]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: Allocate code_gen_prologue from code_gen_buffer
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
67d95c15
AK		 62#define WANT_EXEC_OBSOLETE
63#include "exec-obsolete.h"
64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
4438c8a9 89uint8_t *code_gen_prologue;
bdaf78e0 90static uint8_t *code_gen_buffer;
f1bc0bcc 91static size_t code_gen_buffer_size;
26a5f13b 92/* threshold to flush the translated code buffer */
f1bc0bcc 93static size_t code_gen_buffer_max_size;
24ab68ac 94static uint8_t *code_gen_ptr;
fd6ce8f6 95
e2eef170 96#if !defined(CONFIG_USER_ONLY)
9fa3e853 97int phys_ram_fd;
74576198 98static int in_migration;
94a6b54f 99
85d59fef 100RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 101
102static MemoryRegion *system_memory;
309cb471 103static MemoryRegion *system_io;
62152b8a 104
0e0df1e2 105MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 106static MemoryRegion io_mem_subpage_ram;
0e0df1e2 107
e2eef170 108#endif
9fa3e853 109
9349b4f9 110CPUArchState *first_cpu;
6a00d601
FB		 111/* current CPU in the current thread. It is only valid inside
112 cpu_exec() */
9349b4f9 113DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 114/* 0 = Do not count executed instructions.
bf20dc07 115 1 = Precise instruction counting.
2e70f6ef
PB		 116 2 = Adaptive rate instruction counting. */
117int use_icount = 0;
6a00d601 118
54936004 119typedef struct PageDesc {
92e873b9 120 /* list of TBs intersecting this ram page */
fd6ce8f6 121 TranslationBlock *first_tb;
9fa3e853
FB		 122 /* in order to optimize self modifying code, we count the number
123 of lookups we do to a given page to use a bitmap */
124 unsigned int code_write_count;
125 uint8_t *code_bitmap;
126#if defined(CONFIG_USER_ONLY)
127 unsigned long flags;
128#endif
54936004
FB		 129} PageDesc;
130
41c1b1c9 131/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 132 while in user mode we want it to be based on virtual addresses. */
133#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 134#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
135# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
136#else
5cd2c5b6 137# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 138#endif
bedb69ea 139#else
5cd2c5b6 140# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 141#endif
54936004 142
5cd2c5b6
RH		 143/* Size of the L2 (and L3, etc) page tables. */
144#define L2_BITS 10
54936004
FB		 145#define L2_SIZE (1 << L2_BITS)
146
3eef53df
AK		 147#define P_L2_LEVELS \
148 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
149
5cd2c5b6 150/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 151#define V_L1_BITS_REM \
152 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
153
5cd2c5b6
RH		 154#if V_L1_BITS_REM < 4
155#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
156#else
157#define V_L1_BITS V_L1_BITS_REM
158#endif
159
5cd2c5b6
RH		 160#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
161
5cd2c5b6
RH		 162#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
163
c6d50674
SW		 164uintptr_t qemu_real_host_page_size;
165uintptr_t qemu_host_page_size;
166uintptr_t qemu_host_page_mask;
54936004 167
5cd2c5b6
RH		 168/* This is a multi-level map on the virtual address space.
169 The bottom level has pointers to PageDesc. */
170static void *l1_map[V_L1_SIZE];
54936004 171
e2eef170 172#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 173typedef struct PhysPageEntry PhysPageEntry;
174
5312bd8b
AK		 175static MemoryRegionSection *phys_sections;
176static unsigned phys_sections_nb, phys_sections_nb_alloc;
177static uint16_t phys_section_unassigned;
aa102231
AK		 178static uint16_t phys_section_notdirty;
179static uint16_t phys_section_rom;
180static uint16_t phys_section_watch;
5312bd8b 181
4346ae3e 182struct PhysPageEntry {
07f07b31
AK		 183 uint16_t is_leaf : 1;
184 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
185 uint16_t ptr : 15;
4346ae3e
AK		 186};
187
d6f2ea22
AK		 188/* Simple allocator for PhysPageEntry nodes */
189static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
190static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
191
07f07b31 192#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 193
5cd2c5b6 194/* This is a multi-level map on the physical address space.
06ef3525 195 The bottom level has pointers to MemoryRegionSections. */
07f07b31 196static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
e2eef170 200
1ec9b909 201static MemoryRegion io_mem_watch;
6658ffb8 202#endif
33417e70 203
e3db7226 204/* statistics */
e3db7226
FB		 205static int tb_flush_count;
206static int tb_phys_invalidate_count;
207
7cb69cae 208#ifdef _WIN32
4438c8a9 209static inline void map_exec(void *addr, long size)
7cb69cae
FB		 210{
211 DWORD old_protect;
212 VirtualProtect(addr, size,
213 PAGE_EXECUTE_READWRITE, &old_protect);
214
215}
216#else
4438c8a9 217static inline void map_exec(void *addr, long size)
7cb69cae 218{
4369415f 219 unsigned long start, end, page_size;
7cb69cae 220
4369415f 221 page_size = getpagesize();
7cb69cae 222 start = (unsigned long)addr;
4369415f 223 start &= ~(page_size - 1);
7cb69cae
FB		 224
225 end = (unsigned long)addr + size;
4369415f
FB		 226 end += page_size - 1;
227 end &= ~(page_size - 1);
7cb69cae
FB		 228
229 mprotect((void *)start, end - start,
230 PROT_READ | PROT_WRITE | PROT_EXEC);
231}
232#endif
233
b346ff46 234static void page_init(void)
54936004 235{
83fb7adf 236 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 237 TARGET_PAGE_SIZE */
c2b48b69
AL		 238#ifdef _WIN32
239 {
240 SYSTEM_INFO system_info;
241
242 GetSystemInfo(&system_info);
243 qemu_real_host_page_size = system_info.dwPageSize;
244 }
245#else
246 qemu_real_host_page_size = getpagesize();
247#endif
83fb7adf
FB		 248 if (qemu_host_page_size == 0)
249 qemu_host_page_size = qemu_real_host_page_size;
250 if (qemu_host_page_size < TARGET_PAGE_SIZE)
251 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 252 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 253
2e9a5713 254#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 255 {
f01576f1
JL		 256#ifdef HAVE_KINFO_GETVMMAP
257 struct kinfo_vmentry *freep;
258 int i, cnt;
259
260 freep = kinfo_getvmmap(getpid(), &cnt);
261 if (freep) {
262 mmap_lock();
263 for (i = 0; i < cnt; i++) {
264 unsigned long startaddr, endaddr;
265
266 startaddr = freep[i].kve_start;
267 endaddr = freep[i].kve_end;
268 if (h2g_valid(startaddr)) {
269 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
270
271 if (h2g_valid(endaddr)) {
272 endaddr = h2g(endaddr);
fd436907 273 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 274 } else {
275#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
276 endaddr = ~0ul;
fd436907 277 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 278#endif
279 }
280 }
281 }
282 free(freep);
283 mmap_unlock();
284 }
285#else
50a9569b 286 FILE *f;
50a9569b 287
0776590d 288 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 289
fd436907 290 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 291 if (f) {
5cd2c5b6
RH		 292 mmap_lock();
293
50a9569b 294 do {
5cd2c5b6
RH		 295 unsigned long startaddr, endaddr;
296 int n;
297
298 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
299
300 if (n == 2 && h2g_valid(startaddr)) {
301 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
302
303 if (h2g_valid(endaddr)) {
304 endaddr = h2g(endaddr);
305 } else {
306 endaddr = ~0ul;
307 }
308 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 309 }
310 } while (!feof(f));
5cd2c5b6 311
50a9569b 312 fclose(f);
5cd2c5b6 313 mmap_unlock();
50a9569b 314 }
f01576f1 315#endif
50a9569b
AZ		 316 }
317#endif
54936004
FB		 318}
319
41c1b1c9 320static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 321{
41c1b1c9
PB		 322 PageDesc *pd;
323 void **lp;
324 int i;
325
5cd2c5b6 326#if defined(CONFIG_USER_ONLY)
7267c094 327 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 328# define ALLOC(P, SIZE) \
329 do { \
330 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
331 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 332 } while (0)
333#else
334# define ALLOC(P, SIZE) \
7267c094 335 do { P = g_malloc0(SIZE); } while (0)
17e2377a 336#endif
434929bf 337
5cd2c5b6
RH		 338 /* Level 1. Always allocated. */
339 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
340
341 /* Level 2..N-1. */
342 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
343 void **p = *lp;
344
345 if (p == NULL) {
346 if (!alloc) {
347 return NULL;
348 }
349 ALLOC(p, sizeof(void *) * L2_SIZE);
350 *lp = p;
17e2377a 351 }
5cd2c5b6
RH		 352
353 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
354 }
355
356 pd = *lp;
357 if (pd == NULL) {
358 if (!alloc) {
359 return NULL;
360 }
361 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
362 *lp = pd;
54936004 363 }
5cd2c5b6
RH		 364
365#undef ALLOC
5cd2c5b6
RH		 366
367 return pd + (index & (L2_SIZE - 1));
54936004
FB		 368}
369
41c1b1c9 370static inline PageDesc *page_find(tb_page_addr_t index)
54936004 371{
5cd2c5b6 372 return page_find_alloc(index, 0);
fd6ce8f6
FB		 373}
374
6d9a1304 375#if !defined(CONFIG_USER_ONLY)
d6f2ea22 376
f7bf5461 377static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 378{
f7bf5461 379 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 380 typedef PhysPageEntry Node[L2_SIZE];
381 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 382 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
383 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 384 phys_map_nodes = g_renew(Node, phys_map_nodes,
385 phys_map_nodes_nb_alloc);
386 }
f7bf5461
AK		 387}
388
389static uint16_t phys_map_node_alloc(void)
390{
391 unsigned i;
392 uint16_t ret;
393
394 ret = phys_map_nodes_nb++;
395 assert(ret != PHYS_MAP_NODE_NIL);
396 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 397 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 398 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 399 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 400 }
f7bf5461 401 return ret;
d6f2ea22
AK		 402}
403
404static void phys_map_nodes_reset(void)
405{
406 phys_map_nodes_nb = 0;
407}
408
92e873b9 409
2999097b
AK		 410static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
411 target_phys_addr_t *nb, uint16_t leaf,
412 int level)
f7bf5461
AK		 413{
414 PhysPageEntry *p;
415 int i;
07f07b31 416 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 417
07f07b31 418 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 419 lp->ptr = phys_map_node_alloc();
420 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 421 if (level == 0) {
422 for (i = 0; i < L2_SIZE; i++) {
07f07b31 423 p[i].is_leaf = 1;
c19e8800 424 p[i].ptr = phys_section_unassigned;
4346ae3e 425 }
67c4d23c 426 }
f7bf5461 427 } else {
c19e8800 428 p = phys_map_nodes[lp->ptr];
92e873b9 429 }
2999097b 430 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 431
2999097b 432 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 433 if ((*index & (step - 1)) == 0 && *nb >= step) {
434 lp->is_leaf = true;
c19e8800 435 lp->ptr = leaf;
07f07b31
AK		 436 *index += step;
437 *nb -= step;
2999097b
AK		 438 } else {
439 phys_page_set_level(lp, index, nb, leaf, level - 1);
440 }
441 ++lp;
f7bf5461
AK		 442 }
443}
444
2999097b
AK		 445static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
446 uint16_t leaf)
f7bf5461 447{
2999097b 448 /* Wildly overreserve - it doesn't matter much. */
07f07b31 449 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 450
2999097b 451 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 452}
453
0cac1b66 454MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 455{
31ab2b4a
AK		 456 PhysPageEntry lp = phys_map;
457 PhysPageEntry *p;
458 int i;
31ab2b4a 459 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 460
07f07b31 461 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 462 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 463 goto not_found;
464 }
c19e8800 465 p = phys_map_nodes[lp.ptr];
31ab2b4a 466 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 467 }
31ab2b4a 468
c19e8800 469 s_index = lp.ptr;
31ab2b4a 470not_found:
f3705d53
AK		 471 return &phys_sections[s_index];
472}
473
e5548617
BS		 474bool memory_region_is_unassigned(MemoryRegion *mr)
475{
476 return mr != &io_mem_ram && mr != &io_mem_rom
477 && mr != &io_mem_notdirty && !mr->rom_device
478 && mr != &io_mem_watch;
479}
480
c8a706fe
PB		 481#define mmap_lock() do { } while(0)
482#define mmap_unlock() do { } while(0)
9fa3e853 483#endif
fd6ce8f6 484
4369415f 485#if defined(CONFIG_USER_ONLY)
ccbb4d44 486/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 487 user mode. It will change when a dedicated libc will be used. */
488/* ??? 64-bit hosts ought to have no problem mmaping data outside the
489 region in which the guest needs to run. Revisit this. */
4369415f
FB		 490#define USE_STATIC_CODE_GEN_BUFFER
491#endif
492
f1bc0bcc
RH		 493/* ??? Should configure for this, not list operating systems here. */
494#if (defined(__linux__) \
495 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
496 || defined(__DragonFly__) || defined(__OpenBSD__) \
497 || defined(__NetBSD__))
498# define USE_MMAP
4369415f
FB		 499#endif
500
f1bc0bcc
RH		 501/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
502 indicated, this is constrained by the range of direct branches on the
503 host cpu, as used by the TCG implementation of goto_tb. */
504#if defined(__x86_64__)
505# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
506#elif defined(__sparc__)
507# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
508#elif defined(__arm__)
509# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
510#elif defined(__s390x__)
511 /* We have a +- 4GB range on the branches; leave some slop. */
512# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
513#else
514# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
515#endif
516
3d85a72f
RH		 517#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
518
519#define DEFAULT_CODE_GEN_BUFFER_SIZE \
520 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
521 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 522
523static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 524{
f1bc0bcc
RH		 525 /* Size the buffer. */
526 if (tb_size == 0) {
4369415f 527#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 528 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 529#else
f1bc0bcc
RH		 530 /* ??? Needs adjustments. */
531 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
532 static buffer, we could size this on RESERVED_VA, on the text
533 segment size of the executable, or continue to use the default. */
534 tb_size = (unsigned long)(ram_size / 4);
4369415f 535#endif
26a5f13b 536 }
f1bc0bcc
RH		 537 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
538 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 539 }
f1bc0bcc
RH		 540 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
541 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 542 }
f1bc0bcc
RH		 543 code_gen_buffer_size = tb_size;
544 return tb_size;
545}
546
547#ifdef USE_STATIC_CODE_GEN_BUFFER
548static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
549 __attribute__((aligned(CODE_GEN_ALIGN)));
550
551static inline void *alloc_code_gen_buffer(void)
552{
553 map_exec(static_code_gen_buffer, code_gen_buffer_size);
554 return static_code_gen_buffer;
555}
556#elif defined(USE_MMAP)
557static inline void *alloc_code_gen_buffer(void)
558{
559 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
560 uintptr_t start = 0;
561 void *buf;
562
563 /* Constrain the position of the buffer based on the host cpu.
564 Note that these addresses are chosen in concert with the
565 addresses assigned in the relevant linker script file. */
405def18
RH		 566# if defined(__PIE__) || defined(__PIC__)
567 /* Don't bother setting a preferred location if we're building
568 a position-independent executable. We're more likely to get
569 an address near the main executable if we let the kernel
570 choose the address. */
571# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 572 /* Force the memory down into low memory with the executable.
573 Leave the choice of exact location with the kernel. */
574 flags |= MAP_32BIT;
575 /* Cannot expect to map more than 800MB in low memory. */
576 if (code_gen_buffer_size > 800u * 1024 * 1024) {
577 code_gen_buffer_size = 800u * 1024 * 1024;
578 }
579# elif defined(__sparc__)
580 start = 0x40000000ul;
581# elif defined(__s390x__)
582 start = 0x90000000ul;
583# endif
584
585 buf = mmap((void *)start, code_gen_buffer_size,
586 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
587 return buf == MAP_FAILED ? NULL : buf;
588}
26a5f13b 589#else
f1bc0bcc
RH		 590static inline void *alloc_code_gen_buffer(void)
591{
592 void *buf = g_malloc(code_gen_buffer_size);
593 if (buf) {
594 map_exec(buf, code_gen_buffer_size);
595 }
596 return buf;
597}
598#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
599
600static inline void code_gen_alloc(size_t tb_size)
601{
602 code_gen_buffer_size = size_code_gen_buffer(tb_size);
603 code_gen_buffer = alloc_code_gen_buffer();
604 if (code_gen_buffer == NULL) {
605 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
606 exit(1);
607 }
608
4438c8a9
RH		 609 /* Steal room for the prologue at the end of the buffer. This ensures
610 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
611 from TB's to the prologue are going to be in range. It also means
612 that we don't need to mark (additional) portions of the data segment
613 as executable. */
614 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
615 code_gen_buffer_size -= 1024;
616
a884da8a
PM		 617 code_gen_buffer_max_size = code_gen_buffer_size -
618 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 619 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 620 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 621}
622
623/* Must be called before using the QEMU cpus. 'tb_size' is the size
624 (in bytes) allocated to the translation buffer. Zero means default
625 size. */
d5ab9713 626void tcg_exec_init(unsigned long tb_size)
26a5f13b 627{
26a5f13b
FB		 628 cpu_gen_init();
629 code_gen_alloc(tb_size);
630 code_gen_ptr = code_gen_buffer;
813da627 631 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 632 page_init();
9002ec79
RH		 633#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
634 /* There's no guest base to take into account, so go ahead and
635 initialize the prologue now. */
636 tcg_prologue_init(&tcg_ctx);
637#endif
26a5f13b
FB		 638}
639
d5ab9713
JK		 640bool tcg_enabled(void)
641{
642 return code_gen_buffer != NULL;
643}
644
645void cpu_exec_init_all(void)
646{
647#if !defined(CONFIG_USER_ONLY)
648 memory_map_init();
649 io_mem_init();
650#endif
651}
652
9656f324
PB		 653#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
654
e59fb374 655static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 656{
9349b4f9 657 CPUArchState *env = opaque;
9656f324 658
3098dba0
AJ		 659 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
660 version_id is increased. */
661 env->interrupt_request &= ~0x01;
9656f324
PB		 662 tlb_flush(env, 1);
663
664 return 0;
665}
e7f4eff7
JQ		 666
667static const VMStateDescription vmstate_cpu_common = {
668 .name = "cpu_common",
669 .version_id = 1,
670 .minimum_version_id = 1,
671 .minimum_version_id_old = 1,
e7f4eff7
JQ		 672 .post_load = cpu_common_post_load,
673 .fields = (VMStateField []) {
9349b4f9
AF		 674 VMSTATE_UINT32(halted, CPUArchState),
675 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 676 VMSTATE_END_OF_LIST()
677 }
678};
9656f324
PB		 679#endif
680
9349b4f9 681CPUArchState *qemu_get_cpu(int cpu)
950f1472 682{
9349b4f9 683 CPUArchState *env = first_cpu;
950f1472
GC		 684
685 while (env) {
686 if (env->cpu_index == cpu)
687 break;
688 env = env->next_cpu;
689 }
690
691 return env;
692}
693
9349b4f9 694void cpu_exec_init(CPUArchState *env)
fd6ce8f6 695{
9349b4f9 696 CPUArchState **penv;
6a00d601
FB		 697 int cpu_index;
698
c2764719
PB		 699#if defined(CONFIG_USER_ONLY)
700 cpu_list_lock();
701#endif
6a00d601
FB		 702 env->next_cpu = NULL;
703 penv = &first_cpu;
704 cpu_index = 0;
705 while (*penv != NULL) {
1e9fa730 706 penv = &(*penv)->next_cpu;
6a00d601
FB		 707 cpu_index++;
708 }
709 env->cpu_index = cpu_index;
268a362c 710 env->numa_node = 0;
72cf2d4f
BS		 711 QTAILQ_INIT(&env->breakpoints);
712 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 713#ifndef CONFIG_USER_ONLY
714 env->thread_id = qemu_get_thread_id();
715#endif
6a00d601 716 *penv = env;
c2764719
PB		 717#if defined(CONFIG_USER_ONLY)
718 cpu_list_unlock();
719#endif
b3c7724c 720#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 721 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
722 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 723 cpu_save, cpu_load, env);
724#endif
fd6ce8f6
FB		 725}
726
d1a1eb74
TG		 727/* Allocate a new translation block. Flush the translation buffer if
728 too many translation blocks or too much generated code. */
729static TranslationBlock *tb_alloc(target_ulong pc)
730{
731 TranslationBlock *tb;
732
733 if (nb_tbs >= code_gen_max_blocks ||
734 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
735 return NULL;
736 tb = &tbs[nb_tbs++];
737 tb->pc = pc;
738 tb->cflags = 0;
739 return tb;
740}
741
742void tb_free(TranslationBlock *tb)
743{
744 /* In practice this is mostly used for single use temporary TB
745 Ignore the hard cases and just back up if this TB happens to
746 be the last one generated. */
747 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
748 code_gen_ptr = tb->tc_ptr;
749 nb_tbs--;
750 }
751}
752
9fa3e853
FB		 753static inline void invalidate_page_bitmap(PageDesc *p)
754{
755 if (p->code_bitmap) {
7267c094 756 g_free(p->code_bitmap);
9fa3e853
FB		 757 p->code_bitmap = NULL;
758 }
759 p->code_write_count = 0;
760}
761
5cd2c5b6
RH		 762/* Set to NULL all the 'first_tb' fields in all PageDescs. */
763
764static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 765{
5cd2c5b6 766 int i;
fd6ce8f6 767
5cd2c5b6
RH		 768 if (*lp == NULL) {
769 return;
770 }
771 if (level == 0) {
772 PageDesc *pd = *lp;
7296abac 773 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 774 pd[i].first_tb = NULL;
775 invalidate_page_bitmap(pd + i);
fd6ce8f6 776 }
5cd2c5b6
RH		 777 } else {
778 void **pp = *lp;
7296abac 779 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 780 page_flush_tb_1 (level - 1, pp + i);
781 }
782 }
783}
784
785static void page_flush_tb(void)
786{
787 int i;
788 for (i = 0; i < V_L1_SIZE; i++) {
789 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 790 }
791}
792
793/* flush all the translation blocks */
d4e8164f 794/* XXX: tb_flush is currently not thread safe */
9349b4f9 795void tb_flush(CPUArchState *env1)
fd6ce8f6 796{
9349b4f9 797 CPUArchState *env;
0124311e 798#if defined(DEBUG_FLUSH)
ab3d1727
BS		 799 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
800 (unsigned long)(code_gen_ptr - code_gen_buffer),
801 nb_tbs, nb_tbs > 0 ?
802 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 803#endif
26a5f13b 804 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 805 cpu_abort(env1, "Internal error: code buffer overflow\n");
806
fd6ce8f6 807 nb_tbs = 0;
3b46e624 808
6a00d601
FB		 809 for(env = first_cpu; env != NULL; env = env->next_cpu) {
810 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
811 }
9fa3e853 812
8a8a608f 813 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 814 page_flush_tb();
9fa3e853 815
fd6ce8f6 816 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 817 /* XXX: flush processor icache at this point if cache flush is
818 expensive */
e3db7226 819 tb_flush_count++;
fd6ce8f6
FB		 820}
821
822#ifdef DEBUG_TB_CHECK
823
bc98a7ef 824static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 825{
826 TranslationBlock *tb;
827 int i;
828 address &= TARGET_PAGE_MASK;
99773bd4
PB		 829 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
830 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 831 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
832 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 833 printf("ERROR invalidate: address=" TARGET_FMT_lx
834 " PC=%08lx size=%04x\n",
99773bd4 835 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 836 }
837 }
838 }
839}
840
841/* verify that all the pages have correct rights for code */
842static void tb_page_check(void)
843{
844 TranslationBlock *tb;
845 int i, flags1, flags2;
3b46e624 846
99773bd4
PB		 847 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
848 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 849 flags1 = page_get_flags(tb->pc);
850 flags2 = page_get_flags(tb->pc + tb->size - 1);
851 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
852 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 853 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 854 }
855 }
856 }
857}
858
859#endif
860
861/* invalidate one TB */
862static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
863 int next_offset)
864{
865 TranslationBlock *tb1;
866 for(;;) {
867 tb1 = *ptb;
868 if (tb1 == tb) {
869 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
870 break;
871 }
872 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
873 }
874}
875
9fa3e853
FB		 876static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
877{
878 TranslationBlock *tb1;
879 unsigned int n1;
880
881 for(;;) {
882 tb1 = *ptb;
8efe0ca8
SW		 883 n1 = (uintptr_t)tb1 & 3;
884 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 885 if (tb1 == tb) {
886 *ptb = tb1->page_next[n1];
887 break;
888 }
889 ptb = &tb1->page_next[n1];
890 }
891}
892
d4e8164f
FB		 893static inline void tb_jmp_remove(TranslationBlock *tb, int n)
894{
895 TranslationBlock *tb1, **ptb;
896 unsigned int n1;
897
898 ptb = &tb->jmp_next[n];
899 tb1 = *ptb;
900 if (tb1) {
901 /* find tb(n) in circular list */
902 for(;;) {
903 tb1 = *ptb;
8efe0ca8
SW		 904 n1 = (uintptr_t)tb1 & 3;
905 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 906 if (n1 == n && tb1 == tb)
907 break;
908 if (n1 == 2) {
909 ptb = &tb1->jmp_first;
910 } else {
911 ptb = &tb1->jmp_next[n1];
912 }
913 }
914 /* now we can suppress tb(n) from the list */
915 *ptb = tb->jmp_next[n];
916
917 tb->jmp_next[n] = NULL;
918 }
919}
920
921/* reset the jump entry 'n' of a TB so that it is not chained to
922 another TB */
923static inline void tb_reset_jump(TranslationBlock *tb, int n)
924{
8efe0ca8 925 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 926}
927
41c1b1c9 928void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 929{
9349b4f9 930 CPUArchState *env;
8a40a180 931 PageDesc *p;
d4e8164f 932 unsigned int h, n1;
41c1b1c9 933 tb_page_addr_t phys_pc;
8a40a180 934 TranslationBlock *tb1, *tb2;
3b46e624 935
8a40a180
FB		 936 /* remove the TB from the hash list */
937 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
938 h = tb_phys_hash_func(phys_pc);
5fafdf24 939 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 940 offsetof(TranslationBlock, phys_hash_next));
941
942 /* remove the TB from the page list */
943 if (tb->page_addr[0] != page_addr) {
944 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
945 tb_page_remove(&p->first_tb, tb);
946 invalidate_page_bitmap(p);
947 }
948 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
949 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
950 tb_page_remove(&p->first_tb, tb);
951 invalidate_page_bitmap(p);
952 }
953
36bdbe54 954 tb_invalidated_flag = 1;
59817ccb 955
fd6ce8f6 956 /* remove the TB from the hash list */
8a40a180 957 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 958 for(env = first_cpu; env != NULL; env = env->next_cpu) {
959 if (env->tb_jmp_cache[h] == tb)
960 env->tb_jmp_cache[h] = NULL;
961 }
d4e8164f
FB		 962
963 /* suppress this TB from the two jump lists */
964 tb_jmp_remove(tb, 0);
965 tb_jmp_remove(tb, 1);
966
967 /* suppress any remaining jumps to this TB */
968 tb1 = tb->jmp_first;
969 for(;;) {
8efe0ca8 970 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 971 if (n1 == 2)
972 break;
8efe0ca8 973 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 974 tb2 = tb1->jmp_next[n1];
975 tb_reset_jump(tb1, n1);
976 tb1->jmp_next[n1] = NULL;
977 tb1 = tb2;
978 }
8efe0ca8 979 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 980
e3db7226 981 tb_phys_invalidate_count++;
9fa3e853
FB		 982}
983
984static inline void set_bits(uint8_t *tab, int start, int len)
985{
986 int end, mask, end1;
987
988 end = start + len;
989 tab += start >> 3;
990 mask = 0xff << (start & 7);
991 if ((start & ~7) == (end & ~7)) {
992 if (start < end) {
993 mask &= ~(0xff << (end & 7));
994 *tab |= mask;
995 }
996 } else {
997 *tab++ |= mask;
998 start = (start + 8) & ~7;
999 end1 = end & ~7;
1000 while (start < end1) {
1001 *tab++ = 0xff;
1002 start += 8;
1003 }
1004 if (start < end) {
1005 mask = ~(0xff << (end & 7));
1006 *tab |= mask;
1007 }
1008 }
1009}
1010
1011static void build_page_bitmap(PageDesc *p)
1012{
1013 int n, tb_start, tb_end;
1014 TranslationBlock *tb;
3b46e624 1015
7267c094 1016 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1017
1018 tb = p->first_tb;
1019 while (tb != NULL) {
8efe0ca8
SW		 1020 n = (uintptr_t)tb & 3;
1021 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1022 /* NOTE: this is subtle as a TB may span two physical pages */
1023 if (n == 0) {
1024 /* NOTE: tb_end may be after the end of the page, but
1025 it is not a problem */
1026 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1027 tb_end = tb_start + tb->size;
1028 if (tb_end > TARGET_PAGE_SIZE)
1029 tb_end = TARGET_PAGE_SIZE;
1030 } else {
1031 tb_start = 0;
1032 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1033 }
1034 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1035 tb = tb->page_next[n];
1036 }
1037}
1038
9349b4f9 1039TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1040 target_ulong pc, target_ulong cs_base,
1041 int flags, int cflags)
d720b93d
FB		 1042{
1043 TranslationBlock *tb;
1044 uint8_t *tc_ptr;
41c1b1c9
PB		 1045 tb_page_addr_t phys_pc, phys_page2;
1046 target_ulong virt_page2;
d720b93d
FB		 1047 int code_gen_size;
1048
41c1b1c9 1049 phys_pc = get_page_addr_code(env, pc);
c27004ec 1050 tb = tb_alloc(pc);
d720b93d
FB		 1051 if (!tb) {
1052 /* flush must be done */
1053 tb_flush(env);
1054 /* cannot fail at this point */
c27004ec 1055 tb = tb_alloc(pc);
2e70f6ef
PB		 1056 /* Don't forget to invalidate previous TB info. */
1057 tb_invalidated_flag = 1;
d720b93d
FB		 1058 }
1059 tc_ptr = code_gen_ptr;
1060 tb->tc_ptr = tc_ptr;
1061 tb->cs_base = cs_base;
1062 tb->flags = flags;
1063 tb->cflags = cflags;
d07bde88 1064 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1065 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1066 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1067
d720b93d 1068 /* check next page if needed */
c27004ec 1069 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1070 phys_page2 = -1;
c27004ec 1071 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1072 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1073 }
41c1b1c9 1074 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1075 return tb;
d720b93d 1076}
3b46e624 1077
77a8f1a5 1078/*
8e0fdce3
JK		 1079 * Invalidate all TBs which intersect with the target physical address range
1080 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1081 * 'is_cpu_write_access' should be true if called from a real cpu write
1082 * access: the virtual CPU will exit the current TB if code is modified inside
1083 * this TB.
77a8f1a5
AG		 1084 */
1085void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1086 int is_cpu_write_access)
1087{
1088 while (start < end) {
1089 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1090 start &= TARGET_PAGE_MASK;
1091 start += TARGET_PAGE_SIZE;
1092 }
1093}
1094
8e0fdce3
JK		 1095/*
1096 * Invalidate all TBs which intersect with the target physical address range
1097 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1098 * 'is_cpu_write_access' should be true if called from a real cpu write
1099 * access: the virtual CPU will exit the current TB if code is modified inside
1100 * this TB.
1101 */
41c1b1c9 1102void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1103 int is_cpu_write_access)
1104{
6b917547 1105 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1106 CPUArchState *env = cpu_single_env;
41c1b1c9 1107 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1108 PageDesc *p;
1109 int n;
1110#ifdef TARGET_HAS_PRECISE_SMC
1111 int current_tb_not_found = is_cpu_write_access;
1112 TranslationBlock *current_tb = NULL;
1113 int current_tb_modified = 0;
1114 target_ulong current_pc = 0;
1115 target_ulong current_cs_base = 0;
1116 int current_flags = 0;
1117#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1118
1119 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1120 if (!p)
9fa3e853 1121 return;
5fafdf24 1122 if (!p->code_bitmap &&
d720b93d
FB		 1123 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1124 is_cpu_write_access) {
9fa3e853
FB		 1125 /* build code bitmap */
1126 build_page_bitmap(p);
1127 }
1128
1129 /* we remove all the TBs in the range [start, end[ */
1130 /* XXX: see if in some cases it could be faster to invalidate all the code */
1131 tb = p->first_tb;
1132 while (tb != NULL) {
8efe0ca8
SW		 1133 n = (uintptr_t)tb & 3;
1134 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1135 tb_next = tb->page_next[n];
1136 /* NOTE: this is subtle as a TB may span two physical pages */
1137 if (n == 0) {
1138 /* NOTE: tb_end may be after the end of the page, but
1139 it is not a problem */
1140 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1141 tb_end = tb_start + tb->size;
1142 } else {
1143 tb_start = tb->page_addr[1];
1144 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1145 }
1146 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1147#ifdef TARGET_HAS_PRECISE_SMC
1148 if (current_tb_not_found) {
1149 current_tb_not_found = 0;
1150 current_tb = NULL;
2e70f6ef 1151 if (env->mem_io_pc) {
d720b93d 1152 /* now we have a real cpu fault */
2e70f6ef 1153 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1154 }
1155 }
1156 if (current_tb == tb &&
2e70f6ef 1157 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1158 /* If we are modifying the current TB, we must stop
1159 its execution. We could be more precise by checking
1160 that the modification is after the current PC, but it
1161 would require a specialized function to partially
1162 restore the CPU state */
3b46e624 1163
d720b93d 1164 current_tb_modified = 1;
618ba8e6 1165 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1166 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1167 &current_flags);
d720b93d
FB		 1168 }
1169#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1170 /* we need to do that to handle the case where a signal
1171 occurs while doing tb_phys_invalidate() */
1172 saved_tb = NULL;
1173 if (env) {
1174 saved_tb = env->current_tb;
1175 env->current_tb = NULL;
1176 }
9fa3e853 1177 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1178 if (env) {
1179 env->current_tb = saved_tb;
1180 if (env->interrupt_request && env->current_tb)
1181 cpu_interrupt(env, env->interrupt_request);
1182 }
9fa3e853
FB		 1183 }
1184 tb = tb_next;
1185 }
1186#if !defined(CONFIG_USER_ONLY)
1187 /* if no code remaining, no need to continue to use slow writes */
1188 if (!p->first_tb) {
1189 invalidate_page_bitmap(p);
d720b93d 1190 if (is_cpu_write_access) {
2e70f6ef 1191 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1192 }
1193 }
1194#endif
1195#ifdef TARGET_HAS_PRECISE_SMC
1196 if (current_tb_modified) {
1197 /* we generate a block containing just the instruction
1198 modifying the memory. It will ensure that it cannot modify
1199 itself */
ea1c1802 1200 env->current_tb = NULL;
2e70f6ef 1201 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1202 cpu_resume_from_signal(env, NULL);
9fa3e853 1203 }
fd6ce8f6 1204#endif
9fa3e853 1205}
fd6ce8f6 1206
9fa3e853 1207/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1208static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1209{
1210 PageDesc *p;
1211 int offset, b;
59817ccb 1212#if 0
a4193c8a 1213 if (1) {
93fcfe39
AL		 1214 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1215 cpu_single_env->mem_io_vaddr, len,
1216 cpu_single_env->eip,
8efe0ca8
SW		 1217 cpu_single_env->eip +
1218 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1219 }
1220#endif
9fa3e853 1221 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1222 if (!p)
9fa3e853
FB		 1223 return;
1224 if (p->code_bitmap) {
1225 offset = start & ~TARGET_PAGE_MASK;
1226 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1227 if (b & ((1 << len) - 1))
1228 goto do_invalidate;
1229 } else {
1230 do_invalidate:
d720b93d 1231 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1232 }
1233}
1234
9fa3e853 1235#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1236static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1237 uintptr_t pc, void *puc)
9fa3e853 1238{
6b917547 1239 TranslationBlock *tb;
9fa3e853 1240 PageDesc *p;
6b917547 1241 int n;
d720b93d 1242#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1243 TranslationBlock *current_tb = NULL;
9349b4f9 1244 CPUArchState *env = cpu_single_env;
6b917547
AL		 1245 int current_tb_modified = 0;
1246 target_ulong current_pc = 0;
1247 target_ulong current_cs_base = 0;
1248 int current_flags = 0;
d720b93d 1249#endif
9fa3e853
FB		 1250
1251 addr &= TARGET_PAGE_MASK;
1252 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1253 if (!p)
9fa3e853
FB		 1254 return;
1255 tb = p->first_tb;
d720b93d
FB		 1256#ifdef TARGET_HAS_PRECISE_SMC
1257 if (tb && pc != 0) {
1258 current_tb = tb_find_pc(pc);
1259 }
1260#endif
9fa3e853 1261 while (tb != NULL) {
8efe0ca8
SW		 1262 n = (uintptr_t)tb & 3;
1263 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1264#ifdef TARGET_HAS_PRECISE_SMC
1265 if (current_tb == tb &&
2e70f6ef 1266 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1267 /* If we are modifying the current TB, we must stop
1268 its execution. We could be more precise by checking
1269 that the modification is after the current PC, but it
1270 would require a specialized function to partially
1271 restore the CPU state */
3b46e624 1272
d720b93d 1273 current_tb_modified = 1;
618ba8e6 1274 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1275 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1276 &current_flags);
d720b93d
FB		 1277 }
1278#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1279 tb_phys_invalidate(tb, addr);
1280 tb = tb->page_next[n];
1281 }
fd6ce8f6 1282 p->first_tb = NULL;
d720b93d
FB		 1283#ifdef TARGET_HAS_PRECISE_SMC
1284 if (current_tb_modified) {
1285 /* we generate a block containing just the instruction
1286 modifying the memory. It will ensure that it cannot modify
1287 itself */
ea1c1802 1288 env->current_tb = NULL;
2e70f6ef 1289 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1290 cpu_resume_from_signal(env, puc);
1291 }
1292#endif
fd6ce8f6 1293}
9fa3e853 1294#endif
fd6ce8f6
FB		 1295
1296/* add the tb in the target page and protect it if necessary */
5fafdf24 1297static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1298 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1299{
1300 PageDesc *p;
4429ab44
JQ		 1301#ifndef CONFIG_USER_ONLY
1302 bool page_already_protected;
1303#endif
9fa3e853
FB		 1304
1305 tb->page_addr[n] = page_addr;
5cd2c5b6 1306 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1307 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1308#ifndef CONFIG_USER_ONLY
1309 page_already_protected = p->first_tb != NULL;
1310#endif
8efe0ca8 1311 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1312 invalidate_page_bitmap(p);
fd6ce8f6 1313
107db443 1314#if defined(TARGET_HAS_SMC) || 1
d720b93d 1315
9fa3e853 1316#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1317 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1318 target_ulong addr;
1319 PageDesc *p2;
9fa3e853
FB		 1320 int prot;
1321
fd6ce8f6
FB		 1322 /* force the host page as non writable (writes will have a
1323 page fault + mprotect overhead) */
53a5960a 1324 page_addr &= qemu_host_page_mask;
fd6ce8f6 1325 prot = 0;
53a5960a
PB		 1326 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1327 addr += TARGET_PAGE_SIZE) {
1328
1329 p2 = page_find (addr >> TARGET_PAGE_BITS);
1330 if (!p2)
1331 continue;
1332 prot |= p2->flags;
1333 p2->flags &= ~PAGE_WRITE;
53a5960a 1334 }
5fafdf24 1335 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1336 (prot & PAGE_BITS) & ~PAGE_WRITE);
1337#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1338 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1339 page_addr);
fd6ce8f6 1340#endif
fd6ce8f6 1341 }
9fa3e853
FB		 1342#else
1343 /* if some code is already present, then the pages are already
1344 protected. So we handle the case where only the first TB is
1345 allocated in a physical page */
4429ab44 1346 if (!page_already_protected) {
6a00d601 1347 tlb_protect_code(page_addr);
9fa3e853
FB		 1348 }
1349#endif
d720b93d
FB		 1350
1351#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1352}
1353
9fa3e853
FB		 1354/* add a new TB and link it to the physical page tables. phys_page2 is
1355 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1356void tb_link_page(TranslationBlock *tb,
1357 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1358{
9fa3e853
FB		 1359 unsigned int h;
1360 TranslationBlock **ptb;
1361
c8a706fe
PB		 1362 /* Grab the mmap lock to stop another thread invalidating this TB
1363 before we are done. */
1364 mmap_lock();
9fa3e853
FB		 1365 /* add in the physical hash table */
1366 h = tb_phys_hash_func(phys_pc);
1367 ptb = &tb_phys_hash[h];
1368 tb->phys_hash_next = *ptb;
1369 *ptb = tb;
fd6ce8f6
FB		 1370
1371 /* add in the page list */
9fa3e853
FB		 1372 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1373 if (phys_page2 != -1)
1374 tb_alloc_page(tb, 1, phys_page2);
1375 else
1376 tb->page_addr[1] = -1;
9fa3e853 1377
8efe0ca8 1378 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1379 tb->jmp_next[0] = NULL;
1380 tb->jmp_next[1] = NULL;
1381
1382 /* init original jump addresses */
1383 if (tb->tb_next_offset[0] != 0xffff)
1384 tb_reset_jump(tb, 0);
1385 if (tb->tb_next_offset[1] != 0xffff)
1386 tb_reset_jump(tb, 1);
8a40a180
FB		 1387
1388#ifdef DEBUG_TB_CHECK
1389 tb_page_check();
1390#endif
c8a706fe 1391 mmap_unlock();
fd6ce8f6
FB		 1392}
1393
9fa3e853
FB		 1394/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1395 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1396TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1397{
9fa3e853 1398 int m_min, m_max, m;
8efe0ca8 1399 uintptr_t v;
9fa3e853 1400 TranslationBlock *tb;
a513fe19
FB		 1401
1402 if (nb_tbs <= 0)
1403 return NULL;
8efe0ca8
SW		 1404 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1405 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1406 return NULL;
8efe0ca8 1407 }
a513fe19
FB		 1408 /* binary search (cf Knuth) */
1409 m_min = 0;
1410 m_max = nb_tbs - 1;
1411 while (m_min <= m_max) {
1412 m = (m_min + m_max) >> 1;
1413 tb = &tbs[m];
8efe0ca8 1414 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1415 if (v == tc_ptr)
1416 return tb;
1417 else if (tc_ptr < v) {
1418 m_max = m - 1;
1419 } else {
1420 m_min = m + 1;
1421 }
5fafdf24 1422 }
a513fe19
FB		 1423 return &tbs[m_max];
1424}
7501267e 1425
ea041c0e
FB		 1426static void tb_reset_jump_recursive(TranslationBlock *tb);
1427
1428static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1429{
1430 TranslationBlock *tb1, *tb_next, **ptb;
1431 unsigned int n1;
1432
1433 tb1 = tb->jmp_next[n];
1434 if (tb1 != NULL) {
1435 /* find head of list */
1436 for(;;) {
8efe0ca8
SW		 1437 n1 = (uintptr_t)tb1 & 3;
1438 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1439 if (n1 == 2)
1440 break;
1441 tb1 = tb1->jmp_next[n1];
1442 }
1443 /* we are now sure now that tb jumps to tb1 */
1444 tb_next = tb1;
1445
1446 /* remove tb from the jmp_first list */
1447 ptb = &tb_next->jmp_first;
1448 for(;;) {
1449 tb1 = *ptb;
8efe0ca8
SW		 1450 n1 = (uintptr_t)tb1 & 3;
1451 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1452 if (n1 == n && tb1 == tb)
1453 break;
1454 ptb = &tb1->jmp_next[n1];
1455 }
1456 *ptb = tb->jmp_next[n];
1457 tb->jmp_next[n] = NULL;
3b46e624 1458
ea041c0e
FB		 1459 /* suppress the jump to next tb in generated code */
1460 tb_reset_jump(tb, n);
1461
0124311e 1462 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1463 tb_reset_jump_recursive(tb_next);
1464 }
1465}
1466
1467static void tb_reset_jump_recursive(TranslationBlock *tb)
1468{
1469 tb_reset_jump_recursive2(tb, 0);
1470 tb_reset_jump_recursive2(tb, 1);
1471}
1472
1fddef4b 1473#if defined(TARGET_HAS_ICE)
94df27fd 1474#if defined(CONFIG_USER_ONLY)
9349b4f9 1475static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1476{
1477 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1478}
1479#else
1e7855a5 1480void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1481{
c227f099 1482 ram_addr_t ram_addr;
f3705d53 1483 MemoryRegionSection *section;
d720b93d 1484
06ef3525 1485 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1486 if (!(memory_region_is_ram(section->mr)
1487 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1488 return;
1489 }
f3705d53 1490 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1491 + memory_region_section_addr(section, addr);
706cd4b5 1492 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1493}
1e7855a5
MF		 1494
1495static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1496{
9d70c4b7
MF		 1497 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1498 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1499}
c27004ec 1500#endif
94df27fd 1501#endif /* TARGET_HAS_ICE */
d720b93d 1502
c527ee8f 1503#if defined(CONFIG_USER_ONLY)
9349b4f9 1504void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1505
1506{
1507}
1508
9349b4f9 1509int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1510 int flags, CPUWatchpoint **watchpoint)
1511{
1512 return -ENOSYS;
1513}
1514#else
6658ffb8 1515/* Add a watchpoint. */
9349b4f9 1516int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1517 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1518{
b4051334 1519 target_ulong len_mask = ~(len - 1);
c0ce998e 1520 CPUWatchpoint *wp;
6658ffb8 1521
b4051334 1522 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1523 if ((len & (len - 1)) || (addr & ~len_mask) ||
1524 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1525 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1526 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1527 return -EINVAL;
1528 }
7267c094 1529 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1530
1531 wp->vaddr = addr;
b4051334 1532 wp->len_mask = len_mask;
a1d1bb31
AL		 1533 wp->flags = flags;
1534
2dc9f411 1535 /* keep all GDB-injected watchpoints in front */
c0ce998e 1536 if (flags & BP_GDB)
72cf2d4f 1537 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1538 else
72cf2d4f 1539 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1540
6658ffb8 1541 tlb_flush_page(env, addr);
a1d1bb31
AL		 1542
1543 if (watchpoint)
1544 *watchpoint = wp;
1545 return 0;
6658ffb8
PB		 1546}
1547
a1d1bb31 1548/* Remove a specific watchpoint. */
9349b4f9 1549int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1550 int flags)
6658ffb8 1551{
b4051334 1552 target_ulong len_mask = ~(len - 1);
a1d1bb31 1553 CPUWatchpoint *wp;
6658ffb8 1554
72cf2d4f 1555 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1556 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1557 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1558 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1559 return 0;
1560 }
1561 }
a1d1bb31 1562 return -ENOENT;
6658ffb8
PB		 1563}
1564
a1d1bb31 1565/* Remove a specific watchpoint by reference. */
9349b4f9 1566void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1567{
72cf2d4f 1568 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1569
a1d1bb31
AL		 1570 tlb_flush_page(env, watchpoint->vaddr);
1571
7267c094 1572 g_free(watchpoint);
a1d1bb31
AL		 1573}
1574
1575/* Remove all matching watchpoints. */
9349b4f9 1576void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1577{
c0ce998e 1578 CPUWatchpoint *wp, *next;
a1d1bb31 1579
72cf2d4f 1580 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1581 if (wp->flags & mask)
1582 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1583 }
7d03f82f 1584}
c527ee8f 1585#endif
7d03f82f 1586
a1d1bb31 1587/* Add a breakpoint. */
9349b4f9 1588int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1589 CPUBreakpoint **breakpoint)
4c3a88a2 1590{
1fddef4b 1591#if defined(TARGET_HAS_ICE)
c0ce998e 1592 CPUBreakpoint *bp;
3b46e624 1593
7267c094 1594 bp = g_malloc(sizeof(*bp));
4c3a88a2 1595
a1d1bb31
AL		 1596 bp->pc = pc;
1597 bp->flags = flags;
1598
2dc9f411 1599 /* keep all GDB-injected breakpoints in front */
c0ce998e 1600 if (flags & BP_GDB)
72cf2d4f 1601 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1602 else
72cf2d4f 1603 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1604
d720b93d 1605 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1606
1607 if (breakpoint)
1608 *breakpoint = bp;
4c3a88a2
FB		 1609 return 0;
1610#else
a1d1bb31 1611 return -ENOSYS;
4c3a88a2
FB		 1612#endif
1613}
1614
a1d1bb31 1615/* Remove a specific breakpoint. */
9349b4f9 1616int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1617{
7d03f82f 1618#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1619 CPUBreakpoint *bp;
1620
72cf2d4f 1621 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1622 if (bp->pc == pc && bp->flags == flags) {
1623 cpu_breakpoint_remove_by_ref(env, bp);
1624 return 0;
1625 }
7d03f82f 1626 }
a1d1bb31
AL		 1627 return -ENOENT;
1628#else
1629 return -ENOSYS;
7d03f82f
EI		 1630#endif
1631}
1632
a1d1bb31 1633/* Remove a specific breakpoint by reference. */
9349b4f9 1634void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1635{
1fddef4b 1636#if defined(TARGET_HAS_ICE)
72cf2d4f 1637 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1638
a1d1bb31
AL		 1639 breakpoint_invalidate(env, breakpoint->pc);
1640
7267c094 1641 g_free(breakpoint);
a1d1bb31
AL		 1642#endif
1643}
1644
1645/* Remove all matching breakpoints. */
9349b4f9 1646void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1647{
1648#if defined(TARGET_HAS_ICE)
c0ce998e 1649 CPUBreakpoint *bp, *next;
a1d1bb31 1650
72cf2d4f 1651 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1652 if (bp->flags & mask)
1653 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1654 }
4c3a88a2
FB		 1655#endif
1656}
1657
c33a346e
FB		 1658/* enable or disable single step mode. EXCP_DEBUG is returned by the
1659 CPU loop after each instruction */
9349b4f9 1660void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1661{
1fddef4b 1662#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1663 if (env->singlestep_enabled != enabled) {
1664 env->singlestep_enabled = enabled;
e22a25c9
AL		 1665 if (kvm_enabled())
1666 kvm_update_guest_debug(env, 0);
1667 else {
ccbb4d44 1668 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1669 /* XXX: only flush what is necessary */
1670 tb_flush(env);
1671 }
c33a346e
FB		 1672 }
1673#endif
1674}
1675
9349b4f9 1676static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1677{
3098dba0
AJ		 1678 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1679 problem and hope the cpu will stop of its own accord. For userspace
1680 emulation this often isn't actually as bad as it sounds. Often
1681 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1682 TranslationBlock *tb;
c227f099 1683 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1684
cab1b4bd 1685 spin_lock(&interrupt_lock);
3098dba0
AJ		 1686 tb = env->current_tb;
1687 /* if the cpu is currently executing code, we must unlink it and
1688 all the potentially executing TB */
f76cfe56 1689 if (tb) {
3098dba0
AJ		 1690 env->current_tb = NULL;
1691 tb_reset_jump_recursive(tb);
be214e6c 1692 }
cab1b4bd 1693 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1694}
1695
97ffbd8d 1696#ifndef CONFIG_USER_ONLY
3098dba0 1697/* mask must never be zero, except for A20 change call */
9349b4f9 1698static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1699{
1700 int old_mask;
be214e6c 1701
2e70f6ef 1702 old_mask = env->interrupt_request;
68a79315 1703 env->interrupt_request |= mask;
3098dba0 1704
8edac960
AL		 1705 /*
1706 * If called from iothread context, wake the target cpu in
1707 * case its halted.
1708 */
b7680cb6 1709 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1710 qemu_cpu_kick(env);
1711 return;
1712 }
8edac960 1713
2e70f6ef 1714 if (use_icount) {
266910c4 1715 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1716 if (!can_do_io(env)
be214e6c 1717 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1718 cpu_abort(env, "Raised interrupt while not in I/O function");
1719 }
2e70f6ef 1720 } else {
3098dba0 1721 cpu_unlink_tb(env);
ea041c0e
FB		 1722 }
1723}
1724
ec6959d0
JK		 1725CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1726
97ffbd8d
JK		 1727#else /* CONFIG_USER_ONLY */
1728
9349b4f9 1729void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1730{
1731 env->interrupt_request |= mask;
1732 cpu_unlink_tb(env);
1733}
1734#endif /* CONFIG_USER_ONLY */
1735
9349b4f9 1736void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1737{
1738 env->interrupt_request &= ~mask;
1739}
1740
9349b4f9 1741void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1742{
1743 env->exit_request = 1;
1744 cpu_unlink_tb(env);
1745}
1746
9349b4f9 1747void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1748{
1749 va_list ap;
493ae1f0 1750 va_list ap2;
7501267e
FB		 1751
1752 va_start(ap, fmt);
493ae1f0 1753 va_copy(ap2, ap);
7501267e
FB		 1754 fprintf(stderr, "qemu: fatal: ");
1755 vfprintf(stderr, fmt, ap);
1756 fprintf(stderr, "\n");
6fd2a026 1757 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1758 if (qemu_log_enabled()) {
1759 qemu_log("qemu: fatal: ");
1760 qemu_log_vprintf(fmt, ap2);
1761 qemu_log("\n");
6fd2a026 1762 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1763 qemu_log_flush();
93fcfe39 1764 qemu_log_close();
924edcae 1765 }
493ae1f0 1766 va_end(ap2);
f9373291 1767 va_end(ap);
fd052bf6
RV		 1768#if defined(CONFIG_USER_ONLY)
1769 {
1770 struct sigaction act;
1771 sigfillset(&act.sa_mask);
1772 act.sa_handler = SIG_DFL;
1773 sigaction(SIGABRT, &act, NULL);
1774 }
1775#endif
7501267e
FB		 1776 abort();
1777}
1778
9349b4f9 1779CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1780{
9349b4f9
AF		 1781 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1782 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1783 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1784#if defined(TARGET_HAS_ICE)
1785 CPUBreakpoint *bp;
1786 CPUWatchpoint *wp;
1787#endif
1788
9349b4f9 1789 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1790
1791 /* Preserve chaining and index. */
c5be9f08
TS		 1792 new_env->next_cpu = next_cpu;
1793 new_env->cpu_index = cpu_index;
5a38f081
AL		 1794
1795 /* Clone all break/watchpoints.
1796 Note: Once we support ptrace with hw-debug register access, make sure
1797 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1798 QTAILQ_INIT(&env->breakpoints);
1799 QTAILQ_INIT(&env->watchpoints);
5a38f081 1800#if defined(TARGET_HAS_ICE)
72cf2d4f 1801 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1802 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1803 }
72cf2d4f 1804 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1805 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1806 wp->flags, NULL);
1807 }
1808#endif
1809
c5be9f08
TS		 1810 return new_env;
1811}
1812
0124311e 1813#if !defined(CONFIG_USER_ONLY)
0cac1b66 1814void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1815{
1816 unsigned int i;
1817
1818 /* Discard jump cache entries for any tb which might potentially
1819 overlap the flushed page. */
1820 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1821 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1822 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1823
1824 i = tb_jmp_cache_hash_page(addr);
1825 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1826 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1827}
1828
d24981d3
JQ		 1829static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1830 uintptr_t length)
1831{
1832 uintptr_t start1;
1833
1834 /* we modify the TLB cache so that the dirty bit will be set again
1835 when accessing the range */
1836 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1837 /* Check that we don't span multiple blocks - this breaks the
1838 address comparisons below. */
1839 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1840 != (end - 1) - start) {
1841 abort();
1842 }
1843 cpu_tlb_reset_dirty_all(start1, length);
1844
1845}
1846
5579c7f3 1847/* Note: start and end must be within the same ram block. */
c227f099 1848void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1849 int dirty_flags)
1ccde1cb 1850{
d24981d3 1851 uintptr_t length;
1ccde1cb
FB		 1852
1853 start &= TARGET_PAGE_MASK;
1854 end = TARGET_PAGE_ALIGN(end);
1855
1856 length = end - start;
1857 if (length == 0)
1858 return;
f7c11b53 1859 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1860
d24981d3
JQ		 1861 if (tcg_enabled()) {
1862 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1863 }
1ccde1cb
FB		 1864}
1865
74576198
AL		 1866int cpu_physical_memory_set_dirty_tracking(int enable)
1867{
f6f3fbca 1868 int ret = 0;
74576198 1869 in_migration = enable;
f6f3fbca 1870 return ret;
74576198
AL		 1871}
1872
e5548617
BS		 1873target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1874 MemoryRegionSection *section,
1875 target_ulong vaddr,
1876 target_phys_addr_t paddr,
1877 int prot,
1878 target_ulong *address)
1879{
1880 target_phys_addr_t iotlb;
1881 CPUWatchpoint *wp;
1882
cc5bea60 1883 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1884 /* Normal RAM. */
1885 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1886 + memory_region_section_addr(section, paddr);
e5548617
BS		 1887 if (!section->readonly) {
1888 iotlb |= phys_section_notdirty;
1889 } else {
1890 iotlb |= phys_section_rom;
1891 }
1892 } else {
1893 /* IO handlers are currently passed a physical address.
1894 It would be nice to pass an offset from the base address
1895 of that region. This would avoid having to special case RAM,
1896 and avoid full address decoding in every device.
1897 We can't use the high bits of pd for this because
1898 IO_MEM_ROMD uses these as a ram address. */
1899 iotlb = section - phys_sections;
cc5bea60 1900 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1901 }
1902
1903 /* Make accesses to pages with watchpoints go via the
1904 watchpoint trap routines. */
1905 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1906 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1907 /* Avoid trapping reads of pages with a write breakpoint. */
1908 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1909 iotlb = phys_section_watch + paddr;
1910 *address |= TLB_MMIO;
1911 break;
1912 }
1913 }
1914 }
1915
1916 return iotlb;
1917}
1918
0124311e 1919#else
edf8e2af
MW		 1920/*
1921 * Walks guest process memory "regions" one by one
1922 * and calls callback function 'fn' for each region.
1923 */
5cd2c5b6
RH		 1924
1925struct walk_memory_regions_data
1926{
1927 walk_memory_regions_fn fn;
1928 void *priv;
8efe0ca8 1929 uintptr_t start;
5cd2c5b6
RH		 1930 int prot;
1931};
1932
1933static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1934 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1935{
1936 if (data->start != -1ul) {
1937 int rc = data->fn(data->priv, data->start, end, data->prot);
1938 if (rc != 0) {
1939 return rc;
1940 }
1941 }
1942
1943 data->start = (new_prot ? end : -1ul);
1944 data->prot = new_prot;
1945
1946 return 0;
1947}
1948
1949static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1950 abi_ulong base, int level, void **lp)
5cd2c5b6 1951{
b480d9b7 1952 abi_ulong pa;
5cd2c5b6
RH		 1953 int i, rc;
1954
1955 if (*lp == NULL) {
1956 return walk_memory_regions_end(data, base, 0);
1957 }
1958
1959 if (level == 0) {
1960 PageDesc *pd = *lp;
7296abac 1961 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1962 int prot = pd[i].flags;
1963
1964 pa = base | (i << TARGET_PAGE_BITS);
1965 if (prot != data->prot) {
1966 rc = walk_memory_regions_end(data, pa, prot);
1967 if (rc != 0) {
1968 return rc;
9fa3e853 1969 }
9fa3e853 1970 }
5cd2c5b6
RH		 1971 }
1972 } else {
1973 void **pp = *lp;
7296abac 1974 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1975 pa = base | ((abi_ulong)i <<
1976 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1977 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1978 if (rc != 0) {
1979 return rc;
1980 }
1981 }
1982 }
1983
1984 return 0;
1985}
1986
1987int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1988{
1989 struct walk_memory_regions_data data;
8efe0ca8 1990 uintptr_t i;
5cd2c5b6
RH		 1991
1992 data.fn = fn;
1993 data.priv = priv;
1994 data.start = -1ul;
1995 data.prot = 0;
1996
1997 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1998 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1999 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2000 if (rc != 0) {
2001 return rc;
9fa3e853 2002 }
33417e70 2003 }
5cd2c5b6
RH		 2004
2005 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2006}
2007
b480d9b7
PB		 2008static int dump_region(void *priv, abi_ulong start,
2009 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2010{
2011 FILE *f = (FILE *)priv;
2012
b480d9b7
PB		 2013 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2014 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2015 start, end, end - start,
2016 ((prot & PAGE_READ) ? 'r' : '-'),
2017 ((prot & PAGE_WRITE) ? 'w' : '-'),
2018 ((prot & PAGE_EXEC) ? 'x' : '-'));
2019
2020 return (0);
2021}
2022
2023/* dump memory mappings */
2024void page_dump(FILE *f)
2025{
2026 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2027 "start", "end", "size", "prot");
2028 walk_memory_regions(f, dump_region);
33417e70
FB		 2029}
2030
53a5960a 2031int page_get_flags(target_ulong address)
33417e70 2032{
9fa3e853
FB		 2033 PageDesc *p;
2034
2035 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2036 if (!p)
9fa3e853
FB		 2037 return 0;
2038 return p->flags;
2039}
2040
376a7909
RH		 2041/* Modify the flags of a page and invalidate the code if necessary.
2042 The flag PAGE_WRITE_ORG is positioned automatically depending
2043 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2044void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2045{
376a7909
RH		 2046 target_ulong addr, len;
2047
2048 /* This function should never be called with addresses outside the
2049 guest address space. If this assert fires, it probably indicates
2050 a missing call to h2g_valid. */
b480d9b7
PB		 2051#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2052 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2053#endif
2054 assert(start < end);
9fa3e853
FB		 2055
2056 start = start & TARGET_PAGE_MASK;
2057 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2058
2059 if (flags & PAGE_WRITE) {
9fa3e853 2060 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2061 }
2062
2063 for (addr = start, len = end - start;
2064 len != 0;
2065 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2066 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2067
2068 /* If the write protection bit is set, then we invalidate
2069 the code inside. */
5fafdf24 2070 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2071 (flags & PAGE_WRITE) &&
2072 p->first_tb) {
d720b93d 2073 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2074 }
2075 p->flags = flags;
2076 }
33417e70
FB		 2077}
2078
3d97b40b
TS		 2079int page_check_range(target_ulong start, target_ulong len, int flags)
2080{
2081 PageDesc *p;
2082 target_ulong end;
2083 target_ulong addr;
2084
376a7909
RH		 2085 /* This function should never be called with addresses outside the
2086 guest address space. If this assert fires, it probably indicates
2087 a missing call to h2g_valid. */
338e9e6c
BS		 2088#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2089 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2090#endif
2091
3e0650a9
RH		 2092 if (len == 0) {
2093 return 0;
2094 }
376a7909
RH		 2095 if (start + len - 1 < start) {
2096 /* We've wrapped around. */
55f280c9 2097 return -1;
376a7909 2098 }
55f280c9 2099
3d97b40b
TS		 2100 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2101 start = start & TARGET_PAGE_MASK;
2102
376a7909
RH		 2103 for (addr = start, len = end - start;
2104 len != 0;
2105 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2106 p = page_find(addr >> TARGET_PAGE_BITS);
2107 if( !p )
2108 return -1;
2109 if( !(p->flags & PAGE_VALID) )
2110 return -1;
2111
dae3270c 2112 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2113 return -1;
dae3270c
FB		 2114 if (flags & PAGE_WRITE) {
2115 if (!(p->flags & PAGE_WRITE_ORG))
2116 return -1;
2117 /* unprotect the page if it was put read-only because it
2118 contains translated code */
2119 if (!(p->flags & PAGE_WRITE)) {
2120 if (!page_unprotect(addr, 0, NULL))
2121 return -1;
2122 }
2123 return 0;
2124 }
3d97b40b
TS		 2125 }
2126 return 0;
2127}
2128
9fa3e853 2129/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2130 page. Return TRUE if the fault was successfully handled. */
6375e09e 2131int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2132{
45d679d6
AJ		 2133 unsigned int prot;
2134 PageDesc *p;
53a5960a 2135 target_ulong host_start, host_end, addr;
9fa3e853 2136
c8a706fe
PB		 2137 /* Technically this isn't safe inside a signal handler. However we
2138 know this only ever happens in a synchronous SEGV handler, so in
2139 practice it seems to be ok. */
2140 mmap_lock();
2141
45d679d6
AJ		 2142 p = page_find(address >> TARGET_PAGE_BITS);
2143 if (!p) {
c8a706fe 2144 mmap_unlock();
9fa3e853 2145 return 0;
c8a706fe 2146 }
45d679d6 2147
9fa3e853
FB		 2148 /* if the page was really writable, then we change its
2149 protection back to writable */
45d679d6
AJ		 2150 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2151 host_start = address & qemu_host_page_mask;
2152 host_end = host_start + qemu_host_page_size;
2153
2154 prot = 0;
2155 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2156 p = page_find(addr >> TARGET_PAGE_BITS);
2157 p->flags |= PAGE_WRITE;
2158 prot |= p->flags;
2159
9fa3e853
FB		 2160 /* and since the content will be modified, we must invalidate
2161 the corresponding translated code. */
45d679d6 2162 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2163#ifdef DEBUG_TB_CHECK
45d679d6 2164 tb_invalidate_check(addr);
9fa3e853 2165#endif
9fa3e853 2166 }
45d679d6
AJ		 2167 mprotect((void *)g2h(host_start), qemu_host_page_size,
2168 prot & PAGE_BITS);
2169
2170 mmap_unlock();
2171 return 1;
9fa3e853 2172 }
c8a706fe 2173 mmap_unlock();
9fa3e853
FB		 2174 return 0;
2175}
9fa3e853
FB		 2176#endif /* defined(CONFIG_USER_ONLY) */
2177
e2eef170 2178#if !defined(CONFIG_USER_ONLY)
8da3ff18 2179
c04b2b78
PB		 2180#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2181typedef struct subpage_t {
70c68e44 2182 MemoryRegion iomem;
c04b2b78 2183 target_phys_addr_t base;
5312bd8b 2184 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2185} subpage_t;
2186
c227f099 2187static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2188 uint16_t section);
0f0cb164 2189static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2190static void destroy_page_desc(uint16_t section_index)
54688b1e 2191{
5312bd8b
AK		 2192 MemoryRegionSection *section = &phys_sections[section_index];
2193 MemoryRegion *mr = section->mr;
54688b1e
AK		 2194
2195 if (mr->subpage) {
2196 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2197 memory_region_destroy(&subpage->iomem);
2198 g_free(subpage);
2199 }
2200}
2201
4346ae3e 2202static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2203{
2204 unsigned i;
d6f2ea22 2205 PhysPageEntry *p;
54688b1e 2206
c19e8800 2207 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2208 return;
2209 }
2210
c19e8800 2211 p = phys_map_nodes[lp->ptr];
4346ae3e 2212 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2213 if (!p[i].is_leaf) {
54688b1e 2214 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2215 } else {
c19e8800 2216 destroy_page_desc(p[i].ptr);
54688b1e 2217 }
54688b1e 2218 }
07f07b31 2219 lp->is_leaf = 0;
c19e8800 2220 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2221}
2222
2223static void destroy_all_mappings(void)
2224{
3eef53df 2225 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2226 phys_map_nodes_reset();
54688b1e
AK		 2227}
2228
5312bd8b
AK		 2229static uint16_t phys_section_add(MemoryRegionSection *section)
2230{
2231 if (phys_sections_nb == phys_sections_nb_alloc) {
2232 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2233 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2234 phys_sections_nb_alloc);
2235 }
2236 phys_sections[phys_sections_nb] = *section;
2237 return phys_sections_nb++;
2238}
2239
2240static void phys_sections_clear(void)
2241{
2242 phys_sections_nb = 0;
2243}
2244
0f0cb164
AK		 2245static void register_subpage(MemoryRegionSection *section)
2246{
2247 subpage_t *subpage;
2248 target_phys_addr_t base = section->offset_within_address_space
2249 & TARGET_PAGE_MASK;
f3705d53 2250 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2251 MemoryRegionSection subsection = {
2252 .offset_within_address_space = base,
2253 .size = TARGET_PAGE_SIZE,
2254 };
0f0cb164
AK		 2255 target_phys_addr_t start, end;
2256
f3705d53 2257 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2258
f3705d53 2259 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2260 subpage = subpage_init(base);
2261 subsection.mr = &subpage->iomem;
2999097b
AK		 2262 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2263 phys_section_add(&subsection));
0f0cb164 2264 } else {
f3705d53 2265 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2266 }
2267 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2268 end = start + section->size - 1;
0f0cb164
AK		 2269 subpage_register(subpage, start, end, phys_section_add(section));
2270}
2271
2272
2273static void register_multipage(MemoryRegionSection *section)
33417e70 2274{
dd81124b
AK		 2275 target_phys_addr_t start_addr = section->offset_within_address_space;
2276 ram_addr_t size = section->size;
2999097b 2277 target_phys_addr_t addr;
5312bd8b 2278 uint16_t section_index = phys_section_add(section);
dd81124b 2279
3b8e6a2d 2280 assert(size);
f6f3fbca 2281
3b8e6a2d 2282 addr = start_addr;
2999097b
AK		 2283 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2284 section_index);
33417e70
FB		 2285}
2286
0f0cb164
AK		 2287void cpu_register_physical_memory_log(MemoryRegionSection *section,
2288 bool readonly)
2289{
2290 MemoryRegionSection now = *section, remain = *section;
2291
2292 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2293 || (now.size < TARGET_PAGE_SIZE)) {
2294 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2295 - now.offset_within_address_space,
2296 now.size);
2297 register_subpage(&now);
2298 remain.size -= now.size;
2299 remain.offset_within_address_space += now.size;
2300 remain.offset_within_region += now.size;
2301 }
69b67646
TH		 2302 while (remain.size >= TARGET_PAGE_SIZE) {
2303 now = remain;
2304 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2305 now.size = TARGET_PAGE_SIZE;
2306 register_subpage(&now);
2307 } else {
2308 now.size &= TARGET_PAGE_MASK;
2309 register_multipage(&now);
2310 }
0f0cb164
AK		 2311 remain.size -= now.size;
2312 remain.offset_within_address_space += now.size;
2313 remain.offset_within_region += now.size;
2314 }
2315 now = remain;
2316 if (now.size) {
2317 register_subpage(&now);
2318 }
2319}
2320
2321
c227f099 2322void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2323{
2324 if (kvm_enabled())
2325 kvm_coalesce_mmio_region(addr, size);
2326}
2327
c227f099 2328void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2329{
2330 if (kvm_enabled())
2331 kvm_uncoalesce_mmio_region(addr, size);
2332}
2333
62a2744c
SY		 2334void qemu_flush_coalesced_mmio_buffer(void)
2335{
2336 if (kvm_enabled())
2337 kvm_flush_coalesced_mmio_buffer();
2338}
2339
c902760f
MT		 2340#if defined(__linux__) && !defined(TARGET_S390X)
2341
2342#include <sys/vfs.h>
2343
2344#define HUGETLBFS_MAGIC 0x958458f6
2345
2346static long gethugepagesize(const char *path)
2347{
2348 struct statfs fs;
2349 int ret;
2350
2351 do {
9742bf26 2352 ret = statfs(path, &fs);
c902760f
MT		 2353 } while (ret != 0 && errno == EINTR);
2354
2355 if (ret != 0) {
9742bf26
YT		 2356 perror(path);
2357 return 0;
c902760f
MT		 2358 }
2359
2360 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2361 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2362
2363 return fs.f_bsize;
2364}
2365
04b16653
AW		 2366static void *file_ram_alloc(RAMBlock *block,
2367 ram_addr_t memory,
2368 const char *path)
c902760f
MT		 2369{
2370 char *filename;
2371 void *area;
2372 int fd;
2373#ifdef MAP_POPULATE
2374 int flags;
2375#endif
2376 unsigned long hpagesize;
2377
2378 hpagesize = gethugepagesize(path);
2379 if (!hpagesize) {
9742bf26 2380 return NULL;
c902760f
MT		 2381 }
2382
2383 if (memory < hpagesize) {
2384 return NULL;
2385 }
2386
2387 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2388 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2389 return NULL;
2390 }
2391
2392 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2393 return NULL;
c902760f
MT		 2394 }
2395
2396 fd = mkstemp(filename);
2397 if (fd < 0) {
9742bf26
YT		 2398 perror("unable to create backing store for hugepages");
2399 free(filename);
2400 return NULL;
c902760f
MT		 2401 }
2402 unlink(filename);
2403 free(filename);
2404
2405 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2406
2407 /*
2408 * ftruncate is not supported by hugetlbfs in older
2409 * hosts, so don't bother bailing out on errors.
2410 * If anything goes wrong with it under other filesystems,
2411 * mmap will fail.
2412 */
2413 if (ftruncate(fd, memory))
9742bf26 2414 perror("ftruncate");
c902760f
MT		 2415
2416#ifdef MAP_POPULATE
2417 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2418 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2419 * to sidestep this quirk.
2420 */
2421 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2422 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2423#else
2424 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2425#endif
2426 if (area == MAP_FAILED) {
9742bf26
YT		 2427 perror("file_ram_alloc: can't mmap RAM pages");
2428 close(fd);
2429 return (NULL);
c902760f 2430 }
04b16653 2431 block->fd = fd;
c902760f
MT		 2432 return area;
2433}
2434#endif
2435
d17b5288 2436static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2437{
2438 RAMBlock *block, *next_block;
3e837b2c 2439 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2440
2441 if (QLIST_EMPTY(&ram_list.blocks))
2442 return 0;
2443
2444 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2445 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2446
2447 end = block->offset + block->length;
2448
2449 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2450 if (next_block->offset >= end) {
2451 next = MIN(next, next_block->offset);
2452 }
2453 }
2454 if (next - end >= size && next - end < mingap) {
3e837b2c 2455 offset = end;
04b16653
AW		 2456 mingap = next - end;
2457 }
2458 }
3e837b2c
AW		 2459
2460 if (offset == RAM_ADDR_MAX) {
2461 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2462 (uint64_t)size);
2463 abort();
2464 }
2465
04b16653
AW		 2466 return offset;
2467}
2468
2469static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2470{
2471 RAMBlock *block;
2472 ram_addr_t last = 0;
2473
2474 QLIST_FOREACH(block, &ram_list.blocks, next)
2475 last = MAX(last, block->offset + block->length);
2476
2477 return last;
2478}
2479
ddb97f1d
JB		 2480static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2481{
2482 int ret;
2483 QemuOpts *machine_opts;
2484
2485 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2486 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2487 if (machine_opts &&
2488 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2489 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2490 if (ret) {
2491 perror("qemu_madvise");
2492 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2493 "but dump_guest_core=off specified\n");
2494 }
2495 }
2496}
2497
c5705a77 2498void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2499{
2500 RAMBlock *new_block, *block;
2501
c5705a77
AK		 2502 new_block = NULL;
2503 QLIST_FOREACH(block, &ram_list.blocks, next) {
2504 if (block->offset == addr) {
2505 new_block = block;
2506 break;
2507 }
2508 }
2509 assert(new_block);
2510 assert(!new_block->idstr[0]);
84b89d78 2511
09e5ab63
AL		 2512 if (dev) {
2513 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2514 if (id) {
2515 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2516 g_free(id);
84b89d78
CM		 2517 }
2518 }
2519 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2520
2521 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2522 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2523 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2524 new_block->idstr);
2525 abort();
2526 }
2527 }
c5705a77
AK		 2528}
2529
8490fc78
LC		 2530static int memory_try_enable_merging(void *addr, size_t len)
2531{
2532 QemuOpts *opts;
2533
2534 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2535 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2536 /* disabled by the user */
2537 return 0;
2538 }
2539
2540 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2541}
2542
c5705a77
AK		 2543ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2544 MemoryRegion *mr)
2545{
2546 RAMBlock *new_block;
2547
2548 size = TARGET_PAGE_ALIGN(size);
2549 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2550
7c637366 2551 new_block->mr = mr;
432d268c 2552 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2553 if (host) {
2554 new_block->host = host;
cd19cfa2 2555 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2556 } else {
2557 if (mem_path) {
c902760f 2558#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2559 new_block->host = file_ram_alloc(new_block, size, mem_path);
2560 if (!new_block->host) {
2561 new_block->host = qemu_vmalloc(size);
8490fc78 2562 memory_try_enable_merging(new_block->host, size);
6977dfe6 2563 }
c902760f 2564#else
6977dfe6
YT		 2565 fprintf(stderr, "-mem-path option unsupported\n");
2566 exit(1);
c902760f 2567#endif
6977dfe6 2568 } else {
868bb33f 2569 if (xen_enabled()) {
fce537d4 2570 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2571 } else if (kvm_enabled()) {
2572 /* some s390/kvm configurations have special constraints */
2573 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2574 } else {
2575 new_block->host = qemu_vmalloc(size);
2576 }
8490fc78 2577 memory_try_enable_merging(new_block->host, size);
6977dfe6 2578 }
c902760f 2579 }
94a6b54f
PB		 2580 new_block->length = size;
2581
f471a17e 2582 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2583
7267c094 2584 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2585 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2586 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2587 0, size >> TARGET_PAGE_BITS);
1720aeee 2588 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2589
ddb97f1d
JB		 2590 qemu_ram_setup_dump(new_block->host, size);
2591
6f0437e8
JK		 2592 if (kvm_enabled())
2593 kvm_setup_guest_memory(new_block->host, size);
2594
94a6b54f
PB		 2595 return new_block->offset;
2596}
e9a1ab19 2597
c5705a77 2598ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2599{
c5705a77 2600 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2601}
2602
1f2e98b6
AW		 2603void qemu_ram_free_from_ptr(ram_addr_t addr)
2604{
2605 RAMBlock *block;
2606
2607 QLIST_FOREACH(block, &ram_list.blocks, next) {
2608 if (addr == block->offset) {
2609 QLIST_REMOVE(block, next);
7267c094 2610 g_free(block);
1f2e98b6
AW		 2611 return;
2612 }
2613 }
2614}
2615
c227f099 2616void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2617{
04b16653
AW		 2618 RAMBlock *block;
2619
2620 QLIST_FOREACH(block, &ram_list.blocks, next) {
2621 if (addr == block->offset) {
2622 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2623 if (block->flags & RAM_PREALLOC_MASK) {
2624 ;
2625 } else if (mem_path) {
04b16653
AW		 2626#if defined (__linux__) && !defined(TARGET_S390X)
2627 if (block->fd) {
2628 munmap(block->host, block->length);
2629 close(block->fd);
2630 } else {
2631 qemu_vfree(block->host);
2632 }
fd28aa13
JK		 2633#else
2634 abort();
04b16653
AW		 2635#endif
2636 } else {
2637#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2638 munmap(block->host, block->length);
2639#else
868bb33f 2640 if (xen_enabled()) {
e41d7c69 2641 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2642 } else {
2643 qemu_vfree(block->host);
2644 }
04b16653
AW		 2645#endif
2646 }
7267c094 2647 g_free(block);
04b16653
AW		 2648 return;
2649 }
2650 }
2651
e9a1ab19
FB		 2652}
2653
cd19cfa2
HY		 2654#ifndef _WIN32
2655void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2656{
2657 RAMBlock *block;
2658 ram_addr_t offset;
2659 int flags;
2660 void *area, *vaddr;
2661
2662 QLIST_FOREACH(block, &ram_list.blocks, next) {
2663 offset = addr - block->offset;
2664 if (offset < block->length) {
2665 vaddr = block->host + offset;
2666 if (block->flags & RAM_PREALLOC_MASK) {
2667 ;
2668 } else {
2669 flags = MAP_FIXED;
2670 munmap(vaddr, length);
2671 if (mem_path) {
2672#if defined(__linux__) && !defined(TARGET_S390X)
2673 if (block->fd) {
2674#ifdef MAP_POPULATE
2675 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2676 MAP_PRIVATE;
2677#else
2678 flags |= MAP_PRIVATE;
2679#endif
2680 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2681 flags, block->fd, offset);
2682 } else {
2683 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2684 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2685 flags, -1, 0);
2686 }
fd28aa13
JK		 2687#else
2688 abort();
cd19cfa2
HY		 2689#endif
2690 } else {
2691#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2692 flags |= MAP_SHARED | MAP_ANONYMOUS;
2693 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2694 flags, -1, 0);
2695#else
2696 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2697 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2698 flags, -1, 0);
2699#endif
2700 }
2701 if (area != vaddr) {
f15fbc4b
AP		 2702 fprintf(stderr, "Could not remap addr: "
2703 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2704 length, addr);
2705 exit(1);
2706 }
8490fc78 2707 memory_try_enable_merging(vaddr, length);
ddb97f1d 2708 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2709 }
2710 return;
2711 }
2712 }
2713}
2714#endif /* !_WIN32 */
2715
dc828ca1 2716/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2717 With the exception of the softmmu code in this file, this should
2718 only be used for local memory (e.g. video ram) that the device owns,
2719 and knows it isn't going to access beyond the end of the block.
2720
2721 It should not be used for general purpose DMA.
2722 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2723 */
c227f099 2724void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2725{
94a6b54f
PB		 2726 RAMBlock *block;
2727
f471a17e
AW		 2728 QLIST_FOREACH(block, &ram_list.blocks, next) {
2729 if (addr - block->offset < block->length) {
7d82af38
VP		 2730 /* Move this entry to to start of the list. */
2731 if (block != QLIST_FIRST(&ram_list.blocks)) {
2732 QLIST_REMOVE(block, next);
2733 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2734 }
868bb33f 2735 if (xen_enabled()) {
432d268c
JN		 2736 /* We need to check if the requested address is in the RAM
2737 * because we don't want to map the entire memory in QEMU.
712c2b41 2738 * In that case just map until the end of the page.
432d268c
JN		 2739 */
2740 if (block->offset == 0) {
e41d7c69 2741 return xen_map_cache(addr, 0, 0);
432d268c 2742 } else if (block->host == NULL) {
e41d7c69
JK		 2743 block->host =
2744 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2745 }
2746 }
f471a17e
AW		 2747 return block->host + (addr - block->offset);
2748 }
94a6b54f 2749 }
f471a17e
AW		 2750
2751 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2752 abort();
2753
2754 return NULL;
dc828ca1
PB		 2755}
2756
b2e0a138
MT		 2757/* Return a host pointer to ram allocated with qemu_ram_alloc.
2758 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2759 */
2760void *qemu_safe_ram_ptr(ram_addr_t addr)
2761{
2762 RAMBlock *block;
2763
2764 QLIST_FOREACH(block, &ram_list.blocks, next) {
2765 if (addr - block->offset < block->length) {
868bb33f 2766 if (xen_enabled()) {
432d268c
JN		 2767 /* We need to check if the requested address is in the RAM
2768 * because we don't want to map the entire memory in QEMU.
712c2b41 2769 * In that case just map until the end of the page.
432d268c
JN		 2770 */
2771 if (block->offset == 0) {
e41d7c69 2772 return xen_map_cache(addr, 0, 0);
432d268c 2773 } else if (block->host == NULL) {
e41d7c69
JK		 2774 block->host =
2775 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2776 }
2777 }
b2e0a138
MT		 2778 return block->host + (addr - block->offset);
2779 }
2780 }
2781
2782 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2783 abort();
2784
2785 return NULL;
2786}
2787
38bee5dc
SS		 2788/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2789 * but takes a size argument */
8ab934f9 2790void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2791{
8ab934f9
SS		 2792 if (*size == 0) {
2793 return NULL;
2794 }
868bb33f 2795 if (xen_enabled()) {
e41d7c69 2796 return xen_map_cache(addr, *size, 1);
868bb33f 2797 } else {
38bee5dc
SS		 2798 RAMBlock *block;
2799
2800 QLIST_FOREACH(block, &ram_list.blocks, next) {
2801 if (addr - block->offset < block->length) {
2802 if (addr - block->offset + *size > block->length)
2803 *size = block->length - addr + block->offset;
2804 return block->host + (addr - block->offset);
2805 }
2806 }
2807
2808 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2809 abort();
38bee5dc
SS		 2810 }
2811}
2812
050a0ddf
AP		 2813void qemu_put_ram_ptr(void *addr)
2814{
2815 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2816}
2817
e890261f 2818int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2819{
94a6b54f
PB		 2820 RAMBlock *block;
2821 uint8_t *host = ptr;
2822
868bb33f 2823 if (xen_enabled()) {
e41d7c69 2824 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2825 return 0;
2826 }
2827
f471a17e 2828 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2829 /* This case append when the block is not mapped. */
2830 if (block->host == NULL) {
2831 continue;
2832 }
f471a17e 2833 if (host - block->host < block->length) {
e890261f
MT		 2834 *ram_addr = block->offset + (host - block->host);
2835 return 0;
f471a17e 2836 }
94a6b54f 2837 }
432d268c 2838
e890261f
MT		 2839 return -1;
2840}
f471a17e 2841
e890261f
MT		 2842/* Some of the softmmu routines need to translate from a host pointer
2843 (typically a TLB entry) back to a ram offset. */
2844ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2845{
2846 ram_addr_t ram_addr;
f471a17e 2847
e890261f
MT		 2848 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2849 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2850 abort();
2851 }
2852 return ram_addr;
5579c7f3
PB		 2853}
2854
0e0df1e2
AK		 2855static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2856 unsigned size)
e18231a3
BS		 2857{
2858#ifdef DEBUG_UNASSIGNED
2859 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2860#endif
5b450407 2861#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2862 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2863#endif
2864 return 0;
2865}
2866
0e0df1e2
AK		 2867static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2868 uint64_t val, unsigned size)
e18231a3
BS		 2869{
2870#ifdef DEBUG_UNASSIGNED
0e0df1e2 2871 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2872#endif
5b450407 2873#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2874 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2875#endif
33417e70
FB		 2876}
2877
0e0df1e2
AK		 2878static const MemoryRegionOps unassigned_mem_ops = {
2879 .read = unassigned_mem_read,
2880 .write = unassigned_mem_write,
2881 .endianness = DEVICE_NATIVE_ENDIAN,
2882};
e18231a3 2883
0e0df1e2
AK		 2884static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2885 unsigned size)
e18231a3 2886{
0e0df1e2 2887 abort();
e18231a3
BS		 2888}
2889
0e0df1e2
AK		 2890static void error_mem_write(void *opaque, target_phys_addr_t addr,
2891 uint64_t value, unsigned size)
e18231a3 2892{
0e0df1e2 2893 abort();
33417e70
FB		 2894}
2895
0e0df1e2
AK		 2896static const MemoryRegionOps error_mem_ops = {
2897 .read = error_mem_read,
2898 .write = error_mem_write,
2899 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2900};
2901
0e0df1e2
AK		 2902static const MemoryRegionOps rom_mem_ops = {
2903 .read = error_mem_read,
2904 .write = unassigned_mem_write,
2905 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2906};
2907
0e0df1e2
AK		 2908static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2909 uint64_t val, unsigned size)
9fa3e853 2910{
3a7d929e 2911 int dirty_flags;
f7c11b53 2912 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2913 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2914#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2915 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2916 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2917#endif
3a7d929e 2918 }
0e0df1e2
AK		 2919 switch (size) {
2920 case 1:
2921 stb_p(qemu_get_ram_ptr(ram_addr), val);
2922 break;
2923 case 2:
2924 stw_p(qemu_get_ram_ptr(ram_addr), val);
2925 break;
2926 case 4:
2927 stl_p(qemu_get_ram_ptr(ram_addr), val);
2928 break;
2929 default:
2930 abort();
3a7d929e 2931 }
f23db169 2932 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2933 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2934 /* we remove the notdirty callback only if the code has been
2935 flushed */
2936 if (dirty_flags == 0xff)
2e70f6ef 2937 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2938}
2939
0e0df1e2
AK		 2940static const MemoryRegionOps notdirty_mem_ops = {
2941 .read = error_mem_read,
2942 .write = notdirty_mem_write,
2943 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2944};
2945
0f459d16 2946/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2947static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2948{
9349b4f9 2949 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2950 target_ulong pc, cs_base;
2951 TranslationBlock *tb;
0f459d16 2952 target_ulong vaddr;
a1d1bb31 2953 CPUWatchpoint *wp;
06d55cc1 2954 int cpu_flags;
0f459d16 2955
06d55cc1
AL		 2956 if (env->watchpoint_hit) {
2957 /* We re-entered the check after replacing the TB. Now raise
2958 * the debug interrupt so that is will trigger after the
2959 * current instruction. */
2960 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2961 return;
2962 }
2e70f6ef 2963 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2964 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2965 if ((vaddr == (wp->vaddr & len_mask) ||
2966 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2967 wp->flags |= BP_WATCHPOINT_HIT;
2968 if (!env->watchpoint_hit) {
2969 env->watchpoint_hit = wp;
2970 tb = tb_find_pc(env->mem_io_pc);
2971 if (!tb) {
2972 cpu_abort(env, "check_watchpoint: could not find TB for "
2973 "pc=%p", (void *)env->mem_io_pc);
2974 }
618ba8e6 2975 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2976 tb_phys_invalidate(tb, -1);
2977 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2978 env->exception_index = EXCP_DEBUG;
488d6577 2979 cpu_loop_exit(env);
6e140f28
AL		 2980 } else {
2981 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2982 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2983 cpu_resume_from_signal(env, NULL);
6e140f28 2984 }
06d55cc1 2985 }
6e140f28
AL		 2986 } else {
2987 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2988 }
2989 }
2990}
2991
6658ffb8
PB		 2992/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2993 so these check for a hit then pass through to the normal out-of-line
2994 phys routines. */
1ec9b909
AK		 2995static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
2996 unsigned size)
6658ffb8 2997{
1ec9b909
AK		 2998 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2999 switch (size) {
3000 case 1: return ldub_phys(addr);
3001 case 2: return lduw_phys(addr);
3002 case 4: return ldl_phys(addr);
3003 default: abort();
3004 }
6658ffb8
PB		 3005}
3006
1ec9b909
AK		 3007static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3008 uint64_t val, unsigned size)
6658ffb8 3009{
1ec9b909
AK		 3010 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3011 switch (size) {
67364150
MF		 3012 case 1:
3013 stb_phys(addr, val);
3014 break;
3015 case 2:
3016 stw_phys(addr, val);
3017 break;
3018 case 4:
3019 stl_phys(addr, val);
3020 break;
1ec9b909
AK		 3021 default: abort();
3022 }
6658ffb8
PB		 3023}
3024
1ec9b909
AK		 3025static const MemoryRegionOps watch_mem_ops = {
3026 .read = watch_mem_read,
3027 .write = watch_mem_write,
3028 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3029};
6658ffb8 3030
70c68e44
AK		 3031static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3032 unsigned len)
db7b5426 3033{
70c68e44 3034 subpage_t *mmio = opaque;
f6405247 3035 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3036 MemoryRegionSection *section;
db7b5426
BS		 3037#if defined(DEBUG_SUBPAGE)
3038 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3039 mmio, len, addr, idx);
3040#endif
db7b5426 3041
5312bd8b
AK		 3042 section = &phys_sections[mmio->sub_section[idx]];
3043 addr += mmio->base;
3044 addr -= section->offset_within_address_space;
3045 addr += section->offset_within_region;
37ec01d4 3046 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3047}
3048
70c68e44
AK		 3049static void subpage_write(void *opaque, target_phys_addr_t addr,
3050 uint64_t value, unsigned len)
db7b5426 3051{
70c68e44 3052 subpage_t *mmio = opaque;
f6405247 3053 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3054 MemoryRegionSection *section;
db7b5426 3055#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3056 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3057 " idx %d value %"PRIx64"\n",
f6405247 3058 __func__, mmio, len, addr, idx, value);
db7b5426 3059#endif
f6405247 3060
5312bd8b
AK		 3061 section = &phys_sections[mmio->sub_section[idx]];
3062 addr += mmio->base;
3063 addr -= section->offset_within_address_space;
3064 addr += section->offset_within_region;
37ec01d4 3065 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3066}
3067
70c68e44
AK		 3068static const MemoryRegionOps subpage_ops = {
3069 .read = subpage_read,
3070 .write = subpage_write,
3071 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3072};
3073
de712f94
AK		 3074static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3075 unsigned size)
56384e8b
AF		 3076{
3077 ram_addr_t raddr = addr;
3078 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3079 switch (size) {
3080 case 1: return ldub_p(ptr);
3081 case 2: return lduw_p(ptr);
3082 case 4: return ldl_p(ptr);
3083 default: abort();
3084 }
56384e8b
AF		 3085}
3086
de712f94
AK		 3087static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3088 uint64_t value, unsigned size)
56384e8b
AF		 3089{
3090 ram_addr_t raddr = addr;
3091 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3092 switch (size) {
3093 case 1: return stb_p(ptr, value);
3094 case 2: return stw_p(ptr, value);
3095 case 4: return stl_p(ptr, value);
3096 default: abort();
3097 }
56384e8b
AF		 3098}
3099
de712f94
AK		 3100static const MemoryRegionOps subpage_ram_ops = {
3101 .read = subpage_ram_read,
3102 .write = subpage_ram_write,
3103 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3104};
3105
c227f099 3106static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3107 uint16_t section)
db7b5426
BS		 3108{
3109 int idx, eidx;
3110
3111 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3112 return -1;
3113 idx = SUBPAGE_IDX(start);
3114 eidx = SUBPAGE_IDX(end);
3115#if defined(DEBUG_SUBPAGE)
0bf9e31a 3116 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3117 mmio, start, end, idx, eidx, memory);
3118#endif
5312bd8b
AK		 3119 if (memory_region_is_ram(phys_sections[section].mr)) {
3120 MemoryRegionSection new_section = phys_sections[section];
3121 new_section.mr = &io_mem_subpage_ram;
3122 section = phys_section_add(&new_section);
56384e8b 3123 }
db7b5426 3124 for (; idx <= eidx; idx++) {
5312bd8b 3125 mmio->sub_section[idx] = section;
db7b5426
BS		 3126 }
3127
3128 return 0;
3129}
3130
0f0cb164 3131static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3132{
c227f099 3133 subpage_t *mmio;
db7b5426 3134
7267c094 3135 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3136
3137 mmio->base = base;
70c68e44
AK		 3138 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3139 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3140 mmio->iomem.subpage = true;
db7b5426 3141#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3142 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3143 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3144#endif
0f0cb164 3145 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3146
3147 return mmio;
3148}
3149
5312bd8b
AK		 3150static uint16_t dummy_section(MemoryRegion *mr)
3151{
3152 MemoryRegionSection section = {
3153 .mr = mr,
3154 .offset_within_address_space = 0,
3155 .offset_within_region = 0,
3156 .size = UINT64_MAX,
3157 };
3158
3159 return phys_section_add(&section);
3160}
3161
37ec01d4 3162MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3163{
37ec01d4 3164 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3165}
3166
e9179ce1
AK		 3167static void io_mem_init(void)
3168{
0e0df1e2 3169 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3170 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3171 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3172 "unassigned", UINT64_MAX);
3173 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3174 "notdirty", UINT64_MAX);
de712f94
AK		 3175 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3176 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3177 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3178 "watch", UINT64_MAX);
e9179ce1
AK		 3179}
3180
50c1e149
AK		 3181static void core_begin(MemoryListener *listener)
3182{
54688b1e 3183 destroy_all_mappings();
5312bd8b 3184 phys_sections_clear();
c19e8800 3185 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3186 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3187 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3188 phys_section_rom = dummy_section(&io_mem_rom);
3189 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3190}
3191
3192static void core_commit(MemoryListener *listener)
3193{
9349b4f9 3194 CPUArchState *env;
117712c3
AK		 3195
3196 /* since each CPU stores ram addresses in its TLB cache, we must
3197 reset the modified entries */
3198 /* XXX: slow ! */
3199 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3200 tlb_flush(env, 1);
3201 }
50c1e149
AK		 3202}
3203
93632747
AK		 3204static void core_region_add(MemoryListener *listener,
3205 MemoryRegionSection *section)
3206{
4855d41a 3207 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3208}
3209
3210static void core_region_del(MemoryListener *listener,
3211 MemoryRegionSection *section)
3212{
93632747
AK		 3213}
3214
50c1e149
AK		 3215static void core_region_nop(MemoryListener *listener,
3216 MemoryRegionSection *section)
3217{
54688b1e 3218 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3219}
3220
93632747
AK		 3221static void core_log_start(MemoryListener *listener,
3222 MemoryRegionSection *section)
3223{
3224}
3225
3226static void core_log_stop(MemoryListener *listener,
3227 MemoryRegionSection *section)
3228{
3229}
3230
3231static void core_log_sync(MemoryListener *listener,
3232 MemoryRegionSection *section)
3233{
3234}
3235
3236static void core_log_global_start(MemoryListener *listener)
3237{
3238 cpu_physical_memory_set_dirty_tracking(1);
3239}
3240
3241static void core_log_global_stop(MemoryListener *listener)
3242{
3243 cpu_physical_memory_set_dirty_tracking(0);
3244}
3245
3246static void core_eventfd_add(MemoryListener *listener,
3247 MemoryRegionSection *section,
753d5e14 3248 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3249{
3250}
3251
3252static void core_eventfd_del(MemoryListener *listener,
3253 MemoryRegionSection *section,
753d5e14 3254 bool match_data, uint64_t data, EventNotifier *e)
93632747
AK		 3255{
3256}
3257
50c1e149
AK		 3258static void io_begin(MemoryListener *listener)
3259{
3260}
3261
3262static void io_commit(MemoryListener *listener)
3263{
3264}
3265
4855d41a
AK		 3266static void io_region_add(MemoryListener *listener,
3267 MemoryRegionSection *section)
3268{
a2d33521
AK		 3269 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3270
3271 mrio->mr = section->mr;
3272 mrio->offset = section->offset_within_region;
3273 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3274 section->offset_within_address_space, section->size);
a2d33521 3275 ioport_register(&mrio->iorange);
4855d41a
AK		 3276}
3277
3278static void io_region_del(MemoryListener *listener,
3279 MemoryRegionSection *section)
3280{
3281 isa_unassign_ioport(section->offset_within_address_space, section->size);
3282}
3283
50c1e149
AK		 3284static void io_region_nop(MemoryListener *listener,
3285 MemoryRegionSection *section)
3286{
3287}
3288
4855d41a
AK		 3289static void io_log_start(MemoryListener *listener,
3290 MemoryRegionSection *section)
3291{
3292}
3293
3294static void io_log_stop(MemoryListener *listener,
3295 MemoryRegionSection *section)
3296{
3297}
3298
3299static void io_log_sync(MemoryListener *listener,
3300 MemoryRegionSection *section)
3301{
3302}
3303
3304static void io_log_global_start(MemoryListener *listener)
3305{
3306}
3307
3308static void io_log_global_stop(MemoryListener *listener)
3309{
3310}
3311
3312static void io_eventfd_add(MemoryListener *listener,
3313 MemoryRegionSection *section,
753d5e14 3314 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3315{
3316}
3317
3318static void io_eventfd_del(MemoryListener *listener,
3319 MemoryRegionSection *section,
753d5e14 3320 bool match_data, uint64_t data, EventNotifier *e)
4855d41a
AK		 3321{
3322}
3323
93632747 3324static MemoryListener core_memory_listener = {
50c1e149
AK		 3325 .begin = core_begin,
3326 .commit = core_commit,
93632747
AK		 3327 .region_add = core_region_add,
3328 .region_del = core_region_del,
50c1e149 3329 .region_nop = core_region_nop,
93632747
AK		 3330 .log_start = core_log_start,
3331 .log_stop = core_log_stop,
3332 .log_sync = core_log_sync,
3333 .log_global_start = core_log_global_start,
3334 .log_global_stop = core_log_global_stop,
3335 .eventfd_add = core_eventfd_add,
3336 .eventfd_del = core_eventfd_del,
3337 .priority = 0,
3338};
3339
4855d41a 3340static MemoryListener io_memory_listener = {
50c1e149
AK		 3341 .begin = io_begin,
3342 .commit = io_commit,
4855d41a
AK		 3343 .region_add = io_region_add,
3344 .region_del = io_region_del,
50c1e149 3345 .region_nop = io_region_nop,
4855d41a
AK		 3346 .log_start = io_log_start,
3347 .log_stop = io_log_stop,
3348 .log_sync = io_log_sync,
3349 .log_global_start = io_log_global_start,
3350 .log_global_stop = io_log_global_stop,
3351 .eventfd_add = io_eventfd_add,
3352 .eventfd_del = io_eventfd_del,
3353 .priority = 0,
3354};
3355
62152b8a
AK		 3356static void memory_map_init(void)
3357{
7267c094 3358 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3359 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3360 set_system_memory_map(system_memory);
309cb471 3361
7267c094 3362 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3363 memory_region_init(system_io, "io", 65536);
3364 set_system_io_map(system_io);
93632747 3365
4855d41a
AK		 3366 memory_listener_register(&core_memory_listener, system_memory);
3367 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3368}
3369
3370MemoryRegion *get_system_memory(void)
3371{
3372 return system_memory;
3373}
3374
309cb471
AK		 3375MemoryRegion *get_system_io(void)
3376{
3377 return system_io;
3378}
3379
e2eef170
PB		 3380#endif /* !defined(CONFIG_USER_ONLY) */
3381
13eb76e0
FB		 3382/* physical memory access (slow version, mainly for debug) */
3383#if defined(CONFIG_USER_ONLY)
9349b4f9 3384int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3385 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3386{
3387 int l, flags;
3388 target_ulong page;
53a5960a 3389 void * p;
13eb76e0
FB		 3390
3391 while (len > 0) {
3392 page = addr & TARGET_PAGE_MASK;
3393 l = (page + TARGET_PAGE_SIZE) - addr;
3394 if (l > len)
3395 l = len;
3396 flags = page_get_flags(page);
3397 if (!(flags & PAGE_VALID))
a68fe89c 3398 return -1;
13eb76e0
FB		 3399 if (is_write) {
3400 if (!(flags & PAGE_WRITE))
a68fe89c 3401 return -1;
579a97f7 3402 /* XXX: this code should not depend on lock_user */
72fb7daa 3403 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3404 return -1;
72fb7daa
AJ		 3405 memcpy(p, buf, l);
3406 unlock_user(p, addr, l);
13eb76e0
FB		 3407 } else {
3408 if (!(flags & PAGE_READ))
a68fe89c 3409 return -1;
579a97f7 3410 /* XXX: this code should not depend on lock_user */
72fb7daa 3411 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3412 return -1;
72fb7daa 3413 memcpy(buf, p, l);
5b257578 3414 unlock_user(p, addr, 0);
13eb76e0
FB		 3415 }
3416 len -= l;
3417 buf += l;
3418 addr += l;
3419 }
a68fe89c 3420 return 0;
13eb76e0 3421}
8df1cd07 3422
13eb76e0 3423#else
51d7a9eb
AP		 3424
3425static void invalidate_and_set_dirty(target_phys_addr_t addr,
3426 target_phys_addr_t length)
3427{
3428 if (!cpu_physical_memory_is_dirty(addr)) {
3429 /* invalidate code */
3430 tb_invalidate_phys_page_range(addr, addr + length, 0);
3431 /* set dirty bit */
3432 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3433 }
e226939d 3434 xen_modified_memory(addr, length);
51d7a9eb
AP		 3435}
3436
c227f099 3437void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3438 int len, int is_write)
3439{
37ec01d4 3440 int l;
13eb76e0
FB		 3441 uint8_t *ptr;
3442 uint32_t val;
c227f099 3443 target_phys_addr_t page;
f3705d53 3444 MemoryRegionSection *section;
3b46e624 3445
13eb76e0
FB		 3446 while (len > 0) {
3447 page = addr & TARGET_PAGE_MASK;
3448 l = (page + TARGET_PAGE_SIZE) - addr;
3449 if (l > len)
3450 l = len;
06ef3525 3451 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3452
13eb76e0 3453 if (is_write) {
f3705d53 3454 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3455 target_phys_addr_t addr1;
cc5bea60 3456 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3457 /* XXX: could force cpu_single_env to NULL to avoid
3458 potential bugs */
6c2934db 3459 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3460 /* 32 bit write access */
c27004ec 3461 val = ldl_p(buf);
37ec01d4 3462 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3463 l = 4;
6c2934db 3464 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3465 /* 16 bit write access */
c27004ec 3466 val = lduw_p(buf);
37ec01d4 3467 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3468 l = 2;
3469 } else {
1c213d19 3470 /* 8 bit write access */
c27004ec 3471 val = ldub_p(buf);
37ec01d4 3472 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3473 l = 1;
3474 }
f3705d53 3475 } else if (!section->readonly) {
8ca5692d 3476 ram_addr_t addr1;
f3705d53 3477 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3478 + memory_region_section_addr(section, addr);
13eb76e0 3479 /* RAM case */
5579c7f3 3480 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3481 memcpy(ptr, buf, l);
51d7a9eb 3482 invalidate_and_set_dirty(addr1, l);
050a0ddf 3483 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3484 }
3485 } else {
cc5bea60
BS		 3486 if (!(memory_region_is_ram(section->mr) ||
3487 memory_region_is_romd(section->mr))) {
f1f6e3b8 3488 target_phys_addr_t addr1;
13eb76e0 3489 /* I/O case */
cc5bea60 3490 addr1 = memory_region_section_addr(section, addr);
6c2934db 3491 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3492 /* 32 bit read access */
37ec01d4 3493 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3494 stl_p(buf, val);
13eb76e0 3495 l = 4;
6c2934db 3496 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3497 /* 16 bit read access */
37ec01d4 3498 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3499 stw_p(buf, val);
13eb76e0
FB		 3500 l = 2;
3501 } else {
1c213d19 3502 /* 8 bit read access */
37ec01d4 3503 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3504 stb_p(buf, val);
13eb76e0
FB		 3505 l = 1;
3506 }
3507 } else {
3508 /* RAM case */
0a1b357f 3509 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3510 + memory_region_section_addr(section,
3511 addr));
f3705d53 3512 memcpy(buf, ptr, l);
050a0ddf 3513 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3514 }
3515 }
3516 len -= l;
3517 buf += l;
3518 addr += l;
3519 }
3520}
8df1cd07 3521
d0ecd2aa 3522/* used for ROM loading : can write in RAM and ROM */
c227f099 3523void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3524 const uint8_t *buf, int len)
3525{
3526 int l;
3527 uint8_t *ptr;
c227f099 3528 target_phys_addr_t page;
f3705d53 3529 MemoryRegionSection *section;
3b46e624 3530
d0ecd2aa
FB		 3531 while (len > 0) {
3532 page = addr & TARGET_PAGE_MASK;
3533 l = (page + TARGET_PAGE_SIZE) - addr;
3534 if (l > len)
3535 l = len;
06ef3525 3536 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3537
cc5bea60
BS		 3538 if (!(memory_region_is_ram(section->mr) ||
3539 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3540 /* do nothing */
3541 } else {
3542 unsigned long addr1;
f3705d53 3543 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3544 + memory_region_section_addr(section, addr);
d0ecd2aa 3545 /* ROM/RAM case */
5579c7f3 3546 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3547 memcpy(ptr, buf, l);
51d7a9eb 3548 invalidate_and_set_dirty(addr1, l);
050a0ddf 3549 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3550 }
3551 len -= l;
3552 buf += l;
3553 addr += l;
3554 }
3555}
3556
6d16c2f8
AL		 3557typedef struct {
3558 void *buffer;
c227f099
AL		 3559 target_phys_addr_t addr;
3560 target_phys_addr_t len;
6d16c2f8
AL		 3561} BounceBuffer;
3562
3563static BounceBuffer bounce;
3564
ba223c29
AL		 3565typedef struct MapClient {
3566 void *opaque;
3567 void (*callback)(void *opaque);
72cf2d4f 3568 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3569} MapClient;
3570
72cf2d4f
BS		 3571static QLIST_HEAD(map_client_list, MapClient) map_client_list
3572 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3573
3574void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3575{
7267c094 3576 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3577
3578 client->opaque = opaque;
3579 client->callback = callback;
72cf2d4f 3580 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3581 return client;
3582}
3583
3584void cpu_unregister_map_client(void *_client)
3585{
3586 MapClient *client = (MapClient *)_client;
3587
72cf2d4f 3588 QLIST_REMOVE(client, link);
7267c094 3589 g_free(client);
ba223c29
AL		 3590}
3591
3592static void cpu_notify_map_clients(void)
3593{
3594 MapClient *client;
3595
72cf2d4f
BS		 3596 while (!QLIST_EMPTY(&map_client_list)) {
3597 client = QLIST_FIRST(&map_client_list);
ba223c29 3598 client->callback(client->opaque);
34d5e948 3599 cpu_unregister_map_client(client);
ba223c29
AL		 3600 }
3601}
3602
6d16c2f8
AL		 3603/* Map a physical memory region into a host virtual address.
3604 * May map a subset of the requested range, given by and returned in *plen.
3605 * May return NULL if resources needed to perform the mapping are exhausted.
3606 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3607 * Use cpu_register_map_client() to know when retrying the map operation is
3608 * likely to succeed.
6d16c2f8 3609 */
c227f099
AL		 3610void *cpu_physical_memory_map(target_phys_addr_t addr,
3611 target_phys_addr_t *plen,
6d16c2f8
AL		 3612 int is_write)
3613{
c227f099 3614 target_phys_addr_t len = *plen;
38bee5dc 3615 target_phys_addr_t todo = 0;
6d16c2f8 3616 int l;
c227f099 3617 target_phys_addr_t page;
f3705d53 3618 MemoryRegionSection *section;
f15fbc4b 3619 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3620 ram_addr_t rlen;
3621 void *ret;
6d16c2f8
AL		 3622
3623 while (len > 0) {
3624 page = addr & TARGET_PAGE_MASK;
3625 l = (page + TARGET_PAGE_SIZE) - addr;
3626 if (l > len)
3627 l = len;
06ef3525 3628 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3629
f3705d53 3630 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3631 if (todo || bounce.buffer) {
6d16c2f8
AL		 3632 break;
3633 }
3634 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3635 bounce.addr = addr;
3636 bounce.len = l;
3637 if (!is_write) {
54f7b4a3 3638 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3639 }
38bee5dc
SS		 3640
3641 *plen = l;
3642 return bounce.buffer;
6d16c2f8 3643 }
8ab934f9 3644 if (!todo) {
f3705d53 3645 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3646 + memory_region_section_addr(section, addr);
8ab934f9 3647 }
6d16c2f8
AL		 3648
3649 len -= l;
3650 addr += l;
38bee5dc 3651 todo += l;
6d16c2f8 3652 }
8ab934f9
SS		 3653 rlen = todo;
3654 ret = qemu_ram_ptr_length(raddr, &rlen);
3655 *plen = rlen;
3656 return ret;
6d16c2f8
AL		 3657}
3658
3659/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3660 * Will also mark the memory as dirty if is_write == 1. access_len gives
3661 * the amount of memory that was actually read or written by the caller.
3662 */
c227f099
AL		 3663void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3664 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3665{
3666 if (buffer != bounce.buffer) {
3667 if (is_write) {
e890261f 3668 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3669 while (access_len) {
3670 unsigned l;
3671 l = TARGET_PAGE_SIZE;
3672 if (l > access_len)
3673 l = access_len;
51d7a9eb 3674 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3675 addr1 += l;
3676 access_len -= l;
3677 }
3678 }
868bb33f 3679 if (xen_enabled()) {
e41d7c69 3680 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3681 }
6d16c2f8
AL		 3682 return;
3683 }
3684 if (is_write) {
3685 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3686 }
f8a83245 3687 qemu_vfree(bounce.buffer);
6d16c2f8 3688 bounce.buffer = NULL;
ba223c29 3689 cpu_notify_map_clients();
6d16c2f8 3690}
d0ecd2aa 3691
8df1cd07 3692/* warning: addr must be aligned */
1e78bcc1
AG		 3693static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3694 enum device_endian endian)
8df1cd07 3695{
8df1cd07
FB		 3696 uint8_t *ptr;
3697 uint32_t val;
f3705d53 3698 MemoryRegionSection *section;
8df1cd07 3699
06ef3525 3700 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3701
cc5bea60
BS		 3702 if (!(memory_region_is_ram(section->mr) ||
3703 memory_region_is_romd(section->mr))) {
8df1cd07 3704 /* I/O case */
cc5bea60 3705 addr = memory_region_section_addr(section, addr);
37ec01d4 3706 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3707#if defined(TARGET_WORDS_BIGENDIAN)
3708 if (endian == DEVICE_LITTLE_ENDIAN) {
3709 val = bswap32(val);
3710 }
3711#else
3712 if (endian == DEVICE_BIG_ENDIAN) {
3713 val = bswap32(val);
3714 }
3715#endif
8df1cd07
FB		 3716 } else {
3717 /* RAM case */
f3705d53 3718 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3719 & TARGET_PAGE_MASK)
cc5bea60 3720 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3721 switch (endian) {
3722 case DEVICE_LITTLE_ENDIAN:
3723 val = ldl_le_p(ptr);
3724 break;
3725 case DEVICE_BIG_ENDIAN:
3726 val = ldl_be_p(ptr);
3727 break;
3728 default:
3729 val = ldl_p(ptr);
3730 break;
3731 }
8df1cd07
FB		 3732 }
3733 return val;
3734}
3735
1e78bcc1
AG		 3736uint32_t ldl_phys(target_phys_addr_t addr)
3737{
3738 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3739}
3740
3741uint32_t ldl_le_phys(target_phys_addr_t addr)
3742{
3743 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3744}
3745
3746uint32_t ldl_be_phys(target_phys_addr_t addr)
3747{
3748 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3749}
3750
84b7b8e7 3751/* warning: addr must be aligned */
1e78bcc1
AG		 3752static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3753 enum device_endian endian)
84b7b8e7 3754{
84b7b8e7
FB		 3755 uint8_t *ptr;
3756 uint64_t val;
f3705d53 3757 MemoryRegionSection *section;
84b7b8e7 3758
06ef3525 3759 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3760
cc5bea60
BS		 3761 if (!(memory_region_is_ram(section->mr) ||
3762 memory_region_is_romd(section->mr))) {
84b7b8e7 3763 /* I/O case */
cc5bea60 3764 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3765
3766 /* XXX This is broken when device endian != cpu endian.
3767 Fix and add "endian" variable check */
84b7b8e7 3768#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3769 val = io_mem_read(section->mr, addr, 4) << 32;
3770 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3771#else
37ec01d4
AK		 3772 val = io_mem_read(section->mr, addr, 4);
3773 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3774#endif
3775 } else {
3776 /* RAM case */
f3705d53 3777 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3778 & TARGET_PAGE_MASK)
cc5bea60 3779 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3780 switch (endian) {
3781 case DEVICE_LITTLE_ENDIAN:
3782 val = ldq_le_p(ptr);
3783 break;
3784 case DEVICE_BIG_ENDIAN:
3785 val = ldq_be_p(ptr);
3786 break;
3787 default:
3788 val = ldq_p(ptr);
3789 break;
3790 }
84b7b8e7
FB		 3791 }
3792 return val;
3793}
3794
1e78bcc1
AG		 3795uint64_t ldq_phys(target_phys_addr_t addr)
3796{
3797 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3798}
3799
3800uint64_t ldq_le_phys(target_phys_addr_t addr)
3801{
3802 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3803}
3804
3805uint64_t ldq_be_phys(target_phys_addr_t addr)
3806{
3807 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3808}
3809
aab33094 3810/* XXX: optimize */
c227f099 3811uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3812{
3813 uint8_t val;
3814 cpu_physical_memory_read(addr, &val, 1);
3815 return val;
3816}
3817
733f0b02 3818/* warning: addr must be aligned */
1e78bcc1
AG		 3819static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3820 enum device_endian endian)
aab33094 3821{
733f0b02
MT		 3822 uint8_t *ptr;
3823 uint64_t val;
f3705d53 3824 MemoryRegionSection *section;
733f0b02 3825
06ef3525 3826 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3827
cc5bea60
BS		 3828 if (!(memory_region_is_ram(section->mr) ||
3829 memory_region_is_romd(section->mr))) {
733f0b02 3830 /* I/O case */
cc5bea60 3831 addr = memory_region_section_addr(section, addr);
37ec01d4 3832 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3833#if defined(TARGET_WORDS_BIGENDIAN)
3834 if (endian == DEVICE_LITTLE_ENDIAN) {
3835 val = bswap16(val);
3836 }
3837#else
3838 if (endian == DEVICE_BIG_ENDIAN) {
3839 val = bswap16(val);
3840 }
3841#endif
733f0b02
MT		 3842 } else {
3843 /* RAM case */
f3705d53 3844 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3845 & TARGET_PAGE_MASK)
cc5bea60 3846 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3847 switch (endian) {
3848 case DEVICE_LITTLE_ENDIAN:
3849 val = lduw_le_p(ptr);
3850 break;
3851 case DEVICE_BIG_ENDIAN:
3852 val = lduw_be_p(ptr);
3853 break;
3854 default:
3855 val = lduw_p(ptr);
3856 break;
3857 }
733f0b02
MT		 3858 }
3859 return val;
aab33094
FB		 3860}
3861
1e78bcc1
AG		 3862uint32_t lduw_phys(target_phys_addr_t addr)
3863{
3864 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3865}
3866
3867uint32_t lduw_le_phys(target_phys_addr_t addr)
3868{
3869 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3870}
3871
3872uint32_t lduw_be_phys(target_phys_addr_t addr)
3873{
3874 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3875}
3876
8df1cd07
FB		 3877/* warning: addr must be aligned. The ram page is not masked as dirty
3878 and the code inside is not invalidated. It is useful if the dirty
3879 bits are used to track modified PTEs */
c227f099 3880void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3881{
8df1cd07 3882 uint8_t *ptr;
f3705d53 3883 MemoryRegionSection *section;
8df1cd07 3884
06ef3525 3885 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3886
f3705d53 3887 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3888 addr = memory_region_section_addr(section, addr);
f3705d53 3889 if (memory_region_is_ram(section->mr)) {
37ec01d4 3890 section = &phys_sections[phys_section_rom];
06ef3525 3891 }
37ec01d4 3892 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3893 } else {
f3705d53 3894 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3895 & TARGET_PAGE_MASK)
cc5bea60 3896 + memory_region_section_addr(section, addr);
5579c7f3 3897 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3898 stl_p(ptr, val);
74576198
AL		 3899
3900 if (unlikely(in_migration)) {
3901 if (!cpu_physical_memory_is_dirty(addr1)) {
3902 /* invalidate code */
3903 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3904 /* set dirty bit */
f7c11b53
YT		 3905 cpu_physical_memory_set_dirty_flags(
3906 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3907 }
3908 }
8df1cd07
FB		 3909 }
3910}
3911
c227f099 3912void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3913{
bc98a7ef 3914 uint8_t *ptr;
f3705d53 3915 MemoryRegionSection *section;
bc98a7ef 3916
06ef3525 3917 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3918
f3705d53 3919 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3920 addr = memory_region_section_addr(section, addr);
f3705d53 3921 if (memory_region_is_ram(section->mr)) {
37ec01d4 3922 section = &phys_sections[phys_section_rom];
06ef3525 3923 }
bc98a7ef 3924#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3925 io_mem_write(section->mr, addr, val >> 32, 4);
3926 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3927#else
37ec01d4
AK		 3928 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3929 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3930#endif
3931 } else {
f3705d53 3932 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3933 & TARGET_PAGE_MASK)
cc5bea60 3934 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3935 stq_p(ptr, val);
3936 }
3937}
3938
8df1cd07 3939/* warning: addr must be aligned */
1e78bcc1
AG		 3940static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3941 enum device_endian endian)
8df1cd07 3942{
8df1cd07 3943 uint8_t *ptr;
f3705d53 3944 MemoryRegionSection *section;
8df1cd07 3945
06ef3525 3946 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3947
f3705d53 3948 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3949 addr = memory_region_section_addr(section, addr);
f3705d53 3950 if (memory_region_is_ram(section->mr)) {
37ec01d4 3951 section = &phys_sections[phys_section_rom];
06ef3525 3952 }
1e78bcc1
AG		 3953#if defined(TARGET_WORDS_BIGENDIAN)
3954 if (endian == DEVICE_LITTLE_ENDIAN) {
3955 val = bswap32(val);
3956 }
3957#else
3958 if (endian == DEVICE_BIG_ENDIAN) {
3959 val = bswap32(val);
3960 }
3961#endif
37ec01d4 3962 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3963 } else {
3964 unsigned long addr1;
f3705d53 3965 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3966 + memory_region_section_addr(section, addr);
8df1cd07 3967 /* RAM case */
5579c7f3 3968 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3969 switch (endian) {
3970 case DEVICE_LITTLE_ENDIAN:
3971 stl_le_p(ptr, val);
3972 break;
3973 case DEVICE_BIG_ENDIAN:
3974 stl_be_p(ptr, val);
3975 break;
3976 default:
3977 stl_p(ptr, val);
3978 break;
3979 }
51d7a9eb 3980 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3981 }
3982}
3983
1e78bcc1
AG		 3984void stl_phys(target_phys_addr_t addr, uint32_t val)
3985{
3986 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3987}
3988
3989void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3990{
3991 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3992}
3993
3994void stl_be_phys(target_phys_addr_t addr, uint32_t val)
3995{
3996 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3997}
3998
aab33094 3999/* XXX: optimize */
c227f099 4000void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4001{
4002 uint8_t v = val;
4003 cpu_physical_memory_write(addr, &v, 1);
4004}
4005
733f0b02 4006/* warning: addr must be aligned */
1e78bcc1
AG		 4007static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4008 enum device_endian endian)
aab33094 4009{
733f0b02 4010 uint8_t *ptr;
f3705d53 4011 MemoryRegionSection *section;
733f0b02 4012
06ef3525 4013 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4014
f3705d53 4015 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4016 addr = memory_region_section_addr(section, addr);
f3705d53 4017 if (memory_region_is_ram(section->mr)) {
37ec01d4 4018 section = &phys_sections[phys_section_rom];
06ef3525 4019 }
1e78bcc1
AG		 4020#if defined(TARGET_WORDS_BIGENDIAN)
4021 if (endian == DEVICE_LITTLE_ENDIAN) {
4022 val = bswap16(val);
4023 }
4024#else
4025 if (endian == DEVICE_BIG_ENDIAN) {
4026 val = bswap16(val);
4027 }
4028#endif
37ec01d4 4029 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4030 } else {
4031 unsigned long addr1;
f3705d53 4032 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4033 + memory_region_section_addr(section, addr);
733f0b02
MT		 4034 /* RAM case */
4035 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4036 switch (endian) {
4037 case DEVICE_LITTLE_ENDIAN:
4038 stw_le_p(ptr, val);
4039 break;
4040 case DEVICE_BIG_ENDIAN:
4041 stw_be_p(ptr, val);
4042 break;
4043 default:
4044 stw_p(ptr, val);
4045 break;
4046 }
51d7a9eb 4047 invalidate_and_set_dirty(addr1, 2);
733f0b02 4048 }
aab33094
FB		 4049}
4050
1e78bcc1
AG		 4051void stw_phys(target_phys_addr_t addr, uint32_t val)
4052{
4053 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4054}
4055
4056void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4057{
4058 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4059}
4060
4061void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4062{
4063 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4064}
4065
aab33094 4066/* XXX: optimize */
c227f099 4067void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4068{
4069 val = tswap64(val);
71d2b725 4070 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4071}
4072
1e78bcc1
AG		 4073void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4074{
4075 val = cpu_to_le64(val);
4076 cpu_physical_memory_write(addr, &val, 8);
4077}
4078
4079void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4080{
4081 val = cpu_to_be64(val);
4082 cpu_physical_memory_write(addr, &val, 8);
4083}
4084
5e2972fd 4085/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4086int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4087 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4088{
4089 int l;
c227f099 4090 target_phys_addr_t phys_addr;
9b3c35e0 4091 target_ulong page;
13eb76e0
FB		 4092
4093 while (len > 0) {
4094 page = addr & TARGET_PAGE_MASK;
4095 phys_addr = cpu_get_phys_page_debug(env, page);
4096 /* if no physical page mapped, return an error */
4097 if (phys_addr == -1)
4098 return -1;
4099 l = (page + TARGET_PAGE_SIZE) - addr;
4100 if (l > len)
4101 l = len;
5e2972fd 4102 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4103 if (is_write)
4104 cpu_physical_memory_write_rom(phys_addr, buf, l);
4105 else
5e2972fd 4106 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4107 len -= l;
4108 buf += l;
4109 addr += l;
4110 }
4111 return 0;
4112}
a68fe89c 4113#endif
13eb76e0 4114
2e70f6ef
PB		 4115/* in deterministic execution mode, instructions doing device I/Os
4116 must be at the end of the TB */
20503968 4117void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4118{
4119 TranslationBlock *tb;
4120 uint32_t n, cflags;
4121 target_ulong pc, cs_base;
4122 uint64_t flags;
4123
20503968 4124 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4125 if (!tb) {
4126 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4127 (void *)retaddr);
2e70f6ef
PB		 4128 }
4129 n = env->icount_decr.u16.low + tb->icount;
20503968 4130 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4131 /* Calculate how many instructions had been executed before the fault
bf20dc07 4132 occurred. */
2e70f6ef
PB		 4133 n = n - env->icount_decr.u16.low;
4134 /* Generate a new TB ending on the I/O insn. */
4135 n++;
4136 /* On MIPS and SH, delay slot instructions can only be restarted if
4137 they were already the first instruction in the TB. If this is not
bf20dc07 4138 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4139 branch. */
4140#if defined(TARGET_MIPS)
4141 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4142 env->active_tc.PC -= 4;
4143 env->icount_decr.u16.low++;
4144 env->hflags &= ~MIPS_HFLAG_BMASK;
4145 }
4146#elif defined(TARGET_SH4)
4147 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4148 && n > 1) {
4149 env->pc -= 2;
4150 env->icount_decr.u16.low++;
4151 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4152 }
4153#endif
4154 /* This should never happen. */
4155 if (n > CF_COUNT_MASK)
4156 cpu_abort(env, "TB too big during recompile");
4157
4158 cflags = n | CF_LAST_IO;
4159 pc = tb->pc;
4160 cs_base = tb->cs_base;
4161 flags = tb->flags;
4162 tb_phys_invalidate(tb, -1);
4163 /* FIXME: In theory this could raise an exception. In practice
4164 we have already translated the block once so it's probably ok. */
4165 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4166 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4167 the first in the TB) then we end up generating a whole new TB and
4168 repeating the fault, which is horribly inefficient.
4169 Better would be to execute just this insn uncached, or generate a
4170 second new TB. */
4171 cpu_resume_from_signal(env, NULL);
4172}
4173
b3755a91
PB		 4174#if !defined(CONFIG_USER_ONLY)
4175
055403b2 4176void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4177{
4178 int i, target_code_size, max_target_code_size;
4179 int direct_jmp_count, direct_jmp2_count, cross_page;
4180 TranslationBlock *tb;
3b46e624 4181
e3db7226
FB		 4182 target_code_size = 0;
4183 max_target_code_size = 0;
4184 cross_page = 0;
4185 direct_jmp_count = 0;
4186 direct_jmp2_count = 0;
4187 for(i = 0; i < nb_tbs; i++) {
4188 tb = &tbs[i];
4189 target_code_size += tb->size;
4190 if (tb->size > max_target_code_size)
4191 max_target_code_size = tb->size;
4192 if (tb->page_addr[1] != -1)
4193 cross_page++;
4194 if (tb->tb_next_offset[0] != 0xffff) {
4195 direct_jmp_count++;
4196 if (tb->tb_next_offset[1] != 0xffff) {
4197 direct_jmp2_count++;
4198 }
4199 }
4200 }
4201 /* XXX: avoid using doubles ? */
57fec1fe 4202 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4203 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4204 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4205 cpu_fprintf(f, "TB count %d/%d\n",
4206 nb_tbs, code_gen_max_blocks);
5fafdf24 4207 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4208 nb_tbs ? target_code_size / nb_tbs : 0,
4209 max_target_code_size);
055403b2 4210 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4211 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4212 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4213 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4214 cross_page,
e3db7226
FB		 4215 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4216 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4217 direct_jmp_count,
e3db7226
FB		 4218 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4219 direct_jmp2_count,
4220 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4221 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4222 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4223 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4224 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4225 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4226}
4227
82afa586
BH		 4228/*
4229 * A helper function for the _utterly broken_ virtio device model to find out if
4230 * it's running on a big endian machine. Don't do this at home kids!
4231 */
4232bool virtio_is_big_endian(void);
4233bool virtio_is_big_endian(void)
4234{
4235#if defined(TARGET_WORDS_BIGENDIAN)
4236 return true;
4237#else
4238 return false;
4239#endif
4240}
4241
61382a50 4242#endif
76f35538
WC		 4243
4244#ifndef CONFIG_USER_ONLY
4245bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4246{
4247 MemoryRegionSection *section;
4248
4249 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4250
4251 return !(memory_region_is_ram(section->mr) ||
4252 memory_region_is_romd(section->mr));
4253}
4254#endif
QEMU mirror