]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: Do not use absolute address hints for code_gen_buffer with -fpie
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
67d95c15
AK		 62#define WANT_EXEC_OBSOLETE
63#include "exec-obsolete.h"
64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
9b9c37c3 89#if defined(__arm__) || defined(__sparc__)
141ac468
BS		 90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
6840981d 96#elif defined(_WIN32) && !defined(_WIN64)
f8e2af11
SW		 97#define code_gen_section \
98 __attribute__((aligned (16)))
d03d860b
BS		 99#else
100#define code_gen_section \
101 __attribute__((aligned (32)))
102#endif
103
104uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0 105static uint8_t *code_gen_buffer;
f1bc0bcc 106static size_t code_gen_buffer_size;
26a5f13b 107/* threshold to flush the translated code buffer */
f1bc0bcc 108static size_t code_gen_buffer_max_size;
24ab68ac 109static uint8_t *code_gen_ptr;
fd6ce8f6 110
e2eef170 111#if !defined(CONFIG_USER_ONLY)
9fa3e853 112int phys_ram_fd;
74576198 113static int in_migration;
94a6b54f 114
85d59fef 115RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 116
117static MemoryRegion *system_memory;
309cb471 118static MemoryRegion *system_io;
62152b8a 119
0e0df1e2 120MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 121static MemoryRegion io_mem_subpage_ram;
0e0df1e2 122
e2eef170 123#endif
9fa3e853 124
9349b4f9 125CPUArchState *first_cpu;
6a00d601
FB		 126/* current CPU in the current thread. It is only valid inside
127 cpu_exec() */
9349b4f9 128DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 129/* 0 = Do not count executed instructions.
bf20dc07 130 1 = Precise instruction counting.
2e70f6ef
PB		 131 2 = Adaptive rate instruction counting. */
132int use_icount = 0;
6a00d601 133
54936004 134typedef struct PageDesc {
92e873b9 135 /* list of TBs intersecting this ram page */
fd6ce8f6 136 TranslationBlock *first_tb;
9fa3e853
FB		 137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141#if defined(CONFIG_USER_ONLY)
142 unsigned long flags;
143#endif
54936004
FB		 144} PageDesc;
145
41c1b1c9 146/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 147 while in user mode we want it to be based on virtual addresses. */
148#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 149#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
151#else
5cd2c5b6 152# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 153#endif
bedb69ea 154#else
5cd2c5b6 155# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 156#endif
54936004 157
5cd2c5b6
RH		 158/* Size of the L2 (and L3, etc) page tables. */
159#define L2_BITS 10
54936004
FB		 160#define L2_SIZE (1 << L2_BITS)
161
3eef53df
AK		 162#define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
164
5cd2c5b6 165/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 166#define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
168
5cd2c5b6
RH		 169#if V_L1_BITS_REM < 4
170#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
171#else
172#define V_L1_BITS V_L1_BITS_REM
173#endif
174
5cd2c5b6
RH		 175#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
176
5cd2c5b6
RH		 177#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
178
c6d50674
SW		 179uintptr_t qemu_real_host_page_size;
180uintptr_t qemu_host_page_size;
181uintptr_t qemu_host_page_mask;
54936004 182
5cd2c5b6
RH		 183/* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185static void *l1_map[V_L1_SIZE];
54936004 186
e2eef170 187#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 188typedef struct PhysPageEntry PhysPageEntry;
189
5312bd8b
AK		 190static MemoryRegionSection *phys_sections;
191static unsigned phys_sections_nb, phys_sections_nb_alloc;
192static uint16_t phys_section_unassigned;
aa102231
AK		 193static uint16_t phys_section_notdirty;
194static uint16_t phys_section_rom;
195static uint16_t phys_section_watch;
5312bd8b 196
4346ae3e 197struct PhysPageEntry {
07f07b31
AK		 198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
200 uint16_t ptr : 15;
4346ae3e
AK		 201};
202
d6f2ea22
AK		 203/* Simple allocator for PhysPageEntry nodes */
204static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
206
07f07b31 207#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 208
5cd2c5b6 209/* This is a multi-level map on the physical address space.
06ef3525 210 The bottom level has pointers to MemoryRegionSections. */
07f07b31 211static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 212
e2eef170 213static void io_mem_init(void);
62152b8a 214static void memory_map_init(void);
e2eef170 215
1ec9b909 216static MemoryRegion io_mem_watch;
6658ffb8 217#endif
33417e70 218
e3db7226 219/* statistics */
e3db7226
FB		 220static int tb_flush_count;
221static int tb_phys_invalidate_count;
222
7cb69cae
FB		 223#ifdef _WIN32
224static void map_exec(void *addr, long size)
225{
226 DWORD old_protect;
227 VirtualProtect(addr, size,
228 PAGE_EXECUTE_READWRITE, &old_protect);
229
230}
231#else
232static void map_exec(void *addr, long size)
233{
4369415f 234 unsigned long start, end, page_size;
7cb69cae 235
4369415f 236 page_size = getpagesize();
7cb69cae 237 start = (unsigned long)addr;
4369415f 238 start &= ~(page_size - 1);
7cb69cae
FB		 239
240 end = (unsigned long)addr + size;
4369415f
FB		 241 end += page_size - 1;
242 end &= ~(page_size - 1);
7cb69cae
FB		 243
244 mprotect((void *)start, end - start,
245 PROT_READ | PROT_WRITE | PROT_EXEC);
246}
247#endif
248
b346ff46 249static void page_init(void)
54936004 250{
83fb7adf 251 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 252 TARGET_PAGE_SIZE */
c2b48b69
AL		 253#ifdef _WIN32
254 {
255 SYSTEM_INFO system_info;
256
257 GetSystemInfo(&system_info);
258 qemu_real_host_page_size = system_info.dwPageSize;
259 }
260#else
261 qemu_real_host_page_size = getpagesize();
262#endif
83fb7adf
FB		 263 if (qemu_host_page_size == 0)
264 qemu_host_page_size = qemu_real_host_page_size;
265 if (qemu_host_page_size < TARGET_PAGE_SIZE)
266 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 267 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 268
2e9a5713 269#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 270 {
f01576f1
JL		 271#ifdef HAVE_KINFO_GETVMMAP
272 struct kinfo_vmentry *freep;
273 int i, cnt;
274
275 freep = kinfo_getvmmap(getpid(), &cnt);
276 if (freep) {
277 mmap_lock();
278 for (i = 0; i < cnt; i++) {
279 unsigned long startaddr, endaddr;
280
281 startaddr = freep[i].kve_start;
282 endaddr = freep[i].kve_end;
283 if (h2g_valid(startaddr)) {
284 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
285
286 if (h2g_valid(endaddr)) {
287 endaddr = h2g(endaddr);
fd436907 288 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 289 } else {
290#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
291 endaddr = ~0ul;
fd436907 292 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 293#endif
294 }
295 }
296 }
297 free(freep);
298 mmap_unlock();
299 }
300#else
50a9569b 301 FILE *f;
50a9569b 302
0776590d 303 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 304
fd436907 305 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 306 if (f) {
5cd2c5b6
RH		 307 mmap_lock();
308
50a9569b 309 do {
5cd2c5b6
RH		 310 unsigned long startaddr, endaddr;
311 int n;
312
313 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
314
315 if (n == 2 && h2g_valid(startaddr)) {
316 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
317
318 if (h2g_valid(endaddr)) {
319 endaddr = h2g(endaddr);
320 } else {
321 endaddr = ~0ul;
322 }
323 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 324 }
325 } while (!feof(f));
5cd2c5b6 326
50a9569b 327 fclose(f);
5cd2c5b6 328 mmap_unlock();
50a9569b 329 }
f01576f1 330#endif
50a9569b
AZ		 331 }
332#endif
54936004
FB		 333}
334
41c1b1c9 335static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 336{
41c1b1c9
PB		 337 PageDesc *pd;
338 void **lp;
339 int i;
340
5cd2c5b6 341#if defined(CONFIG_USER_ONLY)
7267c094 342 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 343# define ALLOC(P, SIZE) \
344 do { \
345 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
346 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 347 } while (0)
348#else
349# define ALLOC(P, SIZE) \
7267c094 350 do { P = g_malloc0(SIZE); } while (0)
17e2377a 351#endif
434929bf 352
5cd2c5b6
RH		 353 /* Level 1. Always allocated. */
354 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
355
356 /* Level 2..N-1. */
357 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
358 void **p = *lp;
359
360 if (p == NULL) {
361 if (!alloc) {
362 return NULL;
363 }
364 ALLOC(p, sizeof(void *) * L2_SIZE);
365 *lp = p;
17e2377a 366 }
5cd2c5b6
RH		 367
368 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
369 }
370
371 pd = *lp;
372 if (pd == NULL) {
373 if (!alloc) {
374 return NULL;
375 }
376 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
377 *lp = pd;
54936004 378 }
5cd2c5b6
RH		 379
380#undef ALLOC
5cd2c5b6
RH		 381
382 return pd + (index & (L2_SIZE - 1));
54936004
FB		 383}
384
41c1b1c9 385static inline PageDesc *page_find(tb_page_addr_t index)
54936004 386{
5cd2c5b6 387 return page_find_alloc(index, 0);
fd6ce8f6
FB		 388}
389
6d9a1304 390#if !defined(CONFIG_USER_ONLY)
d6f2ea22 391
f7bf5461 392static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 393{
f7bf5461 394 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 395 typedef PhysPageEntry Node[L2_SIZE];
396 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 397 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
398 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 399 phys_map_nodes = g_renew(Node, phys_map_nodes,
400 phys_map_nodes_nb_alloc);
401 }
f7bf5461
AK		 402}
403
404static uint16_t phys_map_node_alloc(void)
405{
406 unsigned i;
407 uint16_t ret;
408
409 ret = phys_map_nodes_nb++;
410 assert(ret != PHYS_MAP_NODE_NIL);
411 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 412 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 413 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 414 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 415 }
f7bf5461 416 return ret;
d6f2ea22
AK		 417}
418
419static void phys_map_nodes_reset(void)
420{
421 phys_map_nodes_nb = 0;
422}
423
92e873b9 424
2999097b
AK		 425static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
426 target_phys_addr_t *nb, uint16_t leaf,
427 int level)
f7bf5461
AK		 428{
429 PhysPageEntry *p;
430 int i;
07f07b31 431 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 432
07f07b31 433 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 434 lp->ptr = phys_map_node_alloc();
435 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 436 if (level == 0) {
437 for (i = 0; i < L2_SIZE; i++) {
07f07b31 438 p[i].is_leaf = 1;
c19e8800 439 p[i].ptr = phys_section_unassigned;
4346ae3e 440 }
67c4d23c 441 }
f7bf5461 442 } else {
c19e8800 443 p = phys_map_nodes[lp->ptr];
92e873b9 444 }
2999097b 445 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 446
2999097b 447 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 448 if ((*index & (step - 1)) == 0 && *nb >= step) {
449 lp->is_leaf = true;
c19e8800 450 lp->ptr = leaf;
07f07b31
AK		 451 *index += step;
452 *nb -= step;
2999097b
AK		 453 } else {
454 phys_page_set_level(lp, index, nb, leaf, level - 1);
455 }
456 ++lp;
f7bf5461
AK		 457 }
458}
459
2999097b
AK		 460static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
461 uint16_t leaf)
f7bf5461 462{
2999097b 463 /* Wildly overreserve - it doesn't matter much. */
07f07b31 464 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 465
2999097b 466 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 467}
468
0cac1b66 469MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 470{
31ab2b4a
AK		 471 PhysPageEntry lp = phys_map;
472 PhysPageEntry *p;
473 int i;
31ab2b4a 474 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 475
07f07b31 476 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 477 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 478 goto not_found;
479 }
c19e8800 480 p = phys_map_nodes[lp.ptr];
31ab2b4a 481 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 482 }
31ab2b4a 483
c19e8800 484 s_index = lp.ptr;
31ab2b4a 485not_found:
f3705d53
AK		 486 return &phys_sections[s_index];
487}
488
e5548617
BS		 489bool memory_region_is_unassigned(MemoryRegion *mr)
490{
491 return mr != &io_mem_ram && mr != &io_mem_rom
492 && mr != &io_mem_notdirty && !mr->rom_device
493 && mr != &io_mem_watch;
494}
495
c8a706fe
PB		 496#define mmap_lock() do { } while(0)
497#define mmap_unlock() do { } while(0)
9fa3e853 498#endif
fd6ce8f6 499
4369415f 500#if defined(CONFIG_USER_ONLY)
ccbb4d44 501/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 502 user mode. It will change when a dedicated libc will be used. */
503/* ??? 64-bit hosts ought to have no problem mmaping data outside the
504 region in which the guest needs to run. Revisit this. */
4369415f
FB		 505#define USE_STATIC_CODE_GEN_BUFFER
506#endif
507
f1bc0bcc
RH		 508/* ??? Should configure for this, not list operating systems here. */
509#if (defined(__linux__) \
510 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
511 || defined(__DragonFly__) || defined(__OpenBSD__) \
512 || defined(__NetBSD__))
513# define USE_MMAP
4369415f
FB		 514#endif
515
f1bc0bcc
RH		 516/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
517 indicated, this is constrained by the range of direct branches on the
518 host cpu, as used by the TCG implementation of goto_tb. */
519#if defined(__x86_64__)
520# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
521#elif defined(__sparc__)
522# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
523#elif defined(__arm__)
524# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
525#elif defined(__s390x__)
526 /* We have a +- 4GB range on the branches; leave some slop. */
527# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
528#else
529# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
530#endif
531
3d85a72f
RH		 532#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
533
534#define DEFAULT_CODE_GEN_BUFFER_SIZE \
535 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
536 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 537
538static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 539{
f1bc0bcc
RH		 540 /* Size the buffer. */
541 if (tb_size == 0) {
4369415f 542#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 543 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 544#else
f1bc0bcc
RH		 545 /* ??? Needs adjustments. */
546 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
547 static buffer, we could size this on RESERVED_VA, on the text
548 segment size of the executable, or continue to use the default. */
549 tb_size = (unsigned long)(ram_size / 4);
4369415f 550#endif
26a5f13b 551 }
f1bc0bcc
RH		 552 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
553 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 554 }
f1bc0bcc
RH		 555 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
556 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 557 }
f1bc0bcc
RH		 558 code_gen_buffer_size = tb_size;
559 return tb_size;
560}
561
562#ifdef USE_STATIC_CODE_GEN_BUFFER
563static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
564 __attribute__((aligned(CODE_GEN_ALIGN)));
565
566static inline void *alloc_code_gen_buffer(void)
567{
568 map_exec(static_code_gen_buffer, code_gen_buffer_size);
569 return static_code_gen_buffer;
570}
571#elif defined(USE_MMAP)
572static inline void *alloc_code_gen_buffer(void)
573{
574 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
575 uintptr_t start = 0;
576 void *buf;
577
578 /* Constrain the position of the buffer based on the host cpu.
579 Note that these addresses are chosen in concert with the
580 addresses assigned in the relevant linker script file. */
405def18
RH		 581# if defined(__PIE__) || defined(__PIC__)
582 /* Don't bother setting a preferred location if we're building
583 a position-independent executable. We're more likely to get
584 an address near the main executable if we let the kernel
585 choose the address. */
586# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 587 /* Force the memory down into low memory with the executable.
588 Leave the choice of exact location with the kernel. */
589 flags |= MAP_32BIT;
590 /* Cannot expect to map more than 800MB in low memory. */
591 if (code_gen_buffer_size > 800u * 1024 * 1024) {
592 code_gen_buffer_size = 800u * 1024 * 1024;
593 }
594# elif defined(__sparc__)
595 start = 0x40000000ul;
596# elif defined(__s390x__)
597 start = 0x90000000ul;
598# endif
599
600 buf = mmap((void *)start, code_gen_buffer_size,
601 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
602 return buf == MAP_FAILED ? NULL : buf;
603}
26a5f13b 604#else
f1bc0bcc
RH		 605static inline void *alloc_code_gen_buffer(void)
606{
607 void *buf = g_malloc(code_gen_buffer_size);
608 if (buf) {
609 map_exec(buf, code_gen_buffer_size);
610 }
611 return buf;
612}
613#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
614
615static inline void code_gen_alloc(size_t tb_size)
616{
617 code_gen_buffer_size = size_code_gen_buffer(tb_size);
618 code_gen_buffer = alloc_code_gen_buffer();
619 if (code_gen_buffer == NULL) {
620 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
621 exit(1);
622 }
623
26a5f13b 624 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 625 code_gen_buffer_max_size = code_gen_buffer_size -
626 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 627 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 628 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 629}
630
631/* Must be called before using the QEMU cpus. 'tb_size' is the size
632 (in bytes) allocated to the translation buffer. Zero means default
633 size. */
d5ab9713 634void tcg_exec_init(unsigned long tb_size)
26a5f13b 635{
26a5f13b
FB		 636 cpu_gen_init();
637 code_gen_alloc(tb_size);
638 code_gen_ptr = code_gen_buffer;
813da627 639 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 640 page_init();
9002ec79
RH		 641#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
642 /* There's no guest base to take into account, so go ahead and
643 initialize the prologue now. */
644 tcg_prologue_init(&tcg_ctx);
645#endif
26a5f13b
FB		 646}
647
d5ab9713
JK		 648bool tcg_enabled(void)
649{
650 return code_gen_buffer != NULL;
651}
652
653void cpu_exec_init_all(void)
654{
655#if !defined(CONFIG_USER_ONLY)
656 memory_map_init();
657 io_mem_init();
658#endif
659}
660
9656f324
PB		 661#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
662
e59fb374 663static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 664{
9349b4f9 665 CPUArchState *env = opaque;
9656f324 666
3098dba0
AJ		 667 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
668 version_id is increased. */
669 env->interrupt_request &= ~0x01;
9656f324
PB		 670 tlb_flush(env, 1);
671
672 return 0;
673}
e7f4eff7
JQ		 674
675static const VMStateDescription vmstate_cpu_common = {
676 .name = "cpu_common",
677 .version_id = 1,
678 .minimum_version_id = 1,
679 .minimum_version_id_old = 1,
e7f4eff7
JQ		 680 .post_load = cpu_common_post_load,
681 .fields = (VMStateField []) {
9349b4f9
AF		 682 VMSTATE_UINT32(halted, CPUArchState),
683 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 684 VMSTATE_END_OF_LIST()
685 }
686};
9656f324
PB		 687#endif
688
9349b4f9 689CPUArchState *qemu_get_cpu(int cpu)
950f1472 690{
9349b4f9 691 CPUArchState *env = first_cpu;
950f1472
GC		 692
693 while (env) {
694 if (env->cpu_index == cpu)
695 break;
696 env = env->next_cpu;
697 }
698
699 return env;
700}
701
9349b4f9 702void cpu_exec_init(CPUArchState *env)
fd6ce8f6 703{
9349b4f9 704 CPUArchState **penv;
6a00d601
FB		 705 int cpu_index;
706
c2764719
PB		 707#if defined(CONFIG_USER_ONLY)
708 cpu_list_lock();
709#endif
6a00d601
FB		 710 env->next_cpu = NULL;
711 penv = &first_cpu;
712 cpu_index = 0;
713 while (*penv != NULL) {
1e9fa730 714 penv = &(*penv)->next_cpu;
6a00d601
FB		 715 cpu_index++;
716 }
717 env->cpu_index = cpu_index;
268a362c 718 env->numa_node = 0;
72cf2d4f
BS		 719 QTAILQ_INIT(&env->breakpoints);
720 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 721#ifndef CONFIG_USER_ONLY
722 env->thread_id = qemu_get_thread_id();
723#endif
6a00d601 724 *penv = env;
c2764719
PB		 725#if defined(CONFIG_USER_ONLY)
726 cpu_list_unlock();
727#endif
b3c7724c 728#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 729 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
730 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 731 cpu_save, cpu_load, env);
732#endif
fd6ce8f6
FB		 733}
734
d1a1eb74
TG		 735/* Allocate a new translation block. Flush the translation buffer if
736 too many translation blocks or too much generated code. */
737static TranslationBlock *tb_alloc(target_ulong pc)
738{
739 TranslationBlock *tb;
740
741 if (nb_tbs >= code_gen_max_blocks ||
742 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
743 return NULL;
744 tb = &tbs[nb_tbs++];
745 tb->pc = pc;
746 tb->cflags = 0;
747 return tb;
748}
749
750void tb_free(TranslationBlock *tb)
751{
752 /* In practice this is mostly used for single use temporary TB
753 Ignore the hard cases and just back up if this TB happens to
754 be the last one generated. */
755 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
756 code_gen_ptr = tb->tc_ptr;
757 nb_tbs--;
758 }
759}
760
9fa3e853
FB		 761static inline void invalidate_page_bitmap(PageDesc *p)
762{
763 if (p->code_bitmap) {
7267c094 764 g_free(p->code_bitmap);
9fa3e853
FB		 765 p->code_bitmap = NULL;
766 }
767 p->code_write_count = 0;
768}
769
5cd2c5b6
RH		 770/* Set to NULL all the 'first_tb' fields in all PageDescs. */
771
772static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 773{
5cd2c5b6 774 int i;
fd6ce8f6 775
5cd2c5b6
RH		 776 if (*lp == NULL) {
777 return;
778 }
779 if (level == 0) {
780 PageDesc *pd = *lp;
7296abac 781 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 782 pd[i].first_tb = NULL;
783 invalidate_page_bitmap(pd + i);
fd6ce8f6 784 }
5cd2c5b6
RH		 785 } else {
786 void **pp = *lp;
7296abac 787 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 788 page_flush_tb_1 (level - 1, pp + i);
789 }
790 }
791}
792
793static void page_flush_tb(void)
794{
795 int i;
796 for (i = 0; i < V_L1_SIZE; i++) {
797 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 798 }
799}
800
801/* flush all the translation blocks */
d4e8164f 802/* XXX: tb_flush is currently not thread safe */
9349b4f9 803void tb_flush(CPUArchState *env1)
fd6ce8f6 804{
9349b4f9 805 CPUArchState *env;
0124311e 806#if defined(DEBUG_FLUSH)
ab3d1727
BS		 807 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
808 (unsigned long)(code_gen_ptr - code_gen_buffer),
809 nb_tbs, nb_tbs > 0 ?
810 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 811#endif
26a5f13b 812 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 813 cpu_abort(env1, "Internal error: code buffer overflow\n");
814
fd6ce8f6 815 nb_tbs = 0;
3b46e624 816
6a00d601
FB		 817 for(env = first_cpu; env != NULL; env = env->next_cpu) {
818 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
819 }
9fa3e853 820
8a8a608f 821 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 822 page_flush_tb();
9fa3e853 823
fd6ce8f6 824 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 825 /* XXX: flush processor icache at this point if cache flush is
826 expensive */
e3db7226 827 tb_flush_count++;
fd6ce8f6
FB		 828}
829
830#ifdef DEBUG_TB_CHECK
831
bc98a7ef 832static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 833{
834 TranslationBlock *tb;
835 int i;
836 address &= TARGET_PAGE_MASK;
99773bd4
PB		 837 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
838 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 839 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
840 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 841 printf("ERROR invalidate: address=" TARGET_FMT_lx
842 " PC=%08lx size=%04x\n",
99773bd4 843 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 844 }
845 }
846 }
847}
848
849/* verify that all the pages have correct rights for code */
850static void tb_page_check(void)
851{
852 TranslationBlock *tb;
853 int i, flags1, flags2;
3b46e624 854
99773bd4
PB		 855 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
856 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 857 flags1 = page_get_flags(tb->pc);
858 flags2 = page_get_flags(tb->pc + tb->size - 1);
859 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
860 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 861 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 862 }
863 }
864 }
865}
866
867#endif
868
869/* invalidate one TB */
870static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
871 int next_offset)
872{
873 TranslationBlock *tb1;
874 for(;;) {
875 tb1 = *ptb;
876 if (tb1 == tb) {
877 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
878 break;
879 }
880 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
881 }
882}
883
9fa3e853
FB		 884static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
885{
886 TranslationBlock *tb1;
887 unsigned int n1;
888
889 for(;;) {
890 tb1 = *ptb;
8efe0ca8
SW		 891 n1 = (uintptr_t)tb1 & 3;
892 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 893 if (tb1 == tb) {
894 *ptb = tb1->page_next[n1];
895 break;
896 }
897 ptb = &tb1->page_next[n1];
898 }
899}
900
d4e8164f
FB		 901static inline void tb_jmp_remove(TranslationBlock *tb, int n)
902{
903 TranslationBlock *tb1, **ptb;
904 unsigned int n1;
905
906 ptb = &tb->jmp_next[n];
907 tb1 = *ptb;
908 if (tb1) {
909 /* find tb(n) in circular list */
910 for(;;) {
911 tb1 = *ptb;
8efe0ca8
SW		 912 n1 = (uintptr_t)tb1 & 3;
913 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 914 if (n1 == n && tb1 == tb)
915 break;
916 if (n1 == 2) {
917 ptb = &tb1->jmp_first;
918 } else {
919 ptb = &tb1->jmp_next[n1];
920 }
921 }
922 /* now we can suppress tb(n) from the list */
923 *ptb = tb->jmp_next[n];
924
925 tb->jmp_next[n] = NULL;
926 }
927}
928
929/* reset the jump entry 'n' of a TB so that it is not chained to
930 another TB */
931static inline void tb_reset_jump(TranslationBlock *tb, int n)
932{
8efe0ca8 933 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 934}
935
41c1b1c9 936void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 937{
9349b4f9 938 CPUArchState *env;
8a40a180 939 PageDesc *p;
d4e8164f 940 unsigned int h, n1;
41c1b1c9 941 tb_page_addr_t phys_pc;
8a40a180 942 TranslationBlock *tb1, *tb2;
3b46e624 943
8a40a180
FB		 944 /* remove the TB from the hash list */
945 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
946 h = tb_phys_hash_func(phys_pc);
5fafdf24 947 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 948 offsetof(TranslationBlock, phys_hash_next));
949
950 /* remove the TB from the page list */
951 if (tb->page_addr[0] != page_addr) {
952 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
953 tb_page_remove(&p->first_tb, tb);
954 invalidate_page_bitmap(p);
955 }
956 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
957 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
958 tb_page_remove(&p->first_tb, tb);
959 invalidate_page_bitmap(p);
960 }
961
36bdbe54 962 tb_invalidated_flag = 1;
59817ccb 963
fd6ce8f6 964 /* remove the TB from the hash list */
8a40a180 965 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 966 for(env = first_cpu; env != NULL; env = env->next_cpu) {
967 if (env->tb_jmp_cache[h] == tb)
968 env->tb_jmp_cache[h] = NULL;
969 }
d4e8164f
FB		 970
971 /* suppress this TB from the two jump lists */
972 tb_jmp_remove(tb, 0);
973 tb_jmp_remove(tb, 1);
974
975 /* suppress any remaining jumps to this TB */
976 tb1 = tb->jmp_first;
977 for(;;) {
8efe0ca8 978 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 979 if (n1 == 2)
980 break;
8efe0ca8 981 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 982 tb2 = tb1->jmp_next[n1];
983 tb_reset_jump(tb1, n1);
984 tb1->jmp_next[n1] = NULL;
985 tb1 = tb2;
986 }
8efe0ca8 987 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 988
e3db7226 989 tb_phys_invalidate_count++;
9fa3e853
FB		 990}
991
992static inline void set_bits(uint8_t *tab, int start, int len)
993{
994 int end, mask, end1;
995
996 end = start + len;
997 tab += start >> 3;
998 mask = 0xff << (start & 7);
999 if ((start & ~7) == (end & ~7)) {
1000 if (start < end) {
1001 mask &= ~(0xff << (end & 7));
1002 *tab |= mask;
1003 }
1004 } else {
1005 *tab++ |= mask;
1006 start = (start + 8) & ~7;
1007 end1 = end & ~7;
1008 while (start < end1) {
1009 *tab++ = 0xff;
1010 start += 8;
1011 }
1012 if (start < end) {
1013 mask = ~(0xff << (end & 7));
1014 *tab |= mask;
1015 }
1016 }
1017}
1018
1019static void build_page_bitmap(PageDesc *p)
1020{
1021 int n, tb_start, tb_end;
1022 TranslationBlock *tb;
3b46e624 1023
7267c094 1024 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1025
1026 tb = p->first_tb;
1027 while (tb != NULL) {
8efe0ca8
SW		 1028 n = (uintptr_t)tb & 3;
1029 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1030 /* NOTE: this is subtle as a TB may span two physical pages */
1031 if (n == 0) {
1032 /* NOTE: tb_end may be after the end of the page, but
1033 it is not a problem */
1034 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1035 tb_end = tb_start + tb->size;
1036 if (tb_end > TARGET_PAGE_SIZE)
1037 tb_end = TARGET_PAGE_SIZE;
1038 } else {
1039 tb_start = 0;
1040 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1041 }
1042 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1043 tb = tb->page_next[n];
1044 }
1045}
1046
9349b4f9 1047TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1048 target_ulong pc, target_ulong cs_base,
1049 int flags, int cflags)
d720b93d
FB		 1050{
1051 TranslationBlock *tb;
1052 uint8_t *tc_ptr;
41c1b1c9
PB		 1053 tb_page_addr_t phys_pc, phys_page2;
1054 target_ulong virt_page2;
d720b93d
FB		 1055 int code_gen_size;
1056
41c1b1c9 1057 phys_pc = get_page_addr_code(env, pc);
c27004ec 1058 tb = tb_alloc(pc);
d720b93d
FB		 1059 if (!tb) {
1060 /* flush must be done */
1061 tb_flush(env);
1062 /* cannot fail at this point */
c27004ec 1063 tb = tb_alloc(pc);
2e70f6ef
PB		 1064 /* Don't forget to invalidate previous TB info. */
1065 tb_invalidated_flag = 1;
d720b93d
FB		 1066 }
1067 tc_ptr = code_gen_ptr;
1068 tb->tc_ptr = tc_ptr;
1069 tb->cs_base = cs_base;
1070 tb->flags = flags;
1071 tb->cflags = cflags;
d07bde88 1072 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1073 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1074 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1075
d720b93d 1076 /* check next page if needed */
c27004ec 1077 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1078 phys_page2 = -1;
c27004ec 1079 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1080 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1081 }
41c1b1c9 1082 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1083 return tb;
d720b93d 1084}
3b46e624 1085
77a8f1a5 1086/*
8e0fdce3
JK		 1087 * Invalidate all TBs which intersect with the target physical address range
1088 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1089 * 'is_cpu_write_access' should be true if called from a real cpu write
1090 * access: the virtual CPU will exit the current TB if code is modified inside
1091 * this TB.
77a8f1a5
AG		 1092 */
1093void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1094 int is_cpu_write_access)
1095{
1096 while (start < end) {
1097 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1098 start &= TARGET_PAGE_MASK;
1099 start += TARGET_PAGE_SIZE;
1100 }
1101}
1102
8e0fdce3
JK		 1103/*
1104 * Invalidate all TBs which intersect with the target physical address range
1105 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1106 * 'is_cpu_write_access' should be true if called from a real cpu write
1107 * access: the virtual CPU will exit the current TB if code is modified inside
1108 * this TB.
1109 */
41c1b1c9 1110void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1111 int is_cpu_write_access)
1112{
6b917547 1113 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1114 CPUArchState *env = cpu_single_env;
41c1b1c9 1115 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1116 PageDesc *p;
1117 int n;
1118#ifdef TARGET_HAS_PRECISE_SMC
1119 int current_tb_not_found = is_cpu_write_access;
1120 TranslationBlock *current_tb = NULL;
1121 int current_tb_modified = 0;
1122 target_ulong current_pc = 0;
1123 target_ulong current_cs_base = 0;
1124 int current_flags = 0;
1125#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1126
1127 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1128 if (!p)
9fa3e853 1129 return;
5fafdf24 1130 if (!p->code_bitmap &&
d720b93d
FB		 1131 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1132 is_cpu_write_access) {
9fa3e853
FB		 1133 /* build code bitmap */
1134 build_page_bitmap(p);
1135 }
1136
1137 /* we remove all the TBs in the range [start, end[ */
1138 /* XXX: see if in some cases it could be faster to invalidate all the code */
1139 tb = p->first_tb;
1140 while (tb != NULL) {
8efe0ca8
SW		 1141 n = (uintptr_t)tb & 3;
1142 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1143 tb_next = tb->page_next[n];
1144 /* NOTE: this is subtle as a TB may span two physical pages */
1145 if (n == 0) {
1146 /* NOTE: tb_end may be after the end of the page, but
1147 it is not a problem */
1148 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1149 tb_end = tb_start + tb->size;
1150 } else {
1151 tb_start = tb->page_addr[1];
1152 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1153 }
1154 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1155#ifdef TARGET_HAS_PRECISE_SMC
1156 if (current_tb_not_found) {
1157 current_tb_not_found = 0;
1158 current_tb = NULL;
2e70f6ef 1159 if (env->mem_io_pc) {
d720b93d 1160 /* now we have a real cpu fault */
2e70f6ef 1161 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1162 }
1163 }
1164 if (current_tb == tb &&
2e70f6ef 1165 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1166 /* If we are modifying the current TB, we must stop
1167 its execution. We could be more precise by checking
1168 that the modification is after the current PC, but it
1169 would require a specialized function to partially
1170 restore the CPU state */
3b46e624 1171
d720b93d 1172 current_tb_modified = 1;
618ba8e6 1173 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1174 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1175 &current_flags);
d720b93d
FB		 1176 }
1177#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1178 /* we need to do that to handle the case where a signal
1179 occurs while doing tb_phys_invalidate() */
1180 saved_tb = NULL;
1181 if (env) {
1182 saved_tb = env->current_tb;
1183 env->current_tb = NULL;
1184 }
9fa3e853 1185 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1186 if (env) {
1187 env->current_tb = saved_tb;
1188 if (env->interrupt_request && env->current_tb)
1189 cpu_interrupt(env, env->interrupt_request);
1190 }
9fa3e853
FB		 1191 }
1192 tb = tb_next;
1193 }
1194#if !defined(CONFIG_USER_ONLY)
1195 /* if no code remaining, no need to continue to use slow writes */
1196 if (!p->first_tb) {
1197 invalidate_page_bitmap(p);
d720b93d 1198 if (is_cpu_write_access) {
2e70f6ef 1199 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1200 }
1201 }
1202#endif
1203#ifdef TARGET_HAS_PRECISE_SMC
1204 if (current_tb_modified) {
1205 /* we generate a block containing just the instruction
1206 modifying the memory. It will ensure that it cannot modify
1207 itself */
ea1c1802 1208 env->current_tb = NULL;
2e70f6ef 1209 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1210 cpu_resume_from_signal(env, NULL);
9fa3e853 1211 }
fd6ce8f6 1212#endif
9fa3e853 1213}
fd6ce8f6 1214
9fa3e853 1215/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1216static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1217{
1218 PageDesc *p;
1219 int offset, b;
59817ccb 1220#if 0
a4193c8a 1221 if (1) {
93fcfe39
AL		 1222 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1223 cpu_single_env->mem_io_vaddr, len,
1224 cpu_single_env->eip,
8efe0ca8
SW		 1225 cpu_single_env->eip +
1226 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1227 }
1228#endif
9fa3e853 1229 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1230 if (!p)
9fa3e853
FB		 1231 return;
1232 if (p->code_bitmap) {
1233 offset = start & ~TARGET_PAGE_MASK;
1234 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1235 if (b & ((1 << len) - 1))
1236 goto do_invalidate;
1237 } else {
1238 do_invalidate:
d720b93d 1239 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1240 }
1241}
1242
9fa3e853 1243#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1244static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1245 uintptr_t pc, void *puc)
9fa3e853 1246{
6b917547 1247 TranslationBlock *tb;
9fa3e853 1248 PageDesc *p;
6b917547 1249 int n;
d720b93d 1250#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1251 TranslationBlock *current_tb = NULL;
9349b4f9 1252 CPUArchState *env = cpu_single_env;
6b917547
AL		 1253 int current_tb_modified = 0;
1254 target_ulong current_pc = 0;
1255 target_ulong current_cs_base = 0;
1256 int current_flags = 0;
d720b93d 1257#endif
9fa3e853
FB		 1258
1259 addr &= TARGET_PAGE_MASK;
1260 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1261 if (!p)
9fa3e853
FB		 1262 return;
1263 tb = p->first_tb;
d720b93d
FB		 1264#ifdef TARGET_HAS_PRECISE_SMC
1265 if (tb && pc != 0) {
1266 current_tb = tb_find_pc(pc);
1267 }
1268#endif
9fa3e853 1269 while (tb != NULL) {
8efe0ca8
SW		 1270 n = (uintptr_t)tb & 3;
1271 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1272#ifdef TARGET_HAS_PRECISE_SMC
1273 if (current_tb == tb &&
2e70f6ef 1274 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1275 /* If we are modifying the current TB, we must stop
1276 its execution. We could be more precise by checking
1277 that the modification is after the current PC, but it
1278 would require a specialized function to partially
1279 restore the CPU state */
3b46e624 1280
d720b93d 1281 current_tb_modified = 1;
618ba8e6 1282 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1283 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1284 &current_flags);
d720b93d
FB		 1285 }
1286#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1287 tb_phys_invalidate(tb, addr);
1288 tb = tb->page_next[n];
1289 }
fd6ce8f6 1290 p->first_tb = NULL;
d720b93d
FB		 1291#ifdef TARGET_HAS_PRECISE_SMC
1292 if (current_tb_modified) {
1293 /* we generate a block containing just the instruction
1294 modifying the memory. It will ensure that it cannot modify
1295 itself */
ea1c1802 1296 env->current_tb = NULL;
2e70f6ef 1297 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1298 cpu_resume_from_signal(env, puc);
1299 }
1300#endif
fd6ce8f6 1301}
9fa3e853 1302#endif
fd6ce8f6
FB		 1303
1304/* add the tb in the target page and protect it if necessary */
5fafdf24 1305static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1306 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1307{
1308 PageDesc *p;
4429ab44
JQ		 1309#ifndef CONFIG_USER_ONLY
1310 bool page_already_protected;
1311#endif
9fa3e853
FB		 1312
1313 tb->page_addr[n] = page_addr;
5cd2c5b6 1314 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1315 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1316#ifndef CONFIG_USER_ONLY
1317 page_already_protected = p->first_tb != NULL;
1318#endif
8efe0ca8 1319 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1320 invalidate_page_bitmap(p);
fd6ce8f6 1321
107db443 1322#if defined(TARGET_HAS_SMC) || 1
d720b93d 1323
9fa3e853 1324#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1325 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1326 target_ulong addr;
1327 PageDesc *p2;
9fa3e853
FB		 1328 int prot;
1329
fd6ce8f6
FB		 1330 /* force the host page as non writable (writes will have a
1331 page fault + mprotect overhead) */
53a5960a 1332 page_addr &= qemu_host_page_mask;
fd6ce8f6 1333 prot = 0;
53a5960a
PB		 1334 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1335 addr += TARGET_PAGE_SIZE) {
1336
1337 p2 = page_find (addr >> TARGET_PAGE_BITS);
1338 if (!p2)
1339 continue;
1340 prot |= p2->flags;
1341 p2->flags &= ~PAGE_WRITE;
53a5960a 1342 }
5fafdf24 1343 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1344 (prot & PAGE_BITS) & ~PAGE_WRITE);
1345#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1346 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1347 page_addr);
fd6ce8f6 1348#endif
fd6ce8f6 1349 }
9fa3e853
FB		 1350#else
1351 /* if some code is already present, then the pages are already
1352 protected. So we handle the case where only the first TB is
1353 allocated in a physical page */
4429ab44 1354 if (!page_already_protected) {
6a00d601 1355 tlb_protect_code(page_addr);
9fa3e853
FB		 1356 }
1357#endif
d720b93d
FB		 1358
1359#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1360}
1361
9fa3e853
FB		 1362/* add a new TB and link it to the physical page tables. phys_page2 is
1363 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1364void tb_link_page(TranslationBlock *tb,
1365 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1366{
9fa3e853
FB		 1367 unsigned int h;
1368 TranslationBlock **ptb;
1369
c8a706fe
PB		 1370 /* Grab the mmap lock to stop another thread invalidating this TB
1371 before we are done. */
1372 mmap_lock();
9fa3e853
FB		 1373 /* add in the physical hash table */
1374 h = tb_phys_hash_func(phys_pc);
1375 ptb = &tb_phys_hash[h];
1376 tb->phys_hash_next = *ptb;
1377 *ptb = tb;
fd6ce8f6
FB		 1378
1379 /* add in the page list */
9fa3e853
FB		 1380 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1381 if (phys_page2 != -1)
1382 tb_alloc_page(tb, 1, phys_page2);
1383 else
1384 tb->page_addr[1] = -1;
9fa3e853 1385
8efe0ca8 1386 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1387 tb->jmp_next[0] = NULL;
1388 tb->jmp_next[1] = NULL;
1389
1390 /* init original jump addresses */
1391 if (tb->tb_next_offset[0] != 0xffff)
1392 tb_reset_jump(tb, 0);
1393 if (tb->tb_next_offset[1] != 0xffff)
1394 tb_reset_jump(tb, 1);
8a40a180
FB		 1395
1396#ifdef DEBUG_TB_CHECK
1397 tb_page_check();
1398#endif
c8a706fe 1399 mmap_unlock();
fd6ce8f6
FB		 1400}
1401
9fa3e853
FB		 1402/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1403 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1404TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1405{
9fa3e853 1406 int m_min, m_max, m;
8efe0ca8 1407 uintptr_t v;
9fa3e853 1408 TranslationBlock *tb;
a513fe19
FB		 1409
1410 if (nb_tbs <= 0)
1411 return NULL;
8efe0ca8
SW		 1412 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1413 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1414 return NULL;
8efe0ca8 1415 }
a513fe19
FB		 1416 /* binary search (cf Knuth) */
1417 m_min = 0;
1418 m_max = nb_tbs - 1;
1419 while (m_min <= m_max) {
1420 m = (m_min + m_max) >> 1;
1421 tb = &tbs[m];
8efe0ca8 1422 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1423 if (v == tc_ptr)
1424 return tb;
1425 else if (tc_ptr < v) {
1426 m_max = m - 1;
1427 } else {
1428 m_min = m + 1;
1429 }
5fafdf24 1430 }
a513fe19
FB		 1431 return &tbs[m_max];
1432}
7501267e 1433
ea041c0e
FB		 1434static void tb_reset_jump_recursive(TranslationBlock *tb);
1435
1436static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1437{
1438 TranslationBlock *tb1, *tb_next, **ptb;
1439 unsigned int n1;
1440
1441 tb1 = tb->jmp_next[n];
1442 if (tb1 != NULL) {
1443 /* find head of list */
1444 for(;;) {
8efe0ca8
SW		 1445 n1 = (uintptr_t)tb1 & 3;
1446 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1447 if (n1 == 2)
1448 break;
1449 tb1 = tb1->jmp_next[n1];
1450 }
1451 /* we are now sure now that tb jumps to tb1 */
1452 tb_next = tb1;
1453
1454 /* remove tb from the jmp_first list */
1455 ptb = &tb_next->jmp_first;
1456 for(;;) {
1457 tb1 = *ptb;
8efe0ca8
SW		 1458 n1 = (uintptr_t)tb1 & 3;
1459 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1460 if (n1 == n && tb1 == tb)
1461 break;
1462 ptb = &tb1->jmp_next[n1];
1463 }
1464 *ptb = tb->jmp_next[n];
1465 tb->jmp_next[n] = NULL;
3b46e624 1466
ea041c0e
FB		 1467 /* suppress the jump to next tb in generated code */
1468 tb_reset_jump(tb, n);
1469
0124311e 1470 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1471 tb_reset_jump_recursive(tb_next);
1472 }
1473}
1474
1475static void tb_reset_jump_recursive(TranslationBlock *tb)
1476{
1477 tb_reset_jump_recursive2(tb, 0);
1478 tb_reset_jump_recursive2(tb, 1);
1479}
1480
1fddef4b 1481#if defined(TARGET_HAS_ICE)
94df27fd 1482#if defined(CONFIG_USER_ONLY)
9349b4f9 1483static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1484{
1485 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1486}
1487#else
1e7855a5 1488void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1489{
c227f099 1490 ram_addr_t ram_addr;
f3705d53 1491 MemoryRegionSection *section;
d720b93d 1492
06ef3525 1493 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1494 if (!(memory_region_is_ram(section->mr)
1495 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1496 return;
1497 }
f3705d53 1498 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1499 + memory_region_section_addr(section, addr);
706cd4b5 1500 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1501}
1e7855a5
MF		 1502
1503static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1504{
9d70c4b7
MF		 1505 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1506 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1507}
c27004ec 1508#endif
94df27fd 1509#endif /* TARGET_HAS_ICE */
d720b93d 1510
c527ee8f 1511#if defined(CONFIG_USER_ONLY)
9349b4f9 1512void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1513
1514{
1515}
1516
9349b4f9 1517int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1518 int flags, CPUWatchpoint **watchpoint)
1519{
1520 return -ENOSYS;
1521}
1522#else
6658ffb8 1523/* Add a watchpoint. */
9349b4f9 1524int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1525 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1526{
b4051334 1527 target_ulong len_mask = ~(len - 1);
c0ce998e 1528 CPUWatchpoint *wp;
6658ffb8 1529
b4051334 1530 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1531 if ((len & (len - 1)) || (addr & ~len_mask) ||
1532 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1533 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1534 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1535 return -EINVAL;
1536 }
7267c094 1537 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1538
1539 wp->vaddr = addr;
b4051334 1540 wp->len_mask = len_mask;
a1d1bb31
AL		 1541 wp->flags = flags;
1542
2dc9f411 1543 /* keep all GDB-injected watchpoints in front */
c0ce998e 1544 if (flags & BP_GDB)
72cf2d4f 1545 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1546 else
72cf2d4f 1547 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1548
6658ffb8 1549 tlb_flush_page(env, addr);
a1d1bb31
AL		 1550
1551 if (watchpoint)
1552 *watchpoint = wp;
1553 return 0;
6658ffb8
PB		 1554}
1555
a1d1bb31 1556/* Remove a specific watchpoint. */
9349b4f9 1557int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1558 int flags)
6658ffb8 1559{
b4051334 1560 target_ulong len_mask = ~(len - 1);
a1d1bb31 1561 CPUWatchpoint *wp;
6658ffb8 1562
72cf2d4f 1563 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1564 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1565 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1566 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1567 return 0;
1568 }
1569 }
a1d1bb31 1570 return -ENOENT;
6658ffb8
PB		 1571}
1572
a1d1bb31 1573/* Remove a specific watchpoint by reference. */
9349b4f9 1574void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1575{
72cf2d4f 1576 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1577
a1d1bb31
AL		 1578 tlb_flush_page(env, watchpoint->vaddr);
1579
7267c094 1580 g_free(watchpoint);
a1d1bb31
AL		 1581}
1582
1583/* Remove all matching watchpoints. */
9349b4f9 1584void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1585{
c0ce998e 1586 CPUWatchpoint *wp, *next;
a1d1bb31 1587
72cf2d4f 1588 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1589 if (wp->flags & mask)
1590 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1591 }
7d03f82f 1592}
c527ee8f 1593#endif
7d03f82f 1594
a1d1bb31 1595/* Add a breakpoint. */
9349b4f9 1596int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1597 CPUBreakpoint **breakpoint)
4c3a88a2 1598{
1fddef4b 1599#if defined(TARGET_HAS_ICE)
c0ce998e 1600 CPUBreakpoint *bp;
3b46e624 1601
7267c094 1602 bp = g_malloc(sizeof(*bp));
4c3a88a2 1603
a1d1bb31
AL		 1604 bp->pc = pc;
1605 bp->flags = flags;
1606
2dc9f411 1607 /* keep all GDB-injected breakpoints in front */
c0ce998e 1608 if (flags & BP_GDB)
72cf2d4f 1609 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1610 else
72cf2d4f 1611 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1612
d720b93d 1613 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1614
1615 if (breakpoint)
1616 *breakpoint = bp;
4c3a88a2
FB		 1617 return 0;
1618#else
a1d1bb31 1619 return -ENOSYS;
4c3a88a2
FB		 1620#endif
1621}
1622
a1d1bb31 1623/* Remove a specific breakpoint. */
9349b4f9 1624int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1625{
7d03f82f 1626#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1627 CPUBreakpoint *bp;
1628
72cf2d4f 1629 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1630 if (bp->pc == pc && bp->flags == flags) {
1631 cpu_breakpoint_remove_by_ref(env, bp);
1632 return 0;
1633 }
7d03f82f 1634 }
a1d1bb31
AL		 1635 return -ENOENT;
1636#else
1637 return -ENOSYS;
7d03f82f
EI		 1638#endif
1639}
1640
a1d1bb31 1641/* Remove a specific breakpoint by reference. */
9349b4f9 1642void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1643{
1fddef4b 1644#if defined(TARGET_HAS_ICE)
72cf2d4f 1645 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1646
a1d1bb31
AL		 1647 breakpoint_invalidate(env, breakpoint->pc);
1648
7267c094 1649 g_free(breakpoint);
a1d1bb31
AL		 1650#endif
1651}
1652
1653/* Remove all matching breakpoints. */
9349b4f9 1654void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1655{
1656#if defined(TARGET_HAS_ICE)
c0ce998e 1657 CPUBreakpoint *bp, *next;
a1d1bb31 1658
72cf2d4f 1659 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1660 if (bp->flags & mask)
1661 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1662 }
4c3a88a2
FB		 1663#endif
1664}
1665
c33a346e
FB		 1666/* enable or disable single step mode. EXCP_DEBUG is returned by the
1667 CPU loop after each instruction */
9349b4f9 1668void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1669{
1fddef4b 1670#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1671 if (env->singlestep_enabled != enabled) {
1672 env->singlestep_enabled = enabled;
e22a25c9
AL		 1673 if (kvm_enabled())
1674 kvm_update_guest_debug(env, 0);
1675 else {
ccbb4d44 1676 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1677 /* XXX: only flush what is necessary */
1678 tb_flush(env);
1679 }
c33a346e
FB		 1680 }
1681#endif
1682}
1683
9349b4f9 1684static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1685{
3098dba0
AJ		 1686 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1687 problem and hope the cpu will stop of its own accord. For userspace
1688 emulation this often isn't actually as bad as it sounds. Often
1689 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1690 TranslationBlock *tb;
c227f099 1691 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1692
cab1b4bd 1693 spin_lock(&interrupt_lock);
3098dba0
AJ		 1694 tb = env->current_tb;
1695 /* if the cpu is currently executing code, we must unlink it and
1696 all the potentially executing TB */
f76cfe56 1697 if (tb) {
3098dba0
AJ		 1698 env->current_tb = NULL;
1699 tb_reset_jump_recursive(tb);
be214e6c 1700 }
cab1b4bd 1701 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1702}
1703
97ffbd8d 1704#ifndef CONFIG_USER_ONLY
3098dba0 1705/* mask must never be zero, except for A20 change call */
9349b4f9 1706static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1707{
1708 int old_mask;
be214e6c 1709
2e70f6ef 1710 old_mask = env->interrupt_request;
68a79315 1711 env->interrupt_request |= mask;
3098dba0 1712
8edac960
AL		 1713 /*
1714 * If called from iothread context, wake the target cpu in
1715 * case its halted.
1716 */
b7680cb6 1717 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1718 qemu_cpu_kick(env);
1719 return;
1720 }
8edac960 1721
2e70f6ef 1722 if (use_icount) {
266910c4 1723 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1724 if (!can_do_io(env)
be214e6c 1725 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1726 cpu_abort(env, "Raised interrupt while not in I/O function");
1727 }
2e70f6ef 1728 } else {
3098dba0 1729 cpu_unlink_tb(env);
ea041c0e
FB		 1730 }
1731}
1732
ec6959d0
JK		 1733CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1734
97ffbd8d
JK		 1735#else /* CONFIG_USER_ONLY */
1736
9349b4f9 1737void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1738{
1739 env->interrupt_request |= mask;
1740 cpu_unlink_tb(env);
1741}
1742#endif /* CONFIG_USER_ONLY */
1743
9349b4f9 1744void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1745{
1746 env->interrupt_request &= ~mask;
1747}
1748
9349b4f9 1749void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1750{
1751 env->exit_request = 1;
1752 cpu_unlink_tb(env);
1753}
1754
9349b4f9 1755void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1756{
1757 va_list ap;
493ae1f0 1758 va_list ap2;
7501267e
FB		 1759
1760 va_start(ap, fmt);
493ae1f0 1761 va_copy(ap2, ap);
7501267e
FB		 1762 fprintf(stderr, "qemu: fatal: ");
1763 vfprintf(stderr, fmt, ap);
1764 fprintf(stderr, "\n");
6fd2a026 1765 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1766 if (qemu_log_enabled()) {
1767 qemu_log("qemu: fatal: ");
1768 qemu_log_vprintf(fmt, ap2);
1769 qemu_log("\n");
6fd2a026 1770 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1771 qemu_log_flush();
93fcfe39 1772 qemu_log_close();
924edcae 1773 }
493ae1f0 1774 va_end(ap2);
f9373291 1775 va_end(ap);
fd052bf6
RV		 1776#if defined(CONFIG_USER_ONLY)
1777 {
1778 struct sigaction act;
1779 sigfillset(&act.sa_mask);
1780 act.sa_handler = SIG_DFL;
1781 sigaction(SIGABRT, &act, NULL);
1782 }
1783#endif
7501267e
FB		 1784 abort();
1785}
1786
9349b4f9 1787CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1788{
9349b4f9
AF		 1789 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1790 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1791 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1792#if defined(TARGET_HAS_ICE)
1793 CPUBreakpoint *bp;
1794 CPUWatchpoint *wp;
1795#endif
1796
9349b4f9 1797 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1798
1799 /* Preserve chaining and index. */
c5be9f08
TS		 1800 new_env->next_cpu = next_cpu;
1801 new_env->cpu_index = cpu_index;
5a38f081
AL		 1802
1803 /* Clone all break/watchpoints.
1804 Note: Once we support ptrace with hw-debug register access, make sure
1805 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1806 QTAILQ_INIT(&env->breakpoints);
1807 QTAILQ_INIT(&env->watchpoints);
5a38f081 1808#if defined(TARGET_HAS_ICE)
72cf2d4f 1809 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1810 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1811 }
72cf2d4f 1812 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1813 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1814 wp->flags, NULL);
1815 }
1816#endif
1817
c5be9f08
TS		 1818 return new_env;
1819}
1820
0124311e 1821#if !defined(CONFIG_USER_ONLY)
0cac1b66 1822void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1823{
1824 unsigned int i;
1825
1826 /* Discard jump cache entries for any tb which might potentially
1827 overlap the flushed page. */
1828 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1829 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1830 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1831
1832 i = tb_jmp_cache_hash_page(addr);
1833 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1834 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1835}
1836
d24981d3
JQ		 1837static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1838 uintptr_t length)
1839{
1840 uintptr_t start1;
1841
1842 /* we modify the TLB cache so that the dirty bit will be set again
1843 when accessing the range */
1844 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1845 /* Check that we don't span multiple blocks - this breaks the
1846 address comparisons below. */
1847 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1848 != (end - 1) - start) {
1849 abort();
1850 }
1851 cpu_tlb_reset_dirty_all(start1, length);
1852
1853}
1854
5579c7f3 1855/* Note: start and end must be within the same ram block. */
c227f099 1856void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1857 int dirty_flags)
1ccde1cb 1858{
d24981d3 1859 uintptr_t length;
1ccde1cb
FB		 1860
1861 start &= TARGET_PAGE_MASK;
1862 end = TARGET_PAGE_ALIGN(end);
1863
1864 length = end - start;
1865 if (length == 0)
1866 return;
f7c11b53 1867 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1868
d24981d3
JQ		 1869 if (tcg_enabled()) {
1870 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1871 }
1ccde1cb
FB		 1872}
1873
74576198
AL		 1874int cpu_physical_memory_set_dirty_tracking(int enable)
1875{
f6f3fbca 1876 int ret = 0;
74576198 1877 in_migration = enable;
f6f3fbca 1878 return ret;
74576198
AL		 1879}
1880
e5548617
BS		 1881target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1882 MemoryRegionSection *section,
1883 target_ulong vaddr,
1884 target_phys_addr_t paddr,
1885 int prot,
1886 target_ulong *address)
1887{
1888 target_phys_addr_t iotlb;
1889 CPUWatchpoint *wp;
1890
cc5bea60 1891 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1892 /* Normal RAM. */
1893 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1894 + memory_region_section_addr(section, paddr);
e5548617
BS		 1895 if (!section->readonly) {
1896 iotlb |= phys_section_notdirty;
1897 } else {
1898 iotlb |= phys_section_rom;
1899 }
1900 } else {
1901 /* IO handlers are currently passed a physical address.
1902 It would be nice to pass an offset from the base address
1903 of that region. This would avoid having to special case RAM,
1904 and avoid full address decoding in every device.
1905 We can't use the high bits of pd for this because
1906 IO_MEM_ROMD uses these as a ram address. */
1907 iotlb = section - phys_sections;
cc5bea60 1908 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1909 }
1910
1911 /* Make accesses to pages with watchpoints go via the
1912 watchpoint trap routines. */
1913 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1914 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1915 /* Avoid trapping reads of pages with a write breakpoint. */
1916 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1917 iotlb = phys_section_watch + paddr;
1918 *address |= TLB_MMIO;
1919 break;
1920 }
1921 }
1922 }
1923
1924 return iotlb;
1925}
1926
0124311e 1927#else
edf8e2af
MW		 1928/*
1929 * Walks guest process memory "regions" one by one
1930 * and calls callback function 'fn' for each region.
1931 */
5cd2c5b6
RH		 1932
1933struct walk_memory_regions_data
1934{
1935 walk_memory_regions_fn fn;
1936 void *priv;
8efe0ca8 1937 uintptr_t start;
5cd2c5b6
RH		 1938 int prot;
1939};
1940
1941static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1942 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1943{
1944 if (data->start != -1ul) {
1945 int rc = data->fn(data->priv, data->start, end, data->prot);
1946 if (rc != 0) {
1947 return rc;
1948 }
1949 }
1950
1951 data->start = (new_prot ? end : -1ul);
1952 data->prot = new_prot;
1953
1954 return 0;
1955}
1956
1957static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1958 abi_ulong base, int level, void **lp)
5cd2c5b6 1959{
b480d9b7 1960 abi_ulong pa;
5cd2c5b6
RH		 1961 int i, rc;
1962
1963 if (*lp == NULL) {
1964 return walk_memory_regions_end(data, base, 0);
1965 }
1966
1967 if (level == 0) {
1968 PageDesc *pd = *lp;
7296abac 1969 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1970 int prot = pd[i].flags;
1971
1972 pa = base | (i << TARGET_PAGE_BITS);
1973 if (prot != data->prot) {
1974 rc = walk_memory_regions_end(data, pa, prot);
1975 if (rc != 0) {
1976 return rc;
9fa3e853 1977 }
9fa3e853 1978 }
5cd2c5b6
RH		 1979 }
1980 } else {
1981 void **pp = *lp;
7296abac 1982 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1983 pa = base | ((abi_ulong)i <<
1984 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1985 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1986 if (rc != 0) {
1987 return rc;
1988 }
1989 }
1990 }
1991
1992 return 0;
1993}
1994
1995int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1996{
1997 struct walk_memory_regions_data data;
8efe0ca8 1998 uintptr_t i;
5cd2c5b6
RH		 1999
2000 data.fn = fn;
2001 data.priv = priv;
2002 data.start = -1ul;
2003 data.prot = 0;
2004
2005 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2006 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2007 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2008 if (rc != 0) {
2009 return rc;
9fa3e853 2010 }
33417e70 2011 }
5cd2c5b6
RH		 2012
2013 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2014}
2015
b480d9b7
PB		 2016static int dump_region(void *priv, abi_ulong start,
2017 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2018{
2019 FILE *f = (FILE *)priv;
2020
b480d9b7
PB		 2021 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2022 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2023 start, end, end - start,
2024 ((prot & PAGE_READ) ? 'r' : '-'),
2025 ((prot & PAGE_WRITE) ? 'w' : '-'),
2026 ((prot & PAGE_EXEC) ? 'x' : '-'));
2027
2028 return (0);
2029}
2030
2031/* dump memory mappings */
2032void page_dump(FILE *f)
2033{
2034 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2035 "start", "end", "size", "prot");
2036 walk_memory_regions(f, dump_region);
33417e70
FB		 2037}
2038
53a5960a 2039int page_get_flags(target_ulong address)
33417e70 2040{
9fa3e853
FB		 2041 PageDesc *p;
2042
2043 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2044 if (!p)
9fa3e853
FB		 2045 return 0;
2046 return p->flags;
2047}
2048
376a7909
RH		 2049/* Modify the flags of a page and invalidate the code if necessary.
2050 The flag PAGE_WRITE_ORG is positioned automatically depending
2051 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2052void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2053{
376a7909
RH		 2054 target_ulong addr, len;
2055
2056 /* This function should never be called with addresses outside the
2057 guest address space. If this assert fires, it probably indicates
2058 a missing call to h2g_valid. */
b480d9b7
PB		 2059#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2060 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2061#endif
2062 assert(start < end);
9fa3e853
FB		 2063
2064 start = start & TARGET_PAGE_MASK;
2065 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2066
2067 if (flags & PAGE_WRITE) {
9fa3e853 2068 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2069 }
2070
2071 for (addr = start, len = end - start;
2072 len != 0;
2073 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2074 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2075
2076 /* If the write protection bit is set, then we invalidate
2077 the code inside. */
5fafdf24 2078 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2079 (flags & PAGE_WRITE) &&
2080 p->first_tb) {
d720b93d 2081 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2082 }
2083 p->flags = flags;
2084 }
33417e70
FB		 2085}
2086
3d97b40b
TS		 2087int page_check_range(target_ulong start, target_ulong len, int flags)
2088{
2089 PageDesc *p;
2090 target_ulong end;
2091 target_ulong addr;
2092
376a7909
RH		 2093 /* This function should never be called with addresses outside the
2094 guest address space. If this assert fires, it probably indicates
2095 a missing call to h2g_valid. */
338e9e6c
BS		 2096#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2097 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2098#endif
2099
3e0650a9
RH		 2100 if (len == 0) {
2101 return 0;
2102 }
376a7909
RH		 2103 if (start + len - 1 < start) {
2104 /* We've wrapped around. */
55f280c9 2105 return -1;
376a7909 2106 }
55f280c9 2107
3d97b40b
TS		 2108 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2109 start = start & TARGET_PAGE_MASK;
2110
376a7909
RH		 2111 for (addr = start, len = end - start;
2112 len != 0;
2113 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2114 p = page_find(addr >> TARGET_PAGE_BITS);
2115 if( !p )
2116 return -1;
2117 if( !(p->flags & PAGE_VALID) )
2118 return -1;
2119
dae3270c 2120 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2121 return -1;
dae3270c
FB		 2122 if (flags & PAGE_WRITE) {
2123 if (!(p->flags & PAGE_WRITE_ORG))
2124 return -1;
2125 /* unprotect the page if it was put read-only because it
2126 contains translated code */
2127 if (!(p->flags & PAGE_WRITE)) {
2128 if (!page_unprotect(addr, 0, NULL))
2129 return -1;
2130 }
2131 return 0;
2132 }
3d97b40b
TS		 2133 }
2134 return 0;
2135}
2136
9fa3e853 2137/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2138 page. Return TRUE if the fault was successfully handled. */
6375e09e 2139int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2140{
45d679d6
AJ		 2141 unsigned int prot;
2142 PageDesc *p;
53a5960a 2143 target_ulong host_start, host_end, addr;
9fa3e853 2144
c8a706fe
PB		 2145 /* Technically this isn't safe inside a signal handler. However we
2146 know this only ever happens in a synchronous SEGV handler, so in
2147 practice it seems to be ok. */
2148 mmap_lock();
2149
45d679d6
AJ		 2150 p = page_find(address >> TARGET_PAGE_BITS);
2151 if (!p) {
c8a706fe 2152 mmap_unlock();
9fa3e853 2153 return 0;
c8a706fe 2154 }
45d679d6 2155
9fa3e853
FB		 2156 /* if the page was really writable, then we change its
2157 protection back to writable */
45d679d6
AJ		 2158 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2159 host_start = address & qemu_host_page_mask;
2160 host_end = host_start + qemu_host_page_size;
2161
2162 prot = 0;
2163 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2164 p = page_find(addr >> TARGET_PAGE_BITS);
2165 p->flags |= PAGE_WRITE;
2166 prot |= p->flags;
2167
9fa3e853
FB		 2168 /* and since the content will be modified, we must invalidate
2169 the corresponding translated code. */
45d679d6 2170 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2171#ifdef DEBUG_TB_CHECK
45d679d6 2172 tb_invalidate_check(addr);
9fa3e853 2173#endif
9fa3e853 2174 }
45d679d6
AJ		 2175 mprotect((void *)g2h(host_start), qemu_host_page_size,
2176 prot & PAGE_BITS);
2177
2178 mmap_unlock();
2179 return 1;
9fa3e853 2180 }
c8a706fe 2181 mmap_unlock();
9fa3e853
FB		 2182 return 0;
2183}
9fa3e853
FB		 2184#endif /* defined(CONFIG_USER_ONLY) */
2185
e2eef170 2186#if !defined(CONFIG_USER_ONLY)
8da3ff18 2187
c04b2b78
PB		 2188#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2189typedef struct subpage_t {
70c68e44 2190 MemoryRegion iomem;
c04b2b78 2191 target_phys_addr_t base;
5312bd8b 2192 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2193} subpage_t;
2194
c227f099 2195static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2196 uint16_t section);
0f0cb164 2197static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2198static void destroy_page_desc(uint16_t section_index)
54688b1e 2199{
5312bd8b
AK		 2200 MemoryRegionSection *section = &phys_sections[section_index];
2201 MemoryRegion *mr = section->mr;
54688b1e
AK		 2202
2203 if (mr->subpage) {
2204 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2205 memory_region_destroy(&subpage->iomem);
2206 g_free(subpage);
2207 }
2208}
2209
4346ae3e 2210static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2211{
2212 unsigned i;
d6f2ea22 2213 PhysPageEntry *p;
54688b1e 2214
c19e8800 2215 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2216 return;
2217 }
2218
c19e8800 2219 p = phys_map_nodes[lp->ptr];
4346ae3e 2220 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2221 if (!p[i].is_leaf) {
54688b1e 2222 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2223 } else {
c19e8800 2224 destroy_page_desc(p[i].ptr);
54688b1e 2225 }
54688b1e 2226 }
07f07b31 2227 lp->is_leaf = 0;
c19e8800 2228 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2229}
2230
2231static void destroy_all_mappings(void)
2232{
3eef53df 2233 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2234 phys_map_nodes_reset();
54688b1e
AK		 2235}
2236
5312bd8b
AK		 2237static uint16_t phys_section_add(MemoryRegionSection *section)
2238{
2239 if (phys_sections_nb == phys_sections_nb_alloc) {
2240 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2241 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2242 phys_sections_nb_alloc);
2243 }
2244 phys_sections[phys_sections_nb] = *section;
2245 return phys_sections_nb++;
2246}
2247
2248static void phys_sections_clear(void)
2249{
2250 phys_sections_nb = 0;
2251}
2252
0f0cb164
AK		 2253static void register_subpage(MemoryRegionSection *section)
2254{
2255 subpage_t *subpage;
2256 target_phys_addr_t base = section->offset_within_address_space
2257 & TARGET_PAGE_MASK;
f3705d53 2258 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2259 MemoryRegionSection subsection = {
2260 .offset_within_address_space = base,
2261 .size = TARGET_PAGE_SIZE,
2262 };
0f0cb164
AK		 2263 target_phys_addr_t start, end;
2264
f3705d53 2265 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2266
f3705d53 2267 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2268 subpage = subpage_init(base);
2269 subsection.mr = &subpage->iomem;
2999097b
AK		 2270 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2271 phys_section_add(&subsection));
0f0cb164 2272 } else {
f3705d53 2273 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2274 }
2275 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2276 end = start + section->size - 1;
0f0cb164
AK		 2277 subpage_register(subpage, start, end, phys_section_add(section));
2278}
2279
2280
2281static void register_multipage(MemoryRegionSection *section)
33417e70 2282{
dd81124b
AK		 2283 target_phys_addr_t start_addr = section->offset_within_address_space;
2284 ram_addr_t size = section->size;
2999097b 2285 target_phys_addr_t addr;
5312bd8b 2286 uint16_t section_index = phys_section_add(section);
dd81124b 2287
3b8e6a2d 2288 assert(size);
f6f3fbca 2289
3b8e6a2d 2290 addr = start_addr;
2999097b
AK		 2291 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2292 section_index);
33417e70
FB		 2293}
2294
0f0cb164
AK		 2295void cpu_register_physical_memory_log(MemoryRegionSection *section,
2296 bool readonly)
2297{
2298 MemoryRegionSection now = *section, remain = *section;
2299
2300 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2301 || (now.size < TARGET_PAGE_SIZE)) {
2302 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2303 - now.offset_within_address_space,
2304 now.size);
2305 register_subpage(&now);
2306 remain.size -= now.size;
2307 remain.offset_within_address_space += now.size;
2308 remain.offset_within_region += now.size;
2309 }
69b67646
TH		 2310 while (remain.size >= TARGET_PAGE_SIZE) {
2311 now = remain;
2312 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2313 now.size = TARGET_PAGE_SIZE;
2314 register_subpage(&now);
2315 } else {
2316 now.size &= TARGET_PAGE_MASK;
2317 register_multipage(&now);
2318 }
0f0cb164
AK		 2319 remain.size -= now.size;
2320 remain.offset_within_address_space += now.size;
2321 remain.offset_within_region += now.size;
2322 }
2323 now = remain;
2324 if (now.size) {
2325 register_subpage(&now);
2326 }
2327}
2328
2329
c227f099 2330void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2331{
2332 if (kvm_enabled())
2333 kvm_coalesce_mmio_region(addr, size);
2334}
2335
c227f099 2336void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2337{
2338 if (kvm_enabled())
2339 kvm_uncoalesce_mmio_region(addr, size);
2340}
2341
62a2744c
SY		 2342void qemu_flush_coalesced_mmio_buffer(void)
2343{
2344 if (kvm_enabled())
2345 kvm_flush_coalesced_mmio_buffer();
2346}
2347
c902760f
MT		 2348#if defined(__linux__) && !defined(TARGET_S390X)
2349
2350#include <sys/vfs.h>
2351
2352#define HUGETLBFS_MAGIC 0x958458f6
2353
2354static long gethugepagesize(const char *path)
2355{
2356 struct statfs fs;
2357 int ret;
2358
2359 do {
9742bf26 2360 ret = statfs(path, &fs);
c902760f
MT		 2361 } while (ret != 0 && errno == EINTR);
2362
2363 if (ret != 0) {
9742bf26
YT		 2364 perror(path);
2365 return 0;
c902760f
MT		 2366 }
2367
2368 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2369 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2370
2371 return fs.f_bsize;
2372}
2373
04b16653
AW		 2374static void *file_ram_alloc(RAMBlock *block,
2375 ram_addr_t memory,
2376 const char *path)
c902760f
MT		 2377{
2378 char *filename;
2379 void *area;
2380 int fd;
2381#ifdef MAP_POPULATE
2382 int flags;
2383#endif
2384 unsigned long hpagesize;
2385
2386 hpagesize = gethugepagesize(path);
2387 if (!hpagesize) {
9742bf26 2388 return NULL;
c902760f
MT		 2389 }
2390
2391 if (memory < hpagesize) {
2392 return NULL;
2393 }
2394
2395 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2396 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2397 return NULL;
2398 }
2399
2400 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2401 return NULL;
c902760f
MT		 2402 }
2403
2404 fd = mkstemp(filename);
2405 if (fd < 0) {
9742bf26
YT		 2406 perror("unable to create backing store for hugepages");
2407 free(filename);
2408 return NULL;
c902760f
MT		 2409 }
2410 unlink(filename);
2411 free(filename);
2412
2413 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2414
2415 /*
2416 * ftruncate is not supported by hugetlbfs in older
2417 * hosts, so don't bother bailing out on errors.
2418 * If anything goes wrong with it under other filesystems,
2419 * mmap will fail.
2420 */
2421 if (ftruncate(fd, memory))
9742bf26 2422 perror("ftruncate");
c902760f
MT		 2423
2424#ifdef MAP_POPULATE
2425 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2426 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2427 * to sidestep this quirk.
2428 */
2429 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2430 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2431#else
2432 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2433#endif
2434 if (area == MAP_FAILED) {
9742bf26
YT		 2435 perror("file_ram_alloc: can't mmap RAM pages");
2436 close(fd);
2437 return (NULL);
c902760f 2438 }
04b16653 2439 block->fd = fd;
c902760f
MT		 2440 return area;
2441}
2442#endif
2443
d17b5288 2444static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2445{
2446 RAMBlock *block, *next_block;
3e837b2c 2447 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2448
2449 if (QLIST_EMPTY(&ram_list.blocks))
2450 return 0;
2451
2452 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2453 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2454
2455 end = block->offset + block->length;
2456
2457 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2458 if (next_block->offset >= end) {
2459 next = MIN(next, next_block->offset);
2460 }
2461 }
2462 if (next - end >= size && next - end < mingap) {
3e837b2c 2463 offset = end;
04b16653
AW		 2464 mingap = next - end;
2465 }
2466 }
3e837b2c
AW		 2467
2468 if (offset == RAM_ADDR_MAX) {
2469 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2470 (uint64_t)size);
2471 abort();
2472 }
2473
04b16653
AW		 2474 return offset;
2475}
2476
2477static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2478{
2479 RAMBlock *block;
2480 ram_addr_t last = 0;
2481
2482 QLIST_FOREACH(block, &ram_list.blocks, next)
2483 last = MAX(last, block->offset + block->length);
2484
2485 return last;
2486}
2487
ddb97f1d
JB		 2488static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2489{
2490 int ret;
2491 QemuOpts *machine_opts;
2492
2493 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2494 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2495 if (machine_opts &&
2496 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2497 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2498 if (ret) {
2499 perror("qemu_madvise");
2500 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2501 "but dump_guest_core=off specified\n");
2502 }
2503 }
2504}
2505
c5705a77 2506void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2507{
2508 RAMBlock *new_block, *block;
2509
c5705a77
AK		 2510 new_block = NULL;
2511 QLIST_FOREACH(block, &ram_list.blocks, next) {
2512 if (block->offset == addr) {
2513 new_block = block;
2514 break;
2515 }
2516 }
2517 assert(new_block);
2518 assert(!new_block->idstr[0]);
84b89d78 2519
09e5ab63
AL		 2520 if (dev) {
2521 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2522 if (id) {
2523 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2524 g_free(id);
84b89d78
CM		 2525 }
2526 }
2527 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2528
2529 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2530 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2531 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2532 new_block->idstr);
2533 abort();
2534 }
2535 }
c5705a77
AK		 2536}
2537
8490fc78
LC		 2538static int memory_try_enable_merging(void *addr, size_t len)
2539{
2540 QemuOpts *opts;
2541
2542 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2543 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2544 /* disabled by the user */
2545 return 0;
2546 }
2547
2548 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2549}
2550
c5705a77
AK		 2551ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2552 MemoryRegion *mr)
2553{
2554 RAMBlock *new_block;
2555
2556 size = TARGET_PAGE_ALIGN(size);
2557 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2558
7c637366 2559 new_block->mr = mr;
432d268c 2560 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2561 if (host) {
2562 new_block->host = host;
cd19cfa2 2563 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2564 } else {
2565 if (mem_path) {
c902760f 2566#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2567 new_block->host = file_ram_alloc(new_block, size, mem_path);
2568 if (!new_block->host) {
2569 new_block->host = qemu_vmalloc(size);
8490fc78 2570 memory_try_enable_merging(new_block->host, size);
6977dfe6 2571 }
c902760f 2572#else
6977dfe6
YT		 2573 fprintf(stderr, "-mem-path option unsupported\n");
2574 exit(1);
c902760f 2575#endif
6977dfe6 2576 } else {
868bb33f 2577 if (xen_enabled()) {
fce537d4 2578 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2579 } else if (kvm_enabled()) {
2580 /* some s390/kvm configurations have special constraints */
2581 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2582 } else {
2583 new_block->host = qemu_vmalloc(size);
2584 }
8490fc78 2585 memory_try_enable_merging(new_block->host, size);
6977dfe6 2586 }
c902760f 2587 }
94a6b54f
PB		 2588 new_block->length = size;
2589
f471a17e 2590 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2591
7267c094 2592 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2593 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2594 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2595 0, size >> TARGET_PAGE_BITS);
1720aeee 2596 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2597
ddb97f1d
JB		 2598 qemu_ram_setup_dump(new_block->host, size);
2599
6f0437e8
JK		 2600 if (kvm_enabled())
2601 kvm_setup_guest_memory(new_block->host, size);
2602
94a6b54f
PB		 2603 return new_block->offset;
2604}
e9a1ab19 2605
c5705a77 2606ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2607{
c5705a77 2608 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2609}
2610
1f2e98b6
AW		 2611void qemu_ram_free_from_ptr(ram_addr_t addr)
2612{
2613 RAMBlock *block;
2614
2615 QLIST_FOREACH(block, &ram_list.blocks, next) {
2616 if (addr == block->offset) {
2617 QLIST_REMOVE(block, next);
7267c094 2618 g_free(block);
1f2e98b6
AW		 2619 return;
2620 }
2621 }
2622}
2623
c227f099 2624void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2625{
04b16653
AW		 2626 RAMBlock *block;
2627
2628 QLIST_FOREACH(block, &ram_list.blocks, next) {
2629 if (addr == block->offset) {
2630 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2631 if (block->flags & RAM_PREALLOC_MASK) {
2632 ;
2633 } else if (mem_path) {
04b16653
AW		 2634#if defined (__linux__) && !defined(TARGET_S390X)
2635 if (block->fd) {
2636 munmap(block->host, block->length);
2637 close(block->fd);
2638 } else {
2639 qemu_vfree(block->host);
2640 }
fd28aa13
JK		 2641#else
2642 abort();
04b16653
AW		 2643#endif
2644 } else {
2645#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2646 munmap(block->host, block->length);
2647#else
868bb33f 2648 if (xen_enabled()) {
e41d7c69 2649 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2650 } else {
2651 qemu_vfree(block->host);
2652 }
04b16653
AW		 2653#endif
2654 }
7267c094 2655 g_free(block);
04b16653
AW		 2656 return;
2657 }
2658 }
2659
e9a1ab19
FB		 2660}
2661
cd19cfa2
HY		 2662#ifndef _WIN32
2663void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2664{
2665 RAMBlock *block;
2666 ram_addr_t offset;
2667 int flags;
2668 void *area, *vaddr;
2669
2670 QLIST_FOREACH(block, &ram_list.blocks, next) {
2671 offset = addr - block->offset;
2672 if (offset < block->length) {
2673 vaddr = block->host + offset;
2674 if (block->flags & RAM_PREALLOC_MASK) {
2675 ;
2676 } else {
2677 flags = MAP_FIXED;
2678 munmap(vaddr, length);
2679 if (mem_path) {
2680#if defined(__linux__) && !defined(TARGET_S390X)
2681 if (block->fd) {
2682#ifdef MAP_POPULATE
2683 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2684 MAP_PRIVATE;
2685#else
2686 flags |= MAP_PRIVATE;
2687#endif
2688 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2689 flags, block->fd, offset);
2690 } else {
2691 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2692 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2693 flags, -1, 0);
2694 }
fd28aa13
JK		 2695#else
2696 abort();
cd19cfa2
HY		 2697#endif
2698 } else {
2699#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2700 flags |= MAP_SHARED | MAP_ANONYMOUS;
2701 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2702 flags, -1, 0);
2703#else
2704 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2705 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2706 flags, -1, 0);
2707#endif
2708 }
2709 if (area != vaddr) {
f15fbc4b
AP		 2710 fprintf(stderr, "Could not remap addr: "
2711 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2712 length, addr);
2713 exit(1);
2714 }
8490fc78 2715 memory_try_enable_merging(vaddr, length);
ddb97f1d 2716 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2717 }
2718 return;
2719 }
2720 }
2721}
2722#endif /* !_WIN32 */
2723
dc828ca1 2724/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2725 With the exception of the softmmu code in this file, this should
2726 only be used for local memory (e.g. video ram) that the device owns,
2727 and knows it isn't going to access beyond the end of the block.
2728
2729 It should not be used for general purpose DMA.
2730 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2731 */
c227f099 2732void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2733{
94a6b54f
PB		 2734 RAMBlock *block;
2735
f471a17e
AW		 2736 QLIST_FOREACH(block, &ram_list.blocks, next) {
2737 if (addr - block->offset < block->length) {
7d82af38
VP		 2738 /* Move this entry to to start of the list. */
2739 if (block != QLIST_FIRST(&ram_list.blocks)) {
2740 QLIST_REMOVE(block, next);
2741 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2742 }
868bb33f 2743 if (xen_enabled()) {
432d268c
JN		 2744 /* We need to check if the requested address is in the RAM
2745 * because we don't want to map the entire memory in QEMU.
712c2b41 2746 * In that case just map until the end of the page.
432d268c
JN		 2747 */
2748 if (block->offset == 0) {
e41d7c69 2749 return xen_map_cache(addr, 0, 0);
432d268c 2750 } else if (block->host == NULL) {
e41d7c69
JK		 2751 block->host =
2752 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2753 }
2754 }
f471a17e
AW		 2755 return block->host + (addr - block->offset);
2756 }
94a6b54f 2757 }
f471a17e
AW		 2758
2759 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2760 abort();
2761
2762 return NULL;
dc828ca1
PB		 2763}
2764
b2e0a138
MT		 2765/* Return a host pointer to ram allocated with qemu_ram_alloc.
2766 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2767 */
2768void *qemu_safe_ram_ptr(ram_addr_t addr)
2769{
2770 RAMBlock *block;
2771
2772 QLIST_FOREACH(block, &ram_list.blocks, next) {
2773 if (addr - block->offset < block->length) {
868bb33f 2774 if (xen_enabled()) {
432d268c
JN		 2775 /* We need to check if the requested address is in the RAM
2776 * because we don't want to map the entire memory in QEMU.
712c2b41 2777 * In that case just map until the end of the page.
432d268c
JN		 2778 */
2779 if (block->offset == 0) {
e41d7c69 2780 return xen_map_cache(addr, 0, 0);
432d268c 2781 } else if (block->host == NULL) {
e41d7c69
JK		 2782 block->host =
2783 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2784 }
2785 }
b2e0a138
MT		 2786 return block->host + (addr - block->offset);
2787 }
2788 }
2789
2790 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2791 abort();
2792
2793 return NULL;
2794}
2795
38bee5dc
SS		 2796/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2797 * but takes a size argument */
8ab934f9 2798void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2799{
8ab934f9
SS		 2800 if (*size == 0) {
2801 return NULL;
2802 }
868bb33f 2803 if (xen_enabled()) {
e41d7c69 2804 return xen_map_cache(addr, *size, 1);
868bb33f 2805 } else {
38bee5dc
SS		 2806 RAMBlock *block;
2807
2808 QLIST_FOREACH(block, &ram_list.blocks, next) {
2809 if (addr - block->offset < block->length) {
2810 if (addr - block->offset + *size > block->length)
2811 *size = block->length - addr + block->offset;
2812 return block->host + (addr - block->offset);
2813 }
2814 }
2815
2816 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2817 abort();
38bee5dc
SS		 2818 }
2819}
2820
050a0ddf
AP		 2821void qemu_put_ram_ptr(void *addr)
2822{
2823 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2824}
2825
e890261f 2826int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2827{
94a6b54f
PB		 2828 RAMBlock *block;
2829 uint8_t *host = ptr;
2830
868bb33f 2831 if (xen_enabled()) {
e41d7c69 2832 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2833 return 0;
2834 }
2835
f471a17e 2836 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2837 /* This case append when the block is not mapped. */
2838 if (block->host == NULL) {
2839 continue;
2840 }
f471a17e 2841 if (host - block->host < block->length) {
e890261f
MT		 2842 *ram_addr = block->offset + (host - block->host);
2843 return 0;
f471a17e 2844 }
94a6b54f 2845 }
432d268c 2846
e890261f
MT		 2847 return -1;
2848}
f471a17e 2849
e890261f
MT		 2850/* Some of the softmmu routines need to translate from a host pointer
2851 (typically a TLB entry) back to a ram offset. */
2852ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2853{
2854 ram_addr_t ram_addr;
f471a17e 2855
e890261f
MT		 2856 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2857 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2858 abort();
2859 }
2860 return ram_addr;
5579c7f3
PB		 2861}
2862
0e0df1e2
AK		 2863static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2864 unsigned size)
e18231a3
BS		 2865{
2866#ifdef DEBUG_UNASSIGNED
2867 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2868#endif
5b450407 2869#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2870 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2871#endif
2872 return 0;
2873}
2874
0e0df1e2
AK		 2875static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2876 uint64_t val, unsigned size)
e18231a3
BS		 2877{
2878#ifdef DEBUG_UNASSIGNED
0e0df1e2 2879 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2880#endif
5b450407 2881#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2882 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2883#endif
33417e70
FB		 2884}
2885
0e0df1e2
AK		 2886static const MemoryRegionOps unassigned_mem_ops = {
2887 .read = unassigned_mem_read,
2888 .write = unassigned_mem_write,
2889 .endianness = DEVICE_NATIVE_ENDIAN,
2890};
e18231a3 2891
0e0df1e2
AK		 2892static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2893 unsigned size)
e18231a3 2894{
0e0df1e2 2895 abort();
e18231a3
BS		 2896}
2897
0e0df1e2
AK		 2898static void error_mem_write(void *opaque, target_phys_addr_t addr,
2899 uint64_t value, unsigned size)
e18231a3 2900{
0e0df1e2 2901 abort();
33417e70
FB		 2902}
2903
0e0df1e2
AK		 2904static const MemoryRegionOps error_mem_ops = {
2905 .read = error_mem_read,
2906 .write = error_mem_write,
2907 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2908};
2909
0e0df1e2
AK		 2910static const MemoryRegionOps rom_mem_ops = {
2911 .read = error_mem_read,
2912 .write = unassigned_mem_write,
2913 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2914};
2915
0e0df1e2
AK		 2916static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2917 uint64_t val, unsigned size)
9fa3e853 2918{
3a7d929e 2919 int dirty_flags;
f7c11b53 2920 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2921 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2922#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2923 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2924 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2925#endif
3a7d929e 2926 }
0e0df1e2
AK		 2927 switch (size) {
2928 case 1:
2929 stb_p(qemu_get_ram_ptr(ram_addr), val);
2930 break;
2931 case 2:
2932 stw_p(qemu_get_ram_ptr(ram_addr), val);
2933 break;
2934 case 4:
2935 stl_p(qemu_get_ram_ptr(ram_addr), val);
2936 break;
2937 default:
2938 abort();
3a7d929e 2939 }
f23db169 2940 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2941 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2942 /* we remove the notdirty callback only if the code has been
2943 flushed */
2944 if (dirty_flags == 0xff)
2e70f6ef 2945 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2946}
2947
0e0df1e2
AK		 2948static const MemoryRegionOps notdirty_mem_ops = {
2949 .read = error_mem_read,
2950 .write = notdirty_mem_write,
2951 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2952};
2953
0f459d16 2954/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2955static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2956{
9349b4f9 2957 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2958 target_ulong pc, cs_base;
2959 TranslationBlock *tb;
0f459d16 2960 target_ulong vaddr;
a1d1bb31 2961 CPUWatchpoint *wp;
06d55cc1 2962 int cpu_flags;
0f459d16 2963
06d55cc1
AL		 2964 if (env->watchpoint_hit) {
2965 /* We re-entered the check after replacing the TB. Now raise
2966 * the debug interrupt so that is will trigger after the
2967 * current instruction. */
2968 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2969 return;
2970 }
2e70f6ef 2971 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2972 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2973 if ((vaddr == (wp->vaddr & len_mask) ||
2974 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2975 wp->flags |= BP_WATCHPOINT_HIT;
2976 if (!env->watchpoint_hit) {
2977 env->watchpoint_hit = wp;
2978 tb = tb_find_pc(env->mem_io_pc);
2979 if (!tb) {
2980 cpu_abort(env, "check_watchpoint: could not find TB for "
2981 "pc=%p", (void *)env->mem_io_pc);
2982 }
618ba8e6 2983 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2984 tb_phys_invalidate(tb, -1);
2985 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2986 env->exception_index = EXCP_DEBUG;
488d6577 2987 cpu_loop_exit(env);
6e140f28
AL		 2988 } else {
2989 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2990 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2991 cpu_resume_from_signal(env, NULL);
6e140f28 2992 }
06d55cc1 2993 }
6e140f28
AL		 2994 } else {
2995 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2996 }
2997 }
2998}
2999
6658ffb8
PB		 3000/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3001 so these check for a hit then pass through to the normal out-of-line
3002 phys routines. */
1ec9b909
AK		 3003static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3004 unsigned size)
6658ffb8 3005{
1ec9b909
AK		 3006 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3007 switch (size) {
3008 case 1: return ldub_phys(addr);
3009 case 2: return lduw_phys(addr);
3010 case 4: return ldl_phys(addr);
3011 default: abort();
3012 }
6658ffb8
PB		 3013}
3014
1ec9b909
AK		 3015static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3016 uint64_t val, unsigned size)
6658ffb8 3017{
1ec9b909
AK		 3018 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3019 switch (size) {
67364150
MF		 3020 case 1:
3021 stb_phys(addr, val);
3022 break;
3023 case 2:
3024 stw_phys(addr, val);
3025 break;
3026 case 4:
3027 stl_phys(addr, val);
3028 break;
1ec9b909
AK		 3029 default: abort();
3030 }
6658ffb8
PB		 3031}
3032
1ec9b909
AK		 3033static const MemoryRegionOps watch_mem_ops = {
3034 .read = watch_mem_read,
3035 .write = watch_mem_write,
3036 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3037};
6658ffb8 3038
70c68e44
AK		 3039static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3040 unsigned len)
db7b5426 3041{
70c68e44 3042 subpage_t *mmio = opaque;
f6405247 3043 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3044 MemoryRegionSection *section;
db7b5426
BS		 3045#if defined(DEBUG_SUBPAGE)
3046 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3047 mmio, len, addr, idx);
3048#endif
db7b5426 3049
5312bd8b
AK		 3050 section = &phys_sections[mmio->sub_section[idx]];
3051 addr += mmio->base;
3052 addr -= section->offset_within_address_space;
3053 addr += section->offset_within_region;
37ec01d4 3054 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3055}
3056
70c68e44
AK		 3057static void subpage_write(void *opaque, target_phys_addr_t addr,
3058 uint64_t value, unsigned len)
db7b5426 3059{
70c68e44 3060 subpage_t *mmio = opaque;
f6405247 3061 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3062 MemoryRegionSection *section;
db7b5426 3063#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3064 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3065 " idx %d value %"PRIx64"\n",
f6405247 3066 __func__, mmio, len, addr, idx, value);
db7b5426 3067#endif
f6405247 3068
5312bd8b
AK		 3069 section = &phys_sections[mmio->sub_section[idx]];
3070 addr += mmio->base;
3071 addr -= section->offset_within_address_space;
3072 addr += section->offset_within_region;
37ec01d4 3073 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3074}
3075
70c68e44
AK		 3076static const MemoryRegionOps subpage_ops = {
3077 .read = subpage_read,
3078 .write = subpage_write,
3079 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3080};
3081
de712f94
AK		 3082static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3083 unsigned size)
56384e8b
AF		 3084{
3085 ram_addr_t raddr = addr;
3086 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3087 switch (size) {
3088 case 1: return ldub_p(ptr);
3089 case 2: return lduw_p(ptr);
3090 case 4: return ldl_p(ptr);
3091 default: abort();
3092 }
56384e8b
AF		 3093}
3094
de712f94
AK		 3095static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3096 uint64_t value, unsigned size)
56384e8b
AF		 3097{
3098 ram_addr_t raddr = addr;
3099 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3100 switch (size) {
3101 case 1: return stb_p(ptr, value);
3102 case 2: return stw_p(ptr, value);
3103 case 4: return stl_p(ptr, value);
3104 default: abort();
3105 }
56384e8b
AF		 3106}
3107
de712f94
AK		 3108static const MemoryRegionOps subpage_ram_ops = {
3109 .read = subpage_ram_read,
3110 .write = subpage_ram_write,
3111 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3112};
3113
c227f099 3114static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3115 uint16_t section)
db7b5426
BS		 3116{
3117 int idx, eidx;
3118
3119 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3120 return -1;
3121 idx = SUBPAGE_IDX(start);
3122 eidx = SUBPAGE_IDX(end);
3123#if defined(DEBUG_SUBPAGE)
0bf9e31a 3124 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3125 mmio, start, end, idx, eidx, memory);
3126#endif
5312bd8b
AK		 3127 if (memory_region_is_ram(phys_sections[section].mr)) {
3128 MemoryRegionSection new_section = phys_sections[section];
3129 new_section.mr = &io_mem_subpage_ram;
3130 section = phys_section_add(&new_section);
56384e8b 3131 }
db7b5426 3132 for (; idx <= eidx; idx++) {
5312bd8b 3133 mmio->sub_section[idx] = section;
db7b5426
BS		 3134 }
3135
3136 return 0;
3137}
3138
0f0cb164 3139static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3140{
c227f099 3141 subpage_t *mmio;
db7b5426 3142
7267c094 3143 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3144
3145 mmio->base = base;
70c68e44
AK		 3146 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3147 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3148 mmio->iomem.subpage = true;
db7b5426 3149#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3150 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3151 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3152#endif
0f0cb164 3153 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3154
3155 return mmio;
3156}
3157
5312bd8b
AK		 3158static uint16_t dummy_section(MemoryRegion *mr)
3159{
3160 MemoryRegionSection section = {
3161 .mr = mr,
3162 .offset_within_address_space = 0,
3163 .offset_within_region = 0,
3164 .size = UINT64_MAX,
3165 };
3166
3167 return phys_section_add(&section);
3168}
3169
37ec01d4 3170MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3171{
37ec01d4 3172 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3173}
3174
e9179ce1
AK		 3175static void io_mem_init(void)
3176{
0e0df1e2 3177 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3178 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3179 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3180 "unassigned", UINT64_MAX);
3181 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3182 "notdirty", UINT64_MAX);
de712f94
AK		 3183 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3184 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3185 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3186 "watch", UINT64_MAX);
e9179ce1
AK		 3187}
3188
50c1e149
AK		 3189static void core_begin(MemoryListener *listener)
3190{
54688b1e 3191 destroy_all_mappings();
5312bd8b 3192 phys_sections_clear();
c19e8800 3193 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3194 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3195 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3196 phys_section_rom = dummy_section(&io_mem_rom);
3197 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3198}
3199
3200static void core_commit(MemoryListener *listener)
3201{
9349b4f9 3202 CPUArchState *env;
117712c3
AK		 3203
3204 /* since each CPU stores ram addresses in its TLB cache, we must
3205 reset the modified entries */
3206 /* XXX: slow ! */
3207 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3208 tlb_flush(env, 1);
3209 }
50c1e149
AK		 3210}
3211
93632747
AK		 3212static void core_region_add(MemoryListener *listener,
3213 MemoryRegionSection *section)
3214{
4855d41a 3215 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3216}
3217
3218static void core_region_del(MemoryListener *listener,
3219 MemoryRegionSection *section)
3220{
93632747
AK		 3221}
3222
50c1e149
AK		 3223static void core_region_nop(MemoryListener *listener,
3224 MemoryRegionSection *section)
3225{
54688b1e 3226 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3227}
3228
93632747
AK		 3229static void core_log_start(MemoryListener *listener,
3230 MemoryRegionSection *section)
3231{
3232}
3233
3234static void core_log_stop(MemoryListener *listener,
3235 MemoryRegionSection *section)
3236{
3237}
3238
3239static void core_log_sync(MemoryListener *listener,
3240 MemoryRegionSection *section)
3241{
3242}
3243
3244static void core_log_global_start(MemoryListener *listener)
3245{
3246 cpu_physical_memory_set_dirty_tracking(1);
3247}
3248
3249static void core_log_global_stop(MemoryListener *listener)
3250{
3251 cpu_physical_memory_set_dirty_tracking(0);
3252}
3253
3254static void core_eventfd_add(MemoryListener *listener,
3255 MemoryRegionSection *section,
753d5e14 3256 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3257{
3258}
3259
3260static void core_eventfd_del(MemoryListener *listener,
3261 MemoryRegionSection *section,
753d5e14 3262 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3263{
3264}
3265
50c1e149
AK		 3266static void io_begin(MemoryListener *listener)
3267{
3268}
3269
3270static void io_commit(MemoryListener *listener)
3271{
3272}
3273
4855d41a
AK		 3274static void io_region_add(MemoryListener *listener,
3275 MemoryRegionSection *section)
3276{
a2d33521
AK		 3277 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3278
3279 mrio->mr = section->mr;
3280 mrio->offset = section->offset_within_region;
3281 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3282 section->offset_within_address_space, section->size);
a2d33521 3283 ioport_register(&mrio->iorange);
4855d41a
AK		 3284}
3285
3286static void io_region_del(MemoryListener *listener,
3287 MemoryRegionSection *section)
3288{
3289 isa_unassign_ioport(section->offset_within_address_space, section->size);
3290}
3291
50c1e149
AK		 3292static void io_region_nop(MemoryListener *listener,
3293 MemoryRegionSection *section)
3294{
3295}
3296
4855d41a
AK		 3297static void io_log_start(MemoryListener *listener,
3298 MemoryRegionSection *section)
3299{
3300}
3301
3302static void io_log_stop(MemoryListener *listener,
3303 MemoryRegionSection *section)
3304{
3305}
3306
3307static void io_log_sync(MemoryListener *listener,
3308 MemoryRegionSection *section)
3309{
3310}
3311
3312static void io_log_global_start(MemoryListener *listener)
3313{
3314}
3315
3316static void io_log_global_stop(MemoryListener *listener)
3317{
3318}
3319
3320static void io_eventfd_add(MemoryListener *listener,
3321 MemoryRegionSection *section,
753d5e14 3322 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3323{
3324}
3325
3326static void io_eventfd_del(MemoryListener *listener,
3327 MemoryRegionSection *section,
753d5e14 3328 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3329{
3330}
3331
93632747 3332static MemoryListener core_memory_listener = {
50c1e149
AK		 3333 .begin = core_begin,
3334 .commit = core_commit,
93632747
AK		 3335 .region_add = core_region_add,
3336 .region_del = core_region_del,
50c1e149 3337 .region_nop = core_region_nop,
93632747
AK		 3338 .log_start = core_log_start,
3339 .log_stop = core_log_stop,
3340 .log_sync = core_log_sync,
3341 .log_global_start = core_log_global_start,
3342 .log_global_stop = core_log_global_stop,
3343 .eventfd_add = core_eventfd_add,
3344 .eventfd_del = core_eventfd_del,
3345 .priority = 0,
3346};
3347
4855d41a 3348static MemoryListener io_memory_listener = {
50c1e149
AK		 3349 .begin = io_begin,
3350 .commit = io_commit,
4855d41a
AK		 3351 .region_add = io_region_add,
3352 .region_del = io_region_del,
50c1e149 3353 .region_nop = io_region_nop,
4855d41a
AK		 3354 .log_start = io_log_start,
3355 .log_stop = io_log_stop,
3356 .log_sync = io_log_sync,
3357 .log_global_start = io_log_global_start,
3358 .log_global_stop = io_log_global_stop,
3359 .eventfd_add = io_eventfd_add,
3360 .eventfd_del = io_eventfd_del,
3361 .priority = 0,
3362};
3363
62152b8a
AK		 3364static void memory_map_init(void)
3365{
7267c094 3366 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3367 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3368 set_system_memory_map(system_memory);
309cb471 3369
7267c094 3370 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3371 memory_region_init(system_io, "io", 65536);
3372 set_system_io_map(system_io);
93632747 3373
4855d41a
AK		 3374 memory_listener_register(&core_memory_listener, system_memory);
3375 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3376}
3377
3378MemoryRegion *get_system_memory(void)
3379{
3380 return system_memory;
3381}
3382
309cb471
AK		 3383MemoryRegion *get_system_io(void)
3384{
3385 return system_io;
3386}
3387
e2eef170
PB		 3388#endif /* !defined(CONFIG_USER_ONLY) */
3389
13eb76e0
FB		 3390/* physical memory access (slow version, mainly for debug) */
3391#if defined(CONFIG_USER_ONLY)
9349b4f9 3392int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3393 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3394{
3395 int l, flags;
3396 target_ulong page;
53a5960a 3397 void * p;
13eb76e0
FB		 3398
3399 while (len > 0) {
3400 page = addr & TARGET_PAGE_MASK;
3401 l = (page + TARGET_PAGE_SIZE) - addr;
3402 if (l > len)
3403 l = len;
3404 flags = page_get_flags(page);
3405 if (!(flags & PAGE_VALID))
a68fe89c 3406 return -1;
13eb76e0
FB		 3407 if (is_write) {
3408 if (!(flags & PAGE_WRITE))
a68fe89c 3409 return -1;
579a97f7 3410 /* XXX: this code should not depend on lock_user */
72fb7daa 3411 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3412 return -1;
72fb7daa
AJ		 3413 memcpy(p, buf, l);
3414 unlock_user(p, addr, l);
13eb76e0
FB		 3415 } else {
3416 if (!(flags & PAGE_READ))
a68fe89c 3417 return -1;
579a97f7 3418 /* XXX: this code should not depend on lock_user */
72fb7daa 3419 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3420 return -1;
72fb7daa 3421 memcpy(buf, p, l);
5b257578 3422 unlock_user(p, addr, 0);
13eb76e0
FB		 3423 }
3424 len -= l;
3425 buf += l;
3426 addr += l;
3427 }
a68fe89c 3428 return 0;
13eb76e0 3429}
8df1cd07 3430
13eb76e0 3431#else
51d7a9eb
AP		 3432
3433static void invalidate_and_set_dirty(target_phys_addr_t addr,
3434 target_phys_addr_t length)
3435{
3436 if (!cpu_physical_memory_is_dirty(addr)) {
3437 /* invalidate code */
3438 tb_invalidate_phys_page_range(addr, addr + length, 0);
3439 /* set dirty bit */
3440 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3441 }
e226939d 3442 xen_modified_memory(addr, length);
51d7a9eb
AP		 3443}
3444
c227f099 3445void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3446 int len, int is_write)
3447{
37ec01d4 3448 int l;
13eb76e0
FB		 3449 uint8_t *ptr;
3450 uint32_t val;
c227f099 3451 target_phys_addr_t page;
f3705d53 3452 MemoryRegionSection *section;
3b46e624 3453
13eb76e0
FB		 3454 while (len > 0) {
3455 page = addr & TARGET_PAGE_MASK;
3456 l = (page + TARGET_PAGE_SIZE) - addr;
3457 if (l > len)
3458 l = len;
06ef3525 3459 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3460
13eb76e0 3461 if (is_write) {
f3705d53 3462 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3463 target_phys_addr_t addr1;
cc5bea60 3464 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3465 /* XXX: could force cpu_single_env to NULL to avoid
3466 potential bugs */
6c2934db 3467 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3468 /* 32 bit write access */
c27004ec 3469 val = ldl_p(buf);
37ec01d4 3470 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3471 l = 4;
6c2934db 3472 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3473 /* 16 bit write access */
c27004ec 3474 val = lduw_p(buf);
37ec01d4 3475 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3476 l = 2;
3477 } else {
1c213d19 3478 /* 8 bit write access */
c27004ec 3479 val = ldub_p(buf);
37ec01d4 3480 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3481 l = 1;
3482 }
f3705d53 3483 } else if (!section->readonly) {
8ca5692d 3484 ram_addr_t addr1;
f3705d53 3485 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3486 + memory_region_section_addr(section, addr);
13eb76e0 3487 /* RAM case */
5579c7f3 3488 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3489 memcpy(ptr, buf, l);
51d7a9eb 3490 invalidate_and_set_dirty(addr1, l);
050a0ddf 3491 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3492 }
3493 } else {
cc5bea60
BS		 3494 if (!(memory_region_is_ram(section->mr) ||
3495 memory_region_is_romd(section->mr))) {
f1f6e3b8 3496 target_phys_addr_t addr1;
13eb76e0 3497 /* I/O case */
cc5bea60 3498 addr1 = memory_region_section_addr(section, addr);
6c2934db 3499 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3500 /* 32 bit read access */
37ec01d4 3501 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3502 stl_p(buf, val);
13eb76e0 3503 l = 4;
6c2934db 3504 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3505 /* 16 bit read access */
37ec01d4 3506 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3507 stw_p(buf, val);
13eb76e0
FB		 3508 l = 2;
3509 } else {
1c213d19 3510 /* 8 bit read access */
37ec01d4 3511 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3512 stb_p(buf, val);
13eb76e0
FB		 3513 l = 1;
3514 }
3515 } else {
3516 /* RAM case */
0a1b357f 3517 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3518 + memory_region_section_addr(section,
3519 addr));
f3705d53 3520 memcpy(buf, ptr, l);
050a0ddf 3521 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3522 }
3523 }
3524 len -= l;
3525 buf += l;
3526 addr += l;
3527 }
3528}
8df1cd07 3529
d0ecd2aa 3530/* used for ROM loading : can write in RAM and ROM */
c227f099 3531void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3532 const uint8_t *buf, int len)
3533{
3534 int l;
3535 uint8_t *ptr;
c227f099 3536 target_phys_addr_t page;
f3705d53 3537 MemoryRegionSection *section;
3b46e624 3538
d0ecd2aa
FB		 3539 while (len > 0) {
3540 page = addr & TARGET_PAGE_MASK;
3541 l = (page + TARGET_PAGE_SIZE) - addr;
3542 if (l > len)
3543 l = len;
06ef3525 3544 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3545
cc5bea60
BS		 3546 if (!(memory_region_is_ram(section->mr) ||
3547 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3548 /* do nothing */
3549 } else {
3550 unsigned long addr1;
f3705d53 3551 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3552 + memory_region_section_addr(section, addr);
d0ecd2aa 3553 /* ROM/RAM case */
5579c7f3 3554 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3555 memcpy(ptr, buf, l);
51d7a9eb 3556 invalidate_and_set_dirty(addr1, l);
050a0ddf 3557 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3558 }
3559 len -= l;
3560 buf += l;
3561 addr += l;
3562 }
3563}
3564
6d16c2f8
AL		 3565typedef struct {
3566 void *buffer;
c227f099
AL		 3567 target_phys_addr_t addr;
3568 target_phys_addr_t len;
6d16c2f8
AL		 3569} BounceBuffer;
3570
3571static BounceBuffer bounce;
3572
ba223c29
AL		 3573typedef struct MapClient {
3574 void *opaque;
3575 void (*callback)(void *opaque);
72cf2d4f 3576 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3577} MapClient;
3578
72cf2d4f
BS		 3579static QLIST_HEAD(map_client_list, MapClient) map_client_list
3580 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3581
3582void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3583{
7267c094 3584 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3585
3586 client->opaque = opaque;
3587 client->callback = callback;
72cf2d4f 3588 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3589 return client;
3590}
3591
3592void cpu_unregister_map_client(void *_client)
3593{
3594 MapClient *client = (MapClient *)_client;
3595
72cf2d4f 3596 QLIST_REMOVE(client, link);
7267c094 3597 g_free(client);
ba223c29
AL		 3598}
3599
3600static void cpu_notify_map_clients(void)
3601{
3602 MapClient *client;
3603
72cf2d4f
BS		 3604 while (!QLIST_EMPTY(&map_client_list)) {
3605 client = QLIST_FIRST(&map_client_list);
ba223c29 3606 client->callback(client->opaque);
34d5e948 3607 cpu_unregister_map_client(client);
ba223c29
AL		 3608 }
3609}
3610
6d16c2f8
AL		 3611/* Map a physical memory region into a host virtual address.
3612 * May map a subset of the requested range, given by and returned in *plen.
3613 * May return NULL if resources needed to perform the mapping are exhausted.
3614 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3615 * Use cpu_register_map_client() to know when retrying the map operation is
3616 * likely to succeed.
6d16c2f8 3617 */
c227f099
AL		 3618void *cpu_physical_memory_map(target_phys_addr_t addr,
3619 target_phys_addr_t *plen,
6d16c2f8
AL		 3620 int is_write)
3621{
c227f099 3622 target_phys_addr_t len = *plen;
38bee5dc 3623 target_phys_addr_t todo = 0;
6d16c2f8 3624 int l;
c227f099 3625 target_phys_addr_t page;
f3705d53 3626 MemoryRegionSection *section;
f15fbc4b 3627 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3628 ram_addr_t rlen;
3629 void *ret;
6d16c2f8
AL		 3630
3631 while (len > 0) {
3632 page = addr & TARGET_PAGE_MASK;
3633 l = (page + TARGET_PAGE_SIZE) - addr;
3634 if (l > len)
3635 l = len;
06ef3525 3636 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3637
f3705d53 3638 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3639 if (todo || bounce.buffer) {
6d16c2f8
AL		 3640 break;
3641 }
3642 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3643 bounce.addr = addr;
3644 bounce.len = l;
3645 if (!is_write) {
54f7b4a3 3646 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3647 }
38bee5dc
SS		 3648
3649 *plen = l;
3650 return bounce.buffer;
6d16c2f8 3651 }
8ab934f9 3652 if (!todo) {
f3705d53 3653 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3654 + memory_region_section_addr(section, addr);
8ab934f9 3655 }
6d16c2f8
AL		 3656
3657 len -= l;
3658 addr += l;
38bee5dc 3659 todo += l;
6d16c2f8 3660 }
8ab934f9
SS		 3661 rlen = todo;
3662 ret = qemu_ram_ptr_length(raddr, &rlen);
3663 *plen = rlen;
3664 return ret;
6d16c2f8
AL		 3665}
3666
3667/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3668 * Will also mark the memory as dirty if is_write == 1. access_len gives
3669 * the amount of memory that was actually read or written by the caller.
3670 */
c227f099
AL		 3671void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3672 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3673{
3674 if (buffer != bounce.buffer) {
3675 if (is_write) {
e890261f 3676 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3677 while (access_len) {
3678 unsigned l;
3679 l = TARGET_PAGE_SIZE;
3680 if (l > access_len)
3681 l = access_len;
51d7a9eb 3682 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3683 addr1 += l;
3684 access_len -= l;
3685 }
3686 }
868bb33f 3687 if (xen_enabled()) {
e41d7c69 3688 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3689 }
6d16c2f8
AL		 3690 return;
3691 }
3692 if (is_write) {
3693 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3694 }
f8a83245 3695 qemu_vfree(bounce.buffer);
6d16c2f8 3696 bounce.buffer = NULL;
ba223c29 3697 cpu_notify_map_clients();
6d16c2f8 3698}
d0ecd2aa 3699
8df1cd07 3700/* warning: addr must be aligned */
1e78bcc1
AG		 3701static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3702 enum device_endian endian)
8df1cd07 3703{
8df1cd07
FB		 3704 uint8_t *ptr;
3705 uint32_t val;
f3705d53 3706 MemoryRegionSection *section;
8df1cd07 3707
06ef3525 3708 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3709
cc5bea60
BS		 3710 if (!(memory_region_is_ram(section->mr) ||
3711 memory_region_is_romd(section->mr))) {
8df1cd07 3712 /* I/O case */
cc5bea60 3713 addr = memory_region_section_addr(section, addr);
37ec01d4 3714 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3715#if defined(TARGET_WORDS_BIGENDIAN)
3716 if (endian == DEVICE_LITTLE_ENDIAN) {
3717 val = bswap32(val);
3718 }
3719#else
3720 if (endian == DEVICE_BIG_ENDIAN) {
3721 val = bswap32(val);
3722 }
3723#endif
8df1cd07
FB		 3724 } else {
3725 /* RAM case */
f3705d53 3726 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3727 & TARGET_PAGE_MASK)
cc5bea60 3728 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3729 switch (endian) {
3730 case DEVICE_LITTLE_ENDIAN:
3731 val = ldl_le_p(ptr);
3732 break;
3733 case DEVICE_BIG_ENDIAN:
3734 val = ldl_be_p(ptr);
3735 break;
3736 default:
3737 val = ldl_p(ptr);
3738 break;
3739 }
8df1cd07
FB		 3740 }
3741 return val;
3742}
3743
1e78bcc1
AG		 3744uint32_t ldl_phys(target_phys_addr_t addr)
3745{
3746 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3747}
3748
3749uint32_t ldl_le_phys(target_phys_addr_t addr)
3750{
3751 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3752}
3753
3754uint32_t ldl_be_phys(target_phys_addr_t addr)
3755{
3756 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3757}
3758
84b7b8e7 3759/* warning: addr must be aligned */
1e78bcc1
AG		 3760static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3761 enum device_endian endian)
84b7b8e7 3762{
84b7b8e7
FB		 3763 uint8_t *ptr;
3764 uint64_t val;
f3705d53 3765 MemoryRegionSection *section;
84b7b8e7 3766
06ef3525 3767 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3768
cc5bea60
BS		 3769 if (!(memory_region_is_ram(section->mr) ||
3770 memory_region_is_romd(section->mr))) {
84b7b8e7 3771 /* I/O case */
cc5bea60 3772 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3773
3774 /* XXX This is broken when device endian != cpu endian.
3775 Fix and add "endian" variable check */
84b7b8e7 3776#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3777 val = io_mem_read(section->mr, addr, 4) << 32;
3778 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3779#else
37ec01d4
AK		 3780 val = io_mem_read(section->mr, addr, 4);
3781 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3782#endif
3783 } else {
3784 /* RAM case */
f3705d53 3785 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3786 & TARGET_PAGE_MASK)
cc5bea60 3787 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3788 switch (endian) {
3789 case DEVICE_LITTLE_ENDIAN:
3790 val = ldq_le_p(ptr);
3791 break;
3792 case DEVICE_BIG_ENDIAN:
3793 val = ldq_be_p(ptr);
3794 break;
3795 default:
3796 val = ldq_p(ptr);
3797 break;
3798 }
84b7b8e7
FB		 3799 }
3800 return val;
3801}
3802
1e78bcc1
AG		 3803uint64_t ldq_phys(target_phys_addr_t addr)
3804{
3805 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3806}
3807
3808uint64_t ldq_le_phys(target_phys_addr_t addr)
3809{
3810 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3811}
3812
3813uint64_t ldq_be_phys(target_phys_addr_t addr)
3814{
3815 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3816}
3817
aab33094 3818/* XXX: optimize */
c227f099 3819uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3820{
3821 uint8_t val;
3822 cpu_physical_memory_read(addr, &val, 1);
3823 return val;
3824}
3825
733f0b02 3826/* warning: addr must be aligned */
1e78bcc1
AG		 3827static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3828 enum device_endian endian)
aab33094 3829{
733f0b02
MT		 3830 uint8_t *ptr;
3831 uint64_t val;
f3705d53 3832 MemoryRegionSection *section;
733f0b02 3833
06ef3525 3834 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3835
cc5bea60
BS		 3836 if (!(memory_region_is_ram(section->mr) ||
3837 memory_region_is_romd(section->mr))) {
733f0b02 3838 /* I/O case */
cc5bea60 3839 addr = memory_region_section_addr(section, addr);
37ec01d4 3840 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3841#if defined(TARGET_WORDS_BIGENDIAN)
3842 if (endian == DEVICE_LITTLE_ENDIAN) {
3843 val = bswap16(val);
3844 }
3845#else
3846 if (endian == DEVICE_BIG_ENDIAN) {
3847 val = bswap16(val);
3848 }
3849#endif
733f0b02
MT		 3850 } else {
3851 /* RAM case */
f3705d53 3852 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3853 & TARGET_PAGE_MASK)
cc5bea60 3854 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3855 switch (endian) {
3856 case DEVICE_LITTLE_ENDIAN:
3857 val = lduw_le_p(ptr);
3858 break;
3859 case DEVICE_BIG_ENDIAN:
3860 val = lduw_be_p(ptr);
3861 break;
3862 default:
3863 val = lduw_p(ptr);
3864 break;
3865 }
733f0b02
MT		 3866 }
3867 return val;
aab33094
FB		 3868}
3869
1e78bcc1
AG		 3870uint32_t lduw_phys(target_phys_addr_t addr)
3871{
3872 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3873}
3874
3875uint32_t lduw_le_phys(target_phys_addr_t addr)
3876{
3877 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3878}
3879
3880uint32_t lduw_be_phys(target_phys_addr_t addr)
3881{
3882 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3883}
3884
8df1cd07
FB		 3885/* warning: addr must be aligned. The ram page is not masked as dirty
3886 and the code inside is not invalidated. It is useful if the dirty
3887 bits are used to track modified PTEs */
c227f099 3888void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3889{
8df1cd07 3890 uint8_t *ptr;
f3705d53 3891 MemoryRegionSection *section;
8df1cd07 3892
06ef3525 3893 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3894
f3705d53 3895 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3896 addr = memory_region_section_addr(section, addr);
f3705d53 3897 if (memory_region_is_ram(section->mr)) {
37ec01d4 3898 section = &phys_sections[phys_section_rom];
06ef3525 3899 }
37ec01d4 3900 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3901 } else {
f3705d53 3902 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3903 & TARGET_PAGE_MASK)
cc5bea60 3904 + memory_region_section_addr(section, addr);
5579c7f3 3905 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3906 stl_p(ptr, val);
74576198
AL		 3907
3908 if (unlikely(in_migration)) {
3909 if (!cpu_physical_memory_is_dirty(addr1)) {
3910 /* invalidate code */
3911 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3912 /* set dirty bit */
f7c11b53
YT		 3913 cpu_physical_memory_set_dirty_flags(
3914 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3915 }
3916 }
8df1cd07
FB		 3917 }
3918}
3919
c227f099 3920void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3921{
bc98a7ef 3922 uint8_t *ptr;
f3705d53 3923 MemoryRegionSection *section;
bc98a7ef 3924
06ef3525 3925 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3926
f3705d53 3927 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3928 addr = memory_region_section_addr(section, addr);
f3705d53 3929 if (memory_region_is_ram(section->mr)) {
37ec01d4 3930 section = &phys_sections[phys_section_rom];
06ef3525 3931 }
bc98a7ef 3932#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3933 io_mem_write(section->mr, addr, val >> 32, 4);
3934 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3935#else
37ec01d4
AK		 3936 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3937 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3938#endif
3939 } else {
f3705d53 3940 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3941 & TARGET_PAGE_MASK)
cc5bea60 3942 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3943 stq_p(ptr, val);
3944 }
3945}
3946
8df1cd07 3947/* warning: addr must be aligned */
1e78bcc1
AG		 3948static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3949 enum device_endian endian)
8df1cd07 3950{
8df1cd07 3951 uint8_t *ptr;
f3705d53 3952 MemoryRegionSection *section;
8df1cd07 3953
06ef3525 3954 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3955
f3705d53 3956 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3957 addr = memory_region_section_addr(section, addr);
f3705d53 3958 if (memory_region_is_ram(section->mr)) {
37ec01d4 3959 section = &phys_sections[phys_section_rom];
06ef3525 3960 }
1e78bcc1
AG		 3961#if defined(TARGET_WORDS_BIGENDIAN)
3962 if (endian == DEVICE_LITTLE_ENDIAN) {
3963 val = bswap32(val);
3964 }
3965#else
3966 if (endian == DEVICE_BIG_ENDIAN) {
3967 val = bswap32(val);
3968 }
3969#endif
37ec01d4 3970 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3971 } else {
3972 unsigned long addr1;
f3705d53 3973 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3974 + memory_region_section_addr(section, addr);
8df1cd07 3975 /* RAM case */
5579c7f3 3976 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3977 switch (endian) {
3978 case DEVICE_LITTLE_ENDIAN:
3979 stl_le_p(ptr, val);
3980 break;
3981 case DEVICE_BIG_ENDIAN:
3982 stl_be_p(ptr, val);
3983 break;
3984 default:
3985 stl_p(ptr, val);
3986 break;
3987 }
51d7a9eb 3988 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3989 }
3990}
3991
1e78bcc1
AG		 3992void stl_phys(target_phys_addr_t addr, uint32_t val)
3993{
3994 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3995}
3996
3997void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3998{
3999 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4000}
4001
4002void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4003{
4004 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4005}
4006
aab33094 4007/* XXX: optimize */
c227f099 4008void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4009{
4010 uint8_t v = val;
4011 cpu_physical_memory_write(addr, &v, 1);
4012}
4013
733f0b02 4014/* warning: addr must be aligned */
1e78bcc1
AG		 4015static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4016 enum device_endian endian)
aab33094 4017{
733f0b02 4018 uint8_t *ptr;
f3705d53 4019 MemoryRegionSection *section;
733f0b02 4020
06ef3525 4021 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4022
f3705d53 4023 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4024 addr = memory_region_section_addr(section, addr);
f3705d53 4025 if (memory_region_is_ram(section->mr)) {
37ec01d4 4026 section = &phys_sections[phys_section_rom];
06ef3525 4027 }
1e78bcc1
AG		 4028#if defined(TARGET_WORDS_BIGENDIAN)
4029 if (endian == DEVICE_LITTLE_ENDIAN) {
4030 val = bswap16(val);
4031 }
4032#else
4033 if (endian == DEVICE_BIG_ENDIAN) {
4034 val = bswap16(val);
4035 }
4036#endif
37ec01d4 4037 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4038 } else {
4039 unsigned long addr1;
f3705d53 4040 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4041 + memory_region_section_addr(section, addr);
733f0b02
MT		 4042 /* RAM case */
4043 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4044 switch (endian) {
4045 case DEVICE_LITTLE_ENDIAN:
4046 stw_le_p(ptr, val);
4047 break;
4048 case DEVICE_BIG_ENDIAN:
4049 stw_be_p(ptr, val);
4050 break;
4051 default:
4052 stw_p(ptr, val);
4053 break;
4054 }
51d7a9eb 4055 invalidate_and_set_dirty(addr1, 2);
733f0b02 4056 }
aab33094
FB		 4057}
4058
1e78bcc1
AG		 4059void stw_phys(target_phys_addr_t addr, uint32_t val)
4060{
4061 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4062}
4063
4064void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4065{
4066 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4067}
4068
4069void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4070{
4071 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4072}
4073
aab33094 4074/* XXX: optimize */
c227f099 4075void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4076{
4077 val = tswap64(val);
71d2b725 4078 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4079}
4080
1e78bcc1
AG		 4081void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4082{
4083 val = cpu_to_le64(val);
4084 cpu_physical_memory_write(addr, &val, 8);
4085}
4086
4087void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4088{
4089 val = cpu_to_be64(val);
4090 cpu_physical_memory_write(addr, &val, 8);
4091}
4092
5e2972fd 4093/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4094int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4095 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4096{
4097 int l;
c227f099 4098 target_phys_addr_t phys_addr;
9b3c35e0 4099 target_ulong page;
13eb76e0
FB		 4100
4101 while (len > 0) {
4102 page = addr & TARGET_PAGE_MASK;
4103 phys_addr = cpu_get_phys_page_debug(env, page);
4104 /* if no physical page mapped, return an error */
4105 if (phys_addr == -1)
4106 return -1;
4107 l = (page + TARGET_PAGE_SIZE) - addr;
4108 if (l > len)
4109 l = len;
5e2972fd 4110 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4111 if (is_write)
4112 cpu_physical_memory_write_rom(phys_addr, buf, l);
4113 else
5e2972fd 4114 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4115 len -= l;
4116 buf += l;
4117 addr += l;
4118 }
4119 return 0;
4120}
a68fe89c 4121#endif
13eb76e0 4122
2e70f6ef
PB		 4123/* in deterministic execution mode, instructions doing device I/Os
4124 must be at the end of the TB */
20503968 4125void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4126{
4127 TranslationBlock *tb;
4128 uint32_t n, cflags;
4129 target_ulong pc, cs_base;
4130 uint64_t flags;
4131
20503968 4132 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4133 if (!tb) {
4134 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4135 (void *)retaddr);
2e70f6ef
PB		 4136 }
4137 n = env->icount_decr.u16.low + tb->icount;
20503968 4138 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4139 /* Calculate how many instructions had been executed before the fault
bf20dc07 4140 occurred. */
2e70f6ef
PB		 4141 n = n - env->icount_decr.u16.low;
4142 /* Generate a new TB ending on the I/O insn. */
4143 n++;
4144 /* On MIPS and SH, delay slot instructions can only be restarted if
4145 they were already the first instruction in the TB. If this is not
bf20dc07 4146 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4147 branch. */
4148#if defined(TARGET_MIPS)
4149 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4150 env->active_tc.PC -= 4;
4151 env->icount_decr.u16.low++;
4152 env->hflags &= ~MIPS_HFLAG_BMASK;
4153 }
4154#elif defined(TARGET_SH4)
4155 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4156 && n > 1) {
4157 env->pc -= 2;
4158 env->icount_decr.u16.low++;
4159 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4160 }
4161#endif
4162 /* This should never happen. */
4163 if (n > CF_COUNT_MASK)
4164 cpu_abort(env, "TB too big during recompile");
4165
4166 cflags = n | CF_LAST_IO;
4167 pc = tb->pc;
4168 cs_base = tb->cs_base;
4169 flags = tb->flags;
4170 tb_phys_invalidate(tb, -1);
4171 /* FIXME: In theory this could raise an exception. In practice
4172 we have already translated the block once so it's probably ok. */
4173 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4174 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4175 the first in the TB) then we end up generating a whole new TB and
4176 repeating the fault, which is horribly inefficient.
4177 Better would be to execute just this insn uncached, or generate a
4178 second new TB. */
4179 cpu_resume_from_signal(env, NULL);
4180}
4181
b3755a91
PB		 4182#if !defined(CONFIG_USER_ONLY)
4183
055403b2 4184void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4185{
4186 int i, target_code_size, max_target_code_size;
4187 int direct_jmp_count, direct_jmp2_count, cross_page;
4188 TranslationBlock *tb;
3b46e624 4189
e3db7226
FB		 4190 target_code_size = 0;
4191 max_target_code_size = 0;
4192 cross_page = 0;
4193 direct_jmp_count = 0;
4194 direct_jmp2_count = 0;
4195 for(i = 0; i < nb_tbs; i++) {
4196 tb = &tbs[i];
4197 target_code_size += tb->size;
4198 if (tb->size > max_target_code_size)
4199 max_target_code_size = tb->size;
4200 if (tb->page_addr[1] != -1)
4201 cross_page++;
4202 if (tb->tb_next_offset[0] != 0xffff) {
4203 direct_jmp_count++;
4204 if (tb->tb_next_offset[1] != 0xffff) {
4205 direct_jmp2_count++;
4206 }
4207 }
4208 }
4209 /* XXX: avoid using doubles ? */
57fec1fe 4210 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4211 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4212 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4213 cpu_fprintf(f, "TB count %d/%d\n",
4214 nb_tbs, code_gen_max_blocks);
5fafdf24 4215 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4216 nb_tbs ? target_code_size / nb_tbs : 0,
4217 max_target_code_size);
055403b2 4218 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4219 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4220 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4221 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4222 cross_page,
e3db7226
FB		 4223 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4224 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4225 direct_jmp_count,
e3db7226
FB		 4226 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4227 direct_jmp2_count,
4228 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4229 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4230 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4231 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4232 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4233 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4234}
4235
82afa586
BH		 4236/*
4237 * A helper function for the _utterly broken_ virtio device model to find out if
4238 * it's running on a big endian machine. Don't do this at home kids!
4239 */
4240bool virtio_is_big_endian(void);
4241bool virtio_is_big_endian(void)
4242{
4243#if defined(TARGET_WORDS_BIGENDIAN)
4244 return true;
4245#else
4246 return false;
4247#endif
4248}
4249
61382a50 4250#endif
76f35538
WC		 4251
4252#ifndef CONFIG_USER_ONLY
4253bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4254{
4255 MemoryRegionSection *section;
4256
4257 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4258
4259 return !(memory_region_is_ram(section->mr) ||
4260 memory_region_is_romd(section->mr));
4261}
4262#endif
QEMU mirror