]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cputlb: move TLB handling to a separate file
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
67d95c15
AK		 62#define WANT_EXEC_OBSOLETE
63#include "exec-obsolete.h"
64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
6840981d 96#elif defined(_WIN32) && !defined(_WIN64)
f8e2af11
SW		 97#define code_gen_section \
98 __attribute__((aligned (16)))
d03d860b
BS		 99#else
100#define code_gen_section \
101 __attribute__((aligned (32)))
102#endif
103
104uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 105static uint8_t *code_gen_buffer;
106static unsigned long code_gen_buffer_size;
26a5f13b 107/* threshold to flush the translated code buffer */
bdaf78e0 108static unsigned long code_gen_buffer_max_size;
24ab68ac 109static uint8_t *code_gen_ptr;
fd6ce8f6 110
e2eef170 111#if !defined(CONFIG_USER_ONLY)
9fa3e853 112int phys_ram_fd;
74576198 113static int in_migration;
94a6b54f 114
85d59fef 115RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 116
117static MemoryRegion *system_memory;
309cb471 118static MemoryRegion *system_io;
62152b8a 119
0e0df1e2 120MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 121static MemoryRegion io_mem_subpage_ram;
0e0df1e2 122
e2eef170 123#endif
9fa3e853 124
9349b4f9 125CPUArchState *first_cpu;
6a00d601
FB		 126/* current CPU in the current thread. It is only valid inside
127 cpu_exec() */
9349b4f9 128DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 129/* 0 = Do not count executed instructions.
bf20dc07 130 1 = Precise instruction counting.
2e70f6ef
PB		 131 2 = Adaptive rate instruction counting. */
132int use_icount = 0;
6a00d601 133
54936004 134typedef struct PageDesc {
92e873b9 135 /* list of TBs intersecting this ram page */
fd6ce8f6 136 TranslationBlock *first_tb;
9fa3e853
FB		 137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141#if defined(CONFIG_USER_ONLY)
142 unsigned long flags;
143#endif
54936004
FB		 144} PageDesc;
145
41c1b1c9 146/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 147 while in user mode we want it to be based on virtual addresses. */
148#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 149#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
151#else
5cd2c5b6 152# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 153#endif
bedb69ea 154#else
5cd2c5b6 155# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 156#endif
54936004 157
5cd2c5b6
RH		 158/* Size of the L2 (and L3, etc) page tables. */
159#define L2_BITS 10
54936004
FB		 160#define L2_SIZE (1 << L2_BITS)
161
3eef53df
AK		 162#define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
164
5cd2c5b6 165/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 166#define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
168
5cd2c5b6
RH		 169#if V_L1_BITS_REM < 4
170#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
171#else
172#define V_L1_BITS V_L1_BITS_REM
173#endif
174
5cd2c5b6
RH		 175#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
176
5cd2c5b6
RH		 177#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
178
c6d50674
SW		 179uintptr_t qemu_real_host_page_size;
180uintptr_t qemu_host_page_size;
181uintptr_t qemu_host_page_mask;
54936004 182
5cd2c5b6
RH		 183/* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185static void *l1_map[V_L1_SIZE];
54936004 186
e2eef170 187#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 188typedef struct PhysPageEntry PhysPageEntry;
189
5312bd8b
AK		 190static MemoryRegionSection *phys_sections;
191static unsigned phys_sections_nb, phys_sections_nb_alloc;
192static uint16_t phys_section_unassigned;
aa102231
AK		 193static uint16_t phys_section_notdirty;
194static uint16_t phys_section_rom;
195static uint16_t phys_section_watch;
5312bd8b 196
4346ae3e 197struct PhysPageEntry {
07f07b31
AK		 198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
200 uint16_t ptr : 15;
4346ae3e
AK		 201};
202
d6f2ea22
AK		 203/* Simple allocator for PhysPageEntry nodes */
204static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
206
07f07b31 207#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 208
5cd2c5b6 209/* This is a multi-level map on the physical address space.
06ef3525 210 The bottom level has pointers to MemoryRegionSections. */
07f07b31 211static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 212
e2eef170 213static void io_mem_init(void);
62152b8a 214static void memory_map_init(void);
e2eef170 215
1ec9b909 216static MemoryRegion io_mem_watch;
6658ffb8 217#endif
33417e70 218
34865134 219/* log support */
1e8b27ca
JR		 220#ifdef WIN32
221static const char *logfilename = "qemu.log";
222#else
d9b630fd 223static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 224#endif
34865134
FB		 225FILE *logfile;
226int loglevel;
e735b91c 227static int log_append = 0;
34865134 228
e3db7226 229/* statistics */
e3db7226
FB		 230static int tb_flush_count;
231static int tb_phys_invalidate_count;
232
7cb69cae
FB		 233#ifdef _WIN32
234static void map_exec(void *addr, long size)
235{
236 DWORD old_protect;
237 VirtualProtect(addr, size,
238 PAGE_EXECUTE_READWRITE, &old_protect);
239
240}
241#else
242static void map_exec(void *addr, long size)
243{
4369415f 244 unsigned long start, end, page_size;
7cb69cae 245
4369415f 246 page_size = getpagesize();
7cb69cae 247 start = (unsigned long)addr;
4369415f 248 start &= ~(page_size - 1);
7cb69cae
FB		 249
250 end = (unsigned long)addr + size;
4369415f
FB		 251 end += page_size - 1;
252 end &= ~(page_size - 1);
7cb69cae
FB		 253
254 mprotect((void *)start, end - start,
255 PROT_READ | PROT_WRITE | PROT_EXEC);
256}
257#endif
258
b346ff46 259static void page_init(void)
54936004 260{
83fb7adf 261 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 262 TARGET_PAGE_SIZE */
c2b48b69
AL		 263#ifdef _WIN32
264 {
265 SYSTEM_INFO system_info;
266
267 GetSystemInfo(&system_info);
268 qemu_real_host_page_size = system_info.dwPageSize;
269 }
270#else
271 qemu_real_host_page_size = getpagesize();
272#endif
83fb7adf
FB		 273 if (qemu_host_page_size == 0)
274 qemu_host_page_size = qemu_real_host_page_size;
275 if (qemu_host_page_size < TARGET_PAGE_SIZE)
276 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 277 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 278
2e9a5713 279#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 280 {
f01576f1
JL		 281#ifdef HAVE_KINFO_GETVMMAP
282 struct kinfo_vmentry *freep;
283 int i, cnt;
284
285 freep = kinfo_getvmmap(getpid(), &cnt);
286 if (freep) {
287 mmap_lock();
288 for (i = 0; i < cnt; i++) {
289 unsigned long startaddr, endaddr;
290
291 startaddr = freep[i].kve_start;
292 endaddr = freep[i].kve_end;
293 if (h2g_valid(startaddr)) {
294 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
295
296 if (h2g_valid(endaddr)) {
297 endaddr = h2g(endaddr);
fd436907 298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 299 } else {
300#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
301 endaddr = ~0ul;
fd436907 302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 303#endif
304 }
305 }
306 }
307 free(freep);
308 mmap_unlock();
309 }
310#else
50a9569b 311 FILE *f;
50a9569b 312
0776590d 313 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 314
fd436907 315 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 316 if (f) {
5cd2c5b6
RH		 317 mmap_lock();
318
50a9569b 319 do {
5cd2c5b6
RH		 320 unsigned long startaddr, endaddr;
321 int n;
322
323 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
324
325 if (n == 2 && h2g_valid(startaddr)) {
326 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
327
328 if (h2g_valid(endaddr)) {
329 endaddr = h2g(endaddr);
330 } else {
331 endaddr = ~0ul;
332 }
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 334 }
335 } while (!feof(f));
5cd2c5b6 336
50a9569b 337 fclose(f);
5cd2c5b6 338 mmap_unlock();
50a9569b 339 }
f01576f1 340#endif
50a9569b
AZ		 341 }
342#endif
54936004
FB		 343}
344
41c1b1c9 345static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 346{
41c1b1c9
PB		 347 PageDesc *pd;
348 void **lp;
349 int i;
350
5cd2c5b6 351#if defined(CONFIG_USER_ONLY)
7267c094 352 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 353# define ALLOC(P, SIZE) \
354 do { \
355 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
356 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 357 } while (0)
358#else
359# define ALLOC(P, SIZE) \
7267c094 360 do { P = g_malloc0(SIZE); } while (0)
17e2377a 361#endif
434929bf 362
5cd2c5b6
RH		 363 /* Level 1. Always allocated. */
364 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
365
366 /* Level 2..N-1. */
367 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
368 void **p = *lp;
369
370 if (p == NULL) {
371 if (!alloc) {
372 return NULL;
373 }
374 ALLOC(p, sizeof(void *) * L2_SIZE);
375 *lp = p;
17e2377a 376 }
5cd2c5b6
RH		 377
378 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
379 }
380
381 pd = *lp;
382 if (pd == NULL) {
383 if (!alloc) {
384 return NULL;
385 }
386 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
387 *lp = pd;
54936004 388 }
5cd2c5b6
RH		 389
390#undef ALLOC
5cd2c5b6
RH		 391
392 return pd + (index & (L2_SIZE - 1));
54936004
FB		 393}
394
41c1b1c9 395static inline PageDesc *page_find(tb_page_addr_t index)
54936004 396{
5cd2c5b6 397 return page_find_alloc(index, 0);
fd6ce8f6
FB		 398}
399
6d9a1304 400#if !defined(CONFIG_USER_ONLY)
d6f2ea22 401
f7bf5461 402static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 403{
f7bf5461 404 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 405 typedef PhysPageEntry Node[L2_SIZE];
406 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 407 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
408 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 409 phys_map_nodes = g_renew(Node, phys_map_nodes,
410 phys_map_nodes_nb_alloc);
411 }
f7bf5461
AK		 412}
413
414static uint16_t phys_map_node_alloc(void)
415{
416 unsigned i;
417 uint16_t ret;
418
419 ret = phys_map_nodes_nb++;
420 assert(ret != PHYS_MAP_NODE_NIL);
421 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 422 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 423 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 424 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 425 }
f7bf5461 426 return ret;
d6f2ea22
AK		 427}
428
429static void phys_map_nodes_reset(void)
430{
431 phys_map_nodes_nb = 0;
432}
433
92e873b9 434
2999097b
AK		 435static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
436 target_phys_addr_t *nb, uint16_t leaf,
437 int level)
f7bf5461
AK		 438{
439 PhysPageEntry *p;
440 int i;
07f07b31 441 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 442
07f07b31 443 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 444 lp->ptr = phys_map_node_alloc();
445 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 446 if (level == 0) {
447 for (i = 0; i < L2_SIZE; i++) {
07f07b31 448 p[i].is_leaf = 1;
c19e8800 449 p[i].ptr = phys_section_unassigned;
4346ae3e 450 }
67c4d23c 451 }
f7bf5461 452 } else {
c19e8800 453 p = phys_map_nodes[lp->ptr];
92e873b9 454 }
2999097b 455 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 456
2999097b 457 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 458 if ((*index & (step - 1)) == 0 && *nb >= step) {
459 lp->is_leaf = true;
c19e8800 460 lp->ptr = leaf;
07f07b31
AK		 461 *index += step;
462 *nb -= step;
2999097b
AK		 463 } else {
464 phys_page_set_level(lp, index, nb, leaf, level - 1);
465 }
466 ++lp;
f7bf5461
AK		 467 }
468}
469
2999097b
AK		 470static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
471 uint16_t leaf)
f7bf5461 472{
2999097b 473 /* Wildly overreserve - it doesn't matter much. */
07f07b31 474 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 475
2999097b 476 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 477}
478
0cac1b66 479MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 480{
31ab2b4a
AK		 481 PhysPageEntry lp = phys_map;
482 PhysPageEntry *p;
483 int i;
31ab2b4a 484 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 485
07f07b31 486 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 487 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 488 goto not_found;
489 }
c19e8800 490 p = phys_map_nodes[lp.ptr];
31ab2b4a 491 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 492 }
31ab2b4a 493
c19e8800 494 s_index = lp.ptr;
31ab2b4a 495not_found:
f3705d53
AK		 496 return &phys_sections[s_index];
497}
498
e5548617
BS		 499bool memory_region_is_unassigned(MemoryRegion *mr)
500{
501 return mr != &io_mem_ram && mr != &io_mem_rom
502 && mr != &io_mem_notdirty && !mr->rom_device
503 && mr != &io_mem_watch;
504}
505
0cac1b66
BS		 506target_phys_addr_t section_addr(MemoryRegionSection *section,
507 target_phys_addr_t addr)
f3705d53
AK		 508{
509 addr -= section->offset_within_address_space;
510 addr += section->offset_within_region;
511 return addr;
92e873b9
FB		 512}
513
c8a706fe
PB		 514#define mmap_lock() do { } while(0)
515#define mmap_unlock() do { } while(0)
9fa3e853 516#endif
fd6ce8f6 517
4369415f
FB		 518#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
519
520#if defined(CONFIG_USER_ONLY)
ccbb4d44 521/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 522 user mode. It will change when a dedicated libc will be used */
523#define USE_STATIC_CODE_GEN_BUFFER
524#endif
525
526#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 527static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
528 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 529#endif
530
8fcd3692 531static void code_gen_alloc(unsigned long tb_size)
26a5f13b 532{
4369415f
FB		 533#ifdef USE_STATIC_CODE_GEN_BUFFER
534 code_gen_buffer = static_code_gen_buffer;
535 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
536 map_exec(code_gen_buffer, code_gen_buffer_size);
537#else
26a5f13b
FB		 538 code_gen_buffer_size = tb_size;
539 if (code_gen_buffer_size == 0) {
4369415f 540#if defined(CONFIG_USER_ONLY)
4369415f
FB		 541 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
542#else
ccbb4d44 543 /* XXX: needs adjustments */
94a6b54f 544 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 545#endif
26a5f13b
FB		 546 }
547 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
548 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
549 /* The code gen buffer location may have constraints depending on
550 the host cpu and OS */
551#if defined(__linux__)
552 {
553 int flags;
141ac468
BS		 554 void *start = NULL;
555
26a5f13b
FB		 556 flags = MAP_PRIVATE | MAP_ANONYMOUS;
557#if defined(__x86_64__)
558 flags |= MAP_32BIT;
559 /* Cannot map more than that */
560 if (code_gen_buffer_size > (800 * 1024 * 1024))
561 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 562#elif defined(__sparc_v9__)
563 // Map the buffer below 2G, so we can use direct calls and branches
564 flags |= MAP_FIXED;
565 start = (void *) 0x60000000UL;
566 if (code_gen_buffer_size > (512 * 1024 * 1024))
567 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 568#elif defined(__arm__)
5c84bd90 569 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 570 if (code_gen_buffer_size > 16 * 1024 * 1024)
571 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 572#elif defined(__s390x__)
573 /* Map the buffer so that we can use direct calls and branches. */
574 /* We have a +- 4GB range on the branches; leave some slop. */
575 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
576 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
577 }
578 start = (void *)0x90000000UL;
26a5f13b 579#endif
141ac468
BS		 580 code_gen_buffer = mmap(start, code_gen_buffer_size,
581 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 582 flags, -1, 0);
583 if (code_gen_buffer == MAP_FAILED) {
584 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
585 exit(1);
586 }
587 }
cbb608a5 588#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 589 || defined(__DragonFly__) || defined(__OpenBSD__) \
590 || defined(__NetBSD__)
06e67a82
AL		 591 {
592 int flags;
593 void *addr = NULL;
594 flags = MAP_PRIVATE | MAP_ANONYMOUS;
595#if defined(__x86_64__)
596 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
597 * 0x40000000 is free */
598 flags |= MAP_FIXED;
599 addr = (void *)0x40000000;
600 /* Cannot map more than that */
601 if (code_gen_buffer_size > (800 * 1024 * 1024))
602 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 603#elif defined(__sparc_v9__)
604 // Map the buffer below 2G, so we can use direct calls and branches
605 flags |= MAP_FIXED;
606 addr = (void *) 0x60000000UL;
607 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
608 code_gen_buffer_size = (512 * 1024 * 1024);
609 }
06e67a82
AL		 610#endif
611 code_gen_buffer = mmap(addr, code_gen_buffer_size,
612 PROT_WRITE | PROT_READ | PROT_EXEC,
613 flags, -1, 0);
614 if (code_gen_buffer == MAP_FAILED) {
615 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
616 exit(1);
617 }
618 }
26a5f13b 619#else
7267c094 620 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 621 map_exec(code_gen_buffer, code_gen_buffer_size);
622#endif
4369415f 623#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 624 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 625 code_gen_buffer_max_size = code_gen_buffer_size -
626 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 627 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 628 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 629}
630
631/* Must be called before using the QEMU cpus. 'tb_size' is the size
632 (in bytes) allocated to the translation buffer. Zero means default
633 size. */
d5ab9713 634void tcg_exec_init(unsigned long tb_size)
26a5f13b 635{
26a5f13b
FB		 636 cpu_gen_init();
637 code_gen_alloc(tb_size);
638 code_gen_ptr = code_gen_buffer;
813da627 639 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 640 page_init();
9002ec79
RH		 641#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
642 /* There's no guest base to take into account, so go ahead and
643 initialize the prologue now. */
644 tcg_prologue_init(&tcg_ctx);
645#endif
26a5f13b
FB		 646}
647
d5ab9713
JK		 648bool tcg_enabled(void)
649{
650 return code_gen_buffer != NULL;
651}
652
653void cpu_exec_init_all(void)
654{
655#if !defined(CONFIG_USER_ONLY)
656 memory_map_init();
657 io_mem_init();
658#endif
659}
660
9656f324
PB		 661#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
662
e59fb374 663static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 664{
9349b4f9 665 CPUArchState *env = opaque;
9656f324 666
3098dba0
AJ		 667 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
668 version_id is increased. */
669 env->interrupt_request &= ~0x01;
9656f324
PB		 670 tlb_flush(env, 1);
671
672 return 0;
673}
e7f4eff7
JQ		 674
675static const VMStateDescription vmstate_cpu_common = {
676 .name = "cpu_common",
677 .version_id = 1,
678 .minimum_version_id = 1,
679 .minimum_version_id_old = 1,
e7f4eff7
JQ		 680 .post_load = cpu_common_post_load,
681 .fields = (VMStateField []) {
9349b4f9
AF		 682 VMSTATE_UINT32(halted, CPUArchState),
683 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 684 VMSTATE_END_OF_LIST()
685 }
686};
9656f324
PB		 687#endif
688
9349b4f9 689CPUArchState *qemu_get_cpu(int cpu)
950f1472 690{
9349b4f9 691 CPUArchState *env = first_cpu;
950f1472
GC		 692
693 while (env) {
694 if (env->cpu_index == cpu)
695 break;
696 env = env->next_cpu;
697 }
698
699 return env;
700}
701
9349b4f9 702void cpu_exec_init(CPUArchState *env)
fd6ce8f6 703{
9349b4f9 704 CPUArchState **penv;
6a00d601
FB		 705 int cpu_index;
706
c2764719
PB		 707#if defined(CONFIG_USER_ONLY)
708 cpu_list_lock();
709#endif
6a00d601
FB		 710 env->next_cpu = NULL;
711 penv = &first_cpu;
712 cpu_index = 0;
713 while (*penv != NULL) {
1e9fa730 714 penv = &(*penv)->next_cpu;
6a00d601
FB		 715 cpu_index++;
716 }
717 env->cpu_index = cpu_index;
268a362c 718 env->numa_node = 0;
72cf2d4f
BS		 719 QTAILQ_INIT(&env->breakpoints);
720 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 721#ifndef CONFIG_USER_ONLY
722 env->thread_id = qemu_get_thread_id();
723#endif
6a00d601 724 *penv = env;
c2764719
PB		 725#if defined(CONFIG_USER_ONLY)
726 cpu_list_unlock();
727#endif
b3c7724c 728#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 729 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
730 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 731 cpu_save, cpu_load, env);
732#endif
fd6ce8f6
FB		 733}
734
d1a1eb74
TG		 735/* Allocate a new translation block. Flush the translation buffer if
736 too many translation blocks or too much generated code. */
737static TranslationBlock *tb_alloc(target_ulong pc)
738{
739 TranslationBlock *tb;
740
741 if (nb_tbs >= code_gen_max_blocks ||
742 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
743 return NULL;
744 tb = &tbs[nb_tbs++];
745 tb->pc = pc;
746 tb->cflags = 0;
747 return tb;
748}
749
750void tb_free(TranslationBlock *tb)
751{
752 /* In practice this is mostly used for single use temporary TB
753 Ignore the hard cases and just back up if this TB happens to
754 be the last one generated. */
755 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
756 code_gen_ptr = tb->tc_ptr;
757 nb_tbs--;
758 }
759}
760
9fa3e853
FB		 761static inline void invalidate_page_bitmap(PageDesc *p)
762{
763 if (p->code_bitmap) {
7267c094 764 g_free(p->code_bitmap);
9fa3e853
FB		 765 p->code_bitmap = NULL;
766 }
767 p->code_write_count = 0;
768}
769
5cd2c5b6
RH		 770/* Set to NULL all the 'first_tb' fields in all PageDescs. */
771
772static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 773{
5cd2c5b6 774 int i;
fd6ce8f6 775
5cd2c5b6
RH		 776 if (*lp == NULL) {
777 return;
778 }
779 if (level == 0) {
780 PageDesc *pd = *lp;
7296abac 781 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 782 pd[i].first_tb = NULL;
783 invalidate_page_bitmap(pd + i);
fd6ce8f6 784 }
5cd2c5b6
RH		 785 } else {
786 void **pp = *lp;
7296abac 787 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 788 page_flush_tb_1 (level - 1, pp + i);
789 }
790 }
791}
792
793static void page_flush_tb(void)
794{
795 int i;
796 for (i = 0; i < V_L1_SIZE; i++) {
797 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 798 }
799}
800
801/* flush all the translation blocks */
d4e8164f 802/* XXX: tb_flush is currently not thread safe */
9349b4f9 803void tb_flush(CPUArchState *env1)
fd6ce8f6 804{
9349b4f9 805 CPUArchState *env;
0124311e 806#if defined(DEBUG_FLUSH)
ab3d1727
BS		 807 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
808 (unsigned long)(code_gen_ptr - code_gen_buffer),
809 nb_tbs, nb_tbs > 0 ?
810 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 811#endif
26a5f13b 812 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 813 cpu_abort(env1, "Internal error: code buffer overflow\n");
814
fd6ce8f6 815 nb_tbs = 0;
3b46e624 816
6a00d601
FB		 817 for(env = first_cpu; env != NULL; env = env->next_cpu) {
818 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
819 }
9fa3e853 820
8a8a608f 821 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 822 page_flush_tb();
9fa3e853 823
fd6ce8f6 824 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 825 /* XXX: flush processor icache at this point if cache flush is
826 expensive */
e3db7226 827 tb_flush_count++;
fd6ce8f6
FB		 828}
829
830#ifdef DEBUG_TB_CHECK
831
bc98a7ef 832static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 833{
834 TranslationBlock *tb;
835 int i;
836 address &= TARGET_PAGE_MASK;
99773bd4
PB		 837 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
838 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 839 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
840 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 841 printf("ERROR invalidate: address=" TARGET_FMT_lx
842 " PC=%08lx size=%04x\n",
99773bd4 843 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 844 }
845 }
846 }
847}
848
849/* verify that all the pages have correct rights for code */
850static void tb_page_check(void)
851{
852 TranslationBlock *tb;
853 int i, flags1, flags2;
3b46e624 854
99773bd4
PB		 855 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
856 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 857 flags1 = page_get_flags(tb->pc);
858 flags2 = page_get_flags(tb->pc + tb->size - 1);
859 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
860 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 861 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 862 }
863 }
864 }
865}
866
867#endif
868
869/* invalidate one TB */
870static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
871 int next_offset)
872{
873 TranslationBlock *tb1;
874 for(;;) {
875 tb1 = *ptb;
876 if (tb1 == tb) {
877 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
878 break;
879 }
880 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
881 }
882}
883
9fa3e853
FB		 884static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
885{
886 TranslationBlock *tb1;
887 unsigned int n1;
888
889 for(;;) {
890 tb1 = *ptb;
8efe0ca8
SW		 891 n1 = (uintptr_t)tb1 & 3;
892 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 893 if (tb1 == tb) {
894 *ptb = tb1->page_next[n1];
895 break;
896 }
897 ptb = &tb1->page_next[n1];
898 }
899}
900
d4e8164f
FB		 901static inline void tb_jmp_remove(TranslationBlock *tb, int n)
902{
903 TranslationBlock *tb1, **ptb;
904 unsigned int n1;
905
906 ptb = &tb->jmp_next[n];
907 tb1 = *ptb;
908 if (tb1) {
909 /* find tb(n) in circular list */
910 for(;;) {
911 tb1 = *ptb;
8efe0ca8
SW		 912 n1 = (uintptr_t)tb1 & 3;
913 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 914 if (n1 == n && tb1 == tb)
915 break;
916 if (n1 == 2) {
917 ptb = &tb1->jmp_first;
918 } else {
919 ptb = &tb1->jmp_next[n1];
920 }
921 }
922 /* now we can suppress tb(n) from the list */
923 *ptb = tb->jmp_next[n];
924
925 tb->jmp_next[n] = NULL;
926 }
927}
928
929/* reset the jump entry 'n' of a TB so that it is not chained to
930 another TB */
931static inline void tb_reset_jump(TranslationBlock *tb, int n)
932{
8efe0ca8 933 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 934}
935
41c1b1c9 936void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 937{
9349b4f9 938 CPUArchState *env;
8a40a180 939 PageDesc *p;
d4e8164f 940 unsigned int h, n1;
41c1b1c9 941 tb_page_addr_t phys_pc;
8a40a180 942 TranslationBlock *tb1, *tb2;
3b46e624 943
8a40a180
FB		 944 /* remove the TB from the hash list */
945 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
946 h = tb_phys_hash_func(phys_pc);
5fafdf24 947 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 948 offsetof(TranslationBlock, phys_hash_next));
949
950 /* remove the TB from the page list */
951 if (tb->page_addr[0] != page_addr) {
952 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
953 tb_page_remove(&p->first_tb, tb);
954 invalidate_page_bitmap(p);
955 }
956 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
957 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
958 tb_page_remove(&p->first_tb, tb);
959 invalidate_page_bitmap(p);
960 }
961
36bdbe54 962 tb_invalidated_flag = 1;
59817ccb 963
fd6ce8f6 964 /* remove the TB from the hash list */
8a40a180 965 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 966 for(env = first_cpu; env != NULL; env = env->next_cpu) {
967 if (env->tb_jmp_cache[h] == tb)
968 env->tb_jmp_cache[h] = NULL;
969 }
d4e8164f
FB		 970
971 /* suppress this TB from the two jump lists */
972 tb_jmp_remove(tb, 0);
973 tb_jmp_remove(tb, 1);
974
975 /* suppress any remaining jumps to this TB */
976 tb1 = tb->jmp_first;
977 for(;;) {
8efe0ca8 978 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 979 if (n1 == 2)
980 break;
8efe0ca8 981 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 982 tb2 = tb1->jmp_next[n1];
983 tb_reset_jump(tb1, n1);
984 tb1->jmp_next[n1] = NULL;
985 tb1 = tb2;
986 }
8efe0ca8 987 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 988
e3db7226 989 tb_phys_invalidate_count++;
9fa3e853
FB		 990}
991
992static inline void set_bits(uint8_t *tab, int start, int len)
993{
994 int end, mask, end1;
995
996 end = start + len;
997 tab += start >> 3;
998 mask = 0xff << (start & 7);
999 if ((start & ~7) == (end & ~7)) {
1000 if (start < end) {
1001 mask &= ~(0xff << (end & 7));
1002 *tab |= mask;
1003 }
1004 } else {
1005 *tab++ |= mask;
1006 start = (start + 8) & ~7;
1007 end1 = end & ~7;
1008 while (start < end1) {
1009 *tab++ = 0xff;
1010 start += 8;
1011 }
1012 if (start < end) {
1013 mask = ~(0xff << (end & 7));
1014 *tab |= mask;
1015 }
1016 }
1017}
1018
1019static void build_page_bitmap(PageDesc *p)
1020{
1021 int n, tb_start, tb_end;
1022 TranslationBlock *tb;
3b46e624 1023
7267c094 1024 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1025
1026 tb = p->first_tb;
1027 while (tb != NULL) {
8efe0ca8
SW		 1028 n = (uintptr_t)tb & 3;
1029 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1030 /* NOTE: this is subtle as a TB may span two physical pages */
1031 if (n == 0) {
1032 /* NOTE: tb_end may be after the end of the page, but
1033 it is not a problem */
1034 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1035 tb_end = tb_start + tb->size;
1036 if (tb_end > TARGET_PAGE_SIZE)
1037 tb_end = TARGET_PAGE_SIZE;
1038 } else {
1039 tb_start = 0;
1040 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1041 }
1042 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1043 tb = tb->page_next[n];
1044 }
1045}
1046
9349b4f9 1047TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1048 target_ulong pc, target_ulong cs_base,
1049 int flags, int cflags)
d720b93d
FB		 1050{
1051 TranslationBlock *tb;
1052 uint8_t *tc_ptr;
41c1b1c9
PB		 1053 tb_page_addr_t phys_pc, phys_page2;
1054 target_ulong virt_page2;
d720b93d
FB		 1055 int code_gen_size;
1056
41c1b1c9 1057 phys_pc = get_page_addr_code(env, pc);
c27004ec 1058 tb = tb_alloc(pc);
d720b93d
FB		 1059 if (!tb) {
1060 /* flush must be done */
1061 tb_flush(env);
1062 /* cannot fail at this point */
c27004ec 1063 tb = tb_alloc(pc);
2e70f6ef
PB		 1064 /* Don't forget to invalidate previous TB info. */
1065 tb_invalidated_flag = 1;
d720b93d
FB		 1066 }
1067 tc_ptr = code_gen_ptr;
1068 tb->tc_ptr = tc_ptr;
1069 tb->cs_base = cs_base;
1070 tb->flags = flags;
1071 tb->cflags = cflags;
d07bde88 1072 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1073 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1074 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1075
d720b93d 1076 /* check next page if needed */
c27004ec 1077 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1078 phys_page2 = -1;
c27004ec 1079 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1080 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1081 }
41c1b1c9 1082 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1083 return tb;
d720b93d 1084}
3b46e624 1085
9fa3e853
FB		 1086/* invalidate all TBs which intersect with the target physical page
1087 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1088 the same physical page. 'is_cpu_write_access' should be true if called
1089 from a real cpu write access: the virtual CPU will exit the current
1090 TB if code is modified inside this TB. */
41c1b1c9 1091void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1092 int is_cpu_write_access)
1093{
6b917547 1094 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1095 CPUArchState *env = cpu_single_env;
41c1b1c9 1096 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1097 PageDesc *p;
1098 int n;
1099#ifdef TARGET_HAS_PRECISE_SMC
1100 int current_tb_not_found = is_cpu_write_access;
1101 TranslationBlock *current_tb = NULL;
1102 int current_tb_modified = 0;
1103 target_ulong current_pc = 0;
1104 target_ulong current_cs_base = 0;
1105 int current_flags = 0;
1106#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1107
1108 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1109 if (!p)
9fa3e853 1110 return;
5fafdf24 1111 if (!p->code_bitmap &&
d720b93d
FB		 1112 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1113 is_cpu_write_access) {
9fa3e853
FB		 1114 /* build code bitmap */
1115 build_page_bitmap(p);
1116 }
1117
1118 /* we remove all the TBs in the range [start, end[ */
1119 /* XXX: see if in some cases it could be faster to invalidate all the code */
1120 tb = p->first_tb;
1121 while (tb != NULL) {
8efe0ca8
SW		 1122 n = (uintptr_t)tb & 3;
1123 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1124 tb_next = tb->page_next[n];
1125 /* NOTE: this is subtle as a TB may span two physical pages */
1126 if (n == 0) {
1127 /* NOTE: tb_end may be after the end of the page, but
1128 it is not a problem */
1129 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1130 tb_end = tb_start + tb->size;
1131 } else {
1132 tb_start = tb->page_addr[1];
1133 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1134 }
1135 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1136#ifdef TARGET_HAS_PRECISE_SMC
1137 if (current_tb_not_found) {
1138 current_tb_not_found = 0;
1139 current_tb = NULL;
2e70f6ef 1140 if (env->mem_io_pc) {
d720b93d 1141 /* now we have a real cpu fault */
2e70f6ef 1142 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1143 }
1144 }
1145 if (current_tb == tb &&
2e70f6ef 1146 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1147 /* If we are modifying the current TB, we must stop
1148 its execution. We could be more precise by checking
1149 that the modification is after the current PC, but it
1150 would require a specialized function to partially
1151 restore the CPU state */
3b46e624 1152
d720b93d 1153 current_tb_modified = 1;
618ba8e6 1154 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1155 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1156 &current_flags);
d720b93d
FB		 1157 }
1158#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1159 /* we need to do that to handle the case where a signal
1160 occurs while doing tb_phys_invalidate() */
1161 saved_tb = NULL;
1162 if (env) {
1163 saved_tb = env->current_tb;
1164 env->current_tb = NULL;
1165 }
9fa3e853 1166 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1167 if (env) {
1168 env->current_tb = saved_tb;
1169 if (env->interrupt_request && env->current_tb)
1170 cpu_interrupt(env, env->interrupt_request);
1171 }
9fa3e853
FB		 1172 }
1173 tb = tb_next;
1174 }
1175#if !defined(CONFIG_USER_ONLY)
1176 /* if no code remaining, no need to continue to use slow writes */
1177 if (!p->first_tb) {
1178 invalidate_page_bitmap(p);
d720b93d 1179 if (is_cpu_write_access) {
2e70f6ef 1180 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1181 }
1182 }
1183#endif
1184#ifdef TARGET_HAS_PRECISE_SMC
1185 if (current_tb_modified) {
1186 /* we generate a block containing just the instruction
1187 modifying the memory. It will ensure that it cannot modify
1188 itself */
ea1c1802 1189 env->current_tb = NULL;
2e70f6ef 1190 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1191 cpu_resume_from_signal(env, NULL);
9fa3e853 1192 }
fd6ce8f6 1193#endif
9fa3e853 1194}
fd6ce8f6 1195
9fa3e853 1196/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1197static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1198{
1199 PageDesc *p;
1200 int offset, b;
59817ccb 1201#if 0
a4193c8a 1202 if (1) {
93fcfe39
AL		 1203 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1204 cpu_single_env->mem_io_vaddr, len,
1205 cpu_single_env->eip,
8efe0ca8
SW		 1206 cpu_single_env->eip +
1207 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1208 }
1209#endif
9fa3e853 1210 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1211 if (!p)
9fa3e853
FB		 1212 return;
1213 if (p->code_bitmap) {
1214 offset = start & ~TARGET_PAGE_MASK;
1215 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1216 if (b & ((1 << len) - 1))
1217 goto do_invalidate;
1218 } else {
1219 do_invalidate:
d720b93d 1220 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1221 }
1222}
1223
9fa3e853 1224#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1225static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1226 uintptr_t pc, void *puc)
9fa3e853 1227{
6b917547 1228 TranslationBlock *tb;
9fa3e853 1229 PageDesc *p;
6b917547 1230 int n;
d720b93d 1231#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1232 TranslationBlock *current_tb = NULL;
9349b4f9 1233 CPUArchState *env = cpu_single_env;
6b917547
AL		 1234 int current_tb_modified = 0;
1235 target_ulong current_pc = 0;
1236 target_ulong current_cs_base = 0;
1237 int current_flags = 0;
d720b93d 1238#endif
9fa3e853
FB		 1239
1240 addr &= TARGET_PAGE_MASK;
1241 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1242 if (!p)
9fa3e853
FB		 1243 return;
1244 tb = p->first_tb;
d720b93d
FB		 1245#ifdef TARGET_HAS_PRECISE_SMC
1246 if (tb && pc != 0) {
1247 current_tb = tb_find_pc(pc);
1248 }
1249#endif
9fa3e853 1250 while (tb != NULL) {
8efe0ca8
SW		 1251 n = (uintptr_t)tb & 3;
1252 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1253#ifdef TARGET_HAS_PRECISE_SMC
1254 if (current_tb == tb &&
2e70f6ef 1255 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1256 /* If we are modifying the current TB, we must stop
1257 its execution. We could be more precise by checking
1258 that the modification is after the current PC, but it
1259 would require a specialized function to partially
1260 restore the CPU state */
3b46e624 1261
d720b93d 1262 current_tb_modified = 1;
618ba8e6 1263 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1264 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1265 &current_flags);
d720b93d
FB		 1266 }
1267#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1268 tb_phys_invalidate(tb, addr);
1269 tb = tb->page_next[n];
1270 }
fd6ce8f6 1271 p->first_tb = NULL;
d720b93d
FB		 1272#ifdef TARGET_HAS_PRECISE_SMC
1273 if (current_tb_modified) {
1274 /* we generate a block containing just the instruction
1275 modifying the memory. It will ensure that it cannot modify
1276 itself */
ea1c1802 1277 env->current_tb = NULL;
2e70f6ef 1278 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1279 cpu_resume_from_signal(env, puc);
1280 }
1281#endif
fd6ce8f6 1282}
9fa3e853 1283#endif
fd6ce8f6
FB		 1284
1285/* add the tb in the target page and protect it if necessary */
5fafdf24 1286static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1287 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1288{
1289 PageDesc *p;
4429ab44
JQ		 1290#ifndef CONFIG_USER_ONLY
1291 bool page_already_protected;
1292#endif
9fa3e853
FB		 1293
1294 tb->page_addr[n] = page_addr;
5cd2c5b6 1295 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1296 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1297#ifndef CONFIG_USER_ONLY
1298 page_already_protected = p->first_tb != NULL;
1299#endif
8efe0ca8 1300 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1301 invalidate_page_bitmap(p);
fd6ce8f6 1302
107db443 1303#if defined(TARGET_HAS_SMC) || 1
d720b93d 1304
9fa3e853 1305#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1306 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1307 target_ulong addr;
1308 PageDesc *p2;
9fa3e853
FB		 1309 int prot;
1310
fd6ce8f6
FB		 1311 /* force the host page as non writable (writes will have a
1312 page fault + mprotect overhead) */
53a5960a 1313 page_addr &= qemu_host_page_mask;
fd6ce8f6 1314 prot = 0;
53a5960a
PB		 1315 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1316 addr += TARGET_PAGE_SIZE) {
1317
1318 p2 = page_find (addr >> TARGET_PAGE_BITS);
1319 if (!p2)
1320 continue;
1321 prot |= p2->flags;
1322 p2->flags &= ~PAGE_WRITE;
53a5960a 1323 }
5fafdf24 1324 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1325 (prot & PAGE_BITS) & ~PAGE_WRITE);
1326#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1327 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1328 page_addr);
fd6ce8f6 1329#endif
fd6ce8f6 1330 }
9fa3e853
FB		 1331#else
1332 /* if some code is already present, then the pages are already
1333 protected. So we handle the case where only the first TB is
1334 allocated in a physical page */
4429ab44 1335 if (!page_already_protected) {
6a00d601 1336 tlb_protect_code(page_addr);
9fa3e853
FB		 1337 }
1338#endif
d720b93d
FB		 1339
1340#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1341}
1342
9fa3e853
FB		 1343/* add a new TB and link it to the physical page tables. phys_page2 is
1344 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1345void tb_link_page(TranslationBlock *tb,
1346 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1347{
9fa3e853
FB		 1348 unsigned int h;
1349 TranslationBlock **ptb;
1350
c8a706fe
PB		 1351 /* Grab the mmap lock to stop another thread invalidating this TB
1352 before we are done. */
1353 mmap_lock();
9fa3e853
FB		 1354 /* add in the physical hash table */
1355 h = tb_phys_hash_func(phys_pc);
1356 ptb = &tb_phys_hash[h];
1357 tb->phys_hash_next = *ptb;
1358 *ptb = tb;
fd6ce8f6
FB		 1359
1360 /* add in the page list */
9fa3e853
FB		 1361 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1362 if (phys_page2 != -1)
1363 tb_alloc_page(tb, 1, phys_page2);
1364 else
1365 tb->page_addr[1] = -1;
9fa3e853 1366
8efe0ca8 1367 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1368 tb->jmp_next[0] = NULL;
1369 tb->jmp_next[1] = NULL;
1370
1371 /* init original jump addresses */
1372 if (tb->tb_next_offset[0] != 0xffff)
1373 tb_reset_jump(tb, 0);
1374 if (tb->tb_next_offset[1] != 0xffff)
1375 tb_reset_jump(tb, 1);
8a40a180
FB		 1376
1377#ifdef DEBUG_TB_CHECK
1378 tb_page_check();
1379#endif
c8a706fe 1380 mmap_unlock();
fd6ce8f6
FB		 1381}
1382
9fa3e853
FB		 1383/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1384 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1385TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1386{
9fa3e853 1387 int m_min, m_max, m;
8efe0ca8 1388 uintptr_t v;
9fa3e853 1389 TranslationBlock *tb;
a513fe19
FB		 1390
1391 if (nb_tbs <= 0)
1392 return NULL;
8efe0ca8
SW		 1393 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1394 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1395 return NULL;
8efe0ca8 1396 }
a513fe19
FB		 1397 /* binary search (cf Knuth) */
1398 m_min = 0;
1399 m_max = nb_tbs - 1;
1400 while (m_min <= m_max) {
1401 m = (m_min + m_max) >> 1;
1402 tb = &tbs[m];
8efe0ca8 1403 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1404 if (v == tc_ptr)
1405 return tb;
1406 else if (tc_ptr < v) {
1407 m_max = m - 1;
1408 } else {
1409 m_min = m + 1;
1410 }
5fafdf24 1411 }
a513fe19
FB		 1412 return &tbs[m_max];
1413}
7501267e 1414
ea041c0e
FB		 1415static void tb_reset_jump_recursive(TranslationBlock *tb);
1416
1417static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1418{
1419 TranslationBlock *tb1, *tb_next, **ptb;
1420 unsigned int n1;
1421
1422 tb1 = tb->jmp_next[n];
1423 if (tb1 != NULL) {
1424 /* find head of list */
1425 for(;;) {
8efe0ca8
SW		 1426 n1 = (uintptr_t)tb1 & 3;
1427 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1428 if (n1 == 2)
1429 break;
1430 tb1 = tb1->jmp_next[n1];
1431 }
1432 /* we are now sure now that tb jumps to tb1 */
1433 tb_next = tb1;
1434
1435 /* remove tb from the jmp_first list */
1436 ptb = &tb_next->jmp_first;
1437 for(;;) {
1438 tb1 = *ptb;
8efe0ca8
SW		 1439 n1 = (uintptr_t)tb1 & 3;
1440 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1441 if (n1 == n && tb1 == tb)
1442 break;
1443 ptb = &tb1->jmp_next[n1];
1444 }
1445 *ptb = tb->jmp_next[n];
1446 tb->jmp_next[n] = NULL;
3b46e624 1447
ea041c0e
FB		 1448 /* suppress the jump to next tb in generated code */
1449 tb_reset_jump(tb, n);
1450
0124311e 1451 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1452 tb_reset_jump_recursive(tb_next);
1453 }
1454}
1455
1456static void tb_reset_jump_recursive(TranslationBlock *tb)
1457{
1458 tb_reset_jump_recursive2(tb, 0);
1459 tb_reset_jump_recursive2(tb, 1);
1460}
1461
1fddef4b 1462#if defined(TARGET_HAS_ICE)
94df27fd 1463#if defined(CONFIG_USER_ONLY)
9349b4f9 1464static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1465{
1466 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1467}
1468#else
1e7855a5 1469void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1470{
c227f099 1471 ram_addr_t ram_addr;
f3705d53 1472 MemoryRegionSection *section;
d720b93d 1473
06ef3525 1474 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1475 if (!(memory_region_is_ram(section->mr)
1476 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1477 return;
1478 }
f3705d53
AK		 1479 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1480 + section_addr(section, addr);
706cd4b5 1481 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1482}
1e7855a5
MF		 1483
1484static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1485{
1486 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc));
1487}
c27004ec 1488#endif
94df27fd 1489#endif /* TARGET_HAS_ICE */
d720b93d 1490
c527ee8f 1491#if defined(CONFIG_USER_ONLY)
9349b4f9 1492void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1493
1494{
1495}
1496
9349b4f9 1497int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1498 int flags, CPUWatchpoint **watchpoint)
1499{
1500 return -ENOSYS;
1501}
1502#else
6658ffb8 1503/* Add a watchpoint. */
9349b4f9 1504int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1505 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1506{
b4051334 1507 target_ulong len_mask = ~(len - 1);
c0ce998e 1508 CPUWatchpoint *wp;
6658ffb8 1509
b4051334 1510 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1511 if ((len & (len - 1)) || (addr & ~len_mask) ||
1512 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1513 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1514 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1515 return -EINVAL;
1516 }
7267c094 1517 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1518
1519 wp->vaddr = addr;
b4051334 1520 wp->len_mask = len_mask;
a1d1bb31
AL		 1521 wp->flags = flags;
1522
2dc9f411 1523 /* keep all GDB-injected watchpoints in front */
c0ce998e 1524 if (flags & BP_GDB)
72cf2d4f 1525 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1526 else
72cf2d4f 1527 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1528
6658ffb8 1529 tlb_flush_page(env, addr);
a1d1bb31
AL		 1530
1531 if (watchpoint)
1532 *watchpoint = wp;
1533 return 0;
6658ffb8
PB		 1534}
1535
a1d1bb31 1536/* Remove a specific watchpoint. */
9349b4f9 1537int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1538 int flags)
6658ffb8 1539{
b4051334 1540 target_ulong len_mask = ~(len - 1);
a1d1bb31 1541 CPUWatchpoint *wp;
6658ffb8 1542
72cf2d4f 1543 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1544 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1545 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1546 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1547 return 0;
1548 }
1549 }
a1d1bb31 1550 return -ENOENT;
6658ffb8
PB		 1551}
1552
a1d1bb31 1553/* Remove a specific watchpoint by reference. */
9349b4f9 1554void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1555{
72cf2d4f 1556 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1557
a1d1bb31
AL		 1558 tlb_flush_page(env, watchpoint->vaddr);
1559
7267c094 1560 g_free(watchpoint);
a1d1bb31
AL		 1561}
1562
1563/* Remove all matching watchpoints. */
9349b4f9 1564void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1565{
c0ce998e 1566 CPUWatchpoint *wp, *next;
a1d1bb31 1567
72cf2d4f 1568 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1569 if (wp->flags & mask)
1570 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1571 }
7d03f82f 1572}
c527ee8f 1573#endif
7d03f82f 1574
a1d1bb31 1575/* Add a breakpoint. */
9349b4f9 1576int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1577 CPUBreakpoint **breakpoint)
4c3a88a2 1578{
1fddef4b 1579#if defined(TARGET_HAS_ICE)
c0ce998e 1580 CPUBreakpoint *bp;
3b46e624 1581
7267c094 1582 bp = g_malloc(sizeof(*bp));
4c3a88a2 1583
a1d1bb31
AL		 1584 bp->pc = pc;
1585 bp->flags = flags;
1586
2dc9f411 1587 /* keep all GDB-injected breakpoints in front */
c0ce998e 1588 if (flags & BP_GDB)
72cf2d4f 1589 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1590 else
72cf2d4f 1591 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1592
d720b93d 1593 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1594
1595 if (breakpoint)
1596 *breakpoint = bp;
4c3a88a2
FB		 1597 return 0;
1598#else
a1d1bb31 1599 return -ENOSYS;
4c3a88a2
FB		 1600#endif
1601}
1602
a1d1bb31 1603/* Remove a specific breakpoint. */
9349b4f9 1604int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1605{
7d03f82f 1606#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1607 CPUBreakpoint *bp;
1608
72cf2d4f 1609 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1610 if (bp->pc == pc && bp->flags == flags) {
1611 cpu_breakpoint_remove_by_ref(env, bp);
1612 return 0;
1613 }
7d03f82f 1614 }
a1d1bb31
AL		 1615 return -ENOENT;
1616#else
1617 return -ENOSYS;
7d03f82f
EI		 1618#endif
1619}
1620
a1d1bb31 1621/* Remove a specific breakpoint by reference. */
9349b4f9 1622void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1623{
1fddef4b 1624#if defined(TARGET_HAS_ICE)
72cf2d4f 1625 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1626
a1d1bb31
AL		 1627 breakpoint_invalidate(env, breakpoint->pc);
1628
7267c094 1629 g_free(breakpoint);
a1d1bb31
AL		 1630#endif
1631}
1632
1633/* Remove all matching breakpoints. */
9349b4f9 1634void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1635{
1636#if defined(TARGET_HAS_ICE)
c0ce998e 1637 CPUBreakpoint *bp, *next;
a1d1bb31 1638
72cf2d4f 1639 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1640 if (bp->flags & mask)
1641 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1642 }
4c3a88a2
FB		 1643#endif
1644}
1645
c33a346e
FB		 1646/* enable or disable single step mode. EXCP_DEBUG is returned by the
1647 CPU loop after each instruction */
9349b4f9 1648void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1649{
1fddef4b 1650#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1651 if (env->singlestep_enabled != enabled) {
1652 env->singlestep_enabled = enabled;
e22a25c9
AL		 1653 if (kvm_enabled())
1654 kvm_update_guest_debug(env, 0);
1655 else {
ccbb4d44 1656 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1657 /* XXX: only flush what is necessary */
1658 tb_flush(env);
1659 }
c33a346e
FB		 1660 }
1661#endif
1662}
1663
34865134
FB		 1664/* enable or disable low levels log */
1665void cpu_set_log(int log_flags)
1666{
1667 loglevel = log_flags;
1668 if (loglevel && !logfile) {
11fcfab4 1669 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1670 if (!logfile) {
1671 perror(logfilename);
1672 _exit(1);
1673 }
9fa3e853
FB		 1674#if !defined(CONFIG_SOFTMMU)
1675 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1676 {
b55266b5 1677 static char logfile_buf[4096];
9fa3e853
FB		 1678 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1679 }
daf767b1
SW		 1680#elif defined(_WIN32)
1681 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1682 setvbuf(logfile, NULL, _IONBF, 0);
1683#else
34865134 1684 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1685#endif
e735b91c
PB		 1686 log_append = 1;
1687 }
1688 if (!loglevel && logfile) {
1689 fclose(logfile);
1690 logfile = NULL;
34865134
FB		 1691 }
1692}
1693
1694void cpu_set_log_filename(const char *filename)
1695{
1696 logfilename = strdup(filename);
e735b91c
PB		 1697 if (logfile) {
1698 fclose(logfile);
1699 logfile = NULL;
1700 }
1701 cpu_set_log(loglevel);
34865134 1702}
c33a346e 1703
9349b4f9 1704static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1705{
3098dba0
AJ		 1706 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1707 problem and hope the cpu will stop of its own accord. For userspace
1708 emulation this often isn't actually as bad as it sounds. Often
1709 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1710 TranslationBlock *tb;
c227f099 1711 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1712
cab1b4bd 1713 spin_lock(&interrupt_lock);
3098dba0
AJ		 1714 tb = env->current_tb;
1715 /* if the cpu is currently executing code, we must unlink it and
1716 all the potentially executing TB */
f76cfe56 1717 if (tb) {
3098dba0
AJ		 1718 env->current_tb = NULL;
1719 tb_reset_jump_recursive(tb);
be214e6c 1720 }
cab1b4bd 1721 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1722}
1723
97ffbd8d 1724#ifndef CONFIG_USER_ONLY
3098dba0 1725/* mask must never be zero, except for A20 change call */
9349b4f9 1726static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1727{
1728 int old_mask;
be214e6c 1729
2e70f6ef 1730 old_mask = env->interrupt_request;
68a79315 1731 env->interrupt_request |= mask;
3098dba0 1732
8edac960
AL		 1733 /*
1734 * If called from iothread context, wake the target cpu in
1735 * case its halted.
1736 */
b7680cb6 1737 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1738 qemu_cpu_kick(env);
1739 return;
1740 }
8edac960 1741
2e70f6ef 1742 if (use_icount) {
266910c4 1743 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1744 if (!can_do_io(env)
be214e6c 1745 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1746 cpu_abort(env, "Raised interrupt while not in I/O function");
1747 }
2e70f6ef 1748 } else {
3098dba0 1749 cpu_unlink_tb(env);
ea041c0e
FB		 1750 }
1751}
1752
ec6959d0
JK		 1753CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1754
97ffbd8d
JK		 1755#else /* CONFIG_USER_ONLY */
1756
9349b4f9 1757void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1758{
1759 env->interrupt_request |= mask;
1760 cpu_unlink_tb(env);
1761}
1762#endif /* CONFIG_USER_ONLY */
1763
9349b4f9 1764void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1765{
1766 env->interrupt_request &= ~mask;
1767}
1768
9349b4f9 1769void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1770{
1771 env->exit_request = 1;
1772 cpu_unlink_tb(env);
1773}
1774
c7cd6a37 1775const CPULogItem cpu_log_items[] = {
5fafdf24 1776 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1777 "show generated host assembly code for each compiled TB" },
1778 { CPU_LOG_TB_IN_ASM, "in_asm",
1779 "show target assembly code for each compiled TB" },
5fafdf24 1780 { CPU_LOG_TB_OP, "op",
57fec1fe 1781 "show micro ops for each compiled TB" },
f193c797 1782 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1783 "show micro ops "
1784#ifdef TARGET_I386
1785 "before eflags optimization and "
f193c797 1786#endif
e01a1157 1787 "after liveness analysis" },
f193c797
FB		 1788 { CPU_LOG_INT, "int",
1789 "show interrupts/exceptions in short format" },
1790 { CPU_LOG_EXEC, "exec",
1791 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1792 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1793 "show CPU state before block translation" },
f193c797
FB		 1794#ifdef TARGET_I386
1795 { CPU_LOG_PCALL, "pcall",
1796 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1797 { CPU_LOG_RESET, "cpu_reset",
1798 "show CPU state before CPU resets" },
f193c797 1799#endif
8e3a9fd2 1800#ifdef DEBUG_IOPORT
fd872598
FB		 1801 { CPU_LOG_IOPORT, "ioport",
1802 "show all i/o ports accesses" },
8e3a9fd2 1803#endif
f193c797
FB		 1804 { 0, NULL, NULL },
1805};
1806
1807static int cmp1(const char *s1, int n, const char *s2)
1808{
1809 if (strlen(s2) != n)
1810 return 0;
1811 return memcmp(s1, s2, n) == 0;
1812}
3b46e624 1813
f193c797
FB		 1814/* takes a comma separated list of log masks. Return 0 if error. */
1815int cpu_str_to_log_mask(const char *str)
1816{
c7cd6a37 1817 const CPULogItem *item;
f193c797
FB		 1818 int mask;
1819 const char *p, *p1;
1820
1821 p = str;
1822 mask = 0;
1823 for(;;) {
1824 p1 = strchr(p, ',');
1825 if (!p1)
1826 p1 = p + strlen(p);
9742bf26
YT		 1827 if(cmp1(p,p1-p,"all")) {
1828 for(item = cpu_log_items; item->mask != 0; item++) {
1829 mask |= item->mask;
1830 }
1831 } else {
1832 for(item = cpu_log_items; item->mask != 0; item++) {
1833 if (cmp1(p, p1 - p, item->name))
1834 goto found;
1835 }
1836 return 0;
f193c797 1837 }
f193c797
FB		 1838 found:
1839 mask |= item->mask;
1840 if (*p1 != ',')
1841 break;
1842 p = p1 + 1;
1843 }
1844 return mask;
1845}
ea041c0e 1846
9349b4f9 1847void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1848{
1849 va_list ap;
493ae1f0 1850 va_list ap2;
7501267e
FB		 1851
1852 va_start(ap, fmt);
493ae1f0 1853 va_copy(ap2, ap);
7501267e
FB		 1854 fprintf(stderr, "qemu: fatal: ");
1855 vfprintf(stderr, fmt, ap);
1856 fprintf(stderr, "\n");
1857#ifdef TARGET_I386
7fe48483
FB		 1858 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1859#else
1860 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1861#endif
93fcfe39
AL		 1862 if (qemu_log_enabled()) {
1863 qemu_log("qemu: fatal: ");
1864 qemu_log_vprintf(fmt, ap2);
1865 qemu_log("\n");
f9373291 1866#ifdef TARGET_I386
93fcfe39 1867 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1868#else
93fcfe39 1869 log_cpu_state(env, 0);
f9373291 1870#endif
31b1a7b4 1871 qemu_log_flush();
93fcfe39 1872 qemu_log_close();
924edcae 1873 }
493ae1f0 1874 va_end(ap2);
f9373291 1875 va_end(ap);
fd052bf6
RV		 1876#if defined(CONFIG_USER_ONLY)
1877 {
1878 struct sigaction act;
1879 sigfillset(&act.sa_mask);
1880 act.sa_handler = SIG_DFL;
1881 sigaction(SIGABRT, &act, NULL);
1882 }
1883#endif
7501267e
FB		 1884 abort();
1885}
1886
9349b4f9 1887CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1888{
9349b4f9
AF		 1889 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1890 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1891 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1892#if defined(TARGET_HAS_ICE)
1893 CPUBreakpoint *bp;
1894 CPUWatchpoint *wp;
1895#endif
1896
9349b4f9 1897 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1898
1899 /* Preserve chaining and index. */
c5be9f08
TS		 1900 new_env->next_cpu = next_cpu;
1901 new_env->cpu_index = cpu_index;
5a38f081
AL		 1902
1903 /* Clone all break/watchpoints.
1904 Note: Once we support ptrace with hw-debug register access, make sure
1905 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1906 QTAILQ_INIT(&env->breakpoints);
1907 QTAILQ_INIT(&env->watchpoints);
5a38f081 1908#if defined(TARGET_HAS_ICE)
72cf2d4f 1909 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1910 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1911 }
72cf2d4f 1912 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1913 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1914 wp->flags, NULL);
1915 }
1916#endif
1917
c5be9f08
TS		 1918 return new_env;
1919}
1920
0124311e 1921#if !defined(CONFIG_USER_ONLY)
0cac1b66 1922void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1923{
1924 unsigned int i;
1925
1926 /* Discard jump cache entries for any tb which might potentially
1927 overlap the flushed page. */
1928 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1929 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1930 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1931
1932 i = tb_jmp_cache_hash_page(addr);
1933 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1934 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1935}
1936
5579c7f3 1937/* Note: start and end must be within the same ram block. */
c227f099 1938void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1939 int dirty_flags)
1ccde1cb 1940{
8efe0ca8 1941 uintptr_t length, start1;
1ccde1cb
FB		 1942
1943 start &= TARGET_PAGE_MASK;
1944 end = TARGET_PAGE_ALIGN(end);
1945
1946 length = end - start;
1947 if (length == 0)
1948 return;
f7c11b53 1949 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1950
1ccde1cb
FB		 1951 /* we modify the TLB cache so that the dirty bit will be set again
1952 when accessing the range */
8efe0ca8 1953 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
a57d23e4 1954 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 1955 address comparisons below. */
8efe0ca8 1956 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 1957 != (end - 1) - start) {
1958 abort();
1959 }
e5548617 1960 cpu_tlb_reset_dirty_all(start1, length);
1ccde1cb
FB		 1961}
1962
74576198
AL		 1963int cpu_physical_memory_set_dirty_tracking(int enable)
1964{
f6f3fbca 1965 int ret = 0;
74576198 1966 in_migration = enable;
f6f3fbca 1967 return ret;
74576198
AL		 1968}
1969
e5548617
BS		 1970target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1971 MemoryRegionSection *section,
1972 target_ulong vaddr,
1973 target_phys_addr_t paddr,
1974 int prot,
1975 target_ulong *address)
1976{
1977 target_phys_addr_t iotlb;
1978 CPUWatchpoint *wp;
1979
1980 if (is_ram_rom(section)) {
1981 /* Normal RAM. */
1982 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1983 + section_addr(section, paddr);
1984 if (!section->readonly) {
1985 iotlb |= phys_section_notdirty;
1986 } else {
1987 iotlb |= phys_section_rom;
1988 }
1989 } else {
1990 /* IO handlers are currently passed a physical address.
1991 It would be nice to pass an offset from the base address
1992 of that region. This would avoid having to special case RAM,
1993 and avoid full address decoding in every device.
1994 We can't use the high bits of pd for this because
1995 IO_MEM_ROMD uses these as a ram address. */
1996 iotlb = section - phys_sections;
1997 iotlb += section_addr(section, paddr);
1998 }
1999
2000 /* Make accesses to pages with watchpoints go via the
2001 watchpoint trap routines. */
2002 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2003 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2004 /* Avoid trapping reads of pages with a write breakpoint. */
2005 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2006 iotlb = phys_section_watch + paddr;
2007 *address |= TLB_MMIO;
2008 break;
2009 }
2010 }
2011 }
2012
2013 return iotlb;
2014}
2015
0124311e 2016#else
edf8e2af
MW		 2017/*
2018 * Walks guest process memory "regions" one by one
2019 * and calls callback function 'fn' for each region.
2020 */
5cd2c5b6
RH		 2021
2022struct walk_memory_regions_data
2023{
2024 walk_memory_regions_fn fn;
2025 void *priv;
8efe0ca8 2026 uintptr_t start;
5cd2c5b6
RH		 2027 int prot;
2028};
2029
2030static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2031 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2032{
2033 if (data->start != -1ul) {
2034 int rc = data->fn(data->priv, data->start, end, data->prot);
2035 if (rc != 0) {
2036 return rc;
2037 }
2038 }
2039
2040 data->start = (new_prot ? end : -1ul);
2041 data->prot = new_prot;
2042
2043 return 0;
2044}
2045
2046static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2047 abi_ulong base, int level, void **lp)
5cd2c5b6 2048{
b480d9b7 2049 abi_ulong pa;
5cd2c5b6
RH		 2050 int i, rc;
2051
2052 if (*lp == NULL) {
2053 return walk_memory_regions_end(data, base, 0);
2054 }
2055
2056 if (level == 0) {
2057 PageDesc *pd = *lp;
7296abac 2058 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2059 int prot = pd[i].flags;
2060
2061 pa = base | (i << TARGET_PAGE_BITS);
2062 if (prot != data->prot) {
2063 rc = walk_memory_regions_end(data, pa, prot);
2064 if (rc != 0) {
2065 return rc;
9fa3e853 2066 }
9fa3e853 2067 }
5cd2c5b6
RH		 2068 }
2069 } else {
2070 void **pp = *lp;
7296abac 2071 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2072 pa = base | ((abi_ulong)i <<
2073 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2074 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2075 if (rc != 0) {
2076 return rc;
2077 }
2078 }
2079 }
2080
2081 return 0;
2082}
2083
2084int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2085{
2086 struct walk_memory_regions_data data;
8efe0ca8 2087 uintptr_t i;
5cd2c5b6
RH		 2088
2089 data.fn = fn;
2090 data.priv = priv;
2091 data.start = -1ul;
2092 data.prot = 0;
2093
2094 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2095 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2096 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2097 if (rc != 0) {
2098 return rc;
9fa3e853 2099 }
33417e70 2100 }
5cd2c5b6
RH		 2101
2102 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2103}
2104
b480d9b7
PB		 2105static int dump_region(void *priv, abi_ulong start,
2106 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2107{
2108 FILE *f = (FILE *)priv;
2109
b480d9b7
PB		 2110 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2111 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2112 start, end, end - start,
2113 ((prot & PAGE_READ) ? 'r' : '-'),
2114 ((prot & PAGE_WRITE) ? 'w' : '-'),
2115 ((prot & PAGE_EXEC) ? 'x' : '-'));
2116
2117 return (0);
2118}
2119
2120/* dump memory mappings */
2121void page_dump(FILE *f)
2122{
2123 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2124 "start", "end", "size", "prot");
2125 walk_memory_regions(f, dump_region);
33417e70
FB		 2126}
2127
53a5960a 2128int page_get_flags(target_ulong address)
33417e70 2129{
9fa3e853
FB		 2130 PageDesc *p;
2131
2132 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2133 if (!p)
9fa3e853
FB		 2134 return 0;
2135 return p->flags;
2136}
2137
376a7909
RH		 2138/* Modify the flags of a page and invalidate the code if necessary.
2139 The flag PAGE_WRITE_ORG is positioned automatically depending
2140 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2141void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2142{
376a7909
RH		 2143 target_ulong addr, len;
2144
2145 /* This function should never be called with addresses outside the
2146 guest address space. If this assert fires, it probably indicates
2147 a missing call to h2g_valid. */
b480d9b7
PB		 2148#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2149 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2150#endif
2151 assert(start < end);
9fa3e853
FB		 2152
2153 start = start & TARGET_PAGE_MASK;
2154 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2155
2156 if (flags & PAGE_WRITE) {
9fa3e853 2157 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2158 }
2159
2160 for (addr = start, len = end - start;
2161 len != 0;
2162 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2163 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2164
2165 /* If the write protection bit is set, then we invalidate
2166 the code inside. */
5fafdf24 2167 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2168 (flags & PAGE_WRITE) &&
2169 p->first_tb) {
d720b93d 2170 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2171 }
2172 p->flags = flags;
2173 }
33417e70
FB		 2174}
2175
3d97b40b
TS		 2176int page_check_range(target_ulong start, target_ulong len, int flags)
2177{
2178 PageDesc *p;
2179 target_ulong end;
2180 target_ulong addr;
2181
376a7909
RH		 2182 /* This function should never be called with addresses outside the
2183 guest address space. If this assert fires, it probably indicates
2184 a missing call to h2g_valid. */
338e9e6c
BS		 2185#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2186 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2187#endif
2188
3e0650a9
RH		 2189 if (len == 0) {
2190 return 0;
2191 }
376a7909
RH		 2192 if (start + len - 1 < start) {
2193 /* We've wrapped around. */
55f280c9 2194 return -1;
376a7909 2195 }
55f280c9 2196
3d97b40b
TS		 2197 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2198 start = start & TARGET_PAGE_MASK;
2199
376a7909
RH		 2200 for (addr = start, len = end - start;
2201 len != 0;
2202 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2203 p = page_find(addr >> TARGET_PAGE_BITS);
2204 if( !p )
2205 return -1;
2206 if( !(p->flags & PAGE_VALID) )
2207 return -1;
2208
dae3270c 2209 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2210 return -1;
dae3270c
FB		 2211 if (flags & PAGE_WRITE) {
2212 if (!(p->flags & PAGE_WRITE_ORG))
2213 return -1;
2214 /* unprotect the page if it was put read-only because it
2215 contains translated code */
2216 if (!(p->flags & PAGE_WRITE)) {
2217 if (!page_unprotect(addr, 0, NULL))
2218 return -1;
2219 }
2220 return 0;
2221 }
3d97b40b
TS		 2222 }
2223 return 0;
2224}
2225
9fa3e853 2226/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2227 page. Return TRUE if the fault was successfully handled. */
6375e09e 2228int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2229{
45d679d6
AJ		 2230 unsigned int prot;
2231 PageDesc *p;
53a5960a 2232 target_ulong host_start, host_end, addr;
9fa3e853 2233
c8a706fe
PB		 2234 /* Technically this isn't safe inside a signal handler. However we
2235 know this only ever happens in a synchronous SEGV handler, so in
2236 practice it seems to be ok. */
2237 mmap_lock();
2238
45d679d6
AJ		 2239 p = page_find(address >> TARGET_PAGE_BITS);
2240 if (!p) {
c8a706fe 2241 mmap_unlock();
9fa3e853 2242 return 0;
c8a706fe 2243 }
45d679d6 2244
9fa3e853
FB		 2245 /* if the page was really writable, then we change its
2246 protection back to writable */
45d679d6
AJ		 2247 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2248 host_start = address & qemu_host_page_mask;
2249 host_end = host_start + qemu_host_page_size;
2250
2251 prot = 0;
2252 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2253 p = page_find(addr >> TARGET_PAGE_BITS);
2254 p->flags |= PAGE_WRITE;
2255 prot |= p->flags;
2256
9fa3e853
FB		 2257 /* and since the content will be modified, we must invalidate
2258 the corresponding translated code. */
45d679d6 2259 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2260#ifdef DEBUG_TB_CHECK
45d679d6 2261 tb_invalidate_check(addr);
9fa3e853 2262#endif
9fa3e853 2263 }
45d679d6
AJ		 2264 mprotect((void *)g2h(host_start), qemu_host_page_size,
2265 prot & PAGE_BITS);
2266
2267 mmap_unlock();
2268 return 1;
9fa3e853 2269 }
c8a706fe 2270 mmap_unlock();
9fa3e853
FB		 2271 return 0;
2272}
9fa3e853
FB		 2273#endif /* defined(CONFIG_USER_ONLY) */
2274
e2eef170 2275#if !defined(CONFIG_USER_ONLY)
8da3ff18 2276
c04b2b78
PB		 2277#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2278typedef struct subpage_t {
70c68e44 2279 MemoryRegion iomem;
c04b2b78 2280 target_phys_addr_t base;
5312bd8b 2281 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2282} subpage_t;
2283
c227f099 2284static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2285 uint16_t section);
0f0cb164 2286static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2287static void destroy_page_desc(uint16_t section_index)
54688b1e 2288{
5312bd8b
AK		 2289 MemoryRegionSection *section = &phys_sections[section_index];
2290 MemoryRegion *mr = section->mr;
54688b1e
AK		 2291
2292 if (mr->subpage) {
2293 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2294 memory_region_destroy(&subpage->iomem);
2295 g_free(subpage);
2296 }
2297}
2298
4346ae3e 2299static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2300{
2301 unsigned i;
d6f2ea22 2302 PhysPageEntry *p;
54688b1e 2303
c19e8800 2304 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2305 return;
2306 }
2307
c19e8800 2308 p = phys_map_nodes[lp->ptr];
4346ae3e 2309 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2310 if (!p[i].is_leaf) {
54688b1e 2311 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2312 } else {
c19e8800 2313 destroy_page_desc(p[i].ptr);
54688b1e 2314 }
54688b1e 2315 }
07f07b31 2316 lp->is_leaf = 0;
c19e8800 2317 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2318}
2319
2320static void destroy_all_mappings(void)
2321{
3eef53df 2322 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2323 phys_map_nodes_reset();
54688b1e
AK		 2324}
2325
5312bd8b
AK		 2326static uint16_t phys_section_add(MemoryRegionSection *section)
2327{
2328 if (phys_sections_nb == phys_sections_nb_alloc) {
2329 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2330 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2331 phys_sections_nb_alloc);
2332 }
2333 phys_sections[phys_sections_nb] = *section;
2334 return phys_sections_nb++;
2335}
2336
2337static void phys_sections_clear(void)
2338{
2339 phys_sections_nb = 0;
2340}
2341
8f2498f9
MT		 2342/* register physical memory.
2343 For RAM, 'size' must be a multiple of the target page size.
2344 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2345 io memory page. The address used when calling the IO function is
2346 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2347 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2348 before calculating this offset. This should not be a problem unless
2349 the low bits of start_addr and region_offset differ. */
0f0cb164
AK		 2350static void register_subpage(MemoryRegionSection *section)
2351{
2352 subpage_t *subpage;
2353 target_phys_addr_t base = section->offset_within_address_space
2354 & TARGET_PAGE_MASK;
f3705d53 2355 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2356 MemoryRegionSection subsection = {
2357 .offset_within_address_space = base,
2358 .size = TARGET_PAGE_SIZE,
2359 };
0f0cb164
AK		 2360 target_phys_addr_t start, end;
2361
f3705d53 2362 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2363
f3705d53 2364 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2365 subpage = subpage_init(base);
2366 subsection.mr = &subpage->iomem;
2999097b
AK		 2367 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2368 phys_section_add(&subsection));
0f0cb164 2369 } else {
f3705d53 2370 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2371 }
2372 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2373 end = start + section->size;
2374 subpage_register(subpage, start, end, phys_section_add(section));
2375}
2376
2377
2378static void register_multipage(MemoryRegionSection *section)
33417e70 2379{
dd81124b
AK		 2380 target_phys_addr_t start_addr = section->offset_within_address_space;
2381 ram_addr_t size = section->size;
2999097b 2382 target_phys_addr_t addr;
5312bd8b 2383 uint16_t section_index = phys_section_add(section);
dd81124b 2384
3b8e6a2d 2385 assert(size);
f6f3fbca 2386
3b8e6a2d 2387 addr = start_addr;
2999097b
AK		 2388 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2389 section_index);
33417e70
FB		 2390}
2391
0f0cb164
AK		 2392void cpu_register_physical_memory_log(MemoryRegionSection *section,
2393 bool readonly)
2394{
2395 MemoryRegionSection now = *section, remain = *section;
2396
2397 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2398 || (now.size < TARGET_PAGE_SIZE)) {
2399 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2400 - now.offset_within_address_space,
2401 now.size);
2402 register_subpage(&now);
2403 remain.size -= now.size;
2404 remain.offset_within_address_space += now.size;
2405 remain.offset_within_region += now.size;
2406 }
2407 now = remain;
2408 now.size &= TARGET_PAGE_MASK;
2409 if (now.size) {
2410 register_multipage(&now);
2411 remain.size -= now.size;
2412 remain.offset_within_address_space += now.size;
2413 remain.offset_within_region += now.size;
2414 }
2415 now = remain;
2416 if (now.size) {
2417 register_subpage(&now);
2418 }
2419}
2420
2421
c227f099 2422void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2423{
2424 if (kvm_enabled())
2425 kvm_coalesce_mmio_region(addr, size);
2426}
2427
c227f099 2428void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2429{
2430 if (kvm_enabled())
2431 kvm_uncoalesce_mmio_region(addr, size);
2432}
2433
62a2744c
SY		 2434void qemu_flush_coalesced_mmio_buffer(void)
2435{
2436 if (kvm_enabled())
2437 kvm_flush_coalesced_mmio_buffer();
2438}
2439
c902760f
MT		 2440#if defined(__linux__) && !defined(TARGET_S390X)
2441
2442#include <sys/vfs.h>
2443
2444#define HUGETLBFS_MAGIC 0x958458f6
2445
2446static long gethugepagesize(const char *path)
2447{
2448 struct statfs fs;
2449 int ret;
2450
2451 do {
9742bf26 2452 ret = statfs(path, &fs);
c902760f
MT		 2453 } while (ret != 0 && errno == EINTR);
2454
2455 if (ret != 0) {
9742bf26
YT		 2456 perror(path);
2457 return 0;
c902760f
MT		 2458 }
2459
2460 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2461 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2462
2463 return fs.f_bsize;
2464}
2465
04b16653
AW		 2466static void *file_ram_alloc(RAMBlock *block,
2467 ram_addr_t memory,
2468 const char *path)
c902760f
MT		 2469{
2470 char *filename;
2471 void *area;
2472 int fd;
2473#ifdef MAP_POPULATE
2474 int flags;
2475#endif
2476 unsigned long hpagesize;
2477
2478 hpagesize = gethugepagesize(path);
2479 if (!hpagesize) {
9742bf26 2480 return NULL;
c902760f
MT		 2481 }
2482
2483 if (memory < hpagesize) {
2484 return NULL;
2485 }
2486
2487 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2488 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2489 return NULL;
2490 }
2491
2492 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2493 return NULL;
c902760f
MT		 2494 }
2495
2496 fd = mkstemp(filename);
2497 if (fd < 0) {
9742bf26
YT		 2498 perror("unable to create backing store for hugepages");
2499 free(filename);
2500 return NULL;
c902760f
MT		 2501 }
2502 unlink(filename);
2503 free(filename);
2504
2505 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2506
2507 /*
2508 * ftruncate is not supported by hugetlbfs in older
2509 * hosts, so don't bother bailing out on errors.
2510 * If anything goes wrong with it under other filesystems,
2511 * mmap will fail.
2512 */
2513 if (ftruncate(fd, memory))
9742bf26 2514 perror("ftruncate");
c902760f
MT		 2515
2516#ifdef MAP_POPULATE
2517 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2518 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2519 * to sidestep this quirk.
2520 */
2521 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2522 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2523#else
2524 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2525#endif
2526 if (area == MAP_FAILED) {
9742bf26
YT		 2527 perror("file_ram_alloc: can't mmap RAM pages");
2528 close(fd);
2529 return (NULL);
c902760f 2530 }
04b16653 2531 block->fd = fd;
c902760f
MT		 2532 return area;
2533}
2534#endif
2535
d17b5288 2536static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2537{
2538 RAMBlock *block, *next_block;
3e837b2c 2539 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2540
2541 if (QLIST_EMPTY(&ram_list.blocks))
2542 return 0;
2543
2544 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2545 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2546
2547 end = block->offset + block->length;
2548
2549 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2550 if (next_block->offset >= end) {
2551 next = MIN(next, next_block->offset);
2552 }
2553 }
2554 if (next - end >= size && next - end < mingap) {
3e837b2c 2555 offset = end;
04b16653
AW		 2556 mingap = next - end;
2557 }
2558 }
3e837b2c
AW		 2559
2560 if (offset == RAM_ADDR_MAX) {
2561 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2562 (uint64_t)size);
2563 abort();
2564 }
2565
04b16653
AW		 2566 return offset;
2567}
2568
2569static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2570{
2571 RAMBlock *block;
2572 ram_addr_t last = 0;
2573
2574 QLIST_FOREACH(block, &ram_list.blocks, next)
2575 last = MAX(last, block->offset + block->length);
2576
2577 return last;
2578}
2579
c5705a77 2580void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2581{
2582 RAMBlock *new_block, *block;
2583
c5705a77
AK		 2584 new_block = NULL;
2585 QLIST_FOREACH(block, &ram_list.blocks, next) {
2586 if (block->offset == addr) {
2587 new_block = block;
2588 break;
2589 }
2590 }
2591 assert(new_block);
2592 assert(!new_block->idstr[0]);
84b89d78
CM		 2593
2594 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2595 char *id = dev->parent_bus->info->get_dev_path(dev);
2596 if (id) {
2597 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2598 g_free(id);
84b89d78
CM		 2599 }
2600 }
2601 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2602
2603 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2604 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2605 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2606 new_block->idstr);
2607 abort();
2608 }
2609 }
c5705a77
AK		 2610}
2611
2612ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2613 MemoryRegion *mr)
2614{
2615 RAMBlock *new_block;
2616
2617 size = TARGET_PAGE_ALIGN(size);
2618 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2619
7c637366 2620 new_block->mr = mr;
432d268c 2621 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2622 if (host) {
2623 new_block->host = host;
cd19cfa2 2624 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2625 } else {
2626 if (mem_path) {
c902760f 2627#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2628 new_block->host = file_ram_alloc(new_block, size, mem_path);
2629 if (!new_block->host) {
2630 new_block->host = qemu_vmalloc(size);
e78815a5 2631 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2632 }
c902760f 2633#else
6977dfe6
YT		 2634 fprintf(stderr, "-mem-path option unsupported\n");
2635 exit(1);
c902760f 2636#endif
6977dfe6 2637 } else {
6b02494d 2638#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2639 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2640 an system defined value, which is at least 256GB. Larger systems
2641 have larger values. We put the guest between the end of data
2642 segment (system break) and this value. We use 32GB as a base to
2643 have enough room for the system break to grow. */
2644 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2645 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2646 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2647 if (new_block->host == MAP_FAILED) {
2648 fprintf(stderr, "Allocating RAM failed\n");
2649 abort();
2650 }
6b02494d 2651#else
868bb33f 2652 if (xen_enabled()) {
fce537d4 2653 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2654 } else {
2655 new_block->host = qemu_vmalloc(size);
2656 }
6b02494d 2657#endif
e78815a5 2658 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2659 }
c902760f 2660 }
94a6b54f
PB		 2661 new_block->length = size;
2662
f471a17e 2663 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2664
7267c094 2665 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2666 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2667 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2668 0xff, size >> TARGET_PAGE_BITS);
2669
6f0437e8
JK		 2670 if (kvm_enabled())
2671 kvm_setup_guest_memory(new_block->host, size);
2672
94a6b54f
PB		 2673 return new_block->offset;
2674}
e9a1ab19 2675
c5705a77 2676ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2677{
c5705a77 2678 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2679}
2680
1f2e98b6
AW		 2681void qemu_ram_free_from_ptr(ram_addr_t addr)
2682{
2683 RAMBlock *block;
2684
2685 QLIST_FOREACH(block, &ram_list.blocks, next) {
2686 if (addr == block->offset) {
2687 QLIST_REMOVE(block, next);
7267c094 2688 g_free(block);
1f2e98b6
AW		 2689 return;
2690 }
2691 }
2692}
2693
c227f099 2694void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2695{
04b16653
AW		 2696 RAMBlock *block;
2697
2698 QLIST_FOREACH(block, &ram_list.blocks, next) {
2699 if (addr == block->offset) {
2700 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2701 if (block->flags & RAM_PREALLOC_MASK) {
2702 ;
2703 } else if (mem_path) {
04b16653
AW		 2704#if defined (__linux__) && !defined(TARGET_S390X)
2705 if (block->fd) {
2706 munmap(block->host, block->length);
2707 close(block->fd);
2708 } else {
2709 qemu_vfree(block->host);
2710 }
fd28aa13
JK		 2711#else
2712 abort();
04b16653
AW		 2713#endif
2714 } else {
2715#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2716 munmap(block->host, block->length);
2717#else
868bb33f 2718 if (xen_enabled()) {
e41d7c69 2719 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2720 } else {
2721 qemu_vfree(block->host);
2722 }
04b16653
AW		 2723#endif
2724 }
7267c094 2725 g_free(block);
04b16653
AW		 2726 return;
2727 }
2728 }
2729
e9a1ab19
FB		 2730}
2731
cd19cfa2
HY		 2732#ifndef _WIN32
2733void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2734{
2735 RAMBlock *block;
2736 ram_addr_t offset;
2737 int flags;
2738 void *area, *vaddr;
2739
2740 QLIST_FOREACH(block, &ram_list.blocks, next) {
2741 offset = addr - block->offset;
2742 if (offset < block->length) {
2743 vaddr = block->host + offset;
2744 if (block->flags & RAM_PREALLOC_MASK) {
2745 ;
2746 } else {
2747 flags = MAP_FIXED;
2748 munmap(vaddr, length);
2749 if (mem_path) {
2750#if defined(__linux__) && !defined(TARGET_S390X)
2751 if (block->fd) {
2752#ifdef MAP_POPULATE
2753 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2754 MAP_PRIVATE;
2755#else
2756 flags |= MAP_PRIVATE;
2757#endif
2758 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2759 flags, block->fd, offset);
2760 } else {
2761 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2762 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2763 flags, -1, 0);
2764 }
fd28aa13
JK		 2765#else
2766 abort();
cd19cfa2
HY		 2767#endif
2768 } else {
2769#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2770 flags |= MAP_SHARED | MAP_ANONYMOUS;
2771 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2772 flags, -1, 0);
2773#else
2774 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2775 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2776 flags, -1, 0);
2777#endif
2778 }
2779 if (area != vaddr) {
f15fbc4b
AP		 2780 fprintf(stderr, "Could not remap addr: "
2781 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2782 length, addr);
2783 exit(1);
2784 }
2785 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
2786 }
2787 return;
2788 }
2789 }
2790}
2791#endif /* !_WIN32 */
2792
dc828ca1 2793/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2794 With the exception of the softmmu code in this file, this should
2795 only be used for local memory (e.g. video ram) that the device owns,
2796 and knows it isn't going to access beyond the end of the block.
2797
2798 It should not be used for general purpose DMA.
2799 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2800 */
c227f099 2801void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2802{
94a6b54f
PB		 2803 RAMBlock *block;
2804
f471a17e
AW		 2805 QLIST_FOREACH(block, &ram_list.blocks, next) {
2806 if (addr - block->offset < block->length) {
7d82af38
VP		 2807 /* Move this entry to to start of the list. */
2808 if (block != QLIST_FIRST(&ram_list.blocks)) {
2809 QLIST_REMOVE(block, next);
2810 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2811 }
868bb33f 2812 if (xen_enabled()) {
432d268c
JN		 2813 /* We need to check if the requested address is in the RAM
2814 * because we don't want to map the entire memory in QEMU.
712c2b41 2815 * In that case just map until the end of the page.
432d268c
JN		 2816 */
2817 if (block->offset == 0) {
e41d7c69 2818 return xen_map_cache(addr, 0, 0);
432d268c 2819 } else if (block->host == NULL) {
e41d7c69
JK		 2820 block->host =
2821 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2822 }
2823 }
f471a17e
AW		 2824 return block->host + (addr - block->offset);
2825 }
94a6b54f 2826 }
f471a17e
AW		 2827
2828 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2829 abort();
2830
2831 return NULL;
dc828ca1
PB		 2832}
2833
b2e0a138
MT		 2834/* Return a host pointer to ram allocated with qemu_ram_alloc.
2835 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2836 */
2837void *qemu_safe_ram_ptr(ram_addr_t addr)
2838{
2839 RAMBlock *block;
2840
2841 QLIST_FOREACH(block, &ram_list.blocks, next) {
2842 if (addr - block->offset < block->length) {
868bb33f 2843 if (xen_enabled()) {
432d268c
JN		 2844 /* We need to check if the requested address is in the RAM
2845 * because we don't want to map the entire memory in QEMU.
712c2b41 2846 * In that case just map until the end of the page.
432d268c
JN		 2847 */
2848 if (block->offset == 0) {
e41d7c69 2849 return xen_map_cache(addr, 0, 0);
432d268c 2850 } else if (block->host == NULL) {
e41d7c69
JK		 2851 block->host =
2852 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2853 }
2854 }
b2e0a138
MT		 2855 return block->host + (addr - block->offset);
2856 }
2857 }
2858
2859 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2860 abort();
2861
2862 return NULL;
2863}
2864
38bee5dc
SS		 2865/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2866 * but takes a size argument */
8ab934f9 2867void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2868{
8ab934f9
SS		 2869 if (*size == 0) {
2870 return NULL;
2871 }
868bb33f 2872 if (xen_enabled()) {
e41d7c69 2873 return xen_map_cache(addr, *size, 1);
868bb33f 2874 } else {
38bee5dc
SS		 2875 RAMBlock *block;
2876
2877 QLIST_FOREACH(block, &ram_list.blocks, next) {
2878 if (addr - block->offset < block->length) {
2879 if (addr - block->offset + *size > block->length)
2880 *size = block->length - addr + block->offset;
2881 return block->host + (addr - block->offset);
2882 }
2883 }
2884
2885 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2886 abort();
38bee5dc
SS		 2887 }
2888}
2889
050a0ddf
AP		 2890void qemu_put_ram_ptr(void *addr)
2891{
2892 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2893}
2894
e890261f 2895int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2896{
94a6b54f
PB		 2897 RAMBlock *block;
2898 uint8_t *host = ptr;
2899
868bb33f 2900 if (xen_enabled()) {
e41d7c69 2901 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2902 return 0;
2903 }
2904
f471a17e 2905 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2906 /* This case append when the block is not mapped. */
2907 if (block->host == NULL) {
2908 continue;
2909 }
f471a17e 2910 if (host - block->host < block->length) {
e890261f
MT		 2911 *ram_addr = block->offset + (host - block->host);
2912 return 0;
f471a17e 2913 }
94a6b54f 2914 }
432d268c 2915
e890261f
MT		 2916 return -1;
2917}
f471a17e 2918
e890261f
MT		 2919/* Some of the softmmu routines need to translate from a host pointer
2920 (typically a TLB entry) back to a ram offset. */
2921ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2922{
2923 ram_addr_t ram_addr;
f471a17e 2924
e890261f
MT		 2925 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2926 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2927 abort();
2928 }
2929 return ram_addr;
5579c7f3
PB		 2930}
2931
0e0df1e2
AK		 2932static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2933 unsigned size)
e18231a3
BS		 2934{
2935#ifdef DEBUG_UNASSIGNED
2936 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2937#endif
5b450407 2938#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2939 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2940#endif
2941 return 0;
2942}
2943
0e0df1e2
AK		 2944static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2945 uint64_t val, unsigned size)
e18231a3
BS		 2946{
2947#ifdef DEBUG_UNASSIGNED
0e0df1e2 2948 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2949#endif
5b450407 2950#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2951 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2952#endif
33417e70
FB		 2953}
2954
0e0df1e2
AK		 2955static const MemoryRegionOps unassigned_mem_ops = {
2956 .read = unassigned_mem_read,
2957 .write = unassigned_mem_write,
2958 .endianness = DEVICE_NATIVE_ENDIAN,
2959};
e18231a3 2960
0e0df1e2
AK		 2961static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2962 unsigned size)
e18231a3 2963{
0e0df1e2 2964 abort();
e18231a3
BS		 2965}
2966
0e0df1e2
AK		 2967static void error_mem_write(void *opaque, target_phys_addr_t addr,
2968 uint64_t value, unsigned size)
e18231a3 2969{
0e0df1e2 2970 abort();
33417e70
FB		 2971}
2972
0e0df1e2
AK		 2973static const MemoryRegionOps error_mem_ops = {
2974 .read = error_mem_read,
2975 .write = error_mem_write,
2976 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2977};
2978
0e0df1e2
AK		 2979static const MemoryRegionOps rom_mem_ops = {
2980 .read = error_mem_read,
2981 .write = unassigned_mem_write,
2982 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2983};
2984
0e0df1e2
AK		 2985static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2986 uint64_t val, unsigned size)
9fa3e853 2987{
3a7d929e 2988 int dirty_flags;
f7c11b53 2989 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2990 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2991#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2992 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2993 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2994#endif
3a7d929e 2995 }
0e0df1e2
AK		 2996 switch (size) {
2997 case 1:
2998 stb_p(qemu_get_ram_ptr(ram_addr), val);
2999 break;
3000 case 2:
3001 stw_p(qemu_get_ram_ptr(ram_addr), val);
3002 break;
3003 case 4:
3004 stl_p(qemu_get_ram_ptr(ram_addr), val);
3005 break;
3006 default:
3007 abort();
3a7d929e 3008 }
f23db169 3009 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3010 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3011 /* we remove the notdirty callback only if the code has been
3012 flushed */
3013 if (dirty_flags == 0xff)
2e70f6ef 3014 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3015}
3016
0e0df1e2
AK		 3017static const MemoryRegionOps notdirty_mem_ops = {
3018 .read = error_mem_read,
3019 .write = notdirty_mem_write,
3020 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3021};
3022
0f459d16 3023/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3024static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 3025{
9349b4f9 3026 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 3027 target_ulong pc, cs_base;
3028 TranslationBlock *tb;
0f459d16 3029 target_ulong vaddr;
a1d1bb31 3030 CPUWatchpoint *wp;
06d55cc1 3031 int cpu_flags;
0f459d16 3032
06d55cc1
AL		 3033 if (env->watchpoint_hit) {
3034 /* We re-entered the check after replacing the TB. Now raise
3035 * the debug interrupt so that is will trigger after the
3036 * current instruction. */
3037 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3038 return;
3039 }
2e70f6ef 3040 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3041 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3042 if ((vaddr == (wp->vaddr & len_mask) ||
3043 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3044 wp->flags |= BP_WATCHPOINT_HIT;
3045 if (!env->watchpoint_hit) {
3046 env->watchpoint_hit = wp;
3047 tb = tb_find_pc(env->mem_io_pc);
3048 if (!tb) {
3049 cpu_abort(env, "check_watchpoint: could not find TB for "
3050 "pc=%p", (void *)env->mem_io_pc);
3051 }
618ba8e6 3052 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3053 tb_phys_invalidate(tb, -1);
3054 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3055 env->exception_index = EXCP_DEBUG;
488d6577 3056 cpu_loop_exit(env);
6e140f28
AL		 3057 } else {
3058 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3059 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 3060 cpu_resume_from_signal(env, NULL);
6e140f28 3061 }
06d55cc1 3062 }
6e140f28
AL		 3063 } else {
3064 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3065 }
3066 }
3067}
3068
6658ffb8
PB		 3069/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3070 so these check for a hit then pass through to the normal out-of-line
3071 phys routines. */
1ec9b909
AK		 3072static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3073 unsigned size)
6658ffb8 3074{
1ec9b909
AK		 3075 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3076 switch (size) {
3077 case 1: return ldub_phys(addr);
3078 case 2: return lduw_phys(addr);
3079 case 4: return ldl_phys(addr);
3080 default: abort();
3081 }
6658ffb8
PB		 3082}
3083
1ec9b909
AK		 3084static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3085 uint64_t val, unsigned size)
6658ffb8 3086{
1ec9b909
AK		 3087 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3088 switch (size) {
67364150
MF		 3089 case 1:
3090 stb_phys(addr, val);
3091 break;
3092 case 2:
3093 stw_phys(addr, val);
3094 break;
3095 case 4:
3096 stl_phys(addr, val);
3097 break;
1ec9b909
AK		 3098 default: abort();
3099 }
6658ffb8
PB		 3100}
3101
1ec9b909
AK		 3102static const MemoryRegionOps watch_mem_ops = {
3103 .read = watch_mem_read,
3104 .write = watch_mem_write,
3105 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3106};
6658ffb8 3107
70c68e44
AK		 3108static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3109 unsigned len)
db7b5426 3110{
70c68e44 3111 subpage_t *mmio = opaque;
f6405247 3112 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3113 MemoryRegionSection *section;
db7b5426
BS		 3114#if defined(DEBUG_SUBPAGE)
3115 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3116 mmio, len, addr, idx);
3117#endif
db7b5426 3118
5312bd8b
AK		 3119 section = &phys_sections[mmio->sub_section[idx]];
3120 addr += mmio->base;
3121 addr -= section->offset_within_address_space;
3122 addr += section->offset_within_region;
37ec01d4 3123 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3124}
3125
70c68e44
AK		 3126static void subpage_write(void *opaque, target_phys_addr_t addr,
3127 uint64_t value, unsigned len)
db7b5426 3128{
70c68e44 3129 subpage_t *mmio = opaque;
f6405247 3130 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3131 MemoryRegionSection *section;
db7b5426 3132#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3133 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3134 " idx %d value %"PRIx64"\n",
f6405247 3135 __func__, mmio, len, addr, idx, value);
db7b5426 3136#endif
f6405247 3137
5312bd8b
AK		 3138 section = &phys_sections[mmio->sub_section[idx]];
3139 addr += mmio->base;
3140 addr -= section->offset_within_address_space;
3141 addr += section->offset_within_region;
37ec01d4 3142 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3143}
3144
70c68e44
AK		 3145static const MemoryRegionOps subpage_ops = {
3146 .read = subpage_read,
3147 .write = subpage_write,
3148 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3149};
3150
de712f94
AK		 3151static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3152 unsigned size)
56384e8b
AF		 3153{
3154 ram_addr_t raddr = addr;
3155 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3156 switch (size) {
3157 case 1: return ldub_p(ptr);
3158 case 2: return lduw_p(ptr);
3159 case 4: return ldl_p(ptr);
3160 default: abort();
3161 }
56384e8b
AF		 3162}
3163
de712f94
AK		 3164static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3165 uint64_t value, unsigned size)
56384e8b
AF		 3166{
3167 ram_addr_t raddr = addr;
3168 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3169 switch (size) {
3170 case 1: return stb_p(ptr, value);
3171 case 2: return stw_p(ptr, value);
3172 case 4: return stl_p(ptr, value);
3173 default: abort();
3174 }
56384e8b
AF		 3175}
3176
de712f94
AK		 3177static const MemoryRegionOps subpage_ram_ops = {
3178 .read = subpage_ram_read,
3179 .write = subpage_ram_write,
3180 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3181};
3182
c227f099 3183static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3184 uint16_t section)
db7b5426
BS		 3185{
3186 int idx, eidx;
3187
3188 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3189 return -1;
3190 idx = SUBPAGE_IDX(start);
3191 eidx = SUBPAGE_IDX(end);
3192#if defined(DEBUG_SUBPAGE)
0bf9e31a 3193 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3194 mmio, start, end, idx, eidx, memory);
3195#endif
5312bd8b
AK		 3196 if (memory_region_is_ram(phys_sections[section].mr)) {
3197 MemoryRegionSection new_section = phys_sections[section];
3198 new_section.mr = &io_mem_subpage_ram;
3199 section = phys_section_add(&new_section);
56384e8b 3200 }
db7b5426 3201 for (; idx <= eidx; idx++) {
5312bd8b 3202 mmio->sub_section[idx] = section;
db7b5426
BS		 3203 }
3204
3205 return 0;
3206}
3207
0f0cb164 3208static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3209{
c227f099 3210 subpage_t *mmio;
db7b5426 3211
7267c094 3212 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3213
3214 mmio->base = base;
70c68e44
AK		 3215 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3216 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3217 mmio->iomem.subpage = true;
db7b5426 3218#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3219 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3220 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3221#endif
0f0cb164 3222 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3223
3224 return mmio;
3225}
3226
5312bd8b
AK		 3227static uint16_t dummy_section(MemoryRegion *mr)
3228{
3229 MemoryRegionSection section = {
3230 .mr = mr,
3231 .offset_within_address_space = 0,
3232 .offset_within_region = 0,
3233 .size = UINT64_MAX,
3234 };
3235
3236 return phys_section_add(&section);
3237}
3238
37ec01d4 3239MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3240{
37ec01d4 3241 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3242}
3243
e9179ce1
AK		 3244static void io_mem_init(void)
3245{
0e0df1e2 3246 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3247 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3248 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3249 "unassigned", UINT64_MAX);
3250 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3251 "notdirty", UINT64_MAX);
de712f94
AK		 3252 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3253 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3254 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3255 "watch", UINT64_MAX);
e9179ce1
AK		 3256}
3257
50c1e149
AK		 3258static void core_begin(MemoryListener *listener)
3259{
54688b1e 3260 destroy_all_mappings();
5312bd8b 3261 phys_sections_clear();
c19e8800 3262 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3263 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3264 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3265 phys_section_rom = dummy_section(&io_mem_rom);
3266 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3267}
3268
3269static void core_commit(MemoryListener *listener)
3270{
9349b4f9 3271 CPUArchState *env;
117712c3
AK		 3272
3273 /* since each CPU stores ram addresses in its TLB cache, we must
3274 reset the modified entries */
3275 /* XXX: slow ! */
3276 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3277 tlb_flush(env, 1);
3278 }
50c1e149
AK		 3279}
3280
93632747
AK		 3281static void core_region_add(MemoryListener *listener,
3282 MemoryRegionSection *section)
3283{
4855d41a 3284 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3285}
3286
3287static void core_region_del(MemoryListener *listener,
3288 MemoryRegionSection *section)
3289{
93632747
AK		 3290}
3291
50c1e149
AK		 3292static void core_region_nop(MemoryListener *listener,
3293 MemoryRegionSection *section)
3294{
54688b1e 3295 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3296}
3297
93632747
AK		 3298static void core_log_start(MemoryListener *listener,
3299 MemoryRegionSection *section)
3300{
3301}
3302
3303static void core_log_stop(MemoryListener *listener,
3304 MemoryRegionSection *section)
3305{
3306}
3307
3308static void core_log_sync(MemoryListener *listener,
3309 MemoryRegionSection *section)
3310{
3311}
3312
3313static void core_log_global_start(MemoryListener *listener)
3314{
3315 cpu_physical_memory_set_dirty_tracking(1);
3316}
3317
3318static void core_log_global_stop(MemoryListener *listener)
3319{
3320 cpu_physical_memory_set_dirty_tracking(0);
3321}
3322
3323static void core_eventfd_add(MemoryListener *listener,
3324 MemoryRegionSection *section,
3325 bool match_data, uint64_t data, int fd)
3326{
3327}
3328
3329static void core_eventfd_del(MemoryListener *listener,
3330 MemoryRegionSection *section,
3331 bool match_data, uint64_t data, int fd)
3332{
3333}
3334
50c1e149
AK		 3335static void io_begin(MemoryListener *listener)
3336{
3337}
3338
3339static void io_commit(MemoryListener *listener)
3340{
3341}
3342
4855d41a
AK		 3343static void io_region_add(MemoryListener *listener,
3344 MemoryRegionSection *section)
3345{
a2d33521
AK		 3346 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3347
3348 mrio->mr = section->mr;
3349 mrio->offset = section->offset_within_region;
3350 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3351 section->offset_within_address_space, section->size);
a2d33521 3352 ioport_register(&mrio->iorange);
4855d41a
AK		 3353}
3354
3355static void io_region_del(MemoryListener *listener,
3356 MemoryRegionSection *section)
3357{
3358 isa_unassign_ioport(section->offset_within_address_space, section->size);
3359}
3360
50c1e149
AK		 3361static void io_region_nop(MemoryListener *listener,
3362 MemoryRegionSection *section)
3363{
3364}
3365
4855d41a
AK		 3366static void io_log_start(MemoryListener *listener,
3367 MemoryRegionSection *section)
3368{
3369}
3370
3371static void io_log_stop(MemoryListener *listener,
3372 MemoryRegionSection *section)
3373{
3374}
3375
3376static void io_log_sync(MemoryListener *listener,
3377 MemoryRegionSection *section)
3378{
3379}
3380
3381static void io_log_global_start(MemoryListener *listener)
3382{
3383}
3384
3385static void io_log_global_stop(MemoryListener *listener)
3386{
3387}
3388
3389static void io_eventfd_add(MemoryListener *listener,
3390 MemoryRegionSection *section,
3391 bool match_data, uint64_t data, int fd)
3392{
3393}
3394
3395static void io_eventfd_del(MemoryListener *listener,
3396 MemoryRegionSection *section,
3397 bool match_data, uint64_t data, int fd)
3398{
3399}
3400
93632747 3401static MemoryListener core_memory_listener = {
50c1e149
AK		 3402 .begin = core_begin,
3403 .commit = core_commit,
93632747
AK		 3404 .region_add = core_region_add,
3405 .region_del = core_region_del,
50c1e149 3406 .region_nop = core_region_nop,
93632747
AK		 3407 .log_start = core_log_start,
3408 .log_stop = core_log_stop,
3409 .log_sync = core_log_sync,
3410 .log_global_start = core_log_global_start,
3411 .log_global_stop = core_log_global_stop,
3412 .eventfd_add = core_eventfd_add,
3413 .eventfd_del = core_eventfd_del,
3414 .priority = 0,
3415};
3416
4855d41a 3417static MemoryListener io_memory_listener = {
50c1e149
AK		 3418 .begin = io_begin,
3419 .commit = io_commit,
4855d41a
AK		 3420 .region_add = io_region_add,
3421 .region_del = io_region_del,
50c1e149 3422 .region_nop = io_region_nop,
4855d41a
AK		 3423 .log_start = io_log_start,
3424 .log_stop = io_log_stop,
3425 .log_sync = io_log_sync,
3426 .log_global_start = io_log_global_start,
3427 .log_global_stop = io_log_global_stop,
3428 .eventfd_add = io_eventfd_add,
3429 .eventfd_del = io_eventfd_del,
3430 .priority = 0,
3431};
3432
62152b8a
AK		 3433static void memory_map_init(void)
3434{
7267c094 3435 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3436 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3437 set_system_memory_map(system_memory);
309cb471 3438
7267c094 3439 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3440 memory_region_init(system_io, "io", 65536);
3441 set_system_io_map(system_io);
93632747 3442
4855d41a
AK		 3443 memory_listener_register(&core_memory_listener, system_memory);
3444 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3445}
3446
3447MemoryRegion *get_system_memory(void)
3448{
3449 return system_memory;
3450}
3451
309cb471
AK		 3452MemoryRegion *get_system_io(void)
3453{
3454 return system_io;
3455}
3456
e2eef170
PB		 3457#endif /* !defined(CONFIG_USER_ONLY) */
3458
13eb76e0
FB		 3459/* physical memory access (slow version, mainly for debug) */
3460#if defined(CONFIG_USER_ONLY)
9349b4f9 3461int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3462 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3463{
3464 int l, flags;
3465 target_ulong page;
53a5960a 3466 void * p;
13eb76e0
FB		 3467
3468 while (len > 0) {
3469 page = addr & TARGET_PAGE_MASK;
3470 l = (page + TARGET_PAGE_SIZE) - addr;
3471 if (l > len)
3472 l = len;
3473 flags = page_get_flags(page);
3474 if (!(flags & PAGE_VALID))
a68fe89c 3475 return -1;
13eb76e0
FB		 3476 if (is_write) {
3477 if (!(flags & PAGE_WRITE))
a68fe89c 3478 return -1;
579a97f7 3479 /* XXX: this code should not depend on lock_user */
72fb7daa 3480 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3481 return -1;
72fb7daa
AJ		 3482 memcpy(p, buf, l);
3483 unlock_user(p, addr, l);
13eb76e0
FB		 3484 } else {
3485 if (!(flags & PAGE_READ))
a68fe89c 3486 return -1;
579a97f7 3487 /* XXX: this code should not depend on lock_user */
72fb7daa 3488 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3489 return -1;
72fb7daa 3490 memcpy(buf, p, l);
5b257578 3491 unlock_user(p, addr, 0);
13eb76e0
FB		 3492 }
3493 len -= l;
3494 buf += l;
3495 addr += l;
3496 }
a68fe89c 3497 return 0;
13eb76e0 3498}
8df1cd07 3499
13eb76e0 3500#else
c227f099 3501void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3502 int len, int is_write)
3503{
37ec01d4 3504 int l;
13eb76e0
FB		 3505 uint8_t *ptr;
3506 uint32_t val;
c227f099 3507 target_phys_addr_t page;
f3705d53 3508 MemoryRegionSection *section;
3b46e624 3509
13eb76e0
FB		 3510 while (len > 0) {
3511 page = addr & TARGET_PAGE_MASK;
3512 l = (page + TARGET_PAGE_SIZE) - addr;
3513 if (l > len)
3514 l = len;
06ef3525 3515 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3516
13eb76e0 3517 if (is_write) {
f3705d53 3518 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3519 target_phys_addr_t addr1;
f3705d53 3520 addr1 = section_addr(section, addr);
6a00d601
FB		 3521 /* XXX: could force cpu_single_env to NULL to avoid
3522 potential bugs */
6c2934db 3523 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3524 /* 32 bit write access */
c27004ec 3525 val = ldl_p(buf);
37ec01d4 3526 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3527 l = 4;
6c2934db 3528 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3529 /* 16 bit write access */
c27004ec 3530 val = lduw_p(buf);
37ec01d4 3531 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3532 l = 2;
3533 } else {
1c213d19 3534 /* 8 bit write access */
c27004ec 3535 val = ldub_p(buf);
37ec01d4 3536 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3537 l = 1;
3538 }
f3705d53 3539 } else if (!section->readonly) {
8ca5692d 3540 ram_addr_t addr1;
f3705d53
AK		 3541 addr1 = memory_region_get_ram_addr(section->mr)
3542 + section_addr(section, addr);
13eb76e0 3543 /* RAM case */
5579c7f3 3544 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3545 memcpy(ptr, buf, l);
3a7d929e
FB		 3546 if (!cpu_physical_memory_is_dirty(addr1)) {
3547 /* invalidate code */
3548 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3549 /* set dirty bit */
f7c11b53
YT		 3550 cpu_physical_memory_set_dirty_flags(
3551 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3552 }
050a0ddf 3553 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3554 }
3555 } else {
f3705d53 3556 if (!is_ram_rom_romd(section)) {
f1f6e3b8 3557 target_phys_addr_t addr1;
13eb76e0 3558 /* I/O case */
f3705d53 3559 addr1 = section_addr(section, addr);
6c2934db 3560 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3561 /* 32 bit read access */
37ec01d4 3562 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3563 stl_p(buf, val);
13eb76e0 3564 l = 4;
6c2934db 3565 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3566 /* 16 bit read access */
37ec01d4 3567 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3568 stw_p(buf, val);
13eb76e0
FB		 3569 l = 2;
3570 } else {
1c213d19 3571 /* 8 bit read access */
37ec01d4 3572 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3573 stb_p(buf, val);
13eb76e0
FB		 3574 l = 1;
3575 }
3576 } else {
3577 /* RAM case */
0a1b357f
AP		 3578 ptr = qemu_get_ram_ptr(section->mr->ram_addr
3579 + section_addr(section, addr));
f3705d53 3580 memcpy(buf, ptr, l);
050a0ddf 3581 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3582 }
3583 }
3584 len -= l;
3585 buf += l;
3586 addr += l;
3587 }
3588}
8df1cd07 3589
d0ecd2aa 3590/* used for ROM loading : can write in RAM and ROM */
c227f099 3591void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3592 const uint8_t *buf, int len)
3593{
3594 int l;
3595 uint8_t *ptr;
c227f099 3596 target_phys_addr_t page;
f3705d53 3597 MemoryRegionSection *section;
3b46e624 3598
d0ecd2aa
FB		 3599 while (len > 0) {
3600 page = addr & TARGET_PAGE_MASK;
3601 l = (page + TARGET_PAGE_SIZE) - addr;
3602 if (l > len)
3603 l = len;
06ef3525 3604 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3605
f3705d53 3606 if (!is_ram_rom_romd(section)) {
d0ecd2aa
FB		 3607 /* do nothing */
3608 } else {
3609 unsigned long addr1;
f3705d53
AK		 3610 addr1 = memory_region_get_ram_addr(section->mr)
3611 + section_addr(section, addr);
d0ecd2aa 3612 /* ROM/RAM case */
5579c7f3 3613 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3614 memcpy(ptr, buf, l);
050a0ddf 3615 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3616 }
3617 len -= l;
3618 buf += l;
3619 addr += l;
3620 }
3621}
3622
6d16c2f8
AL		 3623typedef struct {
3624 void *buffer;
c227f099
AL		 3625 target_phys_addr_t addr;
3626 target_phys_addr_t len;
6d16c2f8
AL		 3627} BounceBuffer;
3628
3629static BounceBuffer bounce;
3630
ba223c29
AL		 3631typedef struct MapClient {
3632 void *opaque;
3633 void (*callback)(void *opaque);
72cf2d4f 3634 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3635} MapClient;
3636
72cf2d4f
BS		 3637static QLIST_HEAD(map_client_list, MapClient) map_client_list
3638 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3639
3640void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3641{
7267c094 3642 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3643
3644 client->opaque = opaque;
3645 client->callback = callback;
72cf2d4f 3646 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3647 return client;
3648}
3649
3650void cpu_unregister_map_client(void *_client)
3651{
3652 MapClient *client = (MapClient *)_client;
3653
72cf2d4f 3654 QLIST_REMOVE(client, link);
7267c094 3655 g_free(client);
ba223c29
AL		 3656}
3657
3658static void cpu_notify_map_clients(void)
3659{
3660 MapClient *client;
3661
72cf2d4f
BS		 3662 while (!QLIST_EMPTY(&map_client_list)) {
3663 client = QLIST_FIRST(&map_client_list);
ba223c29 3664 client->callback(client->opaque);
34d5e948 3665 cpu_unregister_map_client(client);
ba223c29
AL		 3666 }
3667}
3668
6d16c2f8
AL		 3669/* Map a physical memory region into a host virtual address.
3670 * May map a subset of the requested range, given by and returned in *plen.
3671 * May return NULL if resources needed to perform the mapping are exhausted.
3672 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3673 * Use cpu_register_map_client() to know when retrying the map operation is
3674 * likely to succeed.
6d16c2f8 3675 */
c227f099
AL		 3676void *cpu_physical_memory_map(target_phys_addr_t addr,
3677 target_phys_addr_t *plen,
6d16c2f8
AL		 3678 int is_write)
3679{
c227f099 3680 target_phys_addr_t len = *plen;
38bee5dc 3681 target_phys_addr_t todo = 0;
6d16c2f8 3682 int l;
c227f099 3683 target_phys_addr_t page;
f3705d53 3684 MemoryRegionSection *section;
f15fbc4b 3685 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3686 ram_addr_t rlen;
3687 void *ret;
6d16c2f8
AL		 3688
3689 while (len > 0) {
3690 page = addr & TARGET_PAGE_MASK;
3691 l = (page + TARGET_PAGE_SIZE) - addr;
3692 if (l > len)
3693 l = len;
06ef3525 3694 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3695
f3705d53 3696 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3697 if (todo || bounce.buffer) {
6d16c2f8
AL		 3698 break;
3699 }
3700 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3701 bounce.addr = addr;
3702 bounce.len = l;
3703 if (!is_write) {
54f7b4a3 3704 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3705 }
38bee5dc
SS		 3706
3707 *plen = l;
3708 return bounce.buffer;
6d16c2f8 3709 }
8ab934f9 3710 if (!todo) {
f3705d53
AK		 3711 raddr = memory_region_get_ram_addr(section->mr)
3712 + section_addr(section, addr);
8ab934f9 3713 }
6d16c2f8
AL		 3714
3715 len -= l;
3716 addr += l;
38bee5dc 3717 todo += l;
6d16c2f8 3718 }
8ab934f9
SS		 3719 rlen = todo;
3720 ret = qemu_ram_ptr_length(raddr, &rlen);
3721 *plen = rlen;
3722 return ret;
6d16c2f8
AL		 3723}
3724
3725/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3726 * Will also mark the memory as dirty if is_write == 1. access_len gives
3727 * the amount of memory that was actually read or written by the caller.
3728 */
c227f099
AL		 3729void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3730 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3731{
3732 if (buffer != bounce.buffer) {
3733 if (is_write) {
e890261f 3734 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3735 while (access_len) {
3736 unsigned l;
3737 l = TARGET_PAGE_SIZE;
3738 if (l > access_len)
3739 l = access_len;
3740 if (!cpu_physical_memory_is_dirty(addr1)) {
3741 /* invalidate code */
3742 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3743 /* set dirty bit */
f7c11b53
YT		 3744 cpu_physical_memory_set_dirty_flags(
3745 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 3746 }
3747 addr1 += l;
3748 access_len -= l;
3749 }
3750 }
868bb33f 3751 if (xen_enabled()) {
e41d7c69 3752 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3753 }
6d16c2f8
AL		 3754 return;
3755 }
3756 if (is_write) {
3757 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3758 }
f8a83245 3759 qemu_vfree(bounce.buffer);
6d16c2f8 3760 bounce.buffer = NULL;
ba223c29 3761 cpu_notify_map_clients();
6d16c2f8 3762}
d0ecd2aa 3763
8df1cd07 3764/* warning: addr must be aligned */
1e78bcc1
AG		 3765static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3766 enum device_endian endian)
8df1cd07 3767{
8df1cd07
FB		 3768 uint8_t *ptr;
3769 uint32_t val;
f3705d53 3770 MemoryRegionSection *section;
8df1cd07 3771
06ef3525 3772 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3773
f3705d53 3774 if (!is_ram_rom_romd(section)) {
8df1cd07 3775 /* I/O case */
f3705d53 3776 addr = section_addr(section, addr);
37ec01d4 3777 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3778#if defined(TARGET_WORDS_BIGENDIAN)
3779 if (endian == DEVICE_LITTLE_ENDIAN) {
3780 val = bswap32(val);
3781 }
3782#else
3783 if (endian == DEVICE_BIG_ENDIAN) {
3784 val = bswap32(val);
3785 }
3786#endif
8df1cd07
FB		 3787 } else {
3788 /* RAM case */
f3705d53 3789 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3790 & TARGET_PAGE_MASK)
f3705d53 3791 + section_addr(section, addr));
1e78bcc1
AG		 3792 switch (endian) {
3793 case DEVICE_LITTLE_ENDIAN:
3794 val = ldl_le_p(ptr);
3795 break;
3796 case DEVICE_BIG_ENDIAN:
3797 val = ldl_be_p(ptr);
3798 break;
3799 default:
3800 val = ldl_p(ptr);
3801 break;
3802 }
8df1cd07
FB		 3803 }
3804 return val;
3805}
3806
1e78bcc1
AG		 3807uint32_t ldl_phys(target_phys_addr_t addr)
3808{
3809 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3810}
3811
3812uint32_t ldl_le_phys(target_phys_addr_t addr)
3813{
3814 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3815}
3816
3817uint32_t ldl_be_phys(target_phys_addr_t addr)
3818{
3819 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3820}
3821
84b7b8e7 3822/* warning: addr must be aligned */
1e78bcc1
AG		 3823static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3824 enum device_endian endian)
84b7b8e7 3825{
84b7b8e7
FB		 3826 uint8_t *ptr;
3827 uint64_t val;
f3705d53 3828 MemoryRegionSection *section;
84b7b8e7 3829
06ef3525 3830 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3831
f3705d53 3832 if (!is_ram_rom_romd(section)) {
84b7b8e7 3833 /* I/O case */
f3705d53 3834 addr = section_addr(section, addr);
1e78bcc1
AG		 3835
3836 /* XXX This is broken when device endian != cpu endian.
3837 Fix and add "endian" variable check */
84b7b8e7 3838#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3839 val = io_mem_read(section->mr, addr, 4) << 32;
3840 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3841#else
37ec01d4
AK		 3842 val = io_mem_read(section->mr, addr, 4);
3843 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3844#endif
3845 } else {
3846 /* RAM case */
f3705d53 3847 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3848 & TARGET_PAGE_MASK)
f3705d53 3849 + section_addr(section, addr));
1e78bcc1
AG		 3850 switch (endian) {
3851 case DEVICE_LITTLE_ENDIAN:
3852 val = ldq_le_p(ptr);
3853 break;
3854 case DEVICE_BIG_ENDIAN:
3855 val = ldq_be_p(ptr);
3856 break;
3857 default:
3858 val = ldq_p(ptr);
3859 break;
3860 }
84b7b8e7
FB		 3861 }
3862 return val;
3863}
3864
1e78bcc1
AG		 3865uint64_t ldq_phys(target_phys_addr_t addr)
3866{
3867 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3868}
3869
3870uint64_t ldq_le_phys(target_phys_addr_t addr)
3871{
3872 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3873}
3874
3875uint64_t ldq_be_phys(target_phys_addr_t addr)
3876{
3877 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3878}
3879
aab33094 3880/* XXX: optimize */
c227f099 3881uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3882{
3883 uint8_t val;
3884 cpu_physical_memory_read(addr, &val, 1);
3885 return val;
3886}
3887
733f0b02 3888/* warning: addr must be aligned */
1e78bcc1
AG		 3889static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3890 enum device_endian endian)
aab33094 3891{
733f0b02
MT		 3892 uint8_t *ptr;
3893 uint64_t val;
f3705d53 3894 MemoryRegionSection *section;
733f0b02 3895
06ef3525 3896 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3897
f3705d53 3898 if (!is_ram_rom_romd(section)) {
733f0b02 3899 /* I/O case */
f3705d53 3900 addr = section_addr(section, addr);
37ec01d4 3901 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3902#if defined(TARGET_WORDS_BIGENDIAN)
3903 if (endian == DEVICE_LITTLE_ENDIAN) {
3904 val = bswap16(val);
3905 }
3906#else
3907 if (endian == DEVICE_BIG_ENDIAN) {
3908 val = bswap16(val);
3909 }
3910#endif
733f0b02
MT		 3911 } else {
3912 /* RAM case */
f3705d53 3913 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3914 & TARGET_PAGE_MASK)
f3705d53 3915 + section_addr(section, addr));
1e78bcc1
AG		 3916 switch (endian) {
3917 case DEVICE_LITTLE_ENDIAN:
3918 val = lduw_le_p(ptr);
3919 break;
3920 case DEVICE_BIG_ENDIAN:
3921 val = lduw_be_p(ptr);
3922 break;
3923 default:
3924 val = lduw_p(ptr);
3925 break;
3926 }
733f0b02
MT		 3927 }
3928 return val;
aab33094
FB		 3929}
3930
1e78bcc1
AG		 3931uint32_t lduw_phys(target_phys_addr_t addr)
3932{
3933 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3934}
3935
3936uint32_t lduw_le_phys(target_phys_addr_t addr)
3937{
3938 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3939}
3940
3941uint32_t lduw_be_phys(target_phys_addr_t addr)
3942{
3943 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3944}
3945
8df1cd07
FB		 3946/* warning: addr must be aligned. The ram page is not masked as dirty
3947 and the code inside is not invalidated. It is useful if the dirty
3948 bits are used to track modified PTEs */
c227f099 3949void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3950{
8df1cd07 3951 uint8_t *ptr;
f3705d53 3952 MemoryRegionSection *section;
8df1cd07 3953
06ef3525 3954 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3955
f3705d53 3956 if (!memory_region_is_ram(section->mr) || section->readonly) {
37ec01d4 3957 addr = section_addr(section, addr);
f3705d53 3958 if (memory_region_is_ram(section->mr)) {
37ec01d4 3959 section = &phys_sections[phys_section_rom];
06ef3525 3960 }
37ec01d4 3961 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3962 } else {
f3705d53 3963 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3964 & TARGET_PAGE_MASK)
f3705d53 3965 + section_addr(section, addr);
5579c7f3 3966 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3967 stl_p(ptr, val);
74576198
AL		 3968
3969 if (unlikely(in_migration)) {
3970 if (!cpu_physical_memory_is_dirty(addr1)) {
3971 /* invalidate code */
3972 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3973 /* set dirty bit */
f7c11b53
YT		 3974 cpu_physical_memory_set_dirty_flags(
3975 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3976 }
3977 }
8df1cd07
FB		 3978 }
3979}
3980
c227f099 3981void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3982{
bc98a7ef 3983 uint8_t *ptr;
f3705d53 3984 MemoryRegionSection *section;
bc98a7ef 3985
06ef3525 3986 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3987
f3705d53 3988 if (!memory_region_is_ram(section->mr) || section->readonly) {
37ec01d4 3989 addr = section_addr(section, addr);
f3705d53 3990 if (memory_region_is_ram(section->mr)) {
37ec01d4 3991 section = &phys_sections[phys_section_rom];
06ef3525 3992 }
bc98a7ef 3993#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3994 io_mem_write(section->mr, addr, val >> 32, 4);
3995 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3996#else
37ec01d4
AK		 3997 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3998 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3999#endif
4000 } else {
f3705d53 4001 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 4002 & TARGET_PAGE_MASK)
f3705d53 4003 + section_addr(section, addr));
bc98a7ef
JM		 4004 stq_p(ptr, val);
4005 }
4006}
4007
8df1cd07 4008/* warning: addr must be aligned */
1e78bcc1
AG		 4009static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4010 enum device_endian endian)
8df1cd07 4011{
8df1cd07 4012 uint8_t *ptr;
f3705d53 4013 MemoryRegionSection *section;
8df1cd07 4014
06ef3525 4015 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4016
f3705d53 4017 if (!memory_region_is_ram(section->mr) || section->readonly) {
37ec01d4 4018 addr = section_addr(section, addr);
f3705d53 4019 if (memory_region_is_ram(section->mr)) {
37ec01d4 4020 section = &phys_sections[phys_section_rom];
06ef3525 4021 }
1e78bcc1
AG		 4022#if defined(TARGET_WORDS_BIGENDIAN)
4023 if (endian == DEVICE_LITTLE_ENDIAN) {
4024 val = bswap32(val);
4025 }
4026#else
4027 if (endian == DEVICE_BIG_ENDIAN) {
4028 val = bswap32(val);
4029 }
4030#endif
37ec01d4 4031 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 4032 } else {
4033 unsigned long addr1;
f3705d53
AK		 4034 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4035 + section_addr(section, addr);
8df1cd07 4036 /* RAM case */
5579c7f3 4037 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4038 switch (endian) {
4039 case DEVICE_LITTLE_ENDIAN:
4040 stl_le_p(ptr, val);
4041 break;
4042 case DEVICE_BIG_ENDIAN:
4043 stl_be_p(ptr, val);
4044 break;
4045 default:
4046 stl_p(ptr, val);
4047 break;
4048 }
3a7d929e
FB		 4049 if (!cpu_physical_memory_is_dirty(addr1)) {
4050 /* invalidate code */
4051 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4052 /* set dirty bit */
f7c11b53
YT		 4053 cpu_physical_memory_set_dirty_flags(addr1,
4054 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4055 }
8df1cd07
FB		 4056 }
4057}
4058
1e78bcc1
AG		 4059void stl_phys(target_phys_addr_t addr, uint32_t val)
4060{
4061 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4062}
4063
4064void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4065{
4066 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4067}
4068
4069void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4070{
4071 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4072}
4073
aab33094 4074/* XXX: optimize */
c227f099 4075void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4076{
4077 uint8_t v = val;
4078 cpu_physical_memory_write(addr, &v, 1);
4079}
4080
733f0b02 4081/* warning: addr must be aligned */
1e78bcc1
AG		 4082static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4083 enum device_endian endian)
aab33094 4084{
733f0b02 4085 uint8_t *ptr;
f3705d53 4086 MemoryRegionSection *section;
733f0b02 4087
06ef3525 4088 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4089
f3705d53 4090 if (!memory_region_is_ram(section->mr) || section->readonly) {
37ec01d4 4091 addr = section_addr(section, addr);
f3705d53 4092 if (memory_region_is_ram(section->mr)) {
37ec01d4 4093 section = &phys_sections[phys_section_rom];
06ef3525 4094 }
1e78bcc1
AG		 4095#if defined(TARGET_WORDS_BIGENDIAN)
4096 if (endian == DEVICE_LITTLE_ENDIAN) {
4097 val = bswap16(val);
4098 }
4099#else
4100 if (endian == DEVICE_BIG_ENDIAN) {
4101 val = bswap16(val);
4102 }
4103#endif
37ec01d4 4104 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4105 } else {
4106 unsigned long addr1;
f3705d53
AK		 4107 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4108 + section_addr(section, addr);
733f0b02
MT		 4109 /* RAM case */
4110 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4111 switch (endian) {
4112 case DEVICE_LITTLE_ENDIAN:
4113 stw_le_p(ptr, val);
4114 break;
4115 case DEVICE_BIG_ENDIAN:
4116 stw_be_p(ptr, val);
4117 break;
4118 default:
4119 stw_p(ptr, val);
4120 break;
4121 }
733f0b02
MT		 4122 if (!cpu_physical_memory_is_dirty(addr1)) {
4123 /* invalidate code */
4124 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4125 /* set dirty bit */
4126 cpu_physical_memory_set_dirty_flags(addr1,
4127 (0xff & ~CODE_DIRTY_FLAG));
4128 }
4129 }
aab33094
FB		 4130}
4131
1e78bcc1
AG		 4132void stw_phys(target_phys_addr_t addr, uint32_t val)
4133{
4134 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4135}
4136
4137void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4138{
4139 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4140}
4141
4142void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4143{
4144 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4145}
4146
aab33094 4147/* XXX: optimize */
c227f099 4148void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4149{
4150 val = tswap64(val);
71d2b725 4151 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4152}
4153
1e78bcc1
AG		 4154void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4155{
4156 val = cpu_to_le64(val);
4157 cpu_physical_memory_write(addr, &val, 8);
4158}
4159
4160void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4161{
4162 val = cpu_to_be64(val);
4163 cpu_physical_memory_write(addr, &val, 8);
4164}
4165
5e2972fd 4166/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4167int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4168 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4169{
4170 int l;
c227f099 4171 target_phys_addr_t phys_addr;
9b3c35e0 4172 target_ulong page;
13eb76e0
FB		 4173
4174 while (len > 0) {
4175 page = addr & TARGET_PAGE_MASK;
4176 phys_addr = cpu_get_phys_page_debug(env, page);
4177 /* if no physical page mapped, return an error */
4178 if (phys_addr == -1)
4179 return -1;
4180 l = (page + TARGET_PAGE_SIZE) - addr;
4181 if (l > len)
4182 l = len;
5e2972fd 4183 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4184 if (is_write)
4185 cpu_physical_memory_write_rom(phys_addr, buf, l);
4186 else
5e2972fd 4187 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4188 len -= l;
4189 buf += l;
4190 addr += l;
4191 }
4192 return 0;
4193}
a68fe89c 4194#endif
13eb76e0 4195
2e70f6ef
PB		 4196/* in deterministic execution mode, instructions doing device I/Os
4197 must be at the end of the TB */
20503968 4198void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4199{
4200 TranslationBlock *tb;
4201 uint32_t n, cflags;
4202 target_ulong pc, cs_base;
4203 uint64_t flags;
4204
20503968 4205 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4206 if (!tb) {
4207 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4208 (void *)retaddr);
2e70f6ef
PB		 4209 }
4210 n = env->icount_decr.u16.low + tb->icount;
20503968 4211 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4212 /* Calculate how many instructions had been executed before the fault
bf20dc07 4213 occurred. */
2e70f6ef
PB		 4214 n = n - env->icount_decr.u16.low;
4215 /* Generate a new TB ending on the I/O insn. */
4216 n++;
4217 /* On MIPS and SH, delay slot instructions can only be restarted if
4218 they were already the first instruction in the TB. If this is not
bf20dc07 4219 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4220 branch. */
4221#if defined(TARGET_MIPS)
4222 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4223 env->active_tc.PC -= 4;
4224 env->icount_decr.u16.low++;
4225 env->hflags &= ~MIPS_HFLAG_BMASK;
4226 }
4227#elif defined(TARGET_SH4)
4228 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4229 && n > 1) {
4230 env->pc -= 2;
4231 env->icount_decr.u16.low++;
4232 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4233 }
4234#endif
4235 /* This should never happen. */
4236 if (n > CF_COUNT_MASK)
4237 cpu_abort(env, "TB too big during recompile");
4238
4239 cflags = n | CF_LAST_IO;
4240 pc = tb->pc;
4241 cs_base = tb->cs_base;
4242 flags = tb->flags;
4243 tb_phys_invalidate(tb, -1);
4244 /* FIXME: In theory this could raise an exception. In practice
4245 we have already translated the block once so it's probably ok. */
4246 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4247 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4248 the first in the TB) then we end up generating a whole new TB and
4249 repeating the fault, which is horribly inefficient.
4250 Better would be to execute just this insn uncached, or generate a
4251 second new TB. */
4252 cpu_resume_from_signal(env, NULL);
4253}
4254
b3755a91
PB		 4255#if !defined(CONFIG_USER_ONLY)
4256
055403b2 4257void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4258{
4259 int i, target_code_size, max_target_code_size;
4260 int direct_jmp_count, direct_jmp2_count, cross_page;
4261 TranslationBlock *tb;
3b46e624 4262
e3db7226
FB		 4263 target_code_size = 0;
4264 max_target_code_size = 0;
4265 cross_page = 0;
4266 direct_jmp_count = 0;
4267 direct_jmp2_count = 0;
4268 for(i = 0; i < nb_tbs; i++) {
4269 tb = &tbs[i];
4270 target_code_size += tb->size;
4271 if (tb->size > max_target_code_size)
4272 max_target_code_size = tb->size;
4273 if (tb->page_addr[1] != -1)
4274 cross_page++;
4275 if (tb->tb_next_offset[0] != 0xffff) {
4276 direct_jmp_count++;
4277 if (tb->tb_next_offset[1] != 0xffff) {
4278 direct_jmp2_count++;
4279 }
4280 }
4281 }
4282 /* XXX: avoid using doubles ? */
57fec1fe 4283 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4284 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4285 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4286 cpu_fprintf(f, "TB count %d/%d\n",
4287 nb_tbs, code_gen_max_blocks);
5fafdf24 4288 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4289 nb_tbs ? target_code_size / nb_tbs : 0,
4290 max_target_code_size);
055403b2 4291 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4292 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4293 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4294 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4295 cross_page,
e3db7226
FB		 4296 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4297 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4298 direct_jmp_count,
e3db7226
FB		 4299 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4300 direct_jmp2_count,
4301 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4302 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4303 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4304 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4305 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4306 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4307}
4308
82afa586
BH		 4309/*
4310 * A helper function for the _utterly broken_ virtio device model to find out if
4311 * it's running on a big endian machine. Don't do this at home kids!
4312 */
4313bool virtio_is_big_endian(void);
4314bool virtio_is_big_endian(void)
4315{
4316#if defined(TARGET_WORDS_BIGENDIAN)
4317 return true;
4318#else
4319 return false;
4320#endif
4321}
4322
61382a50 4323#endif
Qemu copy for testing