 }
2485 len -= l;
2486 buf += l;
2487 addr += l;
2488 }
a68fe89c 2489 return 0;
13eb76e0 2490}
8df1cd07 2491
13eb76e0 2492#else
51d7a9eb 2493
845b6214 2494static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2495 hwaddr length)
51d7a9eb 2496{
e87f7778
PB		 2497 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2498 /* No early return if dirty_log_mask is or becomes 0, because
2499 * cpu_physical_memory_set_dirty_range will still call
2500 * xen_modified_memory.
2501 */
2502 if (dirty_log_mask) {
2503 dirty_log_mask =
2504 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2505 }
2506 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2507 tb_invalidate_phys_range(addr, addr + length);
2508 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2509 }
e87f7778 2510 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2511}
2512
23326164 2513static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2514{
e1622f4b 2515 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2516
2517 /* Regions are assumed to support 1-4 byte accesses unless
2518 otherwise specified. */
23326164
RH		 2519 if (access_size_max == 0) {
2520 access_size_max = 4;
2521 }
2522
2523 /* Bound the maximum access by the alignment of the address. */
2524 if (!mr->ops->impl.unaligned) {
2525 unsigned align_size_max = addr & -addr;
2526 if (align_size_max != 0 && align_size_max < access_size_max) {
2527 access_size_max = align_size_max;
2528 }
82f2563f 2529 }
23326164
RH		 2530
2531 /* Don't attempt accesses larger than the maximum. */
2532 if (l > access_size_max) {
2533 l = access_size_max;
82f2563f 2534 }
6554f5c0 2535 l = pow2floor(l);
23326164
RH		 2536
2537 return l;
82f2563f
PB		 2538}
2539
4840f10e 2540static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2541{
4840f10e
JK		 2542 bool unlocked = !qemu_mutex_iothread_locked();
2543 bool release_lock = false;
2544
2545 if (unlocked && mr->global_locking) {
2546 qemu_mutex_lock_iothread();
2547 unlocked = false;
2548 release_lock = true;
2549 }
125b3806 2550 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2551 if (unlocked) {
2552 qemu_mutex_lock_iothread();
2553 }
125b3806 2554 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2555 if (unlocked) {
2556 qemu_mutex_unlock_iothread();
2557 }
125b3806 2558 }
4840f10e
JK		 2559
2560 return release_lock;
125b3806
PB		 2561}
2562
a203ac70
PB		 2563/* Called within RCU critical section. */
2564static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2565 MemTxAttrs attrs,
2566 const uint8_t *buf,
2567 int len, hwaddr addr1,
2568 hwaddr l, MemoryRegion *mr)
13eb76e0 2569{
13eb76e0 2570 uint8_t *ptr;
791af8c8 2571 uint64_t val;
3b643495 2572 MemTxResult result = MEMTX_OK;
4840f10e 2573 bool release_lock = false;
3b46e624 2574
a203ac70 2575 for (;;) {
eb7eeb88
PB		 2576 if (!memory_access_is_direct(mr, true)) {
2577 release_lock |= prepare_mmio_access(mr);
2578 l = memory_access_size(mr, l, addr1);
2579 /* XXX: could force current_cpu to NULL to avoid
2580 potential bugs */
2581 switch (l) {
2582 case 8:
2583 /* 64 bit write access */
2584 val = ldq_p(buf);
2585 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2586 attrs);
2587 break;
2588 case 4:
2589 /* 32 bit write access */
2590 val = ldl_p(buf);
2591 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2592 attrs);
2593 break;
2594 case 2:
2595 /* 16 bit write access */
2596 val = lduw_p(buf);
2597 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2598 attrs);
2599 break;
2600 case 1:
2601 /* 8 bit write access */
2602 val = ldub_p(buf);
2603 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2604 attrs);
2605 break;
2606 default:
2607 abort();
13eb76e0
FB		 2608 }
2609 } else {
eb7eeb88
PB		 2610 addr1 += memory_region_get_ram_addr(mr);
2611 /* RAM case */
3655cb9c 2612 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2613 memcpy(ptr, buf, l);
2614 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2615 }
4840f10e
JK		 2616
2617 if (release_lock) {
2618 qemu_mutex_unlock_iothread();
2619 release_lock = false;
2620 }
2621
13eb76e0
FB		 2622 len -= l;
2623 buf += l;
2624 addr += l;
a203ac70
PB		 2625
2626 if (!len) {
2627 break;
2628 }
2629
2630 l = len;
2631 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2632 }
fd8aaa76 2633
3b643495 2634 return result;
13eb76e0 2635}
8df1cd07 2636
a203ac70
PB		 2637MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2638 const uint8_t *buf, int len)
ac1970fb 2639{
eb7eeb88 2640 hwaddr l;
eb7eeb88
PB		 2641 hwaddr addr1;
2642 MemoryRegion *mr;
2643 MemTxResult result = MEMTX_OK;
eb7eeb88 2644
a203ac70
PB		 2645 if (len > 0) {
2646 rcu_read_lock();
eb7eeb88 2647 l = len;
a203ac70
PB		 2648 mr = address_space_translate(as, addr, &addr1, &l, true);
2649 result = address_space_write_continue(as, addr, attrs, buf, len,
2650 addr1, l, mr);
2651 rcu_read_unlock();
2652 }
2653
2654 return result;
2655}
2656
2657/* Called within RCU critical section. */
2658MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2659 MemTxAttrs attrs, uint8_t *buf,
2660 int len, hwaddr addr1, hwaddr l,
2661 MemoryRegion *mr)
2662{
2663 uint8_t *ptr;
2664 uint64_t val;
2665 MemTxResult result = MEMTX_OK;
2666 bool release_lock = false;
eb7eeb88 2667
a203ac70 2668 for (;;) {
eb7eeb88
PB		 2669 if (!memory_access_is_direct(mr, false)) {
2670 /* I/O case */
2671 release_lock |= prepare_mmio_access(mr);
2672 l = memory_access_size(mr, l, addr1);
2673 switch (l) {
2674 case 8:
2675 /* 64 bit read access */
2676 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2677 attrs);
2678 stq_p(buf, val);
2679 break;
2680 case 4:
2681 /* 32 bit read access */
2682 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2683 attrs);
2684 stl_p(buf, val);
2685 break;
2686 case 2:
2687 /* 16 bit read access */
2688 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2689 attrs);
2690 stw_p(buf, val);
2691 break;
2692 case 1:
2693 /* 8 bit read access */
2694 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2695 attrs);
2696 stb_p(buf, val);
2697 break;
2698 default:
2699 abort();
2700 }
2701 } else {
2702 /* RAM case */
8e41fb63
FZ		 2703 ptr = qemu_get_ram_ptr(mr->ram_block,
2704 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2705 memcpy(buf, ptr, l);
2706 }
2707
2708 if (release_lock) {
2709 qemu_mutex_unlock_iothread();
2710 release_lock = false;
2711 }
2712
2713 len -= l;
2714 buf += l;
2715 addr += l;
a203ac70
PB		 2716
2717 if (!len) {
2718 break;
2719 }
2720
2721 l = len;
2722 mr = address_space_translate(as, addr, &addr1, &l, false);
2723 }
2724
2725 return result;
2726}
2727
3cc8f884
PB		 2728MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2729 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2730{
2731 hwaddr l;
2732 hwaddr addr1;
2733 MemoryRegion *mr;
2734 MemTxResult result = MEMTX_OK;
2735
2736 if (len > 0) {
2737 rcu_read_lock();
2738 l = len;
2739 mr = address_space_translate(as, addr, &addr1, &l, false);
2740 result = address_space_read_continue(as, addr, attrs, buf, len,
2741 addr1, l, mr);
2742 rcu_read_unlock();
eb7eeb88 2743 }
eb7eeb88
PB		 2744
2745 return result;
ac1970fb
AK		 2746}
2747
eb7eeb88
PB		 2748MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2749 uint8_t *buf, int len, bool is_write)
2750{
2751 if (is_write) {
2752 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2753 } else {
2754 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2755 }
2756}
ac1970fb 2757
a8170e5e 2758void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2759 int len, int is_write)
2760{
5c9eb028
PM		 2761 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2762 buf, len, is_write);
ac1970fb
AK		 2763}
2764
582b55a9
AG		 2765enum write_rom_type {
2766 WRITE_DATA,
2767 FLUSH_CACHE,
2768};
2769
2a221651 2770static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2771 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2772{
149f54b5 2773 hwaddr l;
d0ecd2aa 2774 uint8_t *ptr;
149f54b5 2775 hwaddr addr1;
5c8a00ce 2776 MemoryRegion *mr;
3b46e624 2777
41063e1e 2778 rcu_read_lock();
d0ecd2aa 2779 while (len > 0) {
149f54b5 2780 l = len;
2a221651 2781 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2782
5c8a00ce
PB		 2783 if (!(memory_region_is_ram(mr) ||
2784 memory_region_is_romd(mr))) {
b242e0e0 2785 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2786 } else {
5c8a00ce 2787 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2788 /* ROM/RAM case */
3655cb9c 2789 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2790 switch (type) {
2791 case WRITE_DATA:
2792 memcpy(ptr, buf, l);
845b6214 2793 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2794 break;
2795 case FLUSH_CACHE:
2796 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2797 break;
2798 }
d0ecd2aa
FB		 2799 }
2800 len -= l;
2801 buf += l;
2802 addr += l;
2803 }
41063e1e 2804 rcu_read_unlock();
d0ecd2aa
FB		 2805}
2806
582b55a9 2807/* used for ROM loading : can write in RAM and ROM */
2a221651 2808void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2809 const uint8_t *buf, int len)
2810{
2a221651 2811 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2812}
2813
2814void cpu_flush_icache_range(hwaddr start, int len)
2815{
2816 /*
2817 * This function should do the same thing as an icache flush that was
2818 * triggered from within the guest. For TCG we are always cache coherent,
2819 * so there is no need to flush anything. For KVM / Xen we need to flush
2820 * the host's instruction cache at least.
2821 */
2822 if (tcg_enabled()) {
2823 return;
2824 }
2825
2a221651
EI		 2826 cpu_physical_memory_write_rom_internal(&address_space_memory,
2827 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2828}
2829
6d16c2f8 2830typedef struct {
d3e71559 2831 MemoryRegion *mr;
6d16c2f8 2832 void *buffer;
a8170e5e
AK		 2833 hwaddr addr;
2834 hwaddr len;
c2cba0ff 2835 bool in_use;
6d16c2f8
AL		 2836} BounceBuffer;
2837
2838static BounceBuffer bounce;
2839
ba223c29 2840typedef struct MapClient {
e95205e1 2841 QEMUBH *bh;
72cf2d4f 2842 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2843} MapClient;
2844
38e047b5 2845QemuMutex map_client_list_lock;
72cf2d4f
BS		 2846static QLIST_HEAD(map_client_list, MapClient) map_client_list
2847 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2848
e95205e1
FZ		 2849static void cpu_unregister_map_client_do(MapClient *client)
2850{
2851 QLIST_REMOVE(client, link);
2852 g_free(client);
2853}
2854
33b6c2ed
FZ		 2855static void cpu_notify_map_clients_locked(void)
2856{
2857 MapClient *client;
2858
2859 while (!QLIST_EMPTY(&map_client_list)) {
2860 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2861 qemu_bh_schedule(client->bh);
2862 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2863 }
2864}
2865
e95205e1 2866void cpu_register_map_client(QEMUBH *bh)
ba223c29 2867{
7267c094 2868 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2869
38e047b5 2870 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2871 client->bh = bh;
72cf2d4f 2872 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2873 if (!atomic_read(&bounce.in_use)) {
2874 cpu_notify_map_clients_locked();
2875 }
38e047b5 2876 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2877}
2878
38e047b5 2879void cpu_exec_init_all(void)
ba223c29 2880{
38e047b5 2881 qemu_mutex_init(&ram_list.mutex);
38e047b5 2882 io_mem_init();
680a4783 2883 memory_map_init();
38e047b5 2884 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2885}
2886
e95205e1 2887void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2888{
2889 MapClient *client;
2890
e95205e1
FZ		 2891 qemu_mutex_lock(&map_client_list_lock);
2892 QLIST_FOREACH(client, &map_client_list, link) {
2893 if (client->bh == bh) {
2894 cpu_unregister_map_client_do(client);
2895 break;
2896 }
ba223c29 2897 }
e95205e1 2898 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2899}
2900
2901static void cpu_notify_map_clients(void)
2902{
38e047b5 2903 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2904 cpu_notify_map_clients_locked();
38e047b5 2905 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2906}
2907
51644ab7
PB		 2908bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2909{
5c8a00ce 2910 MemoryRegion *mr;
51644ab7
PB		 2911 hwaddr l, xlat;
2912
41063e1e 2913 rcu_read_lock();
51644ab7
PB		 2914 while (len > 0) {
2915 l = len;
5c8a00ce
PB		 2916 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2917 if (!memory_access_is_direct(mr, is_write)) {
2918 l = memory_access_size(mr, l, addr);
2919 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2920 return false;
2921 }
2922 }
2923
2924 len -= l;
2925 addr += l;
2926 }
41063e1e 2927 rcu_read_unlock();
51644ab7
PB		 2928 return true;
2929}
2930
6d16c2f8
AL		 2931/* Map a physical memory region into a host virtual address.
2932 * May map a subset of the requested range, given by and returned in *plen.
2933 * May return NULL if resources needed to perform the mapping are exhausted.
2934 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2935 * Use cpu_register_map_client() to know when retrying the map operation is
2936 * likely to succeed.
6d16c2f8 2937 */
ac1970fb 2938void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2939 hwaddr addr,
2940 hwaddr *plen,
ac1970fb 2941 bool is_write)
6d16c2f8 2942{
a8170e5e 2943 hwaddr len = *plen;
e3127ae0
PB		 2944 hwaddr done = 0;
2945 hwaddr l, xlat, base;
2946 MemoryRegion *mr, *this_mr;
2947 ram_addr_t raddr;
e81bcda5 2948 void *ptr;
6d16c2f8 2949
e3127ae0
PB		 2950 if (len == 0) {
2951 return NULL;
2952 }
38bee5dc 2953
e3127ae0 2954 l = len;
41063e1e 2955 rcu_read_lock();
e3127ae0 2956 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2957
e3127ae0 2958 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2959 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2960 rcu_read_unlock();
e3127ae0 2961 return NULL;
6d16c2f8 2962 }
e85d9db5
KW		 2963 /* Avoid unbounded allocations */
2964 l = MIN(l, TARGET_PAGE_SIZE);
2965 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2966 bounce.addr = addr;
2967 bounce.len = l;
d3e71559
PB		 2968
2969 memory_region_ref(mr);
2970 bounce.mr = mr;
e3127ae0 2971 if (!is_write) {
5c9eb028
PM		 2972 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2973 bounce.buffer, l);
8ab934f9 2974 }
6d16c2f8 2975
41063e1e 2976 rcu_read_unlock();
e3127ae0
PB		 2977 *plen = l;
2978 return bounce.buffer;
2979 }
2980
2981 base = xlat;
2982 raddr = memory_region_get_ram_addr(mr);
2983
2984 for (;;) {
6d16c2f8
AL		 2985 len -= l;
2986 addr += l;
e3127ae0
PB		 2987 done += l;
2988 if (len == 0) {
2989 break;
2990 }
2991
2992 l = len;
2993 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2994 if (this_mr != mr || xlat != base + done) {
2995 break;
2996 }
6d16c2f8 2997 }
e3127ae0 2998
d3e71559 2999 memory_region_ref(mr);
e3127ae0 3000 *plen = done;
3655cb9c 3001 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 3002 rcu_read_unlock();
3003
3004 return ptr;
6d16c2f8
AL		 3005}
3006
ac1970fb 3007/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3008 * Will also mark the memory as dirty if is_write == 1. access_len gives
3009 * the amount of memory that was actually read or written by the caller.
3010 */
a8170e5e
AK		 3011void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3012 int is_write, hwaddr access_len)
6d16c2f8
AL		 3013{
3014 if (buffer != bounce.buffer) {
d3e71559
PB		 3015 MemoryRegion *mr;
3016 ram_addr_t addr1;
3017
3018 mr = qemu_ram_addr_from_host(buffer, &addr1);
3019 assert(mr != NULL);
6d16c2f8 3020 if (is_write) {
845b6214 3021 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3022 }
868bb33f 3023 if (xen_enabled()) {
e41d7c69 3024 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3025 }
d3e71559 3026 memory_region_unref(mr);
6d16c2f8
AL		 3027 return;
3028 }
3029 if (is_write) {
5c9eb028
PM		 3030 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3031 bounce.buffer, access_len);
6d16c2f8 3032 }
f8a83245 3033 qemu_vfree(bounce.buffer);
6d16c2f8 3034 bounce.buffer = NULL;
d3e71559 3035 memory_region_unref(bounce.mr);
c2cba0ff 3036 atomic_mb_set(&bounce.in_use, false);
ba223c29 3037 cpu_notify_map_clients();
6d16c2f8 3038}
d0ecd2aa 3039
a8170e5e
AK		 3040void *cpu_physical_memory_map(hwaddr addr,
3041 hwaddr *plen,
ac1970fb
AK		 3042 int is_write)
3043{
3044 return address_space_map(&address_space_memory, addr, plen, is_write);
3045}
3046
a8170e5e
AK		 3047void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3048 int is_write, hwaddr access_len)
ac1970fb
AK		 3049{
3050 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3051}
3052
8df1cd07 3053/* warning: addr must be aligned */
50013115
PM		 3054static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3055 MemTxAttrs attrs,
3056 MemTxResult *result,
3057 enum device_endian endian)
8df1cd07 3058{
8df1cd07 3059 uint8_t *ptr;
791af8c8 3060 uint64_t val;
5c8a00ce 3061 MemoryRegion *mr;
149f54b5
PB		 3062 hwaddr l = 4;
3063 hwaddr addr1;
50013115 3064 MemTxResult r;
4840f10e 3065 bool release_lock = false;
8df1cd07 3066
41063e1e 3067 rcu_read_lock();
fdfba1a2 3068 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3069 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3070 release_lock |= prepare_mmio_access(mr);
125b3806 3071
8df1cd07 3072 /* I/O case */
50013115 3073 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3074#if defined(TARGET_WORDS_BIGENDIAN)
3075 if (endian == DEVICE_LITTLE_ENDIAN) {
3076 val = bswap32(val);
3077 }
3078#else
3079 if (endian == DEVICE_BIG_ENDIAN) {
3080 val = bswap32(val);
3081 }
3082#endif
8df1cd07
FB		 3083 } else {
3084 /* RAM case */
3655cb9c
GA		 3085 ptr = qemu_get_ram_ptr(mr->ram_block,
3086 (memory_region_get_ram_addr(mr)
06ef3525 3087 & TARGET_PAGE_MASK)
149f54b5 3088 + addr1);
1e78bcc1
AG		 3089 switch (endian) {
3090 case DEVICE_LITTLE_ENDIAN:
3091 val = ldl_le_p(ptr);
3092 break;
3093 case DEVICE_BIG_ENDIAN:
3094 val = ldl_be_p(ptr);
3095 break;
3096 default:
3097 val = ldl_p(ptr);
3098 break;
3099 }
50013115
PM		 3100 r = MEMTX_OK;
3101 }
3102 if (result) {
3103 *result = r;
8df1cd07 3104 }
4840f10e
JK		 3105 if (release_lock) {
3106 qemu_mutex_unlock_iothread();
3107 }
41063e1e 3108 rcu_read_unlock();
8df1cd07
FB		 3109 return val;
3110}
3111
50013115
PM		 3112uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3113 MemTxAttrs attrs, MemTxResult *result)
3114{
3115 return address_space_ldl_internal(as, addr, attrs, result,
3116 DEVICE_NATIVE_ENDIAN);
3117}
3118
3119uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3120 MemTxAttrs attrs, MemTxResult *result)
3121{
3122 return address_space_ldl_internal(as, addr, attrs, result,
3123 DEVICE_LITTLE_ENDIAN);
3124}
3125
3126uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3127 MemTxAttrs attrs, MemTxResult *result)
3128{
3129 return address_space_ldl_internal(as, addr, attrs, result,
3130 DEVICE_BIG_ENDIAN);
3131}
3132
fdfba1a2 3133uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3134{
50013115 3135 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3136}
3137
fdfba1a2 3138uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3139{
50013115 3140 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3141}
3142
fdfba1a2 3143uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3144{
50013115 3145 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3146}
3147
84b7b8e7 3148/* warning: addr must be aligned */
50013115
PM		 3149static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3150 MemTxAttrs attrs,
3151 MemTxResult *result,
3152 enum device_endian endian)
84b7b8e7 3153{
84b7b8e7
FB		 3154 uint8_t *ptr;
3155 uint64_t val;
5c8a00ce 3156 MemoryRegion *mr;
149f54b5
PB		 3157 hwaddr l = 8;
3158 hwaddr addr1;
50013115 3159 MemTxResult r;
4840f10e 3160 bool release_lock = false;
84b7b8e7 3161
41063e1e 3162 rcu_read_lock();
2c17449b 3163 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3164 false);
3165 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3166 release_lock |= prepare_mmio_access(mr);
125b3806 3167
84b7b8e7 3168 /* I/O case */
50013115 3169 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3170#if defined(TARGET_WORDS_BIGENDIAN)
3171 if (endian == DEVICE_LITTLE_ENDIAN) {
3172 val = bswap64(val);
3173 }
3174#else
3175 if (endian == DEVICE_BIG_ENDIAN) {
3176 val = bswap64(val);
3177 }
84b7b8e7
FB		 3178#endif
3179 } else {
3180 /* RAM case */
3655cb9c
GA		 3181 ptr = qemu_get_ram_ptr(mr->ram_block,
3182 (memory_region_get_ram_addr(mr)
06ef3525 3183 & TARGET_PAGE_MASK)
149f54b5 3184 + addr1);
1e78bcc1
AG		 3185 switch (endian) {
3186 case DEVICE_LITTLE_ENDIAN:
3187 val = ldq_le_p(ptr);
3188 break;
3189 case DEVICE_BIG_ENDIAN:
3190 val = ldq_be_p(ptr);
3191 break;
3192 default:
3193 val = ldq_p(ptr);
3194 break;
3195 }
50013115
PM		 3196 r = MEMTX_OK;
3197 }
3198 if (result) {
3199 *result = r;
84b7b8e7 3200 }
4840f10e
JK		 3201 if (release_lock) {
3202 qemu_mutex_unlock_iothread();
3203 }
41063e1e 3204 rcu_read_unlock();
84b7b8e7
FB		 3205 return val;
3206}
3207
50013115
PM		 3208uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3209 MemTxAttrs attrs, MemTxResult *result)
3210{
3211 return address_space_ldq_internal(as, addr, attrs, result,
3212 DEVICE_NATIVE_ENDIAN);
3213}
3214
3215uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3216 MemTxAttrs attrs, MemTxResult *result)
3217{
3218 return address_space_ldq_internal(as, addr, attrs, result,
3219 DEVICE_LITTLE_ENDIAN);
3220}
3221
3222uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3223 MemTxAttrs attrs, MemTxResult *result)
3224{
3225 return address_space_ldq_internal(as, addr, attrs, result,
3226 DEVICE_BIG_ENDIAN);
3227}
3228
2c17449b 3229uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3230{
50013115 3231 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3232}
3233
2c17449b 3234uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3235{
50013115 3236 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3237}
3238
2c17449b 3239uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3240{
50013115 3241 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3242}
3243
aab33094 3244/* XXX: optimize */
50013115
PM		 3245uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3246 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3247{
3248 uint8_t val;
50013115
PM		 3249 MemTxResult r;
3250
3251 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3252 if (result) {
3253 *result = r;
3254 }
aab33094
FB		 3255 return val;
3256}
3257
50013115
PM		 3258uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3259{
3260 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3261}
3262
733f0b02 3263/* warning: addr must be aligned */
50013115
PM		 3264static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3265 hwaddr addr,
3266 MemTxAttrs attrs,
3267 MemTxResult *result,
3268 enum device_endian endian)
aab33094 3269{
733f0b02
MT		 3270 uint8_t *ptr;
3271 uint64_t val;
5c8a00ce 3272 MemoryRegion *mr;
149f54b5
PB		 3273 hwaddr l = 2;
3274 hwaddr addr1;
50013115 3275 MemTxResult r;
4840f10e 3276 bool release_lock = false;
733f0b02 3277
41063e1e 3278 rcu_read_lock();
41701aa4 3279 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3280 false);
3281 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3282 release_lock |= prepare_mmio_access(mr);
125b3806 3283
733f0b02 3284 /* I/O case */
50013115 3285 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3286#if defined(TARGET_WORDS_BIGENDIAN)
3287 if (endian == DEVICE_LITTLE_ENDIAN) {
3288 val = bswap16(val);
3289 }
3290#else
3291 if (endian == DEVICE_BIG_ENDIAN) {
3292 val = bswap16(val);
3293 }
3294#endif
733f0b02
MT		 3295 } else {
3296 /* RAM case */
3655cb9c
GA		 3297 ptr = qemu_get_ram_ptr(mr->ram_block,
3298 (memory_region_get_ram_addr(mr)
06ef3525 3299 & TARGET_PAGE_MASK)
149f54b5 3300 + addr1);
1e78bcc1
AG		 3301 switch (endian) {
3302 case DEVICE_LITTLE_ENDIAN:
3303 val = lduw_le_p(ptr);
3304 break;
3305 case DEVICE_BIG_ENDIAN:
3306 val = lduw_be_p(ptr);
3307 break;
3308 default:
3309 val = lduw_p(ptr);
3310 break;
3311 }
50013115
PM		 3312 r = MEMTX_OK;
3313 }
3314 if (result) {
3315 *result = r;
733f0b02 3316 }
4840f10e
JK		 3317 if (release_lock) {
3318 qemu_mutex_unlock_iothread();
3319 }
41063e1e 3320 rcu_read_unlock();
733f0b02 3321 return val;
aab33094
FB		 3322}
3323
50013115
PM		 3324uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3325 MemTxAttrs attrs, MemTxResult *result)
3326{
3327 return address_space_lduw_internal(as, addr, attrs, result,
3328 DEVICE_NATIVE_ENDIAN);
3329}
3330
3331uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3332 MemTxAttrs attrs, MemTxResult *result)
3333{
3334 return address_space_lduw_internal(as, addr, attrs, result,
3335 DEVICE_LITTLE_ENDIAN);
3336}
3337
3338uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3339 MemTxAttrs attrs, MemTxResult *result)
3340{
3341 return address_space_lduw_internal(as, addr, attrs, result,
3342 DEVICE_BIG_ENDIAN);
3343}
3344
41701aa4 3345uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3346{
50013115 3347 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3348}
3349
41701aa4 3350uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3351{
50013115 3352 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3353}
3354
41701aa4 3355uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3356{
50013115 3357 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3358}
3359
8df1cd07
FB		 3360/* warning: addr must be aligned. The ram page is not masked as dirty
3361 and the code inside is not invalidated. It is useful if the dirty
3362 bits are used to track modified PTEs */
50013115
PM		 3363void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3364 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3365{
8df1cd07 3366 uint8_t *ptr;
5c8a00ce 3367 MemoryRegion *mr;
149f54b5
PB		 3368 hwaddr l = 4;
3369 hwaddr addr1;
50013115 3370 MemTxResult r;
845b6214 3371 uint8_t dirty_log_mask;
4840f10e 3372 bool release_lock = false;
8df1cd07 3373
41063e1e 3374 rcu_read_lock();
2198a121 3375 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3376 true);
3377 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3378 release_lock |= prepare_mmio_access(mr);
125b3806 3379
50013115 3380 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3381 } else {
5c8a00ce 3382 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3383 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3384 stl_p(ptr, val);
74576198 3385
845b6214
PB		 3386 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3387 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3388 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3389 r = MEMTX_OK;
3390 }
3391 if (result) {
3392 *result = r;
8df1cd07 3393 }
4840f10e
JK		 3394 if (release_lock) {
3395 qemu_mutex_unlock_iothread();
3396 }
41063e1e 3397 rcu_read_unlock();
8df1cd07
FB		 3398}
3399
50013115
PM		 3400void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3401{
3402 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3403}
3404
8df1cd07 3405/* warning: addr must be aligned */
50013115
PM		 3406static inline void address_space_stl_internal(AddressSpace *as,
3407 hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs,
3409 MemTxResult *result,
3410 enum device_endian endian)
8df1cd07 3411{
8df1cd07 3412 uint8_t *ptr;
5c8a00ce 3413 MemoryRegion *mr;
149f54b5
PB		 3414 hwaddr l = 4;
3415 hwaddr addr1;
50013115 3416 MemTxResult r;
4840f10e 3417 bool release_lock = false;
8df1cd07 3418
41063e1e 3419 rcu_read_lock();
ab1da857 3420 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3421 true);
3422 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3423 release_lock |= prepare_mmio_access(mr);
125b3806 3424
1e78bcc1
AG		 3425#if defined(TARGET_WORDS_BIGENDIAN)
3426 if (endian == DEVICE_LITTLE_ENDIAN) {
3427 val = bswap32(val);
3428 }
3429#else
3430 if (endian == DEVICE_BIG_ENDIAN) {
3431 val = bswap32(val);
3432 }
3433#endif
50013115 3434 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3435 } else {
8df1cd07 3436 /* RAM case */
5c8a00ce 3437 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3438 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3439 switch (endian) {
3440 case DEVICE_LITTLE_ENDIAN:
3441 stl_le_p(ptr, val);
3442 break;
3443 case DEVICE_BIG_ENDIAN:
3444 stl_be_p(ptr, val);
3445 break;
3446 default:
3447 stl_p(ptr, val);
3448 break;
3449 }
845b6214 3450 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3451 r = MEMTX_OK;
3452 }
3453 if (result) {
3454 *result = r;
8df1cd07 3455 }
4840f10e
JK		 3456 if (release_lock) {
3457 qemu_mutex_unlock_iothread();
3458 }
41063e1e 3459 rcu_read_unlock();
8df1cd07
FB		 3460}
3461
50013115
PM		 3462void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3463 MemTxAttrs attrs, MemTxResult *result)
3464{
3465 address_space_stl_internal(as, addr, val, attrs, result,
3466 DEVICE_NATIVE_ENDIAN);
3467}
3468
3469void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3470 MemTxAttrs attrs, MemTxResult *result)
3471{
3472 address_space_stl_internal(as, addr, val, attrs, result,
3473 DEVICE_LITTLE_ENDIAN);
3474}
3475
3476void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3477 MemTxAttrs attrs, MemTxResult *result)
3478{
3479 address_space_stl_internal(as, addr, val, attrs, result,
3480 DEVICE_BIG_ENDIAN);
3481}
3482
ab1da857 3483void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3484{
50013115 3485 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3486}
3487
ab1da857 3488void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3489{
50013115 3490 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3491}
3492
ab1da857 3493void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3494{
50013115 3495 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3496}
3497
aab33094 3498/* XXX: optimize */
50013115
PM		 3499void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3500 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3501{
3502 uint8_t v = val;
50013115
PM		 3503 MemTxResult r;
3504
3505 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3506 if (result) {
3507 *result = r;
3508 }
3509}
3510
3511void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3512{
3513 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3514}
3515
733f0b02 3516/* warning: addr must be aligned */
50013115
PM		 3517static inline void address_space_stw_internal(AddressSpace *as,
3518 hwaddr addr, uint32_t val,
3519 MemTxAttrs attrs,
3520 MemTxResult *result,
3521 enum device_endian endian)
aab33094 3522{
733f0b02 3523 uint8_t *ptr;
5c8a00ce 3524 MemoryRegion *mr;
149f54b5
PB		 3525 hwaddr l = 2;
3526 hwaddr addr1;
50013115 3527 MemTxResult r;
4840f10e 3528 bool release_lock = false;
733f0b02 3529
41063e1e 3530 rcu_read_lock();
5ce5944d 3531 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3532 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3533 release_lock |= prepare_mmio_access(mr);
125b3806 3534
1e78bcc1
AG		 3535#if defined(TARGET_WORDS_BIGENDIAN)
3536 if (endian == DEVICE_LITTLE_ENDIAN) {
3537 val = bswap16(val);
3538 }
3539#else
3540 if (endian == DEVICE_BIG_ENDIAN) {
3541 val = bswap16(val);
3542 }
3543#endif
50013115 3544 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3545 } else {
733f0b02 3546 /* RAM case */
5c8a00ce 3547 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3548 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3549 switch (endian) {
3550 case DEVICE_LITTLE_ENDIAN:
3551 stw_le_p(ptr, val);
3552 break;
3553 case DEVICE_BIG_ENDIAN:
3554 stw_be_p(ptr, val);
3555 break;
3556 default:
3557 stw_p(ptr, val);
3558 break;
3559 }
845b6214 3560 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3561 r = MEMTX_OK;
3562 }
3563 if (result) {
3564 *result = r;
733f0b02 3565 }
4840f10e
JK		 3566 if (release_lock) {
3567 qemu_mutex_unlock_iothread();
3568 }
41063e1e 3569 rcu_read_unlock();
aab33094
FB		 3570}
3571
50013115
PM		 3572void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3573 MemTxAttrs attrs, MemTxResult *result)
3574{
3575 address_space_stw_internal(as, addr, val, attrs, result,
3576 DEVICE_NATIVE_ENDIAN);
3577}
3578
3579void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3580 MemTxAttrs attrs, MemTxResult *result)
3581{
3582 address_space_stw_internal(as, addr, val, attrs, result,
3583 DEVICE_LITTLE_ENDIAN);
3584}
3585
3586void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3587 MemTxAttrs attrs, MemTxResult *result)
3588{
3589 address_space_stw_internal(as, addr, val, attrs, result,
3590 DEVICE_BIG_ENDIAN);
3591}
3592
5ce5944d 3593void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3594{
50013115 3595 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3596}
3597
5ce5944d 3598void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3599{
50013115 3600 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3601}
3602
5ce5944d 3603void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3604{
50013115 3605 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3606}
3607
aab33094 3608/* XXX: optimize */
50013115
PM		 3609void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3610 MemTxAttrs attrs, MemTxResult *result)
aab33094 3611{
50013115 3612 MemTxResult r;
aab33094 3613 val = tswap64(val);
50013115
PM		 3614 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3615 if (result) {
3616 *result = r;
3617 }
aab33094
FB		 3618}
3619
50013115
PM		 3620void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3621 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3622{
50013115 3623 MemTxResult r;
1e78bcc1 3624 val = cpu_to_le64(val);
50013115
PM		 3625 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3626 if (result) {
3627 *result = r;
3628 }
3629}
3630void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3631 MemTxAttrs attrs, MemTxResult *result)
3632{
3633 MemTxResult r;
3634 val = cpu_to_be64(val);
3635 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3636 if (result) {
3637 *result = r;
3638 }
3639}
3640
3641void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3642{
3643 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3644}
3645
3646void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3647{
3648 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3649}
3650
f606604f 3651void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3652{
50013115 3653 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3654}
3655
5e2972fd 3656/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3657int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3658 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3659{
3660 int l;
a8170e5e 3661 hwaddr phys_addr;
9b3c35e0 3662 target_ulong page;
13eb76e0
FB		 3663
3664 while (len > 0) {
5232e4c7
PM		 3665 int asidx;
3666 MemTxAttrs attrs;
3667
13eb76e0 3668 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3669 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3670 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3671 /* if no physical page mapped, return an error */
3672 if (phys_addr == -1)
3673 return -1;
3674 l = (page + TARGET_PAGE_SIZE) - addr;
3675 if (l > len)
3676 l = len;
5e2972fd 3677 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3678 if (is_write) {
5232e4c7
PM		 3679 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3680 phys_addr, buf, l);
2e38847b 3681 } else {
5232e4c7
PM		 3682 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3683 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3684 buf, l, 0);
2e38847b 3685 }
13eb76e0
FB		 3686 len -= l;
3687 buf += l;
3688 addr += l;
3689 }
3690 return 0;
3691}
038629a6
DDAG		 3692
3693/*
3694 * Allows code that needs to deal with migration bitmaps etc to still be built
3695 * target independent.
3696 */
3697size_t qemu_target_page_bits(void)
3698{
3699 return TARGET_PAGE_BITS;
3700}
3701
a68fe89c 3702#endif
13eb76e0 3703
8e4a424b
BS		 3704/*
3705 * A helper function for the _utterly broken_ virtio device model to find out if
3706 * it's running on a big endian machine. Don't do this at home kids!
3707 */
98ed8ecf
GK		 3708bool target_words_bigendian(void);
3709bool target_words_bigendian(void)
8e4a424b
BS		 3710{
3711#if defined(TARGET_WORDS_BIGENDIAN)
3712 return true;
3713#else
3714 return false;
3715#endif
3716}
3717
76f35538 3718#ifndef CONFIG_USER_ONLY
a8170e5e 3719bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3720{
5c8a00ce 3721 MemoryRegion*mr;
149f54b5 3722 hwaddr l = 1;
41063e1e 3723 bool res;
76f35538 3724
41063e1e 3725 rcu_read_lock();
5c8a00ce
PB		 3726 mr = address_space_translate(&address_space_memory,
3727 phys_addr, &phys_addr, &l, false);
76f35538 3728
41063e1e
PB		 3729 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3730 rcu_read_unlock();
3731 return res;
76f35538 3732}
bd2fa51f 3733
e3807054 3734int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3735{
3736 RAMBlock *block;
e3807054 3737 int ret = 0;
bd2fa51f 3738
0dc3f44a
MD		 3739 rcu_read_lock();
3740 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3741 ret = func(block->idstr, block->host, block->offset,
3742 block->used_length, opaque);
3743 if (ret) {
3744 break;
3745 }
bd2fa51f 3746 }
0dc3f44a 3747 rcu_read_unlock();
e3807054 3748 return ret;
bd2fa51f 3749}
ec3f8c99 3750#endif
QEMU mirror