]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: iommu support
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
1de7afc9 32#include "qemu/osdep.h"
9c17d615 33#include "sysemu/kvm.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
022c62cb 37#include "exec/memory.h"
9c17d615 38#include "sysemu/dma.h"
022c62cb 39#include "exec/address-spaces.h"
53a5960a
PB		 40#if defined(CONFIG_USER_ONLY)
41#include <qemu.h>
432d268c 42#else /* !CONFIG_USER_ONLY */
9c17d615 43#include "sysemu/xen-mapcache.h"
6506e4f9 44#include "trace.h"
53a5960a 45#endif
0d6d3c87 46#include "exec/cpu-all.h"
54936004 47
022c62cb 48#include "exec/cputlb.h"
5b6dd868 49#include "translate-all.h"
0cac1b66 50
022c62cb 51#include "exec/memory-internal.h"
67d95c15 52
db7b5426 53//#define DEBUG_SUBPAGE
1196be37 54
e2eef170 55#if !defined(CONFIG_USER_ONLY)
9fa3e853 56int phys_ram_fd;
74576198 57static int in_migration;
94a6b54f 58
a3161038 59RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 60
61static MemoryRegion *system_memory;
309cb471 62static MemoryRegion *system_io;
62152b8a 63
f6790af6
AK		 64AddressSpace address_space_io;
65AddressSpace address_space_memory;
9e11908f 66DMAContext dma_context_memory;
2673a5da 67
0844e007 68MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 69static MemoryRegion io_mem_unassigned;
0e0df1e2 70
e2eef170 71#endif
9fa3e853 72
9349b4f9 73CPUArchState *first_cpu;
6a00d601
FB		 74/* current CPU in the current thread. It is only valid inside
75 cpu_exec() */
9349b4f9 76DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 77/* 0 = Do not count executed instructions.
bf20dc07 78 1 = Precise instruction counting.
2e70f6ef 79 2 = Adaptive rate instruction counting. */
5708fc66 80int use_icount;
6a00d601 81
e2eef170 82#if !defined(CONFIG_USER_ONLY)
4346ae3e 83
1db8abb1
PB		 84typedef struct PhysPageEntry PhysPageEntry;
85
86struct PhysPageEntry {
87 uint16_t is_leaf : 1;
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
89 uint16_t ptr : 15;
90};
91
92struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
95 */
96 PhysPageEntry phys_map;
97 MemoryListener listener;
acc9d80b 98 AddressSpace *as;
1db8abb1
PB		 99};
100
90260c6c
JK		 101#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102typedef struct subpage_t {
103 MemoryRegion iomem;
acc9d80b 104 AddressSpace *as;
90260c6c
JK		 105 hwaddr base;
106 uint16_t sub_section[TARGET_PAGE_SIZE];
107} subpage_t;
108
5312bd8b
AK		 109static MemoryRegionSection *phys_sections;
110static unsigned phys_sections_nb, phys_sections_nb_alloc;
111static uint16_t phys_section_unassigned;
aa102231
AK		 112static uint16_t phys_section_notdirty;
113static uint16_t phys_section_rom;
114static uint16_t phys_section_watch;
5312bd8b 115
d6f2ea22
AK		 116/* Simple allocator for PhysPageEntry nodes */
117static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119
07f07b31 120#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 121
e2eef170 122static void io_mem_init(void);
62152b8a 123static void memory_map_init(void);
8b9c99d9 124static void *qemu_safe_ram_ptr(ram_addr_t addr);
e2eef170 125
1ec9b909 126static MemoryRegion io_mem_watch;
6658ffb8 127#endif
fd6ce8f6 128
6d9a1304 129#if !defined(CONFIG_USER_ONLY)
d6f2ea22 130
f7bf5461 131static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 132{
f7bf5461 133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
140 }
f7bf5461
AK		 141}
142
143static uint16_t phys_map_node_alloc(void)
144{
145 unsigned i;
146 uint16_t ret;
147
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 151 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 152 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 154 }
f7bf5461 155 return ret;
d6f2ea22
AK		 156}
157
158static void phys_map_nodes_reset(void)
159{
160 phys_map_nodes_nb = 0;
161}
162
92e873b9 163
a8170e5e
AK		 164static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
2999097b 166 int level)
f7bf5461
AK		 167{
168 PhysPageEntry *p;
169 int i;
a8170e5e 170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 171
07f07b31 172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 175 if (level == 0) {
176 for (i = 0; i < L2_SIZE; i++) {
07f07b31 177 p[i].is_leaf = 1;
c19e8800 178 p[i].ptr = phys_section_unassigned;
4346ae3e 179 }
67c4d23c 180 }
f7bf5461 181 } else {
c19e8800 182 p = phys_map_nodes[lp->ptr];
92e873b9 183 }
2999097b 184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 185
2999097b 186 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 187 if ((*index & (step - 1)) == 0 && *nb >= step) {
188 lp->is_leaf = true;
c19e8800 189 lp->ptr = leaf;
07f07b31
AK		 190 *index += step;
191 *nb -= step;
2999097b
AK		 192 } else {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
194 }
195 ++lp;
f7bf5461
AK		 196 }
197}
198
ac1970fb 199static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 200 hwaddr index, hwaddr nb,
2999097b 201 uint16_t leaf)
f7bf5461 202{
2999097b 203 /* Wildly overreserve - it doesn't matter much. */
07f07b31 204 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 205
ac1970fb 206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 207}
208
149f54b5 209static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 210{
ac1970fb 211 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 212 PhysPageEntry *p;
213 int i;
f1f6e3b8 214
07f07b31 215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
fd298934 217 return &phys_sections[phys_section_unassigned];
31ab2b4a 218 }
c19e8800 219 p = phys_map_nodes[lp.ptr];
31ab2b4a 220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 221 }
fd298934 222 return &phys_sections[lp.ptr];
f3705d53
AK		 223}
224
e5548617
BS		 225bool memory_region_is_unassigned(MemoryRegion *mr)
226{
2a8e7499 227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 228 && mr != &io_mem_watch;
fd6ce8f6 229}
149f54b5 230
9f029603 231static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
90260c6c
JK		 232 hwaddr addr,
233 bool resolve_subpage)
9f029603 234{
90260c6c
JK		 235 MemoryRegionSection *section;
236 subpage_t *subpage;
237
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
242 }
243 return section;
9f029603
JK		 244}
245
90260c6c
JK		 246static MemoryRegionSection *
247address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 249{
250 MemoryRegionSection *section;
251 Int128 diff;
252
90260c6c 253 section = address_space_lookup_region(as, addr, resolve_subpage);
149f54b5
PB		 254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
256
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
259
260 diff = int128_sub(section->mr->size, int128_make64(addr));
3752a036 261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
149f54b5
PB		 262 return section;
263}
90260c6c 264
5c8a00ce
PB		 265MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
267 bool is_write)
90260c6c 268{
30951157
AK		 269 IOMMUTLBEntry iotlb;
270 MemoryRegionSection *section;
271 MemoryRegion *mr;
272 hwaddr len = *plen;
273
274 for (;;) {
275 section = address_space_translate_internal(as, addr, &addr, plen, true);
276 mr = section->mr;
277
278 if (!mr->iommu_ops) {
279 break;
280 }
281
282 iotlb = mr->iommu_ops->translate(mr, addr);
283 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
284 | (addr & iotlb.addr_mask));
285 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
286 if (!(iotlb.perm & (1 << is_write))) {
287 mr = &io_mem_unassigned;
288 break;
289 }
290
291 as = iotlb.target_as;
292 }
293
294 *plen = len;
295 *xlat = addr;
296 return mr;
90260c6c
JK		 297}
298
299MemoryRegionSection *
300address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
301 hwaddr *plen)
302{
30951157
AK		 303 MemoryRegionSection *section;
304 section = address_space_translate_internal(as, addr, xlat, plen, false);
305
306 assert(!section->mr->iommu_ops);
307 return section;
90260c6c 308}
5b6dd868 309#endif
fd6ce8f6 310
5b6dd868 311void cpu_exec_init_all(void)
fdbb84d1 312{
5b6dd868 313#if !defined(CONFIG_USER_ONLY)
b2a8658e 314 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 315 memory_map_init();
316 io_mem_init();
fdbb84d1 317#endif
5b6dd868 318}
fdbb84d1 319
b170fce3 320#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 321
322static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 323{
259186a7 324 CPUState *cpu = opaque;
a513fe19 325
5b6dd868
BS		 326 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
327 version_id is increased. */
259186a7
AF		 328 cpu->interrupt_request &= ~0x01;
329 tlb_flush(cpu->env_ptr, 1);
5b6dd868
BS		 330
331 return 0;
a513fe19 332}
7501267e 333
5b6dd868
BS		 334static const VMStateDescription vmstate_cpu_common = {
335 .name = "cpu_common",
336 .version_id = 1,
337 .minimum_version_id = 1,
338 .minimum_version_id_old = 1,
339 .post_load = cpu_common_post_load,
340 .fields = (VMStateField []) {
259186a7
AF		 341 VMSTATE_UINT32(halted, CPUState),
342 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868
BS		 343 VMSTATE_END_OF_LIST()
344 }
345};
b170fce3
AF		 346#else
347#define vmstate_cpu_common vmstate_dummy
5b6dd868 348#endif
ea041c0e 349
38d8f5c8 350CPUState *qemu_get_cpu(int index)
ea041c0e 351{
5b6dd868 352 CPUArchState *env = first_cpu;
38d8f5c8 353 CPUState *cpu = NULL;
ea041c0e 354
5b6dd868 355 while (env) {
55e5c285
AF		 356 cpu = ENV_GET_CPU(env);
357 if (cpu->cpu_index == index) {
5b6dd868 358 break;
55e5c285 359 }
5b6dd868 360 env = env->next_cpu;
ea041c0e 361 }
5b6dd868 362
d76fddae 363 return env ? cpu : NULL;
ea041c0e
FB		 364}
365
d6b9e0d6
MT		 366void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
367{
368 CPUArchState *env = first_cpu;
369
370 while (env) {
371 func(ENV_GET_CPU(env), data);
372 env = env->next_cpu;
373 }
374}
375
5b6dd868 376void cpu_exec_init(CPUArchState *env)
ea041c0e 377{
5b6dd868 378 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 379 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868
BS		 380 CPUArchState **penv;
381 int cpu_index;
382
383#if defined(CONFIG_USER_ONLY)
384 cpu_list_lock();
385#endif
386 env->next_cpu = NULL;
387 penv = &first_cpu;
388 cpu_index = 0;
389 while (*penv != NULL) {
390 penv = &(*penv)->next_cpu;
391 cpu_index++;
392 }
55e5c285 393 cpu->cpu_index = cpu_index;
1b1ed8dc 394 cpu->numa_node = 0;
5b6dd868
BS		 395 QTAILQ_INIT(&env->breakpoints);
396 QTAILQ_INIT(&env->watchpoints);
397#ifndef CONFIG_USER_ONLY
398 cpu->thread_id = qemu_get_thread_id();
399#endif
400 *penv = env;
401#if defined(CONFIG_USER_ONLY)
402 cpu_list_unlock();
403#endif
259186a7 404 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
5b6dd868 405#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 406 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
407 cpu_save, cpu_load, env);
b170fce3 408 assert(cc->vmsd == NULL);
5b6dd868 409#endif
b170fce3
AF		 410 if (cc->vmsd != NULL) {
411 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
412 }
ea041c0e
FB		 413}
414
1fddef4b 415#if defined(TARGET_HAS_ICE)
94df27fd 416#if defined(CONFIG_USER_ONLY)
9349b4f9 417static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 418{
419 tb_invalidate_phys_page_range(pc, pc + 1, 0);
420}
421#else
1e7855a5
MF		 422static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
423{
9d70c4b7
MF		 424 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
425 (pc & ~TARGET_PAGE_MASK));
1e7855a5 426}
c27004ec 427#endif
94df27fd 428#endif /* TARGET_HAS_ICE */
d720b93d 429
c527ee8f 430#if defined(CONFIG_USER_ONLY)
9349b4f9 431void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 432
433{
434}
435
9349b4f9 436int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 437 int flags, CPUWatchpoint **watchpoint)
438{
439 return -ENOSYS;
440}
441#else
6658ffb8 442/* Add a watchpoint. */
9349b4f9 443int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 444 int flags, CPUWatchpoint **watchpoint)
6658ffb8 445{
b4051334 446 target_ulong len_mask = ~(len - 1);
c0ce998e 447 CPUWatchpoint *wp;
6658ffb8 448
b4051334 449 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 450 if ((len & (len - 1)) || (addr & ~len_mask) ||
451 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 452 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
453 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
454 return -EINVAL;
455 }
7267c094 456 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 457
458 wp->vaddr = addr;
b4051334 459 wp->len_mask = len_mask;
a1d1bb31
AL		 460 wp->flags = flags;
461
2dc9f411 462 /* keep all GDB-injected watchpoints in front */
c0ce998e 463 if (flags & BP_GDB)
72cf2d4f 464 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 465 else
72cf2d4f 466 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 467
6658ffb8 468 tlb_flush_page(env, addr);
a1d1bb31
AL		 469
470 if (watchpoint)
471 *watchpoint = wp;
472 return 0;
6658ffb8
PB		 473}
474
a1d1bb31 475/* Remove a specific watchpoint. */
9349b4f9 476int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 477 int flags)
6658ffb8 478{
b4051334 479 target_ulong len_mask = ~(len - 1);
a1d1bb31 480 CPUWatchpoint *wp;
6658ffb8 481
72cf2d4f 482 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 483 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 484 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 485 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 486 return 0;
487 }
488 }
a1d1bb31 489 return -ENOENT;
6658ffb8
PB		 490}
491
a1d1bb31 492/* Remove a specific watchpoint by reference. */
9349b4f9 493void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 494{
72cf2d4f 495 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 496
a1d1bb31
AL		 497 tlb_flush_page(env, watchpoint->vaddr);
498
7267c094 499 g_free(watchpoint);
a1d1bb31
AL		 500}
501
502/* Remove all matching watchpoints. */
9349b4f9 503void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 504{
c0ce998e 505 CPUWatchpoint *wp, *next;
a1d1bb31 506
72cf2d4f 507 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 508 if (wp->flags & mask)
509 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 510 }
7d03f82f 511}
c527ee8f 512#endif
7d03f82f 513
a1d1bb31 514/* Add a breakpoint. */
9349b4f9 515int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 516 CPUBreakpoint **breakpoint)
4c3a88a2 517{
1fddef4b 518#if defined(TARGET_HAS_ICE)
c0ce998e 519 CPUBreakpoint *bp;
3b46e624 520
7267c094 521 bp = g_malloc(sizeof(*bp));
4c3a88a2 522
a1d1bb31
AL		 523 bp->pc = pc;
524 bp->flags = flags;
525
2dc9f411 526 /* keep all GDB-injected breakpoints in front */
c0ce998e 527 if (flags & BP_GDB)
72cf2d4f 528 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 529 else
72cf2d4f 530 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 531
d720b93d 532 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 533
534 if (breakpoint)
535 *breakpoint = bp;
4c3a88a2
FB		 536 return 0;
537#else
a1d1bb31 538 return -ENOSYS;
4c3a88a2
FB		 539#endif
540}
541
a1d1bb31 542/* Remove a specific breakpoint. */
9349b4f9 543int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 544{
7d03f82f 545#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 546 CPUBreakpoint *bp;
547
72cf2d4f 548 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 549 if (bp->pc == pc && bp->flags == flags) {
550 cpu_breakpoint_remove_by_ref(env, bp);
551 return 0;
552 }
7d03f82f 553 }
a1d1bb31
AL		 554 return -ENOENT;
555#else
556 return -ENOSYS;
7d03f82f
EI		 557#endif
558}
559
a1d1bb31 560/* Remove a specific breakpoint by reference. */
9349b4f9 561void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 562{
1fddef4b 563#if defined(TARGET_HAS_ICE)
72cf2d4f 564 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 565
a1d1bb31
AL		 566 breakpoint_invalidate(env, breakpoint->pc);
567
7267c094 568 g_free(breakpoint);
a1d1bb31
AL		 569#endif
570}
571
572/* Remove all matching breakpoints. */
9349b4f9 573void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 574{
575#if defined(TARGET_HAS_ICE)
c0ce998e 576 CPUBreakpoint *bp, *next;
a1d1bb31 577
72cf2d4f 578 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 579 if (bp->flags & mask)
580 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 581 }
4c3a88a2
FB		 582#endif
583}
584
c33a346e
FB		 585/* enable or disable single step mode. EXCP_DEBUG is returned by the
586 CPU loop after each instruction */
9349b4f9 587void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 588{
1fddef4b 589#if defined(TARGET_HAS_ICE)
c33a346e
FB		 590 if (env->singlestep_enabled != enabled) {
591 env->singlestep_enabled = enabled;
e22a25c9
AL		 592 if (kvm_enabled())
593 kvm_update_guest_debug(env, 0);
594 else {
ccbb4d44 595 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 596 /* XXX: only flush what is necessary */
597 tb_flush(env);
598 }
c33a346e
FB		 599 }
600#endif
601}
602
9349b4f9 603void cpu_exit(CPUArchState *env)
3098dba0 604{
fcd7d003
AF		 605 CPUState *cpu = ENV_GET_CPU(env);
606
607 cpu->exit_request = 1;
378df4b2 608 cpu->tcg_exit_req = 1;
3098dba0
AJ		 609}
610
9349b4f9 611void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 612{
613 va_list ap;
493ae1f0 614 va_list ap2;
7501267e
FB		 615
616 va_start(ap, fmt);
493ae1f0 617 va_copy(ap2, ap);
7501267e
FB		 618 fprintf(stderr, "qemu: fatal: ");
619 vfprintf(stderr, fmt, ap);
620 fprintf(stderr, "\n");
6fd2a026 621 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 622 if (qemu_log_enabled()) {
623 qemu_log("qemu: fatal: ");
624 qemu_log_vprintf(fmt, ap2);
625 qemu_log("\n");
6fd2a026 626 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 627 qemu_log_flush();
93fcfe39 628 qemu_log_close();
924edcae 629 }
493ae1f0 630 va_end(ap2);
f9373291 631 va_end(ap);
fd052bf6
RV		 632#if defined(CONFIG_USER_ONLY)
633 {
634 struct sigaction act;
635 sigfillset(&act.sa_mask);
636 act.sa_handler = SIG_DFL;
637 sigaction(SIGABRT, &act, NULL);
638 }
639#endif
7501267e
FB		 640 abort();
641}
642
9349b4f9 643CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 644{
9349b4f9
AF		 645 CPUArchState *new_env = cpu_init(env->cpu_model_str);
646 CPUArchState *next_cpu = new_env->next_cpu;
5a38f081
AL		 647#if defined(TARGET_HAS_ICE)
648 CPUBreakpoint *bp;
649 CPUWatchpoint *wp;
650#endif
651
9349b4f9 652 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081 653
55e5c285 654 /* Preserve chaining. */
c5be9f08 655 new_env->next_cpu = next_cpu;
5a38f081
AL		 656
657 /* Clone all break/watchpoints.
658 Note: Once we support ptrace with hw-debug register access, make sure
659 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 660 QTAILQ_INIT(&env->breakpoints);
661 QTAILQ_INIT(&env->watchpoints);
5a38f081 662#if defined(TARGET_HAS_ICE)
72cf2d4f 663 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 664 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
665 }
72cf2d4f 666 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 667 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
668 wp->flags, NULL);
669 }
670#endif
671
c5be9f08
TS		 672 return new_env;
673}
674
0124311e 675#if !defined(CONFIG_USER_ONLY)
d24981d3
JQ		 676static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
677 uintptr_t length)
678{
679 uintptr_t start1;
680
681 /* we modify the TLB cache so that the dirty bit will be set again
682 when accessing the range */
683 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
684 /* Check that we don't span multiple blocks - this breaks the
685 address comparisons below. */
686 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
687 != (end - 1) - start) {
688 abort();
689 }
690 cpu_tlb_reset_dirty_all(start1, length);
691
692}
693
5579c7f3 694/* Note: start and end must be within the same ram block. */
c227f099 695void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 696 int dirty_flags)
1ccde1cb 697{
d24981d3 698 uintptr_t length;
1ccde1cb
FB		 699
700 start &= TARGET_PAGE_MASK;
701 end = TARGET_PAGE_ALIGN(end);
702
703 length = end - start;
704 if (length == 0)
705 return;
f7c11b53 706 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 707
d24981d3
JQ		 708 if (tcg_enabled()) {
709 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 710 }
1ccde1cb
FB		 711}
712
8b9c99d9 713static int cpu_physical_memory_set_dirty_tracking(int enable)
74576198 714{
f6f3fbca 715 int ret = 0;
74576198 716 in_migration = enable;
f6f3fbca 717 return ret;
74576198
AL		 718}
719
a8170e5e 720hwaddr memory_region_section_get_iotlb(CPUArchState *env,
149f54b5
PB		 721 MemoryRegionSection *section,
722 target_ulong vaddr,
723 hwaddr paddr, hwaddr xlat,
724 int prot,
725 target_ulong *address)
e5548617 726{
a8170e5e 727 hwaddr iotlb;
e5548617
BS		 728 CPUWatchpoint *wp;
729
cc5bea60 730 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 731 /* Normal RAM. */
732 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 733 + xlat;
e5548617
BS		 734 if (!section->readonly) {
735 iotlb |= phys_section_notdirty;
736 } else {
737 iotlb |= phys_section_rom;
738 }
739 } else {
e5548617 740 iotlb = section - phys_sections;
149f54b5 741 iotlb += xlat;
e5548617
BS		 742 }
743
744 /* Make accesses to pages with watchpoints go via the
745 watchpoint trap routines. */
746 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
747 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
748 /* Avoid trapping reads of pages with a write breakpoint. */
749 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
750 iotlb = phys_section_watch + paddr;
751 *address |= TLB_MMIO;
752 break;
753 }
754 }
755 }
756
757 return iotlb;
758}
9fa3e853
FB		 759#endif /* defined(CONFIG_USER_ONLY) */
760
e2eef170 761#if !defined(CONFIG_USER_ONLY)
8da3ff18 762
c227f099 763static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 764 uint16_t section);
acc9d80b 765static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
5312bd8b 766static void destroy_page_desc(uint16_t section_index)
54688b1e 767{
5312bd8b
AK		 768 MemoryRegionSection *section = &phys_sections[section_index];
769 MemoryRegion *mr = section->mr;
54688b1e
AK		 770
771 if (mr->subpage) {
772 subpage_t *subpage = container_of(mr, subpage_t, iomem);
773 memory_region_destroy(&subpage->iomem);
774 g_free(subpage);
775 }
776}
777
4346ae3e 778static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 779{
780 unsigned i;
d6f2ea22 781 PhysPageEntry *p;
54688b1e 782
c19e8800 783 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 784 return;
785 }
786
c19e8800 787 p = phys_map_nodes[lp->ptr];
4346ae3e 788 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 789 if (!p[i].is_leaf) {
54688b1e 790 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 791 } else {
c19e8800 792 destroy_page_desc(p[i].ptr);
54688b1e 793 }
54688b1e 794 }
07f07b31 795 lp->is_leaf = 0;
c19e8800 796 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 797}
798
ac1970fb 799static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 800{
ac1970fb 801 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 802 phys_map_nodes_reset();
54688b1e
AK		 803}
804
5312bd8b
AK		 805static uint16_t phys_section_add(MemoryRegionSection *section)
806{
68f3f65b
PB		 807 /* The physical section number is ORed with a page-aligned
808 * pointer to produce the iotlb entries. Thus it should
809 * never overflow into the page-aligned value.
810 */
811 assert(phys_sections_nb < TARGET_PAGE_SIZE);
812
5312bd8b
AK		 813 if (phys_sections_nb == phys_sections_nb_alloc) {
814 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
815 phys_sections = g_renew(MemoryRegionSection, phys_sections,
816 phys_sections_nb_alloc);
817 }
818 phys_sections[phys_sections_nb] = *section;
819 return phys_sections_nb++;
820}
821
822static void phys_sections_clear(void)
823{
824 phys_sections_nb = 0;
825}
826
ac1970fb 827static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 828{
829 subpage_t *subpage;
a8170e5e 830 hwaddr base = section->offset_within_address_space
0f0cb164 831 & TARGET_PAGE_MASK;
ac1970fb 832 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 833 MemoryRegionSection subsection = {
834 .offset_within_address_space = base,
052e87b0 835 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 836 };
a8170e5e 837 hwaddr start, end;
0f0cb164 838
f3705d53 839 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 840
f3705d53 841 if (!(existing->mr->subpage)) {
acc9d80b 842 subpage = subpage_init(d->as, base);
0f0cb164 843 subsection.mr = &subpage->iomem;
ac1970fb 844 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 845 phys_section_add(&subsection));
0f0cb164 846 } else {
f3705d53 847 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 848 }
849 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 850 end = start + int128_get64(section->size) - 1;
0f0cb164
AK		 851 subpage_register(subpage, start, end, phys_section_add(section));
852}
853
854
052e87b0
PB		 855static void register_multipage(AddressSpaceDispatch *d,
856 MemoryRegionSection *section)
33417e70 857{
a8170e5e 858 hwaddr start_addr = section->offset_within_address_space;
5312bd8b 859 uint16_t section_index = phys_section_add(section);
052e87b0
PB		 860 uint64_t num_pages = int128_get64(int128_rshift(section->size,
861 TARGET_PAGE_BITS));
dd81124b 862
733d5ef5
PB		 863 assert(num_pages);
864 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 865}
866
ac1970fb 867static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 868{
ac1970fb 869 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
99b9cc06 870 MemoryRegionSection now = *section, remain = *section;
052e87b0 871 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 872
733d5ef5
PB		 873 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
874 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
875 - now.offset_within_address_space;
876
052e87b0 877 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 878 register_subpage(d, &now);
733d5ef5 879 } else {
052e87b0 880 now.size = int128_zero();
733d5ef5 881 }
052e87b0
PB		 882 while (int128_ne(remain.size, now.size)) {
883 remain.size = int128_sub(remain.size, now.size);
884 remain.offset_within_address_space += int128_get64(now.size);
885 remain.offset_within_region += int128_get64(now.size);
69b67646 886 now = remain;
052e87b0 887 if (int128_lt(remain.size, page_size)) {
733d5ef5
PB		 888 register_subpage(d, &now);
889 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
052e87b0 890 now.size = page_size;
ac1970fb 891 register_subpage(d, &now);
69b67646 892 } else {
052e87b0 893 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 894 register_multipage(d, &now);
69b67646 895 }
0f0cb164
AK		 896 }
897}
898
62a2744c
SY		 899void qemu_flush_coalesced_mmio_buffer(void)
900{
901 if (kvm_enabled())
902 kvm_flush_coalesced_mmio_buffer();
903}
904
b2a8658e
UD		 905void qemu_mutex_lock_ramlist(void)
906{
907 qemu_mutex_lock(&ram_list.mutex);
908}
909
910void qemu_mutex_unlock_ramlist(void)
911{
912 qemu_mutex_unlock(&ram_list.mutex);
913}
914
c902760f
MT		 915#if defined(__linux__) && !defined(TARGET_S390X)
916
917#include <sys/vfs.h>
918
919#define HUGETLBFS_MAGIC 0x958458f6
920
921static long gethugepagesize(const char *path)
922{
923 struct statfs fs;
924 int ret;
925
926 do {
9742bf26 927 ret = statfs(path, &fs);
c902760f
MT		 928 } while (ret != 0 && errno == EINTR);
929
930 if (ret != 0) {
9742bf26
YT		 931 perror(path);
932 return 0;
c902760f
MT		 933 }
934
935 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 936 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 937
938 return fs.f_bsize;
939}
940
04b16653
AW		 941static void *file_ram_alloc(RAMBlock *block,
942 ram_addr_t memory,
943 const char *path)
c902760f
MT		 944{
945 char *filename;
8ca761f6
PF		 946 char *sanitized_name;
947 char *c;
c902760f
MT		 948 void *area;
949 int fd;
950#ifdef MAP_POPULATE
951 int flags;
952#endif
953 unsigned long hpagesize;
954
955 hpagesize = gethugepagesize(path);
956 if (!hpagesize) {
9742bf26 957 return NULL;
c902760f
MT		 958 }
959
960 if (memory < hpagesize) {
961 return NULL;
962 }
963
964 if (kvm_enabled() && !kvm_has_sync_mmu()) {
965 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
966 return NULL;
967 }
968
8ca761f6
PF		 969 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
970 sanitized_name = g_strdup(block->mr->name);
971 for (c = sanitized_name; *c != '\0'; c++) {
972 if (*c == '/')
973 *c = '_';
974 }
975
976 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
977 sanitized_name);
978 g_free(sanitized_name);
c902760f
MT		 979
980 fd = mkstemp(filename);
981 if (fd < 0) {
9742bf26 982 perror("unable to create backing store for hugepages");
e4ada482 983 g_free(filename);
9742bf26 984 return NULL;
c902760f
MT		 985 }
986 unlink(filename);
e4ada482 987 g_free(filename);
c902760f
MT		 988
989 memory = (memory+hpagesize-1) & ~(hpagesize-1);
990
991 /*
992 * ftruncate is not supported by hugetlbfs in older
993 * hosts, so don't bother bailing out on errors.
994 * If anything goes wrong with it under other filesystems,
995 * mmap will fail.
996 */
997 if (ftruncate(fd, memory))
9742bf26 998 perror("ftruncate");
c902760f
MT		 999
1000#ifdef MAP_POPULATE
1001 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
1002 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
1003 * to sidestep this quirk.
1004 */
1005 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
1006 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
1007#else
1008 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1009#endif
1010 if (area == MAP_FAILED) {
9742bf26
YT		 1011 perror("file_ram_alloc: can't mmap RAM pages");
1012 close(fd);
1013 return (NULL);
c902760f 1014 }
04b16653 1015 block->fd = fd;
c902760f
MT		 1016 return area;
1017}
1018#endif
1019
d17b5288 1020static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1021{
1022 RAMBlock *block, *next_block;
3e837b2c 1023 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1024
49cd9ac6
SH		 1025 assert(size != 0); /* it would hand out same offset multiple times */
1026
a3161038 1027 if (QTAILQ_EMPTY(&ram_list.blocks))
04b16653
AW		 1028 return 0;
1029
a3161038 1030 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 1031 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 1032
1033 end = block->offset + block->length;
1034
a3161038 1035 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
04b16653
AW		 1036 if (next_block->offset >= end) {
1037 next = MIN(next, next_block->offset);
1038 }
1039 }
1040 if (next - end >= size && next - end < mingap) {
3e837b2c 1041 offset = end;
04b16653
AW		 1042 mingap = next - end;
1043 }
1044 }
3e837b2c
AW		 1045
1046 if (offset == RAM_ADDR_MAX) {
1047 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1048 (uint64_t)size);
1049 abort();
1050 }
1051
04b16653
AW		 1052 return offset;
1053}
1054
652d7ec2 1055ram_addr_t last_ram_offset(void)
d17b5288
AW		 1056{
1057 RAMBlock *block;
1058 ram_addr_t last = 0;
1059
a3161038 1060 QTAILQ_FOREACH(block, &ram_list.blocks, next)
d17b5288
AW		 1061 last = MAX(last, block->offset + block->length);
1062
1063 return last;
1064}
1065
ddb97f1d
JB		 1066static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1067{
1068 int ret;
1069 QemuOpts *machine_opts;
1070
1071 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1072 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1073 if (machine_opts &&
1074 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1075 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1076 if (ret) {
1077 perror("qemu_madvise");
1078 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1079 "but dump_guest_core=off specified\n");
1080 }
1081 }
1082}
1083
c5705a77 1084void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 1085{
1086 RAMBlock *new_block, *block;
1087
c5705a77 1088 new_block = NULL;
a3161038 1089 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77
AK		 1090 if (block->offset == addr) {
1091 new_block = block;
1092 break;
1093 }
1094 }
1095 assert(new_block);
1096 assert(!new_block->idstr[0]);
84b89d78 1097
09e5ab63
AL		 1098 if (dev) {
1099 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1100 if (id) {
1101 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1102 g_free(id);
84b89d78
CM		 1103 }
1104 }
1105 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1106
b2a8658e
UD		 1107 /* This assumes the iothread lock is taken here too. */
1108 qemu_mutex_lock_ramlist();
a3161038 1109 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77 1110 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1111 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1112 new_block->idstr);
1113 abort();
1114 }
1115 }
b2a8658e 1116 qemu_mutex_unlock_ramlist();
c5705a77
AK		 1117}
1118
8490fc78
LC		 1119static int memory_try_enable_merging(void *addr, size_t len)
1120{
1121 QemuOpts *opts;
1122
1123 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1124 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1125 /* disabled by the user */
1126 return 0;
1127 }
1128
1129 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1130}
1131
c5705a77
AK		 1132ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1133 MemoryRegion *mr)
1134{
abb26d63 1135 RAMBlock *block, *new_block;
c5705a77
AK		 1136
1137 size = TARGET_PAGE_ALIGN(size);
1138 new_block = g_malloc0(sizeof(*new_block));
84b89d78 1139
b2a8658e
UD		 1140 /* This assumes the iothread lock is taken here too. */
1141 qemu_mutex_lock_ramlist();
7c637366 1142 new_block->mr = mr;
432d268c 1143 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 1144 if (host) {
1145 new_block->host = host;
cd19cfa2 1146 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 1147 } else {
1148 if (mem_path) {
c902760f 1149#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 1150 new_block->host = file_ram_alloc(new_block, size, mem_path);
1151 if (!new_block->host) {
6eebf958 1152 new_block->host = qemu_anon_ram_alloc(size);
8490fc78 1153 memory_try_enable_merging(new_block->host, size);
6977dfe6 1154 }
c902760f 1155#else
6977dfe6
YT		 1156 fprintf(stderr, "-mem-path option unsupported\n");
1157 exit(1);
c902760f 1158#endif
6977dfe6 1159 } else {
868bb33f 1160 if (xen_enabled()) {
fce537d4 1161 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 1162 } else if (kvm_enabled()) {
1163 /* some s390/kvm configurations have special constraints */
6eebf958 1164 new_block->host = kvm_ram_alloc(size);
432d268c 1165 } else {
6eebf958 1166 new_block->host = qemu_anon_ram_alloc(size);
432d268c 1167 }
8490fc78 1168 memory_try_enable_merging(new_block->host, size);
6977dfe6 1169 }
c902760f 1170 }
94a6b54f
PB		 1171 new_block->length = size;
1172
abb26d63
PB		 1173 /* Keep the list sorted from biggest to smallest block. */
1174 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1175 if (block->length < new_block->length) {
1176 break;
1177 }
1178 }
1179 if (block) {
1180 QTAILQ_INSERT_BEFORE(block, new_block, next);
1181 } else {
1182 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1183 }
0d6d3c87 1184 ram_list.mru_block = NULL;
94a6b54f 1185
f798b07f 1186 ram_list.version++;
b2a8658e 1187 qemu_mutex_unlock_ramlist();
f798b07f 1188
7267c094 1189 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 1190 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 1191 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1192 0, size >> TARGET_PAGE_BITS);
1720aeee 1193 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 1194
ddb97f1d 1195 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 1196 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 1197
6f0437e8
JK		 1198 if (kvm_enabled())
1199 kvm_setup_guest_memory(new_block->host, size);
1200
94a6b54f
PB		 1201 return new_block->offset;
1202}
e9a1ab19 1203
c5705a77 1204ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 1205{
c5705a77 1206 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 1207}
1208
1f2e98b6
AW		 1209void qemu_ram_free_from_ptr(ram_addr_t addr)
1210{
1211 RAMBlock *block;
1212
b2a8658e
UD		 1213 /* This assumes the iothread lock is taken here too. */
1214 qemu_mutex_lock_ramlist();
a3161038 1215 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1f2e98b6 1216 if (addr == block->offset) {
a3161038 1217 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1218 ram_list.mru_block = NULL;
f798b07f 1219 ram_list.version++;
7267c094 1220 g_free(block);
b2a8658e 1221 break;
1f2e98b6
AW		 1222 }
1223 }
b2a8658e 1224 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1225}
1226
c227f099 1227void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1228{
04b16653
AW		 1229 RAMBlock *block;
1230
b2a8658e
UD		 1231 /* This assumes the iothread lock is taken here too. */
1232 qemu_mutex_lock_ramlist();
a3161038 1233 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
04b16653 1234 if (addr == block->offset) {
a3161038 1235 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1236 ram_list.mru_block = NULL;
f798b07f 1237 ram_list.version++;
cd19cfa2
HY		 1238 if (block->flags & RAM_PREALLOC_MASK) {
1239 ;
1240 } else if (mem_path) {
04b16653
AW		 1241#if defined (__linux__) && !defined(TARGET_S390X)
1242 if (block->fd) {
1243 munmap(block->host, block->length);
1244 close(block->fd);
1245 } else {
e7a09b92 1246 qemu_anon_ram_free(block->host, block->length);
04b16653 1247 }
fd28aa13
JK		 1248#else
1249 abort();
04b16653
AW		 1250#endif
1251 } else {
868bb33f 1252 if (xen_enabled()) {
e41d7c69 1253 xen_invalidate_map_cache_entry(block->host);
432d268c 1254 } else {
e7a09b92 1255 qemu_anon_ram_free(block->host, block->length);
432d268c 1256 }
04b16653 1257 }
7267c094 1258 g_free(block);
b2a8658e 1259 break;
04b16653
AW		 1260 }
1261 }
b2a8658e 1262 qemu_mutex_unlock_ramlist();
04b16653 1263
e9a1ab19
FB		 1264}
1265
cd19cfa2
HY		 1266#ifndef _WIN32
1267void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1268{
1269 RAMBlock *block;
1270 ram_addr_t offset;
1271 int flags;
1272 void *area, *vaddr;
1273
a3161038 1274 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
cd19cfa2
HY		 1275 offset = addr - block->offset;
1276 if (offset < block->length) {
1277 vaddr = block->host + offset;
1278 if (block->flags & RAM_PREALLOC_MASK) {
1279 ;
1280 } else {
1281 flags = MAP_FIXED;
1282 munmap(vaddr, length);
1283 if (mem_path) {
1284#if defined(__linux__) && !defined(TARGET_S390X)
1285 if (block->fd) {
1286#ifdef MAP_POPULATE
1287 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1288 MAP_PRIVATE;
1289#else
1290 flags |= MAP_PRIVATE;
1291#endif
1292 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1293 flags, block->fd, offset);
1294 } else {
1295 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1296 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1297 flags, -1, 0);
1298 }
fd28aa13
JK		 1299#else
1300 abort();
cd19cfa2
HY		 1301#endif
1302 } else {
1303#if defined(TARGET_S390X) && defined(CONFIG_KVM)
1304 flags |= MAP_SHARED | MAP_ANONYMOUS;
1305 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1306 flags, -1, 0);
1307#else
1308 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1309 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1310 flags, -1, 0);
1311#endif
1312 }
1313 if (area != vaddr) {
f15fbc4b
AP		 1314 fprintf(stderr, "Could not remap addr: "
1315 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1316 length, addr);
1317 exit(1);
1318 }
8490fc78 1319 memory_try_enable_merging(vaddr, length);
ddb97f1d 1320 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 1321 }
1322 return;
1323 }
1324 }
1325}
1326#endif /* !_WIN32 */
1327
dc828ca1 1328/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 1329 With the exception of the softmmu code in this file, this should
1330 only be used for local memory (e.g. video ram) that the device owns,
1331 and knows it isn't going to access beyond the end of the block.
1332
1333 It should not be used for general purpose DMA.
1334 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1335 */
c227f099 1336void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 1337{
94a6b54f
PB		 1338 RAMBlock *block;
1339
b2a8658e 1340 /* The list is protected by the iothread lock here. */
0d6d3c87
PB		 1341 block = ram_list.mru_block;
1342 if (block && addr - block->offset < block->length) {
1343 goto found;
1344 }
a3161038 1345 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f471a17e 1346 if (addr - block->offset < block->length) {
0d6d3c87 1347 goto found;
f471a17e 1348 }
94a6b54f 1349 }
f471a17e
AW		 1350
1351 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1352 abort();
1353
0d6d3c87
PB		 1354found:
1355 ram_list.mru_block = block;
1356 if (xen_enabled()) {
1357 /* We need to check if the requested address is in the RAM
1358 * because we don't want to map the entire memory in QEMU.
1359 * In that case just map until the end of the page.
1360 */
1361 if (block->offset == 0) {
1362 return xen_map_cache(addr, 0, 0);
1363 } else if (block->host == NULL) {
1364 block->host =
1365 xen_map_cache(block->offset, block->length, 1);
1366 }
1367 }
1368 return block->host + (addr - block->offset);
dc828ca1
PB		 1369}
1370
0d6d3c87
PB		 1371/* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1372 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1373 *
1374 * ??? Is this still necessary?
b2e0a138 1375 */
8b9c99d9 1376static void *qemu_safe_ram_ptr(ram_addr_t addr)
b2e0a138
MT		 1377{
1378 RAMBlock *block;
1379
b2a8658e 1380 /* The list is protected by the iothread lock here. */
a3161038 1381 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
b2e0a138 1382 if (addr - block->offset < block->length) {
868bb33f 1383 if (xen_enabled()) {
432d268c
JN		 1384 /* We need to check if the requested address is in the RAM
1385 * because we don't want to map the entire memory in QEMU.
712c2b41 1386 * In that case just map until the end of the page.
432d268c
JN		 1387 */
1388 if (block->offset == 0) {
e41d7c69 1389 return xen_map_cache(addr, 0, 0);
432d268c 1390 } else if (block->host == NULL) {
e41d7c69
JK		 1391 block->host =
1392 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 1393 }
1394 }
b2e0a138
MT		 1395 return block->host + (addr - block->offset);
1396 }
1397 }
1398
1399 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1400 abort();
1401
1402 return NULL;
1403}
1404
38bee5dc
SS		 1405/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1406 * but takes a size argument */
8b9c99d9 1407static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 1408{
8ab934f9
SS		 1409 if (*size == 0) {
1410 return NULL;
1411 }
868bb33f 1412 if (xen_enabled()) {
e41d7c69 1413 return xen_map_cache(addr, *size, 1);
868bb33f 1414 } else {
38bee5dc
SS		 1415 RAMBlock *block;
1416
a3161038 1417 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
38bee5dc
SS		 1418 if (addr - block->offset < block->length) {
1419 if (addr - block->offset + *size > block->length)
1420 *size = block->length - addr + block->offset;
1421 return block->host + (addr - block->offset);
1422 }
1423 }
1424
1425 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1426 abort();
38bee5dc
SS		 1427 }
1428}
1429
e890261f 1430int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1431{
94a6b54f
PB		 1432 RAMBlock *block;
1433 uint8_t *host = ptr;
1434
868bb33f 1435 if (xen_enabled()) {
e41d7c69 1436 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 1437 return 0;
1438 }
1439
a3161038 1440 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 1441 /* This case append when the block is not mapped. */
1442 if (block->host == NULL) {
1443 continue;
1444 }
f471a17e 1445 if (host - block->host < block->length) {
e890261f
MT		 1446 *ram_addr = block->offset + (host - block->host);
1447 return 0;
f471a17e 1448 }
94a6b54f 1449 }
432d268c 1450
e890261f
MT		 1451 return -1;
1452}
f471a17e 1453
e890261f
MT		 1454/* Some of the softmmu routines need to translate from a host pointer
1455 (typically a TLB entry) back to a ram offset. */
1456ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1457{
1458 ram_addr_t ram_addr;
f471a17e 1459
e890261f
MT		 1460 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1461 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1462 abort();
1463 }
1464 return ram_addr;
5579c7f3
PB		 1465}
1466
a8170e5e 1467static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1468 uint64_t val, unsigned size)
9fa3e853 1469{
3a7d929e 1470 int dirty_flags;
f7c11b53 1471 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1472 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
0e0df1e2 1473 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 1474 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1475 }
0e0df1e2
AK		 1476 switch (size) {
1477 case 1:
1478 stb_p(qemu_get_ram_ptr(ram_addr), val);
1479 break;
1480 case 2:
1481 stw_p(qemu_get_ram_ptr(ram_addr), val);
1482 break;
1483 case 4:
1484 stl_p(qemu_get_ram_ptr(ram_addr), val);
1485 break;
1486 default:
1487 abort();
3a7d929e 1488 }
f23db169 1489 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 1490 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 1491 /* we remove the notdirty callback only if the code has been
1492 flushed */
1493 if (dirty_flags == 0xff)
2e70f6ef 1494 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 1495}
1496
b018ddf6
PB		 1497static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1498 unsigned size, bool is_write)
1499{
1500 return is_write;
1501}
1502
0e0df1e2 1503static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1504 .write = notdirty_mem_write,
b018ddf6 1505 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1506 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1507};
1508
0f459d16 1509/* Generate a debug exception if a watchpoint has been hit. */
b4051334 1510static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 1511{
9349b4f9 1512 CPUArchState *env = cpu_single_env;
06d55cc1 1513 target_ulong pc, cs_base;
0f459d16 1514 target_ulong vaddr;
a1d1bb31 1515 CPUWatchpoint *wp;
06d55cc1 1516 int cpu_flags;
0f459d16 1517
06d55cc1
AL		 1518 if (env->watchpoint_hit) {
1519 /* We re-entered the check after replacing the TB. Now raise
1520 * the debug interrupt so that is will trigger after the
1521 * current instruction. */
c3affe56 1522 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1523 return;
1524 }
2e70f6ef 1525 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 1526 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 1527 if ((vaddr == (wp->vaddr & len_mask) ||
1528 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 1529 wp->flags |= BP_WATCHPOINT_HIT;
1530 if (!env->watchpoint_hit) {
1531 env->watchpoint_hit = wp;
5a316526 1532 tb_check_watchpoint(env);
6e140f28
AL		 1533 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1534 env->exception_index = EXCP_DEBUG;
488d6577 1535 cpu_loop_exit(env);
6e140f28
AL		 1536 } else {
1537 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1538 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 1539 cpu_resume_from_signal(env, NULL);
6e140f28 1540 }
06d55cc1 1541 }
6e140f28
AL		 1542 } else {
1543 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1544 }
1545 }
1546}
1547
6658ffb8
PB		 1548/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1549 so these check for a hit then pass through to the normal out-of-line
1550 phys routines. */
a8170e5e 1551static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1552 unsigned size)
6658ffb8 1553{
1ec9b909
AK		 1554 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1555 switch (size) {
1556 case 1: return ldub_phys(addr);
1557 case 2: return lduw_phys(addr);
1558 case 4: return ldl_phys(addr);
1559 default: abort();
1560 }
6658ffb8
PB		 1561}
1562
a8170e5e 1563static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1564 uint64_t val, unsigned size)
6658ffb8 1565{
1ec9b909
AK		 1566 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1567 switch (size) {
67364150
MF		 1568 case 1:
1569 stb_phys(addr, val);
1570 break;
1571 case 2:
1572 stw_phys(addr, val);
1573 break;
1574 case 4:
1575 stl_phys(addr, val);
1576 break;
1ec9b909
AK		 1577 default: abort();
1578 }
6658ffb8
PB		 1579}
1580
1ec9b909
AK		 1581static const MemoryRegionOps watch_mem_ops = {
1582 .read = watch_mem_read,
1583 .write = watch_mem_write,
1584 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1585};
6658ffb8 1586
a8170e5e 1587static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1588 unsigned len)
db7b5426 1589{
acc9d80b
JK		 1590 subpage_t *subpage = opaque;
1591 uint8_t buf[4];
791af8c8 1592
db7b5426 1593#if defined(DEBUG_SUBPAGE)
acc9d80b
JK		 1594 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1595 subpage, len, addr);
db7b5426 1596#endif
acc9d80b
JK		 1597 address_space_read(subpage->as, addr + subpage->base, buf, len);
1598 switch (len) {
1599 case 1:
1600 return ldub_p(buf);
1601 case 2:
1602 return lduw_p(buf);
1603 case 4:
1604 return ldl_p(buf);
1605 default:
1606 abort();
1607 }
db7b5426
BS		 1608}
1609
a8170e5e 1610static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1611 uint64_t value, unsigned len)
db7b5426 1612{
acc9d80b
JK		 1613 subpage_t *subpage = opaque;
1614 uint8_t buf[4];
1615
db7b5426 1616#if defined(DEBUG_SUBPAGE)
70c68e44 1617 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
acc9d80b
JK		 1618 " value %"PRIx64"\n",
1619 __func__, subpage, len, addr, value);
db7b5426 1620#endif
acc9d80b
JK		 1621 switch (len) {
1622 case 1:
1623 stb_p(buf, value);
1624 break;
1625 case 2:
1626 stw_p(buf, value);
1627 break;
1628 case 4:
1629 stl_p(buf, value);
1630 break;
1631 default:
1632 abort();
1633 }
1634 address_space_write(subpage->as, addr + subpage->base, buf, len);
db7b5426
BS		 1635}
1636
c353e4cc
PB		 1637static bool subpage_accepts(void *opaque, hwaddr addr,
1638 unsigned size, bool is_write)
1639{
acc9d80b 1640 subpage_t *subpage = opaque;
c353e4cc 1641#if defined(DEBUG_SUBPAGE)
acc9d80b
JK		 1642 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1643 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 1644#endif
1645
acc9d80b
JK		 1646 return address_space_access_valid(subpage->as, addr + subpage->base,
1647 size, is_write);
c353e4cc
PB		 1648}
1649
70c68e44
AK		 1650static const MemoryRegionOps subpage_ops = {
1651 .read = subpage_read,
1652 .write = subpage_write,
c353e4cc 1653 .valid.accepts = subpage_accepts,
70c68e44 1654 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 1655};
1656
c227f099 1657static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1658 uint16_t section)
db7b5426
BS		 1659{
1660 int idx, eidx;
1661
1662 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1663 return -1;
1664 idx = SUBPAGE_IDX(start);
1665 eidx = SUBPAGE_IDX(end);
1666#if defined(DEBUG_SUBPAGE)
0bf9e31a 1667 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 1668 mmio, start, end, idx, eidx, memory);
1669#endif
db7b5426 1670 for (; idx <= eidx; idx++) {
5312bd8b 1671 mmio->sub_section[idx] = section;
db7b5426
BS		 1672 }
1673
1674 return 0;
1675}
1676
acc9d80b 1677static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 1678{
c227f099 1679 subpage_t *mmio;
db7b5426 1680
7267c094 1681 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 1682
acc9d80b 1683 mmio->as = as;
1eec614b 1684 mmio->base = base;
70c68e44
AK		 1685 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1686 "subpage", TARGET_PAGE_SIZE);
b3b00c78 1687 mmio->iomem.subpage = true;
db7b5426 1688#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 1689 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1690 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 1691#endif
0f0cb164 1692 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 1693
1694 return mmio;
1695}
1696
5312bd8b
AK		 1697static uint16_t dummy_section(MemoryRegion *mr)
1698{
1699 MemoryRegionSection section = {
1700 .mr = mr,
1701 .offset_within_address_space = 0,
1702 .offset_within_region = 0,
052e87b0 1703 .size = int128_2_64(),
5312bd8b
AK		 1704 };
1705
1706 return phys_section_add(&section);
1707}
1708
a8170e5e 1709MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 1710{
37ec01d4 1711 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 1712}
1713
e9179ce1
AK		 1714static void io_mem_init(void)
1715{
bf8d5166 1716 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
0e0df1e2
AK		 1717 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1718 "unassigned", UINT64_MAX);
1719 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1720 "notdirty", UINT64_MAX);
1ec9b909
AK		 1721 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1722 "watch", UINT64_MAX);
e9179ce1
AK		 1723}
1724
ac1970fb
AK		 1725static void mem_begin(MemoryListener *listener)
1726{
1727 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1728
1729 destroy_all_mappings(d);
1730 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1731}
1732
50c1e149
AK		 1733static void core_begin(MemoryListener *listener)
1734{
5312bd8b
AK		 1735 phys_sections_clear();
1736 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 1737 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1738 phys_section_rom = dummy_section(&io_mem_rom);
1739 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 1740}
1741
1d71148e 1742static void tcg_commit(MemoryListener *listener)
50c1e149 1743{
9349b4f9 1744 CPUArchState *env;
117712c3
AK		 1745
1746 /* since each CPU stores ram addresses in its TLB cache, we must
1747 reset the modified entries */
1748 /* XXX: slow ! */
1749 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1750 tlb_flush(env, 1);
1751 }
50c1e149
AK		 1752}
1753
93632747
AK		 1754static void core_log_global_start(MemoryListener *listener)
1755{
1756 cpu_physical_memory_set_dirty_tracking(1);
1757}
1758
1759static void core_log_global_stop(MemoryListener *listener)
1760{
1761 cpu_physical_memory_set_dirty_tracking(0);
1762}
1763
4855d41a
AK		 1764static void io_region_add(MemoryListener *listener,
1765 MemoryRegionSection *section)
1766{
a2d33521
AK		 1767 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1768
1769 mrio->mr = section->mr;
1770 mrio->offset = section->offset_within_region;
1771 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
052e87b0
PB		 1772 section->offset_within_address_space,
1773 int128_get64(section->size));
a2d33521 1774 ioport_register(&mrio->iorange);
4855d41a
AK		 1775}
1776
1777static void io_region_del(MemoryListener *listener,
1778 MemoryRegionSection *section)
1779{
052e87b0
PB		 1780 isa_unassign_ioport(section->offset_within_address_space,
1781 int128_get64(section->size));
4855d41a
AK		 1782}
1783
93632747 1784static MemoryListener core_memory_listener = {
50c1e149 1785 .begin = core_begin,
93632747
AK		 1786 .log_global_start = core_log_global_start,
1787 .log_global_stop = core_log_global_stop,
ac1970fb 1788 .priority = 1,
93632747
AK		 1789};
1790
4855d41a
AK		 1791static MemoryListener io_memory_listener = {
1792 .region_add = io_region_add,
1793 .region_del = io_region_del,
4855d41a
AK		 1794 .priority = 0,
1795};
1796
1d71148e
AK		 1797static MemoryListener tcg_memory_listener = {
1798 .commit = tcg_commit,
1799};
1800
ac1970fb
AK		 1801void address_space_init_dispatch(AddressSpace *as)
1802{
1803 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1804
1805 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1806 d->listener = (MemoryListener) {
1807 .begin = mem_begin,
1808 .region_add = mem_add,
1809 .region_nop = mem_add,
1810 .priority = 0,
1811 };
acc9d80b 1812 d->as = as;
ac1970fb
AK		 1813 as->dispatch = d;
1814 memory_listener_register(&d->listener, as);
1815}
1816
83f3c251
AK		 1817void address_space_destroy_dispatch(AddressSpace *as)
1818{
1819 AddressSpaceDispatch *d = as->dispatch;
1820
1821 memory_listener_unregister(&d->listener);
1822 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1823 g_free(d);
1824 as->dispatch = NULL;
1825}
1826
62152b8a
AK		 1827static void memory_map_init(void)
1828{
7267c094 1829 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 1830 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 1831 address_space_init(&address_space_memory, system_memory);
1832 address_space_memory.name = "memory";
309cb471 1833
7267c094 1834 system_io = g_malloc(sizeof(*system_io));
309cb471 1835 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 1836 address_space_init(&address_space_io, system_io);
1837 address_space_io.name = "I/O";
93632747 1838
f6790af6
AK		 1839 memory_listener_register(&core_memory_listener, &address_space_memory);
1840 memory_listener_register(&io_memory_listener, &address_space_io);
1841 memory_listener_register(&tcg_memory_listener, &address_space_memory);
9e11908f
PM		 1842
1843 dma_context_init(&dma_context_memory, &address_space_memory,
1844 NULL, NULL, NULL);
62152b8a
AK		 1845}
1846
1847MemoryRegion *get_system_memory(void)
1848{
1849 return system_memory;
1850}
1851
309cb471
AK		 1852MemoryRegion *get_system_io(void)
1853{
1854 return system_io;
1855}
1856
e2eef170
PB		 1857#endif /* !defined(CONFIG_USER_ONLY) */
1858
13eb76e0
FB		 1859/* physical memory access (slow version, mainly for debug) */
1860#if defined(CONFIG_USER_ONLY)
9349b4f9 1861int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 1862 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 1863{
1864 int l, flags;
1865 target_ulong page;
53a5960a 1866 void * p;
13eb76e0
FB		 1867
1868 while (len > 0) {
1869 page = addr & TARGET_PAGE_MASK;
1870 l = (page + TARGET_PAGE_SIZE) - addr;
1871 if (l > len)
1872 l = len;
1873 flags = page_get_flags(page);
1874 if (!(flags & PAGE_VALID))
a68fe89c 1875 return -1;
13eb76e0
FB		 1876 if (is_write) {
1877 if (!(flags & PAGE_WRITE))
a68fe89c 1878 return -1;
579a97f7 1879 /* XXX: this code should not depend on lock_user */
72fb7daa 1880 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 1881 return -1;
72fb7daa
AJ		 1882 memcpy(p, buf, l);
1883 unlock_user(p, addr, l);
13eb76e0
FB		 1884 } else {
1885 if (!(flags & PAGE_READ))
a68fe89c 1886 return -1;
579a97f7 1887 /* XXX: this code should not depend on lock_user */
72fb7daa 1888 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 1889 return -1;
72fb7daa 1890 memcpy(buf, p, l);
5b257578 1891 unlock_user(p, addr, 0);
13eb76e0
FB		 1892 }
1893 len -= l;
1894 buf += l;
1895 addr += l;
1896 }
a68fe89c 1897 return 0;
13eb76e0 1898}
8df1cd07 1899
13eb76e0 1900#else
51d7a9eb 1901
a8170e5e
AK		 1902static void invalidate_and_set_dirty(hwaddr addr,
1903 hwaddr length)
51d7a9eb
AP		 1904{
1905 if (!cpu_physical_memory_is_dirty(addr)) {
1906 /* invalidate code */
1907 tb_invalidate_phys_page_range(addr, addr + length, 0);
1908 /* set dirty bit */
1909 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1910 }
e226939d 1911 xen_modified_memory(addr, length);
51d7a9eb
AP		 1912}
1913
2bbfa05d
PB		 1914static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1915{
1916 if (memory_region_is_ram(mr)) {
1917 return !(is_write && mr->readonly);
1918 }
1919 if (memory_region_is_romd(mr)) {
1920 return !is_write;
1921 }
1922
1923 return false;
1924}
1925
f52cc467 1926static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
82f2563f 1927{
f52cc467 1928 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
82f2563f
PB		 1929 return 4;
1930 }
f52cc467 1931 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
82f2563f
PB		 1932 return 2;
1933 }
1934 return 1;
1935}
1936
fd8aaa76 1937bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 1938 int len, bool is_write)
13eb76e0 1939{
149f54b5 1940 hwaddr l;
13eb76e0 1941 uint8_t *ptr;
791af8c8 1942 uint64_t val;
149f54b5 1943 hwaddr addr1;
5c8a00ce 1944 MemoryRegion *mr;
fd8aaa76 1945 bool error = false;
3b46e624 1946
13eb76e0 1947 while (len > 0) {
149f54b5 1948 l = len;
5c8a00ce 1949 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 1950
13eb76e0 1951 if (is_write) {
5c8a00ce
PB		 1952 if (!memory_access_is_direct(mr, is_write)) {
1953 l = memory_access_size(mr, l, addr1);
6a00d601
FB		 1954 /* XXX: could force cpu_single_env to NULL to avoid
1955 potential bugs */
82f2563f 1956 if (l == 4) {
1c213d19 1957 /* 32 bit write access */
c27004ec 1958 val = ldl_p(buf);
5c8a00ce 1959 error |= io_mem_write(mr, addr1, val, 4);
82f2563f 1960 } else if (l == 2) {
1c213d19 1961 /* 16 bit write access */
c27004ec 1962 val = lduw_p(buf);
5c8a00ce 1963 error |= io_mem_write(mr, addr1, val, 2);
13eb76e0 1964 } else {
1c213d19 1965 /* 8 bit write access */
c27004ec 1966 val = ldub_p(buf);
5c8a00ce 1967 error |= io_mem_write(mr, addr1, val, 1);
13eb76e0 1968 }
2bbfa05d 1969 } else {
5c8a00ce 1970 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 1971 /* RAM case */
5579c7f3 1972 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 1973 memcpy(ptr, buf, l);
51d7a9eb 1974 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 1975 }
1976 } else {
5c8a00ce 1977 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 1978 /* I/O case */
5c8a00ce 1979 l = memory_access_size(mr, l, addr1);
82f2563f 1980 if (l == 4) {
13eb76e0 1981 /* 32 bit read access */
5c8a00ce 1982 error |= io_mem_read(mr, addr1, &val, 4);
c27004ec 1983 stl_p(buf, val);
82f2563f 1984 } else if (l == 2) {
13eb76e0 1985 /* 16 bit read access */
5c8a00ce 1986 error |= io_mem_read(mr, addr1, &val, 2);
c27004ec 1987 stw_p(buf, val);
13eb76e0 1988 } else {
1c213d19 1989 /* 8 bit read access */
5c8a00ce 1990 error |= io_mem_read(mr, addr1, &val, 1);
c27004ec 1991 stb_p(buf, val);
13eb76e0
FB		 1992 }
1993 } else {
1994 /* RAM case */
5c8a00ce 1995 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 1996 memcpy(buf, ptr, l);
13eb76e0
FB		 1997 }
1998 }
1999 len -= l;
2000 buf += l;
2001 addr += l;
2002 }
fd8aaa76
PB		 2003
2004 return error;
13eb76e0 2005}
8df1cd07 2006
fd8aaa76 2007bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 2008 const uint8_t *buf, int len)
2009{
fd8aaa76 2010 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 2011}
2012
fd8aaa76 2013bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 2014{
fd8aaa76 2015 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 2016}
2017
2018
a8170e5e 2019void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2020 int len, int is_write)
2021{
fd8aaa76 2022 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 2023}
2024
d0ecd2aa 2025/* used for ROM loading : can write in RAM and ROM */
a8170e5e 2026void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 2027 const uint8_t *buf, int len)
2028{
149f54b5 2029 hwaddr l;
d0ecd2aa 2030 uint8_t *ptr;
149f54b5 2031 hwaddr addr1;
5c8a00ce 2032 MemoryRegion *mr;
3b46e624 2033
d0ecd2aa 2034 while (len > 0) {
149f54b5 2035 l = len;
5c8a00ce
PB		 2036 mr = address_space_translate(&address_space_memory,
2037 addr, &addr1, &l, true);
3b46e624 2038
5c8a00ce
PB		 2039 if (!(memory_region_is_ram(mr) ||
2040 memory_region_is_romd(mr))) {
d0ecd2aa
FB		 2041 /* do nothing */
2042 } else {
5c8a00ce 2043 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2044 /* ROM/RAM case */
5579c7f3 2045 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 2046 memcpy(ptr, buf, l);
51d7a9eb 2047 invalidate_and_set_dirty(addr1, l);
d0ecd2aa
FB		 2048 }
2049 len -= l;
2050 buf += l;
2051 addr += l;
2052 }
2053}
2054
6d16c2f8
AL		 2055typedef struct {
2056 void *buffer;
a8170e5e
AK		 2057 hwaddr addr;
2058 hwaddr len;
6d16c2f8
AL		 2059} BounceBuffer;
2060
2061static BounceBuffer bounce;
2062
ba223c29
AL		 2063typedef struct MapClient {
2064 void *opaque;
2065 void (*callback)(void *opaque);
72cf2d4f 2066 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2067} MapClient;
2068
72cf2d4f
BS		 2069static QLIST_HEAD(map_client_list, MapClient) map_client_list
2070 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2071
2072void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2073{
7267c094 2074 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2075
2076 client->opaque = opaque;
2077 client->callback = callback;
72cf2d4f 2078 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2079 return client;
2080}
2081
8b9c99d9 2082static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2083{
2084 MapClient *client = (MapClient *)_client;
2085
72cf2d4f 2086 QLIST_REMOVE(client, link);
7267c094 2087 g_free(client);
ba223c29
AL		 2088}
2089
2090static void cpu_notify_map_clients(void)
2091{
2092 MapClient *client;
2093
72cf2d4f
BS		 2094 while (!QLIST_EMPTY(&map_client_list)) {
2095 client = QLIST_FIRST(&map_client_list);
ba223c29 2096 client->callback(client->opaque);
34d5e948 2097 cpu_unregister_map_client(client);
ba223c29
AL		 2098 }
2099}
2100
51644ab7
PB		 2101bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2102{
5c8a00ce 2103 MemoryRegion *mr;
51644ab7
PB		 2104 hwaddr l, xlat;
2105
2106 while (len > 0) {
2107 l = len;
5c8a00ce
PB		 2108 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2109 if (!memory_access_is_direct(mr, is_write)) {
2110 l = memory_access_size(mr, l, addr);
2111 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2112 return false;
2113 }
2114 }
2115
2116 len -= l;
2117 addr += l;
2118 }
2119 return true;
2120}
2121
6d16c2f8
AL		 2122/* Map a physical memory region into a host virtual address.
2123 * May map a subset of the requested range, given by and returned in *plen.
2124 * May return NULL if resources needed to perform the mapping are exhausted.
2125 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2126 * Use cpu_register_map_client() to know when retrying the map operation is
2127 * likely to succeed.
6d16c2f8 2128 */
ac1970fb 2129void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2130 hwaddr addr,
2131 hwaddr *plen,
ac1970fb 2132 bool is_write)
6d16c2f8 2133{
a8170e5e
AK		 2134 hwaddr len = *plen;
2135 hwaddr todo = 0;
149f54b5 2136 hwaddr l, xlat;
5c8a00ce 2137 MemoryRegion *mr;
f15fbc4b 2138 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 2139 ram_addr_t rlen;
2140 void *ret;
6d16c2f8
AL		 2141
2142 while (len > 0) {
149f54b5 2143 l = len;
5c8a00ce 2144 mr = address_space_translate(as, addr, &xlat, &l, is_write);
6d16c2f8 2145
5c8a00ce 2146 if (!memory_access_is_direct(mr, is_write)) {
38bee5dc 2147 if (todo || bounce.buffer) {
6d16c2f8
AL		 2148 break;
2149 }
2150 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2151 bounce.addr = addr;
2152 bounce.len = l;
2153 if (!is_write) {
ac1970fb 2154 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 2155 }
38bee5dc
SS		 2156
2157 *plen = l;
2158 return bounce.buffer;
6d16c2f8 2159 }
8ab934f9 2160 if (!todo) {
5c8a00ce 2161 raddr = memory_region_get_ram_addr(mr) + xlat;
149f54b5 2162 } else {
5c8a00ce 2163 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
149f54b5
PB		 2164 break;
2165 }
8ab934f9 2166 }
6d16c2f8
AL		 2167
2168 len -= l;
2169 addr += l;
38bee5dc 2170 todo += l;
6d16c2f8 2171 }
8ab934f9
SS		 2172 rlen = todo;
2173 ret = qemu_ram_ptr_length(raddr, &rlen);
2174 *plen = rlen;
2175 return ret;
6d16c2f8
AL		 2176}
2177
ac1970fb 2178/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2179 * Will also mark the memory as dirty if is_write == 1. access_len gives
2180 * the amount of memory that was actually read or written by the caller.
2181 */
a8170e5e
AK		 2182void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2183 int is_write, hwaddr access_len)
6d16c2f8
AL		 2184{
2185 if (buffer != bounce.buffer) {
2186 if (is_write) {
e890261f 2187 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 2188 while (access_len) {
2189 unsigned l;
2190 l = TARGET_PAGE_SIZE;
2191 if (l > access_len)
2192 l = access_len;
51d7a9eb 2193 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 2194 addr1 += l;
2195 access_len -= l;
2196 }
2197 }
868bb33f 2198 if (xen_enabled()) {
e41d7c69 2199 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2200 }
6d16c2f8
AL		 2201 return;
2202 }
2203 if (is_write) {
ac1970fb 2204 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2205 }
f8a83245 2206 qemu_vfree(bounce.buffer);
6d16c2f8 2207 bounce.buffer = NULL;
ba223c29 2208 cpu_notify_map_clients();
6d16c2f8 2209}
d0ecd2aa 2210
a8170e5e
AK		 2211void *cpu_physical_memory_map(hwaddr addr,
2212 hwaddr *plen,
ac1970fb
AK		 2213 int is_write)
2214{
2215 return address_space_map(&address_space_memory, addr, plen, is_write);
2216}
2217
a8170e5e
AK		 2218void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2219 int is_write, hwaddr access_len)
ac1970fb
AK		 2220{
2221 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2222}
2223
8df1cd07 2224/* warning: addr must be aligned */
a8170e5e 2225static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 2226 enum device_endian endian)
8df1cd07 2227{
8df1cd07 2228 uint8_t *ptr;
791af8c8 2229 uint64_t val;
5c8a00ce 2230 MemoryRegion *mr;
149f54b5
PB		 2231 hwaddr l = 4;
2232 hwaddr addr1;
8df1cd07 2233
5c8a00ce
PB		 2234 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2235 false);
2236 if (l < 4 || !memory_access_is_direct(mr, false)) {
8df1cd07 2237 /* I/O case */
5c8a00ce 2238 io_mem_read(mr, addr1, &val, 4);
1e78bcc1
AG		 2239#if defined(TARGET_WORDS_BIGENDIAN)
2240 if (endian == DEVICE_LITTLE_ENDIAN) {
2241 val = bswap32(val);
2242 }
2243#else
2244 if (endian == DEVICE_BIG_ENDIAN) {
2245 val = bswap32(val);
2246 }
2247#endif
8df1cd07
FB		 2248 } else {
2249 /* RAM case */
5c8a00ce 2250 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2251 & TARGET_PAGE_MASK)
149f54b5 2252 + addr1);
1e78bcc1
AG		 2253 switch (endian) {
2254 case DEVICE_LITTLE_ENDIAN:
2255 val = ldl_le_p(ptr);
2256 break;
2257 case DEVICE_BIG_ENDIAN:
2258 val = ldl_be_p(ptr);
2259 break;
2260 default:
2261 val = ldl_p(ptr);
2262 break;
2263 }
8df1cd07
FB		 2264 }
2265 return val;
2266}
2267
a8170e5e 2268uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 2269{
2270 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2271}
2272
a8170e5e 2273uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 2274{
2275 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2276}
2277
a8170e5e 2278uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 2279{
2280 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2281}
2282
84b7b8e7 2283/* warning: addr must be aligned */
a8170e5e 2284static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 2285 enum device_endian endian)
84b7b8e7 2286{
84b7b8e7
FB		 2287 uint8_t *ptr;
2288 uint64_t val;
5c8a00ce 2289 MemoryRegion *mr;
149f54b5
PB		 2290 hwaddr l = 8;
2291 hwaddr addr1;
84b7b8e7 2292
5c8a00ce
PB		 2293 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2294 false);
2295 if (l < 8 || !memory_access_is_direct(mr, false)) {
84b7b8e7 2296 /* I/O case */
5c8a00ce 2297 io_mem_read(mr, addr1, &val, 8);
968a5627
PB		 2298#if defined(TARGET_WORDS_BIGENDIAN)
2299 if (endian == DEVICE_LITTLE_ENDIAN) {
2300 val = bswap64(val);
2301 }
2302#else
2303 if (endian == DEVICE_BIG_ENDIAN) {
2304 val = bswap64(val);
2305 }
84b7b8e7
FB		 2306#endif
2307 } else {
2308 /* RAM case */
5c8a00ce 2309 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2310 & TARGET_PAGE_MASK)
149f54b5 2311 + addr1);
1e78bcc1
AG		 2312 switch (endian) {
2313 case DEVICE_LITTLE_ENDIAN:
2314 val = ldq_le_p(ptr);
2315 break;
2316 case DEVICE_BIG_ENDIAN:
2317 val = ldq_be_p(ptr);
2318 break;
2319 default:
2320 val = ldq_p(ptr);
2321 break;
2322 }
84b7b8e7
FB		 2323 }
2324 return val;
2325}
2326
a8170e5e 2327uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 2328{
2329 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2330}
2331
a8170e5e 2332uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 2333{
2334 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2335}
2336
a8170e5e 2337uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 2338{
2339 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2340}
2341
aab33094 2342/* XXX: optimize */
a8170e5e 2343uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 2344{
2345 uint8_t val;
2346 cpu_physical_memory_read(addr, &val, 1);
2347 return val;
2348}
2349
733f0b02 2350/* warning: addr must be aligned */
a8170e5e 2351static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 2352 enum device_endian endian)
aab33094 2353{
733f0b02
MT		 2354 uint8_t *ptr;
2355 uint64_t val;
5c8a00ce 2356 MemoryRegion *mr;
149f54b5
PB		 2357 hwaddr l = 2;
2358 hwaddr addr1;
733f0b02 2359
5c8a00ce
PB		 2360 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2361 false);
2362 if (l < 2 || !memory_access_is_direct(mr, false)) {
733f0b02 2363 /* I/O case */
5c8a00ce 2364 io_mem_read(mr, addr1, &val, 2);
1e78bcc1
AG		 2365#if defined(TARGET_WORDS_BIGENDIAN)
2366 if (endian == DEVICE_LITTLE_ENDIAN) {
2367 val = bswap16(val);
2368 }
2369#else
2370 if (endian == DEVICE_BIG_ENDIAN) {
2371 val = bswap16(val);
2372 }
2373#endif
733f0b02
MT		 2374 } else {
2375 /* RAM case */
5c8a00ce 2376 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2377 & TARGET_PAGE_MASK)
149f54b5 2378 + addr1);
1e78bcc1
AG		 2379 switch (endian) {
2380 case DEVICE_LITTLE_ENDIAN:
2381 val = lduw_le_p(ptr);
2382 break;
2383 case DEVICE_BIG_ENDIAN:
2384 val = lduw_be_p(ptr);
2385 break;
2386 default:
2387 val = lduw_p(ptr);
2388 break;
2389 }
733f0b02
MT		 2390 }
2391 return val;
aab33094
FB		 2392}
2393
a8170e5e 2394uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 2395{
2396 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2397}
2398
a8170e5e 2399uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 2400{
2401 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2402}
2403
a8170e5e 2404uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 2405{
2406 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2407}
2408
8df1cd07
FB		 2409/* warning: addr must be aligned. The ram page is not masked as dirty
2410 and the code inside is not invalidated. It is useful if the dirty
2411 bits are used to track modified PTEs */
a8170e5e 2412void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 2413{
8df1cd07 2414 uint8_t *ptr;
5c8a00ce 2415 MemoryRegion *mr;
149f54b5
PB		 2416 hwaddr l = 4;
2417 hwaddr addr1;
8df1cd07 2418
5c8a00ce
PB		 2419 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2420 true);
2421 if (l < 4 || !memory_access_is_direct(mr, true)) {
2422 io_mem_write(mr, addr1, val, 4);
8df1cd07 2423 } else {
5c8a00ce 2424 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2425 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2426 stl_p(ptr, val);
74576198
AL		 2427
2428 if (unlikely(in_migration)) {
2429 if (!cpu_physical_memory_is_dirty(addr1)) {
2430 /* invalidate code */
2431 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2432 /* set dirty bit */
f7c11b53
YT		 2433 cpu_physical_memory_set_dirty_flags(
2434 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 2435 }
2436 }
8df1cd07
FB		 2437 }
2438}
2439
2440/* warning: addr must be aligned */
a8170e5e 2441static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2442 enum device_endian endian)
8df1cd07 2443{
8df1cd07 2444 uint8_t *ptr;
5c8a00ce 2445 MemoryRegion *mr;
149f54b5
PB		 2446 hwaddr l = 4;
2447 hwaddr addr1;
8df1cd07 2448
5c8a00ce
PB		 2449 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2450 true);
2451 if (l < 4 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2452#if defined(TARGET_WORDS_BIGENDIAN)
2453 if (endian == DEVICE_LITTLE_ENDIAN) {
2454 val = bswap32(val);
2455 }
2456#else
2457 if (endian == DEVICE_BIG_ENDIAN) {
2458 val = bswap32(val);
2459 }
2460#endif
5c8a00ce 2461 io_mem_write(mr, addr1, val, 4);
8df1cd07 2462 } else {
8df1cd07 2463 /* RAM case */
5c8a00ce 2464 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2465 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2466 switch (endian) {
2467 case DEVICE_LITTLE_ENDIAN:
2468 stl_le_p(ptr, val);
2469 break;
2470 case DEVICE_BIG_ENDIAN:
2471 stl_be_p(ptr, val);
2472 break;
2473 default:
2474 stl_p(ptr, val);
2475 break;
2476 }
51d7a9eb 2477 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2478 }
2479}
2480
a8170e5e 2481void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2482{
2483 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2484}
2485
a8170e5e 2486void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2487{
2488 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2489}
2490
a8170e5e 2491void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2492{
2493 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2494}
2495
aab33094 2496/* XXX: optimize */
a8170e5e 2497void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 2498{
2499 uint8_t v = val;
2500 cpu_physical_memory_write(addr, &v, 1);
2501}
2502
733f0b02 2503/* warning: addr must be aligned */
a8170e5e 2504static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2505 enum device_endian endian)
aab33094 2506{
733f0b02 2507 uint8_t *ptr;
5c8a00ce 2508 MemoryRegion *mr;
149f54b5
PB		 2509 hwaddr l = 2;
2510 hwaddr addr1;
733f0b02 2511
5c8a00ce
PB		 2512 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2513 true);
2514 if (l < 2 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2515#if defined(TARGET_WORDS_BIGENDIAN)
2516 if (endian == DEVICE_LITTLE_ENDIAN) {
2517 val = bswap16(val);
2518 }
2519#else
2520 if (endian == DEVICE_BIG_ENDIAN) {
2521 val = bswap16(val);
2522 }
2523#endif
5c8a00ce 2524 io_mem_write(mr, addr1, val, 2);
733f0b02 2525 } else {
733f0b02 2526 /* RAM case */
5c8a00ce 2527 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 2528 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2529 switch (endian) {
2530 case DEVICE_LITTLE_ENDIAN:
2531 stw_le_p(ptr, val);
2532 break;
2533 case DEVICE_BIG_ENDIAN:
2534 stw_be_p(ptr, val);
2535 break;
2536 default:
2537 stw_p(ptr, val);
2538 break;
2539 }
51d7a9eb 2540 invalidate_and_set_dirty(addr1, 2);
733f0b02 2541 }
aab33094
FB		 2542}
2543
a8170e5e 2544void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2545{
2546 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2547}
2548
a8170e5e 2549void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2550{
2551 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2552}
2553
a8170e5e 2554void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2555{
2556 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2557}
2558
aab33094 2559/* XXX: optimize */
a8170e5e 2560void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 2561{
2562 val = tswap64(val);
71d2b725 2563 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 2564}
2565
a8170e5e 2566void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2567{
2568 val = cpu_to_le64(val);
2569 cpu_physical_memory_write(addr, &val, 8);
2570}
2571
a8170e5e 2572void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2573{
2574 val = cpu_to_be64(val);
2575 cpu_physical_memory_write(addr, &val, 8);
2576}
2577
5e2972fd 2578/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 2579int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 2580 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2581{
2582 int l;
a8170e5e 2583 hwaddr phys_addr;
9b3c35e0 2584 target_ulong page;
13eb76e0
FB		 2585
2586 while (len > 0) {
2587 page = addr & TARGET_PAGE_MASK;
2588 phys_addr = cpu_get_phys_page_debug(env, page);
2589 /* if no physical page mapped, return an error */
2590 if (phys_addr == -1)
2591 return -1;
2592 l = (page + TARGET_PAGE_SIZE) - addr;
2593 if (l > len)
2594 l = len;
5e2972fd 2595 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 2596 if (is_write)
2597 cpu_physical_memory_write_rom(phys_addr, buf, l);
2598 else
5e2972fd 2599 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 2600 len -= l;
2601 buf += l;
2602 addr += l;
2603 }
2604 return 0;
2605}
a68fe89c 2606#endif
13eb76e0 2607
8e4a424b
BS		 2608#if !defined(CONFIG_USER_ONLY)
2609
2610/*
2611 * A helper function for the _utterly broken_ virtio device model to find out if
2612 * it's running on a big endian machine. Don't do this at home kids!
2613 */
2614bool virtio_is_big_endian(void);
2615bool virtio_is_big_endian(void)
2616{
2617#if defined(TARGET_WORDS_BIGENDIAN)
2618 return true;
2619#else
2620 return false;
2621#endif
2622}
2623
2624#endif
2625
76f35538 2626#ifndef CONFIG_USER_ONLY
a8170e5e 2627bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 2628{
5c8a00ce 2629 MemoryRegion*mr;
149f54b5 2630 hwaddr l = 1;
76f35538 2631
5c8a00ce
PB		 2632 mr = address_space_translate(&address_space_memory,
2633 phys_addr, &phys_addr, &l, false);
76f35538 2634
5c8a00ce
PB		 2635 return !(memory_region_is_ram(mr) ||
2636 memory_region_is_romd(mr));
76f35538
WC		 2637}
2638#endif
Qemu copy for testing