]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: allow phys_map tree paths to terminate early
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 189typedef struct PhysPageEntry PhysPageEntry;
190
5312bd8b
AK		 191static MemoryRegionSection *phys_sections;
192static unsigned phys_sections_nb, phys_sections_nb_alloc;
193static uint16_t phys_section_unassigned;
194
4346ae3e 195struct PhysPageEntry {
07f07b31
AK		 196 uint16_t is_leaf : 1;
197 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
198 uint16_t ptr : 15;
4346ae3e
AK		 199};
200
d6f2ea22
AK		 201/* Simple allocator for PhysPageEntry nodes */
202static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
203static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
204
07f07b31 205#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 206
5cd2c5b6 207/* This is a multi-level map on the physical address space.
06ef3525 208 The bottom level has pointers to MemoryRegionSections. */
07f07b31 209static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 210
e2eef170 211static void io_mem_init(void);
62152b8a 212static void memory_map_init(void);
e2eef170 213
33417e70 214/* io memory support */
a621f38d 215MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 216static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 217static MemoryRegion io_mem_watch;
6658ffb8 218#endif
33417e70 219
34865134 220/* log support */
1e8b27ca
JR		 221#ifdef WIN32
222static const char *logfilename = "qemu.log";
223#else
d9b630fd 224static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 225#endif
34865134
FB		 226FILE *logfile;
227int loglevel;
e735b91c 228static int log_append = 0;
34865134 229
e3db7226 230/* statistics */
b3755a91 231#if !defined(CONFIG_USER_ONLY)
e3db7226 232static int tlb_flush_count;
b3755a91 233#endif
e3db7226
FB		 234static int tb_flush_count;
235static int tb_phys_invalidate_count;
236
7cb69cae
FB		 237#ifdef _WIN32
238static void map_exec(void *addr, long size)
239{
240 DWORD old_protect;
241 VirtualProtect(addr, size,
242 PAGE_EXECUTE_READWRITE, &old_protect);
243
244}
245#else
246static void map_exec(void *addr, long size)
247{
4369415f 248 unsigned long start, end, page_size;
7cb69cae 249
4369415f 250 page_size = getpagesize();
7cb69cae 251 start = (unsigned long)addr;
4369415f 252 start &= ~(page_size - 1);
7cb69cae
FB		 253
254 end = (unsigned long)addr + size;
4369415f
FB		 255 end += page_size - 1;
256 end &= ~(page_size - 1);
7cb69cae
FB		 257
258 mprotect((void *)start, end - start,
259 PROT_READ | PROT_WRITE | PROT_EXEC);
260}
261#endif
262
b346ff46 263static void page_init(void)
54936004 264{
83fb7adf 265 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 266 TARGET_PAGE_SIZE */
c2b48b69
AL		 267#ifdef _WIN32
268 {
269 SYSTEM_INFO system_info;
270
271 GetSystemInfo(&system_info);
272 qemu_real_host_page_size = system_info.dwPageSize;
273 }
274#else
275 qemu_real_host_page_size = getpagesize();
276#endif
83fb7adf
FB		 277 if (qemu_host_page_size == 0)
278 qemu_host_page_size = qemu_real_host_page_size;
279 if (qemu_host_page_size < TARGET_PAGE_SIZE)
280 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 281 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 282
2e9a5713 283#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 284 {
f01576f1
JL		 285#ifdef HAVE_KINFO_GETVMMAP
286 struct kinfo_vmentry *freep;
287 int i, cnt;
288
289 freep = kinfo_getvmmap(getpid(), &cnt);
290 if (freep) {
291 mmap_lock();
292 for (i = 0; i < cnt; i++) {
293 unsigned long startaddr, endaddr;
294
295 startaddr = freep[i].kve_start;
296 endaddr = freep[i].kve_end;
297 if (h2g_valid(startaddr)) {
298 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
299
300 if (h2g_valid(endaddr)) {
301 endaddr = h2g(endaddr);
fd436907 302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 303 } else {
304#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
305 endaddr = ~0ul;
fd436907 306 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 307#endif
308 }
309 }
310 }
311 free(freep);
312 mmap_unlock();
313 }
314#else
50a9569b 315 FILE *f;
50a9569b 316
0776590d 317 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 318
fd436907 319 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 320 if (f) {
5cd2c5b6
RH		 321 mmap_lock();
322
50a9569b 323 do {
5cd2c5b6
RH		 324 unsigned long startaddr, endaddr;
325 int n;
326
327 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
328
329 if (n == 2 && h2g_valid(startaddr)) {
330 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
331
332 if (h2g_valid(endaddr)) {
333 endaddr = h2g(endaddr);
334 } else {
335 endaddr = ~0ul;
336 }
337 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 338 }
339 } while (!feof(f));
5cd2c5b6 340
50a9569b 341 fclose(f);
5cd2c5b6 342 mmap_unlock();
50a9569b 343 }
f01576f1 344#endif
50a9569b
AZ		 345 }
346#endif
54936004
FB		 347}
348
41c1b1c9 349static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 350{
41c1b1c9
PB		 351 PageDesc *pd;
352 void **lp;
353 int i;
354
5cd2c5b6 355#if defined(CONFIG_USER_ONLY)
7267c094 356 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 357# define ALLOC(P, SIZE) \
358 do { \
359 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
360 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 361 } while (0)
362#else
363# define ALLOC(P, SIZE) \
7267c094 364 do { P = g_malloc0(SIZE); } while (0)
17e2377a 365#endif
434929bf 366
5cd2c5b6
RH		 367 /* Level 1. Always allocated. */
368 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
369
370 /* Level 2..N-1. */
371 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
372 void **p = *lp;
373
374 if (p == NULL) {
375 if (!alloc) {
376 return NULL;
377 }
378 ALLOC(p, sizeof(void *) * L2_SIZE);
379 *lp = p;
17e2377a 380 }
5cd2c5b6
RH		 381
382 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
383 }
384
385 pd = *lp;
386 if (pd == NULL) {
387 if (!alloc) {
388 return NULL;
389 }
390 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
391 *lp = pd;
54936004 392 }
5cd2c5b6
RH		 393
394#undef ALLOC
5cd2c5b6
RH		 395
396 return pd + (index & (L2_SIZE - 1));
54936004
FB		 397}
398
41c1b1c9 399static inline PageDesc *page_find(tb_page_addr_t index)
54936004 400{
5cd2c5b6 401 return page_find_alloc(index, 0);
fd6ce8f6
FB		 402}
403
6d9a1304 404#if !defined(CONFIG_USER_ONLY)
d6f2ea22 405
f7bf5461 406static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 407{
f7bf5461 408 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 409 typedef PhysPageEntry Node[L2_SIZE];
410 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 411 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
412 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 413 phys_map_nodes = g_renew(Node, phys_map_nodes,
414 phys_map_nodes_nb_alloc);
415 }
f7bf5461
AK		 416}
417
418static uint16_t phys_map_node_alloc(void)
419{
420 unsigned i;
421 uint16_t ret;
422
423 ret = phys_map_nodes_nb++;
424 assert(ret != PHYS_MAP_NODE_NIL);
425 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 426 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 427 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 428 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 429 }
f7bf5461 430 return ret;
d6f2ea22
AK		 431}
432
433static void phys_map_nodes_reset(void)
434{
435 phys_map_nodes_nb = 0;
436}
437
92e873b9 438
2999097b
AK		 439static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
440 target_phys_addr_t *nb, uint16_t leaf,
441 int level)
f7bf5461
AK		 442{
443 PhysPageEntry *p;
444 int i;
07f07b31 445 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 446
07f07b31 447 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 448 lp->ptr = phys_map_node_alloc();
449 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 450 if (level == 0) {
451 for (i = 0; i < L2_SIZE; i++) {
07f07b31 452 p[i].is_leaf = 1;
c19e8800 453 p[i].ptr = phys_section_unassigned;
4346ae3e 454 }
67c4d23c 455 }
f7bf5461 456 } else {
c19e8800 457 p = phys_map_nodes[lp->ptr];
92e873b9 458 }
2999097b 459 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 460
2999097b 461 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 462 if ((*index & (step - 1)) == 0 && *nb >= step) {
463 lp->is_leaf = true;
c19e8800 464 lp->ptr = leaf;
07f07b31
AK		 465 *index += step;
466 *nb -= step;
2999097b
AK		 467 } else {
468 phys_page_set_level(lp, index, nb, leaf, level - 1);
469 }
470 ++lp;
f7bf5461
AK		 471 }
472}
473
2999097b
AK		 474static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
475 uint16_t leaf)
f7bf5461 476{
2999097b 477 /* Wildly overreserve - it doesn't matter much. */
07f07b31 478 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 479
2999097b 480 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 481}
482
06ef3525 483static MemoryRegionSection phys_page_find(target_phys_addr_t index)
92e873b9 484{
31ab2b4a
AK		 485 PhysPageEntry lp = phys_map;
486 PhysPageEntry *p;
487 int i;
06ef3525
AK		 488 MemoryRegionSection section;
489 target_phys_addr_t delta;
31ab2b4a 490 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 491
07f07b31 492 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 493 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 494 goto not_found;
495 }
c19e8800 496 p = phys_map_nodes[lp.ptr];
31ab2b4a 497 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 498 }
31ab2b4a 499
c19e8800 500 s_index = lp.ptr;
31ab2b4a 501not_found:
06ef3525 502 section = phys_sections[s_index];
5312bd8b 503 index <<= TARGET_PAGE_BITS;
06ef3525
AK		 504 assert(section.offset_within_address_space <= index
505 && index <= section.offset_within_address_space + section.size-1);
506 delta = index - section.offset_within_address_space;
507 section.offset_within_address_space += delta;
508 section.offset_within_region += delta;
509 section.size -= delta;
510 return section;
92e873b9
FB		 511}
512
c227f099
AL		 513static void tlb_protect_code(ram_addr_t ram_addr);
514static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 515 target_ulong vaddr);
c8a706fe
PB		 516#define mmap_lock() do { } while(0)
517#define mmap_unlock() do { } while(0)
9fa3e853 518#endif
fd6ce8f6 519
4369415f
FB		 520#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
521
522#if defined(CONFIG_USER_ONLY)
ccbb4d44 523/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 524 user mode. It will change when a dedicated libc will be used */
525#define USE_STATIC_CODE_GEN_BUFFER
526#endif
527
528#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 529static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
530 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 531#endif
532
8fcd3692 533static void code_gen_alloc(unsigned long tb_size)
26a5f13b 534{
4369415f
FB		 535#ifdef USE_STATIC_CODE_GEN_BUFFER
536 code_gen_buffer = static_code_gen_buffer;
537 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
538 map_exec(code_gen_buffer, code_gen_buffer_size);
539#else
26a5f13b
FB		 540 code_gen_buffer_size = tb_size;
541 if (code_gen_buffer_size == 0) {
4369415f 542#if defined(CONFIG_USER_ONLY)
4369415f
FB		 543 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
544#else
ccbb4d44 545 /* XXX: needs adjustments */
94a6b54f 546 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 547#endif
26a5f13b
FB		 548 }
549 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
550 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
551 /* The code gen buffer location may have constraints depending on
552 the host cpu and OS */
553#if defined(__linux__)
554 {
555 int flags;
141ac468
BS		 556 void *start = NULL;
557
26a5f13b
FB		 558 flags = MAP_PRIVATE | MAP_ANONYMOUS;
559#if defined(__x86_64__)
560 flags |= MAP_32BIT;
561 /* Cannot map more than that */
562 if (code_gen_buffer_size > (800 * 1024 * 1024))
563 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 564#elif defined(__sparc_v9__)
565 // Map the buffer below 2G, so we can use direct calls and branches
566 flags |= MAP_FIXED;
567 start = (void *) 0x60000000UL;
568 if (code_gen_buffer_size > (512 * 1024 * 1024))
569 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 570#elif defined(__arm__)
5c84bd90 571 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 572 if (code_gen_buffer_size > 16 * 1024 * 1024)
573 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 574#elif defined(__s390x__)
575 /* Map the buffer so that we can use direct calls and branches. */
576 /* We have a +- 4GB range on the branches; leave some slop. */
577 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
578 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
579 }
580 start = (void *)0x90000000UL;
26a5f13b 581#endif
141ac468
BS		 582 code_gen_buffer = mmap(start, code_gen_buffer_size,
583 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 584 flags, -1, 0);
585 if (code_gen_buffer == MAP_FAILED) {
586 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
587 exit(1);
588 }
589 }
cbb608a5 590#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 591 || defined(__DragonFly__) || defined(__OpenBSD__) \
592 || defined(__NetBSD__)
06e67a82
AL		 593 {
594 int flags;
595 void *addr = NULL;
596 flags = MAP_PRIVATE | MAP_ANONYMOUS;
597#if defined(__x86_64__)
598 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
599 * 0x40000000 is free */
600 flags |= MAP_FIXED;
601 addr = (void *)0x40000000;
602 /* Cannot map more than that */
603 if (code_gen_buffer_size > (800 * 1024 * 1024))
604 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 605#elif defined(__sparc_v9__)
606 // Map the buffer below 2G, so we can use direct calls and branches
607 flags |= MAP_FIXED;
608 addr = (void *) 0x60000000UL;
609 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
610 code_gen_buffer_size = (512 * 1024 * 1024);
611 }
06e67a82
AL		 612#endif
613 code_gen_buffer = mmap(addr, code_gen_buffer_size,
614 PROT_WRITE | PROT_READ | PROT_EXEC,
615 flags, -1, 0);
616 if (code_gen_buffer == MAP_FAILED) {
617 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
618 exit(1);
619 }
620 }
26a5f13b 621#else
7267c094 622 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 623 map_exec(code_gen_buffer, code_gen_buffer_size);
624#endif
4369415f 625#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 626 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 627 code_gen_buffer_max_size = code_gen_buffer_size -
628 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 629 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 630 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 631}
632
633/* Must be called before using the QEMU cpus. 'tb_size' is the size
634 (in bytes) allocated to the translation buffer. Zero means default
635 size. */
d5ab9713 636void tcg_exec_init(unsigned long tb_size)
26a5f13b 637{
26a5f13b
FB		 638 cpu_gen_init();
639 code_gen_alloc(tb_size);
640 code_gen_ptr = code_gen_buffer;
4369415f 641 page_init();
9002ec79
RH		 642#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
643 /* There's no guest base to take into account, so go ahead and
644 initialize the prologue now. */
645 tcg_prologue_init(&tcg_ctx);
646#endif
26a5f13b
FB		 647}
648
d5ab9713
JK		 649bool tcg_enabled(void)
650{
651 return code_gen_buffer != NULL;
652}
653
654void cpu_exec_init_all(void)
655{
656#if !defined(CONFIG_USER_ONLY)
657 memory_map_init();
658 io_mem_init();
659#endif
660}
661
9656f324
PB		 662#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
663
e59fb374 664static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 665{
666 CPUState *env = opaque;
9656f324 667
3098dba0
AJ		 668 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
669 version_id is increased. */
670 env->interrupt_request &= ~0x01;
9656f324
PB		 671 tlb_flush(env, 1);
672
673 return 0;
674}
e7f4eff7
JQ		 675
676static const VMStateDescription vmstate_cpu_common = {
677 .name = "cpu_common",
678 .version_id = 1,
679 .minimum_version_id = 1,
680 .minimum_version_id_old = 1,
e7f4eff7
JQ		 681 .post_load = cpu_common_post_load,
682 .fields = (VMStateField []) {
683 VMSTATE_UINT32(halted, CPUState),
684 VMSTATE_UINT32(interrupt_request, CPUState),
685 VMSTATE_END_OF_LIST()
686 }
687};
9656f324
PB		 688#endif
689
950f1472
GC		 690CPUState *qemu_get_cpu(int cpu)
691{
692 CPUState *env = first_cpu;
693
694 while (env) {
695 if (env->cpu_index == cpu)
696 break;
697 env = env->next_cpu;
698 }
699
700 return env;
701}
702
6a00d601 703void cpu_exec_init(CPUState *env)
fd6ce8f6 704{
6a00d601
FB		 705 CPUState **penv;
706 int cpu_index;
707
c2764719
PB		 708#if defined(CONFIG_USER_ONLY)
709 cpu_list_lock();
710#endif
6a00d601
FB		 711 env->next_cpu = NULL;
712 penv = &first_cpu;
713 cpu_index = 0;
714 while (*penv != NULL) {
1e9fa730 715 penv = &(*penv)->next_cpu;
6a00d601
FB		 716 cpu_index++;
717 }
718 env->cpu_index = cpu_index;
268a362c 719 env->numa_node = 0;
72cf2d4f
BS		 720 QTAILQ_INIT(&env->breakpoints);
721 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 722#ifndef CONFIG_USER_ONLY
723 env->thread_id = qemu_get_thread_id();
724#endif
6a00d601 725 *penv = env;
c2764719
PB		 726#if defined(CONFIG_USER_ONLY)
727 cpu_list_unlock();
728#endif
b3c7724c 729#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 730 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
731 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 732 cpu_save, cpu_load, env);
733#endif
fd6ce8f6
FB		 734}
735
d1a1eb74
TG		 736/* Allocate a new translation block. Flush the translation buffer if
737 too many translation blocks or too much generated code. */
738static TranslationBlock *tb_alloc(target_ulong pc)
739{
740 TranslationBlock *tb;
741
742 if (nb_tbs >= code_gen_max_blocks ||
743 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
744 return NULL;
745 tb = &tbs[nb_tbs++];
746 tb->pc = pc;
747 tb->cflags = 0;
748 return tb;
749}
750
751void tb_free(TranslationBlock *tb)
752{
753 /* In practice this is mostly used for single use temporary TB
754 Ignore the hard cases and just back up if this TB happens to
755 be the last one generated. */
756 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
757 code_gen_ptr = tb->tc_ptr;
758 nb_tbs--;
759 }
760}
761
9fa3e853
FB		 762static inline void invalidate_page_bitmap(PageDesc *p)
763{
764 if (p->code_bitmap) {
7267c094 765 g_free(p->code_bitmap);
9fa3e853
FB		 766 p->code_bitmap = NULL;
767 }
768 p->code_write_count = 0;
769}
770
5cd2c5b6
RH		 771/* Set to NULL all the 'first_tb' fields in all PageDescs. */
772
773static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 774{
5cd2c5b6 775 int i;
fd6ce8f6 776
5cd2c5b6
RH		 777 if (*lp == NULL) {
778 return;
779 }
780 if (level == 0) {
781 PageDesc *pd = *lp;
7296abac 782 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 783 pd[i].first_tb = NULL;
784 invalidate_page_bitmap(pd + i);
fd6ce8f6 785 }
5cd2c5b6
RH		 786 } else {
787 void **pp = *lp;
7296abac 788 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 789 page_flush_tb_1 (level - 1, pp + i);
790 }
791 }
792}
793
794static void page_flush_tb(void)
795{
796 int i;
797 for (i = 0; i < V_L1_SIZE; i++) {
798 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 799 }
800}
801
802/* flush all the translation blocks */
d4e8164f 803/* XXX: tb_flush is currently not thread safe */
6a00d601 804void tb_flush(CPUState *env1)
fd6ce8f6 805{
6a00d601 806 CPUState *env;
0124311e 807#if defined(DEBUG_FLUSH)
ab3d1727
BS		 808 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
809 (unsigned long)(code_gen_ptr - code_gen_buffer),
810 nb_tbs, nb_tbs > 0 ?
811 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 812#endif
26a5f13b 813 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 814 cpu_abort(env1, "Internal error: code buffer overflow\n");
815
fd6ce8f6 816 nb_tbs = 0;
3b46e624 817
6a00d601
FB		 818 for(env = first_cpu; env != NULL; env = env->next_cpu) {
819 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
820 }
9fa3e853 821
8a8a608f 822 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 823 page_flush_tb();
9fa3e853 824
fd6ce8f6 825 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 826 /* XXX: flush processor icache at this point if cache flush is
827 expensive */
e3db7226 828 tb_flush_count++;
fd6ce8f6
FB		 829}
830
831#ifdef DEBUG_TB_CHECK
832
bc98a7ef 833static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 834{
835 TranslationBlock *tb;
836 int i;
837 address &= TARGET_PAGE_MASK;
99773bd4
PB		 838 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
839 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 840 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
841 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 842 printf("ERROR invalidate: address=" TARGET_FMT_lx
843 " PC=%08lx size=%04x\n",
99773bd4 844 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 845 }
846 }
847 }
848}
849
850/* verify that all the pages have correct rights for code */
851static void tb_page_check(void)
852{
853 TranslationBlock *tb;
854 int i, flags1, flags2;
3b46e624 855
99773bd4
PB		 856 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
857 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 858 flags1 = page_get_flags(tb->pc);
859 flags2 = page_get_flags(tb->pc + tb->size - 1);
860 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
861 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 862 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 863 }
864 }
865 }
866}
867
868#endif
869
870/* invalidate one TB */
871static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
872 int next_offset)
873{
874 TranslationBlock *tb1;
875 for(;;) {
876 tb1 = *ptb;
877 if (tb1 == tb) {
878 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
879 break;
880 }
881 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
882 }
883}
884
9fa3e853
FB		 885static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
886{
887 TranslationBlock *tb1;
888 unsigned int n1;
889
890 for(;;) {
891 tb1 = *ptb;
892 n1 = (long)tb1 & 3;
893 tb1 = (TranslationBlock *)((long)tb1 & ~3);
894 if (tb1 == tb) {
895 *ptb = tb1->page_next[n1];
896 break;
897 }
898 ptb = &tb1->page_next[n1];
899 }
900}
901
d4e8164f
FB		 902static inline void tb_jmp_remove(TranslationBlock *tb, int n)
903{
904 TranslationBlock *tb1, **ptb;
905 unsigned int n1;
906
907 ptb = &tb->jmp_next[n];
908 tb1 = *ptb;
909 if (tb1) {
910 /* find tb(n) in circular list */
911 for(;;) {
912 tb1 = *ptb;
913 n1 = (long)tb1 & 3;
914 tb1 = (TranslationBlock *)((long)tb1 & ~3);
915 if (n1 == n && tb1 == tb)
916 break;
917 if (n1 == 2) {
918 ptb = &tb1->jmp_first;
919 } else {
920 ptb = &tb1->jmp_next[n1];
921 }
922 }
923 /* now we can suppress tb(n) from the list */
924 *ptb = tb->jmp_next[n];
925
926 tb->jmp_next[n] = NULL;
927 }
928}
929
930/* reset the jump entry 'n' of a TB so that it is not chained to
931 another TB */
932static inline void tb_reset_jump(TranslationBlock *tb, int n)
933{
934 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
935}
936
41c1b1c9 937void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 938{
6a00d601 939 CPUState *env;
8a40a180 940 PageDesc *p;
d4e8164f 941 unsigned int h, n1;
41c1b1c9 942 tb_page_addr_t phys_pc;
8a40a180 943 TranslationBlock *tb1, *tb2;
3b46e624 944
8a40a180
FB		 945 /* remove the TB from the hash list */
946 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
947 h = tb_phys_hash_func(phys_pc);
5fafdf24 948 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 949 offsetof(TranslationBlock, phys_hash_next));
950
951 /* remove the TB from the page list */
952 if (tb->page_addr[0] != page_addr) {
953 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
954 tb_page_remove(&p->first_tb, tb);
955 invalidate_page_bitmap(p);
956 }
957 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
958 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
959 tb_page_remove(&p->first_tb, tb);
960 invalidate_page_bitmap(p);
961 }
962
36bdbe54 963 tb_invalidated_flag = 1;
59817ccb 964
fd6ce8f6 965 /* remove the TB from the hash list */
8a40a180 966 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 967 for(env = first_cpu; env != NULL; env = env->next_cpu) {
968 if (env->tb_jmp_cache[h] == tb)
969 env->tb_jmp_cache[h] = NULL;
970 }
d4e8164f
FB		 971
972 /* suppress this TB from the two jump lists */
973 tb_jmp_remove(tb, 0);
974 tb_jmp_remove(tb, 1);
975
976 /* suppress any remaining jumps to this TB */
977 tb1 = tb->jmp_first;
978 for(;;) {
979 n1 = (long)tb1 & 3;
980 if (n1 == 2)
981 break;
982 tb1 = (TranslationBlock *)((long)tb1 & ~3);
983 tb2 = tb1->jmp_next[n1];
984 tb_reset_jump(tb1, n1);
985 tb1->jmp_next[n1] = NULL;
986 tb1 = tb2;
987 }
988 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 989
e3db7226 990 tb_phys_invalidate_count++;
9fa3e853
FB		 991}
992
993static inline void set_bits(uint8_t *tab, int start, int len)
994{
995 int end, mask, end1;
996
997 end = start + len;
998 tab += start >> 3;
999 mask = 0xff << (start & 7);
1000 if ((start & ~7) == (end & ~7)) {
1001 if (start < end) {
1002 mask &= ~(0xff << (end & 7));
1003 *tab |= mask;
1004 }
1005 } else {
1006 *tab++ |= mask;
1007 start = (start + 8) & ~7;
1008 end1 = end & ~7;
1009 while (start < end1) {
1010 *tab++ = 0xff;
1011 start += 8;
1012 }
1013 if (start < end) {
1014 mask = ~(0xff << (end & 7));
1015 *tab |= mask;
1016 }
1017 }
1018}
1019
1020static void build_page_bitmap(PageDesc *p)
1021{
1022 int n, tb_start, tb_end;
1023 TranslationBlock *tb;
3b46e624 1024
7267c094 1025 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1026
1027 tb = p->first_tb;
1028 while (tb != NULL) {
1029 n = (long)tb & 3;
1030 tb = (TranslationBlock *)((long)tb & ~3);
1031 /* NOTE: this is subtle as a TB may span two physical pages */
1032 if (n == 0) {
1033 /* NOTE: tb_end may be after the end of the page, but
1034 it is not a problem */
1035 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1036 tb_end = tb_start + tb->size;
1037 if (tb_end > TARGET_PAGE_SIZE)
1038 tb_end = TARGET_PAGE_SIZE;
1039 } else {
1040 tb_start = 0;
1041 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1042 }
1043 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1044 tb = tb->page_next[n];
1045 }
1046}
1047
2e70f6ef
PB		 1048TranslationBlock *tb_gen_code(CPUState *env,
1049 target_ulong pc, target_ulong cs_base,
1050 int flags, int cflags)
d720b93d
FB		 1051{
1052 TranslationBlock *tb;
1053 uint8_t *tc_ptr;
41c1b1c9
PB		 1054 tb_page_addr_t phys_pc, phys_page2;
1055 target_ulong virt_page2;
d720b93d
FB		 1056 int code_gen_size;
1057
41c1b1c9 1058 phys_pc = get_page_addr_code(env, pc);
c27004ec 1059 tb = tb_alloc(pc);
d720b93d
FB		 1060 if (!tb) {
1061 /* flush must be done */
1062 tb_flush(env);
1063 /* cannot fail at this point */
c27004ec 1064 tb = tb_alloc(pc);
2e70f6ef
PB		 1065 /* Don't forget to invalidate previous TB info. */
1066 tb_invalidated_flag = 1;
d720b93d
FB		 1067 }
1068 tc_ptr = code_gen_ptr;
1069 tb->tc_ptr = tc_ptr;
1070 tb->cs_base = cs_base;
1071 tb->flags = flags;
1072 tb->cflags = cflags;
d07bde88 1073 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1074 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1075
d720b93d 1076 /* check next page if needed */
c27004ec 1077 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1078 phys_page2 = -1;
c27004ec 1079 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1080 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1081 }
41c1b1c9 1082 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1083 return tb;
d720b93d 1084}
3b46e624 1085
9fa3e853
FB		 1086/* invalidate all TBs which intersect with the target physical page
1087 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1088 the same physical page. 'is_cpu_write_access' should be true if called
1089 from a real cpu write access: the virtual CPU will exit the current
1090 TB if code is modified inside this TB. */
41c1b1c9 1091void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1092 int is_cpu_write_access)
1093{
6b917547 1094 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1095 CPUState *env = cpu_single_env;
41c1b1c9 1096 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1097 PageDesc *p;
1098 int n;
1099#ifdef TARGET_HAS_PRECISE_SMC
1100 int current_tb_not_found = is_cpu_write_access;
1101 TranslationBlock *current_tb = NULL;
1102 int current_tb_modified = 0;
1103 target_ulong current_pc = 0;
1104 target_ulong current_cs_base = 0;
1105 int current_flags = 0;
1106#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1107
1108 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1109 if (!p)
9fa3e853 1110 return;
5fafdf24 1111 if (!p->code_bitmap &&
d720b93d
FB		 1112 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1113 is_cpu_write_access) {
9fa3e853
FB		 1114 /* build code bitmap */
1115 build_page_bitmap(p);
1116 }
1117
1118 /* we remove all the TBs in the range [start, end[ */
1119 /* XXX: see if in some cases it could be faster to invalidate all the code */
1120 tb = p->first_tb;
1121 while (tb != NULL) {
1122 n = (long)tb & 3;
1123 tb = (TranslationBlock *)((long)tb & ~3);
1124 tb_next = tb->page_next[n];
1125 /* NOTE: this is subtle as a TB may span two physical pages */
1126 if (n == 0) {
1127 /* NOTE: tb_end may be after the end of the page, but
1128 it is not a problem */
1129 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1130 tb_end = tb_start + tb->size;
1131 } else {
1132 tb_start = tb->page_addr[1];
1133 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1134 }
1135 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1136#ifdef TARGET_HAS_PRECISE_SMC
1137 if (current_tb_not_found) {
1138 current_tb_not_found = 0;
1139 current_tb = NULL;
2e70f6ef 1140 if (env->mem_io_pc) {
d720b93d 1141 /* now we have a real cpu fault */
2e70f6ef 1142 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1143 }
1144 }
1145 if (current_tb == tb &&
2e70f6ef 1146 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1147 /* If we are modifying the current TB, we must stop
1148 its execution. We could be more precise by checking
1149 that the modification is after the current PC, but it
1150 would require a specialized function to partially
1151 restore the CPU state */
3b46e624 1152
d720b93d 1153 current_tb_modified = 1;
618ba8e6 1154 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1155 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1156 &current_flags);
d720b93d
FB		 1157 }
1158#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1159 /* we need to do that to handle the case where a signal
1160 occurs while doing tb_phys_invalidate() */
1161 saved_tb = NULL;
1162 if (env) {
1163 saved_tb = env->current_tb;
1164 env->current_tb = NULL;
1165 }
9fa3e853 1166 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1167 if (env) {
1168 env->current_tb = saved_tb;
1169 if (env->interrupt_request && env->current_tb)
1170 cpu_interrupt(env, env->interrupt_request);
1171 }
9fa3e853
FB		 1172 }
1173 tb = tb_next;
1174 }
1175#if !defined(CONFIG_USER_ONLY)
1176 /* if no code remaining, no need to continue to use slow writes */
1177 if (!p->first_tb) {
1178 invalidate_page_bitmap(p);
d720b93d 1179 if (is_cpu_write_access) {
2e70f6ef 1180 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1181 }
1182 }
1183#endif
1184#ifdef TARGET_HAS_PRECISE_SMC
1185 if (current_tb_modified) {
1186 /* we generate a block containing just the instruction
1187 modifying the memory. It will ensure that it cannot modify
1188 itself */
ea1c1802 1189 env->current_tb = NULL;
2e70f6ef 1190 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1191 cpu_resume_from_signal(env, NULL);
9fa3e853 1192 }
fd6ce8f6 1193#endif
9fa3e853 1194}
fd6ce8f6 1195
9fa3e853 1196/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1197static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1198{
1199 PageDesc *p;
1200 int offset, b;
59817ccb 1201#if 0
a4193c8a 1202 if (1) {
93fcfe39
AL		 1203 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1204 cpu_single_env->mem_io_vaddr, len,
1205 cpu_single_env->eip,
1206 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1207 }
1208#endif
9fa3e853 1209 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1210 if (!p)
9fa3e853
FB		 1211 return;
1212 if (p->code_bitmap) {
1213 offset = start & ~TARGET_PAGE_MASK;
1214 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1215 if (b & ((1 << len) - 1))
1216 goto do_invalidate;
1217 } else {
1218 do_invalidate:
d720b93d 1219 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1220 }
1221}
1222
9fa3e853 1223#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1224static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1225 unsigned long pc, void *puc)
9fa3e853 1226{
6b917547 1227 TranslationBlock *tb;
9fa3e853 1228 PageDesc *p;
6b917547 1229 int n;
d720b93d 1230#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1231 TranslationBlock *current_tb = NULL;
d720b93d 1232 CPUState *env = cpu_single_env;
6b917547
AL		 1233 int current_tb_modified = 0;
1234 target_ulong current_pc = 0;
1235 target_ulong current_cs_base = 0;
1236 int current_flags = 0;
d720b93d 1237#endif
9fa3e853
FB		 1238
1239 addr &= TARGET_PAGE_MASK;
1240 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1241 if (!p)
9fa3e853
FB		 1242 return;
1243 tb = p->first_tb;
d720b93d
FB		 1244#ifdef TARGET_HAS_PRECISE_SMC
1245 if (tb && pc != 0) {
1246 current_tb = tb_find_pc(pc);
1247 }
1248#endif
9fa3e853
FB		 1249 while (tb != NULL) {
1250 n = (long)tb & 3;
1251 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1252#ifdef TARGET_HAS_PRECISE_SMC
1253 if (current_tb == tb &&
2e70f6ef 1254 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1255 /* If we are modifying the current TB, we must stop
1256 its execution. We could be more precise by checking
1257 that the modification is after the current PC, but it
1258 would require a specialized function to partially
1259 restore the CPU state */
3b46e624 1260
d720b93d 1261 current_tb_modified = 1;
618ba8e6 1262 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1263 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1264 &current_flags);
d720b93d
FB		 1265 }
1266#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1267 tb_phys_invalidate(tb, addr);
1268 tb = tb->page_next[n];
1269 }
fd6ce8f6 1270 p->first_tb = NULL;
d720b93d
FB		 1271#ifdef TARGET_HAS_PRECISE_SMC
1272 if (current_tb_modified) {
1273 /* we generate a block containing just the instruction
1274 modifying the memory. It will ensure that it cannot modify
1275 itself */
ea1c1802 1276 env->current_tb = NULL;
2e70f6ef 1277 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1278 cpu_resume_from_signal(env, puc);
1279 }
1280#endif
fd6ce8f6 1281}
9fa3e853 1282#endif
fd6ce8f6
FB		 1283
1284/* add the tb in the target page and protect it if necessary */
5fafdf24 1285static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1286 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1287{
1288 PageDesc *p;
4429ab44
JQ		 1289#ifndef CONFIG_USER_ONLY
1290 bool page_already_protected;
1291#endif
9fa3e853
FB		 1292
1293 tb->page_addr[n] = page_addr;
5cd2c5b6 1294 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1295 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1296#ifndef CONFIG_USER_ONLY
1297 page_already_protected = p->first_tb != NULL;
1298#endif
9fa3e853
FB		 1299 p->first_tb = (TranslationBlock *)((long)tb | n);
1300 invalidate_page_bitmap(p);
fd6ce8f6 1301
107db443 1302#if defined(TARGET_HAS_SMC) || 1
d720b93d 1303
9fa3e853 1304#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1305 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1306 target_ulong addr;
1307 PageDesc *p2;
9fa3e853
FB		 1308 int prot;
1309
fd6ce8f6
FB		 1310 /* force the host page as non writable (writes will have a
1311 page fault + mprotect overhead) */
53a5960a 1312 page_addr &= qemu_host_page_mask;
fd6ce8f6 1313 prot = 0;
53a5960a
PB		 1314 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1315 addr += TARGET_PAGE_SIZE) {
1316
1317 p2 = page_find (addr >> TARGET_PAGE_BITS);
1318 if (!p2)
1319 continue;
1320 prot |= p2->flags;
1321 p2->flags &= ~PAGE_WRITE;
53a5960a 1322 }
5fafdf24 1323 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1324 (prot & PAGE_BITS) & ~PAGE_WRITE);
1325#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1326 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1327 page_addr);
fd6ce8f6 1328#endif
fd6ce8f6 1329 }
9fa3e853
FB		 1330#else
1331 /* if some code is already present, then the pages are already
1332 protected. So we handle the case where only the first TB is
1333 allocated in a physical page */
4429ab44 1334 if (!page_already_protected) {
6a00d601 1335 tlb_protect_code(page_addr);
9fa3e853
FB		 1336 }
1337#endif
d720b93d
FB		 1338
1339#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1340}
1341
9fa3e853
FB		 1342/* add a new TB and link it to the physical page tables. phys_page2 is
1343 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1344void tb_link_page(TranslationBlock *tb,
1345 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1346{
9fa3e853
FB		 1347 unsigned int h;
1348 TranslationBlock **ptb;
1349
c8a706fe
PB		 1350 /* Grab the mmap lock to stop another thread invalidating this TB
1351 before we are done. */
1352 mmap_lock();
9fa3e853
FB		 1353 /* add in the physical hash table */
1354 h = tb_phys_hash_func(phys_pc);
1355 ptb = &tb_phys_hash[h];
1356 tb->phys_hash_next = *ptb;
1357 *ptb = tb;
fd6ce8f6
FB		 1358
1359 /* add in the page list */
9fa3e853
FB		 1360 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1361 if (phys_page2 != -1)
1362 tb_alloc_page(tb, 1, phys_page2);
1363 else
1364 tb->page_addr[1] = -1;
9fa3e853 1365
d4e8164f
FB		 1366 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1367 tb->jmp_next[0] = NULL;
1368 tb->jmp_next[1] = NULL;
1369
1370 /* init original jump addresses */
1371 if (tb->tb_next_offset[0] != 0xffff)
1372 tb_reset_jump(tb, 0);
1373 if (tb->tb_next_offset[1] != 0xffff)
1374 tb_reset_jump(tb, 1);
8a40a180
FB		 1375
1376#ifdef DEBUG_TB_CHECK
1377 tb_page_check();
1378#endif
c8a706fe 1379 mmap_unlock();
fd6ce8f6
FB		 1380}
1381
9fa3e853
FB		 1382/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1383 tb[1].tc_ptr. Return NULL if not found */
1384TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1385{
9fa3e853
FB		 1386 int m_min, m_max, m;
1387 unsigned long v;
1388 TranslationBlock *tb;
a513fe19
FB		 1389
1390 if (nb_tbs <= 0)
1391 return NULL;
1392 if (tc_ptr < (unsigned long)code_gen_buffer ||
1393 tc_ptr >= (unsigned long)code_gen_ptr)
1394 return NULL;
1395 /* binary search (cf Knuth) */
1396 m_min = 0;
1397 m_max = nb_tbs - 1;
1398 while (m_min <= m_max) {
1399 m = (m_min + m_max) >> 1;
1400 tb = &tbs[m];
1401 v = (unsigned long)tb->tc_ptr;
1402 if (v == tc_ptr)
1403 return tb;
1404 else if (tc_ptr < v) {
1405 m_max = m - 1;
1406 } else {
1407 m_min = m + 1;
1408 }
5fafdf24 1409 }
a513fe19
FB		 1410 return &tbs[m_max];
1411}
7501267e 1412
ea041c0e
FB		 1413static void tb_reset_jump_recursive(TranslationBlock *tb);
1414
1415static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1416{
1417 TranslationBlock *tb1, *tb_next, **ptb;
1418 unsigned int n1;
1419
1420 tb1 = tb->jmp_next[n];
1421 if (tb1 != NULL) {
1422 /* find head of list */
1423 for(;;) {
1424 n1 = (long)tb1 & 3;
1425 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1426 if (n1 == 2)
1427 break;
1428 tb1 = tb1->jmp_next[n1];
1429 }
1430 /* we are now sure now that tb jumps to tb1 */
1431 tb_next = tb1;
1432
1433 /* remove tb from the jmp_first list */
1434 ptb = &tb_next->jmp_first;
1435 for(;;) {
1436 tb1 = *ptb;
1437 n1 = (long)tb1 & 3;
1438 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1439 if (n1 == n && tb1 == tb)
1440 break;
1441 ptb = &tb1->jmp_next[n1];
1442 }
1443 *ptb = tb->jmp_next[n];
1444 tb->jmp_next[n] = NULL;
3b46e624 1445
ea041c0e
FB		 1446 /* suppress the jump to next tb in generated code */
1447 tb_reset_jump(tb, n);
1448
0124311e 1449 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1450 tb_reset_jump_recursive(tb_next);
1451 }
1452}
1453
1454static void tb_reset_jump_recursive(TranslationBlock *tb)
1455{
1456 tb_reset_jump_recursive2(tb, 0);
1457 tb_reset_jump_recursive2(tb, 1);
1458}
1459
1fddef4b 1460#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1461#if defined(CONFIG_USER_ONLY)
1462static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1463{
1464 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1465}
1466#else
d720b93d
FB		 1467static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1468{
c227f099 1469 target_phys_addr_t addr;
c227f099 1470 ram_addr_t ram_addr;
06ef3525 1471 MemoryRegionSection section;
d720b93d 1472
c2f07f81 1473 addr = cpu_get_phys_page_debug(env, pc);
06ef3525
AK		 1474 section = phys_page_find(addr >> TARGET_PAGE_BITS);
1475 if (!(memory_region_is_ram(section.mr)
1476 || (section.mr->rom_device && section.mr->readable))) {
1477 return;
1478 }
1479 ram_addr = (memory_region_get_ram_addr(section.mr)
1480 + section.offset_within_region) & TARGET_PAGE_MASK;
1481 ram_addr |= (pc & ~TARGET_PAGE_MASK);
706cd4b5 1482 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1483}
c27004ec 1484#endif
94df27fd 1485#endif /* TARGET_HAS_ICE */
d720b93d 1486
c527ee8f
PB		 1487#if defined(CONFIG_USER_ONLY)
1488void cpu_watchpoint_remove_all(CPUState *env, int mask)
1489
1490{
1491}
1492
1493int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1494 int flags, CPUWatchpoint **watchpoint)
1495{
1496 return -ENOSYS;
1497}
1498#else
6658ffb8 1499/* Add a watchpoint. */
a1d1bb31
AL		 1500int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1501 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1502{
b4051334 1503 target_ulong len_mask = ~(len - 1);
c0ce998e 1504 CPUWatchpoint *wp;
6658ffb8 1505
b4051334
AL		 1506 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1507 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1508 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1509 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1510 return -EINVAL;
1511 }
7267c094 1512 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1513
1514 wp->vaddr = addr;
b4051334 1515 wp->len_mask = len_mask;
a1d1bb31
AL		 1516 wp->flags = flags;
1517
2dc9f411 1518 /* keep all GDB-injected watchpoints in front */
c0ce998e 1519 if (flags & BP_GDB)
72cf2d4f 1520 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1521 else
72cf2d4f 1522 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1523
6658ffb8 1524 tlb_flush_page(env, addr);
a1d1bb31
AL		 1525
1526 if (watchpoint)
1527 *watchpoint = wp;
1528 return 0;
6658ffb8
PB		 1529}
1530
a1d1bb31
AL		 1531/* Remove a specific watchpoint. */
1532int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1533 int flags)
6658ffb8 1534{
b4051334 1535 target_ulong len_mask = ~(len - 1);
a1d1bb31 1536 CPUWatchpoint *wp;
6658ffb8 1537
72cf2d4f 1538 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1539 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1540 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1541 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1542 return 0;
1543 }
1544 }
a1d1bb31 1545 return -ENOENT;
6658ffb8
PB		 1546}
1547
a1d1bb31
AL		 1548/* Remove a specific watchpoint by reference. */
1549void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1550{
72cf2d4f 1551 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1552
a1d1bb31
AL		 1553 tlb_flush_page(env, watchpoint->vaddr);
1554
7267c094 1555 g_free(watchpoint);
a1d1bb31
AL		 1556}
1557
1558/* Remove all matching watchpoints. */
1559void cpu_watchpoint_remove_all(CPUState *env, int mask)
1560{
c0ce998e 1561 CPUWatchpoint *wp, *next;
a1d1bb31 1562
72cf2d4f 1563 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1564 if (wp->flags & mask)
1565 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1566 }
7d03f82f 1567}
c527ee8f 1568#endif
7d03f82f 1569
a1d1bb31
AL		 1570/* Add a breakpoint. */
1571int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1572 CPUBreakpoint **breakpoint)
4c3a88a2 1573{
1fddef4b 1574#if defined(TARGET_HAS_ICE)
c0ce998e 1575 CPUBreakpoint *bp;
3b46e624 1576
7267c094 1577 bp = g_malloc(sizeof(*bp));
4c3a88a2 1578
a1d1bb31
AL		 1579 bp->pc = pc;
1580 bp->flags = flags;
1581
2dc9f411 1582 /* keep all GDB-injected breakpoints in front */
c0ce998e 1583 if (flags & BP_GDB)
72cf2d4f 1584 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1585 else
72cf2d4f 1586 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1587
d720b93d 1588 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1589
1590 if (breakpoint)
1591 *breakpoint = bp;
4c3a88a2
FB		 1592 return 0;
1593#else
a1d1bb31 1594 return -ENOSYS;
4c3a88a2
FB		 1595#endif
1596}
1597
a1d1bb31
AL		 1598/* Remove a specific breakpoint. */
1599int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1600{
7d03f82f 1601#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1602 CPUBreakpoint *bp;
1603
72cf2d4f 1604 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1605 if (bp->pc == pc && bp->flags == flags) {
1606 cpu_breakpoint_remove_by_ref(env, bp);
1607 return 0;
1608 }
7d03f82f 1609 }
a1d1bb31
AL		 1610 return -ENOENT;
1611#else
1612 return -ENOSYS;
7d03f82f
EI		 1613#endif
1614}
1615
a1d1bb31
AL		 1616/* Remove a specific breakpoint by reference. */
1617void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1618{
1fddef4b 1619#if defined(TARGET_HAS_ICE)
72cf2d4f 1620 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1621
a1d1bb31
AL		 1622 breakpoint_invalidate(env, breakpoint->pc);
1623
7267c094 1624 g_free(breakpoint);
a1d1bb31
AL		 1625#endif
1626}
1627
1628/* Remove all matching breakpoints. */
1629void cpu_breakpoint_remove_all(CPUState *env, int mask)
1630{
1631#if defined(TARGET_HAS_ICE)
c0ce998e 1632 CPUBreakpoint *bp, *next;
a1d1bb31 1633
72cf2d4f 1634 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1635 if (bp->flags & mask)
1636 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1637 }
4c3a88a2
FB		 1638#endif
1639}
1640
c33a346e
FB		 1641/* enable or disable single step mode. EXCP_DEBUG is returned by the
1642 CPU loop after each instruction */
1643void cpu_single_step(CPUState *env, int enabled)
1644{
1fddef4b 1645#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1646 if (env->singlestep_enabled != enabled) {
1647 env->singlestep_enabled = enabled;
e22a25c9
AL		 1648 if (kvm_enabled())
1649 kvm_update_guest_debug(env, 0);
1650 else {
ccbb4d44 1651 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1652 /* XXX: only flush what is necessary */
1653 tb_flush(env);
1654 }
c33a346e
FB		 1655 }
1656#endif
1657}
1658
34865134
FB		 1659/* enable or disable low levels log */
1660void cpu_set_log(int log_flags)
1661{
1662 loglevel = log_flags;
1663 if (loglevel && !logfile) {
11fcfab4 1664 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1665 if (!logfile) {
1666 perror(logfilename);
1667 _exit(1);
1668 }
9fa3e853
FB		 1669#if !defined(CONFIG_SOFTMMU)
1670 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1671 {
b55266b5 1672 static char logfile_buf[4096];
9fa3e853
FB		 1673 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1674 }
daf767b1
SW		 1675#elif defined(_WIN32)
1676 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1677 setvbuf(logfile, NULL, _IONBF, 0);
1678#else
34865134 1679 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1680#endif
e735b91c
PB		 1681 log_append = 1;
1682 }
1683 if (!loglevel && logfile) {
1684 fclose(logfile);
1685 logfile = NULL;
34865134
FB		 1686 }
1687}
1688
1689void cpu_set_log_filename(const char *filename)
1690{
1691 logfilename = strdup(filename);
e735b91c
PB		 1692 if (logfile) {
1693 fclose(logfile);
1694 logfile = NULL;
1695 }
1696 cpu_set_log(loglevel);
34865134 1697}
c33a346e 1698
3098dba0 1699static void cpu_unlink_tb(CPUState *env)
ea041c0e 1700{
3098dba0
AJ		 1701 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1702 problem and hope the cpu will stop of its own accord. For userspace
1703 emulation this often isn't actually as bad as it sounds. Often
1704 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1705 TranslationBlock *tb;
c227f099 1706 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1707
cab1b4bd 1708 spin_lock(&interrupt_lock);
3098dba0
AJ		 1709 tb = env->current_tb;
1710 /* if the cpu is currently executing code, we must unlink it and
1711 all the potentially executing TB */
f76cfe56 1712 if (tb) {
3098dba0
AJ		 1713 env->current_tb = NULL;
1714 tb_reset_jump_recursive(tb);
be214e6c 1715 }
cab1b4bd 1716 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1717}
1718
97ffbd8d 1719#ifndef CONFIG_USER_ONLY
3098dba0 1720/* mask must never be zero, except for A20 change call */
ec6959d0 1721static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1722{
1723 int old_mask;
be214e6c 1724
2e70f6ef 1725 old_mask = env->interrupt_request;
68a79315 1726 env->interrupt_request |= mask;
3098dba0 1727
8edac960
AL		 1728 /*
1729 * If called from iothread context, wake the target cpu in
1730 * case its halted.
1731 */
b7680cb6 1732 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1733 qemu_cpu_kick(env);
1734 return;
1735 }
8edac960 1736
2e70f6ef 1737 if (use_icount) {
266910c4 1738 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1739 if (!can_do_io(env)
be214e6c 1740 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1741 cpu_abort(env, "Raised interrupt while not in I/O function");
1742 }
2e70f6ef 1743 } else {
3098dba0 1744 cpu_unlink_tb(env);
ea041c0e
FB		 1745 }
1746}
1747
ec6959d0
JK		 1748CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1749
97ffbd8d
JK		 1750#else /* CONFIG_USER_ONLY */
1751
1752void cpu_interrupt(CPUState *env, int mask)
1753{
1754 env->interrupt_request |= mask;
1755 cpu_unlink_tb(env);
1756}
1757#endif /* CONFIG_USER_ONLY */
1758
b54ad049
FB		 1759void cpu_reset_interrupt(CPUState *env, int mask)
1760{
1761 env->interrupt_request &= ~mask;
1762}
1763
3098dba0
AJ		 1764void cpu_exit(CPUState *env)
1765{
1766 env->exit_request = 1;
1767 cpu_unlink_tb(env);
1768}
1769
c7cd6a37 1770const CPULogItem cpu_log_items[] = {
5fafdf24 1771 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1772 "show generated host assembly code for each compiled TB" },
1773 { CPU_LOG_TB_IN_ASM, "in_asm",
1774 "show target assembly code for each compiled TB" },
5fafdf24 1775 { CPU_LOG_TB_OP, "op",
57fec1fe 1776 "show micro ops for each compiled TB" },
f193c797 1777 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1778 "show micro ops "
1779#ifdef TARGET_I386
1780 "before eflags optimization and "
f193c797 1781#endif
e01a1157 1782 "after liveness analysis" },
f193c797
FB		 1783 { CPU_LOG_INT, "int",
1784 "show interrupts/exceptions in short format" },
1785 { CPU_LOG_EXEC, "exec",
1786 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1787 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1788 "show CPU state before block translation" },
f193c797
FB		 1789#ifdef TARGET_I386
1790 { CPU_LOG_PCALL, "pcall",
1791 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1792 { CPU_LOG_RESET, "cpu_reset",
1793 "show CPU state before CPU resets" },
f193c797 1794#endif
8e3a9fd2 1795#ifdef DEBUG_IOPORT
fd872598
FB		 1796 { CPU_LOG_IOPORT, "ioport",
1797 "show all i/o ports accesses" },
8e3a9fd2 1798#endif
f193c797
FB		 1799 { 0, NULL, NULL },
1800};
1801
1802static int cmp1(const char *s1, int n, const char *s2)
1803{
1804 if (strlen(s2) != n)
1805 return 0;
1806 return memcmp(s1, s2, n) == 0;
1807}
3b46e624 1808
f193c797
FB		 1809/* takes a comma separated list of log masks. Return 0 if error. */
1810int cpu_str_to_log_mask(const char *str)
1811{
c7cd6a37 1812 const CPULogItem *item;
f193c797
FB		 1813 int mask;
1814 const char *p, *p1;
1815
1816 p = str;
1817 mask = 0;
1818 for(;;) {
1819 p1 = strchr(p, ',');
1820 if (!p1)
1821 p1 = p + strlen(p);
9742bf26
YT		 1822 if(cmp1(p,p1-p,"all")) {
1823 for(item = cpu_log_items; item->mask != 0; item++) {
1824 mask |= item->mask;
1825 }
1826 } else {
1827 for(item = cpu_log_items; item->mask != 0; item++) {
1828 if (cmp1(p, p1 - p, item->name))
1829 goto found;
1830 }
1831 return 0;
f193c797 1832 }
f193c797
FB		 1833 found:
1834 mask |= item->mask;
1835 if (*p1 != ',')
1836 break;
1837 p = p1 + 1;
1838 }
1839 return mask;
1840}
ea041c0e 1841
7501267e
FB		 1842void cpu_abort(CPUState *env, const char *fmt, ...)
1843{
1844 va_list ap;
493ae1f0 1845 va_list ap2;
7501267e
FB		 1846
1847 va_start(ap, fmt);
493ae1f0 1848 va_copy(ap2, ap);
7501267e
FB		 1849 fprintf(stderr, "qemu: fatal: ");
1850 vfprintf(stderr, fmt, ap);
1851 fprintf(stderr, "\n");
1852#ifdef TARGET_I386
7fe48483
FB		 1853 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1854#else
1855 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1856#endif
93fcfe39
AL		 1857 if (qemu_log_enabled()) {
1858 qemu_log("qemu: fatal: ");
1859 qemu_log_vprintf(fmt, ap2);
1860 qemu_log("\n");
f9373291 1861#ifdef TARGET_I386
93fcfe39 1862 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1863#else
93fcfe39 1864 log_cpu_state(env, 0);
f9373291 1865#endif
31b1a7b4 1866 qemu_log_flush();
93fcfe39 1867 qemu_log_close();
924edcae 1868 }
493ae1f0 1869 va_end(ap2);
f9373291 1870 va_end(ap);
fd052bf6
RV		 1871#if defined(CONFIG_USER_ONLY)
1872 {
1873 struct sigaction act;
1874 sigfillset(&act.sa_mask);
1875 act.sa_handler = SIG_DFL;
1876 sigaction(SIGABRT, &act, NULL);
1877 }
1878#endif
7501267e
FB		 1879 abort();
1880}
1881
c5be9f08
TS		 1882CPUState *cpu_copy(CPUState *env)
1883{
01ba9816 1884 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1885 CPUState *next_cpu = new_env->next_cpu;
1886 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1887#if defined(TARGET_HAS_ICE)
1888 CPUBreakpoint *bp;
1889 CPUWatchpoint *wp;
1890#endif
1891
c5be9f08 1892 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1893
1894 /* Preserve chaining and index. */
c5be9f08
TS		 1895 new_env->next_cpu = next_cpu;
1896 new_env->cpu_index = cpu_index;
5a38f081
AL		 1897
1898 /* Clone all break/watchpoints.
1899 Note: Once we support ptrace with hw-debug register access, make sure
1900 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1901 QTAILQ_INIT(&env->breakpoints);
1902 QTAILQ_INIT(&env->watchpoints);
5a38f081 1903#if defined(TARGET_HAS_ICE)
72cf2d4f 1904 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1905 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1906 }
72cf2d4f 1907 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1908 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1909 wp->flags, NULL);
1910 }
1911#endif
1912
c5be9f08
TS		 1913 return new_env;
1914}
1915
0124311e
FB		 1916#if !defined(CONFIG_USER_ONLY)
1917
5c751e99
EI		 1918static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1919{
1920 unsigned int i;
1921
1922 /* Discard jump cache entries for any tb which might potentially
1923 overlap the flushed page. */
1924 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1925 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1926 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1927
1928 i = tb_jmp_cache_hash_page(addr);
1929 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1930 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1931}
1932
08738984
IK		 1933static CPUTLBEntry s_cputlb_empty_entry = {
1934 .addr_read = -1,
1935 .addr_write = -1,
1936 .addr_code = -1,
1937 .addend = -1,
1938};
1939
771124e1
PM		 1940/* NOTE:
1941 * If flush_global is true (the usual case), flush all tlb entries.
1942 * If flush_global is false, flush (at least) all tlb entries not
1943 * marked global.
1944 *
1945 * Since QEMU doesn't currently implement a global/not-global flag
1946 * for tlb entries, at the moment tlb_flush() will also flush all
1947 * tlb entries in the flush_global == false case. This is OK because
1948 * CPU architectures generally permit an implementation to drop
1949 * entries from the TLB at any time, so flushing more entries than
1950 * required is only an efficiency issue, not a correctness issue.
1951 */
ee8b7021 1952void tlb_flush(CPUState *env, int flush_global)
33417e70 1953{
33417e70 1954 int i;
0124311e 1955
9fa3e853
FB		 1956#if defined(DEBUG_TLB)
1957 printf("tlb_flush:\n");
1958#endif
0124311e
FB		 1959 /* must reset current TB so that interrupts cannot modify the
1960 links while we are modifying them */
1961 env->current_tb = NULL;
1962
33417e70 1963 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1964 int mmu_idx;
1965 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1966 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1967 }
33417e70 1968 }
9fa3e853 1969
8a40a180 1970 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1971
d4c430a8
PB		 1972 env->tlb_flush_addr = -1;
1973 env->tlb_flush_mask = 0;
e3db7226 1974 tlb_flush_count++;
33417e70
FB		 1975}
1976
274da6b2 1977static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1978{
5fafdf24 1979 if (addr == (tlb_entry->addr_read &
84b7b8e7 1980 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1981 addr == (tlb_entry->addr_write &
84b7b8e7 1982 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1983 addr == (tlb_entry->addr_code &
84b7b8e7 1984 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1985 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1986 }
61382a50
FB		 1987}
1988
2e12669a 1989void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1990{
8a40a180 1991 int i;
cfde4bd9 1992 int mmu_idx;
0124311e 1993
9fa3e853 1994#if defined(DEBUG_TLB)
108c49b8 1995 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1996#endif
d4c430a8
PB		 1997 /* Check if we need to flush due to large pages. */
1998 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1999#if defined(DEBUG_TLB)
2000 printf("tlb_flush_page: forced full flush ("
2001 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2002 env->tlb_flush_addr, env->tlb_flush_mask);
2003#endif
2004 tlb_flush(env, 1);
2005 return;
2006 }
0124311e
FB		 2007 /* must reset current TB so that interrupts cannot modify the
2008 links while we are modifying them */
2009 env->current_tb = NULL;
61382a50
FB		 2010
2011 addr &= TARGET_PAGE_MASK;
2012 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2013 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2014 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 2015
5c751e99 2016 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 2017}
2018
9fa3e853
FB		 2019/* update the TLBs so that writes to code in the virtual page 'addr'
2020 can be detected */
c227f099 2021static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 2022{
5fafdf24 2023 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 2024 ram_addr + TARGET_PAGE_SIZE,
2025 CODE_DIRTY_FLAG);
9fa3e853
FB		 2026}
2027
9fa3e853 2028/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 2029 tested for self modifying code */
c227f099 2030static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 2031 target_ulong vaddr)
9fa3e853 2032{
f7c11b53 2033 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 2034}
2035
5fafdf24 2036static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 2037 unsigned long start, unsigned long length)
2038{
2039 unsigned long addr;
0e0df1e2 2040 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 2041 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 2042 if ((addr - start) < length) {
0f459d16 2043 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 2044 }
2045 }
2046}
2047
5579c7f3 2048/* Note: start and end must be within the same ram block. */
c227f099 2049void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 2050 int dirty_flags)
1ccde1cb
FB		 2051{
2052 CPUState *env;
4f2ac237 2053 unsigned long length, start1;
f7c11b53 2054 int i;
1ccde1cb
FB		 2055
2056 start &= TARGET_PAGE_MASK;
2057 end = TARGET_PAGE_ALIGN(end);
2058
2059 length = end - start;
2060 if (length == 0)
2061 return;
f7c11b53 2062 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2063
1ccde1cb
FB		 2064 /* we modify the TLB cache so that the dirty bit will be set again
2065 when accessing the range */
b2e0a138 2066 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2067 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2068 address comparisons below. */
b2e0a138 2069 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2070 != (end - 1) - start) {
2071 abort();
2072 }
2073
6a00d601 2074 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2075 int mmu_idx;
2076 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2077 for(i = 0; i < CPU_TLB_SIZE; i++)
2078 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2079 start1, length);
2080 }
6a00d601 2081 }
1ccde1cb
FB		 2082}
2083
74576198
AL		 2084int cpu_physical_memory_set_dirty_tracking(int enable)
2085{
f6f3fbca 2086 int ret = 0;
74576198 2087 in_migration = enable;
f6f3fbca 2088 return ret;
74576198
AL		 2089}
2090
3a7d929e
FB		 2091static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2092{
c227f099 2093 ram_addr_t ram_addr;
5579c7f3 2094 void *p;
3a7d929e 2095
0e0df1e2 2096 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2097 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2098 + tlb_entry->addend);
e890261f 2099 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2100 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2101 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2102 }
2103 }
2104}
2105
2106/* update the TLB according to the current state of the dirty bits */
2107void cpu_tlb_update_dirty(CPUState *env)
2108{
2109 int i;
cfde4bd9
IY		 2110 int mmu_idx;
2111 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2112 for(i = 0; i < CPU_TLB_SIZE; i++)
2113 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2114 }
3a7d929e
FB		 2115}
2116
0f459d16 2117static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2118{
0f459d16
PB		 2119 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2120 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2121}
2122
0f459d16
PB		 2123/* update the TLB corresponding to virtual page vaddr
2124 so that it is no longer dirty */
2125static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2126{
1ccde1cb 2127 int i;
cfde4bd9 2128 int mmu_idx;
1ccde1cb 2129
0f459d16 2130 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2131 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2132 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2133 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2134}
2135
d4c430a8
PB		 2136/* Our TLB does not support large pages, so remember the area covered by
2137 large pages and trigger a full TLB flush if these are invalidated. */
2138static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2139 target_ulong size)
2140{
2141 target_ulong mask = ~(size - 1);
2142
2143 if (env->tlb_flush_addr == (target_ulong)-1) {
2144 env->tlb_flush_addr = vaddr & mask;
2145 env->tlb_flush_mask = mask;
2146 return;
2147 }
2148 /* Extend the existing region to include the new page.
2149 This is a compromise between unnecessary flushes and the cost
2150 of maintaining a full variable size TLB. */
2151 mask &= env->tlb_flush_mask;
2152 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2153 mask <<= 1;
2154 }
2155 env->tlb_flush_addr &= mask;
2156 env->tlb_flush_mask = mask;
2157}
2158
06ef3525 2159static bool is_ram_rom(MemoryRegionSection *s)
1d393fa2 2160{
06ef3525 2161 return memory_region_is_ram(s->mr);
1d393fa2
AK		 2162}
2163
06ef3525 2164static bool is_romd(MemoryRegionSection *s)
75c578dc 2165{
06ef3525 2166 MemoryRegion *mr = s->mr;
75c578dc 2167
75c578dc
AK		 2168 return mr->rom_device && mr->readable;
2169}
2170
06ef3525 2171static bool is_ram_rom_romd(MemoryRegionSection *s)
1d393fa2 2172{
06ef3525 2173 return is_ram_rom(s) || is_romd(s);
1d393fa2
AK		 2174}
2175
d4c430a8
PB		 2176/* Add a new TLB entry. At most one entry for a given virtual address
2177 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2178 supplied size is only used by tlb_flush_page. */
2179void tlb_set_page(CPUState *env, target_ulong vaddr,
2180 target_phys_addr_t paddr, int prot,
2181 int mmu_idx, target_ulong size)
9fa3e853 2182{
06ef3525 2183 MemoryRegionSection section;
9fa3e853 2184 unsigned int index;
4f2ac237 2185 target_ulong address;
0f459d16 2186 target_ulong code_address;
355b1943 2187 unsigned long addend;
84b7b8e7 2188 CPUTLBEntry *te;
a1d1bb31 2189 CPUWatchpoint *wp;
c227f099 2190 target_phys_addr_t iotlb;
9fa3e853 2191
d4c430a8
PB		 2192 assert(size >= TARGET_PAGE_SIZE);
2193 if (size != TARGET_PAGE_SIZE) {
2194 tlb_add_large_page(env, vaddr, size);
2195 }
06ef3525 2196 section = phys_page_find(paddr >> TARGET_PAGE_BITS);
9fa3e853 2197#if defined(DEBUG_TLB)
7fd3f494
SW		 2198 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2199 " prot=%x idx=%d pd=0x%08lx\n",
2200 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2201#endif
2202
0f459d16 2203 address = vaddr;
06ef3525 2204 if (!is_ram_rom_romd(&section)) {
0f459d16
PB		 2205 /* IO memory case (romd handled later) */
2206 address |= TLB_MMIO;
2207 }
06ef3525
AK		 2208 if (is_ram_rom_romd(&section)) {
2209 addend = (unsigned long)(memory_region_get_ram_ptr(section.mr)
2210 + section.offset_within_region);
2211 } else {
2212 addend = 0;
2213 }
2214 if (is_ram_rom(&section)) {
0f459d16 2215 /* Normal RAM. */
06ef3525
AK		 2216 iotlb = (memory_region_get_ram_addr(section.mr)
2217 + section.offset_within_region) & TARGET_PAGE_MASK;
2218 if (!section.readonly)
0e0df1e2 2219 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2220 else
0e0df1e2 2221 iotlb |= io_mem_rom.ram_addr;
0f459d16 2222 } else {
ccbb4d44 2223 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2224 It would be nice to pass an offset from the base address
2225 of that region. This would avoid having to special case RAM,
2226 and avoid full address decoding in every device.
2227 We can't use the high bits of pd for this because
2228 IO_MEM_ROMD uses these as a ram address. */
06ef3525
AK		 2229 iotlb = memory_region_get_ram_addr(section.mr) & ~TARGET_PAGE_MASK;
2230 iotlb += section.offset_within_region;
0f459d16
PB		 2231 }
2232
2233 code_address = address;
2234 /* Make accesses to pages with watchpoints go via the
2235 watchpoint trap routines. */
72cf2d4f 2236 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2237 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2238 /* Avoid trapping reads of pages with a write breakpoint. */
2239 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2240 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2241 address |= TLB_MMIO;
2242 break;
2243 }
6658ffb8 2244 }
0f459d16 2245 }
d79acba4 2246
0f459d16
PB		 2247 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2248 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2249 te = &env->tlb_table[mmu_idx][index];
2250 te->addend = addend - vaddr;
2251 if (prot & PAGE_READ) {
2252 te->addr_read = address;
2253 } else {
2254 te->addr_read = -1;
2255 }
5c751e99 2256
0f459d16
PB		 2257 if (prot & PAGE_EXEC) {
2258 te->addr_code = code_address;
2259 } else {
2260 te->addr_code = -1;
2261 }
2262 if (prot & PAGE_WRITE) {
06ef3525
AK		 2263 if ((memory_region_is_ram(section.mr) && section.readonly)
2264 || is_romd(&section)) {
0f459d16
PB		 2265 /* Write access calls the I/O callback. */
2266 te->addr_write = address | TLB_MMIO;
06ef3525
AK		 2267 } else if (memory_region_is_ram(section.mr)
2268 && !cpu_physical_memory_is_dirty(
2269 section.mr->ram_addr
2270 + section.offset_within_region)) {
0f459d16 2271 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2272 } else {
0f459d16 2273 te->addr_write = address;
9fa3e853 2274 }
0f459d16
PB		 2275 } else {
2276 te->addr_write = -1;
9fa3e853 2277 }
9fa3e853
FB		 2278}
2279
0124311e
FB		 2280#else
2281
ee8b7021 2282void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2283{
2284}
2285
2e12669a 2286void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2287{
2288}
2289
edf8e2af
MW		 2290/*
2291 * Walks guest process memory "regions" one by one
2292 * and calls callback function 'fn' for each region.
2293 */
5cd2c5b6
RH		 2294
2295struct walk_memory_regions_data
2296{
2297 walk_memory_regions_fn fn;
2298 void *priv;
2299 unsigned long start;
2300 int prot;
2301};
2302
2303static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2304 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2305{
2306 if (data->start != -1ul) {
2307 int rc = data->fn(data->priv, data->start, end, data->prot);
2308 if (rc != 0) {
2309 return rc;
2310 }
2311 }
2312
2313 data->start = (new_prot ? end : -1ul);
2314 data->prot = new_prot;
2315
2316 return 0;
2317}
2318
2319static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2320 abi_ulong base, int level, void **lp)
5cd2c5b6 2321{
b480d9b7 2322 abi_ulong pa;
5cd2c5b6
RH		 2323 int i, rc;
2324
2325 if (*lp == NULL) {
2326 return walk_memory_regions_end(data, base, 0);
2327 }
2328
2329 if (level == 0) {
2330 PageDesc *pd = *lp;
7296abac 2331 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2332 int prot = pd[i].flags;
2333
2334 pa = base | (i << TARGET_PAGE_BITS);
2335 if (prot != data->prot) {
2336 rc = walk_memory_regions_end(data, pa, prot);
2337 if (rc != 0) {
2338 return rc;
9fa3e853 2339 }
9fa3e853 2340 }
5cd2c5b6
RH		 2341 }
2342 } else {
2343 void **pp = *lp;
7296abac 2344 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2345 pa = base | ((abi_ulong)i <<
2346 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2347 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2348 if (rc != 0) {
2349 return rc;
2350 }
2351 }
2352 }
2353
2354 return 0;
2355}
2356
2357int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2358{
2359 struct walk_memory_regions_data data;
2360 unsigned long i;
2361
2362 data.fn = fn;
2363 data.priv = priv;
2364 data.start = -1ul;
2365 data.prot = 0;
2366
2367 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2368 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2369 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2370 if (rc != 0) {
2371 return rc;
9fa3e853 2372 }
33417e70 2373 }
5cd2c5b6
RH		 2374
2375 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2376}
2377
b480d9b7
PB		 2378static int dump_region(void *priv, abi_ulong start,
2379 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2380{
2381 FILE *f = (FILE *)priv;
2382
b480d9b7
PB		 2383 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2384 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2385 start, end, end - start,
2386 ((prot & PAGE_READ) ? 'r' : '-'),
2387 ((prot & PAGE_WRITE) ? 'w' : '-'),
2388 ((prot & PAGE_EXEC) ? 'x' : '-'));
2389
2390 return (0);
2391}
2392
2393/* dump memory mappings */
2394void page_dump(FILE *f)
2395{
2396 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2397 "start", "end", "size", "prot");
2398 walk_memory_regions(f, dump_region);
33417e70
FB		 2399}
2400
53a5960a 2401int page_get_flags(target_ulong address)
33417e70 2402{
9fa3e853
FB		 2403 PageDesc *p;
2404
2405 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2406 if (!p)
9fa3e853
FB		 2407 return 0;
2408 return p->flags;
2409}
2410
376a7909
RH		 2411/* Modify the flags of a page and invalidate the code if necessary.
2412 The flag PAGE_WRITE_ORG is positioned automatically depending
2413 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2414void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2415{
376a7909
RH		 2416 target_ulong addr, len;
2417
2418 /* This function should never be called with addresses outside the
2419 guest address space. If this assert fires, it probably indicates
2420 a missing call to h2g_valid. */
b480d9b7
PB		 2421#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2422 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2423#endif
2424 assert(start < end);
9fa3e853
FB		 2425
2426 start = start & TARGET_PAGE_MASK;
2427 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2428
2429 if (flags & PAGE_WRITE) {
9fa3e853 2430 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2431 }
2432
2433 for (addr = start, len = end - start;
2434 len != 0;
2435 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2436 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2437
2438 /* If the write protection bit is set, then we invalidate
2439 the code inside. */
5fafdf24 2440 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2441 (flags & PAGE_WRITE) &&
2442 p->first_tb) {
d720b93d 2443 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2444 }
2445 p->flags = flags;
2446 }
33417e70
FB		 2447}
2448
3d97b40b
TS		 2449int page_check_range(target_ulong start, target_ulong len, int flags)
2450{
2451 PageDesc *p;
2452 target_ulong end;
2453 target_ulong addr;
2454
376a7909
RH		 2455 /* This function should never be called with addresses outside the
2456 guest address space. If this assert fires, it probably indicates
2457 a missing call to h2g_valid. */
338e9e6c
BS		 2458#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2459 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2460#endif
2461
3e0650a9
RH		 2462 if (len == 0) {
2463 return 0;
2464 }
376a7909
RH		 2465 if (start + len - 1 < start) {
2466 /* We've wrapped around. */
55f280c9 2467 return -1;
376a7909 2468 }
55f280c9 2469
3d97b40b
TS		 2470 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2471 start = start & TARGET_PAGE_MASK;
2472
376a7909
RH		 2473 for (addr = start, len = end - start;
2474 len != 0;
2475 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2476 p = page_find(addr >> TARGET_PAGE_BITS);
2477 if( !p )
2478 return -1;
2479 if( !(p->flags & PAGE_VALID) )
2480 return -1;
2481
dae3270c 2482 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2483 return -1;
dae3270c
FB		 2484 if (flags & PAGE_WRITE) {
2485 if (!(p->flags & PAGE_WRITE_ORG))
2486 return -1;
2487 /* unprotect the page if it was put read-only because it
2488 contains translated code */
2489 if (!(p->flags & PAGE_WRITE)) {
2490 if (!page_unprotect(addr, 0, NULL))
2491 return -1;
2492 }
2493 return 0;
2494 }
3d97b40b
TS		 2495 }
2496 return 0;
2497}
2498
9fa3e853 2499/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2500 page. Return TRUE if the fault was successfully handled. */
53a5960a 2501int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2502{
45d679d6
AJ		 2503 unsigned int prot;
2504 PageDesc *p;
53a5960a 2505 target_ulong host_start, host_end, addr;
9fa3e853 2506
c8a706fe
PB		 2507 /* Technically this isn't safe inside a signal handler. However we
2508 know this only ever happens in a synchronous SEGV handler, so in
2509 practice it seems to be ok. */
2510 mmap_lock();
2511
45d679d6
AJ		 2512 p = page_find(address >> TARGET_PAGE_BITS);
2513 if (!p) {
c8a706fe 2514 mmap_unlock();
9fa3e853 2515 return 0;
c8a706fe 2516 }
45d679d6 2517
9fa3e853
FB		 2518 /* if the page was really writable, then we change its
2519 protection back to writable */
45d679d6
AJ		 2520 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2521 host_start = address & qemu_host_page_mask;
2522 host_end = host_start + qemu_host_page_size;
2523
2524 prot = 0;
2525 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2526 p = page_find(addr >> TARGET_PAGE_BITS);
2527 p->flags |= PAGE_WRITE;
2528 prot |= p->flags;
2529
9fa3e853
FB		 2530 /* and since the content will be modified, we must invalidate
2531 the corresponding translated code. */
45d679d6 2532 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2533#ifdef DEBUG_TB_CHECK
45d679d6 2534 tb_invalidate_check(addr);
9fa3e853 2535#endif
9fa3e853 2536 }
45d679d6
AJ		 2537 mprotect((void *)g2h(host_start), qemu_host_page_size,
2538 prot & PAGE_BITS);
2539
2540 mmap_unlock();
2541 return 1;
9fa3e853 2542 }
c8a706fe 2543 mmap_unlock();
9fa3e853
FB		 2544 return 0;
2545}
2546
6a00d601
FB		 2547static inline void tlb_set_dirty(CPUState *env,
2548 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2549{
2550}
9fa3e853
FB		 2551#endif /* defined(CONFIG_USER_ONLY) */
2552
e2eef170 2553#if !defined(CONFIG_USER_ONLY)
8da3ff18 2554
c04b2b78
PB		 2555#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2556typedef struct subpage_t {
70c68e44 2557 MemoryRegion iomem;
c04b2b78 2558 target_phys_addr_t base;
5312bd8b 2559 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2560} subpage_t;
2561
c227f099 2562static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2563 uint16_t section);
0f0cb164 2564static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2565static void destroy_page_desc(uint16_t section_index)
54688b1e 2566{
5312bd8b
AK		 2567 MemoryRegionSection *section = &phys_sections[section_index];
2568 MemoryRegion *mr = section->mr;
54688b1e
AK		 2569
2570 if (mr->subpage) {
2571 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2572 memory_region_destroy(&subpage->iomem);
2573 g_free(subpage);
2574 }
2575}
2576
4346ae3e 2577static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2578{
2579 unsigned i;
d6f2ea22 2580 PhysPageEntry *p;
54688b1e 2581
c19e8800 2582 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2583 return;
2584 }
2585
c19e8800 2586 p = phys_map_nodes[lp->ptr];
4346ae3e 2587 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2588 if (!p[i].is_leaf) {
54688b1e 2589 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2590 } else {
c19e8800 2591 destroy_page_desc(p[i].ptr);
54688b1e 2592 }
54688b1e 2593 }
07f07b31 2594 lp->is_leaf = 0;
c19e8800 2595 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2596}
2597
2598static void destroy_all_mappings(void)
2599{
3eef53df 2600 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2601 phys_map_nodes_reset();
54688b1e
AK		 2602}
2603
5312bd8b
AK		 2604static uint16_t phys_section_add(MemoryRegionSection *section)
2605{
2606 if (phys_sections_nb == phys_sections_nb_alloc) {
2607 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2608 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2609 phys_sections_nb_alloc);
2610 }
2611 phys_sections[phys_sections_nb] = *section;
2612 return phys_sections_nb++;
2613}
2614
2615static void phys_sections_clear(void)
2616{
2617 phys_sections_nb = 0;
2618}
2619
8f2498f9
MT		 2620/* register physical memory.
2621 For RAM, 'size' must be a multiple of the target page size.
2622 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2623 io memory page. The address used when calling the IO function is
2624 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2625 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2626 before calculating this offset. This should not be a problem unless
2627 the low bits of start_addr and region_offset differ. */
0f0cb164
AK		 2628static void register_subpage(MemoryRegionSection *section)
2629{
2630 subpage_t *subpage;
2631 target_phys_addr_t base = section->offset_within_address_space
2632 & TARGET_PAGE_MASK;
2633 MemoryRegionSection existing = phys_page_find(base >> TARGET_PAGE_BITS);
2634 MemoryRegionSection subsection = {
2635 .offset_within_address_space = base,
2636 .size = TARGET_PAGE_SIZE,
2637 };
0f0cb164
AK		 2638 target_phys_addr_t start, end;
2639
2640 assert(existing.mr->subpage || existing.mr == &io_mem_unassigned);
2641
2642 if (!(existing.mr->subpage)) {
2643 subpage = subpage_init(base);
2644 subsection.mr = &subpage->iomem;
2999097b
AK		 2645 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2646 phys_section_add(&subsection));
0f0cb164
AK		 2647 } else {
2648 subpage = container_of(existing.mr, subpage_t, iomem);
2649 }
2650 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2651 end = start + section->size;
2652 subpage_register(subpage, start, end, phys_section_add(section));
2653}
2654
2655
2656static void register_multipage(MemoryRegionSection *section)
33417e70 2657{
dd81124b
AK		 2658 target_phys_addr_t start_addr = section->offset_within_address_space;
2659 ram_addr_t size = section->size;
2999097b 2660 target_phys_addr_t addr;
5312bd8b 2661 uint16_t section_index = phys_section_add(section);
dd81124b 2662
3b8e6a2d 2663 assert(size);
f6f3fbca 2664
3b8e6a2d 2665 addr = start_addr;
2999097b
AK		 2666 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2667 section_index);
33417e70
FB		 2668}
2669
0f0cb164
AK		 2670void cpu_register_physical_memory_log(MemoryRegionSection *section,
2671 bool readonly)
2672{
2673 MemoryRegionSection now = *section, remain = *section;
2674
2675 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2676 || (now.size < TARGET_PAGE_SIZE)) {
2677 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2678 - now.offset_within_address_space,
2679 now.size);
2680 register_subpage(&now);
2681 remain.size -= now.size;
2682 remain.offset_within_address_space += now.size;
2683 remain.offset_within_region += now.size;
2684 }
2685 now = remain;
2686 now.size &= TARGET_PAGE_MASK;
2687 if (now.size) {
2688 register_multipage(&now);
2689 remain.size -= now.size;
2690 remain.offset_within_address_space += now.size;
2691 remain.offset_within_region += now.size;
2692 }
2693 now = remain;
2694 if (now.size) {
2695 register_subpage(&now);
2696 }
2697}
2698
2699
c227f099 2700void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2701{
2702 if (kvm_enabled())
2703 kvm_coalesce_mmio_region(addr, size);
2704}
2705
c227f099 2706void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2707{
2708 if (kvm_enabled())
2709 kvm_uncoalesce_mmio_region(addr, size);
2710}
2711
62a2744c
SY		 2712void qemu_flush_coalesced_mmio_buffer(void)
2713{
2714 if (kvm_enabled())
2715 kvm_flush_coalesced_mmio_buffer();
2716}
2717
c902760f
MT		 2718#if defined(__linux__) && !defined(TARGET_S390X)
2719
2720#include <sys/vfs.h>
2721
2722#define HUGETLBFS_MAGIC 0x958458f6
2723
2724static long gethugepagesize(const char *path)
2725{
2726 struct statfs fs;
2727 int ret;
2728
2729 do {
9742bf26 2730 ret = statfs(path, &fs);
c902760f
MT		 2731 } while (ret != 0 && errno == EINTR);
2732
2733 if (ret != 0) {
9742bf26
YT		 2734 perror(path);
2735 return 0;
c902760f
MT		 2736 }
2737
2738 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2739 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2740
2741 return fs.f_bsize;
2742}
2743
04b16653
AW		 2744static void *file_ram_alloc(RAMBlock *block,
2745 ram_addr_t memory,
2746 const char *path)
c902760f
MT		 2747{
2748 char *filename;
2749 void *area;
2750 int fd;
2751#ifdef MAP_POPULATE
2752 int flags;
2753#endif
2754 unsigned long hpagesize;
2755
2756 hpagesize = gethugepagesize(path);
2757 if (!hpagesize) {
9742bf26 2758 return NULL;
c902760f
MT		 2759 }
2760
2761 if (memory < hpagesize) {
2762 return NULL;
2763 }
2764
2765 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2766 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2767 return NULL;
2768 }
2769
2770 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2771 return NULL;
c902760f
MT		 2772 }
2773
2774 fd = mkstemp(filename);
2775 if (fd < 0) {
9742bf26
YT		 2776 perror("unable to create backing store for hugepages");
2777 free(filename);
2778 return NULL;
c902760f
MT		 2779 }
2780 unlink(filename);
2781 free(filename);
2782
2783 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2784
2785 /*
2786 * ftruncate is not supported by hugetlbfs in older
2787 * hosts, so don't bother bailing out on errors.
2788 * If anything goes wrong with it under other filesystems,
2789 * mmap will fail.
2790 */
2791 if (ftruncate(fd, memory))
9742bf26 2792 perror("ftruncate");
c902760f
MT		 2793
2794#ifdef MAP_POPULATE
2795 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2796 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2797 * to sidestep this quirk.
2798 */
2799 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2800 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2801#else
2802 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2803#endif
2804 if (area == MAP_FAILED) {
9742bf26
YT		 2805 perror("file_ram_alloc: can't mmap RAM pages");
2806 close(fd);
2807 return (NULL);
c902760f 2808 }
04b16653 2809 block->fd = fd;
c902760f
MT		 2810 return area;
2811}
2812#endif
2813
d17b5288 2814static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2815{
2816 RAMBlock *block, *next_block;
3e837b2c 2817 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2818
2819 if (QLIST_EMPTY(&ram_list.blocks))
2820 return 0;
2821
2822 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2823 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2824
2825 end = block->offset + block->length;
2826
2827 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2828 if (next_block->offset >= end) {
2829 next = MIN(next, next_block->offset);
2830 }
2831 }
2832 if (next - end >= size && next - end < mingap) {
3e837b2c 2833 offset = end;
04b16653
AW		 2834 mingap = next - end;
2835 }
2836 }
3e837b2c
AW		 2837
2838 if (offset == RAM_ADDR_MAX) {
2839 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2840 (uint64_t)size);
2841 abort();
2842 }
2843
04b16653
AW		 2844 return offset;
2845}
2846
2847static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2848{
2849 RAMBlock *block;
2850 ram_addr_t last = 0;
2851
2852 QLIST_FOREACH(block, &ram_list.blocks, next)
2853 last = MAX(last, block->offset + block->length);
2854
2855 return last;
2856}
2857
c5705a77 2858void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2859{
2860 RAMBlock *new_block, *block;
2861
c5705a77
AK		 2862 new_block = NULL;
2863 QLIST_FOREACH(block, &ram_list.blocks, next) {
2864 if (block->offset == addr) {
2865 new_block = block;
2866 break;
2867 }
2868 }
2869 assert(new_block);
2870 assert(!new_block->idstr[0]);
84b89d78
CM		 2871
2872 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2873 char *id = dev->parent_bus->info->get_dev_path(dev);
2874 if (id) {
2875 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2876 g_free(id);
84b89d78
CM		 2877 }
2878 }
2879 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2880
2881 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2882 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2883 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2884 new_block->idstr);
2885 abort();
2886 }
2887 }
c5705a77
AK		 2888}
2889
2890ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2891 MemoryRegion *mr)
2892{
2893 RAMBlock *new_block;
2894
2895 size = TARGET_PAGE_ALIGN(size);
2896 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2897
7c637366 2898 new_block->mr = mr;
432d268c 2899 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2900 if (host) {
2901 new_block->host = host;
cd19cfa2 2902 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2903 } else {
2904 if (mem_path) {
c902760f 2905#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2906 new_block->host = file_ram_alloc(new_block, size, mem_path);
2907 if (!new_block->host) {
2908 new_block->host = qemu_vmalloc(size);
e78815a5 2909 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2910 }
c902760f 2911#else
6977dfe6
YT		 2912 fprintf(stderr, "-mem-path option unsupported\n");
2913 exit(1);
c902760f 2914#endif
6977dfe6 2915 } else {
6b02494d 2916#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2917 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2918 an system defined value, which is at least 256GB. Larger systems
2919 have larger values. We put the guest between the end of data
2920 segment (system break) and this value. We use 32GB as a base to
2921 have enough room for the system break to grow. */
2922 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2923 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2924 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2925 if (new_block->host == MAP_FAILED) {
2926 fprintf(stderr, "Allocating RAM failed\n");
2927 abort();
2928 }
6b02494d 2929#else
868bb33f 2930 if (xen_enabled()) {
fce537d4 2931 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2932 } else {
2933 new_block->host = qemu_vmalloc(size);
2934 }
6b02494d 2935#endif
e78815a5 2936 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2937 }
c902760f 2938 }
94a6b54f
PB		 2939 new_block->length = size;
2940
f471a17e 2941 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2942
7267c094 2943 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2944 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2945 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2946 0xff, size >> TARGET_PAGE_BITS);
2947
6f0437e8
JK		 2948 if (kvm_enabled())
2949 kvm_setup_guest_memory(new_block->host, size);
2950
94a6b54f
PB		 2951 return new_block->offset;
2952}
e9a1ab19 2953
c5705a77 2954ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2955{
c5705a77 2956 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2957}
2958
1f2e98b6
AW		 2959void qemu_ram_free_from_ptr(ram_addr_t addr)
2960{
2961 RAMBlock *block;
2962
2963 QLIST_FOREACH(block, &ram_list.blocks, next) {
2964 if (addr == block->offset) {
2965 QLIST_REMOVE(block, next);
7267c094 2966 g_free(block);
1f2e98b6
AW		 2967 return;
2968 }
2969 }
2970}
2971
c227f099 2972void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2973{
04b16653
AW		 2974 RAMBlock *block;
2975
2976 QLIST_FOREACH(block, &ram_list.blocks, next) {
2977 if (addr == block->offset) {
2978 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2979 if (block->flags & RAM_PREALLOC_MASK) {
2980 ;
2981 } else if (mem_path) {
04b16653
AW		 2982#if defined (__linux__) && !defined(TARGET_S390X)
2983 if (block->fd) {
2984 munmap(block->host, block->length);
2985 close(block->fd);
2986 } else {
2987 qemu_vfree(block->host);
2988 }
fd28aa13
JK		 2989#else
2990 abort();
04b16653
AW		 2991#endif
2992 } else {
2993#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2994 munmap(block->host, block->length);
2995#else
868bb33f 2996 if (xen_enabled()) {
e41d7c69 2997 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2998 } else {
2999 qemu_vfree(block->host);
3000 }
04b16653
AW		 3001#endif
3002 }
7267c094 3003 g_free(block);
04b16653
AW		 3004 return;
3005 }
3006 }
3007
e9a1ab19
FB		 3008}
3009
cd19cfa2
HY		 3010#ifndef _WIN32
3011void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3012{
3013 RAMBlock *block;
3014 ram_addr_t offset;
3015 int flags;
3016 void *area, *vaddr;
3017
3018 QLIST_FOREACH(block, &ram_list.blocks, next) {
3019 offset = addr - block->offset;
3020 if (offset < block->length) {
3021 vaddr = block->host + offset;
3022 if (block->flags & RAM_PREALLOC_MASK) {
3023 ;
3024 } else {
3025 flags = MAP_FIXED;
3026 munmap(vaddr, length);
3027 if (mem_path) {
3028#if defined(__linux__) && !defined(TARGET_S390X)
3029 if (block->fd) {
3030#ifdef MAP_POPULATE
3031 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3032 MAP_PRIVATE;
3033#else
3034 flags |= MAP_PRIVATE;
3035#endif
3036 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3037 flags, block->fd, offset);
3038 } else {
3039 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3040 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3041 flags, -1, 0);
3042 }
fd28aa13
JK		 3043#else
3044 abort();
cd19cfa2
HY		 3045#endif
3046 } else {
3047#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3048 flags |= MAP_SHARED | MAP_ANONYMOUS;
3049 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3050 flags, -1, 0);
3051#else
3052 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3053 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3054 flags, -1, 0);
3055#endif
3056 }
3057 if (area != vaddr) {
f15fbc4b
AP		 3058 fprintf(stderr, "Could not remap addr: "
3059 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3060 length, addr);
3061 exit(1);
3062 }
3063 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3064 }
3065 return;
3066 }
3067 }
3068}
3069#endif /* !_WIN32 */
3070
dc828ca1 3071/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3072 With the exception of the softmmu code in this file, this should
3073 only be used for local memory (e.g. video ram) that the device owns,
3074 and knows it isn't going to access beyond the end of the block.
3075
3076 It should not be used for general purpose DMA.
3077 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3078 */
c227f099 3079void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3080{
94a6b54f
PB		 3081 RAMBlock *block;
3082
f471a17e
AW		 3083 QLIST_FOREACH(block, &ram_list.blocks, next) {
3084 if (addr - block->offset < block->length) {
7d82af38
VP		 3085 /* Move this entry to to start of the list. */
3086 if (block != QLIST_FIRST(&ram_list.blocks)) {
3087 QLIST_REMOVE(block, next);
3088 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3089 }
868bb33f 3090 if (xen_enabled()) {
432d268c
JN		 3091 /* We need to check if the requested address is in the RAM
3092 * because we don't want to map the entire memory in QEMU.
712c2b41 3093 * In that case just map until the end of the page.
432d268c
JN		 3094 */
3095 if (block->offset == 0) {
e41d7c69 3096 return xen_map_cache(addr, 0, 0);
432d268c 3097 } else if (block->host == NULL) {
e41d7c69
JK		 3098 block->host =
3099 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3100 }
3101 }
f471a17e
AW		 3102 return block->host + (addr - block->offset);
3103 }
94a6b54f 3104 }
f471a17e
AW		 3105
3106 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3107 abort();
3108
3109 return NULL;
dc828ca1
PB		 3110}
3111
b2e0a138
MT		 3112/* Return a host pointer to ram allocated with qemu_ram_alloc.
3113 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3114 */
3115void *qemu_safe_ram_ptr(ram_addr_t addr)
3116{
3117 RAMBlock *block;
3118
3119 QLIST_FOREACH(block, &ram_list.blocks, next) {
3120 if (addr - block->offset < block->length) {
868bb33f 3121 if (xen_enabled()) {
432d268c
JN		 3122 /* We need to check if the requested address is in the RAM
3123 * because we don't want to map the entire memory in QEMU.
712c2b41 3124 * In that case just map until the end of the page.
432d268c
JN		 3125 */
3126 if (block->offset == 0) {
e41d7c69 3127 return xen_map_cache(addr, 0, 0);
432d268c 3128 } else if (block->host == NULL) {
e41d7c69
JK		 3129 block->host =
3130 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3131 }
3132 }
b2e0a138
MT		 3133 return block->host + (addr - block->offset);
3134 }
3135 }
3136
3137 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3138 abort();
3139
3140 return NULL;
3141}
3142
38bee5dc
SS		 3143/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3144 * but takes a size argument */
8ab934f9 3145void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3146{
8ab934f9
SS		 3147 if (*size == 0) {
3148 return NULL;
3149 }
868bb33f 3150 if (xen_enabled()) {
e41d7c69 3151 return xen_map_cache(addr, *size, 1);
868bb33f 3152 } else {
38bee5dc
SS		 3153 RAMBlock *block;
3154
3155 QLIST_FOREACH(block, &ram_list.blocks, next) {
3156 if (addr - block->offset < block->length) {
3157 if (addr - block->offset + *size > block->length)
3158 *size = block->length - addr + block->offset;
3159 return block->host + (addr - block->offset);
3160 }
3161 }
3162
3163 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3164 abort();
38bee5dc
SS		 3165 }
3166}
3167
050a0ddf
AP		 3168void qemu_put_ram_ptr(void *addr)
3169{
3170 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3171}
3172
e890261f 3173int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3174{
94a6b54f
PB		 3175 RAMBlock *block;
3176 uint8_t *host = ptr;
3177
868bb33f 3178 if (xen_enabled()) {
e41d7c69 3179 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3180 return 0;
3181 }
3182
f471a17e 3183 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3184 /* This case append when the block is not mapped. */
3185 if (block->host == NULL) {
3186 continue;
3187 }
f471a17e 3188 if (host - block->host < block->length) {
e890261f
MT		 3189 *ram_addr = block->offset + (host - block->host);
3190 return 0;
f471a17e 3191 }
94a6b54f 3192 }
432d268c 3193
e890261f
MT		 3194 return -1;
3195}
f471a17e 3196
e890261f
MT		 3197/* Some of the softmmu routines need to translate from a host pointer
3198 (typically a TLB entry) back to a ram offset. */
3199ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3200{
3201 ram_addr_t ram_addr;
f471a17e 3202
e890261f
MT		 3203 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3204 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3205 abort();
3206 }
3207 return ram_addr;
5579c7f3
PB		 3208}
3209
0e0df1e2
AK		 3210static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3211 unsigned size)
e18231a3
BS		 3212{
3213#ifdef DEBUG_UNASSIGNED
3214 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3215#endif
5b450407 3216#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3217 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3218#endif
3219 return 0;
3220}
3221
0e0df1e2
AK		 3222static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3223 uint64_t val, unsigned size)
e18231a3
BS		 3224{
3225#ifdef DEBUG_UNASSIGNED
0e0df1e2 3226 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3227#endif
5b450407 3228#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3229 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3230#endif
33417e70
FB		 3231}
3232
0e0df1e2
AK		 3233static const MemoryRegionOps unassigned_mem_ops = {
3234 .read = unassigned_mem_read,
3235 .write = unassigned_mem_write,
3236 .endianness = DEVICE_NATIVE_ENDIAN,
3237};
e18231a3 3238
0e0df1e2
AK		 3239static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3240 unsigned size)
e18231a3 3241{
0e0df1e2 3242 abort();
e18231a3
BS		 3243}
3244
0e0df1e2
AK		 3245static void error_mem_write(void *opaque, target_phys_addr_t addr,
3246 uint64_t value, unsigned size)
e18231a3 3247{
0e0df1e2 3248 abort();
33417e70
FB		 3249}
3250
0e0df1e2
AK		 3251static const MemoryRegionOps error_mem_ops = {
3252 .read = error_mem_read,
3253 .write = error_mem_write,
3254 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3255};
3256
0e0df1e2
AK		 3257static const MemoryRegionOps rom_mem_ops = {
3258 .read = error_mem_read,
3259 .write = unassigned_mem_write,
3260 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3261};
3262
0e0df1e2
AK		 3263static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3264 uint64_t val, unsigned size)
9fa3e853 3265{
3a7d929e 3266 int dirty_flags;
f7c11b53 3267 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3268 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3269#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3270 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3271 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3272#endif
3a7d929e 3273 }
0e0df1e2
AK		 3274 switch (size) {
3275 case 1:
3276 stb_p(qemu_get_ram_ptr(ram_addr), val);
3277 break;
3278 case 2:
3279 stw_p(qemu_get_ram_ptr(ram_addr), val);
3280 break;
3281 case 4:
3282 stl_p(qemu_get_ram_ptr(ram_addr), val);
3283 break;
3284 default:
3285 abort();
3a7d929e 3286 }
f23db169 3287 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3288 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3289 /* we remove the notdirty callback only if the code has been
3290 flushed */
3291 if (dirty_flags == 0xff)
2e70f6ef 3292 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3293}
3294
0e0df1e2
AK		 3295static const MemoryRegionOps notdirty_mem_ops = {
3296 .read = error_mem_read,
3297 .write = notdirty_mem_write,
3298 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3299};
3300
0f459d16 3301/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3302static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3303{
3304 CPUState *env = cpu_single_env;
06d55cc1
AL		 3305 target_ulong pc, cs_base;
3306 TranslationBlock *tb;
0f459d16 3307 target_ulong vaddr;
a1d1bb31 3308 CPUWatchpoint *wp;
06d55cc1 3309 int cpu_flags;
0f459d16 3310
06d55cc1
AL		 3311 if (env->watchpoint_hit) {
3312 /* We re-entered the check after replacing the TB. Now raise
3313 * the debug interrupt so that is will trigger after the
3314 * current instruction. */
3315 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3316 return;
3317 }
2e70f6ef 3318 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3319 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3320 if ((vaddr == (wp->vaddr & len_mask) ||
3321 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3322 wp->flags |= BP_WATCHPOINT_HIT;
3323 if (!env->watchpoint_hit) {
3324 env->watchpoint_hit = wp;
3325 tb = tb_find_pc(env->mem_io_pc);
3326 if (!tb) {
3327 cpu_abort(env, "check_watchpoint: could not find TB for "
3328 "pc=%p", (void *)env->mem_io_pc);
3329 }
618ba8e6 3330 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3331 tb_phys_invalidate(tb, -1);
3332 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3333 env->exception_index = EXCP_DEBUG;
3334 } else {
3335 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3336 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3337 }
3338 cpu_resume_from_signal(env, NULL);
06d55cc1 3339 }
6e140f28
AL		 3340 } else {
3341 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3342 }
3343 }
3344}
3345
6658ffb8
PB		 3346/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3347 so these check for a hit then pass through to the normal out-of-line
3348 phys routines. */
1ec9b909
AK		 3349static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3350 unsigned size)
6658ffb8 3351{
1ec9b909
AK		 3352 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3353 switch (size) {
3354 case 1: return ldub_phys(addr);
3355 case 2: return lduw_phys(addr);
3356 case 4: return ldl_phys(addr);
3357 default: abort();
3358 }
6658ffb8
PB		 3359}
3360
1ec9b909
AK		 3361static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3362 uint64_t val, unsigned size)
6658ffb8 3363{
1ec9b909
AK		 3364 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3365 switch (size) {
3366 case 1: stb_phys(addr, val);
3367 case 2: stw_phys(addr, val);
3368 case 4: stl_phys(addr, val);
3369 default: abort();
3370 }
6658ffb8
PB		 3371}
3372
1ec9b909
AK		 3373static const MemoryRegionOps watch_mem_ops = {
3374 .read = watch_mem_read,
3375 .write = watch_mem_write,
3376 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3377};
6658ffb8 3378
70c68e44
AK		 3379static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3380 unsigned len)
db7b5426 3381{
70c68e44 3382 subpage_t *mmio = opaque;
f6405247 3383 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3384 MemoryRegionSection *section;
db7b5426
BS		 3385#if defined(DEBUG_SUBPAGE)
3386 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3387 mmio, len, addr, idx);
3388#endif
db7b5426 3389
5312bd8b
AK		 3390 section = &phys_sections[mmio->sub_section[idx]];
3391 addr += mmio->base;
3392 addr -= section->offset_within_address_space;
3393 addr += section->offset_within_region;
3394 return io_mem_read(section->mr->ram_addr, addr, len);
db7b5426
BS		 3395}
3396
70c68e44
AK		 3397static void subpage_write(void *opaque, target_phys_addr_t addr,
3398 uint64_t value, unsigned len)
db7b5426 3399{
70c68e44 3400 subpage_t *mmio = opaque;
f6405247 3401 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3402 MemoryRegionSection *section;
db7b5426 3403#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3404 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3405 " idx %d value %"PRIx64"\n",
f6405247 3406 __func__, mmio, len, addr, idx, value);
db7b5426 3407#endif
f6405247 3408
5312bd8b
AK		 3409 section = &phys_sections[mmio->sub_section[idx]];
3410 addr += mmio->base;
3411 addr -= section->offset_within_address_space;
3412 addr += section->offset_within_region;
3413 io_mem_write(section->mr->ram_addr, addr, value, len);
db7b5426
BS		 3414}
3415
70c68e44
AK		 3416static const MemoryRegionOps subpage_ops = {
3417 .read = subpage_read,
3418 .write = subpage_write,
3419 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3420};
3421
de712f94
AK		 3422static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3423 unsigned size)
56384e8b
AF		 3424{
3425 ram_addr_t raddr = addr;
3426 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3427 switch (size) {
3428 case 1: return ldub_p(ptr);
3429 case 2: return lduw_p(ptr);
3430 case 4: return ldl_p(ptr);
3431 default: abort();
3432 }
56384e8b
AF		 3433}
3434
de712f94
AK		 3435static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3436 uint64_t value, unsigned size)
56384e8b
AF		 3437{
3438 ram_addr_t raddr = addr;
3439 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3440 switch (size) {
3441 case 1: return stb_p(ptr, value);
3442 case 2: return stw_p(ptr, value);
3443 case 4: return stl_p(ptr, value);
3444 default: abort();
3445 }
56384e8b
AF		 3446}
3447
de712f94
AK		 3448static const MemoryRegionOps subpage_ram_ops = {
3449 .read = subpage_ram_read,
3450 .write = subpage_ram_write,
3451 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3452};
3453
c227f099 3454static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3455 uint16_t section)
db7b5426
BS		 3456{
3457 int idx, eidx;
3458
3459 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3460 return -1;
3461 idx = SUBPAGE_IDX(start);
3462 eidx = SUBPAGE_IDX(end);
3463#if defined(DEBUG_SUBPAGE)
0bf9e31a 3464 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3465 mmio, start, end, idx, eidx, memory);
3466#endif
5312bd8b
AK		 3467 if (memory_region_is_ram(phys_sections[section].mr)) {
3468 MemoryRegionSection new_section = phys_sections[section];
3469 new_section.mr = &io_mem_subpage_ram;
3470 section = phys_section_add(&new_section);
56384e8b 3471 }
db7b5426 3472 for (; idx <= eidx; idx++) {
5312bd8b 3473 mmio->sub_section[idx] = section;
db7b5426
BS		 3474 }
3475
3476 return 0;
3477}
3478
0f0cb164 3479static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3480{
c227f099 3481 subpage_t *mmio;
db7b5426 3482
7267c094 3483 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3484
3485 mmio->base = base;
70c68e44
AK		 3486 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3487 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3488 mmio->iomem.subpage = true;
db7b5426 3489#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3490 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3491 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3492#endif
0f0cb164 3493 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3494
3495 return mmio;
3496}
3497
88715657
AL		 3498static int get_free_io_mem_idx(void)
3499{
3500 int i;
3501
3502 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3503 if (!io_mem_used[i]) {
3504 io_mem_used[i] = 1;
3505 return i;
3506 }
c6703b47 3507 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3508 return -1;
3509}
3510
33417e70
FB		 3511/* mem_read and mem_write are arrays of functions containing the
3512 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3513 2). Functions can be omitted with a NULL function pointer.
3ee89922 3514 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3515 modified. If it is zero, a new io zone is allocated. The return
3516 value can be used with cpu_register_physical_memory(). (-1) is
3517 returned if error. */
a621f38d 3518static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3519{
33417e70 3520 if (io_index <= 0) {
88715657
AL		 3521 io_index = get_free_io_mem_idx();
3522 if (io_index == -1)
3523 return io_index;
33417e70
FB		 3524 } else {
3525 if (io_index >= IO_MEM_NB_ENTRIES)
3526 return -1;
3527 }
b5ff1b31 3528
a621f38d 3529 io_mem_region[io_index] = mr;
f6405247 3530
11c7ef0c 3531 return io_index;
33417e70 3532}
61382a50 3533
a621f38d 3534int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3535{
a621f38d 3536 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3537}
3538
11c7ef0c 3539void cpu_unregister_io_memory(int io_index)
88715657 3540{
a621f38d 3541 io_mem_region[io_index] = NULL;
88715657
AL		 3542 io_mem_used[io_index] = 0;
3543}
3544
5312bd8b
AK		 3545static uint16_t dummy_section(MemoryRegion *mr)
3546{
3547 MemoryRegionSection section = {
3548 .mr = mr,
3549 .offset_within_address_space = 0,
3550 .offset_within_region = 0,
3551 .size = UINT64_MAX,
3552 };
3553
3554 return phys_section_add(&section);
3555}
3556
e9179ce1
AK		 3557static void io_mem_init(void)
3558{
3559 int i;
3560
0e0df1e2
AK		 3561 /* Must be first: */
3562 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3563 assert(io_mem_ram.ram_addr == 0);
3564 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3565 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3566 "unassigned", UINT64_MAX);
3567 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3568 "notdirty", UINT64_MAX);
de712f94
AK		 3569 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3570 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3571 for (i=0; i<5; i++)
3572 io_mem_used[i] = 1;
3573
1ec9b909
AK		 3574 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3575 "watch", UINT64_MAX);
e9179ce1
AK		 3576}
3577
50c1e149
AK		 3578static void core_begin(MemoryListener *listener)
3579{
54688b1e 3580 destroy_all_mappings();
5312bd8b 3581 phys_sections_clear();
c19e8800 3582 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3583 phys_section_unassigned = dummy_section(&io_mem_unassigned);
50c1e149
AK		 3584}
3585
3586static void core_commit(MemoryListener *listener)
3587{
117712c3
AK		 3588 CPUState *env;
3589
3590 /* since each CPU stores ram addresses in its TLB cache, we must
3591 reset the modified entries */
3592 /* XXX: slow ! */
3593 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3594 tlb_flush(env, 1);
3595 }
50c1e149
AK		 3596}
3597
93632747
AK		 3598static void core_region_add(MemoryListener *listener,
3599 MemoryRegionSection *section)
3600{
4855d41a 3601 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3602}
3603
3604static void core_region_del(MemoryListener *listener,
3605 MemoryRegionSection *section)
3606{
93632747
AK		 3607}
3608
50c1e149
AK		 3609static void core_region_nop(MemoryListener *listener,
3610 MemoryRegionSection *section)
3611{
54688b1e 3612 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3613}
3614
93632747
AK		 3615static void core_log_start(MemoryListener *listener,
3616 MemoryRegionSection *section)
3617{
3618}
3619
3620static void core_log_stop(MemoryListener *listener,
3621 MemoryRegionSection *section)
3622{
3623}
3624
3625static void core_log_sync(MemoryListener *listener,
3626 MemoryRegionSection *section)
3627{
3628}
3629
3630static void core_log_global_start(MemoryListener *listener)
3631{
3632 cpu_physical_memory_set_dirty_tracking(1);
3633}
3634
3635static void core_log_global_stop(MemoryListener *listener)
3636{
3637 cpu_physical_memory_set_dirty_tracking(0);
3638}
3639
3640static void core_eventfd_add(MemoryListener *listener,
3641 MemoryRegionSection *section,
3642 bool match_data, uint64_t data, int fd)
3643{
3644}
3645
3646static void core_eventfd_del(MemoryListener *listener,
3647 MemoryRegionSection *section,
3648 bool match_data, uint64_t data, int fd)
3649{
3650}
3651
50c1e149
AK		 3652static void io_begin(MemoryListener *listener)
3653{
3654}
3655
3656static void io_commit(MemoryListener *listener)
3657{
3658}
3659
4855d41a
AK		 3660static void io_region_add(MemoryListener *listener,
3661 MemoryRegionSection *section)
3662{
3663 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3664 section->offset_within_address_space, section->size);
3665 ioport_register(&section->mr->iorange);
3666}
3667
3668static void io_region_del(MemoryListener *listener,
3669 MemoryRegionSection *section)
3670{
3671 isa_unassign_ioport(section->offset_within_address_space, section->size);
3672}
3673
50c1e149
AK		 3674static void io_region_nop(MemoryListener *listener,
3675 MemoryRegionSection *section)
3676{
3677}
3678
4855d41a
AK		 3679static void io_log_start(MemoryListener *listener,
3680 MemoryRegionSection *section)
3681{
3682}
3683
3684static void io_log_stop(MemoryListener *listener,
3685 MemoryRegionSection *section)
3686{
3687}
3688
3689static void io_log_sync(MemoryListener *listener,
3690 MemoryRegionSection *section)
3691{
3692}
3693
3694static void io_log_global_start(MemoryListener *listener)
3695{
3696}
3697
3698static void io_log_global_stop(MemoryListener *listener)
3699{
3700}
3701
3702static void io_eventfd_add(MemoryListener *listener,
3703 MemoryRegionSection *section,
3704 bool match_data, uint64_t data, int fd)
3705{
3706}
3707
3708static void io_eventfd_del(MemoryListener *listener,
3709 MemoryRegionSection *section,
3710 bool match_data, uint64_t data, int fd)
3711{
3712}
3713
93632747 3714static MemoryListener core_memory_listener = {
50c1e149
AK		 3715 .begin = core_begin,
3716 .commit = core_commit,
93632747
AK		 3717 .region_add = core_region_add,
3718 .region_del = core_region_del,
50c1e149 3719 .region_nop = core_region_nop,
93632747
AK		 3720 .log_start = core_log_start,
3721 .log_stop = core_log_stop,
3722 .log_sync = core_log_sync,
3723 .log_global_start = core_log_global_start,
3724 .log_global_stop = core_log_global_stop,
3725 .eventfd_add = core_eventfd_add,
3726 .eventfd_del = core_eventfd_del,
3727 .priority = 0,
3728};
3729
4855d41a 3730static MemoryListener io_memory_listener = {
50c1e149
AK		 3731 .begin = io_begin,
3732 .commit = io_commit,
4855d41a
AK		 3733 .region_add = io_region_add,
3734 .region_del = io_region_del,
50c1e149 3735 .region_nop = io_region_nop,
4855d41a
AK		 3736 .log_start = io_log_start,
3737 .log_stop = io_log_stop,
3738 .log_sync = io_log_sync,
3739 .log_global_start = io_log_global_start,
3740 .log_global_stop = io_log_global_stop,
3741 .eventfd_add = io_eventfd_add,
3742 .eventfd_del = io_eventfd_del,
3743 .priority = 0,
3744};
3745
62152b8a
AK		 3746static void memory_map_init(void)
3747{
7267c094 3748 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3749 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3750 set_system_memory_map(system_memory);
309cb471 3751
7267c094 3752 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3753 memory_region_init(system_io, "io", 65536);
3754 set_system_io_map(system_io);
93632747 3755
4855d41a
AK		 3756 memory_listener_register(&core_memory_listener, system_memory);
3757 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3758}
3759
3760MemoryRegion *get_system_memory(void)
3761{
3762 return system_memory;
3763}
3764
309cb471
AK		 3765MemoryRegion *get_system_io(void)
3766{
3767 return system_io;
3768}
3769
e2eef170
PB		 3770#endif /* !defined(CONFIG_USER_ONLY) */
3771
13eb76e0
FB		 3772/* physical memory access (slow version, mainly for debug) */
3773#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3774int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3775 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3776{
3777 int l, flags;
3778 target_ulong page;
53a5960a 3779 void * p;
13eb76e0
FB		 3780
3781 while (len > 0) {
3782 page = addr & TARGET_PAGE_MASK;
3783 l = (page + TARGET_PAGE_SIZE) - addr;
3784 if (l > len)
3785 l = len;
3786 flags = page_get_flags(page);
3787 if (!(flags & PAGE_VALID))
a68fe89c 3788 return -1;
13eb76e0
FB		 3789 if (is_write) {
3790 if (!(flags & PAGE_WRITE))
a68fe89c 3791 return -1;
579a97f7 3792 /* XXX: this code should not depend on lock_user */
72fb7daa 3793 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3794 return -1;
72fb7daa
AJ		 3795 memcpy(p, buf, l);
3796 unlock_user(p, addr, l);
13eb76e0
FB		 3797 } else {
3798 if (!(flags & PAGE_READ))
a68fe89c 3799 return -1;
579a97f7 3800 /* XXX: this code should not depend on lock_user */
72fb7daa 3801 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3802 return -1;
72fb7daa 3803 memcpy(buf, p, l);
5b257578 3804 unlock_user(p, addr, 0);
13eb76e0
FB		 3805 }
3806 len -= l;
3807 buf += l;
3808 addr += l;
3809 }
a68fe89c 3810 return 0;
13eb76e0 3811}
8df1cd07 3812
13eb76e0 3813#else
c227f099 3814void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3815 int len, int is_write)
3816{
3817 int l, io_index;
3818 uint8_t *ptr;
3819 uint32_t val;
c227f099 3820 target_phys_addr_t page;
06ef3525 3821 MemoryRegionSection section;
3b46e624 3822
13eb76e0
FB		 3823 while (len > 0) {
3824 page = addr & TARGET_PAGE_MASK;
3825 l = (page + TARGET_PAGE_SIZE) - addr;
3826 if (l > len)
3827 l = len;
06ef3525 3828 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3829
13eb76e0 3830 if (is_write) {
06ef3525 3831 if (!memory_region_is_ram(section.mr)) {
f1f6e3b8 3832 target_phys_addr_t addr1;
06ef3525
AK		 3833 io_index = memory_region_get_ram_addr(section.mr)
3834 & (IO_MEM_NB_ENTRIES - 1);
3835 addr1 = (addr & ~TARGET_PAGE_MASK)
3836 + section.offset_within_region;
6a00d601
FB		 3837 /* XXX: could force cpu_single_env to NULL to avoid
3838 potential bugs */
6c2934db 3839 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3840 /* 32 bit write access */
c27004ec 3841 val = ldl_p(buf);
acbbec5d 3842 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3843 l = 4;
6c2934db 3844 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3845 /* 16 bit write access */
c27004ec 3846 val = lduw_p(buf);
acbbec5d 3847 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3848 l = 2;
3849 } else {
1c213d19 3850 /* 8 bit write access */
c27004ec 3851 val = ldub_p(buf);
acbbec5d 3852 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3853 l = 1;
3854 }
06ef3525 3855 } else if (!section.readonly) {
8ca5692d 3856 ram_addr_t addr1;
06ef3525
AK		 3857 addr1 = (memory_region_get_ram_addr(section.mr)
3858 + section.offset_within_region)
3859 | (addr & ~TARGET_PAGE_MASK);
13eb76e0 3860 /* RAM case */
5579c7f3 3861 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3862 memcpy(ptr, buf, l);
3a7d929e
FB		 3863 if (!cpu_physical_memory_is_dirty(addr1)) {
3864 /* invalidate code */
3865 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3866 /* set dirty bit */
f7c11b53
YT		 3867 cpu_physical_memory_set_dirty_flags(
3868 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3869 }
050a0ddf 3870 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3871 }
3872 } else {
06ef3525 3873 if (!is_ram_rom_romd(&section)) {
f1f6e3b8 3874 target_phys_addr_t addr1;
13eb76e0 3875 /* I/O case */
06ef3525
AK		 3876 io_index = memory_region_get_ram_addr(section.mr)
3877 & (IO_MEM_NB_ENTRIES - 1);
3878 addr1 = (addr & ~TARGET_PAGE_MASK)
3879 + section.offset_within_region;
6c2934db 3880 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3881 /* 32 bit read access */
acbbec5d 3882 val = io_mem_read(io_index, addr1, 4);
c27004ec 3883 stl_p(buf, val);
13eb76e0 3884 l = 4;
6c2934db 3885 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3886 /* 16 bit read access */
acbbec5d 3887 val = io_mem_read(io_index, addr1, 2);
c27004ec 3888 stw_p(buf, val);
13eb76e0
FB		 3889 l = 2;
3890 } else {
1c213d19 3891 /* 8 bit read access */
acbbec5d 3892 val = io_mem_read(io_index, addr1, 1);
c27004ec 3893 stb_p(buf, val);
13eb76e0
FB		 3894 l = 1;
3895 }
3896 } else {
3897 /* RAM case */
06ef3525
AK		 3898 ptr = qemu_get_ram_ptr(section.mr->ram_addr
3899 + section.offset_within_region);
050a0ddf
AP		 3900 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3901 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3902 }
3903 }
3904 len -= l;
3905 buf += l;
3906 addr += l;
3907 }
3908}
8df1cd07 3909
d0ecd2aa 3910/* used for ROM loading : can write in RAM and ROM */
c227f099 3911void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3912 const uint8_t *buf, int len)
3913{
3914 int l;
3915 uint8_t *ptr;
c227f099 3916 target_phys_addr_t page;
06ef3525 3917 MemoryRegionSection section;
3b46e624 3918
d0ecd2aa
FB		 3919 while (len > 0) {
3920 page = addr & TARGET_PAGE_MASK;
3921 l = (page + TARGET_PAGE_SIZE) - addr;
3922 if (l > len)
3923 l = len;
06ef3525 3924 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3925
06ef3525 3926 if (!is_ram_rom_romd(&section)) {
d0ecd2aa
FB		 3927 /* do nothing */
3928 } else {
3929 unsigned long addr1;
06ef3525
AK		 3930 addr1 = (memory_region_get_ram_addr(section.mr)
3931 + section.offset_within_region)
3932 + (addr & ~TARGET_PAGE_MASK);
d0ecd2aa 3933 /* ROM/RAM case */
5579c7f3 3934 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3935 memcpy(ptr, buf, l);
050a0ddf 3936 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3937 }
3938 len -= l;
3939 buf += l;
3940 addr += l;
3941 }
3942}
3943
6d16c2f8
AL		 3944typedef struct {
3945 void *buffer;
c227f099
AL		 3946 target_phys_addr_t addr;
3947 target_phys_addr_t len;
6d16c2f8
AL		 3948} BounceBuffer;
3949
3950static BounceBuffer bounce;
3951
ba223c29
AL		 3952typedef struct MapClient {
3953 void *opaque;
3954 void (*callback)(void *opaque);
72cf2d4f 3955 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3956} MapClient;
3957
72cf2d4f
BS		 3958static QLIST_HEAD(map_client_list, MapClient) map_client_list
3959 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3960
3961void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3962{
7267c094 3963 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3964
3965 client->opaque = opaque;
3966 client->callback = callback;
72cf2d4f 3967 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3968 return client;
3969}
3970
3971void cpu_unregister_map_client(void *_client)
3972{
3973 MapClient *client = (MapClient *)_client;
3974
72cf2d4f 3975 QLIST_REMOVE(client, link);
7267c094 3976 g_free(client);
ba223c29
AL		 3977}
3978
3979static void cpu_notify_map_clients(void)
3980{
3981 MapClient *client;
3982
72cf2d4f
BS		 3983 while (!QLIST_EMPTY(&map_client_list)) {
3984 client = QLIST_FIRST(&map_client_list);
ba223c29 3985 client->callback(client->opaque);
34d5e948 3986 cpu_unregister_map_client(client);
ba223c29
AL		 3987 }
3988}
3989
6d16c2f8
AL		 3990/* Map a physical memory region into a host virtual address.
3991 * May map a subset of the requested range, given by and returned in *plen.
3992 * May return NULL if resources needed to perform the mapping are exhausted.
3993 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3994 * Use cpu_register_map_client() to know when retrying the map operation is
3995 * likely to succeed.
6d16c2f8 3996 */
c227f099
AL		 3997void *cpu_physical_memory_map(target_phys_addr_t addr,
3998 target_phys_addr_t *plen,
6d16c2f8
AL		 3999 int is_write)
4000{
c227f099 4001 target_phys_addr_t len = *plen;
38bee5dc 4002 target_phys_addr_t todo = 0;
6d16c2f8 4003 int l;
c227f099 4004 target_phys_addr_t page;
06ef3525 4005 MemoryRegionSection section;
f15fbc4b 4006 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 4007 ram_addr_t rlen;
4008 void *ret;
6d16c2f8
AL		 4009
4010 while (len > 0) {
4011 page = addr & TARGET_PAGE_MASK;
4012 l = (page + TARGET_PAGE_SIZE) - addr;
4013 if (l > len)
4014 l = len;
06ef3525 4015 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 4016
06ef3525 4017 if (!(memory_region_is_ram(section.mr) && !section.readonly)) {
38bee5dc 4018 if (todo || bounce.buffer) {
6d16c2f8
AL		 4019 break;
4020 }
4021 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4022 bounce.addr = addr;
4023 bounce.len = l;
4024 if (!is_write) {
54f7b4a3 4025 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 4026 }
38bee5dc
SS		 4027
4028 *plen = l;
4029 return bounce.buffer;
6d16c2f8 4030 }
8ab934f9 4031 if (!todo) {
06ef3525
AK		 4032 raddr = memory_region_get_ram_addr(section.mr)
4033 + section.offset_within_region
4034 + (addr & ~TARGET_PAGE_MASK);
8ab934f9 4035 }
6d16c2f8
AL		 4036
4037 len -= l;
4038 addr += l;
38bee5dc 4039 todo += l;
6d16c2f8 4040 }
8ab934f9
SS		 4041 rlen = todo;
4042 ret = qemu_ram_ptr_length(raddr, &rlen);
4043 *plen = rlen;
4044 return ret;
6d16c2f8
AL		 4045}
4046
4047/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4048 * Will also mark the memory as dirty if is_write == 1. access_len gives
4049 * the amount of memory that was actually read or written by the caller.
4050 */
c227f099
AL		 4051void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4052 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4053{
4054 if (buffer != bounce.buffer) {
4055 if (is_write) {
e890261f 4056 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4057 while (access_len) {
4058 unsigned l;
4059 l = TARGET_PAGE_SIZE;
4060 if (l > access_len)
4061 l = access_len;
4062 if (!cpu_physical_memory_is_dirty(addr1)) {
4063 /* invalidate code */
4064 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4065 /* set dirty bit */
f7c11b53
YT		 4066 cpu_physical_memory_set_dirty_flags(
4067 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4068 }
4069 addr1 += l;
4070 access_len -= l;
4071 }
4072 }
868bb33f 4073 if (xen_enabled()) {
e41d7c69 4074 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4075 }
6d16c2f8
AL		 4076 return;
4077 }
4078 if (is_write) {
4079 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4080 }
f8a83245 4081 qemu_vfree(bounce.buffer);
6d16c2f8 4082 bounce.buffer = NULL;
ba223c29 4083 cpu_notify_map_clients();
6d16c2f8 4084}
d0ecd2aa 4085
8df1cd07 4086/* warning: addr must be aligned */
1e78bcc1
AG		 4087static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4088 enum device_endian endian)
8df1cd07
FB		 4089{
4090 int io_index;
4091 uint8_t *ptr;
4092 uint32_t val;
06ef3525 4093 MemoryRegionSection section;
8df1cd07 4094
06ef3525 4095 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4096
06ef3525 4097 if (!is_ram_rom_romd(&section)) {
8df1cd07 4098 /* I/O case */
06ef3525
AK		 4099 io_index = memory_region_get_ram_addr(section.mr)
4100 & (IO_MEM_NB_ENTRIES - 1);
4101 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
acbbec5d 4102 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4103#if defined(TARGET_WORDS_BIGENDIAN)
4104 if (endian == DEVICE_LITTLE_ENDIAN) {
4105 val = bswap32(val);
4106 }
4107#else
4108 if (endian == DEVICE_BIG_ENDIAN) {
4109 val = bswap32(val);
4110 }
4111#endif
8df1cd07
FB		 4112 } else {
4113 /* RAM case */
06ef3525
AK		 4114 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4115 & TARGET_PAGE_MASK)
4116 + section.offset_within_region) +
8df1cd07 4117 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4118 switch (endian) {
4119 case DEVICE_LITTLE_ENDIAN:
4120 val = ldl_le_p(ptr);
4121 break;
4122 case DEVICE_BIG_ENDIAN:
4123 val = ldl_be_p(ptr);
4124 break;
4125 default:
4126 val = ldl_p(ptr);
4127 break;
4128 }
8df1cd07
FB		 4129 }
4130 return val;
4131}
4132
1e78bcc1
AG		 4133uint32_t ldl_phys(target_phys_addr_t addr)
4134{
4135 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4136}
4137
4138uint32_t ldl_le_phys(target_phys_addr_t addr)
4139{
4140 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4141}
4142
4143uint32_t ldl_be_phys(target_phys_addr_t addr)
4144{
4145 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4146}
4147
84b7b8e7 4148/* warning: addr must be aligned */
1e78bcc1
AG		 4149static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4150 enum device_endian endian)
84b7b8e7
FB		 4151{
4152 int io_index;
4153 uint8_t *ptr;
4154 uint64_t val;
06ef3525 4155 MemoryRegionSection section;
84b7b8e7 4156
06ef3525 4157 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4158
06ef3525 4159 if (!is_ram_rom_romd(&section)) {
84b7b8e7 4160 /* I/O case */
06ef3525
AK		 4161 io_index = memory_region_get_ram_addr(section.mr)
4162 & (IO_MEM_NB_ENTRIES - 1);
4163 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
1e78bcc1
AG		 4164
4165 /* XXX This is broken when device endian != cpu endian.
4166 Fix and add "endian" variable check */
84b7b8e7 4167#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4168 val = io_mem_read(io_index, addr, 4) << 32;
4169 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4170#else
acbbec5d
AK		 4171 val = io_mem_read(io_index, addr, 4);
4172 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4173#endif
4174 } else {
4175 /* RAM case */
06ef3525
AK		 4176 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4177 & TARGET_PAGE_MASK)
4178 + section.offset_within_region)
4179 + (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4180 switch (endian) {
4181 case DEVICE_LITTLE_ENDIAN:
4182 val = ldq_le_p(ptr);
4183 break;
4184 case DEVICE_BIG_ENDIAN:
4185 val = ldq_be_p(ptr);
4186 break;
4187 default:
4188 val = ldq_p(ptr);
4189 break;
4190 }
84b7b8e7
FB		 4191 }
4192 return val;
4193}
4194
1e78bcc1
AG		 4195uint64_t ldq_phys(target_phys_addr_t addr)
4196{
4197 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4198}
4199
4200uint64_t ldq_le_phys(target_phys_addr_t addr)
4201{
4202 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4203}
4204
4205uint64_t ldq_be_phys(target_phys_addr_t addr)
4206{
4207 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4208}
4209
aab33094 4210/* XXX: optimize */
c227f099 4211uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4212{
4213 uint8_t val;
4214 cpu_physical_memory_read(addr, &val, 1);
4215 return val;
4216}
4217
733f0b02 4218/* warning: addr must be aligned */
1e78bcc1
AG		 4219static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4220 enum device_endian endian)
aab33094 4221{
733f0b02
MT		 4222 int io_index;
4223 uint8_t *ptr;
4224 uint64_t val;
06ef3525 4225 MemoryRegionSection section;
733f0b02 4226
06ef3525 4227 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4228
06ef3525 4229 if (!is_ram_rom_romd(&section)) {
733f0b02 4230 /* I/O case */
06ef3525
AK		 4231 io_index = memory_region_get_ram_addr(section.mr)
4232 & (IO_MEM_NB_ENTRIES - 1);
4233 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
acbbec5d 4234 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4235#if defined(TARGET_WORDS_BIGENDIAN)
4236 if (endian == DEVICE_LITTLE_ENDIAN) {
4237 val = bswap16(val);
4238 }
4239#else
4240 if (endian == DEVICE_BIG_ENDIAN) {
4241 val = bswap16(val);
4242 }
4243#endif
733f0b02
MT		 4244 } else {
4245 /* RAM case */
06ef3525
AK		 4246 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4247 & TARGET_PAGE_MASK)
4248 + section.offset_within_region)
4249 + (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4250 switch (endian) {
4251 case DEVICE_LITTLE_ENDIAN:
4252 val = lduw_le_p(ptr);
4253 break;
4254 case DEVICE_BIG_ENDIAN:
4255 val = lduw_be_p(ptr);
4256 break;
4257 default:
4258 val = lduw_p(ptr);
4259 break;
4260 }
733f0b02
MT		 4261 }
4262 return val;
aab33094
FB		 4263}
4264
1e78bcc1
AG		 4265uint32_t lduw_phys(target_phys_addr_t addr)
4266{
4267 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4268}
4269
4270uint32_t lduw_le_phys(target_phys_addr_t addr)
4271{
4272 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4273}
4274
4275uint32_t lduw_be_phys(target_phys_addr_t addr)
4276{
4277 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4278}
4279
8df1cd07
FB		 4280/* warning: addr must be aligned. The ram page is not masked as dirty
4281 and the code inside is not invalidated. It is useful if the dirty
4282 bits are used to track modified PTEs */
c227f099 4283void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4284{
4285 int io_index;
4286 uint8_t *ptr;
06ef3525 4287 MemoryRegionSection section;
8df1cd07 4288
06ef3525 4289 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4290
06ef3525
AK		 4291 if (!memory_region_is_ram(section.mr) || section.readonly) {
4292 if (memory_region_is_ram(section.mr)) {
4293 io_index = io_mem_rom.ram_addr;
4294 } else {
4295 io_index = memory_region_get_ram_addr(section.mr);
4296 }
4297 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
acbbec5d 4298 io_mem_write(io_index, addr, val, 4);
8df1cd07 4299 } else {
06ef3525
AK		 4300 unsigned long addr1 = (memory_region_get_ram_addr(section.mr)
4301 & TARGET_PAGE_MASK)
4302 + section.offset_within_region
4303 + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4304 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4305 stl_p(ptr, val);
74576198
AL		 4306
4307 if (unlikely(in_migration)) {
4308 if (!cpu_physical_memory_is_dirty(addr1)) {
4309 /* invalidate code */
4310 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4311 /* set dirty bit */
f7c11b53
YT		 4312 cpu_physical_memory_set_dirty_flags(
4313 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4314 }
4315 }
8df1cd07
FB		 4316 }
4317}
4318
c227f099 4319void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4320{
4321 int io_index;
4322 uint8_t *ptr;
06ef3525 4323 MemoryRegionSection section;
bc98a7ef 4324
06ef3525 4325 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4326
06ef3525
AK		 4327 if (!memory_region_is_ram(section.mr) || section.readonly) {
4328 if (memory_region_is_ram(section.mr)) {
4329 io_index = io_mem_rom.ram_addr;
4330 } else {
4331 io_index = memory_region_get_ram_addr(section.mr)
4332 & (IO_MEM_NB_ENTRIES - 1);
4333 }
4334 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
bc98a7ef 4335#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4336 io_mem_write(io_index, addr, val >> 32, 4);
4337 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4338#else
acbbec5d
AK		 4339 io_mem_write(io_index, addr, (uint32_t)val, 4);
4340 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4341#endif
4342 } else {
06ef3525
AK		 4343 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4344 & TARGET_PAGE_MASK)
4345 + section.offset_within_region)
4346 + (addr & ~TARGET_PAGE_MASK);
bc98a7ef
JM		 4347 stq_p(ptr, val);
4348 }
4349}
4350
8df1cd07 4351/* warning: addr must be aligned */
1e78bcc1
AG		 4352static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4353 enum device_endian endian)
8df1cd07
FB		 4354{
4355 int io_index;
4356 uint8_t *ptr;
06ef3525 4357 MemoryRegionSection section;
8df1cd07 4358
06ef3525 4359 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4360
06ef3525
AK		 4361 if (!memory_region_is_ram(section.mr) || section.readonly) {
4362 if (memory_region_is_ram(section.mr)) {
4363 io_index = io_mem_rom.ram_addr;
4364 } else {
4365 io_index = memory_region_get_ram_addr(section.mr)
4366 & (IO_MEM_NB_ENTRIES - 1);
4367 }
4368 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
1e78bcc1
AG		 4369#if defined(TARGET_WORDS_BIGENDIAN)
4370 if (endian == DEVICE_LITTLE_ENDIAN) {
4371 val = bswap32(val);
4372 }
4373#else
4374 if (endian == DEVICE_BIG_ENDIAN) {
4375 val = bswap32(val);
4376 }
4377#endif
acbbec5d 4378 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4379 } else {
4380 unsigned long addr1;
06ef3525
AK		 4381 addr1 = (memory_region_get_ram_addr(section.mr) & TARGET_PAGE_MASK)
4382 + section.offset_within_region
4383 + (addr & ~TARGET_PAGE_MASK);
8df1cd07 4384 /* RAM case */
5579c7f3 4385 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4386 switch (endian) {
4387 case DEVICE_LITTLE_ENDIAN:
4388 stl_le_p(ptr, val);
4389 break;
4390 case DEVICE_BIG_ENDIAN:
4391 stl_be_p(ptr, val);
4392 break;
4393 default:
4394 stl_p(ptr, val);
4395 break;
4396 }
3a7d929e
FB		 4397 if (!cpu_physical_memory_is_dirty(addr1)) {
4398 /* invalidate code */
4399 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4400 /* set dirty bit */
f7c11b53
YT		 4401 cpu_physical_memory_set_dirty_flags(addr1,
4402 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4403 }
8df1cd07
FB		 4404 }
4405}
4406
1e78bcc1
AG		 4407void stl_phys(target_phys_addr_t addr, uint32_t val)
4408{
4409 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4410}
4411
4412void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4413{
4414 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4415}
4416
4417void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4418{
4419 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4420}
4421
aab33094 4422/* XXX: optimize */
c227f099 4423void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4424{
4425 uint8_t v = val;
4426 cpu_physical_memory_write(addr, &v, 1);
4427}
4428
733f0b02 4429/* warning: addr must be aligned */
1e78bcc1
AG		 4430static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4431 enum device_endian endian)
aab33094 4432{
733f0b02
MT		 4433 int io_index;
4434 uint8_t *ptr;
06ef3525 4435 MemoryRegionSection section;
733f0b02 4436
06ef3525 4437 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4438
06ef3525
AK		 4439 if (!memory_region_is_ram(section.mr) || section.readonly) {
4440 if (memory_region_is_ram(section.mr)) {
4441 io_index = io_mem_rom.ram_addr;
4442 } else {
4443 io_index = memory_region_get_ram_addr(section.mr)
4444 & (IO_MEM_NB_ENTRIES - 1);
4445 }
4446 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
1e78bcc1
AG		 4447#if defined(TARGET_WORDS_BIGENDIAN)
4448 if (endian == DEVICE_LITTLE_ENDIAN) {
4449 val = bswap16(val);
4450 }
4451#else
4452 if (endian == DEVICE_BIG_ENDIAN) {
4453 val = bswap16(val);
4454 }
4455#endif
acbbec5d 4456 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4457 } else {
4458 unsigned long addr1;
06ef3525
AK		 4459 addr1 = (memory_region_get_ram_addr(section.mr) & TARGET_PAGE_MASK)
4460 + section.offset_within_region + (addr & ~TARGET_PAGE_MASK);
733f0b02
MT		 4461 /* RAM case */
4462 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4463 switch (endian) {
4464 case DEVICE_LITTLE_ENDIAN:
4465 stw_le_p(ptr, val);
4466 break;
4467 case DEVICE_BIG_ENDIAN:
4468 stw_be_p(ptr, val);
4469 break;
4470 default:
4471 stw_p(ptr, val);
4472 break;
4473 }
733f0b02
MT		 4474 if (!cpu_physical_memory_is_dirty(addr1)) {
4475 /* invalidate code */
4476 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4477 /* set dirty bit */
4478 cpu_physical_memory_set_dirty_flags(addr1,
4479 (0xff & ~CODE_DIRTY_FLAG));
4480 }
4481 }
aab33094
FB		 4482}
4483
1e78bcc1
AG		 4484void stw_phys(target_phys_addr_t addr, uint32_t val)
4485{
4486 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4487}
4488
4489void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4490{
4491 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4492}
4493
4494void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4495{
4496 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4497}
4498
aab33094 4499/* XXX: optimize */
c227f099 4500void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4501{
4502 val = tswap64(val);
71d2b725 4503 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4504}
4505
1e78bcc1
AG		 4506void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4507{
4508 val = cpu_to_le64(val);
4509 cpu_physical_memory_write(addr, &val, 8);
4510}
4511
4512void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4513{
4514 val = cpu_to_be64(val);
4515 cpu_physical_memory_write(addr, &val, 8);
4516}
4517
5e2972fd 4518/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4519int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4520 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4521{
4522 int l;
c227f099 4523 target_phys_addr_t phys_addr;
9b3c35e0 4524 target_ulong page;
13eb76e0
FB		 4525
4526 while (len > 0) {
4527 page = addr & TARGET_PAGE_MASK;
4528 phys_addr = cpu_get_phys_page_debug(env, page);
4529 /* if no physical page mapped, return an error */
4530 if (phys_addr == -1)
4531 return -1;
4532 l = (page + TARGET_PAGE_SIZE) - addr;
4533 if (l > len)
4534 l = len;
5e2972fd 4535 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4536 if (is_write)
4537 cpu_physical_memory_write_rom(phys_addr, buf, l);
4538 else
5e2972fd 4539 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4540 len -= l;
4541 buf += l;
4542 addr += l;
4543 }
4544 return 0;
4545}
a68fe89c 4546#endif
13eb76e0 4547
2e70f6ef
PB		 4548/* in deterministic execution mode, instructions doing device I/Os
4549 must be at the end of the TB */
4550void cpu_io_recompile(CPUState *env, void *retaddr)
4551{
4552 TranslationBlock *tb;
4553 uint32_t n, cflags;
4554 target_ulong pc, cs_base;
4555 uint64_t flags;
4556
4557 tb = tb_find_pc((unsigned long)retaddr);
4558 if (!tb) {
4559 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4560 retaddr);
4561 }
4562 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4563 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4564 /* Calculate how many instructions had been executed before the fault
bf20dc07 4565 occurred. */
2e70f6ef
PB		 4566 n = n - env->icount_decr.u16.low;
4567 /* Generate a new TB ending on the I/O insn. */
4568 n++;
4569 /* On MIPS and SH, delay slot instructions can only be restarted if
4570 they were already the first instruction in the TB. If this is not
bf20dc07 4571 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4572 branch. */
4573#if defined(TARGET_MIPS)
4574 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4575 env->active_tc.PC -= 4;
4576 env->icount_decr.u16.low++;
4577 env->hflags &= ~MIPS_HFLAG_BMASK;
4578 }
4579#elif defined(TARGET_SH4)
4580 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4581 && n > 1) {
4582 env->pc -= 2;
4583 env->icount_decr.u16.low++;
4584 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4585 }
4586#endif
4587 /* This should never happen. */
4588 if (n > CF_COUNT_MASK)
4589 cpu_abort(env, "TB too big during recompile");
4590
4591 cflags = n | CF_LAST_IO;
4592 pc = tb->pc;
4593 cs_base = tb->cs_base;
4594 flags = tb->flags;
4595 tb_phys_invalidate(tb, -1);
4596 /* FIXME: In theory this could raise an exception. In practice
4597 we have already translated the block once so it's probably ok. */
4598 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4599 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4600 the first in the TB) then we end up generating a whole new TB and
4601 repeating the fault, which is horribly inefficient.
4602 Better would be to execute just this insn uncached, or generate a
4603 second new TB. */
4604 cpu_resume_from_signal(env, NULL);
4605}
4606
b3755a91
PB		 4607#if !defined(CONFIG_USER_ONLY)
4608
055403b2 4609void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4610{
4611 int i, target_code_size, max_target_code_size;
4612 int direct_jmp_count, direct_jmp2_count, cross_page;
4613 TranslationBlock *tb;
3b46e624 4614
e3db7226
FB		 4615 target_code_size = 0;
4616 max_target_code_size = 0;
4617 cross_page = 0;
4618 direct_jmp_count = 0;
4619 direct_jmp2_count = 0;
4620 for(i = 0; i < nb_tbs; i++) {
4621 tb = &tbs[i];
4622 target_code_size += tb->size;
4623 if (tb->size > max_target_code_size)
4624 max_target_code_size = tb->size;
4625 if (tb->page_addr[1] != -1)
4626 cross_page++;
4627 if (tb->tb_next_offset[0] != 0xffff) {
4628 direct_jmp_count++;
4629 if (tb->tb_next_offset[1] != 0xffff) {
4630 direct_jmp2_count++;
4631 }
4632 }
4633 }
4634 /* XXX: avoid using doubles ? */
57fec1fe 4635 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4636 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4637 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4638 cpu_fprintf(f, "TB count %d/%d\n",
4639 nb_tbs, code_gen_max_blocks);
5fafdf24 4640 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4641 nb_tbs ? target_code_size / nb_tbs : 0,
4642 max_target_code_size);
055403b2 4643 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4644 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4645 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4646 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4647 cross_page,
e3db7226
FB		 4648 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4649 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4650 direct_jmp_count,
e3db7226
FB		 4651 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4652 direct_jmp2_count,
4653 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4654 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4655 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4656 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4657 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4658 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4659}
4660
d39e8222
AK		 4661/* NOTE: this function can trigger an exception */
4662/* NOTE2: the returned address is not exactly the physical address: it
4663 is the offset relative to phys_ram_base */
4664tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4665{
4666 int mmu_idx, page_index, pd;
4667 void *p;
4668
4669 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4670 mmu_idx = cpu_mmu_index(env1);
4671 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4672 (addr & TARGET_PAGE_MASK))) {
4673 ldub_code(addr);
4674 }
4675 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4676 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
06ef3525 4677 && !io_mem_region[pd]->rom_device) {
d39e8222
AK		 4678#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4679 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4680#else
4681 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4682#endif
4683 }
4684 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4685 return qemu_ram_addr_from_host_nofail(p);
4686}
4687
82afa586
BH		 4688/*
4689 * A helper function for the _utterly broken_ virtio device model to find out if
4690 * it's running on a big endian machine. Don't do this at home kids!
4691 */
4692bool virtio_is_big_endian(void);
4693bool virtio_is_big_endian(void)
4694{
4695#if defined(TARGET_WORDS_BIGENDIAN)
4696 return true;
4697#else
4698 return false;
4699#endif
4700}
4701
61382a50 4702#define MMUSUFFIX _cmmu
3917149d 4703#undef GETPC
61382a50
FB		 4704#define GETPC() NULL
4705#define env cpu_single_env
b769d8fe 4706#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4707
4708#define SHIFT 0
4709#include "softmmu_template.h"
4710
4711#define SHIFT 1
4712#include "softmmu_template.h"
4713
4714#define SHIFT 2
4715#include "softmmu_template.h"
4716
4717#define SHIFT 3
4718#include "softmmu_template.h"
4719
4720#undef env
4721
4722#endif
QEMU mirror