]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: silence hugetlbfs warning under qtest
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
1c7ba94a 54#include "sysemu/qtest.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
67d95c15 58
b35ba30f 59#include "qemu/range.h"
794e8f30
MT		 60#ifndef _WIN32
61#include "qemu/mmap-alloc.h"
62#endif
b35ba30f 63
db7b5426 64//#define DEBUG_SUBPAGE
1196be37 65
e2eef170 66#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 67/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
68 * are protected by the ramlist lock.
69 */
0d53d9fe 70RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 71
72static MemoryRegion *system_memory;
309cb471 73static MemoryRegion *system_io;
62152b8a 74
f6790af6
AK		 75AddressSpace address_space_io;
76AddressSpace address_space_memory;
2673a5da 77
0844e007 78MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 79static MemoryRegion io_mem_unassigned;
0e0df1e2 80
7bd4f430
PB		 81/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
82#define RAM_PREALLOC (1 << 0)
83
dbcb8981
PB		 84/* RAM is mmap-ed with MAP_SHARED */
85#define RAM_SHARED (1 << 1)
86
62be4e3a
MT		 87/* Only a portion of RAM (used_length) is actually used, and migrated.
88 * This used_length size can change across reboots.
89 */
90#define RAM_RESIZEABLE (1 << 2)
91
794e8f30 92/* RAM is backed by an mmapped file.
8561c924 93 */
794e8f30 94#define RAM_FILE (1 << 3)
e2eef170 95#endif
9fa3e853 96
bdc44640 97struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 98/* current CPU in the current thread. It is only valid inside
99 cpu_exec() */
f240eb6f 100__thread CPUState *current_cpu;
2e70f6ef 101/* 0 = Do not count executed instructions.
bf20dc07 102 1 = Precise instruction counting.
2e70f6ef 103 2 = Adaptive rate instruction counting. */
5708fc66 104int use_icount;
6a00d601 105
e2eef170 106#if !defined(CONFIG_USER_ONLY)
4346ae3e 107
1db8abb1
PB		 108typedef struct PhysPageEntry PhysPageEntry;
109
110struct PhysPageEntry {
9736e55b 111 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 112 uint32_t skip : 6;
9736e55b 113 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 114 uint32_t ptr : 26;
1db8abb1
PB		 115};
116
8b795765
MT		 117#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
118
03f49957 119/* Size of the L2 (and L3, etc) page tables. */
57271d63 120#define ADDR_SPACE_BITS 64
03f49957 121
026736ce 122#define P_L2_BITS 9
03f49957
PB		 123#define P_L2_SIZE (1 << P_L2_BITS)
124
125#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
126
127typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 128
53cb28cb 129typedef struct PhysPageMap {
79e2b9ae
PB		 130 struct rcu_head rcu;
131
53cb28cb
MA		 132 unsigned sections_nb;
133 unsigned sections_nb_alloc;
134 unsigned nodes_nb;
135 unsigned nodes_nb_alloc;
136 Node *nodes;
137 MemoryRegionSection *sections;
138} PhysPageMap;
139
1db8abb1 140struct AddressSpaceDispatch {
79e2b9ae
PB		 141 struct rcu_head rcu;
142
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
53cb28cb
MA		 190 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
193 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 194 }
f7bf5461
AK		 195}
196
db94604b 197static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 198{
199 unsigned i;
8b795765 200 uint32_t ret;
db94604b
PB		 201 PhysPageEntry e;
202 PhysPageEntry *p;
f7bf5461 203
53cb28cb 204 ret = map->nodes_nb++;
db94604b 205 p = map->nodes[ret];
f7bf5461 206 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 207 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 208
209 e.skip = leaf ? 0 : 1;
210 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 211 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 212 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 213 }
f7bf5461 214 return ret;
d6f2ea22
AK		 215}
216
53cb28cb
MA		 217static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
218 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 219 int level)
f7bf5461
AK		 220{
221 PhysPageEntry *p;
03f49957 222 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 223
9736e55b 224 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 225 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 226 }
db94604b 227 p = map->nodes[lp->ptr];
03f49957 228 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 229
03f49957 230 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 231 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 232 lp->skip = 0;
c19e8800 233 lp->ptr = leaf;
07f07b31
AK		 234 *index += step;
235 *nb -= step;
2999097b 236 } else {
53cb28cb 237 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 238 }
239 ++lp;
f7bf5461
AK		 240 }
241}
242
ac1970fb 243static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 244 hwaddr index, hwaddr nb,
2999097b 245 uint16_t leaf)
f7bf5461 246{
2999097b 247 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 248 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 249
53cb28cb 250 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 251}
252
b35ba30f
MT		 253/* Compact a non leaf page entry. Simply detect that the entry has a single child,
254 * and update our entry so we can skip it and go directly to the destination.
255 */
256static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
257{
258 unsigned valid_ptr = P_L2_SIZE;
259 int valid = 0;
260 PhysPageEntry *p;
261 int i;
262
263 if (lp->ptr == PHYS_MAP_NODE_NIL) {
264 return;
265 }
266
267 p = nodes[lp->ptr];
268 for (i = 0; i < P_L2_SIZE; i++) {
269 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
270 continue;
271 }
272
273 valid_ptr = i;
274 valid++;
275 if (p[i].skip) {
276 phys_page_compact(&p[i], nodes, compacted);
277 }
278 }
279
280 /* We can only compress if there's only one child. */
281 if (valid != 1) {
282 return;
283 }
284
285 assert(valid_ptr < P_L2_SIZE);
286
287 /* Don't compress if it won't fit in the # of bits we have. */
288 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
289 return;
290 }
291
292 lp->ptr = p[valid_ptr].ptr;
293 if (!p[valid_ptr].skip) {
294 /* If our only child is a leaf, make this a leaf. */
295 /* By design, we should have made this node a leaf to begin with so we
296 * should never reach here.
297 * But since it's so simple to handle this, let's do it just in case we
298 * change this rule.
299 */
300 lp->skip = 0;
301 } else {
302 lp->skip += p[valid_ptr].skip;
303 }
304}
305
306static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
307{
308 DECLARE_BITMAP(compacted, nodes_nb);
309
310 if (d->phys_map.skip) {
53cb28cb 311 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 312 }
313}
314
97115a8d 315static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 316 Node *nodes, MemoryRegionSection *sections)
92e873b9 317{
31ab2b4a 318 PhysPageEntry *p;
97115a8d 319 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 320 int i;
f1f6e3b8 321
9736e55b 322 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 323 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 324 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 325 }
9affd6fc 326 p = nodes[lp.ptr];
03f49957 327 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 328 }
b35ba30f
MT		 329
330 if (sections[lp.ptr].size.hi ||
331 range_covers_byte(sections[lp.ptr].offset_within_address_space,
332 sections[lp.ptr].size.lo, addr)) {
333 return &sections[lp.ptr];
334 } else {
335 return &sections[PHYS_SECTION_UNASSIGNED];
336 }
f3705d53
AK		 337}
338
e5548617
BS		 339bool memory_region_is_unassigned(MemoryRegion *mr)
340{
2a8e7499 341 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 342 && mr != &io_mem_watch;
fd6ce8f6 343}
149f54b5 344
79e2b9ae 345/* Called from RCU critical section */
c7086b4a 346static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 347 hwaddr addr,
348 bool resolve_subpage)
9f029603 349{
90260c6c
JK		 350 MemoryRegionSection *section;
351 subpage_t *subpage;
352
53cb28cb 353 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 354 if (resolve_subpage && section->mr->subpage) {
355 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 356 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 357 }
358 return section;
9f029603
JK		 359}
360
79e2b9ae 361/* Called from RCU critical section */
90260c6c 362static MemoryRegionSection *
c7086b4a 363address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 364 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 365{
366 MemoryRegionSection *section;
965eb2fc 367 MemoryRegion *mr;
a87f3954 368 Int128 diff;
149f54b5 369
c7086b4a 370 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 371 /* Compute offset within MemoryRegionSection */
372 addr -= section->offset_within_address_space;
373
374 /* Compute offset within MemoryRegion */
375 *xlat = addr + section->offset_within_region;
376
965eb2fc 377 mr = section->mr;
b242e0e0
PB		 378
379 /* MMIO registers can be expected to perform full-width accesses based only
380 * on their address, without considering adjacent registers that could
381 * decode to completely different MemoryRegions. When such registers
382 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
383 * regions overlap wildly. For this reason we cannot clamp the accesses
384 * here.
385 *
386 * If the length is small (as is the case for address_space_ldl/stl),
387 * everything works fine. If the incoming length is large, however,
388 * the caller really has to do the clamping through memory_access_size.
389 */
965eb2fc 390 if (memory_region_is_ram(mr)) {
e4a511f8 391 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 392 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
393 }
149f54b5
PB		 394 return section;
395}
90260c6c 396
a87f3954
PB		 397static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
398{
399 if (memory_region_is_ram(mr)) {
400 return !(is_write && mr->readonly);
401 }
402 if (memory_region_is_romd(mr)) {
403 return !is_write;
404 }
405
406 return false;
407}
408
41063e1e 409/* Called from RCU critical section */
5c8a00ce
PB		 410MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
411 hwaddr *xlat, hwaddr *plen,
412 bool is_write)
90260c6c 413{
30951157
AK		 414 IOMMUTLBEntry iotlb;
415 MemoryRegionSection *section;
416 MemoryRegion *mr;
30951157
AK		 417
418 for (;;) {
79e2b9ae
PB		 419 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
420 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 421 mr = section->mr;
422
423 if (!mr->iommu_ops) {
424 break;
425 }
426
8d7b8cb9 427 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 428 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
429 | (addr & iotlb.addr_mask));
23820dbf 430 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 431 if (!(iotlb.perm & (1 << is_write))) {
432 mr = &io_mem_unassigned;
433 break;
434 }
435
436 as = iotlb.target_as;
437 }
438
fe680d0d 439 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 440 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 441 *plen = MIN(page, *plen);
a87f3954
PB		 442 }
443
30951157
AK		 444 *xlat = addr;
445 return mr;
90260c6c
JK		 446}
447
79e2b9ae 448/* Called from RCU critical section */
90260c6c 449MemoryRegionSection *
9d82b5a7
PB		 450address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
451 hwaddr *xlat, hwaddr *plen)
90260c6c 452{
30951157 453 MemoryRegionSection *section;
32857f4d 454 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 455 addr, xlat, plen, false);
30951157
AK		 456
457 assert(!section->mr->iommu_ops);
458 return section;
90260c6c 459}
5b6dd868 460#endif
fd6ce8f6 461
b170fce3 462#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 463
464static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 465{
259186a7 466 CPUState *cpu = opaque;
a513fe19 467
5b6dd868
BS		 468 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
469 version_id is increased. */
259186a7 470 cpu->interrupt_request &= ~0x01;
c01a71c1 471 tlb_flush(cpu, 1);
5b6dd868
BS		 472
473 return 0;
a513fe19 474}
7501267e 475
6c3bff0e
PD		 476static int cpu_common_pre_load(void *opaque)
477{
478 CPUState *cpu = opaque;
479
adee6424 480 cpu->exception_index = -1;
6c3bff0e
PD		 481
482 return 0;
483}
484
485static bool cpu_common_exception_index_needed(void *opaque)
486{
487 CPUState *cpu = opaque;
488
adee6424 489 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 490}
491
492static const VMStateDescription vmstate_cpu_common_exception_index = {
493 .name = "cpu_common/exception_index",
494 .version_id = 1,
495 .minimum_version_id = 1,
5cd8cada 496 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 497 .fields = (VMStateField[]) {
498 VMSTATE_INT32(exception_index, CPUState),
499 VMSTATE_END_OF_LIST()
500 }
501};
502
bac05aa9
AS		 503static bool cpu_common_crash_occurred_needed(void *opaque)
504{
505 CPUState *cpu = opaque;
506
507 return cpu->crash_occurred;
508}
509
510static const VMStateDescription vmstate_cpu_common_crash_occurred = {
511 .name = "cpu_common/crash_occurred",
512 .version_id = 1,
513 .minimum_version_id = 1,
514 .needed = cpu_common_crash_occurred_needed,
515 .fields = (VMStateField[]) {
516 VMSTATE_BOOL(crash_occurred, CPUState),
517 VMSTATE_END_OF_LIST()
518 }
519};
520
1a1562f5 521const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 522 .name = "cpu_common",
523 .version_id = 1,
524 .minimum_version_id = 1,
6c3bff0e 525 .pre_load = cpu_common_pre_load,
5b6dd868 526 .post_load = cpu_common_post_load,
35d08458 527 .fields = (VMStateField[]) {
259186a7
AF		 528 VMSTATE_UINT32(halted, CPUState),
529 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 530 VMSTATE_END_OF_LIST()
6c3bff0e 531 },
5cd8cada
JQ		 532 .subsections = (const VMStateDescription*[]) {
533 &vmstate_cpu_common_exception_index,
bac05aa9 534 &vmstate_cpu_common_crash_occurred,
5cd8cada 535 NULL
5b6dd868
BS		 536 }
537};
1a1562f5 538
5b6dd868 539#endif
ea041c0e 540
38d8f5c8 541CPUState *qemu_get_cpu(int index)
ea041c0e 542{
bdc44640 543 CPUState *cpu;
ea041c0e 544
bdc44640 545 CPU_FOREACH(cpu) {
55e5c285 546 if (cpu->cpu_index == index) {
bdc44640 547 return cpu;
55e5c285 548 }
ea041c0e 549 }
5b6dd868 550
bdc44640 551 return NULL;
ea041c0e
FB		 552}
553
09daed84
EI		 554#if !defined(CONFIG_USER_ONLY)
555void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
556{
557 /* We only support one address space per cpu at the moment. */
558 assert(cpu->as == as);
559
32857f4d
PM		 560 if (cpu->cpu_ases) {
561 /* We've already registered the listener for our only AS */
562 return;
09daed84 563 }
32857f4d
PM		 564
565 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
566 cpu->cpu_ases[0].cpu = cpu;
567 cpu->cpu_ases[0].as = as;
568 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
569 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 570}
571#endif
572
b7bca733
BR		 573#ifndef CONFIG_USER_ONLY
574static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
575
576static int cpu_get_free_index(Error **errp)
577{
578 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
579
580 if (cpu >= MAX_CPUMASK_BITS) {
581 error_setg(errp, "Trying to use more CPUs than max of %d",
582 MAX_CPUMASK_BITS);
583 return -1;
584 }
585
586 bitmap_set(cpu_index_map, cpu, 1);
587 return cpu;
588}
589
590void cpu_exec_exit(CPUState *cpu)
591{
592 if (cpu->cpu_index == -1) {
593 /* cpu_index was never allocated by this @cpu or was already freed. */
594 return;
595 }
596
597 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
598 cpu->cpu_index = -1;
599}
600#else
601
602static int cpu_get_free_index(Error **errp)
603{
604 CPUState *some_cpu;
605 int cpu_index = 0;
606
607 CPU_FOREACH(some_cpu) {
608 cpu_index++;
609 }
610 return cpu_index;
611}
612
613void cpu_exec_exit(CPUState *cpu)
614{
615}
616#endif
617
4bad9e39 618void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 619{
b170fce3 620 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 621 int cpu_index;
b7bca733 622 Error *local_err = NULL;
5b6dd868 623
291135b5
EH		 624#ifndef CONFIG_USER_ONLY
625 cpu->as = &address_space_memory;
626 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 627#endif
628
5b6dd868
BS		 629#if defined(CONFIG_USER_ONLY)
630 cpu_list_lock();
631#endif
b7bca733
BR		 632 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
633 if (local_err) {
634 error_propagate(errp, local_err);
635#if defined(CONFIG_USER_ONLY)
636 cpu_list_unlock();
637#endif
638 return;
5b6dd868 639 }
bdc44640 640 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 641#if defined(CONFIG_USER_ONLY)
642 cpu_list_unlock();
643#endif
e0d47944
AF		 644 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
645 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
646 }
5b6dd868 647#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 648 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 649 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 650 assert(cc->vmsd == NULL);
e0d47944 651 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 652#endif
b170fce3
AF		 653 if (cc->vmsd != NULL) {
654 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
655 }
ea041c0e
FB		 656}
657
94df27fd 658#if defined(CONFIG_USER_ONLY)
00b941e5 659static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 660{
661 tb_invalidate_phys_page_range(pc, pc + 1, 0);
662}
663#else
00b941e5 664static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 665{
e8262a1b
MF		 666 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
667 if (phys != -1) {
09daed84 668 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 669 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 670 }
1e7855a5 671}
c27004ec 672#endif
d720b93d 673
c527ee8f 674#if defined(CONFIG_USER_ONLY)
75a34036 675void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 676
677{
678}
679
3ee887e8
PM		 680int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
681 int flags)
682{
683 return -ENOSYS;
684}
685
686void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
687{
688}
689
75a34036 690int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 691 int flags, CPUWatchpoint **watchpoint)
692{
693 return -ENOSYS;
694}
695#else
6658ffb8 696/* Add a watchpoint. */
75a34036 697int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 698 int flags, CPUWatchpoint **watchpoint)
6658ffb8 699{
c0ce998e 700 CPUWatchpoint *wp;
6658ffb8 701
05068c0d 702 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 703 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 704 error_report("tried to set invalid watchpoint at %"
705 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 706 return -EINVAL;
707 }
7267c094 708 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 709
710 wp->vaddr = addr;
05068c0d 711 wp->len = len;
a1d1bb31
AL		 712 wp->flags = flags;
713
2dc9f411 714 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 715 if (flags & BP_GDB) {
716 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
717 } else {
718 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
719 }
6658ffb8 720
31b030d4 721 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 722
723 if (watchpoint)
724 *watchpoint = wp;
725 return 0;
6658ffb8
PB		 726}
727
a1d1bb31 728/* Remove a specific watchpoint. */
75a34036 729int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 730 int flags)
6658ffb8 731{
a1d1bb31 732 CPUWatchpoint *wp;
6658ffb8 733
ff4700b0 734 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 735 if (addr == wp->vaddr && len == wp->len
6e140f28 736 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 737 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 738 return 0;
739 }
740 }
a1d1bb31 741 return -ENOENT;
6658ffb8
PB		 742}
743
a1d1bb31 744/* Remove a specific watchpoint by reference. */
75a34036 745void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 746{
ff4700b0 747 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 748
31b030d4 749 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 750
7267c094 751 g_free(watchpoint);
a1d1bb31
AL		 752}
753
754/* Remove all matching watchpoints. */
75a34036 755void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 756{
c0ce998e 757 CPUWatchpoint *wp, *next;
a1d1bb31 758
ff4700b0 759 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 760 if (wp->flags & mask) {
761 cpu_watchpoint_remove_by_ref(cpu, wp);
762 }
c0ce998e 763 }
7d03f82f 764}
05068c0d
PM		 765
766/* Return true if this watchpoint address matches the specified
767 * access (ie the address range covered by the watchpoint overlaps
768 * partially or completely with the address range covered by the
769 * access).
770 */
771static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
772 vaddr addr,
773 vaddr len)
774{
775 /* We know the lengths are non-zero, but a little caution is
776 * required to avoid errors in the case where the range ends
777 * exactly at the top of the address space and so addr + len
778 * wraps round to zero.
779 */
780 vaddr wpend = wp->vaddr + wp->len - 1;
781 vaddr addrend = addr + len - 1;
782
783 return !(addr > wpend || wp->vaddr > addrend);
784}
785
c527ee8f 786#endif
7d03f82f 787
a1d1bb31 788/* Add a breakpoint. */
b3310ab3 789int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 790 CPUBreakpoint **breakpoint)
4c3a88a2 791{
c0ce998e 792 CPUBreakpoint *bp;
3b46e624 793
7267c094 794 bp = g_malloc(sizeof(*bp));
4c3a88a2 795
a1d1bb31
AL		 796 bp->pc = pc;
797 bp->flags = flags;
798
2dc9f411 799 /* keep all GDB-injected breakpoints in front */
00b941e5 800 if (flags & BP_GDB) {
f0c3c505 801 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 802 } else {
f0c3c505 803 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 804 }
3b46e624 805
f0c3c505 806 breakpoint_invalidate(cpu, pc);
a1d1bb31 807
00b941e5 808 if (breakpoint) {
a1d1bb31 809 *breakpoint = bp;
00b941e5 810 }
4c3a88a2 811 return 0;
4c3a88a2
FB		 812}
813
a1d1bb31 814/* Remove a specific breakpoint. */
b3310ab3 815int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 816{
a1d1bb31
AL		 817 CPUBreakpoint *bp;
818
f0c3c505 819 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 820 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 821 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 822 return 0;
823 }
7d03f82f 824 }
a1d1bb31 825 return -ENOENT;
7d03f82f
EI		 826}
827
a1d1bb31 828/* Remove a specific breakpoint by reference. */
b3310ab3 829void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 830{
f0c3c505
AF		 831 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
832
833 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 834
7267c094 835 g_free(breakpoint);
a1d1bb31
AL		 836}
837
838/* Remove all matching breakpoints. */
b3310ab3 839void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 840{
c0ce998e 841 CPUBreakpoint *bp, *next;
a1d1bb31 842
f0c3c505 843 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 844 if (bp->flags & mask) {
845 cpu_breakpoint_remove_by_ref(cpu, bp);
846 }
c0ce998e 847 }
4c3a88a2
FB		 848}
849
c33a346e
FB		 850/* enable or disable single step mode. EXCP_DEBUG is returned by the
851 CPU loop after each instruction */
3825b28f 852void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 853{
ed2803da
AF		 854 if (cpu->singlestep_enabled != enabled) {
855 cpu->singlestep_enabled = enabled;
856 if (kvm_enabled()) {
38e478ec 857 kvm_update_guest_debug(cpu, 0);
ed2803da 858 } else {
ccbb4d44 859 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 860 /* XXX: only flush what is necessary */
bbd77c18 861 tb_flush(cpu);
e22a25c9 862 }
c33a346e 863 }
c33a346e
FB		 864}
865
a47dddd7 866void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 867{
868 va_list ap;
493ae1f0 869 va_list ap2;
7501267e
FB		 870
871 va_start(ap, fmt);
493ae1f0 872 va_copy(ap2, ap);
7501267e
FB		 873 fprintf(stderr, "qemu: fatal: ");
874 vfprintf(stderr, fmt, ap);
875 fprintf(stderr, "\n");
878096ee 876 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 877 if (qemu_log_enabled()) {
878 qemu_log("qemu: fatal: ");
879 qemu_log_vprintf(fmt, ap2);
880 qemu_log("\n");
a0762859 881 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 882 qemu_log_flush();
93fcfe39 883 qemu_log_close();
924edcae 884 }
493ae1f0 885 va_end(ap2);
f9373291 886 va_end(ap);
7615936e 887 replay_finish();
fd052bf6
RV		 888#if defined(CONFIG_USER_ONLY)
889 {
890 struct sigaction act;
891 sigfillset(&act.sa_mask);
892 act.sa_handler = SIG_DFL;
893 sigaction(SIGABRT, &act, NULL);
894 }
895#endif
7501267e
FB		 896 abort();
897}
898
0124311e 899#if !defined(CONFIG_USER_ONLY)
0dc3f44a 900/* Called from RCU critical section */
041603fe
PB		 901static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
902{
903 RAMBlock *block;
904
43771539 905 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 906 if (block && addr - block->offset < block->max_length) {
68851b98 907 return block;
041603fe 908 }
0dc3f44a 909 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 910 if (addr - block->offset < block->max_length) {
041603fe
PB		 911 goto found;
912 }
913 }
914
915 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
916 abort();
917
918found:
43771539
PB		 919 /* It is safe to write mru_block outside the iothread lock. This
920 * is what happens:
921 *
922 * mru_block = xxx
923 * rcu_read_unlock()
924 * xxx removed from list
925 * rcu_read_lock()
926 * read mru_block
927 * mru_block = NULL;
928 * call_rcu(reclaim_ramblock, xxx);
929 * rcu_read_unlock()
930 *
931 * atomic_rcu_set is not needed here. The block was already published
932 * when it was placed into the list. Here we're just making an extra
933 * copy of the pointer.
934 */
041603fe
PB		 935 ram_list.mru_block = block;
936 return block;
937}
938
a2f4d5be 939static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 940{
9a13565d 941 CPUState *cpu;
041603fe 942 ram_addr_t start1;
a2f4d5be
JQ		 943 RAMBlock *block;
944 ram_addr_t end;
945
946 end = TARGET_PAGE_ALIGN(start + length);
947 start &= TARGET_PAGE_MASK;
d24981d3 948
0dc3f44a 949 rcu_read_lock();
041603fe
PB		 950 block = qemu_get_ram_block(start);
951 assert(block == qemu_get_ram_block(end - 1));
1240be24 952 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 953 CPU_FOREACH(cpu) {
954 tlb_reset_dirty(cpu, start1, length);
955 }
0dc3f44a 956 rcu_read_unlock();
d24981d3
JQ		 957}
958
5579c7f3 959/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 960bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
961 ram_addr_t length,
962 unsigned client)
1ccde1cb 963{
03eebc9e
SH		 964 unsigned long end, page;
965 bool dirty;
966
967 if (length == 0) {
968 return false;
969 }
f23db169 970
03eebc9e
SH		 971 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
972 page = start >> TARGET_PAGE_BITS;
973 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
974 page, end - page);
975
976 if (dirty && tcg_enabled()) {
a2f4d5be 977 tlb_reset_dirty_range_all(start, length);
5579c7f3 978 }
03eebc9e
SH		 979
980 return dirty;
1ccde1cb
FB		 981}
982
79e2b9ae 983/* Called from RCU critical section */
bb0e627a 984hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 985 MemoryRegionSection *section,
986 target_ulong vaddr,
987 hwaddr paddr, hwaddr xlat,
988 int prot,
989 target_ulong *address)
e5548617 990{
a8170e5e 991 hwaddr iotlb;
e5548617
BS		 992 CPUWatchpoint *wp;
993
cc5bea60 994 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 995 /* Normal RAM. */
996 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 997 + xlat;
e5548617 998 if (!section->readonly) {
b41aac4f 999 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1000 } else {
b41aac4f 1001 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1002 }
1003 } else {
0b8e2c10
PM		 1004 AddressSpaceDispatch *d;
1005
1006 d = atomic_rcu_read(&section->address_space->dispatch);
1007 iotlb = section - d->map.sections;
149f54b5 1008 iotlb += xlat;
e5548617
BS		 1009 }
1010
1011 /* Make accesses to pages with watchpoints go via the
1012 watchpoint trap routines. */
ff4700b0 1013 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1014 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1015 /* Avoid trapping reads of pages with a write breakpoint. */
1016 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1017 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1018 *address |= TLB_MMIO;
1019 break;
1020 }
1021 }
1022 }
1023
1024 return iotlb;
1025}
9fa3e853
FB		 1026#endif /* defined(CONFIG_USER_ONLY) */
1027
e2eef170 1028#if !defined(CONFIG_USER_ONLY)
8da3ff18 1029
c227f099 1030static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1031 uint16_t section);
acc9d80b 1032static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1033
a2b257d6
IM		 1034static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1035 qemu_anon_ram_alloc;
91138037
MA		 1036
1037/*
1038 * Set a custom physical guest memory alloator.
1039 * Accelerators with unusual needs may need this. Hopefully, we can
1040 * get rid of it eventually.
1041 */
a2b257d6 1042void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1043{
1044 phys_mem_alloc = alloc;
1045}
1046
53cb28cb
MA		 1047static uint16_t phys_section_add(PhysPageMap *map,
1048 MemoryRegionSection *section)
5312bd8b 1049{
68f3f65b
PB		 1050 /* The physical section number is ORed with a page-aligned
1051 * pointer to produce the iotlb entries. Thus it should
1052 * never overflow into the page-aligned value.
1053 */
53cb28cb 1054 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1055
53cb28cb
MA		 1056 if (map->sections_nb == map->sections_nb_alloc) {
1057 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1058 map->sections = g_renew(MemoryRegionSection, map->sections,
1059 map->sections_nb_alloc);
5312bd8b 1060 }
53cb28cb 1061 map->sections[map->sections_nb] = *section;
dfde4e6e 1062 memory_region_ref(section->mr);
53cb28cb 1063 return map->sections_nb++;
5312bd8b
AK		 1064}
1065
058bc4b5
PB		 1066static void phys_section_destroy(MemoryRegion *mr)
1067{
dfde4e6e
PB		 1068 memory_region_unref(mr);
1069
058bc4b5
PB		 1070 if (mr->subpage) {
1071 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1072 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1073 g_free(subpage);
1074 }
1075}
1076
6092666e 1077static void phys_sections_free(PhysPageMap *map)
5312bd8b 1078{
9affd6fc
PB		 1079 while (map->sections_nb > 0) {
1080 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1081 phys_section_destroy(section->mr);
1082 }
9affd6fc
PB		 1083 g_free(map->sections);
1084 g_free(map->nodes);
5312bd8b
AK		 1085}
1086
ac1970fb 1087static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1088{
1089 subpage_t *subpage;
a8170e5e 1090 hwaddr base = section->offset_within_address_space
0f0cb164 1091 & TARGET_PAGE_MASK;
97115a8d 1092 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1093 d->map.nodes, d->map.sections);
0f0cb164
AK		 1094 MemoryRegionSection subsection = {
1095 .offset_within_address_space = base,
052e87b0 1096 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1097 };
a8170e5e 1098 hwaddr start, end;
0f0cb164 1099
f3705d53 1100 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1101
f3705d53 1102 if (!(existing->mr->subpage)) {
acc9d80b 1103 subpage = subpage_init(d->as, base);
3be91e86 1104 subsection.address_space = d->as;
0f0cb164 1105 subsection.mr = &subpage->iomem;
ac1970fb 1106 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1107 phys_section_add(&d->map, &subsection));
0f0cb164 1108 } else {
f3705d53 1109 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1110 }
1111 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1112 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1113 subpage_register(subpage, start, end,
1114 phys_section_add(&d->map, section));
0f0cb164
AK		 1115}
1116
1117
052e87b0
PB		 1118static void register_multipage(AddressSpaceDispatch *d,
1119 MemoryRegionSection *section)
33417e70 1120{
a8170e5e 1121 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1122 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1123 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1124 TARGET_PAGE_BITS));
dd81124b 1125
733d5ef5
PB		 1126 assert(num_pages);
1127 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1128}
1129
ac1970fb 1130static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1131{
89ae337a 1132 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1133 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1134 MemoryRegionSection now = *section, remain = *section;
052e87b0 1135 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1136
733d5ef5
PB		 1137 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1138 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1139 - now.offset_within_address_space;
1140
052e87b0 1141 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1142 register_subpage(d, &now);
733d5ef5 1143 } else {
052e87b0 1144 now.size = int128_zero();
733d5ef5 1145 }
052e87b0
PB		 1146 while (int128_ne(remain.size, now.size)) {
1147 remain.size = int128_sub(remain.size, now.size);
1148 remain.offset_within_address_space += int128_get64(now.size);
1149 remain.offset_within_region += int128_get64(now.size);
69b67646 1150 now = remain;
052e87b0 1151 if (int128_lt(remain.size, page_size)) {
733d5ef5 1152 register_subpage(d, &now);
88266249 1153 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1154 now.size = page_size;
ac1970fb 1155 register_subpage(d, &now);
69b67646 1156 } else {
052e87b0 1157 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1158 register_multipage(d, &now);
69b67646 1159 }
0f0cb164
AK		 1160 }
1161}
1162
62a2744c
SY		 1163void qemu_flush_coalesced_mmio_buffer(void)
1164{
1165 if (kvm_enabled())
1166 kvm_flush_coalesced_mmio_buffer();
1167}
1168
b2a8658e
UD		 1169void qemu_mutex_lock_ramlist(void)
1170{
1171 qemu_mutex_lock(&ram_list.mutex);
1172}
1173
1174void qemu_mutex_unlock_ramlist(void)
1175{
1176 qemu_mutex_unlock(&ram_list.mutex);
1177}
1178
e1e84ba0 1179#ifdef __linux__
c902760f
MT		 1180
1181#include <sys/vfs.h>
1182
1183#define HUGETLBFS_MAGIC 0x958458f6
1184
fc7a5800 1185static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1186{
1187 struct statfs fs;
1188 int ret;
1189
1190 do {
9742bf26 1191 ret = statfs(path, &fs);
c902760f
MT		 1192 } while (ret != 0 && errno == EINTR);
1193
1194 if (ret != 0) {
fc7a5800
HT		 1195 error_setg_errno(errp, errno, "failed to get page size of file %s",
1196 path);
9742bf26 1197 return 0;
c902760f
MT		 1198 }
1199
1c7ba94a
MAL		 1200 if (!qtest_driver() &&
1201 fs.f_type != HUGETLBFS_MAGIC) {
9742bf26 1202 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1c7ba94a 1203 }
c902760f
MT		 1204
1205 return fs.f_bsize;
1206}
1207
04b16653
AW		 1208static void *file_ram_alloc(RAMBlock *block,
1209 ram_addr_t memory,
7f56e740
PB		 1210 const char *path,
1211 Error **errp)
c902760f 1212{
8d31d6b6 1213 struct stat st;
c902760f 1214 char *filename;
8ca761f6
PF		 1215 char *sanitized_name;
1216 char *c;
794e8f30 1217 void *area;
c902760f 1218 int fd;
557529dd 1219 uint64_t hpagesize;
fc7a5800 1220 Error *local_err = NULL;
c902760f 1221
fc7a5800
HT		 1222 hpagesize = gethugepagesize(path, &local_err);
1223 if (local_err) {
1224 error_propagate(errp, local_err);
f9a49dfa 1225 goto error;
c902760f 1226 }
a2b257d6 1227 block->mr->align = hpagesize;
c902760f
MT		 1228
1229 if (memory < hpagesize) {
557529dd
HT		 1230 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1231 "or larger than huge page size 0x%" PRIx64,
1232 memory, hpagesize);
1233 goto error;
c902760f
MT		 1234 }
1235
1236 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1237 error_setg(errp,
1238 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1239 goto error;
c902760f
MT		 1240 }
1241
8d31d6b6
PF		 1242 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1243 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1244 sanitized_name = g_strdup(memory_region_name(block->mr));
1245 for (c = sanitized_name; *c != '\0'; c++) {
1246 if (*c == '/') {
1247 *c = '_';
1248 }
1249 }
8ca761f6 1250
8d31d6b6
PF		 1251 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1252 sanitized_name);
1253 g_free(sanitized_name);
1254
1255 fd = mkstemp(filename);
1256 if (fd >= 0) {
1257 unlink(filename);
1258 }
1259 g_free(filename);
1260 } else {
1261 fd = open(path, O_RDWR | O_CREAT, 0644);
1262 }
c902760f 1263
c902760f 1264 if (fd < 0) {
7f56e740
PB		 1265 error_setg_errno(errp, errno,
1266 "unable to create backing store for hugepages");
f9a49dfa 1267 goto error;
c902760f 1268 }
c902760f 1269
9284f319 1270 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1271
1272 /*
1273 * ftruncate is not supported by hugetlbfs in older
1274 * hosts, so don't bother bailing out on errors.
1275 * If anything goes wrong with it under other filesystems,
1276 * mmap will fail.
1277 */
7f56e740 1278 if (ftruncate(fd, memory)) {
9742bf26 1279 perror("ftruncate");
7f56e740 1280 }
c902760f 1281
794e8f30 1282 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1283 if (area == MAP_FAILED) {
7f56e740
PB		 1284 error_setg_errno(errp, errno,
1285 "unable to map backing store for hugepages");
9742bf26 1286 close(fd);
f9a49dfa 1287 goto error;
c902760f 1288 }
ef36fa14
MT		 1289
1290 if (mem_prealloc) {
38183310 1291 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1292 }
1293
04b16653 1294 block->fd = fd;
c902760f 1295 return area;
f9a49dfa
MT		 1296
1297error:
f9a49dfa 1298 return NULL;
c902760f
MT		 1299}
1300#endif
1301
0dc3f44a 1302/* Called with the ramlist lock held. */
d17b5288 1303static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1304{
1305 RAMBlock *block, *next_block;
3e837b2c 1306 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1307
49cd9ac6
SH		 1308 assert(size != 0); /* it would hand out same offset multiple times */
1309
0dc3f44a 1310 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1311 return 0;
0d53d9fe 1312 }
04b16653 1313
0dc3f44a 1314 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1315 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1316
62be4e3a 1317 end = block->offset + block->max_length;
04b16653 1318
0dc3f44a 1319 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1320 if (next_block->offset >= end) {
1321 next = MIN(next, next_block->offset);
1322 }
1323 }
1324 if (next - end >= size && next - end < mingap) {
3e837b2c 1325 offset = end;
04b16653
AW		 1326 mingap = next - end;
1327 }
1328 }
3e837b2c
AW		 1329
1330 if (offset == RAM_ADDR_MAX) {
1331 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1332 (uint64_t)size);
1333 abort();
1334 }
1335
04b16653
AW		 1336 return offset;
1337}
1338
652d7ec2 1339ram_addr_t last_ram_offset(void)
d17b5288
AW		 1340{
1341 RAMBlock *block;
1342 ram_addr_t last = 0;
1343
0dc3f44a
MD		 1344 rcu_read_lock();
1345 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1346 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1347 }
0dc3f44a 1348 rcu_read_unlock();
d17b5288
AW		 1349 return last;
1350}
1351
ddb97f1d
JB		 1352static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1353{
1354 int ret;
ddb97f1d
JB		 1355
1356 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1357 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1358 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1359 if (ret) {
1360 perror("qemu_madvise");
1361 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1362 "but dump_guest_core=off specified\n");
1363 }
1364 }
1365}
1366
0dc3f44a
MD		 1367/* Called within an RCU critical section, or while the ramlist lock
1368 * is held.
1369 */
20cfe881 1370static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1371{
20cfe881 1372 RAMBlock *block;
84b89d78 1373
0dc3f44a 1374 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1375 if (block->offset == addr) {
20cfe881 1376 return block;
c5705a77
AK		 1377 }
1378 }
20cfe881
HT		 1379
1380 return NULL;
1381}
1382
422148d3
DDAG		 1383const char *qemu_ram_get_idstr(RAMBlock *rb)
1384{
1385 return rb->idstr;
1386}
1387
ae3a7047 1388/* Called with iothread lock held. */
20cfe881
HT		 1389void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1390{
ae3a7047 1391 RAMBlock *new_block, *block;
20cfe881 1392
0dc3f44a 1393 rcu_read_lock();
ae3a7047 1394 new_block = find_ram_block(addr);
c5705a77
AK		 1395 assert(new_block);
1396 assert(!new_block->idstr[0]);
84b89d78 1397
09e5ab63
AL		 1398 if (dev) {
1399 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1400 if (id) {
1401 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1402 g_free(id);
84b89d78
CM		 1403 }
1404 }
1405 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1406
0dc3f44a 1407 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1408 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1409 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1410 new_block->idstr);
1411 abort();
1412 }
1413 }
0dc3f44a 1414 rcu_read_unlock();
c5705a77
AK		 1415}
1416
ae3a7047 1417/* Called with iothread lock held. */
20cfe881
HT		 1418void qemu_ram_unset_idstr(ram_addr_t addr)
1419{
ae3a7047 1420 RAMBlock *block;
20cfe881 1421
ae3a7047
MD		 1422 /* FIXME: arch_init.c assumes that this is not called throughout
1423 * migration. Ignore the problem since hot-unplug during migration
1424 * does not work anyway.
1425 */
1426
0dc3f44a 1427 rcu_read_lock();
ae3a7047 1428 block = find_ram_block(addr);
20cfe881
HT		 1429 if (block) {
1430 memset(block->idstr, 0, sizeof(block->idstr));
1431 }
0dc3f44a 1432 rcu_read_unlock();
20cfe881
HT		 1433}
1434
8490fc78
LC		 1435static int memory_try_enable_merging(void *addr, size_t len)
1436{
75cc7f01 1437 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1438 /* disabled by the user */
1439 return 0;
1440 }
1441
1442 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1443}
1444
62be4e3a
MT		 1445/* Only legal before guest might have detected the memory size: e.g. on
1446 * incoming migration, or right after reset.
1447 *
1448 * As memory core doesn't know how is memory accessed, it is up to
1449 * resize callback to update device state and/or add assertions to detect
1450 * misuse, if necessary.
1451 */
1452int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1453{
1454 RAMBlock *block = find_ram_block(base);
1455
1456 assert(block);
1457
4ed023ce 1458 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1459
62be4e3a
MT		 1460 if (block->used_length == newsize) {
1461 return 0;
1462 }
1463
1464 if (!(block->flags & RAM_RESIZEABLE)) {
1465 error_setg_errno(errp, EINVAL,
1466 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1467 " in != 0x" RAM_ADDR_FMT, block->idstr,
1468 newsize, block->used_length);
1469 return -EINVAL;
1470 }
1471
1472 if (block->max_length < newsize) {
1473 error_setg_errno(errp, EINVAL,
1474 "Length too large: %s: 0x" RAM_ADDR_FMT
1475 " > 0x" RAM_ADDR_FMT, block->idstr,
1476 newsize, block->max_length);
1477 return -EINVAL;
1478 }
1479
1480 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1481 block->used_length = newsize;
58d2707e
PB		 1482 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1483 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1484 memory_region_set_size(block->mr, newsize);
1485 if (block->resized) {
1486 block->resized(block->idstr, newsize, block->host);
1487 }
1488 return 0;
1489}
1490
ef701d7b 1491static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1492{
e1c57ab8 1493 RAMBlock *block;
0d53d9fe 1494 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1495 ram_addr_t old_ram_size, new_ram_size;
1496
1497 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1498
b2a8658e 1499 qemu_mutex_lock_ramlist();
9b8424d5 1500 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1501
1502 if (!new_block->host) {
1503 if (xen_enabled()) {
9b8424d5
MT		 1504 xen_ram_alloc(new_block->offset, new_block->max_length,
1505 new_block->mr);
e1c57ab8 1506 } else {
9b8424d5 1507 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1508 &new_block->mr->align);
39228250 1509 if (!new_block->host) {
ef701d7b
HT		 1510 error_setg_errno(errp, errno,
1511 "cannot set up guest memory '%s'",
1512 memory_region_name(new_block->mr));
1513 qemu_mutex_unlock_ramlist();
1514 return -1;
39228250 1515 }
9b8424d5 1516 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1517 }
c902760f 1518 }
94a6b54f 1519
dd631697
LZ		 1520 new_ram_size = MAX(old_ram_size,
1521 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1522 if (new_ram_size > old_ram_size) {
1523 migration_bitmap_extend(old_ram_size, new_ram_size);
1524 }
0d53d9fe
MD		 1525 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1526 * QLIST (which has an RCU-friendly variant) does not have insertion at
1527 * tail, so save the last element in last_block.
1528 */
0dc3f44a 1529 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1530 last_block = block;
9b8424d5 1531 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1532 break;
1533 }
1534 }
1535 if (block) {
0dc3f44a 1536 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1537 } else if (last_block) {
0dc3f44a 1538 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1539 } else { /* list is empty */
0dc3f44a 1540 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1541 }
0d6d3c87 1542 ram_list.mru_block = NULL;
94a6b54f 1543
0dc3f44a
MD		 1544 /* Write list before version */
1545 smp_wmb();
f798b07f 1546 ram_list.version++;
b2a8658e 1547 qemu_mutex_unlock_ramlist();
f798b07f 1548
2152f5ca
JQ		 1549 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1550
1551 if (new_ram_size > old_ram_size) {
1ab4c8ce 1552 int i;
ae3a7047
MD		 1553
1554 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1555 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1556 ram_list.dirty_memory[i] =
1557 bitmap_zero_extend(ram_list.dirty_memory[i],
1558 old_ram_size, new_ram_size);
1559 }
2152f5ca 1560 }
9b8424d5 1561 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1562 new_block->used_length,
1563 DIRTY_CLIENTS_ALL);
94a6b54f 1564
a904c911
PB		 1565 if (new_block->host) {
1566 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1567 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1568 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1569 if (kvm_enabled()) {
1570 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1571 }
e1c57ab8 1572 }
6f0437e8 1573
94a6b54f
PB		 1574 return new_block->offset;
1575}
e9a1ab19 1576
0b183fc8 1577#ifdef __linux__
e1c57ab8 1578ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1579 bool share, const char *mem_path,
7f56e740 1580 Error **errp)
e1c57ab8
PB		 1581{
1582 RAMBlock *new_block;
ef701d7b
HT		 1583 ram_addr_t addr;
1584 Error *local_err = NULL;
e1c57ab8
PB		 1585
1586 if (xen_enabled()) {
7f56e740
PB		 1587 error_setg(errp, "-mem-path not supported with Xen");
1588 return -1;
e1c57ab8
PB		 1589 }
1590
1591 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1592 /*
1593 * file_ram_alloc() needs to allocate just like
1594 * phys_mem_alloc, but we haven't bothered to provide
1595 * a hook there.
1596 */
7f56e740
PB		 1597 error_setg(errp,
1598 "-mem-path not supported with this accelerator");
1599 return -1;
e1c57ab8
PB		 1600 }
1601
4ed023ce 1602 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1603 new_block = g_malloc0(sizeof(*new_block));
1604 new_block->mr = mr;
9b8424d5
MT		 1605 new_block->used_length = size;
1606 new_block->max_length = size;
dbcb8981 1607 new_block->flags = share ? RAM_SHARED : 0;
794e8f30 1608 new_block->flags |= RAM_FILE;
7f56e740
PB		 1609 new_block->host = file_ram_alloc(new_block, size,
1610 mem_path, errp);
1611 if (!new_block->host) {
1612 g_free(new_block);
1613 return -1;
1614 }
1615
ef701d7b
HT		 1616 addr = ram_block_add(new_block, &local_err);
1617 if (local_err) {
1618 g_free(new_block);
1619 error_propagate(errp, local_err);
1620 return -1;
1621 }
1622 return addr;
e1c57ab8 1623}
0b183fc8 1624#endif
e1c57ab8 1625
62be4e3a
MT		 1626static
1627ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1628 void (*resized)(const char*,
1629 uint64_t length,
1630 void *host),
1631 void *host, bool resizeable,
ef701d7b 1632 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1633{
1634 RAMBlock *new_block;
ef701d7b
HT		 1635 ram_addr_t addr;
1636 Error *local_err = NULL;
e1c57ab8 1637
4ed023ce
DDAG		 1638 size = HOST_PAGE_ALIGN(size);
1639 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1640 new_block = g_malloc0(sizeof(*new_block));
1641 new_block->mr = mr;
62be4e3a 1642 new_block->resized = resized;
9b8424d5
MT		 1643 new_block->used_length = size;
1644 new_block->max_length = max_size;
62be4e3a 1645 assert(max_size >= size);
e1c57ab8
PB		 1646 new_block->fd = -1;
1647 new_block->host = host;
1648 if (host) {
7bd4f430 1649 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1650 }
62be4e3a
MT		 1651 if (resizeable) {
1652 new_block->flags |= RAM_RESIZEABLE;
1653 }
ef701d7b
HT		 1654 addr = ram_block_add(new_block, &local_err);
1655 if (local_err) {
1656 g_free(new_block);
1657 error_propagate(errp, local_err);
1658 return -1;
1659 }
1660 return addr;
e1c57ab8
PB		 1661}
1662
62be4e3a
MT		 1663ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1664 MemoryRegion *mr, Error **errp)
1665{
1666 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1667}
1668
ef701d7b 1669ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1670{
62be4e3a
MT		 1671 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1672}
1673
1674ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1675 void (*resized)(const char*,
1676 uint64_t length,
1677 void *host),
1678 MemoryRegion *mr, Error **errp)
1679{
1680 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1681}
1682
1f2e98b6
AW		 1683void qemu_ram_free_from_ptr(ram_addr_t addr)
1684{
1685 RAMBlock *block;
1686
b2a8658e 1687 qemu_mutex_lock_ramlist();
0dc3f44a 1688 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1689 if (addr == block->offset) {
0dc3f44a 1690 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1691 ram_list.mru_block = NULL;
0dc3f44a
MD		 1692 /* Write list before version */
1693 smp_wmb();
f798b07f 1694 ram_list.version++;
43771539 1695 g_free_rcu(block, rcu);
b2a8658e 1696 break;
1f2e98b6
AW		 1697 }
1698 }
b2a8658e 1699 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1700}
1701
43771539
PB		 1702static void reclaim_ramblock(RAMBlock *block)
1703{
1704 if (block->flags & RAM_PREALLOC) {
1705 ;
1706 } else if (xen_enabled()) {
1707 xen_invalidate_map_cache_entry(block->host);
1708#ifndef _WIN32
1709 } else if (block->fd >= 0) {
794e8f30
MT		 1710 if (block->flags & RAM_FILE) {
1711 qemu_ram_munmap(block->host, block->max_length);
8561c924
MT		 1712 } else {
1713 munmap(block->host, block->max_length);
1714 }
43771539
PB		 1715 close(block->fd);
1716#endif
1717 } else {
1718 qemu_anon_ram_free(block->host, block->max_length);
1719 }
1720 g_free(block);
1721}
1722
c227f099 1723void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1724{
04b16653
AW		 1725 RAMBlock *block;
1726
b2a8658e 1727 qemu_mutex_lock_ramlist();
0dc3f44a 1728 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1729 if (addr == block->offset) {
0dc3f44a 1730 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1731 ram_list.mru_block = NULL;
0dc3f44a
MD		 1732 /* Write list before version */
1733 smp_wmb();
f798b07f 1734 ram_list.version++;
43771539 1735 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1736 break;
04b16653
AW		 1737 }
1738 }
b2a8658e 1739 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1740}
1741
cd19cfa2
HY		 1742#ifndef _WIN32
1743void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1744{
1745 RAMBlock *block;
1746 ram_addr_t offset;
1747 int flags;
1748 void *area, *vaddr;
1749
0dc3f44a 1750 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1751 offset = addr - block->offset;
9b8424d5 1752 if (offset < block->max_length) {
1240be24 1753 vaddr = ramblock_ptr(block, offset);
7bd4f430 1754 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1755 ;
dfeaf2ab
MA		 1756 } else if (xen_enabled()) {
1757 abort();
cd19cfa2
HY		 1758 } else {
1759 flags = MAP_FIXED;
3435f395 1760 if (block->fd >= 0) {
dbcb8981
PB		 1761 flags |= (block->flags & RAM_SHARED ?
1762 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1763 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1764 flags, block->fd, offset);
cd19cfa2 1765 } else {
2eb9fbaa
MA		 1766 /*
1767 * Remap needs to match alloc. Accelerators that
1768 * set phys_mem_alloc never remap. If they did,
1769 * we'd need a remap hook here.
1770 */
1771 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1772
cd19cfa2
HY		 1773 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1774 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1775 flags, -1, 0);
cd19cfa2
HY		 1776 }
1777 if (area != vaddr) {
f15fbc4b
AP		 1778 fprintf(stderr, "Could not remap addr: "
1779 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1780 length, addr);
1781 exit(1);
1782 }
8490fc78 1783 memory_try_enable_merging(vaddr, length);
ddb97f1d 1784 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1785 }
cd19cfa2
HY		 1786 }
1787 }
1788}
1789#endif /* !_WIN32 */
1790
a35ba7be
PB		 1791int qemu_get_ram_fd(ram_addr_t addr)
1792{
ae3a7047
MD		 1793 RAMBlock *block;
1794 int fd;
a35ba7be 1795
0dc3f44a 1796 rcu_read_lock();
ae3a7047
MD		 1797 block = qemu_get_ram_block(addr);
1798 fd = block->fd;
0dc3f44a 1799 rcu_read_unlock();
ae3a7047 1800 return fd;
a35ba7be
PB		 1801}
1802
3fd74b84
DM		 1803void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1804{
ae3a7047
MD		 1805 RAMBlock *block;
1806 void *ptr;
3fd74b84 1807
0dc3f44a 1808 rcu_read_lock();
ae3a7047
MD		 1809 block = qemu_get_ram_block(addr);
1810 ptr = ramblock_ptr(block, 0);
0dc3f44a 1811 rcu_read_unlock();
ae3a7047 1812 return ptr;
3fd74b84
DM		 1813}
1814
1b5ec234 1815/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1816 * This should not be used for general purpose DMA. Use address_space_map
1817 * or address_space_rw instead. For local memory (e.g. video ram) that the
1818 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1819 *
1820 * By the time this function returns, the returned pointer is not protected
1821 * by RCU anymore. If the caller is not within an RCU critical section and
1822 * does not hold the iothread lock, it must have other means of protecting the
1823 * pointer, such as a reference to the region that includes the incoming
1824 * ram_addr_t.
1b5ec234
PB		 1825 */
1826void *qemu_get_ram_ptr(ram_addr_t addr)
1827{
ae3a7047
MD		 1828 RAMBlock *block;
1829 void *ptr;
1b5ec234 1830
0dc3f44a 1831 rcu_read_lock();
ae3a7047
MD		 1832 block = qemu_get_ram_block(addr);
1833
1834 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1835 /* We need to check if the requested address is in the RAM
1836 * because we don't want to map the entire memory in QEMU.
1837 * In that case just map until the end of the page.
1838 */
1839 if (block->offset == 0) {
ae3a7047 1840 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1841 goto unlock;
0d6d3c87 1842 }
ae3a7047
MD		 1843
1844 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1845 }
ae3a7047
MD		 1846 ptr = ramblock_ptr(block, addr - block->offset);
1847
0dc3f44a
MD		 1848unlock:
1849 rcu_read_unlock();
ae3a7047 1850 return ptr;
dc828ca1
PB		 1851}
1852
38bee5dc 1853/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1854 * but takes a size argument.
0dc3f44a
MD		 1855 *
1856 * By the time this function returns, the returned pointer is not protected
1857 * by RCU anymore. If the caller is not within an RCU critical section and
1858 * does not hold the iothread lock, it must have other means of protecting the
1859 * pointer, such as a reference to the region that includes the incoming
1860 * ram_addr_t.
ae3a7047 1861 */
cb85f7ab 1862static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1863{
ae3a7047 1864 void *ptr;
8ab934f9
SS		 1865 if (*size == 0) {
1866 return NULL;
1867 }
868bb33f 1868 if (xen_enabled()) {
e41d7c69 1869 return xen_map_cache(addr, *size, 1);
868bb33f 1870 } else {
38bee5dc 1871 RAMBlock *block;
0dc3f44a
MD		 1872 rcu_read_lock();
1873 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1874 if (addr - block->offset < block->max_length) {
1875 if (addr - block->offset + *size > block->max_length)
1876 *size = block->max_length - addr + block->offset;
ae3a7047 1877 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1878 rcu_read_unlock();
ae3a7047 1879 return ptr;
38bee5dc
SS		 1880 }
1881 }
1882
1883 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1884 abort();
38bee5dc
SS		 1885 }
1886}
1887
422148d3
DDAG		 1888/*
1889 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1890 * in that RAMBlock.
1891 *
1892 * ptr: Host pointer to look up
1893 * round_offset: If true round the result offset down to a page boundary
1894 * *ram_addr: set to result ram_addr
1895 * *offset: set to result offset within the RAMBlock
1896 *
1897 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1898 *
1899 * By the time this function returns, the returned pointer is not protected
1900 * by RCU anymore. If the caller is not within an RCU critical section and
1901 * does not hold the iothread lock, it must have other means of protecting the
1902 * pointer, such as a reference to the region that includes the incoming
1903 * ram_addr_t.
1904 */
422148d3
DDAG		 1905RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1906 ram_addr_t *ram_addr,
1907 ram_addr_t *offset)
5579c7f3 1908{
94a6b54f
PB		 1909 RAMBlock *block;
1910 uint8_t *host = ptr;
1911
868bb33f 1912 if (xen_enabled()) {
0dc3f44a 1913 rcu_read_lock();
e41d7c69 1914 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1915 block = qemu_get_ram_block(*ram_addr);
1916 if (block) {
1917 *offset = (host - block->host);
1918 }
0dc3f44a 1919 rcu_read_unlock();
422148d3 1920 return block;
712c2b41
SS		 1921 }
1922
0dc3f44a
MD		 1923 rcu_read_lock();
1924 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1925 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1926 goto found;
1927 }
1928
0dc3f44a 1929 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1930 /* This case append when the block is not mapped. */
1931 if (block->host == NULL) {
1932 continue;
1933 }
9b8424d5 1934 if (host - block->host < block->max_length) {
23887b79 1935 goto found;
f471a17e 1936 }
94a6b54f 1937 }
432d268c 1938
0dc3f44a 1939 rcu_read_unlock();
1b5ec234 1940 return NULL;
23887b79
PB		 1941
1942found:
422148d3
DDAG		 1943 *offset = (host - block->host);
1944 if (round_offset) {
1945 *offset &= TARGET_PAGE_MASK;
1946 }
1947 *ram_addr = block->offset + *offset;
0dc3f44a 1948 rcu_read_unlock();
422148d3
DDAG		 1949 return block;
1950}
1951
e3dd7493
DDAG		 1952/*
1953 * Finds the named RAMBlock
1954 *
1955 * name: The name of RAMBlock to find
1956 *
1957 * Returns: RAMBlock (or NULL if not found)
1958 */
1959RAMBlock *qemu_ram_block_by_name(const char *name)
1960{
1961 RAMBlock *block;
1962
1963 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1964 if (!strcmp(name, block->idstr)) {
1965 return block;
1966 }
1967 }
1968
1969 return NULL;
1970}
1971
422148d3
DDAG		 1972/* Some of the softmmu routines need to translate from a host pointer
1973 (typically a TLB entry) back to a ram offset. */
1974MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1975{
1976 RAMBlock *block;
1977 ram_addr_t offset; /* Not used */
1978
1979 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1980
1981 if (!block) {
1982 return NULL;
1983 }
1984
1985 return block->mr;
e890261f 1986}
f471a17e 1987
a8170e5e 1988static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1989 uint64_t val, unsigned size)
9fa3e853 1990{
52159192 1991 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1992 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1993 }
0e0df1e2
AK		 1994 switch (size) {
1995 case 1:
1996 stb_p(qemu_get_ram_ptr(ram_addr), val);
1997 break;
1998 case 2:
1999 stw_p(qemu_get_ram_ptr(ram_addr), val);
2000 break;
2001 case 4:
2002 stl_p(qemu_get_ram_ptr(ram_addr), val);
2003 break;
2004 default:
2005 abort();
3a7d929e 2006 }
58d2707e
PB		 2007 /* Set both VGA and migration bits for simplicity and to remove
2008 * the notdirty callback faster.
2009 */
2010 cpu_physical_memory_set_dirty_range(ram_addr, size,
2011 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2012 /* we remove the notdirty callback only if the code has been
2013 flushed */
a2cd8c85 2014 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2015 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2016 }
9fa3e853
FB		 2017}
2018
b018ddf6
PB		 2019static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2020 unsigned size, bool is_write)
2021{
2022 return is_write;
2023}
2024
0e0df1e2 2025static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2026 .write = notdirty_mem_write,
b018ddf6 2027 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2028 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2029};
2030
0f459d16 2031/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2032static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2033{
93afeade
AF		 2034 CPUState *cpu = current_cpu;
2035 CPUArchState *env = cpu->env_ptr;
06d55cc1 2036 target_ulong pc, cs_base;
0f459d16 2037 target_ulong vaddr;
a1d1bb31 2038 CPUWatchpoint *wp;
06d55cc1 2039 int cpu_flags;
0f459d16 2040
ff4700b0 2041 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2042 /* We re-entered the check after replacing the TB. Now raise
2043 * the debug interrupt so that is will trigger after the
2044 * current instruction. */
93afeade 2045 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2046 return;
2047 }
93afeade 2048 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2049 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2050 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2051 && (wp->flags & flags)) {
08225676
PM		 2052 if (flags == BP_MEM_READ) {
2053 wp->flags |= BP_WATCHPOINT_HIT_READ;
2054 } else {
2055 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2056 }
2057 wp->hitaddr = vaddr;
66b9b43c 2058 wp->hitattrs = attrs;
ff4700b0
AF		 2059 if (!cpu->watchpoint_hit) {
2060 cpu->watchpoint_hit = wp;
239c51a5 2061 tb_check_watchpoint(cpu);
6e140f28 2062 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2063 cpu->exception_index = EXCP_DEBUG;
5638d180 2064 cpu_loop_exit(cpu);
6e140f28
AL		 2065 } else {
2066 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2067 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2068 cpu_resume_from_signal(cpu, NULL);
6e140f28 2069 }
06d55cc1 2070 }
6e140f28
AL		 2071 } else {
2072 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2073 }
2074 }
2075}
2076
6658ffb8
PB		 2077/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2078 so these check for a hit then pass through to the normal out-of-line
2079 phys routines. */
66b9b43c
PM		 2080static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2081 unsigned size, MemTxAttrs attrs)
6658ffb8 2082{
66b9b43c
PM		 2083 MemTxResult res;
2084 uint64_t data;
2085
2086 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2087 switch (size) {
66b9b43c
PM		 2088 case 1:
2089 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2090 break;
2091 case 2:
2092 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2093 break;
2094 case 4:
2095 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2096 break;
1ec9b909
AK		 2097 default: abort();
2098 }
66b9b43c
PM		 2099 *pdata = data;
2100 return res;
6658ffb8
PB		 2101}
2102
66b9b43c
PM		 2103static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2104 uint64_t val, unsigned size,
2105 MemTxAttrs attrs)
6658ffb8 2106{
66b9b43c
PM		 2107 MemTxResult res;
2108
2109 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2110 switch (size) {
67364150 2111 case 1:
66b9b43c 2112 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2113 break;
2114 case 2:
66b9b43c 2115 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2116 break;
2117 case 4:
66b9b43c 2118 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2119 break;
1ec9b909
AK		 2120 default: abort();
2121 }
66b9b43c 2122 return res;
6658ffb8
PB		 2123}
2124
1ec9b909 2125static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2126 .read_with_attrs = watch_mem_read,
2127 .write_with_attrs = watch_mem_write,
1ec9b909 2128 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2129};
6658ffb8 2130
f25a49e0
PM		 2131static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2132 unsigned len, MemTxAttrs attrs)
db7b5426 2133{
acc9d80b 2134 subpage_t *subpage = opaque;
ff6cff75 2135 uint8_t buf[8];
5c9eb028 2136 MemTxResult res;
791af8c8 2137
db7b5426 2138#if defined(DEBUG_SUBPAGE)
016e9d62 2139 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2140 subpage, len, addr);
db7b5426 2141#endif
5c9eb028
PM		 2142 res = address_space_read(subpage->as, addr + subpage->base,
2143 attrs, buf, len);
2144 if (res) {
2145 return res;
f25a49e0 2146 }
acc9d80b
JK		 2147 switch (len) {
2148 case 1:
f25a49e0
PM		 2149 *data = ldub_p(buf);
2150 return MEMTX_OK;
acc9d80b 2151 case 2:
f25a49e0
PM		 2152 *data = lduw_p(buf);
2153 return MEMTX_OK;
acc9d80b 2154 case 4:
f25a49e0
PM		 2155 *data = ldl_p(buf);
2156 return MEMTX_OK;
ff6cff75 2157 case 8:
f25a49e0
PM		 2158 *data = ldq_p(buf);
2159 return MEMTX_OK;
acc9d80b
JK		 2160 default:
2161 abort();
2162 }
db7b5426
BS		 2163}
2164
f25a49e0
PM		 2165static MemTxResult subpage_write(void *opaque, hwaddr addr,
2166 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2167{
acc9d80b 2168 subpage_t *subpage = opaque;
ff6cff75 2169 uint8_t buf[8];
acc9d80b 2170
db7b5426 2171#if defined(DEBUG_SUBPAGE)
016e9d62 2172 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2173 " value %"PRIx64"\n",
2174 __func__, subpage, len, addr, value);
db7b5426 2175#endif
acc9d80b
JK		 2176 switch (len) {
2177 case 1:
2178 stb_p(buf, value);
2179 break;
2180 case 2:
2181 stw_p(buf, value);
2182 break;
2183 case 4:
2184 stl_p(buf, value);
2185 break;
ff6cff75
PB		 2186 case 8:
2187 stq_p(buf, value);
2188 break;
acc9d80b
JK		 2189 default:
2190 abort();
2191 }
5c9eb028
PM		 2192 return address_space_write(subpage->as, addr + subpage->base,
2193 attrs, buf, len);
db7b5426
BS		 2194}
2195
c353e4cc 2196static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2197 unsigned len, bool is_write)
c353e4cc 2198{
acc9d80b 2199 subpage_t *subpage = opaque;
c353e4cc 2200#if defined(DEBUG_SUBPAGE)
016e9d62 2201 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2202 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2203#endif
2204
acc9d80b 2205 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2206 len, is_write);
c353e4cc
PB		 2207}
2208
70c68e44 2209static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2210 .read_with_attrs = subpage_read,
2211 .write_with_attrs = subpage_write,
ff6cff75
PB		 2212 .impl.min_access_size = 1,
2213 .impl.max_access_size = 8,
2214 .valid.min_access_size = 1,
2215 .valid.max_access_size = 8,
c353e4cc 2216 .valid.accepts = subpage_accepts,
70c68e44 2217 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2218};
2219
c227f099 2220static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2221 uint16_t section)
db7b5426
BS		 2222{
2223 int idx, eidx;
2224
2225 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2226 return -1;
2227 idx = SUBPAGE_IDX(start);
2228 eidx = SUBPAGE_IDX(end);
2229#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2230 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2231 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2232#endif
db7b5426 2233 for (; idx <= eidx; idx++) {
5312bd8b 2234 mmio->sub_section[idx] = section;
db7b5426
BS		 2235 }
2236
2237 return 0;
2238}
2239
acc9d80b 2240static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2241{
c227f099 2242 subpage_t *mmio;
db7b5426 2243
7267c094 2244 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2245
acc9d80b 2246 mmio->as = as;
1eec614b 2247 mmio->base = base;
2c9b15ca 2248 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2249 NULL, TARGET_PAGE_SIZE);
b3b00c78 2250 mmio->iomem.subpage = true;
db7b5426 2251#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2252 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2253 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2254#endif
b41aac4f 2255 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2256
2257 return mmio;
2258}
2259
a656e22f
PC		 2260static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2261 MemoryRegion *mr)
5312bd8b 2262{
a656e22f 2263 assert(as);
5312bd8b 2264 MemoryRegionSection section = {
a656e22f 2265 .address_space = as,
5312bd8b
AK		 2266 .mr = mr,
2267 .offset_within_address_space = 0,
2268 .offset_within_region = 0,
052e87b0 2269 .size = int128_2_64(),
5312bd8b
AK		 2270 };
2271
53cb28cb 2272 return phys_section_add(map, &section);
5312bd8b
AK		 2273}
2274
9d82b5a7 2275MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2276{
32857f4d
PM		 2277 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2278 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2279 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2280
2281 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2282}
2283
e9179ce1
AK		 2284static void io_mem_init(void)
2285{
1f6245e5 2286 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2287 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2288 NULL, UINT64_MAX);
2c9b15ca 2289 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2290 NULL, UINT64_MAX);
2c9b15ca 2291 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2292 NULL, UINT64_MAX);
e9179ce1
AK		 2293}
2294
ac1970fb 2295static void mem_begin(MemoryListener *listener)
00752703
PB		 2296{
2297 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2298 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2299 uint16_t n;
2300
a656e22f 2301 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2302 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2303 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2304 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2305 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2306 assert(n == PHYS_SECTION_ROM);
a656e22f 2307 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2308 assert(n == PHYS_SECTION_WATCH);
00752703 2309
9736e55b 2310 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2311 d->as = as;
2312 as->next_dispatch = d;
2313}
2314
79e2b9ae
PB		 2315static void address_space_dispatch_free(AddressSpaceDispatch *d)
2316{
2317 phys_sections_free(&d->map);
2318 g_free(d);
2319}
2320
00752703 2321static void mem_commit(MemoryListener *listener)
ac1970fb 2322{
89ae337a 2323 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2324 AddressSpaceDispatch *cur = as->dispatch;
2325 AddressSpaceDispatch *next = as->next_dispatch;
2326
53cb28cb 2327 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2328
79e2b9ae 2329 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2330 if (cur) {
79e2b9ae 2331 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2332 }
9affd6fc
PB		 2333}
2334
1d71148e 2335static void tcg_commit(MemoryListener *listener)
50c1e149 2336{
32857f4d
PM		 2337 CPUAddressSpace *cpuas;
2338 AddressSpaceDispatch *d;
117712c3
AK		 2339
2340 /* since each CPU stores ram addresses in its TLB cache, we must
2341 reset the modified entries */
32857f4d
PM		 2342 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2343 cpu_reloading_memory_map();
2344 /* The CPU and TLB are protected by the iothread lock.
2345 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2346 * may have split the RCU critical section.
2347 */
2348 d = atomic_rcu_read(&cpuas->as->dispatch);
2349 cpuas->memory_dispatch = d;
2350 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2351}
2352
ac1970fb
AK		 2353void address_space_init_dispatch(AddressSpace *as)
2354{
00752703 2355 as->dispatch = NULL;
89ae337a 2356 as->dispatch_listener = (MemoryListener) {
ac1970fb 2357 .begin = mem_begin,
00752703 2358 .commit = mem_commit,
ac1970fb
AK		 2359 .region_add = mem_add,
2360 .region_nop = mem_add,
2361 .priority = 0,
2362 };
89ae337a 2363 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2364}
2365
6e48e8f9
PB		 2366void address_space_unregister(AddressSpace *as)
2367{
2368 memory_listener_unregister(&as->dispatch_listener);
2369}
2370
83f3c251
AK		 2371void address_space_destroy_dispatch(AddressSpace *as)
2372{
2373 AddressSpaceDispatch *d = as->dispatch;
2374
79e2b9ae
PB		 2375 atomic_rcu_set(&as->dispatch, NULL);
2376 if (d) {
2377 call_rcu(d, address_space_dispatch_free, rcu);
2378 }
83f3c251
AK		 2379}
2380
62152b8a
AK		 2381static void memory_map_init(void)
2382{
7267c094 2383 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2384
57271d63 2385 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2386 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2387
7267c094 2388 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2389 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2390 65536);
7dca8043 2391 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2392}
2393
2394MemoryRegion *get_system_memory(void)
2395{
2396 return system_memory;
2397}
2398
309cb471
AK		 2399MemoryRegion *get_system_io(void)
2400{
2401 return system_io;
2402}
2403
e2eef170
PB		 2404#endif /* !defined(CONFIG_USER_ONLY) */
2405
13eb76e0
FB		 2406/* physical memory access (slow version, mainly for debug) */
2407#if defined(CONFIG_USER_ONLY)
f17ec444 2408int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2409 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2410{
2411 int l, flags;
2412 target_ulong page;
53a5960a 2413 void * p;
13eb76e0
FB		 2414
2415 while (len > 0) {
2416 page = addr & TARGET_PAGE_MASK;
2417 l = (page + TARGET_PAGE_SIZE) - addr;
2418 if (l > len)
2419 l = len;
2420 flags = page_get_flags(page);
2421 if (!(flags & PAGE_VALID))
a68fe89c 2422 return -1;
13eb76e0
FB		 2423 if (is_write) {
2424 if (!(flags & PAGE_WRITE))
a68fe89c 2425 return -1;
579a97f7 2426 /* XXX: this code should not depend on lock_user */
72fb7daa 2427 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2428 return -1;
72fb7daa
AJ		 2429 memcpy(p, buf, l);
2430 unlock_user(p, addr, l);
13eb76e0
FB		 2431 } else {
2432 if (!(flags & PAGE_READ))
a68fe89c 2433 return -1;
579a97f7 2434 /* XXX: this code should not depend on lock_user */
72fb7daa 2435 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2436 return -1;
72fb7daa 2437 memcpy(buf, p, l);
5b257578 2438 unlock_user(p, addr, 0);
13eb76e0
FB		 2439 }
2440 len -= l;
2441 buf += l;
2442 addr += l;
2443 }
a68fe89c 2444 return 0;
13eb76e0 2445}
8df1cd07 2446
13eb76e0 2447#else
51d7a9eb 2448
845b6214 2449static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2450 hwaddr length)
51d7a9eb 2451{
e87f7778
PB		 2452 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2453 /* No early return if dirty_log_mask is or becomes 0, because
2454 * cpu_physical_memory_set_dirty_range will still call
2455 * xen_modified_memory.
2456 */
2457 if (dirty_log_mask) {
2458 dirty_log_mask =
2459 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2460 }
2461 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2462 tb_invalidate_phys_range(addr, addr + length);
2463 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2464 }
e87f7778 2465 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2466}
2467
23326164 2468static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2469{
e1622f4b 2470 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2471
2472 /* Regions are assumed to support 1-4 byte accesses unless
2473 otherwise specified. */
23326164
RH		 2474 if (access_size_max == 0) {
2475 access_size_max = 4;
2476 }
2477
2478 /* Bound the maximum access by the alignment of the address. */
2479 if (!mr->ops->impl.unaligned) {
2480 unsigned align_size_max = addr & -addr;
2481 if (align_size_max != 0 && align_size_max < access_size_max) {
2482 access_size_max = align_size_max;
2483 }
82f2563f 2484 }
23326164
RH		 2485
2486 /* Don't attempt accesses larger than the maximum. */
2487 if (l > access_size_max) {
2488 l = access_size_max;
82f2563f 2489 }
6554f5c0 2490 l = pow2floor(l);
23326164
RH		 2491
2492 return l;
82f2563f
PB		 2493}
2494
4840f10e 2495static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2496{
4840f10e
JK		 2497 bool unlocked = !qemu_mutex_iothread_locked();
2498 bool release_lock = false;
2499
2500 if (unlocked && mr->global_locking) {
2501 qemu_mutex_lock_iothread();
2502 unlocked = false;
2503 release_lock = true;
2504 }
125b3806 2505 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2506 if (unlocked) {
2507 qemu_mutex_lock_iothread();
2508 }
125b3806 2509 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2510 if (unlocked) {
2511 qemu_mutex_unlock_iothread();
2512 }
125b3806 2513 }
4840f10e
JK		 2514
2515 return release_lock;
125b3806
PB		 2516}
2517
5c9eb028
PM		 2518MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2519 uint8_t *buf, int len, bool is_write)
13eb76e0 2520{
149f54b5 2521 hwaddr l;
13eb76e0 2522 uint8_t *ptr;
791af8c8 2523 uint64_t val;
149f54b5 2524 hwaddr addr1;
5c8a00ce 2525 MemoryRegion *mr;
3b643495 2526 MemTxResult result = MEMTX_OK;
4840f10e 2527 bool release_lock = false;
3b46e624 2528
41063e1e 2529 rcu_read_lock();
13eb76e0 2530 while (len > 0) {
149f54b5 2531 l = len;
5c8a00ce 2532 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2533
13eb76e0 2534 if (is_write) {
5c8a00ce 2535 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2536 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2537 l = memory_access_size(mr, l, addr1);
4917cf44 2538 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2539 potential bugs */
23326164
RH		 2540 switch (l) {
2541 case 8:
2542 /* 64 bit write access */
2543 val = ldq_p(buf);
3b643495
PM		 2544 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2545 attrs);
23326164
RH		 2546 break;
2547 case 4:
1c213d19 2548 /* 32 bit write access */
c27004ec 2549 val = ldl_p(buf);
3b643495
PM		 2550 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2551 attrs);
23326164
RH		 2552 break;
2553 case 2:
1c213d19 2554 /* 16 bit write access */
c27004ec 2555 val = lduw_p(buf);
3b643495
PM		 2556 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2557 attrs);
23326164
RH		 2558 break;
2559 case 1:
1c213d19 2560 /* 8 bit write access */
c27004ec 2561 val = ldub_p(buf);
3b643495
PM		 2562 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2563 attrs);
23326164
RH		 2564 break;
2565 default:
2566 abort();
13eb76e0 2567 }
2bbfa05d 2568 } else {
5c8a00ce 2569 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2570 /* RAM case */
5579c7f3 2571 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2572 memcpy(ptr, buf, l);
845b6214 2573 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2574 }
2575 } else {
5c8a00ce 2576 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2577 /* I/O case */
4840f10e 2578 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2579 l = memory_access_size(mr, l, addr1);
23326164
RH		 2580 switch (l) {
2581 case 8:
2582 /* 64 bit read access */
3b643495
PM		 2583 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2584 attrs);
23326164
RH		 2585 stq_p(buf, val);
2586 break;
2587 case 4:
13eb76e0 2588 /* 32 bit read access */
3b643495
PM		 2589 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2590 attrs);
c27004ec 2591 stl_p(buf, val);
23326164
RH		 2592 break;
2593 case 2:
13eb76e0 2594 /* 16 bit read access */
3b643495
PM		 2595 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2596 attrs);
c27004ec 2597 stw_p(buf, val);
23326164
RH		 2598 break;
2599 case 1:
1c213d19 2600 /* 8 bit read access */
3b643495
PM		 2601 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2602 attrs);
c27004ec 2603 stb_p(buf, val);
23326164
RH		 2604 break;
2605 default:
2606 abort();
13eb76e0
FB		 2607 }
2608 } else {
2609 /* RAM case */
5c8a00ce 2610 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2611 memcpy(buf, ptr, l);
13eb76e0
FB		 2612 }
2613 }
4840f10e
JK		 2614
2615 if (release_lock) {
2616 qemu_mutex_unlock_iothread();
2617 release_lock = false;
2618 }
2619
13eb76e0
FB		 2620 len -= l;
2621 buf += l;
2622 addr += l;
2623 }
41063e1e 2624 rcu_read_unlock();
fd8aaa76 2625
3b643495 2626 return result;
13eb76e0 2627}
8df1cd07 2628
5c9eb028
PM		 2629MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2630 const uint8_t *buf, int len)
ac1970fb 2631{
5c9eb028 2632 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2633}
2634
5c9eb028
PM		 2635MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2636 uint8_t *buf, int len)
ac1970fb 2637{
5c9eb028 2638 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2639}
2640
2641
a8170e5e 2642void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2643 int len, int is_write)
2644{
5c9eb028
PM		 2645 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2646 buf, len, is_write);
ac1970fb
AK		 2647}
2648
582b55a9
AG		 2649enum write_rom_type {
2650 WRITE_DATA,
2651 FLUSH_CACHE,
2652};
2653
2a221651 2654static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2655 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2656{
149f54b5 2657 hwaddr l;
d0ecd2aa 2658 uint8_t *ptr;
149f54b5 2659 hwaddr addr1;
5c8a00ce 2660 MemoryRegion *mr;
3b46e624 2661
41063e1e 2662 rcu_read_lock();
d0ecd2aa 2663 while (len > 0) {
149f54b5 2664 l = len;
2a221651 2665 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2666
5c8a00ce
PB		 2667 if (!(memory_region_is_ram(mr) ||
2668 memory_region_is_romd(mr))) {
b242e0e0 2669 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2670 } else {
5c8a00ce 2671 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2672 /* ROM/RAM case */
5579c7f3 2673 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2674 switch (type) {
2675 case WRITE_DATA:
2676 memcpy(ptr, buf, l);
845b6214 2677 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2678 break;
2679 case FLUSH_CACHE:
2680 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2681 break;
2682 }
d0ecd2aa
FB		 2683 }
2684 len -= l;
2685 buf += l;
2686 addr += l;
2687 }
41063e1e 2688 rcu_read_unlock();
d0ecd2aa
FB		 2689}
2690
582b55a9 2691/* used for ROM loading : can write in RAM and ROM */
2a221651 2692void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2693 const uint8_t *buf, int len)
2694{
2a221651 2695 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2696}
2697
2698void cpu_flush_icache_range(hwaddr start, int len)
2699{
2700 /*
2701 * This function should do the same thing as an icache flush that was
2702 * triggered from within the guest. For TCG we are always cache coherent,
2703 * so there is no need to flush anything. For KVM / Xen we need to flush
2704 * the host's instruction cache at least.
2705 */
2706 if (tcg_enabled()) {
2707 return;
2708 }
2709
2a221651
EI		 2710 cpu_physical_memory_write_rom_internal(&address_space_memory,
2711 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2712}
2713
6d16c2f8 2714typedef struct {
d3e71559 2715 MemoryRegion *mr;
6d16c2f8 2716 void *buffer;
a8170e5e
AK		 2717 hwaddr addr;
2718 hwaddr len;
c2cba0ff 2719 bool in_use;
6d16c2f8
AL		 2720} BounceBuffer;
2721
2722static BounceBuffer bounce;
2723
ba223c29 2724typedef struct MapClient {
e95205e1 2725 QEMUBH *bh;
72cf2d4f 2726 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2727} MapClient;
2728
38e047b5 2729QemuMutex map_client_list_lock;
72cf2d4f
BS		 2730static QLIST_HEAD(map_client_list, MapClient) map_client_list
2731 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2732
e95205e1
FZ		 2733static void cpu_unregister_map_client_do(MapClient *client)
2734{
2735 QLIST_REMOVE(client, link);
2736 g_free(client);
2737}
2738
33b6c2ed
FZ		 2739static void cpu_notify_map_clients_locked(void)
2740{
2741 MapClient *client;
2742
2743 while (!QLIST_EMPTY(&map_client_list)) {
2744 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2745 qemu_bh_schedule(client->bh);
2746 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2747 }
2748}
2749
e95205e1 2750void cpu_register_map_client(QEMUBH *bh)
ba223c29 2751{
7267c094 2752 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2753
38e047b5 2754 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2755 client->bh = bh;
72cf2d4f 2756 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2757 if (!atomic_read(&bounce.in_use)) {
2758 cpu_notify_map_clients_locked();
2759 }
38e047b5 2760 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2761}
2762
38e047b5 2763void cpu_exec_init_all(void)
ba223c29 2764{
38e047b5 2765 qemu_mutex_init(&ram_list.mutex);
38e047b5 2766 io_mem_init();
680a4783 2767 memory_map_init();
38e047b5 2768 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2769}
2770
e95205e1 2771void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2772{
2773 MapClient *client;
2774
e95205e1
FZ		 2775 qemu_mutex_lock(&map_client_list_lock);
2776 QLIST_FOREACH(client, &map_client_list, link) {
2777 if (client->bh == bh) {
2778 cpu_unregister_map_client_do(client);
2779 break;
2780 }
ba223c29 2781 }
e95205e1 2782 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2783}
2784
2785static void cpu_notify_map_clients(void)
2786{
38e047b5 2787 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2788 cpu_notify_map_clients_locked();
38e047b5 2789 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2790}
2791
51644ab7
PB		 2792bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2793{
5c8a00ce 2794 MemoryRegion *mr;
51644ab7
PB		 2795 hwaddr l, xlat;
2796
41063e1e 2797 rcu_read_lock();
51644ab7
PB		 2798 while (len > 0) {
2799 l = len;
5c8a00ce
PB		 2800 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2801 if (!memory_access_is_direct(mr, is_write)) {
2802 l = memory_access_size(mr, l, addr);
2803 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2804 return false;
2805 }
2806 }
2807
2808 len -= l;
2809 addr += l;
2810 }
41063e1e 2811 rcu_read_unlock();
51644ab7
PB		 2812 return true;
2813}
2814
6d16c2f8
AL		 2815/* Map a physical memory region into a host virtual address.
2816 * May map a subset of the requested range, given by and returned in *plen.
2817 * May return NULL if resources needed to perform the mapping are exhausted.
2818 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2819 * Use cpu_register_map_client() to know when retrying the map operation is
2820 * likely to succeed.
6d16c2f8 2821 */
ac1970fb 2822void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2823 hwaddr addr,
2824 hwaddr *plen,
ac1970fb 2825 bool is_write)
6d16c2f8 2826{
a8170e5e 2827 hwaddr len = *plen;
e3127ae0
PB		 2828 hwaddr done = 0;
2829 hwaddr l, xlat, base;
2830 MemoryRegion *mr, *this_mr;
2831 ram_addr_t raddr;
6d16c2f8 2832
e3127ae0
PB		 2833 if (len == 0) {
2834 return NULL;
2835 }
38bee5dc 2836
e3127ae0 2837 l = len;
41063e1e 2838 rcu_read_lock();
e3127ae0 2839 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2840
e3127ae0 2841 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2842 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2843 rcu_read_unlock();
e3127ae0 2844 return NULL;
6d16c2f8 2845 }
e85d9db5
KW		 2846 /* Avoid unbounded allocations */
2847 l = MIN(l, TARGET_PAGE_SIZE);
2848 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2849 bounce.addr = addr;
2850 bounce.len = l;
d3e71559
PB		 2851
2852 memory_region_ref(mr);
2853 bounce.mr = mr;
e3127ae0 2854 if (!is_write) {
5c9eb028
PM		 2855 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2856 bounce.buffer, l);
8ab934f9 2857 }
6d16c2f8 2858
41063e1e 2859 rcu_read_unlock();
e3127ae0
PB		 2860 *plen = l;
2861 return bounce.buffer;
2862 }
2863
2864 base = xlat;
2865 raddr = memory_region_get_ram_addr(mr);
2866
2867 for (;;) {
6d16c2f8
AL		 2868 len -= l;
2869 addr += l;
e3127ae0
PB		 2870 done += l;
2871 if (len == 0) {
2872 break;
2873 }
2874
2875 l = len;
2876 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2877 if (this_mr != mr || xlat != base + done) {
2878 break;
2879 }
6d16c2f8 2880 }
e3127ae0 2881
d3e71559 2882 memory_region_ref(mr);
41063e1e 2883 rcu_read_unlock();
e3127ae0
PB		 2884 *plen = done;
2885 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2886}
2887
ac1970fb 2888/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2889 * Will also mark the memory as dirty if is_write == 1. access_len gives
2890 * the amount of memory that was actually read or written by the caller.
2891 */
a8170e5e
AK		 2892void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2893 int is_write, hwaddr access_len)
6d16c2f8
AL		 2894{
2895 if (buffer != bounce.buffer) {
d3e71559
PB		 2896 MemoryRegion *mr;
2897 ram_addr_t addr1;
2898
2899 mr = qemu_ram_addr_from_host(buffer, &addr1);
2900 assert(mr != NULL);
6d16c2f8 2901 if (is_write) {
845b6214 2902 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2903 }
868bb33f 2904 if (xen_enabled()) {
e41d7c69 2905 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2906 }
d3e71559 2907 memory_region_unref(mr);
6d16c2f8
AL		 2908 return;
2909 }
2910 if (is_write) {
5c9eb028
PM		 2911 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2912 bounce.buffer, access_len);
6d16c2f8 2913 }
f8a83245 2914 qemu_vfree(bounce.buffer);
6d16c2f8 2915 bounce.buffer = NULL;
d3e71559 2916 memory_region_unref(bounce.mr);
c2cba0ff 2917 atomic_mb_set(&bounce.in_use, false);
ba223c29 2918 cpu_notify_map_clients();
6d16c2f8 2919}
d0ecd2aa 2920
a8170e5e
AK		 2921void *cpu_physical_memory_map(hwaddr addr,
2922 hwaddr *plen,
ac1970fb
AK		 2923 int is_write)
2924{
2925 return address_space_map(&address_space_memory, addr, plen, is_write);
2926}
2927
a8170e5e
AK		 2928void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2929 int is_write, hwaddr access_len)
ac1970fb
AK		 2930{
2931 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2932}
2933
8df1cd07 2934/* warning: addr must be aligned */
50013115
PM		 2935static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2936 MemTxAttrs attrs,
2937 MemTxResult *result,
2938 enum device_endian endian)
8df1cd07 2939{
8df1cd07 2940 uint8_t *ptr;
791af8c8 2941 uint64_t val;
5c8a00ce 2942 MemoryRegion *mr;
149f54b5
PB		 2943 hwaddr l = 4;
2944 hwaddr addr1;
50013115 2945 MemTxResult r;
4840f10e 2946 bool release_lock = false;
8df1cd07 2947
41063e1e 2948 rcu_read_lock();
fdfba1a2 2949 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2950 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2951 release_lock |= prepare_mmio_access(mr);
125b3806 2952
8df1cd07 2953 /* I/O case */
50013115 2954 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2955#if defined(TARGET_WORDS_BIGENDIAN)
2956 if (endian == DEVICE_LITTLE_ENDIAN) {
2957 val = bswap32(val);
2958 }
2959#else
2960 if (endian == DEVICE_BIG_ENDIAN) {
2961 val = bswap32(val);
2962 }
2963#endif
8df1cd07
FB		 2964 } else {
2965 /* RAM case */
5c8a00ce 2966 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2967 & TARGET_PAGE_MASK)
149f54b5 2968 + addr1);
1e78bcc1
AG		 2969 switch (endian) {
2970 case DEVICE_LITTLE_ENDIAN:
2971 val = ldl_le_p(ptr);
2972 break;
2973 case DEVICE_BIG_ENDIAN:
2974 val = ldl_be_p(ptr);
2975 break;
2976 default:
2977 val = ldl_p(ptr);
2978 break;
2979 }
50013115
PM		 2980 r = MEMTX_OK;
2981 }
2982 if (result) {
2983 *result = r;
8df1cd07 2984 }
4840f10e
JK		 2985 if (release_lock) {
2986 qemu_mutex_unlock_iothread();
2987 }
41063e1e 2988 rcu_read_unlock();
8df1cd07
FB		 2989 return val;
2990}
2991
50013115
PM		 2992uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2993 MemTxAttrs attrs, MemTxResult *result)
2994{
2995 return address_space_ldl_internal(as, addr, attrs, result,
2996 DEVICE_NATIVE_ENDIAN);
2997}
2998
2999uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3000 MemTxAttrs attrs, MemTxResult *result)
3001{
3002 return address_space_ldl_internal(as, addr, attrs, result,
3003 DEVICE_LITTLE_ENDIAN);
3004}
3005
3006uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3007 MemTxAttrs attrs, MemTxResult *result)
3008{
3009 return address_space_ldl_internal(as, addr, attrs, result,
3010 DEVICE_BIG_ENDIAN);
3011}
3012
fdfba1a2 3013uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3014{
50013115 3015 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3016}
3017
fdfba1a2 3018uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3019{
50013115 3020 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3021}
3022
fdfba1a2 3023uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3024{
50013115 3025 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3026}
3027
84b7b8e7 3028/* warning: addr must be aligned */
50013115
PM		 3029static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3030 MemTxAttrs attrs,
3031 MemTxResult *result,
3032 enum device_endian endian)
84b7b8e7 3033{
84b7b8e7
FB		 3034 uint8_t *ptr;
3035 uint64_t val;
5c8a00ce 3036 MemoryRegion *mr;
149f54b5
PB		 3037 hwaddr l = 8;
3038 hwaddr addr1;
50013115 3039 MemTxResult r;
4840f10e 3040 bool release_lock = false;
84b7b8e7 3041
41063e1e 3042 rcu_read_lock();
2c17449b 3043 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3044 false);
3045 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3046 release_lock |= prepare_mmio_access(mr);
125b3806 3047
84b7b8e7 3048 /* I/O case */
50013115 3049 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3050#if defined(TARGET_WORDS_BIGENDIAN)
3051 if (endian == DEVICE_LITTLE_ENDIAN) {
3052 val = bswap64(val);
3053 }
3054#else
3055 if (endian == DEVICE_BIG_ENDIAN) {
3056 val = bswap64(val);
3057 }
84b7b8e7
FB		 3058#endif
3059 } else {
3060 /* RAM case */
5c8a00ce 3061 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3062 & TARGET_PAGE_MASK)
149f54b5 3063 + addr1);
1e78bcc1
AG		 3064 switch (endian) {
3065 case DEVICE_LITTLE_ENDIAN:
3066 val = ldq_le_p(ptr);
3067 break;
3068 case DEVICE_BIG_ENDIAN:
3069 val = ldq_be_p(ptr);
3070 break;
3071 default:
3072 val = ldq_p(ptr);
3073 break;
3074 }
50013115
PM		 3075 r = MEMTX_OK;
3076 }
3077 if (result) {
3078 *result = r;
84b7b8e7 3079 }
4840f10e
JK		 3080 if (release_lock) {
3081 qemu_mutex_unlock_iothread();
3082 }
41063e1e 3083 rcu_read_unlock();
84b7b8e7
FB		 3084 return val;
3085}
3086
50013115
PM		 3087uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3088 MemTxAttrs attrs, MemTxResult *result)
3089{
3090 return address_space_ldq_internal(as, addr, attrs, result,
3091 DEVICE_NATIVE_ENDIAN);
3092}
3093
3094uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3095 MemTxAttrs attrs, MemTxResult *result)
3096{
3097 return address_space_ldq_internal(as, addr, attrs, result,
3098 DEVICE_LITTLE_ENDIAN);
3099}
3100
3101uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3102 MemTxAttrs attrs, MemTxResult *result)
3103{
3104 return address_space_ldq_internal(as, addr, attrs, result,
3105 DEVICE_BIG_ENDIAN);
3106}
3107
2c17449b 3108uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3109{
50013115 3110 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3111}
3112
2c17449b 3113uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3114{
50013115 3115 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3116}
3117
2c17449b 3118uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3119{
50013115 3120 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3121}
3122
aab33094 3123/* XXX: optimize */
50013115
PM		 3124uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3125 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3126{
3127 uint8_t val;
50013115
PM		 3128 MemTxResult r;
3129
3130 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3131 if (result) {
3132 *result = r;
3133 }
aab33094
FB		 3134 return val;
3135}
3136
50013115
PM		 3137uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3138{
3139 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3140}
3141
733f0b02 3142/* warning: addr must be aligned */
50013115
PM		 3143static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3144 hwaddr addr,
3145 MemTxAttrs attrs,
3146 MemTxResult *result,
3147 enum device_endian endian)
aab33094 3148{
733f0b02
MT		 3149 uint8_t *ptr;
3150 uint64_t val;
5c8a00ce 3151 MemoryRegion *mr;
149f54b5
PB		 3152 hwaddr l = 2;
3153 hwaddr addr1;
50013115 3154 MemTxResult r;
4840f10e 3155 bool release_lock = false;
733f0b02 3156
41063e1e 3157 rcu_read_lock();
41701aa4 3158 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3159 false);
3160 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3161 release_lock |= prepare_mmio_access(mr);
125b3806 3162
733f0b02 3163 /* I/O case */
50013115 3164 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3165#if defined(TARGET_WORDS_BIGENDIAN)
3166 if (endian == DEVICE_LITTLE_ENDIAN) {
3167 val = bswap16(val);
3168 }
3169#else
3170 if (endian == DEVICE_BIG_ENDIAN) {
3171 val = bswap16(val);
3172 }
3173#endif
733f0b02
MT		 3174 } else {
3175 /* RAM case */
5c8a00ce 3176 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3177 & TARGET_PAGE_MASK)
149f54b5 3178 + addr1);
1e78bcc1
AG		 3179 switch (endian) {
3180 case DEVICE_LITTLE_ENDIAN:
3181 val = lduw_le_p(ptr);
3182 break;
3183 case DEVICE_BIG_ENDIAN:
3184 val = lduw_be_p(ptr);
3185 break;
3186 default:
3187 val = lduw_p(ptr);
3188 break;
3189 }
50013115
PM		 3190 r = MEMTX_OK;
3191 }
3192 if (result) {
3193 *result = r;
733f0b02 3194 }
4840f10e
JK		 3195 if (release_lock) {
3196 qemu_mutex_unlock_iothread();
3197 }
41063e1e 3198 rcu_read_unlock();
733f0b02 3199 return val;
aab33094
FB		 3200}
3201
50013115
PM		 3202uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3203 MemTxAttrs attrs, MemTxResult *result)
3204{
3205 return address_space_lduw_internal(as, addr, attrs, result,
3206 DEVICE_NATIVE_ENDIAN);
3207}
3208
3209uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3210 MemTxAttrs attrs, MemTxResult *result)
3211{
3212 return address_space_lduw_internal(as, addr, attrs, result,
3213 DEVICE_LITTLE_ENDIAN);
3214}
3215
3216uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3217 MemTxAttrs attrs, MemTxResult *result)
3218{
3219 return address_space_lduw_internal(as, addr, attrs, result,
3220 DEVICE_BIG_ENDIAN);
3221}
3222
41701aa4 3223uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3224{
50013115 3225 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3226}
3227
41701aa4 3228uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3229{
50013115 3230 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3231}
3232
41701aa4 3233uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3234{
50013115 3235 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3236}
3237
8df1cd07
FB		 3238/* warning: addr must be aligned. The ram page is not masked as dirty
3239 and the code inside is not invalidated. It is useful if the dirty
3240 bits are used to track modified PTEs */
50013115
PM		 3241void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3242 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3243{
8df1cd07 3244 uint8_t *ptr;
5c8a00ce 3245 MemoryRegion *mr;
149f54b5
PB		 3246 hwaddr l = 4;
3247 hwaddr addr1;
50013115 3248 MemTxResult r;
845b6214 3249 uint8_t dirty_log_mask;
4840f10e 3250 bool release_lock = false;
8df1cd07 3251
41063e1e 3252 rcu_read_lock();
2198a121 3253 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3254 true);
3255 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3256 release_lock |= prepare_mmio_access(mr);
125b3806 3257
50013115 3258 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3259 } else {
5c8a00ce 3260 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3261 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3262 stl_p(ptr, val);
74576198 3263
845b6214
PB		 3264 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3265 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3266 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3267 r = MEMTX_OK;
3268 }
3269 if (result) {
3270 *result = r;
8df1cd07 3271 }
4840f10e
JK		 3272 if (release_lock) {
3273 qemu_mutex_unlock_iothread();
3274 }
41063e1e 3275 rcu_read_unlock();
8df1cd07
FB		 3276}
3277
50013115
PM		 3278void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3279{
3280 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3281}
3282
8df1cd07 3283/* warning: addr must be aligned */
50013115
PM		 3284static inline void address_space_stl_internal(AddressSpace *as,
3285 hwaddr addr, uint32_t val,
3286 MemTxAttrs attrs,
3287 MemTxResult *result,
3288 enum device_endian endian)
8df1cd07 3289{
8df1cd07 3290 uint8_t *ptr;
5c8a00ce 3291 MemoryRegion *mr;
149f54b5
PB		 3292 hwaddr l = 4;
3293 hwaddr addr1;
50013115 3294 MemTxResult r;
4840f10e 3295 bool release_lock = false;
8df1cd07 3296
41063e1e 3297 rcu_read_lock();
ab1da857 3298 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3299 true);
3300 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3301 release_lock |= prepare_mmio_access(mr);
125b3806 3302
1e78bcc1
AG		 3303#if defined(TARGET_WORDS_BIGENDIAN)
3304 if (endian == DEVICE_LITTLE_ENDIAN) {
3305 val = bswap32(val);
3306 }
3307#else
3308 if (endian == DEVICE_BIG_ENDIAN) {
3309 val = bswap32(val);
3310 }
3311#endif
50013115 3312 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3313 } else {
8df1cd07 3314 /* RAM case */
5c8a00ce 3315 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3316 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3317 switch (endian) {
3318 case DEVICE_LITTLE_ENDIAN:
3319 stl_le_p(ptr, val);
3320 break;
3321 case DEVICE_BIG_ENDIAN:
3322 stl_be_p(ptr, val);
3323 break;
3324 default:
3325 stl_p(ptr, val);
3326 break;
3327 }
845b6214 3328 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3329 r = MEMTX_OK;
3330 }
3331 if (result) {
3332 *result = r;
8df1cd07 3333 }
4840f10e
JK		 3334 if (release_lock) {
3335 qemu_mutex_unlock_iothread();
3336 }
41063e1e 3337 rcu_read_unlock();
8df1cd07
FB		 3338}
3339
50013115
PM		 3340void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3341 MemTxAttrs attrs, MemTxResult *result)
3342{
3343 address_space_stl_internal(as, addr, val, attrs, result,
3344 DEVICE_NATIVE_ENDIAN);
3345}
3346
3347void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3348 MemTxAttrs attrs, MemTxResult *result)
3349{
3350 address_space_stl_internal(as, addr, val, attrs, result,
3351 DEVICE_LITTLE_ENDIAN);
3352}
3353
3354void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3355 MemTxAttrs attrs, MemTxResult *result)
3356{
3357 address_space_stl_internal(as, addr, val, attrs, result,
3358 DEVICE_BIG_ENDIAN);
3359}
3360
ab1da857 3361void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3362{
50013115 3363 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3364}
3365
ab1da857 3366void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3367{
50013115 3368 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3369}
3370
ab1da857 3371void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3372{
50013115 3373 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3374}
3375
aab33094 3376/* XXX: optimize */
50013115
PM		 3377void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3378 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3379{
3380 uint8_t v = val;
50013115
PM		 3381 MemTxResult r;
3382
3383 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3384 if (result) {
3385 *result = r;
3386 }
3387}
3388
3389void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3390{
3391 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3392}
3393
733f0b02 3394/* warning: addr must be aligned */
50013115
PM		 3395static inline void address_space_stw_internal(AddressSpace *as,
3396 hwaddr addr, uint32_t val,
3397 MemTxAttrs attrs,
3398 MemTxResult *result,
3399 enum device_endian endian)
aab33094 3400{
733f0b02 3401 uint8_t *ptr;
5c8a00ce 3402 MemoryRegion *mr;
149f54b5
PB		 3403 hwaddr l = 2;
3404 hwaddr addr1;
50013115 3405 MemTxResult r;
4840f10e 3406 bool release_lock = false;
733f0b02 3407
41063e1e 3408 rcu_read_lock();
5ce5944d 3409 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3410 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3411 release_lock |= prepare_mmio_access(mr);
125b3806 3412
1e78bcc1
AG		 3413#if defined(TARGET_WORDS_BIGENDIAN)
3414 if (endian == DEVICE_LITTLE_ENDIAN) {
3415 val = bswap16(val);
3416 }
3417#else
3418 if (endian == DEVICE_BIG_ENDIAN) {
3419 val = bswap16(val);
3420 }
3421#endif
50013115 3422 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3423 } else {
733f0b02 3424 /* RAM case */
5c8a00ce 3425 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3426 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3427 switch (endian) {
3428 case DEVICE_LITTLE_ENDIAN:
3429 stw_le_p(ptr, val);
3430 break;
3431 case DEVICE_BIG_ENDIAN:
3432 stw_be_p(ptr, val);
3433 break;
3434 default:
3435 stw_p(ptr, val);
3436 break;
3437 }
845b6214 3438 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3439 r = MEMTX_OK;
3440 }
3441 if (result) {
3442 *result = r;
733f0b02 3443 }
4840f10e
JK		 3444 if (release_lock) {
3445 qemu_mutex_unlock_iothread();
3446 }
41063e1e 3447 rcu_read_unlock();
aab33094
FB		 3448}
3449
50013115
PM		 3450void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3451 MemTxAttrs attrs, MemTxResult *result)
3452{
3453 address_space_stw_internal(as, addr, val, attrs, result,
3454 DEVICE_NATIVE_ENDIAN);
3455}
3456
3457void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3458 MemTxAttrs attrs, MemTxResult *result)
3459{
3460 address_space_stw_internal(as, addr, val, attrs, result,
3461 DEVICE_LITTLE_ENDIAN);
3462}
3463
3464void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3465 MemTxAttrs attrs, MemTxResult *result)
3466{
3467 address_space_stw_internal(as, addr, val, attrs, result,
3468 DEVICE_BIG_ENDIAN);
3469}
3470
5ce5944d 3471void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3472{
50013115 3473 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3474}
3475
5ce5944d 3476void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3477{
50013115 3478 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3479}
3480
5ce5944d 3481void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3482{
50013115 3483 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3484}
3485
aab33094 3486/* XXX: optimize */
50013115
PM		 3487void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
aab33094 3489{
50013115 3490 MemTxResult r;
aab33094 3491 val = tswap64(val);
50013115
PM		 3492 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3493 if (result) {
3494 *result = r;
3495 }
aab33094
FB		 3496}
3497
50013115
PM		 3498void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3499 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3500{
50013115 3501 MemTxResult r;
1e78bcc1 3502 val = cpu_to_le64(val);
50013115
PM		 3503 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3504 if (result) {
3505 *result = r;
3506 }
3507}
3508void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3509 MemTxAttrs attrs, MemTxResult *result)
3510{
3511 MemTxResult r;
3512 val = cpu_to_be64(val);
3513 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3514 if (result) {
3515 *result = r;
3516 }
3517}
3518
3519void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3520{
3521 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3522}
3523
3524void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3525{
3526 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3527}
3528
f606604f 3529void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3530{
50013115 3531 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3532}
3533
5e2972fd 3534/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3535int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3536 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3537{
3538 int l;
a8170e5e 3539 hwaddr phys_addr;
9b3c35e0 3540 target_ulong page;
13eb76e0
FB		 3541
3542 while (len > 0) {
3543 page = addr & TARGET_PAGE_MASK;
f17ec444 3544 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3545 /* if no physical page mapped, return an error */
3546 if (phys_addr == -1)
3547 return -1;
3548 l = (page + TARGET_PAGE_SIZE) - addr;
3549 if (l > len)
3550 l = len;
5e2972fd 3551 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3552 if (is_write) {
3553 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3554 } else {
5c9eb028
PM		 3555 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3556 buf, l, 0);
2e38847b 3557 }
13eb76e0
FB		 3558 len -= l;
3559 buf += l;
3560 addr += l;
3561 }
3562 return 0;
3563}
038629a6
DDAG		 3564
3565/*
3566 * Allows code that needs to deal with migration bitmaps etc to still be built
3567 * target independent.
3568 */
3569size_t qemu_target_page_bits(void)
3570{
3571 return TARGET_PAGE_BITS;
3572}
3573
a68fe89c 3574#endif
13eb76e0 3575
8e4a424b
BS		 3576/*
3577 * A helper function for the _utterly broken_ virtio device model to find out if
3578 * it's running on a big endian machine. Don't do this at home kids!
3579 */
98ed8ecf
GK		 3580bool target_words_bigendian(void);
3581bool target_words_bigendian(void)
8e4a424b
BS		 3582{
3583#if defined(TARGET_WORDS_BIGENDIAN)
3584 return true;
3585#else
3586 return false;
3587#endif
3588}
3589
76f35538 3590#ifndef CONFIG_USER_ONLY
a8170e5e 3591bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3592{
5c8a00ce 3593 MemoryRegion*mr;
149f54b5 3594 hwaddr l = 1;
41063e1e 3595 bool res;
76f35538 3596
41063e1e 3597 rcu_read_lock();
5c8a00ce
PB		 3598 mr = address_space_translate(&address_space_memory,
3599 phys_addr, &phys_addr, &l, false);
76f35538 3600
41063e1e
PB		 3601 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3602 rcu_read_unlock();
3603 return res;
76f35538 3604}
bd2fa51f 3605
e3807054 3606int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3607{
3608 RAMBlock *block;
e3807054 3609 int ret = 0;
bd2fa51f 3610
0dc3f44a
MD		 3611 rcu_read_lock();
3612 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3613 ret = func(block->idstr, block->host, block->offset,
3614 block->used_length, opaque);
3615 if (ret) {
3616 break;
3617 }
bd2fa51f 3618 }
0dc3f44a 3619 rcu_read_unlock();
e3807054 3620 return ret;
bd2fa51f 3621}
ec3f8c99 3622#endif
QEMU mirror