]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
nbd: Rename NBDRequest to NBDRequestData
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
20bccb82
PM		 96#ifdef TARGET_PAGE_BITS_VARY
97int target_page_bits;
98bool target_page_bits_decided;
99#endif
100
bdc44640 101struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 102/* current CPU in the current thread. It is only valid inside
103 cpu_exec() */
f240eb6f 104__thread CPUState *current_cpu;
2e70f6ef 105/* 0 = Do not count executed instructions.
bf20dc07 106 1 = Precise instruction counting.
2e70f6ef 107 2 = Adaptive rate instruction counting. */
5708fc66 108int use_icount;
6a00d601 109
20bccb82
PM		 110bool set_preferred_target_page_bits(int bits)
111{
112 /* The target page size is the lowest common denominator for all
113 * the CPUs in the system, so we can only make it smaller, never
114 * larger. And we can't make it smaller once we've committed to
115 * a particular size.
116 */
117#ifdef TARGET_PAGE_BITS_VARY
118 assert(bits >= TARGET_PAGE_BITS_MIN);
119 if (target_page_bits == 0 || target_page_bits > bits) {
120 if (target_page_bits_decided) {
121 return false;
122 }
123 target_page_bits = bits;
124 }
125#endif
126 return true;
127}
128
e2eef170 129#if !defined(CONFIG_USER_ONLY)
4346ae3e 130
20bccb82
PM		 131static void finalize_target_page_bits(void)
132{
133#ifdef TARGET_PAGE_BITS_VARY
134 if (target_page_bits == 0) {
135 target_page_bits = TARGET_PAGE_BITS_MIN;
136 }
137 target_page_bits_decided = true;
138#endif
139}
140
1db8abb1
PB		 141typedef struct PhysPageEntry PhysPageEntry;
142
143struct PhysPageEntry {
9736e55b 144 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 145 uint32_t skip : 6;
9736e55b 146 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 147 uint32_t ptr : 26;
1db8abb1
PB		 148};
149
8b795765
MT		 150#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
151
03f49957 152/* Size of the L2 (and L3, etc) page tables. */
57271d63 153#define ADDR_SPACE_BITS 64
03f49957 154
026736ce 155#define P_L2_BITS 9
03f49957
PB		 156#define P_L2_SIZE (1 << P_L2_BITS)
157
158#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
159
160typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 161
53cb28cb 162typedef struct PhysPageMap {
79e2b9ae
PB		 163 struct rcu_head rcu;
164
53cb28cb
MA		 165 unsigned sections_nb;
166 unsigned sections_nb_alloc;
167 unsigned nodes_nb;
168 unsigned nodes_nb_alloc;
169 Node *nodes;
170 MemoryRegionSection *sections;
171} PhysPageMap;
172
1db8abb1 173struct AddressSpaceDispatch {
79e2b9ae
PB		 174 struct rcu_head rcu;
175
729633c2 176 MemoryRegionSection *mru_section;
1db8abb1
PB		 177 /* This is a multi-level map on the physical address space.
178 * The bottom level has pointers to MemoryRegionSections.
179 */
180 PhysPageEntry phys_map;
53cb28cb 181 PhysPageMap map;
acc9d80b 182 AddressSpace *as;
1db8abb1
PB		 183};
184
90260c6c
JK		 185#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
186typedef struct subpage_t {
187 MemoryRegion iomem;
acc9d80b 188 AddressSpace *as;
90260c6c 189 hwaddr base;
2615fabd 190 uint16_t sub_section[];
90260c6c
JK		 191} subpage_t;
192
b41aac4f
LPF		 193#define PHYS_SECTION_UNASSIGNED 0
194#define PHYS_SECTION_NOTDIRTY 1
195#define PHYS_SECTION_ROM 2
196#define PHYS_SECTION_WATCH 3
5312bd8b 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
09daed84 200static void tcg_commit(MemoryListener *listener);
e2eef170 201
1ec9b909 202static MemoryRegion io_mem_watch;
32857f4d
PM		 203
204/**
205 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
206 * @cpu: the CPU whose AddressSpace this is
207 * @as: the AddressSpace itself
208 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
209 * @tcg_as_listener: listener for tracking changes to the AddressSpace
210 */
211struct CPUAddressSpace {
212 CPUState *cpu;
213 AddressSpace *as;
214 struct AddressSpaceDispatch *memory_dispatch;
215 MemoryListener tcg_as_listener;
216};
217
6658ffb8 218#endif
fd6ce8f6 219
6d9a1304 220#if !defined(CONFIG_USER_ONLY)
d6f2ea22 221
53cb28cb 222static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 223{
101420b8 224 static unsigned alloc_hint = 16;
53cb28cb 225 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 226 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 227 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
228 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 229 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 230 }
f7bf5461
AK		 231}
232
db94604b 233static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 234{
235 unsigned i;
8b795765 236 uint32_t ret;
db94604b
PB		 237 PhysPageEntry e;
238 PhysPageEntry *p;
f7bf5461 239
53cb28cb 240 ret = map->nodes_nb++;
db94604b 241 p = map->nodes[ret];
f7bf5461 242 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 243 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 244
245 e.skip = leaf ? 0 : 1;
246 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 247 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 248 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 249 }
f7bf5461 250 return ret;
d6f2ea22
AK		 251}
252
53cb28cb
MA		 253static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
254 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 255 int level)
f7bf5461
AK		 256{
257 PhysPageEntry *p;
03f49957 258 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 259
9736e55b 260 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 261 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 262 }
db94604b 263 p = map->nodes[lp->ptr];
03f49957 264 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 265
03f49957 266 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 267 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 268 lp->skip = 0;
c19e8800 269 lp->ptr = leaf;
07f07b31
AK		 270 *index += step;
271 *nb -= step;
2999097b 272 } else {
53cb28cb 273 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 274 }
275 ++lp;
f7bf5461
AK		 276 }
277}
278
ac1970fb 279static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 280 hwaddr index, hwaddr nb,
2999097b 281 uint16_t leaf)
f7bf5461 282{
2999097b 283 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 284 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 285
53cb28cb 286 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 287}
288
b35ba30f
MT		 289/* Compact a non leaf page entry. Simply detect that the entry has a single child,
290 * and update our entry so we can skip it and go directly to the destination.
291 */
efee678d 292static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 293{
294 unsigned valid_ptr = P_L2_SIZE;
295 int valid = 0;
296 PhysPageEntry *p;
297 int i;
298
299 if (lp->ptr == PHYS_MAP_NODE_NIL) {
300 return;
301 }
302
303 p = nodes[lp->ptr];
304 for (i = 0; i < P_L2_SIZE; i++) {
305 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
306 continue;
307 }
308
309 valid_ptr = i;
310 valid++;
311 if (p[i].skip) {
efee678d 312 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 313 }
314 }
315
316 /* We can only compress if there's only one child. */
317 if (valid != 1) {
318 return;
319 }
320
321 assert(valid_ptr < P_L2_SIZE);
322
323 /* Don't compress if it won't fit in the # of bits we have. */
324 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
325 return;
326 }
327
328 lp->ptr = p[valid_ptr].ptr;
329 if (!p[valid_ptr].skip) {
330 /* If our only child is a leaf, make this a leaf. */
331 /* By design, we should have made this node a leaf to begin with so we
332 * should never reach here.
333 * But since it's so simple to handle this, let's do it just in case we
334 * change this rule.
335 */
336 lp->skip = 0;
337 } else {
338 lp->skip += p[valid_ptr].skip;
339 }
340}
341
342static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
343{
b35ba30f 344 if (d->phys_map.skip) {
efee678d 345 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 346 }
347}
348
29cb533d
FZ		 349static inline bool section_covers_addr(const MemoryRegionSection *section,
350 hwaddr addr)
351{
352 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
353 * the section must cover the entire address space.
354 */
258dfaaa 355 return int128_gethi(section->size) ||
29cb533d 356 range_covers_byte(section->offset_within_address_space,
258dfaaa 357 int128_getlo(section->size), addr);
29cb533d
FZ		 358}
359
97115a8d 360static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 361 Node *nodes, MemoryRegionSection *sections)
92e873b9 362{
31ab2b4a 363 PhysPageEntry *p;
97115a8d 364 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 365 int i;
f1f6e3b8 366
9736e55b 367 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 368 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 369 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 370 }
9affd6fc 371 p = nodes[lp.ptr];
03f49957 372 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 373 }
b35ba30f 374
29cb533d 375 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 376 return &sections[lp.ptr];
377 } else {
378 return &sections[PHYS_SECTION_UNASSIGNED];
379 }
f3705d53
AK		 380}
381
e5548617
BS		 382bool memory_region_is_unassigned(MemoryRegion *mr)
383{
2a8e7499 384 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 385 && mr != &io_mem_watch;
fd6ce8f6 386}
149f54b5 387
79e2b9ae 388/* Called from RCU critical section */
c7086b4a 389static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 390 hwaddr addr,
391 bool resolve_subpage)
9f029603 392{
729633c2 393 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 394 subpage_t *subpage;
729633c2 395 bool update;
90260c6c 396
729633c2
FZ		 397 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
398 section_covers_addr(section, addr)) {
399 update = false;
400 } else {
401 section = phys_page_find(d->phys_map, addr, d->map.nodes,
402 d->map.sections);
403 update = true;
404 }
90260c6c
JK		 405 if (resolve_subpage && section->mr->subpage) {
406 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 407 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 408 }
729633c2
FZ		 409 if (update) {
410 atomic_set(&d->mru_section, section);
411 }
90260c6c 412 return section;
9f029603
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416static MemoryRegionSection *
c7086b4a 417address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 418 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 419{
420 MemoryRegionSection *section;
965eb2fc 421 MemoryRegion *mr;
a87f3954 422 Int128 diff;
149f54b5 423
c7086b4a 424 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 425 /* Compute offset within MemoryRegionSection */
426 addr -= section->offset_within_address_space;
427
428 /* Compute offset within MemoryRegion */
429 *xlat = addr + section->offset_within_region;
430
965eb2fc 431 mr = section->mr;
b242e0e0
PB		 432
433 /* MMIO registers can be expected to perform full-width accesses based only
434 * on their address, without considering adjacent registers that could
435 * decode to completely different MemoryRegions. When such registers
436 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
437 * regions overlap wildly. For this reason we cannot clamp the accesses
438 * here.
439 *
440 * If the length is small (as is the case for address_space_ldl/stl),
441 * everything works fine. If the incoming length is large, however,
442 * the caller really has to do the clamping through memory_access_size.
443 */
965eb2fc 444 if (memory_region_is_ram(mr)) {
e4a511f8 445 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 446 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
447 }
149f54b5
PB		 448 return section;
449}
90260c6c 450
41063e1e 451/* Called from RCU critical section */
5c8a00ce
PB		 452MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
453 hwaddr *xlat, hwaddr *plen,
454 bool is_write)
90260c6c 455{
30951157
AK		 456 IOMMUTLBEntry iotlb;
457 MemoryRegionSection *section;
458 MemoryRegion *mr;
30951157
AK		 459
460 for (;;) {
79e2b9ae
PB		 461 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
462 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 463 mr = section->mr;
464
465 if (!mr->iommu_ops) {
466 break;
467 }
468
8d7b8cb9 469 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 470 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
471 | (addr & iotlb.addr_mask));
23820dbf 472 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 473 if (!(iotlb.perm & (1 << is_write))) {
474 mr = &io_mem_unassigned;
475 break;
476 }
477
478 as = iotlb.target_as;
479 }
480
fe680d0d 481 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 482 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 483 *plen = MIN(page, *plen);
a87f3954
PB		 484 }
485
30951157
AK		 486 *xlat = addr;
487 return mr;
90260c6c
JK		 488}
489
79e2b9ae 490/* Called from RCU critical section */
90260c6c 491MemoryRegionSection *
d7898cda 492address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 493 hwaddr *xlat, hwaddr *plen)
90260c6c 494{
30951157 495 MemoryRegionSection *section;
f35e44e7 496 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
d7898cda
PM		 497
498 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 499
500 assert(!section->mr->iommu_ops);
501 return section;
90260c6c 502}
5b6dd868 503#endif
fd6ce8f6 504
b170fce3 505#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 506
507static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 508{
259186a7 509 CPUState *cpu = opaque;
a513fe19 510
5b6dd868
BS		 511 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
512 version_id is increased. */
259186a7 513 cpu->interrupt_request &= ~0x01;
c01a71c1 514 tlb_flush(cpu, 1);
5b6dd868
BS		 515
516 return 0;
a513fe19 517}
7501267e 518
6c3bff0e
PD		 519static int cpu_common_pre_load(void *opaque)
520{
521 CPUState *cpu = opaque;
522
adee6424 523 cpu->exception_index = -1;
6c3bff0e
PD		 524
525 return 0;
526}
527
528static bool cpu_common_exception_index_needed(void *opaque)
529{
530 CPUState *cpu = opaque;
531
adee6424 532 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 533}
534
535static const VMStateDescription vmstate_cpu_common_exception_index = {
536 .name = "cpu_common/exception_index",
537 .version_id = 1,
538 .minimum_version_id = 1,
5cd8cada 539 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 540 .fields = (VMStateField[]) {
541 VMSTATE_INT32(exception_index, CPUState),
542 VMSTATE_END_OF_LIST()
543 }
544};
545
bac05aa9
AS		 546static bool cpu_common_crash_occurred_needed(void *opaque)
547{
548 CPUState *cpu = opaque;
549
550 return cpu->crash_occurred;
551}
552
553static const VMStateDescription vmstate_cpu_common_crash_occurred = {
554 .name = "cpu_common/crash_occurred",
555 .version_id = 1,
556 .minimum_version_id = 1,
557 .needed = cpu_common_crash_occurred_needed,
558 .fields = (VMStateField[]) {
559 VMSTATE_BOOL(crash_occurred, CPUState),
560 VMSTATE_END_OF_LIST()
561 }
562};
563
1a1562f5 564const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 565 .name = "cpu_common",
566 .version_id = 1,
567 .minimum_version_id = 1,
6c3bff0e 568 .pre_load = cpu_common_pre_load,
5b6dd868 569 .post_load = cpu_common_post_load,
35d08458 570 .fields = (VMStateField[]) {
259186a7
AF		 571 VMSTATE_UINT32(halted, CPUState),
572 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 573 VMSTATE_END_OF_LIST()
6c3bff0e 574 },
5cd8cada
JQ		 575 .subsections = (const VMStateDescription*[]) {
576 &vmstate_cpu_common_exception_index,
bac05aa9 577 &vmstate_cpu_common_crash_occurred,
5cd8cada 578 NULL
5b6dd868
BS		 579 }
580};
1a1562f5 581
5b6dd868 582#endif
ea041c0e 583
38d8f5c8 584CPUState *qemu_get_cpu(int index)
ea041c0e 585{
bdc44640 586 CPUState *cpu;
ea041c0e 587
bdc44640 588 CPU_FOREACH(cpu) {
55e5c285 589 if (cpu->cpu_index == index) {
bdc44640 590 return cpu;
55e5c285 591 }
ea041c0e 592 }
5b6dd868 593
bdc44640 594 return NULL;
ea041c0e
FB		 595}
596
09daed84 597#if !defined(CONFIG_USER_ONLY)
56943e8c 598void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 599{
12ebc9a7
PM		 600 CPUAddressSpace *newas;
601
602 /* Target code should have set num_ases before calling us */
603 assert(asidx < cpu->num_ases);
604
56943e8c
PM		 605 if (asidx == 0) {
606 /* address space 0 gets the convenience alias */
607 cpu->as = as;
608 }
609
12ebc9a7
PM		 610 /* KVM cannot currently support multiple address spaces. */
611 assert(asidx == 0 || !kvm_enabled());
09daed84 612
12ebc9a7
PM		 613 if (!cpu->cpu_ases) {
614 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 615 }
32857f4d 616
12ebc9a7
PM		 617 newas = &cpu->cpu_ases[asidx];
618 newas->cpu = cpu;
619 newas->as = as;
56943e8c 620 if (tcg_enabled()) {
12ebc9a7
PM		 621 newas->tcg_as_listener.commit = tcg_commit;
622 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 623 }
09daed84 624}
651a5bc0
PM		 625
626AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
627{
628 /* Return the AddressSpace corresponding to the specified index */
629 return cpu->cpu_ases[asidx].as;
630}
09daed84
EI		 631#endif
632
7bbc124e 633void cpu_exec_unrealizefn(CPUState *cpu)
1c59eb39 634{
9dfeca7c
BR		 635 CPUClass *cc = CPU_GET_CLASS(cpu);
636
267f685b 637 cpu_list_remove(cpu);
9dfeca7c
BR		 638
639 if (cc->vmsd != NULL) {
640 vmstate_unregister(NULL, cc->vmsd, cpu);
641 }
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
644 }
1c59eb39
BR		 645}
646
39e329e3 647void cpu_exec_initfn(CPUState *cpu)
ea041c0e 648{
56943e8c 649 cpu->as = NULL;
12ebc9a7 650 cpu->num_ases = 0;
56943e8c 651
291135b5 652#ifndef CONFIG_USER_ONLY
291135b5 653 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 654
655 /* This is a softmmu CPU object, so create a property for it
656 * so users can wire up its memory. (This can't go in qom/cpu.c
657 * because that file is compiled only once for both user-mode
658 * and system builds.) The default if no link is set up is to use
659 * the system address space.
660 */
661 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
662 (Object **)&cpu->memory,
663 qdev_prop_allow_set_link_before_realize,
664 OBJ_PROP_LINK_UNREF_ON_RELEASE,
665 &error_abort);
666 cpu->memory = system_memory;
667 object_ref(OBJECT(cpu->memory));
291135b5 668#endif
39e329e3
LV		 669}
670
ce5b1bbf 671void cpu_exec_realizefn(CPUState *cpu, Error **errp)
39e329e3
LV		 672{
673 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
291135b5 674
267f685b 675 cpu_list_add(cpu);
1bc7e522
IM		 676
677#ifndef CONFIG_USER_ONLY
e0d47944 678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 680 }
b170fce3 681 if (cc->vmsd != NULL) {
741da0d3 682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 683 }
741da0d3 684#endif
ea041c0e
FB		 685}
686
94df27fd 687#if defined(CONFIG_USER_ONLY)
00b941e5 688static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd 689{
ba051fb5
AB		 690 mmap_lock();
691 tb_lock();
94df27fd 692 tb_invalidate_phys_page_range(pc, pc + 1, 0);
ba051fb5
AB		 693 tb_unlock();
694 mmap_unlock();
94df27fd
PB		 695}
696#else
00b941e5 697static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 698{
5232e4c7
PM		 699 MemTxAttrs attrs;
700 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
701 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 702 if (phys != -1) {
ba051fb5 703 /* Locks grabbed by tb_invalidate_phys_addr */
5232e4c7 704 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 705 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 706 }
1e7855a5 707}
c27004ec 708#endif
d720b93d 709
c527ee8f 710#if defined(CONFIG_USER_ONLY)
75a34036 711void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 712
713{
714}
715
3ee887e8
PM		 716int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
717 int flags)
718{
719 return -ENOSYS;
720}
721
722void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
723{
724}
725
75a34036 726int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 727 int flags, CPUWatchpoint **watchpoint)
728{
729 return -ENOSYS;
730}
731#else
6658ffb8 732/* Add a watchpoint. */
75a34036 733int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 734 int flags, CPUWatchpoint **watchpoint)
6658ffb8 735{
c0ce998e 736 CPUWatchpoint *wp;
6658ffb8 737
05068c0d 738 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 739 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 740 error_report("tried to set invalid watchpoint at %"
741 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 742 return -EINVAL;
743 }
7267c094 744 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 745
746 wp->vaddr = addr;
05068c0d 747 wp->len = len;
a1d1bb31
AL		 748 wp->flags = flags;
749
2dc9f411 750 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 751 if (flags & BP_GDB) {
752 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
753 } else {
754 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
755 }
6658ffb8 756
31b030d4 757 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 758
759 if (watchpoint)
760 *watchpoint = wp;
761 return 0;
6658ffb8
PB		 762}
763
a1d1bb31 764/* Remove a specific watchpoint. */
75a34036 765int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 766 int flags)
6658ffb8 767{
a1d1bb31 768 CPUWatchpoint *wp;
6658ffb8 769
ff4700b0 770 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 771 if (addr == wp->vaddr && len == wp->len
6e140f28 772 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 773 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 774 return 0;
775 }
776 }
a1d1bb31 777 return -ENOENT;
6658ffb8
PB		 778}
779
a1d1bb31 780/* Remove a specific watchpoint by reference. */
75a34036 781void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 782{
ff4700b0 783 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 784
31b030d4 785 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 786
7267c094 787 g_free(watchpoint);
a1d1bb31
AL		 788}
789
790/* Remove all matching watchpoints. */
75a34036 791void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 792{
c0ce998e 793 CPUWatchpoint *wp, *next;
a1d1bb31 794
ff4700b0 795 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 796 if (wp->flags & mask) {
797 cpu_watchpoint_remove_by_ref(cpu, wp);
798 }
c0ce998e 799 }
7d03f82f 800}
05068c0d
PM		 801
802/* Return true if this watchpoint address matches the specified
803 * access (ie the address range covered by the watchpoint overlaps
804 * partially or completely with the address range covered by the
805 * access).
806 */
807static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
808 vaddr addr,
809 vaddr len)
810{
811 /* We know the lengths are non-zero, but a little caution is
812 * required to avoid errors in the case where the range ends
813 * exactly at the top of the address space and so addr + len
814 * wraps round to zero.
815 */
816 vaddr wpend = wp->vaddr + wp->len - 1;
817 vaddr addrend = addr + len - 1;
818
819 return !(addr > wpend || wp->vaddr > addrend);
820}
821
c527ee8f 822#endif
7d03f82f 823
a1d1bb31 824/* Add a breakpoint. */
b3310ab3 825int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 826 CPUBreakpoint **breakpoint)
4c3a88a2 827{
c0ce998e 828 CPUBreakpoint *bp;
3b46e624 829
7267c094 830 bp = g_malloc(sizeof(*bp));
4c3a88a2 831
a1d1bb31
AL		 832 bp->pc = pc;
833 bp->flags = flags;
834
2dc9f411 835 /* keep all GDB-injected breakpoints in front */
00b941e5 836 if (flags & BP_GDB) {
f0c3c505 837 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 838 } else {
f0c3c505 839 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 840 }
3b46e624 841
f0c3c505 842 breakpoint_invalidate(cpu, pc);
a1d1bb31 843
00b941e5 844 if (breakpoint) {
a1d1bb31 845 *breakpoint = bp;
00b941e5 846 }
4c3a88a2 847 return 0;
4c3a88a2
FB		 848}
849
a1d1bb31 850/* Remove a specific breakpoint. */
b3310ab3 851int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 852{
a1d1bb31
AL		 853 CPUBreakpoint *bp;
854
f0c3c505 855 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 856 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 857 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 858 return 0;
859 }
7d03f82f 860 }
a1d1bb31 861 return -ENOENT;
7d03f82f
EI		 862}
863
a1d1bb31 864/* Remove a specific breakpoint by reference. */
b3310ab3 865void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 866{
f0c3c505
AF		 867 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
868
869 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 870
7267c094 871 g_free(breakpoint);
a1d1bb31
AL		 872}
873
874/* Remove all matching breakpoints. */
b3310ab3 875void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 876{
c0ce998e 877 CPUBreakpoint *bp, *next;
a1d1bb31 878
f0c3c505 879 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 880 if (bp->flags & mask) {
881 cpu_breakpoint_remove_by_ref(cpu, bp);
882 }
c0ce998e 883 }
4c3a88a2
FB		 884}
885
c33a346e
FB		 886/* enable or disable single step mode. EXCP_DEBUG is returned by the
887 CPU loop after each instruction */
3825b28f 888void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 889{
ed2803da
AF		 890 if (cpu->singlestep_enabled != enabled) {
891 cpu->singlestep_enabled = enabled;
892 if (kvm_enabled()) {
38e478ec 893 kvm_update_guest_debug(cpu, 0);
ed2803da 894 } else {
ccbb4d44 895 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 896 /* XXX: only flush what is necessary */
bbd77c18 897 tb_flush(cpu);
e22a25c9 898 }
c33a346e 899 }
c33a346e
FB		 900}
901
a47dddd7 902void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 903{
904 va_list ap;
493ae1f0 905 va_list ap2;
7501267e
FB		 906
907 va_start(ap, fmt);
493ae1f0 908 va_copy(ap2, ap);
7501267e
FB		 909 fprintf(stderr, "qemu: fatal: ");
910 vfprintf(stderr, fmt, ap);
911 fprintf(stderr, "\n");
878096ee 912 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 913 if (qemu_log_separate()) {
93fcfe39
AL		 914 qemu_log("qemu: fatal: ");
915 qemu_log_vprintf(fmt, ap2);
916 qemu_log("\n");
a0762859 917 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 918 qemu_log_flush();
93fcfe39 919 qemu_log_close();
924edcae 920 }
493ae1f0 921 va_end(ap2);
f9373291 922 va_end(ap);
7615936e 923 replay_finish();
fd052bf6
RV		 924#if defined(CONFIG_USER_ONLY)
925 {
926 struct sigaction act;
927 sigfillset(&act.sa_mask);
928 act.sa_handler = SIG_DFL;
929 sigaction(SIGABRT, &act, NULL);
930 }
931#endif
7501267e
FB		 932 abort();
933}
934
0124311e 935#if !defined(CONFIG_USER_ONLY)
0dc3f44a 936/* Called from RCU critical section */
041603fe
PB		 937static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
938{
939 RAMBlock *block;
940
43771539 941 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 942 if (block && addr - block->offset < block->max_length) {
68851b98 943 return block;
041603fe 944 }
0dc3f44a 945 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 946 if (addr - block->offset < block->max_length) {
041603fe
PB		 947 goto found;
948 }
949 }
950
951 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
952 abort();
953
954found:
43771539
PB		 955 /* It is safe to write mru_block outside the iothread lock. This
956 * is what happens:
957 *
958 * mru_block = xxx
959 * rcu_read_unlock()
960 * xxx removed from list
961 * rcu_read_lock()
962 * read mru_block
963 * mru_block = NULL;
964 * call_rcu(reclaim_ramblock, xxx);
965 * rcu_read_unlock()
966 *
967 * atomic_rcu_set is not needed here. The block was already published
968 * when it was placed into the list. Here we're just making an extra
969 * copy of the pointer.
970 */
041603fe
PB		 971 ram_list.mru_block = block;
972 return block;
973}
974
a2f4d5be 975static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 976{
9a13565d 977 CPUState *cpu;
041603fe 978 ram_addr_t start1;
a2f4d5be
JQ		 979 RAMBlock *block;
980 ram_addr_t end;
981
982 end = TARGET_PAGE_ALIGN(start + length);
983 start &= TARGET_PAGE_MASK;
d24981d3 984
0dc3f44a 985 rcu_read_lock();
041603fe
PB		 986 block = qemu_get_ram_block(start);
987 assert(block == qemu_get_ram_block(end - 1));
1240be24 988 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 989 CPU_FOREACH(cpu) {
990 tlb_reset_dirty(cpu, start1, length);
991 }
0dc3f44a 992 rcu_read_unlock();
d24981d3
JQ		 993}
994
5579c7f3 995/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 996bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
997 ram_addr_t length,
998 unsigned client)
1ccde1cb 999{
5b82b703 1000 DirtyMemoryBlocks *blocks;
03eebc9e 1001 unsigned long end, page;
5b82b703 1002 bool dirty = false;
03eebc9e
SH		 1003
1004 if (length == 0) {
1005 return false;
1006 }
f23db169 1007
03eebc9e
SH		 1008 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1009 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1010
1011 rcu_read_lock();
1012
1013 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1014
1015 while (page < end) {
1016 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1017 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1018 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1019
1020 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1021 offset, num);
1022 page += num;
1023 }
1024
1025 rcu_read_unlock();
03eebc9e
SH		 1026
1027 if (dirty && tcg_enabled()) {
a2f4d5be 1028 tlb_reset_dirty_range_all(start, length);
5579c7f3 1029 }
03eebc9e
SH		 1030
1031 return dirty;
1ccde1cb
FB		 1032}
1033
79e2b9ae 1034/* Called from RCU critical section */
bb0e627a 1035hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1036 MemoryRegionSection *section,
1037 target_ulong vaddr,
1038 hwaddr paddr, hwaddr xlat,
1039 int prot,
1040 target_ulong *address)
e5548617 1041{
a8170e5e 1042 hwaddr iotlb;
e5548617
BS		 1043 CPUWatchpoint *wp;
1044
cc5bea60 1045 if (memory_region_is_ram(section->mr)) {
e5548617 1046 /* Normal RAM. */
e4e69794 1047 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1048 if (!section->readonly) {
b41aac4f 1049 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1050 } else {
b41aac4f 1051 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1052 }
1053 } else {
0b8e2c10
PM		 1054 AddressSpaceDispatch *d;
1055
1056 d = atomic_rcu_read(&section->address_space->dispatch);
1057 iotlb = section - d->map.sections;
149f54b5 1058 iotlb += xlat;
e5548617
BS		 1059 }
1060
1061 /* Make accesses to pages with watchpoints go via the
1062 watchpoint trap routines. */
ff4700b0 1063 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1064 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1065 /* Avoid trapping reads of pages with a write breakpoint. */
1066 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1067 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1068 *address |= TLB_MMIO;
1069 break;
1070 }
1071 }
1072 }
1073
1074 return iotlb;
1075}
9fa3e853
FB		 1076#endif /* defined(CONFIG_USER_ONLY) */
1077
e2eef170 1078#if !defined(CONFIG_USER_ONLY)
8da3ff18 1079
c227f099 1080static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1081 uint16_t section);
acc9d80b 1082static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1083
a2b257d6
IM		 1084static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1085 qemu_anon_ram_alloc;
91138037
MA		 1086
1087/*
1088 * Set a custom physical guest memory alloator.
1089 * Accelerators with unusual needs may need this. Hopefully, we can
1090 * get rid of it eventually.
1091 */
a2b257d6 1092void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1093{
1094 phys_mem_alloc = alloc;
1095}
1096
53cb28cb
MA		 1097static uint16_t phys_section_add(PhysPageMap *map,
1098 MemoryRegionSection *section)
5312bd8b 1099{
68f3f65b
PB		 1100 /* The physical section number is ORed with a page-aligned
1101 * pointer to produce the iotlb entries. Thus it should
1102 * never overflow into the page-aligned value.
1103 */
53cb28cb 1104 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1105
53cb28cb
MA		 1106 if (map->sections_nb == map->sections_nb_alloc) {
1107 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1108 map->sections = g_renew(MemoryRegionSection, map->sections,
1109 map->sections_nb_alloc);
5312bd8b 1110 }
53cb28cb 1111 map->sections[map->sections_nb] = *section;
dfde4e6e 1112 memory_region_ref(section->mr);
53cb28cb 1113 return map->sections_nb++;
5312bd8b
AK		 1114}
1115
058bc4b5
PB		 1116static void phys_section_destroy(MemoryRegion *mr)
1117{
55b4e80b
DS		 1118 bool have_sub_page = mr->subpage;
1119
dfde4e6e
PB		 1120 memory_region_unref(mr);
1121
55b4e80b 1122 if (have_sub_page) {
058bc4b5 1123 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1124 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1125 g_free(subpage);
1126 }
1127}
1128
6092666e 1129static void phys_sections_free(PhysPageMap *map)
5312bd8b 1130{
9affd6fc
PB		 1131 while (map->sections_nb > 0) {
1132 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1133 phys_section_destroy(section->mr);
1134 }
9affd6fc
PB		 1135 g_free(map->sections);
1136 g_free(map->nodes);
5312bd8b
AK		 1137}
1138
ac1970fb 1139static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1140{
1141 subpage_t *subpage;
a8170e5e 1142 hwaddr base = section->offset_within_address_space
0f0cb164 1143 & TARGET_PAGE_MASK;
97115a8d 1144 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1145 d->map.nodes, d->map.sections);
0f0cb164
AK		 1146 MemoryRegionSection subsection = {
1147 .offset_within_address_space = base,
052e87b0 1148 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1149 };
a8170e5e 1150 hwaddr start, end;
0f0cb164 1151
f3705d53 1152 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1153
f3705d53 1154 if (!(existing->mr->subpage)) {
acc9d80b 1155 subpage = subpage_init(d->as, base);
3be91e86 1156 subsection.address_space = d->as;
0f0cb164 1157 subsection.mr = &subpage->iomem;
ac1970fb 1158 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1159 phys_section_add(&d->map, &subsection));
0f0cb164 1160 } else {
f3705d53 1161 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1162 }
1163 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1164 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1165 subpage_register(subpage, start, end,
1166 phys_section_add(&d->map, section));
0f0cb164
AK		 1167}
1168
1169
052e87b0
PB		 1170static void register_multipage(AddressSpaceDispatch *d,
1171 MemoryRegionSection *section)
33417e70 1172{
a8170e5e 1173 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1174 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1175 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1176 TARGET_PAGE_BITS));
dd81124b 1177
733d5ef5
PB		 1178 assert(num_pages);
1179 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1180}
1181
ac1970fb 1182static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1183{
89ae337a 1184 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1185 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1186 MemoryRegionSection now = *section, remain = *section;
052e87b0 1187 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1188
733d5ef5
PB		 1189 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1190 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1191 - now.offset_within_address_space;
1192
052e87b0 1193 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1194 register_subpage(d, &now);
733d5ef5 1195 } else {
052e87b0 1196 now.size = int128_zero();
733d5ef5 1197 }
052e87b0
PB		 1198 while (int128_ne(remain.size, now.size)) {
1199 remain.size = int128_sub(remain.size, now.size);
1200 remain.offset_within_address_space += int128_get64(now.size);
1201 remain.offset_within_region += int128_get64(now.size);
69b67646 1202 now = remain;
052e87b0 1203 if (int128_lt(remain.size, page_size)) {
733d5ef5 1204 register_subpage(d, &now);
88266249 1205 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1206 now.size = page_size;
ac1970fb 1207 register_subpage(d, &now);
69b67646 1208 } else {
052e87b0 1209 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1210 register_multipage(d, &now);
69b67646 1211 }
0f0cb164
AK		 1212 }
1213}
1214
62a2744c
SY		 1215void qemu_flush_coalesced_mmio_buffer(void)
1216{
1217 if (kvm_enabled())
1218 kvm_flush_coalesced_mmio_buffer();
1219}
1220
b2a8658e
UD		 1221void qemu_mutex_lock_ramlist(void)
1222{
1223 qemu_mutex_lock(&ram_list.mutex);
1224}
1225
1226void qemu_mutex_unlock_ramlist(void)
1227{
1228 qemu_mutex_unlock(&ram_list.mutex);
1229}
1230
e1e84ba0 1231#ifdef __linux__
d6af99c9
HZ		 1232static int64_t get_file_size(int fd)
1233{
1234 int64_t size = lseek(fd, 0, SEEK_END);
1235 if (size < 0) {
1236 return -errno;
1237 }
1238 return size;
1239}
1240
04b16653
AW		 1241static void *file_ram_alloc(RAMBlock *block,
1242 ram_addr_t memory,
7f56e740
PB		 1243 const char *path,
1244 Error **errp)
c902760f 1245{
fd97fd44 1246 bool unlink_on_error = false;
c902760f 1247 char *filename;
8ca761f6
PF		 1248 char *sanitized_name;
1249 char *c;
056b68af 1250 void *area = MAP_FAILED;
5c3ece79 1251 int fd = -1;
d6af99c9 1252 int64_t file_size;
c902760f
MT		 1253
1254 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1255 error_setg(errp,
1256 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1257 return NULL;
c902760f
MT		 1258 }
1259
fd97fd44
MA		 1260 for (;;) {
1261 fd = open(path, O_RDWR);
1262 if (fd >= 0) {
1263 /* @path names an existing file, use it */
1264 break;
8d31d6b6 1265 }
fd97fd44
MA		 1266 if (errno == ENOENT) {
1267 /* @path names a file that doesn't exist, create it */
1268 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1269 if (fd >= 0) {
1270 unlink_on_error = true;
1271 break;
1272 }
1273 } else if (errno == EISDIR) {
1274 /* @path names a directory, create a file there */
1275 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1276 sanitized_name = g_strdup(memory_region_name(block->mr));
1277 for (c = sanitized_name; *c != '\0'; c++) {
1278 if (*c == '/') {
1279 *c = '_';
1280 }
1281 }
8ca761f6 1282
fd97fd44
MA		 1283 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1284 sanitized_name);
1285 g_free(sanitized_name);
8d31d6b6 1286
fd97fd44
MA		 1287 fd = mkstemp(filename);
1288 if (fd >= 0) {
1289 unlink(filename);
1290 g_free(filename);
1291 break;
1292 }
1293 g_free(filename);
8d31d6b6 1294 }
fd97fd44
MA		 1295 if (errno != EEXIST && errno != EINTR) {
1296 error_setg_errno(errp, errno,
1297 "can't open backing store %s for guest RAM",
1298 path);
1299 goto error;
1300 }
1301 /*
1302 * Try again on EINTR and EEXIST. The latter happens when
1303 * something else creates the file between our two open().
1304 */
8d31d6b6 1305 }
c902760f 1306
863e9621 1307 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1308 block->mr->align = block->page_size;
1309#if defined(__s390x__)
1310 if (kvm_enabled()) {
1311 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1312 }
1313#endif
fd97fd44 1314
d6af99c9
HZ		 1315 file_size = get_file_size(fd);
1316
863e9621 1317 if (memory < block->page_size) {
fd97fd44 1318 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1319 "or larger than page size 0x%zx",
1320 memory, block->page_size);
f9a49dfa 1321 goto error;
c902760f 1322 }
c902760f 1323
1775f111
HZ		 1324 if (file_size > 0 && file_size < memory) {
1325 error_setg(errp, "backing store %s size 0x%" PRIx64
1326 " does not match 'size' option 0x" RAM_ADDR_FMT,
1327 path, file_size, memory);
1328 goto error;
1329 }
1330
863e9621 1331 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1332
1333 /*
1334 * ftruncate is not supported by hugetlbfs in older
1335 * hosts, so don't bother bailing out on errors.
1336 * If anything goes wrong with it under other filesystems,
1337 * mmap will fail.
d6af99c9
HZ		 1338 *
1339 * Do not truncate the non-empty backend file to avoid corrupting
1340 * the existing data in the file. Disabling shrinking is not
1341 * enough. For example, the current vNVDIMM implementation stores
1342 * the guest NVDIMM labels at the end of the backend file. If the
1343 * backend file is later extended, QEMU will not be able to find
1344 * those labels. Therefore, extending the non-empty backend file
1345 * is disabled as well.
c902760f 1346 */
d6af99c9 1347 if (!file_size && ftruncate(fd, memory)) {
9742bf26 1348 perror("ftruncate");
7f56e740 1349 }
c902760f 1350
d2f39add
DD		 1351 area = qemu_ram_mmap(fd, memory, block->mr->align,
1352 block->flags & RAM_SHARED);
c902760f 1353 if (area == MAP_FAILED) {
7f56e740 1354 error_setg_errno(errp, errno,
fd97fd44 1355 "unable to map backing store for guest RAM");
f9a49dfa 1356 goto error;
c902760f 1357 }
ef36fa14
MT		 1358
1359 if (mem_prealloc) {
056b68af
IM		 1360 os_mem_prealloc(fd, area, memory, errp);
1361 if (errp && *errp) {
1362 goto error;
1363 }
ef36fa14
MT		 1364 }
1365
04b16653 1366 block->fd = fd;
c902760f 1367 return area;
f9a49dfa
MT		 1368
1369error:
056b68af
IM		 1370 if (area != MAP_FAILED) {
1371 qemu_ram_munmap(area, memory);
1372 }
fd97fd44
MA		 1373 if (unlink_on_error) {
1374 unlink(path);
1375 }
5c3ece79
PB		 1376 if (fd != -1) {
1377 close(fd);
1378 }
f9a49dfa 1379 return NULL;
c902760f
MT		 1380}
1381#endif
1382
0dc3f44a 1383/* Called with the ramlist lock held. */
d17b5288 1384static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1385{
1386 RAMBlock *block, *next_block;
3e837b2c 1387 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1388
49cd9ac6
SH		 1389 assert(size != 0); /* it would hand out same offset multiple times */
1390
0dc3f44a 1391 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1392 return 0;
0d53d9fe 1393 }
04b16653 1394
0dc3f44a 1395 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1396 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1397
62be4e3a 1398 end = block->offset + block->max_length;
04b16653 1399
0dc3f44a 1400 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1401 if (next_block->offset >= end) {
1402 next = MIN(next, next_block->offset);
1403 }
1404 }
1405 if (next - end >= size && next - end < mingap) {
3e837b2c 1406 offset = end;
04b16653
AW		 1407 mingap = next - end;
1408 }
1409 }
3e837b2c
AW		 1410
1411 if (offset == RAM_ADDR_MAX) {
1412 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1413 (uint64_t)size);
1414 abort();
1415 }
1416
04b16653
AW		 1417 return offset;
1418}
1419
652d7ec2 1420ram_addr_t last_ram_offset(void)
d17b5288
AW		 1421{
1422 RAMBlock *block;
1423 ram_addr_t last = 0;
1424
0dc3f44a
MD		 1425 rcu_read_lock();
1426 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1427 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1428 }
0dc3f44a 1429 rcu_read_unlock();
d17b5288
AW		 1430 return last;
1431}
1432
ddb97f1d
JB		 1433static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1434{
1435 int ret;
ddb97f1d
JB		 1436
1437 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1438 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1439 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1440 if (ret) {
1441 perror("qemu_madvise");
1442 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1443 "but dump_guest_core=off specified\n");
1444 }
1445 }
1446}
1447
422148d3
DDAG		 1448const char *qemu_ram_get_idstr(RAMBlock *rb)
1449{
1450 return rb->idstr;
1451}
1452
ae3a7047 1453/* Called with iothread lock held. */
fa53a0e5 1454void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1455{
fa53a0e5 1456 RAMBlock *block;
20cfe881 1457
c5705a77
AK		 1458 assert(new_block);
1459 assert(!new_block->idstr[0]);
84b89d78 1460
09e5ab63
AL		 1461 if (dev) {
1462 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1463 if (id) {
1464 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1465 g_free(id);
84b89d78
CM		 1466 }
1467 }
1468 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1469
ab0a9956 1470 rcu_read_lock();
0dc3f44a 1471 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1472 if (block != new_block &&
1473 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1474 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1475 new_block->idstr);
1476 abort();
1477 }
1478 }
0dc3f44a 1479 rcu_read_unlock();
c5705a77
AK		 1480}
1481
ae3a7047 1482/* Called with iothread lock held. */
fa53a0e5 1483void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1484{
ae3a7047
MD		 1485 /* FIXME: arch_init.c assumes that this is not called throughout
1486 * migration. Ignore the problem since hot-unplug during migration
1487 * does not work anyway.
1488 */
20cfe881
HT		 1489 if (block) {
1490 memset(block->idstr, 0, sizeof(block->idstr));
1491 }
1492}
1493
863e9621
DDAG		 1494size_t qemu_ram_pagesize(RAMBlock *rb)
1495{
1496 return rb->page_size;
1497}
1498
8490fc78
LC		 1499static int memory_try_enable_merging(void *addr, size_t len)
1500{
75cc7f01 1501 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1502 /* disabled by the user */
1503 return 0;
1504 }
1505
1506 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1507}
1508
62be4e3a
MT		 1509/* Only legal before guest might have detected the memory size: e.g. on
1510 * incoming migration, or right after reset.
1511 *
1512 * As memory core doesn't know how is memory accessed, it is up to
1513 * resize callback to update device state and/or add assertions to detect
1514 * misuse, if necessary.
1515 */
fa53a0e5 1516int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1517{
62be4e3a
MT		 1518 assert(block);
1519
4ed023ce 1520 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1521
62be4e3a
MT		 1522 if (block->used_length == newsize) {
1523 return 0;
1524 }
1525
1526 if (!(block->flags & RAM_RESIZEABLE)) {
1527 error_setg_errno(errp, EINVAL,
1528 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1529 " in != 0x" RAM_ADDR_FMT, block->idstr,
1530 newsize, block->used_length);
1531 return -EINVAL;
1532 }
1533
1534 if (block->max_length < newsize) {
1535 error_setg_errno(errp, EINVAL,
1536 "Length too large: %s: 0x" RAM_ADDR_FMT
1537 " > 0x" RAM_ADDR_FMT, block->idstr,
1538 newsize, block->max_length);
1539 return -EINVAL;
1540 }
1541
1542 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1543 block->used_length = newsize;
58d2707e
PB		 1544 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1545 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1546 memory_region_set_size(block->mr, newsize);
1547 if (block->resized) {
1548 block->resized(block->idstr, newsize, block->host);
1549 }
1550 return 0;
1551}
1552
5b82b703
SH		 1553/* Called with ram_list.mutex held */
1554static void dirty_memory_extend(ram_addr_t old_ram_size,
1555 ram_addr_t new_ram_size)
1556{
1557 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1558 DIRTY_MEMORY_BLOCK_SIZE);
1559 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1560 DIRTY_MEMORY_BLOCK_SIZE);
1561 int i;
1562
1563 /* Only need to extend if block count increased */
1564 if (new_num_blocks <= old_num_blocks) {
1565 return;
1566 }
1567
1568 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1569 DirtyMemoryBlocks *old_blocks;
1570 DirtyMemoryBlocks *new_blocks;
1571 int j;
1572
1573 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1574 new_blocks = g_malloc(sizeof(*new_blocks) +
1575 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1576
1577 if (old_num_blocks) {
1578 memcpy(new_blocks->blocks, old_blocks->blocks,
1579 old_num_blocks * sizeof(old_blocks->blocks[0]));
1580 }
1581
1582 for (j = old_num_blocks; j < new_num_blocks; j++) {
1583 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1584 }
1585
1586 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1587
1588 if (old_blocks) {
1589 g_free_rcu(old_blocks, rcu);
1590 }
1591 }
1592}
1593
528f46af 1594static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1595{
e1c57ab8 1596 RAMBlock *block;
0d53d9fe 1597 RAMBlock *last_block = NULL;
2152f5ca 1598 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1599 Error *err = NULL;
2152f5ca
JQ		 1600
1601 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1602
b2a8658e 1603 qemu_mutex_lock_ramlist();
9b8424d5 1604 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1605
1606 if (!new_block->host) {
1607 if (xen_enabled()) {
9b8424d5 1608 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1609 new_block->mr, &err);
1610 if (err) {
1611 error_propagate(errp, err);
1612 qemu_mutex_unlock_ramlist();
39c350ee 1613 return;
37aa7a0e 1614 }
e1c57ab8 1615 } else {
9b8424d5 1616 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1617 &new_block->mr->align);
39228250 1618 if (!new_block->host) {
ef701d7b
HT		 1619 error_setg_errno(errp, errno,
1620 "cannot set up guest memory '%s'",
1621 memory_region_name(new_block->mr));
1622 qemu_mutex_unlock_ramlist();
39c350ee 1623 return;
39228250 1624 }
9b8424d5 1625 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1626 }
c902760f 1627 }
94a6b54f 1628
dd631697
LZ		 1629 new_ram_size = MAX(old_ram_size,
1630 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1631 if (new_ram_size > old_ram_size) {
1632 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1633 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1634 }
0d53d9fe
MD		 1635 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1636 * QLIST (which has an RCU-friendly variant) does not have insertion at
1637 * tail, so save the last element in last_block.
1638 */
0dc3f44a 1639 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1640 last_block = block;
9b8424d5 1641 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1642 break;
1643 }
1644 }
1645 if (block) {
0dc3f44a 1646 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1647 } else if (last_block) {
0dc3f44a 1648 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1649 } else { /* list is empty */
0dc3f44a 1650 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1651 }
0d6d3c87 1652 ram_list.mru_block = NULL;
94a6b54f 1653
0dc3f44a
MD		 1654 /* Write list before version */
1655 smp_wmb();
f798b07f 1656 ram_list.version++;
b2a8658e 1657 qemu_mutex_unlock_ramlist();
f798b07f 1658
9b8424d5 1659 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1660 new_block->used_length,
1661 DIRTY_CLIENTS_ALL);
94a6b54f 1662
a904c911
PB		 1663 if (new_block->host) {
1664 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1665 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1666 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1667 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1668 }
94a6b54f 1669}
e9a1ab19 1670
0b183fc8 1671#ifdef __linux__
528f46af
FZ		 1672RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1673 bool share, const char *mem_path,
1674 Error **errp)
e1c57ab8
PB		 1675{
1676 RAMBlock *new_block;
ef701d7b 1677 Error *local_err = NULL;
e1c57ab8
PB		 1678
1679 if (xen_enabled()) {
7f56e740 1680 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1681 return NULL;
e1c57ab8
PB		 1682 }
1683
1684 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1685 /*
1686 * file_ram_alloc() needs to allocate just like
1687 * phys_mem_alloc, but we haven't bothered to provide
1688 * a hook there.
1689 */
7f56e740
PB		 1690 error_setg(errp,
1691 "-mem-path not supported with this accelerator");
528f46af 1692 return NULL;
e1c57ab8
PB		 1693 }
1694
4ed023ce 1695 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1696 new_block = g_malloc0(sizeof(*new_block));
1697 new_block->mr = mr;
9b8424d5
MT		 1698 new_block->used_length = size;
1699 new_block->max_length = size;
dbcb8981 1700 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1701 new_block->host = file_ram_alloc(new_block, size,
1702 mem_path, errp);
1703 if (!new_block->host) {
1704 g_free(new_block);
528f46af 1705 return NULL;
7f56e740
PB		 1706 }
1707
528f46af 1708 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1709 if (local_err) {
1710 g_free(new_block);
1711 error_propagate(errp, local_err);
528f46af 1712 return NULL;
ef701d7b 1713 }
528f46af 1714 return new_block;
e1c57ab8 1715}
0b183fc8 1716#endif
e1c57ab8 1717
62be4e3a 1718static
528f46af
FZ		 1719RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1720 void (*resized)(const char*,
1721 uint64_t length,
1722 void *host),
1723 void *host, bool resizeable,
1724 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1725{
1726 RAMBlock *new_block;
ef701d7b 1727 Error *local_err = NULL;
e1c57ab8 1728
4ed023ce
DDAG		 1729 size = HOST_PAGE_ALIGN(size);
1730 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1731 new_block = g_malloc0(sizeof(*new_block));
1732 new_block->mr = mr;
62be4e3a 1733 new_block->resized = resized;
9b8424d5
MT		 1734 new_block->used_length = size;
1735 new_block->max_length = max_size;
62be4e3a 1736 assert(max_size >= size);
e1c57ab8 1737 new_block->fd = -1;
863e9621 1738 new_block->page_size = getpagesize();
e1c57ab8
PB		 1739 new_block->host = host;
1740 if (host) {
7bd4f430 1741 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1742 }
62be4e3a
MT		 1743 if (resizeable) {
1744 new_block->flags |= RAM_RESIZEABLE;
1745 }
528f46af 1746 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1747 if (local_err) {
1748 g_free(new_block);
1749 error_propagate(errp, local_err);
528f46af 1750 return NULL;
ef701d7b 1751 }
528f46af 1752 return new_block;
e1c57ab8
PB		 1753}
1754
528f46af 1755RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1756 MemoryRegion *mr, Error **errp)
1757{
1758 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1759}
1760
528f46af 1761RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1762{
62be4e3a
MT		 1763 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1764}
1765
528f46af 1766RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1767 void (*resized)(const char*,
1768 uint64_t length,
1769 void *host),
1770 MemoryRegion *mr, Error **errp)
1771{
1772 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1773}
1774
43771539
PB		 1775static void reclaim_ramblock(RAMBlock *block)
1776{
1777 if (block->flags & RAM_PREALLOC) {
1778 ;
1779 } else if (xen_enabled()) {
1780 xen_invalidate_map_cache_entry(block->host);
1781#ifndef _WIN32
1782 } else if (block->fd >= 0) {
2f3a2bb1 1783 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1784 close(block->fd);
1785#endif
1786 } else {
1787 qemu_anon_ram_free(block->host, block->max_length);
1788 }
1789 g_free(block);
1790}
1791
f1060c55 1792void qemu_ram_free(RAMBlock *block)
e9a1ab19 1793{
85bc2a15
MAL		 1794 if (!block) {
1795 return;
1796 }
1797
b2a8658e 1798 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1799 QLIST_REMOVE_RCU(block, next);
1800 ram_list.mru_block = NULL;
1801 /* Write list before version */
1802 smp_wmb();
1803 ram_list.version++;
1804 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1805 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1806}
1807
cd19cfa2
HY		 1808#ifndef _WIN32
1809void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1810{
1811 RAMBlock *block;
1812 ram_addr_t offset;
1813 int flags;
1814 void *area, *vaddr;
1815
0dc3f44a 1816 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1817 offset = addr - block->offset;
9b8424d5 1818 if (offset < block->max_length) {
1240be24 1819 vaddr = ramblock_ptr(block, offset);
7bd4f430 1820 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1821 ;
dfeaf2ab
MA		 1822 } else if (xen_enabled()) {
1823 abort();
cd19cfa2
HY		 1824 } else {
1825 flags = MAP_FIXED;
3435f395 1826 if (block->fd >= 0) {
dbcb8981
PB		 1827 flags |= (block->flags & RAM_SHARED ?
1828 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1829 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1830 flags, block->fd, offset);
cd19cfa2 1831 } else {
2eb9fbaa
MA		 1832 /*
1833 * Remap needs to match alloc. Accelerators that
1834 * set phys_mem_alloc never remap. If they did,
1835 * we'd need a remap hook here.
1836 */
1837 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1838
cd19cfa2
HY		 1839 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1840 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1841 flags, -1, 0);
cd19cfa2
HY		 1842 }
1843 if (area != vaddr) {
f15fbc4b
AP		 1844 fprintf(stderr, "Could not remap addr: "
1845 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1846 length, addr);
1847 exit(1);
1848 }
8490fc78 1849 memory_try_enable_merging(vaddr, length);
ddb97f1d 1850 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1851 }
cd19cfa2
HY		 1852 }
1853 }
1854}
1855#endif /* !_WIN32 */
1856
1b5ec234 1857/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1858 * This should not be used for general purpose DMA. Use address_space_map
1859 * or address_space_rw instead. For local memory (e.g. video ram) that the
1860 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1861 *
49b24afc 1862 * Called within RCU critical section.
1b5ec234 1863 */
0878d0e1 1864void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1865{
3655cb9c
GA		 1866 RAMBlock *block = ram_block;
1867
1868 if (block == NULL) {
1869 block = qemu_get_ram_block(addr);
0878d0e1 1870 addr -= block->offset;
3655cb9c 1871 }
ae3a7047
MD		 1872
1873 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1874 /* We need to check if the requested address is in the RAM
1875 * because we don't want to map the entire memory in QEMU.
1876 * In that case just map until the end of the page.
1877 */
1878 if (block->offset == 0) {
49b24afc 1879 return xen_map_cache(addr, 0, 0);
0d6d3c87 1880 }
ae3a7047
MD		 1881
1882 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1883 }
0878d0e1 1884 return ramblock_ptr(block, addr);
dc828ca1
PB		 1885}
1886
0878d0e1 1887/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1888 * but takes a size argument.
0dc3f44a 1889 *
e81bcda5 1890 * Called within RCU critical section.
ae3a7047 1891 */
3655cb9c
GA		 1892static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1893 hwaddr *size)
38bee5dc 1894{
3655cb9c 1895 RAMBlock *block = ram_block;
8ab934f9
SS		 1896 if (*size == 0) {
1897 return NULL;
1898 }
e81bcda5 1899
3655cb9c
GA		 1900 if (block == NULL) {
1901 block = qemu_get_ram_block(addr);
0878d0e1 1902 addr -= block->offset;
3655cb9c 1903 }
0878d0e1 1904 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1905
1906 if (xen_enabled() && block->host == NULL) {
1907 /* We need to check if the requested address is in the RAM
1908 * because we don't want to map the entire memory in QEMU.
1909 * In that case just map the requested area.
1910 */
1911 if (block->offset == 0) {
1912 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1913 }
1914
e81bcda5 1915 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1916 }
e81bcda5 1917
0878d0e1 1918 return ramblock_ptr(block, addr);
38bee5dc
SS		 1919}
1920
422148d3
DDAG		 1921/*
1922 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1923 * in that RAMBlock.
1924 *
1925 * ptr: Host pointer to look up
1926 * round_offset: If true round the result offset down to a page boundary
1927 * *ram_addr: set to result ram_addr
1928 * *offset: set to result offset within the RAMBlock
1929 *
1930 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1931 *
1932 * By the time this function returns, the returned pointer is not protected
1933 * by RCU anymore. If the caller is not within an RCU critical section and
1934 * does not hold the iothread lock, it must have other means of protecting the
1935 * pointer, such as a reference to the region that includes the incoming
1936 * ram_addr_t.
1937 */
422148d3 1938RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1939 ram_addr_t *offset)
5579c7f3 1940{
94a6b54f
PB		 1941 RAMBlock *block;
1942 uint8_t *host = ptr;
1943
868bb33f 1944 if (xen_enabled()) {
f615f396 1945 ram_addr_t ram_addr;
0dc3f44a 1946 rcu_read_lock();
f615f396
PB		 1947 ram_addr = xen_ram_addr_from_mapcache(ptr);
1948 block = qemu_get_ram_block(ram_addr);
422148d3 1949 if (block) {
d6b6aec4 1950 *offset = ram_addr - block->offset;
422148d3 1951 }
0dc3f44a 1952 rcu_read_unlock();
422148d3 1953 return block;
712c2b41
SS		 1954 }
1955
0dc3f44a
MD		 1956 rcu_read_lock();
1957 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1958 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1959 goto found;
1960 }
1961
0dc3f44a 1962 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1963 /* This case append when the block is not mapped. */
1964 if (block->host == NULL) {
1965 continue;
1966 }
9b8424d5 1967 if (host - block->host < block->max_length) {
23887b79 1968 goto found;
f471a17e 1969 }
94a6b54f 1970 }
432d268c 1971
0dc3f44a 1972 rcu_read_unlock();
1b5ec234 1973 return NULL;
23887b79
PB		 1974
1975found:
422148d3
DDAG		 1976 *offset = (host - block->host);
1977 if (round_offset) {
1978 *offset &= TARGET_PAGE_MASK;
1979 }
0dc3f44a 1980 rcu_read_unlock();
422148d3
DDAG		 1981 return block;
1982}
1983
e3dd7493
DDAG		 1984/*
1985 * Finds the named RAMBlock
1986 *
1987 * name: The name of RAMBlock to find
1988 *
1989 * Returns: RAMBlock (or NULL if not found)
1990 */
1991RAMBlock *qemu_ram_block_by_name(const char *name)
1992{
1993 RAMBlock *block;
1994
1995 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1996 if (!strcmp(name, block->idstr)) {
1997 return block;
1998 }
1999 }
2000
2001 return NULL;
2002}
2003
422148d3
DDAG		 2004/* Some of the softmmu routines need to translate from a host pointer
2005 (typically a TLB entry) back to a ram offset. */
07bdaa41 2006ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 2007{
2008 RAMBlock *block;
f615f396 2009 ram_addr_t offset;
422148d3 2010
f615f396 2011 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 2012 if (!block) {
07bdaa41 2013 return RAM_ADDR_INVALID;
422148d3
DDAG		 2014 }
2015
07bdaa41 2016 return block->offset + offset;
e890261f 2017}
f471a17e 2018
49b24afc 2019/* Called within RCU critical section. */
a8170e5e 2020static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2021 uint64_t val, unsigned size)
9fa3e853 2022{
ba051fb5
AB		 2023 bool locked = false;
2024
52159192 2025 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
ba051fb5
AB		 2026 locked = true;
2027 tb_lock();
0e0df1e2 2028 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2029 }
0e0df1e2
AK		 2030 switch (size) {
2031 case 1:
0878d0e1 2032 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2033 break;
2034 case 2:
0878d0e1 2035 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2036 break;
2037 case 4:
0878d0e1 2038 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2039 break;
2040 default:
2041 abort();
3a7d929e 2042 }
ba051fb5
AB		 2043
2044 if (locked) {
2045 tb_unlock();
2046 }
2047
58d2707e
PB		 2048 /* Set both VGA and migration bits for simplicity and to remove
2049 * the notdirty callback faster.
2050 */
2051 cpu_physical_memory_set_dirty_range(ram_addr, size,
2052 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2053 /* we remove the notdirty callback only if the code has been
2054 flushed */
a2cd8c85 2055 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2056 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2057 }
9fa3e853
FB		 2058}
2059
b018ddf6
PB		 2060static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2061 unsigned size, bool is_write)
2062{
2063 return is_write;
2064}
2065
0e0df1e2 2066static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2067 .write = notdirty_mem_write,
b018ddf6 2068 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2069 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2070};
2071
0f459d16 2072/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2073static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2074{
93afeade 2075 CPUState *cpu = current_cpu;
568496c0 2076 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2077 CPUArchState *env = cpu->env_ptr;
06d55cc1 2078 target_ulong pc, cs_base;
0f459d16 2079 target_ulong vaddr;
a1d1bb31 2080 CPUWatchpoint *wp;
89fee74a 2081 uint32_t cpu_flags;
0f459d16 2082
ff4700b0 2083 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2084 /* We re-entered the check after replacing the TB. Now raise
2085 * the debug interrupt so that is will trigger after the
2086 * current instruction. */
93afeade 2087 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2088 return;
2089 }
93afeade 2090 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2091 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2092 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2093 && (wp->flags & flags)) {
08225676
PM		 2094 if (flags == BP_MEM_READ) {
2095 wp->flags |= BP_WATCHPOINT_HIT_READ;
2096 } else {
2097 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2098 }
2099 wp->hitaddr = vaddr;
66b9b43c 2100 wp->hitattrs = attrs;
ff4700b0 2101 if (!cpu->watchpoint_hit) {
568496c0
SF		 2102 if (wp->flags & BP_CPU &&
2103 !cc->debug_check_watchpoint(cpu, wp)) {
2104 wp->flags &= ~BP_WATCHPOINT_HIT;
2105 continue;
2106 }
ff4700b0 2107 cpu->watchpoint_hit = wp;
a5e99826
FK		 2108
2109 /* The tb_lock will be reset when cpu_loop_exit or
2110 * cpu_loop_exit_noexc longjmp back into the cpu_exec
2111 * main loop.
2112 */
2113 tb_lock();
239c51a5 2114 tb_check_watchpoint(cpu);
6e140f28 2115 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2116 cpu->exception_index = EXCP_DEBUG;
5638d180 2117 cpu_loop_exit(cpu);
6e140f28
AL		 2118 } else {
2119 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2120 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2121 cpu_loop_exit_noexc(cpu);
6e140f28 2122 }
06d55cc1 2123 }
6e140f28
AL		 2124 } else {
2125 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2126 }
2127 }
2128}
2129
6658ffb8
PB		 2130/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2131 so these check for a hit then pass through to the normal out-of-line
2132 phys routines. */
66b9b43c
PM		 2133static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2134 unsigned size, MemTxAttrs attrs)
6658ffb8 2135{
66b9b43c
PM		 2136 MemTxResult res;
2137 uint64_t data;
79ed0416
PM		 2138 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2139 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2140
2141 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2142 switch (size) {
66b9b43c 2143 case 1:
79ed0416 2144 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2145 break;
2146 case 2:
79ed0416 2147 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2148 break;
2149 case 4:
79ed0416 2150 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2151 break;
1ec9b909
AK		 2152 default: abort();
2153 }
66b9b43c
PM		 2154 *pdata = data;
2155 return res;
6658ffb8
PB		 2156}
2157
66b9b43c
PM		 2158static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2159 uint64_t val, unsigned size,
2160 MemTxAttrs attrs)
6658ffb8 2161{
66b9b43c 2162 MemTxResult res;
79ed0416
PM		 2163 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2164 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2165
2166 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2167 switch (size) {
67364150 2168 case 1:
79ed0416 2169 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2170 break;
2171 case 2:
79ed0416 2172 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2173 break;
2174 case 4:
79ed0416 2175 address_space_stl(as, addr, val, attrs, &res);
67364150 2176 break;
1ec9b909
AK		 2177 default: abort();
2178 }
66b9b43c 2179 return res;
6658ffb8
PB		 2180}
2181
1ec9b909 2182static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2183 .read_with_attrs = watch_mem_read,
2184 .write_with_attrs = watch_mem_write,
1ec9b909 2185 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2186};
6658ffb8 2187
f25a49e0
PM		 2188static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2189 unsigned len, MemTxAttrs attrs)
db7b5426 2190{
acc9d80b 2191 subpage_t *subpage = opaque;
ff6cff75 2192 uint8_t buf[8];
5c9eb028 2193 MemTxResult res;
791af8c8 2194
db7b5426 2195#if defined(DEBUG_SUBPAGE)
016e9d62 2196 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2197 subpage, len, addr);
db7b5426 2198#endif
5c9eb028
PM		 2199 res = address_space_read(subpage->as, addr + subpage->base,
2200 attrs, buf, len);
2201 if (res) {
2202 return res;
f25a49e0 2203 }
acc9d80b
JK		 2204 switch (len) {
2205 case 1:
f25a49e0
PM		 2206 *data = ldub_p(buf);
2207 return MEMTX_OK;
acc9d80b 2208 case 2:
f25a49e0
PM		 2209 *data = lduw_p(buf);
2210 return MEMTX_OK;
acc9d80b 2211 case 4:
f25a49e0
PM		 2212 *data = ldl_p(buf);
2213 return MEMTX_OK;
ff6cff75 2214 case 8:
f25a49e0
PM		 2215 *data = ldq_p(buf);
2216 return MEMTX_OK;
acc9d80b
JK		 2217 default:
2218 abort();
2219 }
db7b5426
BS		 2220}
2221
f25a49e0
PM		 2222static MemTxResult subpage_write(void *opaque, hwaddr addr,
2223 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2224{
acc9d80b 2225 subpage_t *subpage = opaque;
ff6cff75 2226 uint8_t buf[8];
acc9d80b 2227
db7b5426 2228#if defined(DEBUG_SUBPAGE)
016e9d62 2229 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2230 " value %"PRIx64"\n",
2231 __func__, subpage, len, addr, value);
db7b5426 2232#endif
acc9d80b
JK		 2233 switch (len) {
2234 case 1:
2235 stb_p(buf, value);
2236 break;
2237 case 2:
2238 stw_p(buf, value);
2239 break;
2240 case 4:
2241 stl_p(buf, value);
2242 break;
ff6cff75
PB		 2243 case 8:
2244 stq_p(buf, value);
2245 break;
acc9d80b
JK		 2246 default:
2247 abort();
2248 }
5c9eb028
PM		 2249 return address_space_write(subpage->as, addr + subpage->base,
2250 attrs, buf, len);
db7b5426
BS		 2251}
2252
c353e4cc 2253static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2254 unsigned len, bool is_write)
c353e4cc 2255{
acc9d80b 2256 subpage_t *subpage = opaque;
c353e4cc 2257#if defined(DEBUG_SUBPAGE)
016e9d62 2258 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2259 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2260#endif
2261
acc9d80b 2262 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2263 len, is_write);
c353e4cc
PB		 2264}
2265
70c68e44 2266static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2267 .read_with_attrs = subpage_read,
2268 .write_with_attrs = subpage_write,
ff6cff75
PB		 2269 .impl.min_access_size = 1,
2270 .impl.max_access_size = 8,
2271 .valid.min_access_size = 1,
2272 .valid.max_access_size = 8,
c353e4cc 2273 .valid.accepts = subpage_accepts,
70c68e44 2274 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2275};
2276
c227f099 2277static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2278 uint16_t section)
db7b5426
BS		 2279{
2280 int idx, eidx;
2281
2282 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2283 return -1;
2284 idx = SUBPAGE_IDX(start);
2285 eidx = SUBPAGE_IDX(end);
2286#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2287 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2288 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2289#endif
db7b5426 2290 for (; idx <= eidx; idx++) {
5312bd8b 2291 mmio->sub_section[idx] = section;
db7b5426
BS		 2292 }
2293
2294 return 0;
2295}
2296
acc9d80b 2297static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2298{
c227f099 2299 subpage_t *mmio;
db7b5426 2300
2615fabd 2301 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
acc9d80b 2302 mmio->as = as;
1eec614b 2303 mmio->base = base;
2c9b15ca 2304 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2305 NULL, TARGET_PAGE_SIZE);
b3b00c78 2306 mmio->iomem.subpage = true;
db7b5426 2307#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2308 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2309 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2310#endif
b41aac4f 2311 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2312
2313 return mmio;
2314}
2315
a656e22f
PC		 2316static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2317 MemoryRegion *mr)
5312bd8b 2318{
a656e22f 2319 assert(as);
5312bd8b 2320 MemoryRegionSection section = {
a656e22f 2321 .address_space = as,
5312bd8b
AK		 2322 .mr = mr,
2323 .offset_within_address_space = 0,
2324 .offset_within_region = 0,
052e87b0 2325 .size = int128_2_64(),
5312bd8b
AK		 2326 };
2327
53cb28cb 2328 return phys_section_add(map, &section);
5312bd8b
AK		 2329}
2330
a54c87b6 2331MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2332{
a54c87b6
PM		 2333 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2334 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2335 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2336 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2337
2338 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2339}
2340
e9179ce1
AK		 2341static void io_mem_init(void)
2342{
1f6245e5 2343 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2344 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2345 NULL, UINT64_MAX);
2c9b15ca 2346 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2347 NULL, UINT64_MAX);
2c9b15ca 2348 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2349 NULL, UINT64_MAX);
e9179ce1
AK		 2350}
2351
ac1970fb 2352static void mem_begin(MemoryListener *listener)
00752703
PB		 2353{
2354 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2355 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2356 uint16_t n;
2357
a656e22f 2358 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2359 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2360 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2361 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2362 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2363 assert(n == PHYS_SECTION_ROM);
a656e22f 2364 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2365 assert(n == PHYS_SECTION_WATCH);
00752703 2366
9736e55b 2367 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2368 d->as = as;
2369 as->next_dispatch = d;
2370}
2371
79e2b9ae
PB		 2372static void address_space_dispatch_free(AddressSpaceDispatch *d)
2373{
2374 phys_sections_free(&d->map);
2375 g_free(d);
2376}
2377
00752703 2378static void mem_commit(MemoryListener *listener)
ac1970fb 2379{
89ae337a 2380 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2381 AddressSpaceDispatch *cur = as->dispatch;
2382 AddressSpaceDispatch *next = as->next_dispatch;
2383
53cb28cb 2384 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2385
79e2b9ae 2386 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2387 if (cur) {
79e2b9ae 2388 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2389 }
9affd6fc
PB		 2390}
2391
1d71148e 2392static void tcg_commit(MemoryListener *listener)
50c1e149 2393{
32857f4d
PM		 2394 CPUAddressSpace *cpuas;
2395 AddressSpaceDispatch *d;
117712c3
AK		 2396
2397 /* since each CPU stores ram addresses in its TLB cache, we must
2398 reset the modified entries */
32857f4d
PM		 2399 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2400 cpu_reloading_memory_map();
2401 /* The CPU and TLB are protected by the iothread lock.
2402 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2403 * may have split the RCU critical section.
2404 */
2405 d = atomic_rcu_read(&cpuas->as->dispatch);
f35e44e7 2406 atomic_rcu_set(&cpuas->memory_dispatch, d);
32857f4d 2407 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2408}
2409
ac1970fb
AK		 2410void address_space_init_dispatch(AddressSpace *as)
2411{
00752703 2412 as->dispatch = NULL;
89ae337a 2413 as->dispatch_listener = (MemoryListener) {
ac1970fb 2414 .begin = mem_begin,
00752703 2415 .commit = mem_commit,
ac1970fb
AK		 2416 .region_add = mem_add,
2417 .region_nop = mem_add,
2418 .priority = 0,
2419 };
89ae337a 2420 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2421}
2422
6e48e8f9
PB		 2423void address_space_unregister(AddressSpace *as)
2424{
2425 memory_listener_unregister(&as->dispatch_listener);
2426}
2427
83f3c251
AK		 2428void address_space_destroy_dispatch(AddressSpace *as)
2429{
2430 AddressSpaceDispatch *d = as->dispatch;
2431
79e2b9ae
PB		 2432 atomic_rcu_set(&as->dispatch, NULL);
2433 if (d) {
2434 call_rcu(d, address_space_dispatch_free, rcu);
2435 }
83f3c251
AK		 2436}
2437
62152b8a
AK		 2438static void memory_map_init(void)
2439{
7267c094 2440 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2441
57271d63 2442 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2443 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2444
7267c094 2445 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2446 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2447 65536);
7dca8043 2448 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2449}
2450
2451MemoryRegion *get_system_memory(void)
2452{
2453 return system_memory;
2454}
2455
309cb471
AK		 2456MemoryRegion *get_system_io(void)
2457{
2458 return system_io;
2459}
2460
e2eef170
PB		 2461#endif /* !defined(CONFIG_USER_ONLY) */
2462
13eb76e0
FB		 2463/* physical memory access (slow version, mainly for debug) */
2464#if defined(CONFIG_USER_ONLY)
f17ec444 2465int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2466 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2467{
2468 int l, flags;
2469 target_ulong page;
53a5960a 2470 void * p;
13eb76e0
FB		 2471
2472 while (len > 0) {
2473 page = addr & TARGET_PAGE_MASK;
2474 l = (page + TARGET_PAGE_SIZE) - addr;
2475 if (l > len)
2476 l = len;
2477 flags = page_get_flags(page);
2478 if (!(flags & PAGE_VALID))
a68fe89c 2479 return -1;
13eb76e0
FB		 2480 if (is_write) {
2481 if (!(flags & PAGE_WRITE))
a68fe89c 2482 return -1;
579a97f7 2483 /* XXX: this code should not depend on lock_user */
72fb7daa 2484 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2485 return -1;
72fb7daa
AJ		 2486 memcpy(p, buf, l);
2487 unlock_user(p, addr, l);
13eb76e0
FB		 2488 } else {
2489 if (!(flags & PAGE_READ))
a68fe89c 2490 return -1;
579a97f7 2491 /* XXX: this code should not depend on lock_user */
72fb7daa 2492 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2493 return -1;
72fb7daa 2494 memcpy(buf, p, l);
5b257578 2495 unlock_user(p, addr, 0);
13eb76e0
FB		 2496 }
2497 len -= l;
2498 buf += l;
2499 addr += l;
2500 }
a68fe89c 2501 return 0;
13eb76e0 2502}
8df1cd07 2503
13eb76e0 2504#else
51d7a9eb 2505
845b6214 2506static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2507 hwaddr length)
51d7a9eb 2508{
e87f7778 2509 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2510 addr += memory_region_get_ram_addr(mr);
2511
e87f7778
PB		 2512 /* No early return if dirty_log_mask is or becomes 0, because
2513 * cpu_physical_memory_set_dirty_range will still call
2514 * xen_modified_memory.
2515 */
2516 if (dirty_log_mask) {
2517 dirty_log_mask =
2518 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2519 }
2520 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
ba051fb5 2521 tb_lock();
e87f7778 2522 tb_invalidate_phys_range(addr, addr + length);
ba051fb5 2523 tb_unlock();
e87f7778 2524 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2525 }
e87f7778 2526 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2527}
2528
23326164 2529static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2530{
e1622f4b 2531 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2532
2533 /* Regions are assumed to support 1-4 byte accesses unless
2534 otherwise specified. */
23326164
RH		 2535 if (access_size_max == 0) {
2536 access_size_max = 4;
2537 }
2538
2539 /* Bound the maximum access by the alignment of the address. */
2540 if (!mr->ops->impl.unaligned) {
2541 unsigned align_size_max = addr & -addr;
2542 if (align_size_max != 0 && align_size_max < access_size_max) {
2543 access_size_max = align_size_max;
2544 }
82f2563f 2545 }
23326164
RH		 2546
2547 /* Don't attempt accesses larger than the maximum. */
2548 if (l > access_size_max) {
2549 l = access_size_max;
82f2563f 2550 }
6554f5c0 2551 l = pow2floor(l);
23326164
RH		 2552
2553 return l;
82f2563f
PB		 2554}
2555
4840f10e 2556static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2557{
4840f10e
JK		 2558 bool unlocked = !qemu_mutex_iothread_locked();
2559 bool release_lock = false;
2560
2561 if (unlocked && mr->global_locking) {
2562 qemu_mutex_lock_iothread();
2563 unlocked = false;
2564 release_lock = true;
2565 }
125b3806 2566 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2567 if (unlocked) {
2568 qemu_mutex_lock_iothread();
2569 }
125b3806 2570 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2571 if (unlocked) {
2572 qemu_mutex_unlock_iothread();
2573 }
125b3806 2574 }
4840f10e
JK		 2575
2576 return release_lock;
125b3806
PB		 2577}
2578
a203ac70
PB		 2579/* Called within RCU critical section. */
2580static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2581 MemTxAttrs attrs,
2582 const uint8_t *buf,
2583 int len, hwaddr addr1,
2584 hwaddr l, MemoryRegion *mr)
13eb76e0 2585{
13eb76e0 2586 uint8_t *ptr;
791af8c8 2587 uint64_t val;
3b643495 2588 MemTxResult result = MEMTX_OK;
4840f10e 2589 bool release_lock = false;
3b46e624 2590
a203ac70 2591 for (;;) {
eb7eeb88
PB		 2592 if (!memory_access_is_direct(mr, true)) {
2593 release_lock |= prepare_mmio_access(mr);
2594 l = memory_access_size(mr, l, addr1);
2595 /* XXX: could force current_cpu to NULL to avoid
2596 potential bugs */
2597 switch (l) {
2598 case 8:
2599 /* 64 bit write access */
2600 val = ldq_p(buf);
2601 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2602 attrs);
2603 break;
2604 case 4:
2605 /* 32 bit write access */
2606 val = ldl_p(buf);
2607 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2608 attrs);
2609 break;
2610 case 2:
2611 /* 16 bit write access */
2612 val = lduw_p(buf);
2613 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2614 attrs);
2615 break;
2616 case 1:
2617 /* 8 bit write access */
2618 val = ldub_p(buf);
2619 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2620 attrs);
2621 break;
2622 default:
2623 abort();
13eb76e0
FB		 2624 }
2625 } else {
eb7eeb88 2626 /* RAM case */
0878d0e1 2627 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2628 memcpy(ptr, buf, l);
2629 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2630 }
4840f10e
JK		 2631
2632 if (release_lock) {
2633 qemu_mutex_unlock_iothread();
2634 release_lock = false;
2635 }
2636
13eb76e0
FB		 2637 len -= l;
2638 buf += l;
2639 addr += l;
a203ac70
PB		 2640
2641 if (!len) {
2642 break;
2643 }
2644
2645 l = len;
2646 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2647 }
fd8aaa76 2648
3b643495 2649 return result;
13eb76e0 2650}
8df1cd07 2651
a203ac70
PB		 2652MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2653 const uint8_t *buf, int len)
ac1970fb 2654{
eb7eeb88 2655 hwaddr l;
eb7eeb88
PB		 2656 hwaddr addr1;
2657 MemoryRegion *mr;
2658 MemTxResult result = MEMTX_OK;
eb7eeb88 2659
a203ac70
PB		 2660 if (len > 0) {
2661 rcu_read_lock();
eb7eeb88 2662 l = len;
a203ac70
PB		 2663 mr = address_space_translate(as, addr, &addr1, &l, true);
2664 result = address_space_write_continue(as, addr, attrs, buf, len,
2665 addr1, l, mr);
2666 rcu_read_unlock();
2667 }
2668
2669 return result;
2670}
2671
2672/* Called within RCU critical section. */
2673MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2674 MemTxAttrs attrs, uint8_t *buf,
2675 int len, hwaddr addr1, hwaddr l,
2676 MemoryRegion *mr)
2677{
2678 uint8_t *ptr;
2679 uint64_t val;
2680 MemTxResult result = MEMTX_OK;
2681 bool release_lock = false;
eb7eeb88 2682
a203ac70 2683 for (;;) {
eb7eeb88
PB		 2684 if (!memory_access_is_direct(mr, false)) {
2685 /* I/O case */
2686 release_lock |= prepare_mmio_access(mr);
2687 l = memory_access_size(mr, l, addr1);
2688 switch (l) {
2689 case 8:
2690 /* 64 bit read access */
2691 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2692 attrs);
2693 stq_p(buf, val);
2694 break;
2695 case 4:
2696 /* 32 bit read access */
2697 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2698 attrs);
2699 stl_p(buf, val);
2700 break;
2701 case 2:
2702 /* 16 bit read access */
2703 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2704 attrs);
2705 stw_p(buf, val);
2706 break;
2707 case 1:
2708 /* 8 bit read access */
2709 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2710 attrs);
2711 stb_p(buf, val);
2712 break;
2713 default:
2714 abort();
2715 }
2716 } else {
2717 /* RAM case */
0878d0e1 2718 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2719 memcpy(buf, ptr, l);
2720 }
2721
2722 if (release_lock) {
2723 qemu_mutex_unlock_iothread();
2724 release_lock = false;
2725 }
2726
2727 len -= l;
2728 buf += l;
2729 addr += l;
a203ac70
PB		 2730
2731 if (!len) {
2732 break;
2733 }
2734
2735 l = len;
2736 mr = address_space_translate(as, addr, &addr1, &l, false);
2737 }
2738
2739 return result;
2740}
2741
3cc8f884
PB		 2742MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2743 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2744{
2745 hwaddr l;
2746 hwaddr addr1;
2747 MemoryRegion *mr;
2748 MemTxResult result = MEMTX_OK;
2749
2750 if (len > 0) {
2751 rcu_read_lock();
2752 l = len;
2753 mr = address_space_translate(as, addr, &addr1, &l, false);
2754 result = address_space_read_continue(as, addr, attrs, buf, len,
2755 addr1, l, mr);
2756 rcu_read_unlock();
eb7eeb88 2757 }
eb7eeb88
PB		 2758
2759 return result;
ac1970fb
AK		 2760}
2761
eb7eeb88
PB		 2762MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2763 uint8_t *buf, int len, bool is_write)
2764{
2765 if (is_write) {
2766 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2767 } else {
2768 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2769 }
2770}
ac1970fb 2771
a8170e5e 2772void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2773 int len, int is_write)
2774{
5c9eb028
PM		 2775 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2776 buf, len, is_write);
ac1970fb
AK		 2777}
2778
582b55a9
AG		 2779enum write_rom_type {
2780 WRITE_DATA,
2781 FLUSH_CACHE,
2782};
2783
2a221651 2784static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2785 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2786{
149f54b5 2787 hwaddr l;
d0ecd2aa 2788 uint8_t *ptr;
149f54b5 2789 hwaddr addr1;
5c8a00ce 2790 MemoryRegion *mr;
3b46e624 2791
41063e1e 2792 rcu_read_lock();
d0ecd2aa 2793 while (len > 0) {
149f54b5 2794 l = len;
2a221651 2795 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2796
5c8a00ce
PB		 2797 if (!(memory_region_is_ram(mr) ||
2798 memory_region_is_romd(mr))) {
b242e0e0 2799 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2800 } else {
d0ecd2aa 2801 /* ROM/RAM case */
0878d0e1 2802 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2803 switch (type) {
2804 case WRITE_DATA:
2805 memcpy(ptr, buf, l);
845b6214 2806 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2807 break;
2808 case FLUSH_CACHE:
2809 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2810 break;
2811 }
d0ecd2aa
FB		 2812 }
2813 len -= l;
2814 buf += l;
2815 addr += l;
2816 }
41063e1e 2817 rcu_read_unlock();
d0ecd2aa
FB		 2818}
2819
582b55a9 2820/* used for ROM loading : can write in RAM and ROM */
2a221651 2821void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2822 const uint8_t *buf, int len)
2823{
2a221651 2824 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2825}
2826
2827void cpu_flush_icache_range(hwaddr start, int len)
2828{
2829 /*
2830 * This function should do the same thing as an icache flush that was
2831 * triggered from within the guest. For TCG we are always cache coherent,
2832 * so there is no need to flush anything. For KVM / Xen we need to flush
2833 * the host's instruction cache at least.
2834 */
2835 if (tcg_enabled()) {
2836 return;
2837 }
2838
2a221651
EI		 2839 cpu_physical_memory_write_rom_internal(&address_space_memory,
2840 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2841}
2842
6d16c2f8 2843typedef struct {
d3e71559 2844 MemoryRegion *mr;
6d16c2f8 2845 void *buffer;
a8170e5e
AK		 2846 hwaddr addr;
2847 hwaddr len;
c2cba0ff 2848 bool in_use;
6d16c2f8
AL		 2849} BounceBuffer;
2850
2851static BounceBuffer bounce;
2852
ba223c29 2853typedef struct MapClient {
e95205e1 2854 QEMUBH *bh;
72cf2d4f 2855 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2856} MapClient;
2857
38e047b5 2858QemuMutex map_client_list_lock;
72cf2d4f
BS		 2859static QLIST_HEAD(map_client_list, MapClient) map_client_list
2860 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2861
e95205e1
FZ		 2862static void cpu_unregister_map_client_do(MapClient *client)
2863{
2864 QLIST_REMOVE(client, link);
2865 g_free(client);
2866}
2867
33b6c2ed
FZ		 2868static void cpu_notify_map_clients_locked(void)
2869{
2870 MapClient *client;
2871
2872 while (!QLIST_EMPTY(&map_client_list)) {
2873 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2874 qemu_bh_schedule(client->bh);
2875 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2876 }
2877}
2878
e95205e1 2879void cpu_register_map_client(QEMUBH *bh)
ba223c29 2880{
7267c094 2881 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2882
38e047b5 2883 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2884 client->bh = bh;
72cf2d4f 2885 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2886 if (!atomic_read(&bounce.in_use)) {
2887 cpu_notify_map_clients_locked();
2888 }
38e047b5 2889 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2890}
2891
38e047b5 2892void cpu_exec_init_all(void)
ba223c29 2893{
38e047b5 2894 qemu_mutex_init(&ram_list.mutex);
20bccb82
PM		 2895 /* The data structures we set up here depend on knowing the page size,
2896 * so no more changes can be made after this point.
2897 * In an ideal world, nothing we did before we had finished the
2898 * machine setup would care about the target page size, and we could
2899 * do this much later, rather than requiring board models to state
2900 * up front what their requirements are.
2901 */
2902 finalize_target_page_bits();
38e047b5 2903 io_mem_init();
680a4783 2904 memory_map_init();
38e047b5 2905 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2906}
2907
e95205e1 2908void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2909{
2910 MapClient *client;
2911
e95205e1
FZ		 2912 qemu_mutex_lock(&map_client_list_lock);
2913 QLIST_FOREACH(client, &map_client_list, link) {
2914 if (client->bh == bh) {
2915 cpu_unregister_map_client_do(client);
2916 break;
2917 }
ba223c29 2918 }
e95205e1 2919 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2920}
2921
2922static void cpu_notify_map_clients(void)
2923{
38e047b5 2924 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2925 cpu_notify_map_clients_locked();
38e047b5 2926 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2927}
2928
51644ab7
PB		 2929bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2930{
5c8a00ce 2931 MemoryRegion *mr;
51644ab7
PB		 2932 hwaddr l, xlat;
2933
41063e1e 2934 rcu_read_lock();
51644ab7
PB		 2935 while (len > 0) {
2936 l = len;
5c8a00ce
PB		 2937 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2938 if (!memory_access_is_direct(mr, is_write)) {
2939 l = memory_access_size(mr, l, addr);
2940 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2941 return false;
2942 }
2943 }
2944
2945 len -= l;
2946 addr += l;
2947 }
41063e1e 2948 rcu_read_unlock();
51644ab7
PB		 2949 return true;
2950}
2951
6d16c2f8
AL		 2952/* Map a physical memory region into a host virtual address.
2953 * May map a subset of the requested range, given by and returned in *plen.
2954 * May return NULL if resources needed to perform the mapping are exhausted.
2955 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2956 * Use cpu_register_map_client() to know when retrying the map operation is
2957 * likely to succeed.
6d16c2f8 2958 */
ac1970fb 2959void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2960 hwaddr addr,
2961 hwaddr *plen,
ac1970fb 2962 bool is_write)
6d16c2f8 2963{
a8170e5e 2964 hwaddr len = *plen;
e3127ae0
PB		 2965 hwaddr done = 0;
2966 hwaddr l, xlat, base;
2967 MemoryRegion *mr, *this_mr;
e81bcda5 2968 void *ptr;
6d16c2f8 2969
e3127ae0
PB		 2970 if (len == 0) {
2971 return NULL;
2972 }
38bee5dc 2973
e3127ae0 2974 l = len;
41063e1e 2975 rcu_read_lock();
e3127ae0 2976 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2977
e3127ae0 2978 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2979 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2980 rcu_read_unlock();
e3127ae0 2981 return NULL;
6d16c2f8 2982 }
e85d9db5
KW		 2983 /* Avoid unbounded allocations */
2984 l = MIN(l, TARGET_PAGE_SIZE);
2985 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2986 bounce.addr = addr;
2987 bounce.len = l;
d3e71559
PB		 2988
2989 memory_region_ref(mr);
2990 bounce.mr = mr;
e3127ae0 2991 if (!is_write) {
5c9eb028
PM		 2992 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2993 bounce.buffer, l);
8ab934f9 2994 }
6d16c2f8 2995
41063e1e 2996 rcu_read_unlock();
e3127ae0
PB		 2997 *plen = l;
2998 return bounce.buffer;
2999 }
3000
3001 base = xlat;
e3127ae0
PB		 3002
3003 for (;;) {
6d16c2f8
AL		 3004 len -= l;
3005 addr += l;
e3127ae0
PB		 3006 done += l;
3007 if (len == 0) {
3008 break;
3009 }
3010
3011 l = len;
3012 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3013 if (this_mr != mr || xlat != base + done) {
3014 break;
3015 }
6d16c2f8 3016 }
e3127ae0 3017
d3e71559 3018 memory_region_ref(mr);
e3127ae0 3019 *plen = done;
0878d0e1 3020 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 3021 rcu_read_unlock();
3022
3023 return ptr;
6d16c2f8
AL		 3024}
3025
ac1970fb 3026/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3027 * Will also mark the memory as dirty if is_write == 1. access_len gives
3028 * the amount of memory that was actually read or written by the caller.
3029 */
a8170e5e
AK		 3030void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3031 int is_write, hwaddr access_len)
6d16c2f8
AL		 3032{
3033 if (buffer != bounce.buffer) {
d3e71559
PB		 3034 MemoryRegion *mr;
3035 ram_addr_t addr1;
3036
07bdaa41 3037 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3038 assert(mr != NULL);
6d16c2f8 3039 if (is_write) {
845b6214 3040 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3041 }
868bb33f 3042 if (xen_enabled()) {
e41d7c69 3043 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3044 }
d3e71559 3045 memory_region_unref(mr);
6d16c2f8
AL		 3046 return;
3047 }
3048 if (is_write) {
5c9eb028
PM		 3049 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3050 bounce.buffer, access_len);
6d16c2f8 3051 }
f8a83245 3052 qemu_vfree(bounce.buffer);
6d16c2f8 3053 bounce.buffer = NULL;
d3e71559 3054 memory_region_unref(bounce.mr);
c2cba0ff 3055 atomic_mb_set(&bounce.in_use, false);
ba223c29 3056 cpu_notify_map_clients();
6d16c2f8 3057}
d0ecd2aa 3058
a8170e5e
AK		 3059void *cpu_physical_memory_map(hwaddr addr,
3060 hwaddr *plen,
ac1970fb
AK		 3061 int is_write)
3062{
3063 return address_space_map(&address_space_memory, addr, plen, is_write);
3064}
3065
a8170e5e
AK		 3066void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3067 int is_write, hwaddr access_len)
ac1970fb
AK		 3068{
3069 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3070}
3071
8df1cd07 3072/* warning: addr must be aligned */
50013115
PM		 3073static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3074 MemTxAttrs attrs,
3075 MemTxResult *result,
3076 enum device_endian endian)
8df1cd07 3077{
8df1cd07 3078 uint8_t *ptr;
791af8c8 3079 uint64_t val;
5c8a00ce 3080 MemoryRegion *mr;
149f54b5
PB		 3081 hwaddr l = 4;
3082 hwaddr addr1;
50013115 3083 MemTxResult r;
4840f10e 3084 bool release_lock = false;
8df1cd07 3085
41063e1e 3086 rcu_read_lock();
fdfba1a2 3087 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3088 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3089 release_lock |= prepare_mmio_access(mr);
125b3806 3090
8df1cd07 3091 /* I/O case */
50013115 3092 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3093#if defined(TARGET_WORDS_BIGENDIAN)
3094 if (endian == DEVICE_LITTLE_ENDIAN) {
3095 val = bswap32(val);
3096 }
3097#else
3098 if (endian == DEVICE_BIG_ENDIAN) {
3099 val = bswap32(val);
3100 }
3101#endif
8df1cd07
FB		 3102 } else {
3103 /* RAM case */
0878d0e1 3104 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3105 switch (endian) {
3106 case DEVICE_LITTLE_ENDIAN:
3107 val = ldl_le_p(ptr);
3108 break;
3109 case DEVICE_BIG_ENDIAN:
3110 val = ldl_be_p(ptr);
3111 break;
3112 default:
3113 val = ldl_p(ptr);
3114 break;
3115 }
50013115
PM		 3116 r = MEMTX_OK;
3117 }
3118 if (result) {
3119 *result = r;
8df1cd07 3120 }
4840f10e
JK		 3121 if (release_lock) {
3122 qemu_mutex_unlock_iothread();
3123 }
41063e1e 3124 rcu_read_unlock();
8df1cd07
FB		 3125 return val;
3126}
3127
50013115
PM		 3128uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3129 MemTxAttrs attrs, MemTxResult *result)
3130{
3131 return address_space_ldl_internal(as, addr, attrs, result,
3132 DEVICE_NATIVE_ENDIAN);
3133}
3134
3135uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3136 MemTxAttrs attrs, MemTxResult *result)
3137{
3138 return address_space_ldl_internal(as, addr, attrs, result,
3139 DEVICE_LITTLE_ENDIAN);
3140}
3141
3142uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs, MemTxResult *result)
3144{
3145 return address_space_ldl_internal(as, addr, attrs, result,
3146 DEVICE_BIG_ENDIAN);
3147}
3148
fdfba1a2 3149uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3150{
50013115 3151 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3152}
3153
fdfba1a2 3154uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3155{
50013115 3156 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3157}
3158
fdfba1a2 3159uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3160{
50013115 3161 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3162}
3163
84b7b8e7 3164/* warning: addr must be aligned */
50013115
PM		 3165static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3166 MemTxAttrs attrs,
3167 MemTxResult *result,
3168 enum device_endian endian)
84b7b8e7 3169{
84b7b8e7
FB		 3170 uint8_t *ptr;
3171 uint64_t val;
5c8a00ce 3172 MemoryRegion *mr;
149f54b5
PB		 3173 hwaddr l = 8;
3174 hwaddr addr1;
50013115 3175 MemTxResult r;
4840f10e 3176 bool release_lock = false;
84b7b8e7 3177
41063e1e 3178 rcu_read_lock();
2c17449b 3179 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3180 false);
3181 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3182 release_lock |= prepare_mmio_access(mr);
125b3806 3183
84b7b8e7 3184 /* I/O case */
50013115 3185 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3186#if defined(TARGET_WORDS_BIGENDIAN)
3187 if (endian == DEVICE_LITTLE_ENDIAN) {
3188 val = bswap64(val);
3189 }
3190#else
3191 if (endian == DEVICE_BIG_ENDIAN) {
3192 val = bswap64(val);
3193 }
84b7b8e7
FB		 3194#endif
3195 } else {
3196 /* RAM case */
0878d0e1 3197 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3198 switch (endian) {
3199 case DEVICE_LITTLE_ENDIAN:
3200 val = ldq_le_p(ptr);
3201 break;
3202 case DEVICE_BIG_ENDIAN:
3203 val = ldq_be_p(ptr);
3204 break;
3205 default:
3206 val = ldq_p(ptr);
3207 break;
3208 }
50013115
PM		 3209 r = MEMTX_OK;
3210 }
3211 if (result) {
3212 *result = r;
84b7b8e7 3213 }
4840f10e
JK		 3214 if (release_lock) {
3215 qemu_mutex_unlock_iothread();
3216 }
41063e1e 3217 rcu_read_unlock();
84b7b8e7
FB		 3218 return val;
3219}
3220
50013115
PM		 3221uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3222 MemTxAttrs attrs, MemTxResult *result)
3223{
3224 return address_space_ldq_internal(as, addr, attrs, result,
3225 DEVICE_NATIVE_ENDIAN);
3226}
3227
3228uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3229 MemTxAttrs attrs, MemTxResult *result)
3230{
3231 return address_space_ldq_internal(as, addr, attrs, result,
3232 DEVICE_LITTLE_ENDIAN);
3233}
3234
3235uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3236 MemTxAttrs attrs, MemTxResult *result)
3237{
3238 return address_space_ldq_internal(as, addr, attrs, result,
3239 DEVICE_BIG_ENDIAN);
3240}
3241
2c17449b 3242uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3243{
50013115 3244 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3245}
3246
2c17449b 3247uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3248{
50013115 3249 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3250}
3251
2c17449b 3252uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3253{
50013115 3254 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3255}
3256
aab33094 3257/* XXX: optimize */
50013115
PM		 3258uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3259 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3260{
3261 uint8_t val;
50013115
PM		 3262 MemTxResult r;
3263
3264 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3265 if (result) {
3266 *result = r;
3267 }
aab33094
FB		 3268 return val;
3269}
3270
50013115
PM		 3271uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3272{
3273 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3274}
3275
733f0b02 3276/* warning: addr must be aligned */
50013115
PM		 3277static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3278 hwaddr addr,
3279 MemTxAttrs attrs,
3280 MemTxResult *result,
3281 enum device_endian endian)
aab33094 3282{
733f0b02
MT		 3283 uint8_t *ptr;
3284 uint64_t val;
5c8a00ce 3285 MemoryRegion *mr;
149f54b5
PB		 3286 hwaddr l = 2;
3287 hwaddr addr1;
50013115 3288 MemTxResult r;
4840f10e 3289 bool release_lock = false;
733f0b02 3290
41063e1e 3291 rcu_read_lock();
41701aa4 3292 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3293 false);
3294 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3295 release_lock |= prepare_mmio_access(mr);
125b3806 3296
733f0b02 3297 /* I/O case */
50013115 3298 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3299#if defined(TARGET_WORDS_BIGENDIAN)
3300 if (endian == DEVICE_LITTLE_ENDIAN) {
3301 val = bswap16(val);
3302 }
3303#else
3304 if (endian == DEVICE_BIG_ENDIAN) {
3305 val = bswap16(val);
3306 }
3307#endif
733f0b02
MT		 3308 } else {
3309 /* RAM case */
0878d0e1 3310 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3311 switch (endian) {
3312 case DEVICE_LITTLE_ENDIAN:
3313 val = lduw_le_p(ptr);
3314 break;
3315 case DEVICE_BIG_ENDIAN:
3316 val = lduw_be_p(ptr);
3317 break;
3318 default:
3319 val = lduw_p(ptr);
3320 break;
3321 }
50013115
PM		 3322 r = MEMTX_OK;
3323 }
3324 if (result) {
3325 *result = r;
733f0b02 3326 }
4840f10e
JK		 3327 if (release_lock) {
3328 qemu_mutex_unlock_iothread();
3329 }
41063e1e 3330 rcu_read_unlock();
733f0b02 3331 return val;
aab33094
FB		 3332}
3333
50013115
PM		 3334uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3335 MemTxAttrs attrs, MemTxResult *result)
3336{
3337 return address_space_lduw_internal(as, addr, attrs, result,
3338 DEVICE_NATIVE_ENDIAN);
3339}
3340
3341uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3342 MemTxAttrs attrs, MemTxResult *result)
3343{
3344 return address_space_lduw_internal(as, addr, attrs, result,
3345 DEVICE_LITTLE_ENDIAN);
3346}
3347
3348uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3349 MemTxAttrs attrs, MemTxResult *result)
3350{
3351 return address_space_lduw_internal(as, addr, attrs, result,
3352 DEVICE_BIG_ENDIAN);
3353}
3354
41701aa4 3355uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3356{
50013115 3357 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3358}
3359
41701aa4 3360uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3361{
50013115 3362 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3363}
3364
41701aa4 3365uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3366{
50013115 3367 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3368}
3369
8df1cd07
FB		 3370/* warning: addr must be aligned. The ram page is not masked as dirty
3371 and the code inside is not invalidated. It is useful if the dirty
3372 bits are used to track modified PTEs */
50013115
PM		 3373void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3374 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3375{
8df1cd07 3376 uint8_t *ptr;
5c8a00ce 3377 MemoryRegion *mr;
149f54b5
PB		 3378 hwaddr l = 4;
3379 hwaddr addr1;
50013115 3380 MemTxResult r;
845b6214 3381 uint8_t dirty_log_mask;
4840f10e 3382 bool release_lock = false;
8df1cd07 3383
41063e1e 3384 rcu_read_lock();
2198a121 3385 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3386 true);
3387 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3388 release_lock |= prepare_mmio_access(mr);
125b3806 3389
50013115 3390 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3391 } else {
0878d0e1 3392 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3393 stl_p(ptr, val);
74576198 3394
845b6214
PB		 3395 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3396 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3397 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3398 4, dirty_log_mask);
50013115
PM		 3399 r = MEMTX_OK;
3400 }
3401 if (result) {
3402 *result = r;
8df1cd07 3403 }
4840f10e
JK		 3404 if (release_lock) {
3405 qemu_mutex_unlock_iothread();
3406 }
41063e1e 3407 rcu_read_unlock();
8df1cd07
FB		 3408}
3409
50013115
PM		 3410void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3411{
3412 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3413}
3414
8df1cd07 3415/* warning: addr must be aligned */
50013115
PM		 3416static inline void address_space_stl_internal(AddressSpace *as,
3417 hwaddr addr, uint32_t val,
3418 MemTxAttrs attrs,
3419 MemTxResult *result,
3420 enum device_endian endian)
8df1cd07 3421{
8df1cd07 3422 uint8_t *ptr;
5c8a00ce 3423 MemoryRegion *mr;
149f54b5
PB		 3424 hwaddr l = 4;
3425 hwaddr addr1;
50013115 3426 MemTxResult r;
4840f10e 3427 bool release_lock = false;
8df1cd07 3428
41063e1e 3429 rcu_read_lock();
ab1da857 3430 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3431 true);
3432 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3433 release_lock |= prepare_mmio_access(mr);
125b3806 3434
1e78bcc1
AG		 3435#if defined(TARGET_WORDS_BIGENDIAN)
3436 if (endian == DEVICE_LITTLE_ENDIAN) {
3437 val = bswap32(val);
3438 }
3439#else
3440 if (endian == DEVICE_BIG_ENDIAN) {
3441 val = bswap32(val);
3442 }
3443#endif
50013115 3444 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3445 } else {
8df1cd07 3446 /* RAM case */
0878d0e1 3447 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3448 switch (endian) {
3449 case DEVICE_LITTLE_ENDIAN:
3450 stl_le_p(ptr, val);
3451 break;
3452 case DEVICE_BIG_ENDIAN:
3453 stl_be_p(ptr, val);
3454 break;
3455 default:
3456 stl_p(ptr, val);
3457 break;
3458 }
845b6214 3459 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3460 r = MEMTX_OK;
3461 }
3462 if (result) {
3463 *result = r;
8df1cd07 3464 }
4840f10e
JK		 3465 if (release_lock) {
3466 qemu_mutex_unlock_iothread();
3467 }
41063e1e 3468 rcu_read_unlock();
8df1cd07
FB		 3469}
3470
50013115
PM		 3471void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3472 MemTxAttrs attrs, MemTxResult *result)
3473{
3474 address_space_stl_internal(as, addr, val, attrs, result,
3475 DEVICE_NATIVE_ENDIAN);
3476}
3477
3478void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3479 MemTxAttrs attrs, MemTxResult *result)
3480{
3481 address_space_stl_internal(as, addr, val, attrs, result,
3482 DEVICE_LITTLE_ENDIAN);
3483}
3484
3485void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3486 MemTxAttrs attrs, MemTxResult *result)
3487{
3488 address_space_stl_internal(as, addr, val, attrs, result,
3489 DEVICE_BIG_ENDIAN);
3490}
3491
ab1da857 3492void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3493{
50013115 3494 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3495}
3496
ab1da857 3497void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3498{
50013115 3499 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3500}
3501
ab1da857 3502void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3503{
50013115 3504 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3505}
3506
aab33094 3507/* XXX: optimize */
50013115
PM		 3508void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3509 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3510{
3511 uint8_t v = val;
50013115
PM		 3512 MemTxResult r;
3513
3514 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3515 if (result) {
3516 *result = r;
3517 }
3518}
3519
3520void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3521{
3522 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3523}
3524
733f0b02 3525/* warning: addr must be aligned */
50013115
PM		 3526static inline void address_space_stw_internal(AddressSpace *as,
3527 hwaddr addr, uint32_t val,
3528 MemTxAttrs attrs,
3529 MemTxResult *result,
3530 enum device_endian endian)
aab33094 3531{
733f0b02 3532 uint8_t *ptr;
5c8a00ce 3533 MemoryRegion *mr;
149f54b5
PB		 3534 hwaddr l = 2;
3535 hwaddr addr1;
50013115 3536 MemTxResult r;
4840f10e 3537 bool release_lock = false;
733f0b02 3538
41063e1e 3539 rcu_read_lock();
5ce5944d 3540 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3541 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3542 release_lock |= prepare_mmio_access(mr);
125b3806 3543
1e78bcc1
AG		 3544#if defined(TARGET_WORDS_BIGENDIAN)
3545 if (endian == DEVICE_LITTLE_ENDIAN) {
3546 val = bswap16(val);
3547 }
3548#else
3549 if (endian == DEVICE_BIG_ENDIAN) {
3550 val = bswap16(val);
3551 }
3552#endif
50013115 3553 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3554 } else {
733f0b02 3555 /* RAM case */
0878d0e1 3556 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3557 switch (endian) {
3558 case DEVICE_LITTLE_ENDIAN:
3559 stw_le_p(ptr, val);
3560 break;
3561 case DEVICE_BIG_ENDIAN:
3562 stw_be_p(ptr, val);
3563 break;
3564 default:
3565 stw_p(ptr, val);
3566 break;
3567 }
845b6214 3568 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3569 r = MEMTX_OK;
3570 }
3571 if (result) {
3572 *result = r;
733f0b02 3573 }
4840f10e
JK		 3574 if (release_lock) {
3575 qemu_mutex_unlock_iothread();
3576 }
41063e1e 3577 rcu_read_unlock();
aab33094
FB		 3578}
3579
50013115
PM		 3580void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3581 MemTxAttrs attrs, MemTxResult *result)
3582{
3583 address_space_stw_internal(as, addr, val, attrs, result,
3584 DEVICE_NATIVE_ENDIAN);
3585}
3586
3587void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3588 MemTxAttrs attrs, MemTxResult *result)
3589{
3590 address_space_stw_internal(as, addr, val, attrs, result,
3591 DEVICE_LITTLE_ENDIAN);
3592}
3593
3594void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3595 MemTxAttrs attrs, MemTxResult *result)
3596{
3597 address_space_stw_internal(as, addr, val, attrs, result,
3598 DEVICE_BIG_ENDIAN);
3599}
3600
5ce5944d 3601void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3602{
50013115 3603 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3604}
3605
5ce5944d 3606void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3607{
50013115 3608 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3609}
3610
5ce5944d 3611void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3612{
50013115 3613 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3614}
3615
aab33094 3616/* XXX: optimize */
50013115
PM		 3617void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3618 MemTxAttrs attrs, MemTxResult *result)
aab33094 3619{
50013115 3620 MemTxResult r;
aab33094 3621 val = tswap64(val);
50013115
PM		 3622 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3623 if (result) {
3624 *result = r;
3625 }
aab33094
FB		 3626}
3627
50013115
PM		 3628void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3629 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3630{
50013115 3631 MemTxResult r;
1e78bcc1 3632 val = cpu_to_le64(val);
50013115
PM		 3633 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3634 if (result) {
3635 *result = r;
3636 }
3637}
3638void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3639 MemTxAttrs attrs, MemTxResult *result)
3640{
3641 MemTxResult r;
3642 val = cpu_to_be64(val);
3643 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3644 if (result) {
3645 *result = r;
3646 }
3647}
3648
3649void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3650{
3651 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3652}
3653
3654void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3655{
3656 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3657}
3658
f606604f 3659void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3660{
50013115 3661 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3662}
3663
5e2972fd 3664/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3665int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3666 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3667{
3668 int l;
a8170e5e 3669 hwaddr phys_addr;
9b3c35e0 3670 target_ulong page;
13eb76e0
FB		 3671
3672 while (len > 0) {
5232e4c7
PM		 3673 int asidx;
3674 MemTxAttrs attrs;
3675
13eb76e0 3676 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3677 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3678 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3679 /* if no physical page mapped, return an error */
3680 if (phys_addr == -1)
3681 return -1;
3682 l = (page + TARGET_PAGE_SIZE) - addr;
3683 if (l > len)
3684 l = len;
5e2972fd 3685 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3686 if (is_write) {
5232e4c7
PM		 3687 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3688 phys_addr, buf, l);
2e38847b 3689 } else {
5232e4c7
PM		 3690 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3691 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3692 buf, l, 0);
2e38847b 3693 }
13eb76e0
FB		 3694 len -= l;
3695 buf += l;
3696 addr += l;
3697 }
3698 return 0;
3699}
038629a6
DDAG		 3700
3701/*
3702 * Allows code that needs to deal with migration bitmaps etc to still be built
3703 * target independent.
3704 */
3705size_t qemu_target_page_bits(void)
3706{
3707 return TARGET_PAGE_BITS;
3708}
3709
a68fe89c 3710#endif
13eb76e0 3711
8e4a424b
BS		 3712/*
3713 * A helper function for the _utterly broken_ virtio device model to find out if
3714 * it's running on a big endian machine. Don't do this at home kids!
3715 */
98ed8ecf
GK		 3716bool target_words_bigendian(void);
3717bool target_words_bigendian(void)
8e4a424b
BS		 3718{
3719#if defined(TARGET_WORDS_BIGENDIAN)
3720 return true;
3721#else
3722 return false;
3723#endif
3724}
3725
76f35538 3726#ifndef CONFIG_USER_ONLY
a8170e5e 3727bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3728{
5c8a00ce 3729 MemoryRegion*mr;
149f54b5 3730 hwaddr l = 1;
41063e1e 3731 bool res;
76f35538 3732
41063e1e 3733 rcu_read_lock();
5c8a00ce
PB		 3734 mr = address_space_translate(&address_space_memory,
3735 phys_addr, &phys_addr, &l, false);
76f35538 3736
41063e1e
PB		 3737 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3738 rcu_read_unlock();
3739 return res;
76f35538 3740}
bd2fa51f 3741
e3807054 3742int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3743{
3744 RAMBlock *block;
e3807054 3745 int ret = 0;
bd2fa51f 3746
0dc3f44a
MD		 3747 rcu_read_lock();
3748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3749 ret = func(block->idstr, block->host, block->offset,
3750 block->used_length, opaque);
3751 if (ret) {
3752 break;
3753 }
bd2fa51f 3754 }
0dc3f44a 3755 rcu_read_unlock();
e3807054 3756 return ret;
bd2fa51f 3757}
ec3f8c99 3758#endif
QEMU mirror