]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cpu: Change cpu_exec_init() arg to cpu, not env
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
022c62cb 52#include "exec/cputlb.h"
5b6dd868 53#include "translate-all.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
67d95c15 57
b35ba30f
MT		 58#include "qemu/range.h"
59
db7b5426 60//#define DEBUG_SUBPAGE
1196be37 61
e2eef170 62#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 63/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
64 * are protected by the ramlist lock.
65 */
0d53d9fe 66RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 67
68static MemoryRegion *system_memory;
309cb471 69static MemoryRegion *system_io;
62152b8a 70
f6790af6
AK		 71AddressSpace address_space_io;
72AddressSpace address_space_memory;
2673a5da 73
0844e007 74MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 75static MemoryRegion io_mem_unassigned;
0e0df1e2 76
7bd4f430
PB		 77/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
78#define RAM_PREALLOC (1 << 0)
79
dbcb8981
PB		 80/* RAM is mmap-ed with MAP_SHARED */
81#define RAM_SHARED (1 << 1)
82
62be4e3a
MT		 83/* Only a portion of RAM (used_length) is actually used, and migrated.
84 * This used_length size can change across reboots.
85 */
86#define RAM_RESIZEABLE (1 << 2)
87
e2eef170 88#endif
9fa3e853 89
bdc44640 90struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 91/* current CPU in the current thread. It is only valid inside
92 cpu_exec() */
4917cf44 93DEFINE_TLS(CPUState *, current_cpu);
2e70f6ef 94/* 0 = Do not count executed instructions.
bf20dc07 95 1 = Precise instruction counting.
2e70f6ef 96 2 = Adaptive rate instruction counting. */
5708fc66 97int use_icount;
6a00d601 98
e2eef170 99#if !defined(CONFIG_USER_ONLY)
4346ae3e 100
1db8abb1
PB		 101typedef struct PhysPageEntry PhysPageEntry;
102
103struct PhysPageEntry {
9736e55b 104 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 105 uint32_t skip : 6;
9736e55b 106 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 107 uint32_t ptr : 26;
1db8abb1
PB		 108};
109
8b795765
MT		 110#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
111
03f49957 112/* Size of the L2 (and L3, etc) page tables. */
57271d63 113#define ADDR_SPACE_BITS 64
03f49957 114
026736ce 115#define P_L2_BITS 9
03f49957
PB		 116#define P_L2_SIZE (1 << P_L2_BITS)
117
118#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
119
120typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 121
53cb28cb 122typedef struct PhysPageMap {
79e2b9ae
PB		 123 struct rcu_head rcu;
124
53cb28cb
MA		 125 unsigned sections_nb;
126 unsigned sections_nb_alloc;
127 unsigned nodes_nb;
128 unsigned nodes_nb_alloc;
129 Node *nodes;
130 MemoryRegionSection *sections;
131} PhysPageMap;
132
1db8abb1 133struct AddressSpaceDispatch {
79e2b9ae
PB		 134 struct rcu_head rcu;
135
1db8abb1
PB		 136 /* This is a multi-level map on the physical address space.
137 * The bottom level has pointers to MemoryRegionSections.
138 */
139 PhysPageEntry phys_map;
53cb28cb 140 PhysPageMap map;
acc9d80b 141 AddressSpace *as;
1db8abb1
PB		 142};
143
90260c6c
JK		 144#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
145typedef struct subpage_t {
146 MemoryRegion iomem;
acc9d80b 147 AddressSpace *as;
90260c6c
JK		 148 hwaddr base;
149 uint16_t sub_section[TARGET_PAGE_SIZE];
150} subpage_t;
151
b41aac4f
LPF		 152#define PHYS_SECTION_UNASSIGNED 0
153#define PHYS_SECTION_NOTDIRTY 1
154#define PHYS_SECTION_ROM 2
155#define PHYS_SECTION_WATCH 3
5312bd8b 156
e2eef170 157static void io_mem_init(void);
62152b8a 158static void memory_map_init(void);
09daed84 159static void tcg_commit(MemoryListener *listener);
e2eef170 160
1ec9b909 161static MemoryRegion io_mem_watch;
6658ffb8 162#endif
fd6ce8f6 163
6d9a1304 164#if !defined(CONFIG_USER_ONLY)
d6f2ea22 165
53cb28cb 166static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 167{
53cb28cb
MA		 168 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
169 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
170 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
171 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 172 }
f7bf5461
AK		 173}
174
db94604b 175static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 176{
177 unsigned i;
8b795765 178 uint32_t ret;
db94604b
PB		 179 PhysPageEntry e;
180 PhysPageEntry *p;
f7bf5461 181
53cb28cb 182 ret = map->nodes_nb++;
db94604b 183 p = map->nodes[ret];
f7bf5461 184 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 185 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 186
187 e.skip = leaf ? 0 : 1;
188 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 189 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 190 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 191 }
f7bf5461 192 return ret;
d6f2ea22
AK		 193}
194
53cb28cb
MA		 195static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
196 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 197 int level)
f7bf5461
AK		 198{
199 PhysPageEntry *p;
03f49957 200 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 201
9736e55b 202 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 203 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 204 }
db94604b 205 p = map->nodes[lp->ptr];
03f49957 206 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 207
03f49957 208 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 209 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 210 lp->skip = 0;
c19e8800 211 lp->ptr = leaf;
07f07b31
AK		 212 *index += step;
213 *nb -= step;
2999097b 214 } else {
53cb28cb 215 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 216 }
217 ++lp;
f7bf5461
AK		 218 }
219}
220
ac1970fb 221static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 222 hwaddr index, hwaddr nb,
2999097b 223 uint16_t leaf)
f7bf5461 224{
2999097b 225 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 226 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 227
53cb28cb 228 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 229}
230
b35ba30f
MT		 231/* Compact a non leaf page entry. Simply detect that the entry has a single child,
232 * and update our entry so we can skip it and go directly to the destination.
233 */
234static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
235{
236 unsigned valid_ptr = P_L2_SIZE;
237 int valid = 0;
238 PhysPageEntry *p;
239 int i;
240
241 if (lp->ptr == PHYS_MAP_NODE_NIL) {
242 return;
243 }
244
245 p = nodes[lp->ptr];
246 for (i = 0; i < P_L2_SIZE; i++) {
247 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
248 continue;
249 }
250
251 valid_ptr = i;
252 valid++;
253 if (p[i].skip) {
254 phys_page_compact(&p[i], nodes, compacted);
255 }
256 }
257
258 /* We can only compress if there's only one child. */
259 if (valid != 1) {
260 return;
261 }
262
263 assert(valid_ptr < P_L2_SIZE);
264
265 /* Don't compress if it won't fit in the # of bits we have. */
266 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
267 return;
268 }
269
270 lp->ptr = p[valid_ptr].ptr;
271 if (!p[valid_ptr].skip) {
272 /* If our only child is a leaf, make this a leaf. */
273 /* By design, we should have made this node a leaf to begin with so we
274 * should never reach here.
275 * But since it's so simple to handle this, let's do it just in case we
276 * change this rule.
277 */
278 lp->skip = 0;
279 } else {
280 lp->skip += p[valid_ptr].skip;
281 }
282}
283
284static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
285{
286 DECLARE_BITMAP(compacted, nodes_nb);
287
288 if (d->phys_map.skip) {
53cb28cb 289 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 290 }
291}
292
97115a8d 293static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 294 Node *nodes, MemoryRegionSection *sections)
92e873b9 295{
31ab2b4a 296 PhysPageEntry *p;
97115a8d 297 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 298 int i;
f1f6e3b8 299
9736e55b 300 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 301 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 302 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 303 }
9affd6fc 304 p = nodes[lp.ptr];
03f49957 305 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 306 }
b35ba30f
MT		 307
308 if (sections[lp.ptr].size.hi ||
309 range_covers_byte(sections[lp.ptr].offset_within_address_space,
310 sections[lp.ptr].size.lo, addr)) {
311 return &sections[lp.ptr];
312 } else {
313 return &sections[PHYS_SECTION_UNASSIGNED];
314 }
f3705d53
AK		 315}
316
e5548617
BS		 317bool memory_region_is_unassigned(MemoryRegion *mr)
318{
2a8e7499 319 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 320 && mr != &io_mem_watch;
fd6ce8f6 321}
149f54b5 322
79e2b9ae 323/* Called from RCU critical section */
c7086b4a 324static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 325 hwaddr addr,
326 bool resolve_subpage)
9f029603 327{
90260c6c
JK		 328 MemoryRegionSection *section;
329 subpage_t *subpage;
330
53cb28cb 331 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 332 if (resolve_subpage && section->mr->subpage) {
333 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 334 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 335 }
336 return section;
9f029603
JK		 337}
338
79e2b9ae 339/* Called from RCU critical section */
90260c6c 340static MemoryRegionSection *
c7086b4a 341address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 342 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 343{
344 MemoryRegionSection *section;
965eb2fc 345 MemoryRegion *mr;
a87f3954 346 Int128 diff;
149f54b5 347
c7086b4a 348 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 349 /* Compute offset within MemoryRegionSection */
350 addr -= section->offset_within_address_space;
351
352 /* Compute offset within MemoryRegion */
353 *xlat = addr + section->offset_within_region;
354
965eb2fc 355 mr = section->mr;
b242e0e0
PB		 356
357 /* MMIO registers can be expected to perform full-width accesses based only
358 * on their address, without considering adjacent registers that could
359 * decode to completely different MemoryRegions. When such registers
360 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
361 * regions overlap wildly. For this reason we cannot clamp the accesses
362 * here.
363 *
364 * If the length is small (as is the case for address_space_ldl/stl),
365 * everything works fine. If the incoming length is large, however,
366 * the caller really has to do the clamping through memory_access_size.
367 */
965eb2fc 368 if (memory_region_is_ram(mr)) {
e4a511f8 369 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 370 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
371 }
149f54b5
PB		 372 return section;
373}
90260c6c 374
a87f3954
PB		 375static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
376{
377 if (memory_region_is_ram(mr)) {
378 return !(is_write && mr->readonly);
379 }
380 if (memory_region_is_romd(mr)) {
381 return !is_write;
382 }
383
384 return false;
385}
386
41063e1e 387/* Called from RCU critical section */
5c8a00ce
PB		 388MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
389 hwaddr *xlat, hwaddr *plen,
390 bool is_write)
90260c6c 391{
30951157
AK		 392 IOMMUTLBEntry iotlb;
393 MemoryRegionSection *section;
394 MemoryRegion *mr;
30951157
AK		 395
396 for (;;) {
79e2b9ae
PB		 397 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
398 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 399 mr = section->mr;
400
401 if (!mr->iommu_ops) {
402 break;
403 }
404
8d7b8cb9 405 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 406 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
407 | (addr & iotlb.addr_mask));
23820dbf 408 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 409 if (!(iotlb.perm & (1 << is_write))) {
410 mr = &io_mem_unassigned;
411 break;
412 }
413
414 as = iotlb.target_as;
415 }
416
fe680d0d 417 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 418 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 419 *plen = MIN(page, *plen);
a87f3954
PB		 420 }
421
30951157
AK		 422 *xlat = addr;
423 return mr;
90260c6c
JK		 424}
425
79e2b9ae 426/* Called from RCU critical section */
90260c6c 427MemoryRegionSection *
9d82b5a7
PB		 428address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
429 hwaddr *xlat, hwaddr *plen)
90260c6c 430{
30951157 431 MemoryRegionSection *section;
9d82b5a7
PB		 432 section = address_space_translate_internal(cpu->memory_dispatch,
433 addr, xlat, plen, false);
30951157
AK		 434
435 assert(!section->mr->iommu_ops);
436 return section;
90260c6c 437}
5b6dd868 438#endif
fd6ce8f6 439
b170fce3 440#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 441
442static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 443{
259186a7 444 CPUState *cpu = opaque;
a513fe19 445
5b6dd868
BS		 446 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
447 version_id is increased. */
259186a7 448 cpu->interrupt_request &= ~0x01;
c01a71c1 449 tlb_flush(cpu, 1);
5b6dd868
BS		 450
451 return 0;
a513fe19 452}
7501267e 453
6c3bff0e
PD		 454static int cpu_common_pre_load(void *opaque)
455{
456 CPUState *cpu = opaque;
457
adee6424 458 cpu->exception_index = -1;
6c3bff0e
PD		 459
460 return 0;
461}
462
463static bool cpu_common_exception_index_needed(void *opaque)
464{
465 CPUState *cpu = opaque;
466
adee6424 467 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 468}
469
470static const VMStateDescription vmstate_cpu_common_exception_index = {
471 .name = "cpu_common/exception_index",
472 .version_id = 1,
473 .minimum_version_id = 1,
5cd8cada 474 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 475 .fields = (VMStateField[]) {
476 VMSTATE_INT32(exception_index, CPUState),
477 VMSTATE_END_OF_LIST()
478 }
479};
480
1a1562f5 481const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 482 .name = "cpu_common",
483 .version_id = 1,
484 .minimum_version_id = 1,
6c3bff0e 485 .pre_load = cpu_common_pre_load,
5b6dd868 486 .post_load = cpu_common_post_load,
35d08458 487 .fields = (VMStateField[]) {
259186a7
AF		 488 VMSTATE_UINT32(halted, CPUState),
489 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 490 VMSTATE_END_OF_LIST()
6c3bff0e 491 },
5cd8cada
JQ		 492 .subsections = (const VMStateDescription*[]) {
493 &vmstate_cpu_common_exception_index,
494 NULL
5b6dd868
BS		 495 }
496};
1a1562f5 497
5b6dd868 498#endif
ea041c0e 499
38d8f5c8 500CPUState *qemu_get_cpu(int index)
ea041c0e 501{
bdc44640 502 CPUState *cpu;
ea041c0e 503
bdc44640 504 CPU_FOREACH(cpu) {
55e5c285 505 if (cpu->cpu_index == index) {
bdc44640 506 return cpu;
55e5c285 507 }
ea041c0e 508 }
5b6dd868 509
bdc44640 510 return NULL;
ea041c0e
FB		 511}
512
09daed84
EI		 513#if !defined(CONFIG_USER_ONLY)
514void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
515{
516 /* We only support one address space per cpu at the moment. */
517 assert(cpu->as == as);
518
519 if (cpu->tcg_as_listener) {
520 memory_listener_unregister(cpu->tcg_as_listener);
521 } else {
522 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
523 }
524 cpu->tcg_as_listener->commit = tcg_commit;
525 memory_listener_register(cpu->tcg_as_listener, as);
526}
527#endif
528
b7bca733
BR		 529#ifndef CONFIG_USER_ONLY
530static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
531
532static int cpu_get_free_index(Error **errp)
533{
534 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
535
536 if (cpu >= MAX_CPUMASK_BITS) {
537 error_setg(errp, "Trying to use more CPUs than max of %d",
538 MAX_CPUMASK_BITS);
539 return -1;
540 }
541
542 bitmap_set(cpu_index_map, cpu, 1);
543 return cpu;
544}
545
546void cpu_exec_exit(CPUState *cpu)
547{
548 if (cpu->cpu_index == -1) {
549 /* cpu_index was never allocated by this @cpu or was already freed. */
550 return;
551 }
552
553 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
554 cpu->cpu_index = -1;
555}
556#else
557
558static int cpu_get_free_index(Error **errp)
559{
560 CPUState *some_cpu;
561 int cpu_index = 0;
562
563 CPU_FOREACH(some_cpu) {
564 cpu_index++;
565 }
566 return cpu_index;
567}
568
569void cpu_exec_exit(CPUState *cpu)
570{
571}
572#endif
573
4bad9e39 574void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 575{
b170fce3 576 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 577 int cpu_index;
b7bca733 578 Error *local_err = NULL;
5b6dd868 579
291135b5
EH		 580#ifndef CONFIG_USER_ONLY
581 cpu->as = &address_space_memory;
582 cpu->thread_id = qemu_get_thread_id();
583 cpu_reload_memory_map(cpu);
584#endif
585
5b6dd868
BS		 586#if defined(CONFIG_USER_ONLY)
587 cpu_list_lock();
588#endif
b7bca733
BR		 589 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
590 if (local_err) {
591 error_propagate(errp, local_err);
592#if defined(CONFIG_USER_ONLY)
593 cpu_list_unlock();
594#endif
595 return;
5b6dd868 596 }
bdc44640 597 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 598#if defined(CONFIG_USER_ONLY)
599 cpu_list_unlock();
600#endif
e0d47944
AF		 601 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
602 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
603 }
5b6dd868 604#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 605 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 606 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 607 assert(cc->vmsd == NULL);
e0d47944 608 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 609#endif
b170fce3
AF		 610 if (cc->vmsd != NULL) {
611 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
612 }
ea041c0e
FB		 613}
614
94df27fd 615#if defined(CONFIG_USER_ONLY)
00b941e5 616static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 617{
618 tb_invalidate_phys_page_range(pc, pc + 1, 0);
619}
620#else
00b941e5 621static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 622{
e8262a1b
MF		 623 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
624 if (phys != -1) {
09daed84 625 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 626 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 627 }
1e7855a5 628}
c27004ec 629#endif
d720b93d 630
c527ee8f 631#if defined(CONFIG_USER_ONLY)
75a34036 632void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 633
634{
635}
636
3ee887e8
PM		 637int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
638 int flags)
639{
640 return -ENOSYS;
641}
642
643void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
644{
645}
646
75a34036 647int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 648 int flags, CPUWatchpoint **watchpoint)
649{
650 return -ENOSYS;
651}
652#else
6658ffb8 653/* Add a watchpoint. */
75a34036 654int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 655 int flags, CPUWatchpoint **watchpoint)
6658ffb8 656{
c0ce998e 657 CPUWatchpoint *wp;
6658ffb8 658
05068c0d 659 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 660 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 661 error_report("tried to set invalid watchpoint at %"
662 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 663 return -EINVAL;
664 }
7267c094 665 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 666
667 wp->vaddr = addr;
05068c0d 668 wp->len = len;
a1d1bb31
AL		 669 wp->flags = flags;
670
2dc9f411 671 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 672 if (flags & BP_GDB) {
673 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
674 } else {
675 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
676 }
6658ffb8 677
31b030d4 678 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 679
680 if (watchpoint)
681 *watchpoint = wp;
682 return 0;
6658ffb8
PB		 683}
684
a1d1bb31 685/* Remove a specific watchpoint. */
75a34036 686int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 687 int flags)
6658ffb8 688{
a1d1bb31 689 CPUWatchpoint *wp;
6658ffb8 690
ff4700b0 691 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 692 if (addr == wp->vaddr && len == wp->len
6e140f28 693 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 694 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 695 return 0;
696 }
697 }
a1d1bb31 698 return -ENOENT;
6658ffb8
PB		 699}
700
a1d1bb31 701/* Remove a specific watchpoint by reference. */
75a34036 702void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 703{
ff4700b0 704 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 705
31b030d4 706 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 707
7267c094 708 g_free(watchpoint);
a1d1bb31
AL		 709}
710
711/* Remove all matching watchpoints. */
75a34036 712void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 713{
c0ce998e 714 CPUWatchpoint *wp, *next;
a1d1bb31 715
ff4700b0 716 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 717 if (wp->flags & mask) {
718 cpu_watchpoint_remove_by_ref(cpu, wp);
719 }
c0ce998e 720 }
7d03f82f 721}
05068c0d
PM		 722
723/* Return true if this watchpoint address matches the specified
724 * access (ie the address range covered by the watchpoint overlaps
725 * partially or completely with the address range covered by the
726 * access).
727 */
728static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
729 vaddr addr,
730 vaddr len)
731{
732 /* We know the lengths are non-zero, but a little caution is
733 * required to avoid errors in the case where the range ends
734 * exactly at the top of the address space and so addr + len
735 * wraps round to zero.
736 */
737 vaddr wpend = wp->vaddr + wp->len - 1;
738 vaddr addrend = addr + len - 1;
739
740 return !(addr > wpend || wp->vaddr > addrend);
741}
742
c527ee8f 743#endif
7d03f82f 744
a1d1bb31 745/* Add a breakpoint. */
b3310ab3 746int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 747 CPUBreakpoint **breakpoint)
4c3a88a2 748{
c0ce998e 749 CPUBreakpoint *bp;
3b46e624 750
7267c094 751 bp = g_malloc(sizeof(*bp));
4c3a88a2 752
a1d1bb31
AL		 753 bp->pc = pc;
754 bp->flags = flags;
755
2dc9f411 756 /* keep all GDB-injected breakpoints in front */
00b941e5 757 if (flags & BP_GDB) {
f0c3c505 758 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 759 } else {
f0c3c505 760 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 761 }
3b46e624 762
f0c3c505 763 breakpoint_invalidate(cpu, pc);
a1d1bb31 764
00b941e5 765 if (breakpoint) {
a1d1bb31 766 *breakpoint = bp;
00b941e5 767 }
4c3a88a2 768 return 0;
4c3a88a2
FB		 769}
770
a1d1bb31 771/* Remove a specific breakpoint. */
b3310ab3 772int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 773{
a1d1bb31
AL		 774 CPUBreakpoint *bp;
775
f0c3c505 776 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 777 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 778 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 779 return 0;
780 }
7d03f82f 781 }
a1d1bb31 782 return -ENOENT;
7d03f82f
EI		 783}
784
a1d1bb31 785/* Remove a specific breakpoint by reference. */
b3310ab3 786void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 787{
f0c3c505
AF		 788 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
789
790 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 791
7267c094 792 g_free(breakpoint);
a1d1bb31
AL		 793}
794
795/* Remove all matching breakpoints. */
b3310ab3 796void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 797{
c0ce998e 798 CPUBreakpoint *bp, *next;
a1d1bb31 799
f0c3c505 800 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 801 if (bp->flags & mask) {
802 cpu_breakpoint_remove_by_ref(cpu, bp);
803 }
c0ce998e 804 }
4c3a88a2
FB		 805}
806
c33a346e
FB		 807/* enable or disable single step mode. EXCP_DEBUG is returned by the
808 CPU loop after each instruction */
3825b28f 809void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 810{
ed2803da
AF		 811 if (cpu->singlestep_enabled != enabled) {
812 cpu->singlestep_enabled = enabled;
813 if (kvm_enabled()) {
38e478ec 814 kvm_update_guest_debug(cpu, 0);
ed2803da 815 } else {
ccbb4d44 816 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 817 /* XXX: only flush what is necessary */
bbd77c18 818 tb_flush(cpu);
e22a25c9 819 }
c33a346e 820 }
c33a346e
FB		 821}
822
a47dddd7 823void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 824{
825 va_list ap;
493ae1f0 826 va_list ap2;
7501267e
FB		 827
828 va_start(ap, fmt);
493ae1f0 829 va_copy(ap2, ap);
7501267e
FB		 830 fprintf(stderr, "qemu: fatal: ");
831 vfprintf(stderr, fmt, ap);
832 fprintf(stderr, "\n");
878096ee 833 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 834 if (qemu_log_enabled()) {
835 qemu_log("qemu: fatal: ");
836 qemu_log_vprintf(fmt, ap2);
837 qemu_log("\n");
a0762859 838 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 839 qemu_log_flush();
93fcfe39 840 qemu_log_close();
924edcae 841 }
493ae1f0 842 va_end(ap2);
f9373291 843 va_end(ap);
fd052bf6
RV		 844#if defined(CONFIG_USER_ONLY)
845 {
846 struct sigaction act;
847 sigfillset(&act.sa_mask);
848 act.sa_handler = SIG_DFL;
849 sigaction(SIGABRT, &act, NULL);
850 }
851#endif
7501267e
FB		 852 abort();
853}
854
0124311e 855#if !defined(CONFIG_USER_ONLY)
0dc3f44a 856/* Called from RCU critical section */
041603fe
PB		 857static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
858{
859 RAMBlock *block;
860
43771539 861 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 862 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 863 goto found;
864 }
0dc3f44a 865 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 866 if (addr - block->offset < block->max_length) {
041603fe
PB		 867 goto found;
868 }
869 }
870
871 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
872 abort();
873
874found:
43771539
PB		 875 /* It is safe to write mru_block outside the iothread lock. This
876 * is what happens:
877 *
878 * mru_block = xxx
879 * rcu_read_unlock()
880 * xxx removed from list
881 * rcu_read_lock()
882 * read mru_block
883 * mru_block = NULL;
884 * call_rcu(reclaim_ramblock, xxx);
885 * rcu_read_unlock()
886 *
887 * atomic_rcu_set is not needed here. The block was already published
888 * when it was placed into the list. Here we're just making an extra
889 * copy of the pointer.
890 */
041603fe
PB		 891 ram_list.mru_block = block;
892 return block;
893}
894
a2f4d5be 895static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 896{
041603fe 897 ram_addr_t start1;
a2f4d5be
JQ		 898 RAMBlock *block;
899 ram_addr_t end;
900
901 end = TARGET_PAGE_ALIGN(start + length);
902 start &= TARGET_PAGE_MASK;
d24981d3 903
0dc3f44a 904 rcu_read_lock();
041603fe
PB		 905 block = qemu_get_ram_block(start);
906 assert(block == qemu_get_ram_block(end - 1));
1240be24 907 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
041603fe 908 cpu_tlb_reset_dirty_all(start1, length);
0dc3f44a 909 rcu_read_unlock();
d24981d3
JQ		 910}
911
5579c7f3 912/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 913bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
914 ram_addr_t length,
915 unsigned client)
1ccde1cb 916{
03eebc9e
SH		 917 unsigned long end, page;
918 bool dirty;
919
920 if (length == 0) {
921 return false;
922 }
f23db169 923
03eebc9e
SH		 924 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
925 page = start >> TARGET_PAGE_BITS;
926 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
927 page, end - page);
928
929 if (dirty && tcg_enabled()) {
a2f4d5be 930 tlb_reset_dirty_range_all(start, length);
5579c7f3 931 }
03eebc9e
SH		 932
933 return dirty;
1ccde1cb
FB		 934}
935
79e2b9ae 936/* Called from RCU critical section */
bb0e627a 937hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 938 MemoryRegionSection *section,
939 target_ulong vaddr,
940 hwaddr paddr, hwaddr xlat,
941 int prot,
942 target_ulong *address)
e5548617 943{
a8170e5e 944 hwaddr iotlb;
e5548617
BS		 945 CPUWatchpoint *wp;
946
cc5bea60 947 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 948 /* Normal RAM. */
949 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 950 + xlat;
e5548617 951 if (!section->readonly) {
b41aac4f 952 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 953 } else {
b41aac4f 954 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 955 }
956 } else {
1b3fb98f 957 iotlb = section - section->address_space->dispatch->map.sections;
149f54b5 958 iotlb += xlat;
e5548617
BS		 959 }
960
961 /* Make accesses to pages with watchpoints go via the
962 watchpoint trap routines. */
ff4700b0 963 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 964 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 965 /* Avoid trapping reads of pages with a write breakpoint. */
966 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 967 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 968 *address |= TLB_MMIO;
969 break;
970 }
971 }
972 }
973
974 return iotlb;
975}
9fa3e853
FB		 976#endif /* defined(CONFIG_USER_ONLY) */
977
e2eef170 978#if !defined(CONFIG_USER_ONLY)
8da3ff18 979
c227f099 980static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 981 uint16_t section);
acc9d80b 982static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 983
a2b257d6
IM		 984static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
985 qemu_anon_ram_alloc;
91138037
MA		 986
987/*
988 * Set a custom physical guest memory alloator.
989 * Accelerators with unusual needs may need this. Hopefully, we can
990 * get rid of it eventually.
991 */
a2b257d6 992void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 993{
994 phys_mem_alloc = alloc;
995}
996
53cb28cb
MA		 997static uint16_t phys_section_add(PhysPageMap *map,
998 MemoryRegionSection *section)
5312bd8b 999{
68f3f65b
PB		 1000 /* The physical section number is ORed with a page-aligned
1001 * pointer to produce the iotlb entries. Thus it should
1002 * never overflow into the page-aligned value.
1003 */
53cb28cb 1004 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1005
53cb28cb
MA		 1006 if (map->sections_nb == map->sections_nb_alloc) {
1007 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1008 map->sections = g_renew(MemoryRegionSection, map->sections,
1009 map->sections_nb_alloc);
5312bd8b 1010 }
53cb28cb 1011 map->sections[map->sections_nb] = *section;
dfde4e6e 1012 memory_region_ref(section->mr);
53cb28cb 1013 return map->sections_nb++;
5312bd8b
AK		 1014}
1015
058bc4b5
PB		 1016static void phys_section_destroy(MemoryRegion *mr)
1017{
dfde4e6e
PB		 1018 memory_region_unref(mr);
1019
058bc4b5
PB		 1020 if (mr->subpage) {
1021 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1022 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1023 g_free(subpage);
1024 }
1025}
1026
6092666e 1027static void phys_sections_free(PhysPageMap *map)
5312bd8b 1028{
9affd6fc
PB		 1029 while (map->sections_nb > 0) {
1030 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1031 phys_section_destroy(section->mr);
1032 }
9affd6fc
PB		 1033 g_free(map->sections);
1034 g_free(map->nodes);
5312bd8b
AK		 1035}
1036
ac1970fb 1037static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1038{
1039 subpage_t *subpage;
a8170e5e 1040 hwaddr base = section->offset_within_address_space
0f0cb164 1041 & TARGET_PAGE_MASK;
97115a8d 1042 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1043 d->map.nodes, d->map.sections);
0f0cb164
AK		 1044 MemoryRegionSection subsection = {
1045 .offset_within_address_space = base,
052e87b0 1046 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1047 };
a8170e5e 1048 hwaddr start, end;
0f0cb164 1049
f3705d53 1050 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1051
f3705d53 1052 if (!(existing->mr->subpage)) {
acc9d80b 1053 subpage = subpage_init(d->as, base);
3be91e86 1054 subsection.address_space = d->as;
0f0cb164 1055 subsection.mr = &subpage->iomem;
ac1970fb 1056 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1057 phys_section_add(&d->map, &subsection));
0f0cb164 1058 } else {
f3705d53 1059 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1060 }
1061 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1062 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1063 subpage_register(subpage, start, end,
1064 phys_section_add(&d->map, section));
0f0cb164
AK		 1065}
1066
1067
052e87b0
PB		 1068static void register_multipage(AddressSpaceDispatch *d,
1069 MemoryRegionSection *section)
33417e70 1070{
a8170e5e 1071 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1072 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1073 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1074 TARGET_PAGE_BITS));
dd81124b 1075
733d5ef5
PB		 1076 assert(num_pages);
1077 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1078}
1079
ac1970fb 1080static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1081{
89ae337a 1082 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1083 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1084 MemoryRegionSection now = *section, remain = *section;
052e87b0 1085 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1086
733d5ef5
PB		 1087 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1088 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1089 - now.offset_within_address_space;
1090
052e87b0 1091 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1092 register_subpage(d, &now);
733d5ef5 1093 } else {
052e87b0 1094 now.size = int128_zero();
733d5ef5 1095 }
052e87b0
PB		 1096 while (int128_ne(remain.size, now.size)) {
1097 remain.size = int128_sub(remain.size, now.size);
1098 remain.offset_within_address_space += int128_get64(now.size);
1099 remain.offset_within_region += int128_get64(now.size);
69b67646 1100 now = remain;
052e87b0 1101 if (int128_lt(remain.size, page_size)) {
733d5ef5 1102 register_subpage(d, &now);
88266249 1103 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1104 now.size = page_size;
ac1970fb 1105 register_subpage(d, &now);
69b67646 1106 } else {
052e87b0 1107 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1108 register_multipage(d, &now);
69b67646 1109 }
0f0cb164
AK		 1110 }
1111}
1112
62a2744c
SY		 1113void qemu_flush_coalesced_mmio_buffer(void)
1114{
1115 if (kvm_enabled())
1116 kvm_flush_coalesced_mmio_buffer();
1117}
1118
b2a8658e
UD		 1119void qemu_mutex_lock_ramlist(void)
1120{
1121 qemu_mutex_lock(&ram_list.mutex);
1122}
1123
1124void qemu_mutex_unlock_ramlist(void)
1125{
1126 qemu_mutex_unlock(&ram_list.mutex);
1127}
1128
e1e84ba0 1129#ifdef __linux__
c902760f
MT		 1130
1131#include <sys/vfs.h>
1132
1133#define HUGETLBFS_MAGIC 0x958458f6
1134
fc7a5800 1135static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1136{
1137 struct statfs fs;
1138 int ret;
1139
1140 do {
9742bf26 1141 ret = statfs(path, &fs);
c902760f
MT		 1142 } while (ret != 0 && errno == EINTR);
1143
1144 if (ret != 0) {
fc7a5800
HT		 1145 error_setg_errno(errp, errno, "failed to get page size of file %s",
1146 path);
9742bf26 1147 return 0;
c902760f
MT		 1148 }
1149
1150 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1151 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1152
1153 return fs.f_bsize;
1154}
1155
04b16653
AW		 1156static void *file_ram_alloc(RAMBlock *block,
1157 ram_addr_t memory,
7f56e740
PB		 1158 const char *path,
1159 Error **errp)
c902760f
MT		 1160{
1161 char *filename;
8ca761f6
PF		 1162 char *sanitized_name;
1163 char *c;
557529dd 1164 void *area = NULL;
c902760f 1165 int fd;
557529dd 1166 uint64_t hpagesize;
fc7a5800 1167 Error *local_err = NULL;
c902760f 1168
fc7a5800
HT		 1169 hpagesize = gethugepagesize(path, &local_err);
1170 if (local_err) {
1171 error_propagate(errp, local_err);
f9a49dfa 1172 goto error;
c902760f 1173 }
a2b257d6 1174 block->mr->align = hpagesize;
c902760f
MT		 1175
1176 if (memory < hpagesize) {
557529dd
HT		 1177 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1178 "or larger than huge page size 0x%" PRIx64,
1179 memory, hpagesize);
1180 goto error;
c902760f
MT		 1181 }
1182
1183 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1184 error_setg(errp,
1185 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1186 goto error;
c902760f
MT		 1187 }
1188
8ca761f6 1189 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1190 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1191 for (c = sanitized_name; *c != '\0'; c++) {
1192 if (*c == '/')
1193 *c = '_';
1194 }
1195
1196 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1197 sanitized_name);
1198 g_free(sanitized_name);
c902760f
MT		 1199
1200 fd = mkstemp(filename);
1201 if (fd < 0) {
7f56e740
PB		 1202 error_setg_errno(errp, errno,
1203 "unable to create backing store for hugepages");
e4ada482 1204 g_free(filename);
f9a49dfa 1205 goto error;
c902760f
MT		 1206 }
1207 unlink(filename);
e4ada482 1208 g_free(filename);
c902760f
MT		 1209
1210 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1211
1212 /*
1213 * ftruncate is not supported by hugetlbfs in older
1214 * hosts, so don't bother bailing out on errors.
1215 * If anything goes wrong with it under other filesystems,
1216 * mmap will fail.
1217 */
7f56e740 1218 if (ftruncate(fd, memory)) {
9742bf26 1219 perror("ftruncate");
7f56e740 1220 }
c902760f 1221
dbcb8981
PB		 1222 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1223 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1224 fd, 0);
c902760f 1225 if (area == MAP_FAILED) {
7f56e740
PB		 1226 error_setg_errno(errp, errno,
1227 "unable to map backing store for hugepages");
9742bf26 1228 close(fd);
f9a49dfa 1229 goto error;
c902760f 1230 }
ef36fa14
MT		 1231
1232 if (mem_prealloc) {
38183310 1233 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1234 }
1235
04b16653 1236 block->fd = fd;
c902760f 1237 return area;
f9a49dfa
MT		 1238
1239error:
1240 if (mem_prealloc) {
81b07353 1241 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1242 exit(1);
1243 }
1244 return NULL;
c902760f
MT		 1245}
1246#endif
1247
0dc3f44a 1248/* Called with the ramlist lock held. */
d17b5288 1249static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1250{
1251 RAMBlock *block, *next_block;
3e837b2c 1252 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1253
49cd9ac6
SH		 1254 assert(size != 0); /* it would hand out same offset multiple times */
1255
0dc3f44a 1256 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1257 return 0;
0d53d9fe 1258 }
04b16653 1259
0dc3f44a 1260 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1261 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1262
62be4e3a 1263 end = block->offset + block->max_length;
04b16653 1264
0dc3f44a 1265 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1266 if (next_block->offset >= end) {
1267 next = MIN(next, next_block->offset);
1268 }
1269 }
1270 if (next - end >= size && next - end < mingap) {
3e837b2c 1271 offset = end;
04b16653
AW		 1272 mingap = next - end;
1273 }
1274 }
3e837b2c
AW		 1275
1276 if (offset == RAM_ADDR_MAX) {
1277 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1278 (uint64_t)size);
1279 abort();
1280 }
1281
04b16653
AW		 1282 return offset;
1283}
1284
652d7ec2 1285ram_addr_t last_ram_offset(void)
d17b5288
AW		 1286{
1287 RAMBlock *block;
1288 ram_addr_t last = 0;
1289
0dc3f44a
MD		 1290 rcu_read_lock();
1291 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1292 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1293 }
0dc3f44a 1294 rcu_read_unlock();
d17b5288
AW		 1295 return last;
1296}
1297
ddb97f1d
JB		 1298static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1299{
1300 int ret;
ddb97f1d
JB		 1301
1302 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1303 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1304 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1305 if (ret) {
1306 perror("qemu_madvise");
1307 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1308 "but dump_guest_core=off specified\n");
1309 }
1310 }
1311}
1312
0dc3f44a
MD		 1313/* Called within an RCU critical section, or while the ramlist lock
1314 * is held.
1315 */
20cfe881 1316static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1317{
20cfe881 1318 RAMBlock *block;
84b89d78 1319
0dc3f44a 1320 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1321 if (block->offset == addr) {
20cfe881 1322 return block;
c5705a77
AK		 1323 }
1324 }
20cfe881
HT		 1325
1326 return NULL;
1327}
1328
ae3a7047 1329/* Called with iothread lock held. */
20cfe881
HT		 1330void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1331{
ae3a7047 1332 RAMBlock *new_block, *block;
20cfe881 1333
0dc3f44a 1334 rcu_read_lock();
ae3a7047 1335 new_block = find_ram_block(addr);
c5705a77
AK		 1336 assert(new_block);
1337 assert(!new_block->idstr[0]);
84b89d78 1338
09e5ab63
AL		 1339 if (dev) {
1340 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1341 if (id) {
1342 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1343 g_free(id);
84b89d78
CM		 1344 }
1345 }
1346 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1347
0dc3f44a 1348 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1349 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1350 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1351 new_block->idstr);
1352 abort();
1353 }
1354 }
0dc3f44a 1355 rcu_read_unlock();
c5705a77
AK		 1356}
1357
ae3a7047 1358/* Called with iothread lock held. */
20cfe881
HT		 1359void qemu_ram_unset_idstr(ram_addr_t addr)
1360{
ae3a7047 1361 RAMBlock *block;
20cfe881 1362
ae3a7047
MD		 1363 /* FIXME: arch_init.c assumes that this is not called throughout
1364 * migration. Ignore the problem since hot-unplug during migration
1365 * does not work anyway.
1366 */
1367
0dc3f44a 1368 rcu_read_lock();
ae3a7047 1369 block = find_ram_block(addr);
20cfe881
HT		 1370 if (block) {
1371 memset(block->idstr, 0, sizeof(block->idstr));
1372 }
0dc3f44a 1373 rcu_read_unlock();
20cfe881
HT		 1374}
1375
8490fc78
LC		 1376static int memory_try_enable_merging(void *addr, size_t len)
1377{
75cc7f01 1378 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1379 /* disabled by the user */
1380 return 0;
1381 }
1382
1383 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1384}
1385
62be4e3a
MT		 1386/* Only legal before guest might have detected the memory size: e.g. on
1387 * incoming migration, or right after reset.
1388 *
1389 * As memory core doesn't know how is memory accessed, it is up to
1390 * resize callback to update device state and/or add assertions to detect
1391 * misuse, if necessary.
1392 */
1393int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1394{
1395 RAMBlock *block = find_ram_block(base);
1396
1397 assert(block);
1398
129ddaf3
MT		 1399 newsize = TARGET_PAGE_ALIGN(newsize);
1400
62be4e3a
MT		 1401 if (block->used_length == newsize) {
1402 return 0;
1403 }
1404
1405 if (!(block->flags & RAM_RESIZEABLE)) {
1406 error_setg_errno(errp, EINVAL,
1407 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1408 " in != 0x" RAM_ADDR_FMT, block->idstr,
1409 newsize, block->used_length);
1410 return -EINVAL;
1411 }
1412
1413 if (block->max_length < newsize) {
1414 error_setg_errno(errp, EINVAL,
1415 "Length too large: %s: 0x" RAM_ADDR_FMT
1416 " > 0x" RAM_ADDR_FMT, block->idstr,
1417 newsize, block->max_length);
1418 return -EINVAL;
1419 }
1420
1421 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1422 block->used_length = newsize;
58d2707e
PB		 1423 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1424 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1425 memory_region_set_size(block->mr, newsize);
1426 if (block->resized) {
1427 block->resized(block->idstr, newsize, block->host);
1428 }
1429 return 0;
1430}
1431
ef701d7b 1432static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1433{
e1c57ab8 1434 RAMBlock *block;
0d53d9fe 1435 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1436 ram_addr_t old_ram_size, new_ram_size;
1437
1438 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1439
b2a8658e 1440 qemu_mutex_lock_ramlist();
9b8424d5 1441 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1442
1443 if (!new_block->host) {
1444 if (xen_enabled()) {
9b8424d5
MT		 1445 xen_ram_alloc(new_block->offset, new_block->max_length,
1446 new_block->mr);
e1c57ab8 1447 } else {
9b8424d5 1448 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1449 &new_block->mr->align);
39228250 1450 if (!new_block->host) {
ef701d7b
HT		 1451 error_setg_errno(errp, errno,
1452 "cannot set up guest memory '%s'",
1453 memory_region_name(new_block->mr));
1454 qemu_mutex_unlock_ramlist();
1455 return -1;
39228250 1456 }
9b8424d5 1457 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1458 }
c902760f 1459 }
94a6b54f 1460
dd631697
LZ		 1461 new_ram_size = MAX(old_ram_size,
1462 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1463 if (new_ram_size > old_ram_size) {
1464 migration_bitmap_extend(old_ram_size, new_ram_size);
1465 }
0d53d9fe
MD		 1466 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1467 * QLIST (which has an RCU-friendly variant) does not have insertion at
1468 * tail, so save the last element in last_block.
1469 */
0dc3f44a 1470 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1471 last_block = block;
9b8424d5 1472 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1473 break;
1474 }
1475 }
1476 if (block) {
0dc3f44a 1477 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1478 } else if (last_block) {
0dc3f44a 1479 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1480 } else { /* list is empty */
0dc3f44a 1481 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1482 }
0d6d3c87 1483 ram_list.mru_block = NULL;
94a6b54f 1484
0dc3f44a
MD		 1485 /* Write list before version */
1486 smp_wmb();
f798b07f 1487 ram_list.version++;
b2a8658e 1488 qemu_mutex_unlock_ramlist();
f798b07f 1489
2152f5ca
JQ		 1490 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1491
1492 if (new_ram_size > old_ram_size) {
1ab4c8ce 1493 int i;
ae3a7047
MD		 1494
1495 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1496 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1497 ram_list.dirty_memory[i] =
1498 bitmap_zero_extend(ram_list.dirty_memory[i],
1499 old_ram_size, new_ram_size);
1500 }
2152f5ca 1501 }
9b8424d5 1502 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1503 new_block->used_length,
1504 DIRTY_CLIENTS_ALL);
94a6b54f 1505
a904c911
PB		 1506 if (new_block->host) {
1507 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1508 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1509 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1510 if (kvm_enabled()) {
1511 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1512 }
e1c57ab8 1513 }
6f0437e8 1514
94a6b54f
PB		 1515 return new_block->offset;
1516}
e9a1ab19 1517
0b183fc8 1518#ifdef __linux__
e1c57ab8 1519ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1520 bool share, const char *mem_path,
7f56e740 1521 Error **errp)
e1c57ab8
PB		 1522{
1523 RAMBlock *new_block;
ef701d7b
HT		 1524 ram_addr_t addr;
1525 Error *local_err = NULL;
e1c57ab8
PB		 1526
1527 if (xen_enabled()) {
7f56e740
PB		 1528 error_setg(errp, "-mem-path not supported with Xen");
1529 return -1;
e1c57ab8
PB		 1530 }
1531
1532 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1533 /*
1534 * file_ram_alloc() needs to allocate just like
1535 * phys_mem_alloc, but we haven't bothered to provide
1536 * a hook there.
1537 */
7f56e740
PB		 1538 error_setg(errp,
1539 "-mem-path not supported with this accelerator");
1540 return -1;
e1c57ab8
PB		 1541 }
1542
1543 size = TARGET_PAGE_ALIGN(size);
1544 new_block = g_malloc0(sizeof(*new_block));
1545 new_block->mr = mr;
9b8424d5
MT		 1546 new_block->used_length = size;
1547 new_block->max_length = size;
dbcb8981 1548 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1549 new_block->host = file_ram_alloc(new_block, size,
1550 mem_path, errp);
1551 if (!new_block->host) {
1552 g_free(new_block);
1553 return -1;
1554 }
1555
ef701d7b
HT		 1556 addr = ram_block_add(new_block, &local_err);
1557 if (local_err) {
1558 g_free(new_block);
1559 error_propagate(errp, local_err);
1560 return -1;
1561 }
1562 return addr;
e1c57ab8 1563}
0b183fc8 1564#endif
e1c57ab8 1565
62be4e3a
MT		 1566static
1567ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1568 void (*resized)(const char*,
1569 uint64_t length,
1570 void *host),
1571 void *host, bool resizeable,
ef701d7b 1572 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1573{
1574 RAMBlock *new_block;
ef701d7b
HT		 1575 ram_addr_t addr;
1576 Error *local_err = NULL;
e1c57ab8
PB		 1577
1578 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1579 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1580 new_block = g_malloc0(sizeof(*new_block));
1581 new_block->mr = mr;
62be4e3a 1582 new_block->resized = resized;
9b8424d5
MT		 1583 new_block->used_length = size;
1584 new_block->max_length = max_size;
62be4e3a 1585 assert(max_size >= size);
e1c57ab8
PB		 1586 new_block->fd = -1;
1587 new_block->host = host;
1588 if (host) {
7bd4f430 1589 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1590 }
62be4e3a
MT		 1591 if (resizeable) {
1592 new_block->flags |= RAM_RESIZEABLE;
1593 }
ef701d7b
HT		 1594 addr = ram_block_add(new_block, &local_err);
1595 if (local_err) {
1596 g_free(new_block);
1597 error_propagate(errp, local_err);
1598 return -1;
1599 }
1600 return addr;
e1c57ab8
PB		 1601}
1602
62be4e3a
MT		 1603ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1604 MemoryRegion *mr, Error **errp)
1605{
1606 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1607}
1608
ef701d7b 1609ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1610{
62be4e3a
MT		 1611 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1612}
1613
1614ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1615 void (*resized)(const char*,
1616 uint64_t length,
1617 void *host),
1618 MemoryRegion *mr, Error **errp)
1619{
1620 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1621}
1622
1f2e98b6
AW		 1623void qemu_ram_free_from_ptr(ram_addr_t addr)
1624{
1625 RAMBlock *block;
1626
b2a8658e 1627 qemu_mutex_lock_ramlist();
0dc3f44a 1628 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1629 if (addr == block->offset) {
0dc3f44a 1630 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1631 ram_list.mru_block = NULL;
0dc3f44a
MD		 1632 /* Write list before version */
1633 smp_wmb();
f798b07f 1634 ram_list.version++;
43771539 1635 g_free_rcu(block, rcu);
b2a8658e 1636 break;
1f2e98b6
AW		 1637 }
1638 }
b2a8658e 1639 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1640}
1641
43771539
PB		 1642static void reclaim_ramblock(RAMBlock *block)
1643{
1644 if (block->flags & RAM_PREALLOC) {
1645 ;
1646 } else if (xen_enabled()) {
1647 xen_invalidate_map_cache_entry(block->host);
1648#ifndef _WIN32
1649 } else if (block->fd >= 0) {
1650 munmap(block->host, block->max_length);
1651 close(block->fd);
1652#endif
1653 } else {
1654 qemu_anon_ram_free(block->host, block->max_length);
1655 }
1656 g_free(block);
1657}
1658
c227f099 1659void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1660{
04b16653
AW		 1661 RAMBlock *block;
1662
b2a8658e 1663 qemu_mutex_lock_ramlist();
0dc3f44a 1664 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1665 if (addr == block->offset) {
0dc3f44a 1666 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1667 ram_list.mru_block = NULL;
0dc3f44a
MD		 1668 /* Write list before version */
1669 smp_wmb();
f798b07f 1670 ram_list.version++;
43771539 1671 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1672 break;
04b16653
AW		 1673 }
1674 }
b2a8658e 1675 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1676}
1677
cd19cfa2
HY		 1678#ifndef _WIN32
1679void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1680{
1681 RAMBlock *block;
1682 ram_addr_t offset;
1683 int flags;
1684 void *area, *vaddr;
1685
0dc3f44a 1686 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1687 offset = addr - block->offset;
9b8424d5 1688 if (offset < block->max_length) {
1240be24 1689 vaddr = ramblock_ptr(block, offset);
7bd4f430 1690 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1691 ;
dfeaf2ab
MA		 1692 } else if (xen_enabled()) {
1693 abort();
cd19cfa2
HY		 1694 } else {
1695 flags = MAP_FIXED;
3435f395 1696 if (block->fd >= 0) {
dbcb8981
PB		 1697 flags |= (block->flags & RAM_SHARED ?
1698 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1699 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1700 flags, block->fd, offset);
cd19cfa2 1701 } else {
2eb9fbaa
MA		 1702 /*
1703 * Remap needs to match alloc. Accelerators that
1704 * set phys_mem_alloc never remap. If they did,
1705 * we'd need a remap hook here.
1706 */
1707 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1708
cd19cfa2
HY		 1709 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1710 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1711 flags, -1, 0);
cd19cfa2
HY		 1712 }
1713 if (area != vaddr) {
f15fbc4b
AP		 1714 fprintf(stderr, "Could not remap addr: "
1715 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1716 length, addr);
1717 exit(1);
1718 }
8490fc78 1719 memory_try_enable_merging(vaddr, length);
ddb97f1d 1720 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1721 }
cd19cfa2
HY		 1722 }
1723 }
1724}
1725#endif /* !_WIN32 */
1726
a35ba7be
PB		 1727int qemu_get_ram_fd(ram_addr_t addr)
1728{
ae3a7047
MD		 1729 RAMBlock *block;
1730 int fd;
a35ba7be 1731
0dc3f44a 1732 rcu_read_lock();
ae3a7047
MD		 1733 block = qemu_get_ram_block(addr);
1734 fd = block->fd;
0dc3f44a 1735 rcu_read_unlock();
ae3a7047 1736 return fd;
a35ba7be
PB		 1737}
1738
3fd74b84
DM		 1739void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1740{
ae3a7047
MD		 1741 RAMBlock *block;
1742 void *ptr;
3fd74b84 1743
0dc3f44a 1744 rcu_read_lock();
ae3a7047
MD		 1745 block = qemu_get_ram_block(addr);
1746 ptr = ramblock_ptr(block, 0);
0dc3f44a 1747 rcu_read_unlock();
ae3a7047 1748 return ptr;
3fd74b84
DM		 1749}
1750
1b5ec234 1751/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1752 * This should not be used for general purpose DMA. Use address_space_map
1753 * or address_space_rw instead. For local memory (e.g. video ram) that the
1754 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1755 *
1756 * By the time this function returns, the returned pointer is not protected
1757 * by RCU anymore. If the caller is not within an RCU critical section and
1758 * does not hold the iothread lock, it must have other means of protecting the
1759 * pointer, such as a reference to the region that includes the incoming
1760 * ram_addr_t.
1b5ec234
PB		 1761 */
1762void *qemu_get_ram_ptr(ram_addr_t addr)
1763{
ae3a7047
MD		 1764 RAMBlock *block;
1765 void *ptr;
1b5ec234 1766
0dc3f44a 1767 rcu_read_lock();
ae3a7047
MD		 1768 block = qemu_get_ram_block(addr);
1769
1770 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1771 /* We need to check if the requested address is in the RAM
1772 * because we don't want to map the entire memory in QEMU.
1773 * In that case just map until the end of the page.
1774 */
1775 if (block->offset == 0) {
ae3a7047 1776 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1777 goto unlock;
0d6d3c87 1778 }
ae3a7047
MD		 1779
1780 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1781 }
ae3a7047
MD		 1782 ptr = ramblock_ptr(block, addr - block->offset);
1783
0dc3f44a
MD		 1784unlock:
1785 rcu_read_unlock();
ae3a7047 1786 return ptr;
dc828ca1
PB		 1787}
1788
38bee5dc 1789/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1790 * but takes a size argument.
0dc3f44a
MD		 1791 *
1792 * By the time this function returns, the returned pointer is not protected
1793 * by RCU anymore. If the caller is not within an RCU critical section and
1794 * does not hold the iothread lock, it must have other means of protecting the
1795 * pointer, such as a reference to the region that includes the incoming
1796 * ram_addr_t.
ae3a7047 1797 */
cb85f7ab 1798static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1799{
ae3a7047 1800 void *ptr;
8ab934f9
SS		 1801 if (*size == 0) {
1802 return NULL;
1803 }
868bb33f 1804 if (xen_enabled()) {
e41d7c69 1805 return xen_map_cache(addr, *size, 1);
868bb33f 1806 } else {
38bee5dc 1807 RAMBlock *block;
0dc3f44a
MD		 1808 rcu_read_lock();
1809 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1810 if (addr - block->offset < block->max_length) {
1811 if (addr - block->offset + *size > block->max_length)
1812 *size = block->max_length - addr + block->offset;
ae3a7047 1813 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1814 rcu_read_unlock();
ae3a7047 1815 return ptr;
38bee5dc
SS		 1816 }
1817 }
1818
1819 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1820 abort();
38bee5dc
SS		 1821 }
1822}
1823
7443b437 1824/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1825 * (typically a TLB entry) back to a ram offset.
1826 *
1827 * By the time this function returns, the returned pointer is not protected
1828 * by RCU anymore. If the caller is not within an RCU critical section and
1829 * does not hold the iothread lock, it must have other means of protecting the
1830 * pointer, such as a reference to the region that includes the incoming
1831 * ram_addr_t.
1832 */
1b5ec234 1833MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1834{
94a6b54f
PB		 1835 RAMBlock *block;
1836 uint8_t *host = ptr;
ae3a7047 1837 MemoryRegion *mr;
94a6b54f 1838
868bb33f 1839 if (xen_enabled()) {
0dc3f44a 1840 rcu_read_lock();
e41d7c69 1841 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1842 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1843 rcu_read_unlock();
ae3a7047 1844 return mr;
712c2b41
SS		 1845 }
1846
0dc3f44a
MD		 1847 rcu_read_lock();
1848 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1849 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1850 goto found;
1851 }
1852
0dc3f44a 1853 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1854 /* This case append when the block is not mapped. */
1855 if (block->host == NULL) {
1856 continue;
1857 }
9b8424d5 1858 if (host - block->host < block->max_length) {
23887b79 1859 goto found;
f471a17e 1860 }
94a6b54f 1861 }
432d268c 1862
0dc3f44a 1863 rcu_read_unlock();
1b5ec234 1864 return NULL;
23887b79
PB		 1865
1866found:
1867 *ram_addr = block->offset + (host - block->host);
ae3a7047 1868 mr = block->mr;
0dc3f44a 1869 rcu_read_unlock();
ae3a7047 1870 return mr;
e890261f 1871}
f471a17e 1872
a8170e5e 1873static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1874 uint64_t val, unsigned size)
9fa3e853 1875{
52159192 1876 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1877 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1878 }
0e0df1e2
AK		 1879 switch (size) {
1880 case 1:
1881 stb_p(qemu_get_ram_ptr(ram_addr), val);
1882 break;
1883 case 2:
1884 stw_p(qemu_get_ram_ptr(ram_addr), val);
1885 break;
1886 case 4:
1887 stl_p(qemu_get_ram_ptr(ram_addr), val);
1888 break;
1889 default:
1890 abort();
3a7d929e 1891 }
58d2707e
PB		 1892 /* Set both VGA and migration bits for simplicity and to remove
1893 * the notdirty callback faster.
1894 */
1895 cpu_physical_memory_set_dirty_range(ram_addr, size,
1896 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1897 /* we remove the notdirty callback only if the code has been
1898 flushed */
a2cd8c85 1899 if (!cpu_physical_memory_is_clean(ram_addr)) {
4917cf44 1900 CPUArchState *env = current_cpu->env_ptr;
93afeade 1901 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
4917cf44 1902 }
9fa3e853
FB		 1903}
1904
b018ddf6
PB		 1905static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1906 unsigned size, bool is_write)
1907{
1908 return is_write;
1909}
1910
0e0df1e2 1911static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1912 .write = notdirty_mem_write,
b018ddf6 1913 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1914 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1915};
1916
0f459d16 1917/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1918static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1919{
93afeade
AF		 1920 CPUState *cpu = current_cpu;
1921 CPUArchState *env = cpu->env_ptr;
06d55cc1 1922 target_ulong pc, cs_base;
0f459d16 1923 target_ulong vaddr;
a1d1bb31 1924 CPUWatchpoint *wp;
06d55cc1 1925 int cpu_flags;
0f459d16 1926
ff4700b0 1927 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1928 /* We re-entered the check after replacing the TB. Now raise
1929 * the debug interrupt so that is will trigger after the
1930 * current instruction. */
93afeade 1931 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1932 return;
1933 }
93afeade 1934 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1935 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1936 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1937 && (wp->flags & flags)) {
08225676
PM		 1938 if (flags == BP_MEM_READ) {
1939 wp->flags |= BP_WATCHPOINT_HIT_READ;
1940 } else {
1941 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1942 }
1943 wp->hitaddr = vaddr;
66b9b43c 1944 wp->hitattrs = attrs;
ff4700b0
AF		 1945 if (!cpu->watchpoint_hit) {
1946 cpu->watchpoint_hit = wp;
239c51a5 1947 tb_check_watchpoint(cpu);
6e140f28 1948 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1949 cpu->exception_index = EXCP_DEBUG;
5638d180 1950 cpu_loop_exit(cpu);
6e140f28
AL		 1951 } else {
1952 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 1953 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 1954 cpu_resume_from_signal(cpu, NULL);
6e140f28 1955 }
06d55cc1 1956 }
6e140f28
AL		 1957 } else {
1958 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1959 }
1960 }
1961}
1962
6658ffb8
PB		 1963/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1964 so these check for a hit then pass through to the normal out-of-line
1965 phys routines. */
66b9b43c
PM		 1966static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
1967 unsigned size, MemTxAttrs attrs)
6658ffb8 1968{
66b9b43c
PM		 1969 MemTxResult res;
1970 uint64_t data;
1971
1972 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 1973 switch (size) {
66b9b43c
PM		 1974 case 1:
1975 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
1976 break;
1977 case 2:
1978 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
1979 break;
1980 case 4:
1981 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
1982 break;
1ec9b909
AK		 1983 default: abort();
1984 }
66b9b43c
PM		 1985 *pdata = data;
1986 return res;
6658ffb8
PB		 1987}
1988
66b9b43c
PM		 1989static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
1990 uint64_t val, unsigned size,
1991 MemTxAttrs attrs)
6658ffb8 1992{
66b9b43c
PM		 1993 MemTxResult res;
1994
1995 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 1996 switch (size) {
67364150 1997 case 1:
66b9b43c 1998 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 1999 break;
2000 case 2:
66b9b43c 2001 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2002 break;
2003 case 4:
66b9b43c 2004 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2005 break;
1ec9b909
AK		 2006 default: abort();
2007 }
66b9b43c 2008 return res;
6658ffb8
PB		 2009}
2010
1ec9b909 2011static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2012 .read_with_attrs = watch_mem_read,
2013 .write_with_attrs = watch_mem_write,
1ec9b909 2014 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2015};
6658ffb8 2016
f25a49e0
PM		 2017static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2018 unsigned len, MemTxAttrs attrs)
db7b5426 2019{
acc9d80b 2020 subpage_t *subpage = opaque;
ff6cff75 2021 uint8_t buf[8];
5c9eb028 2022 MemTxResult res;
791af8c8 2023
db7b5426 2024#if defined(DEBUG_SUBPAGE)
016e9d62 2025 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2026 subpage, len, addr);
db7b5426 2027#endif
5c9eb028
PM		 2028 res = address_space_read(subpage->as, addr + subpage->base,
2029 attrs, buf, len);
2030 if (res) {
2031 return res;
f25a49e0 2032 }
acc9d80b
JK		 2033 switch (len) {
2034 case 1:
f25a49e0
PM		 2035 *data = ldub_p(buf);
2036 return MEMTX_OK;
acc9d80b 2037 case 2:
f25a49e0
PM		 2038 *data = lduw_p(buf);
2039 return MEMTX_OK;
acc9d80b 2040 case 4:
f25a49e0
PM		 2041 *data = ldl_p(buf);
2042 return MEMTX_OK;
ff6cff75 2043 case 8:
f25a49e0
PM		 2044 *data = ldq_p(buf);
2045 return MEMTX_OK;
acc9d80b
JK		 2046 default:
2047 abort();
2048 }
db7b5426
BS		 2049}
2050
f25a49e0
PM		 2051static MemTxResult subpage_write(void *opaque, hwaddr addr,
2052 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2053{
acc9d80b 2054 subpage_t *subpage = opaque;
ff6cff75 2055 uint8_t buf[8];
acc9d80b 2056
db7b5426 2057#if defined(DEBUG_SUBPAGE)
016e9d62 2058 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2059 " value %"PRIx64"\n",
2060 __func__, subpage, len, addr, value);
db7b5426 2061#endif
acc9d80b
JK		 2062 switch (len) {
2063 case 1:
2064 stb_p(buf, value);
2065 break;
2066 case 2:
2067 stw_p(buf, value);
2068 break;
2069 case 4:
2070 stl_p(buf, value);
2071 break;
ff6cff75
PB		 2072 case 8:
2073 stq_p(buf, value);
2074 break;
acc9d80b
JK		 2075 default:
2076 abort();
2077 }
5c9eb028
PM		 2078 return address_space_write(subpage->as, addr + subpage->base,
2079 attrs, buf, len);
db7b5426
BS		 2080}
2081
c353e4cc 2082static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2083 unsigned len, bool is_write)
c353e4cc 2084{
acc9d80b 2085 subpage_t *subpage = opaque;
c353e4cc 2086#if defined(DEBUG_SUBPAGE)
016e9d62 2087 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2088 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2089#endif
2090
acc9d80b 2091 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2092 len, is_write);
c353e4cc
PB		 2093}
2094
70c68e44 2095static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2096 .read_with_attrs = subpage_read,
2097 .write_with_attrs = subpage_write,
ff6cff75
PB		 2098 .impl.min_access_size = 1,
2099 .impl.max_access_size = 8,
2100 .valid.min_access_size = 1,
2101 .valid.max_access_size = 8,
c353e4cc 2102 .valid.accepts = subpage_accepts,
70c68e44 2103 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2104};
2105
c227f099 2106static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2107 uint16_t section)
db7b5426
BS		 2108{
2109 int idx, eidx;
2110
2111 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2112 return -1;
2113 idx = SUBPAGE_IDX(start);
2114 eidx = SUBPAGE_IDX(end);
2115#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2116 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2117 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2118#endif
db7b5426 2119 for (; idx <= eidx; idx++) {
5312bd8b 2120 mmio->sub_section[idx] = section;
db7b5426
BS		 2121 }
2122
2123 return 0;
2124}
2125
acc9d80b 2126static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2127{
c227f099 2128 subpage_t *mmio;
db7b5426 2129
7267c094 2130 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2131
acc9d80b 2132 mmio->as = as;
1eec614b 2133 mmio->base = base;
2c9b15ca 2134 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2135 NULL, TARGET_PAGE_SIZE);
b3b00c78 2136 mmio->iomem.subpage = true;
db7b5426 2137#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2138 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2139 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2140#endif
b41aac4f 2141 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2142
2143 return mmio;
2144}
2145
a656e22f
PC		 2146static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2147 MemoryRegion *mr)
5312bd8b 2148{
a656e22f 2149 assert(as);
5312bd8b 2150 MemoryRegionSection section = {
a656e22f 2151 .address_space = as,
5312bd8b
AK		 2152 .mr = mr,
2153 .offset_within_address_space = 0,
2154 .offset_within_region = 0,
052e87b0 2155 .size = int128_2_64(),
5312bd8b
AK		 2156 };
2157
53cb28cb 2158 return phys_section_add(map, &section);
5312bd8b
AK		 2159}
2160
9d82b5a7 2161MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2162{
79e2b9ae
PB		 2163 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2164 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2165
2166 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2167}
2168
e9179ce1
AK		 2169static void io_mem_init(void)
2170{
1f6245e5 2171 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2172 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2173 NULL, UINT64_MAX);
2c9b15ca 2174 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2175 NULL, UINT64_MAX);
2c9b15ca 2176 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2177 NULL, UINT64_MAX);
e9179ce1
AK		 2178}
2179
ac1970fb 2180static void mem_begin(MemoryListener *listener)
00752703
PB		 2181{
2182 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2183 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2184 uint16_t n;
2185
a656e22f 2186 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2187 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2188 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2189 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2190 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2191 assert(n == PHYS_SECTION_ROM);
a656e22f 2192 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2193 assert(n == PHYS_SECTION_WATCH);
00752703 2194
9736e55b 2195 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2196 d->as = as;
2197 as->next_dispatch = d;
2198}
2199
79e2b9ae
PB		 2200static void address_space_dispatch_free(AddressSpaceDispatch *d)
2201{
2202 phys_sections_free(&d->map);
2203 g_free(d);
2204}
2205
00752703 2206static void mem_commit(MemoryListener *listener)
ac1970fb 2207{
89ae337a 2208 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2209 AddressSpaceDispatch *cur = as->dispatch;
2210 AddressSpaceDispatch *next = as->next_dispatch;
2211
53cb28cb 2212 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2213
79e2b9ae 2214 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2215 if (cur) {
79e2b9ae 2216 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2217 }
9affd6fc
PB		 2218}
2219
1d71148e 2220static void tcg_commit(MemoryListener *listener)
50c1e149 2221{
182735ef 2222 CPUState *cpu;
117712c3
AK		 2223
2224 /* since each CPU stores ram addresses in its TLB cache, we must
2225 reset the modified entries */
2226 /* XXX: slow ! */
bdc44640 2227 CPU_FOREACH(cpu) {
33bde2e1
EI		 2228 /* FIXME: Disentangle the cpu.h circular files deps so we can
2229 directly get the right CPU from listener. */
2230 if (cpu->tcg_as_listener != listener) {
2231 continue;
2232 }
76e5c76f 2233 cpu_reload_memory_map(cpu);
117712c3 2234 }
50c1e149
AK		 2235}
2236
ac1970fb
AK		 2237void address_space_init_dispatch(AddressSpace *as)
2238{
00752703 2239 as->dispatch = NULL;
89ae337a 2240 as->dispatch_listener = (MemoryListener) {
ac1970fb 2241 .begin = mem_begin,
00752703 2242 .commit = mem_commit,
ac1970fb
AK		 2243 .region_add = mem_add,
2244 .region_nop = mem_add,
2245 .priority = 0,
2246 };
89ae337a 2247 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2248}
2249
6e48e8f9
PB		 2250void address_space_unregister(AddressSpace *as)
2251{
2252 memory_listener_unregister(&as->dispatch_listener);
2253}
2254
83f3c251
AK		 2255void address_space_destroy_dispatch(AddressSpace *as)
2256{
2257 AddressSpaceDispatch *d = as->dispatch;
2258
79e2b9ae
PB		 2259 atomic_rcu_set(&as->dispatch, NULL);
2260 if (d) {
2261 call_rcu(d, address_space_dispatch_free, rcu);
2262 }
83f3c251
AK		 2263}
2264
62152b8a
AK		 2265static void memory_map_init(void)
2266{
7267c094 2267 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2268
57271d63 2269 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2270 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2271
7267c094 2272 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2273 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2274 65536);
7dca8043 2275 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2276}
2277
2278MemoryRegion *get_system_memory(void)
2279{
2280 return system_memory;
2281}
2282
309cb471
AK		 2283MemoryRegion *get_system_io(void)
2284{
2285 return system_io;
2286}
2287
e2eef170
PB		 2288#endif /* !defined(CONFIG_USER_ONLY) */
2289
13eb76e0
FB		 2290/* physical memory access (slow version, mainly for debug) */
2291#if defined(CONFIG_USER_ONLY)
f17ec444 2292int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2293 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2294{
2295 int l, flags;
2296 target_ulong page;
53a5960a 2297 void * p;
13eb76e0
FB		 2298
2299 while (len > 0) {
2300 page = addr & TARGET_PAGE_MASK;
2301 l = (page + TARGET_PAGE_SIZE) - addr;
2302 if (l > len)
2303 l = len;
2304 flags = page_get_flags(page);
2305 if (!(flags & PAGE_VALID))
a68fe89c 2306 return -1;
13eb76e0
FB		 2307 if (is_write) {
2308 if (!(flags & PAGE_WRITE))
a68fe89c 2309 return -1;
579a97f7 2310 /* XXX: this code should not depend on lock_user */
72fb7daa 2311 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2312 return -1;
72fb7daa
AJ		 2313 memcpy(p, buf, l);
2314 unlock_user(p, addr, l);
13eb76e0
FB		 2315 } else {
2316 if (!(flags & PAGE_READ))
a68fe89c 2317 return -1;
579a97f7 2318 /* XXX: this code should not depend on lock_user */
72fb7daa 2319 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2320 return -1;
72fb7daa 2321 memcpy(buf, p, l);
5b257578 2322 unlock_user(p, addr, 0);
13eb76e0
FB		 2323 }
2324 len -= l;
2325 buf += l;
2326 addr += l;
2327 }
a68fe89c 2328 return 0;
13eb76e0 2329}
8df1cd07 2330
13eb76e0 2331#else
51d7a9eb 2332
845b6214 2333static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2334 hwaddr length)
51d7a9eb 2335{
e87f7778
PB		 2336 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2337 /* No early return if dirty_log_mask is or becomes 0, because
2338 * cpu_physical_memory_set_dirty_range will still call
2339 * xen_modified_memory.
2340 */
2341 if (dirty_log_mask) {
2342 dirty_log_mask =
2343 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2344 }
2345 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2346 tb_invalidate_phys_range(addr, addr + length);
2347 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2348 }
e87f7778 2349 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2350}
2351
23326164 2352static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2353{
e1622f4b 2354 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2355
2356 /* Regions are assumed to support 1-4 byte accesses unless
2357 otherwise specified. */
23326164
RH		 2358 if (access_size_max == 0) {
2359 access_size_max = 4;
2360 }
2361
2362 /* Bound the maximum access by the alignment of the address. */
2363 if (!mr->ops->impl.unaligned) {
2364 unsigned align_size_max = addr & -addr;
2365 if (align_size_max != 0 && align_size_max < access_size_max) {
2366 access_size_max = align_size_max;
2367 }
82f2563f 2368 }
23326164
RH		 2369
2370 /* Don't attempt accesses larger than the maximum. */
2371 if (l > access_size_max) {
2372 l = access_size_max;
82f2563f 2373 }
098178f2
PB		 2374 if (l & (l - 1)) {
2375 l = 1 << (qemu_fls(l) - 1);
2376 }
23326164
RH		 2377
2378 return l;
82f2563f
PB		 2379}
2380
4840f10e 2381static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2382{
4840f10e
JK		 2383 bool unlocked = !qemu_mutex_iothread_locked();
2384 bool release_lock = false;
2385
2386 if (unlocked && mr->global_locking) {
2387 qemu_mutex_lock_iothread();
2388 unlocked = false;
2389 release_lock = true;
2390 }
125b3806 2391 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2392 if (unlocked) {
2393 qemu_mutex_lock_iothread();
2394 }
125b3806 2395 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2396 if (unlocked) {
2397 qemu_mutex_unlock_iothread();
2398 }
125b3806 2399 }
4840f10e
JK		 2400
2401 return release_lock;
125b3806
PB		 2402}
2403
5c9eb028
PM		 2404MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2405 uint8_t *buf, int len, bool is_write)
13eb76e0 2406{
149f54b5 2407 hwaddr l;
13eb76e0 2408 uint8_t *ptr;
791af8c8 2409 uint64_t val;
149f54b5 2410 hwaddr addr1;
5c8a00ce 2411 MemoryRegion *mr;
3b643495 2412 MemTxResult result = MEMTX_OK;
4840f10e 2413 bool release_lock = false;
3b46e624 2414
41063e1e 2415 rcu_read_lock();
13eb76e0 2416 while (len > 0) {
149f54b5 2417 l = len;
5c8a00ce 2418 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2419
13eb76e0 2420 if (is_write) {
5c8a00ce 2421 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2422 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2423 l = memory_access_size(mr, l, addr1);
4917cf44 2424 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2425 potential bugs */
23326164
RH		 2426 switch (l) {
2427 case 8:
2428 /* 64 bit write access */
2429 val = ldq_p(buf);
3b643495
PM		 2430 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2431 attrs);
23326164
RH		 2432 break;
2433 case 4:
1c213d19 2434 /* 32 bit write access */
c27004ec 2435 val = ldl_p(buf);
3b643495
PM		 2436 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2437 attrs);
23326164
RH		 2438 break;
2439 case 2:
1c213d19 2440 /* 16 bit write access */
c27004ec 2441 val = lduw_p(buf);
3b643495
PM		 2442 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2443 attrs);
23326164
RH		 2444 break;
2445 case 1:
1c213d19 2446 /* 8 bit write access */
c27004ec 2447 val = ldub_p(buf);
3b643495
PM		 2448 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2449 attrs);
23326164
RH		 2450 break;
2451 default:
2452 abort();
13eb76e0 2453 }
2bbfa05d 2454 } else {
5c8a00ce 2455 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2456 /* RAM case */
5579c7f3 2457 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2458 memcpy(ptr, buf, l);
845b6214 2459 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2460 }
2461 } else {
5c8a00ce 2462 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2463 /* I/O case */
4840f10e 2464 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2465 l = memory_access_size(mr, l, addr1);
23326164
RH		 2466 switch (l) {
2467 case 8:
2468 /* 64 bit read access */
3b643495
PM		 2469 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2470 attrs);
23326164
RH		 2471 stq_p(buf, val);
2472 break;
2473 case 4:
13eb76e0 2474 /* 32 bit read access */
3b643495
PM		 2475 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2476 attrs);
c27004ec 2477 stl_p(buf, val);
23326164
RH		 2478 break;
2479 case 2:
13eb76e0 2480 /* 16 bit read access */
3b643495
PM		 2481 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2482 attrs);
c27004ec 2483 stw_p(buf, val);
23326164
RH		 2484 break;
2485 case 1:
1c213d19 2486 /* 8 bit read access */
3b643495
PM		 2487 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2488 attrs);
c27004ec 2489 stb_p(buf, val);
23326164
RH		 2490 break;
2491 default:
2492 abort();
13eb76e0
FB		 2493 }
2494 } else {
2495 /* RAM case */
5c8a00ce 2496 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2497 memcpy(buf, ptr, l);
13eb76e0
FB		 2498 }
2499 }
4840f10e
JK		 2500
2501 if (release_lock) {
2502 qemu_mutex_unlock_iothread();
2503 release_lock = false;
2504 }
2505
13eb76e0
FB		 2506 len -= l;
2507 buf += l;
2508 addr += l;
2509 }
41063e1e 2510 rcu_read_unlock();
fd8aaa76 2511
3b643495 2512 return result;
13eb76e0 2513}
8df1cd07 2514
5c9eb028
PM		 2515MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2516 const uint8_t *buf, int len)
ac1970fb 2517{
5c9eb028 2518 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2519}
2520
5c9eb028
PM		 2521MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2522 uint8_t *buf, int len)
ac1970fb 2523{
5c9eb028 2524 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2525}
2526
2527
a8170e5e 2528void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2529 int len, int is_write)
2530{
5c9eb028
PM		 2531 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2532 buf, len, is_write);
ac1970fb
AK		 2533}
2534
582b55a9
AG		 2535enum write_rom_type {
2536 WRITE_DATA,
2537 FLUSH_CACHE,
2538};
2539
2a221651 2540static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2541 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2542{
149f54b5 2543 hwaddr l;
d0ecd2aa 2544 uint8_t *ptr;
149f54b5 2545 hwaddr addr1;
5c8a00ce 2546 MemoryRegion *mr;
3b46e624 2547
41063e1e 2548 rcu_read_lock();
d0ecd2aa 2549 while (len > 0) {
149f54b5 2550 l = len;
2a221651 2551 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2552
5c8a00ce
PB		 2553 if (!(memory_region_is_ram(mr) ||
2554 memory_region_is_romd(mr))) {
b242e0e0 2555 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2556 } else {
5c8a00ce 2557 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2558 /* ROM/RAM case */
5579c7f3 2559 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2560 switch (type) {
2561 case WRITE_DATA:
2562 memcpy(ptr, buf, l);
845b6214 2563 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2564 break;
2565 case FLUSH_CACHE:
2566 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2567 break;
2568 }
d0ecd2aa
FB		 2569 }
2570 len -= l;
2571 buf += l;
2572 addr += l;
2573 }
41063e1e 2574 rcu_read_unlock();
d0ecd2aa
FB		 2575}
2576
582b55a9 2577/* used for ROM loading : can write in RAM and ROM */
2a221651 2578void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2579 const uint8_t *buf, int len)
2580{
2a221651 2581 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2582}
2583
2584void cpu_flush_icache_range(hwaddr start, int len)
2585{
2586 /*
2587 * This function should do the same thing as an icache flush that was
2588 * triggered from within the guest. For TCG we are always cache coherent,
2589 * so there is no need to flush anything. For KVM / Xen we need to flush
2590 * the host's instruction cache at least.
2591 */
2592 if (tcg_enabled()) {
2593 return;
2594 }
2595
2a221651
EI		 2596 cpu_physical_memory_write_rom_internal(&address_space_memory,
2597 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2598}
2599
6d16c2f8 2600typedef struct {
d3e71559 2601 MemoryRegion *mr;
6d16c2f8 2602 void *buffer;
a8170e5e
AK		 2603 hwaddr addr;
2604 hwaddr len;
c2cba0ff 2605 bool in_use;
6d16c2f8
AL		 2606} BounceBuffer;
2607
2608static BounceBuffer bounce;
2609
ba223c29 2610typedef struct MapClient {
e95205e1 2611 QEMUBH *bh;
72cf2d4f 2612 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2613} MapClient;
2614
38e047b5 2615QemuMutex map_client_list_lock;
72cf2d4f
BS		 2616static QLIST_HEAD(map_client_list, MapClient) map_client_list
2617 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2618
e95205e1
FZ		 2619static void cpu_unregister_map_client_do(MapClient *client)
2620{
2621 QLIST_REMOVE(client, link);
2622 g_free(client);
2623}
2624
33b6c2ed
FZ		 2625static void cpu_notify_map_clients_locked(void)
2626{
2627 MapClient *client;
2628
2629 while (!QLIST_EMPTY(&map_client_list)) {
2630 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2631 qemu_bh_schedule(client->bh);
2632 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2633 }
2634}
2635
e95205e1 2636void cpu_register_map_client(QEMUBH *bh)
ba223c29 2637{
7267c094 2638 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2639
38e047b5 2640 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2641 client->bh = bh;
72cf2d4f 2642 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2643 if (!atomic_read(&bounce.in_use)) {
2644 cpu_notify_map_clients_locked();
2645 }
38e047b5 2646 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2647}
2648
38e047b5 2649void cpu_exec_init_all(void)
ba223c29 2650{
38e047b5
FZ		 2651 qemu_mutex_init(&ram_list.mutex);
2652 memory_map_init();
2653 io_mem_init();
2654 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2655}
2656
e95205e1 2657void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2658{
2659 MapClient *client;
2660
e95205e1
FZ		 2661 qemu_mutex_lock(&map_client_list_lock);
2662 QLIST_FOREACH(client, &map_client_list, link) {
2663 if (client->bh == bh) {
2664 cpu_unregister_map_client_do(client);
2665 break;
2666 }
ba223c29 2667 }
e95205e1 2668 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2669}
2670
2671static void cpu_notify_map_clients(void)
2672{
38e047b5 2673 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2674 cpu_notify_map_clients_locked();
38e047b5 2675 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2676}
2677
51644ab7
PB		 2678bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2679{
5c8a00ce 2680 MemoryRegion *mr;
51644ab7
PB		 2681 hwaddr l, xlat;
2682
41063e1e 2683 rcu_read_lock();
51644ab7
PB		 2684 while (len > 0) {
2685 l = len;
5c8a00ce
PB		 2686 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2687 if (!memory_access_is_direct(mr, is_write)) {
2688 l = memory_access_size(mr, l, addr);
2689 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2690 return false;
2691 }
2692 }
2693
2694 len -= l;
2695 addr += l;
2696 }
41063e1e 2697 rcu_read_unlock();
51644ab7
PB		 2698 return true;
2699}
2700
6d16c2f8
AL		 2701/* Map a physical memory region into a host virtual address.
2702 * May map a subset of the requested range, given by and returned in *plen.
2703 * May return NULL if resources needed to perform the mapping are exhausted.
2704 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2705 * Use cpu_register_map_client() to know when retrying the map operation is
2706 * likely to succeed.
6d16c2f8 2707 */
ac1970fb 2708void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2709 hwaddr addr,
2710 hwaddr *plen,
ac1970fb 2711 bool is_write)
6d16c2f8 2712{
a8170e5e 2713 hwaddr len = *plen;
e3127ae0
PB		 2714 hwaddr done = 0;
2715 hwaddr l, xlat, base;
2716 MemoryRegion *mr, *this_mr;
2717 ram_addr_t raddr;
6d16c2f8 2718
e3127ae0
PB		 2719 if (len == 0) {
2720 return NULL;
2721 }
38bee5dc 2722
e3127ae0 2723 l = len;
41063e1e 2724 rcu_read_lock();
e3127ae0 2725 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2726
e3127ae0 2727 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2728 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2729 rcu_read_unlock();
e3127ae0 2730 return NULL;
6d16c2f8 2731 }
e85d9db5
KW		 2732 /* Avoid unbounded allocations */
2733 l = MIN(l, TARGET_PAGE_SIZE);
2734 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2735 bounce.addr = addr;
2736 bounce.len = l;
d3e71559
PB		 2737
2738 memory_region_ref(mr);
2739 bounce.mr = mr;
e3127ae0 2740 if (!is_write) {
5c9eb028
PM		 2741 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2742 bounce.buffer, l);
8ab934f9 2743 }
6d16c2f8 2744
41063e1e 2745 rcu_read_unlock();
e3127ae0
PB		 2746 *plen = l;
2747 return bounce.buffer;
2748 }
2749
2750 base = xlat;
2751 raddr = memory_region_get_ram_addr(mr);
2752
2753 for (;;) {
6d16c2f8
AL		 2754 len -= l;
2755 addr += l;
e3127ae0
PB		 2756 done += l;
2757 if (len == 0) {
2758 break;
2759 }
2760
2761 l = len;
2762 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2763 if (this_mr != mr || xlat != base + done) {
2764 break;
2765 }
6d16c2f8 2766 }
e3127ae0 2767
d3e71559 2768 memory_region_ref(mr);
41063e1e 2769 rcu_read_unlock();
e3127ae0
PB		 2770 *plen = done;
2771 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2772}
2773
ac1970fb 2774/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2775 * Will also mark the memory as dirty if is_write == 1. access_len gives
2776 * the amount of memory that was actually read or written by the caller.
2777 */
a8170e5e
AK		 2778void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2779 int is_write, hwaddr access_len)
6d16c2f8
AL		 2780{
2781 if (buffer != bounce.buffer) {
d3e71559
PB		 2782 MemoryRegion *mr;
2783 ram_addr_t addr1;
2784
2785 mr = qemu_ram_addr_from_host(buffer, &addr1);
2786 assert(mr != NULL);
6d16c2f8 2787 if (is_write) {
845b6214 2788 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2789 }
868bb33f 2790 if (xen_enabled()) {
e41d7c69 2791 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2792 }
d3e71559 2793 memory_region_unref(mr);
6d16c2f8
AL		 2794 return;
2795 }
2796 if (is_write) {
5c9eb028
PM		 2797 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2798 bounce.buffer, access_len);
6d16c2f8 2799 }
f8a83245 2800 qemu_vfree(bounce.buffer);
6d16c2f8 2801 bounce.buffer = NULL;
d3e71559 2802 memory_region_unref(bounce.mr);
c2cba0ff 2803 atomic_mb_set(&bounce.in_use, false);
ba223c29 2804 cpu_notify_map_clients();
6d16c2f8 2805}
d0ecd2aa 2806
a8170e5e
AK		 2807void *cpu_physical_memory_map(hwaddr addr,
2808 hwaddr *plen,
ac1970fb
AK		 2809 int is_write)
2810{
2811 return address_space_map(&address_space_memory, addr, plen, is_write);
2812}
2813
a8170e5e
AK		 2814void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2815 int is_write, hwaddr access_len)
ac1970fb
AK		 2816{
2817 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2818}
2819
8df1cd07 2820/* warning: addr must be aligned */
50013115
PM		 2821static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2822 MemTxAttrs attrs,
2823 MemTxResult *result,
2824 enum device_endian endian)
8df1cd07 2825{
8df1cd07 2826 uint8_t *ptr;
791af8c8 2827 uint64_t val;
5c8a00ce 2828 MemoryRegion *mr;
149f54b5
PB		 2829 hwaddr l = 4;
2830 hwaddr addr1;
50013115 2831 MemTxResult r;
4840f10e 2832 bool release_lock = false;
8df1cd07 2833
41063e1e 2834 rcu_read_lock();
fdfba1a2 2835 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2836 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2837 release_lock |= prepare_mmio_access(mr);
125b3806 2838
8df1cd07 2839 /* I/O case */
50013115 2840 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2841#if defined(TARGET_WORDS_BIGENDIAN)
2842 if (endian == DEVICE_LITTLE_ENDIAN) {
2843 val = bswap32(val);
2844 }
2845#else
2846 if (endian == DEVICE_BIG_ENDIAN) {
2847 val = bswap32(val);
2848 }
2849#endif
8df1cd07
FB		 2850 } else {
2851 /* RAM case */
5c8a00ce 2852 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2853 & TARGET_PAGE_MASK)
149f54b5 2854 + addr1);
1e78bcc1
AG		 2855 switch (endian) {
2856 case DEVICE_LITTLE_ENDIAN:
2857 val = ldl_le_p(ptr);
2858 break;
2859 case DEVICE_BIG_ENDIAN:
2860 val = ldl_be_p(ptr);
2861 break;
2862 default:
2863 val = ldl_p(ptr);
2864 break;
2865 }
50013115
PM		 2866 r = MEMTX_OK;
2867 }
2868 if (result) {
2869 *result = r;
8df1cd07 2870 }
4840f10e
JK		 2871 if (release_lock) {
2872 qemu_mutex_unlock_iothread();
2873 }
41063e1e 2874 rcu_read_unlock();
8df1cd07
FB		 2875 return val;
2876}
2877
50013115
PM		 2878uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2879 MemTxAttrs attrs, MemTxResult *result)
2880{
2881 return address_space_ldl_internal(as, addr, attrs, result,
2882 DEVICE_NATIVE_ENDIAN);
2883}
2884
2885uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2886 MemTxAttrs attrs, MemTxResult *result)
2887{
2888 return address_space_ldl_internal(as, addr, attrs, result,
2889 DEVICE_LITTLE_ENDIAN);
2890}
2891
2892uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2893 MemTxAttrs attrs, MemTxResult *result)
2894{
2895 return address_space_ldl_internal(as, addr, attrs, result,
2896 DEVICE_BIG_ENDIAN);
2897}
2898
fdfba1a2 2899uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2900{
50013115 2901 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2902}
2903
fdfba1a2 2904uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2905{
50013115 2906 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2907}
2908
fdfba1a2 2909uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2910{
50013115 2911 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2912}
2913
84b7b8e7 2914/* warning: addr must be aligned */
50013115
PM		 2915static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2916 MemTxAttrs attrs,
2917 MemTxResult *result,
2918 enum device_endian endian)
84b7b8e7 2919{
84b7b8e7
FB		 2920 uint8_t *ptr;
2921 uint64_t val;
5c8a00ce 2922 MemoryRegion *mr;
149f54b5
PB		 2923 hwaddr l = 8;
2924 hwaddr addr1;
50013115 2925 MemTxResult r;
4840f10e 2926 bool release_lock = false;
84b7b8e7 2927
41063e1e 2928 rcu_read_lock();
2c17449b 2929 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2930 false);
2931 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 2932 release_lock |= prepare_mmio_access(mr);
125b3806 2933
84b7b8e7 2934 /* I/O case */
50013115 2935 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 2936#if defined(TARGET_WORDS_BIGENDIAN)
2937 if (endian == DEVICE_LITTLE_ENDIAN) {
2938 val = bswap64(val);
2939 }
2940#else
2941 if (endian == DEVICE_BIG_ENDIAN) {
2942 val = bswap64(val);
2943 }
84b7b8e7
FB		 2944#endif
2945 } else {
2946 /* RAM case */
5c8a00ce 2947 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2948 & TARGET_PAGE_MASK)
149f54b5 2949 + addr1);
1e78bcc1
AG		 2950 switch (endian) {
2951 case DEVICE_LITTLE_ENDIAN:
2952 val = ldq_le_p(ptr);
2953 break;
2954 case DEVICE_BIG_ENDIAN:
2955 val = ldq_be_p(ptr);
2956 break;
2957 default:
2958 val = ldq_p(ptr);
2959 break;
2960 }
50013115
PM		 2961 r = MEMTX_OK;
2962 }
2963 if (result) {
2964 *result = r;
84b7b8e7 2965 }
4840f10e
JK		 2966 if (release_lock) {
2967 qemu_mutex_unlock_iothread();
2968 }
41063e1e 2969 rcu_read_unlock();
84b7b8e7
FB		 2970 return val;
2971}
2972
50013115
PM		 2973uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
2974 MemTxAttrs attrs, MemTxResult *result)
2975{
2976 return address_space_ldq_internal(as, addr, attrs, result,
2977 DEVICE_NATIVE_ENDIAN);
2978}
2979
2980uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
2981 MemTxAttrs attrs, MemTxResult *result)
2982{
2983 return address_space_ldq_internal(as, addr, attrs, result,
2984 DEVICE_LITTLE_ENDIAN);
2985}
2986
2987uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
2988 MemTxAttrs attrs, MemTxResult *result)
2989{
2990 return address_space_ldq_internal(as, addr, attrs, result,
2991 DEVICE_BIG_ENDIAN);
2992}
2993
2c17449b 2994uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2995{
50013115 2996 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2997}
2998
2c17449b 2999uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3000{
50013115 3001 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3002}
3003
2c17449b 3004uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3005{
50013115 3006 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3007}
3008
aab33094 3009/* XXX: optimize */
50013115
PM		 3010uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3011 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3012{
3013 uint8_t val;
50013115
PM		 3014 MemTxResult r;
3015
3016 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3017 if (result) {
3018 *result = r;
3019 }
aab33094
FB		 3020 return val;
3021}
3022
50013115
PM		 3023uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3024{
3025 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3026}
3027
733f0b02 3028/* warning: addr must be aligned */
50013115
PM		 3029static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3030 hwaddr addr,
3031 MemTxAttrs attrs,
3032 MemTxResult *result,
3033 enum device_endian endian)
aab33094 3034{
733f0b02
MT		 3035 uint8_t *ptr;
3036 uint64_t val;
5c8a00ce 3037 MemoryRegion *mr;
149f54b5
PB		 3038 hwaddr l = 2;
3039 hwaddr addr1;
50013115 3040 MemTxResult r;
4840f10e 3041 bool release_lock = false;
733f0b02 3042
41063e1e 3043 rcu_read_lock();
41701aa4 3044 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3045 false);
3046 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3047 release_lock |= prepare_mmio_access(mr);
125b3806 3048
733f0b02 3049 /* I/O case */
50013115 3050 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3051#if defined(TARGET_WORDS_BIGENDIAN)
3052 if (endian == DEVICE_LITTLE_ENDIAN) {
3053 val = bswap16(val);
3054 }
3055#else
3056 if (endian == DEVICE_BIG_ENDIAN) {
3057 val = bswap16(val);
3058 }
3059#endif
733f0b02
MT		 3060 } else {
3061 /* RAM case */
5c8a00ce 3062 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3063 & TARGET_PAGE_MASK)
149f54b5 3064 + addr1);
1e78bcc1
AG		 3065 switch (endian) {
3066 case DEVICE_LITTLE_ENDIAN:
3067 val = lduw_le_p(ptr);
3068 break;
3069 case DEVICE_BIG_ENDIAN:
3070 val = lduw_be_p(ptr);
3071 break;
3072 default:
3073 val = lduw_p(ptr);
3074 break;
3075 }
50013115
PM		 3076 r = MEMTX_OK;
3077 }
3078 if (result) {
3079 *result = r;
733f0b02 3080 }
4840f10e
JK		 3081 if (release_lock) {
3082 qemu_mutex_unlock_iothread();
3083 }
41063e1e 3084 rcu_read_unlock();
733f0b02 3085 return val;
aab33094
FB		 3086}
3087
50013115
PM		 3088uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3089 MemTxAttrs attrs, MemTxResult *result)
3090{
3091 return address_space_lduw_internal(as, addr, attrs, result,
3092 DEVICE_NATIVE_ENDIAN);
3093}
3094
3095uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3096 MemTxAttrs attrs, MemTxResult *result)
3097{
3098 return address_space_lduw_internal(as, addr, attrs, result,
3099 DEVICE_LITTLE_ENDIAN);
3100}
3101
3102uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3103 MemTxAttrs attrs, MemTxResult *result)
3104{
3105 return address_space_lduw_internal(as, addr, attrs, result,
3106 DEVICE_BIG_ENDIAN);
3107}
3108
41701aa4 3109uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3110{
50013115 3111 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3112}
3113
41701aa4 3114uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3115{
50013115 3116 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3117}
3118
41701aa4 3119uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3120{
50013115 3121 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3122}
3123
8df1cd07
FB		 3124/* warning: addr must be aligned. The ram page is not masked as dirty
3125 and the code inside is not invalidated. It is useful if the dirty
3126 bits are used to track modified PTEs */
50013115
PM		 3127void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3128 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3129{
8df1cd07 3130 uint8_t *ptr;
5c8a00ce 3131 MemoryRegion *mr;
149f54b5
PB		 3132 hwaddr l = 4;
3133 hwaddr addr1;
50013115 3134 MemTxResult r;
845b6214 3135 uint8_t dirty_log_mask;
4840f10e 3136 bool release_lock = false;
8df1cd07 3137
41063e1e 3138 rcu_read_lock();
2198a121 3139 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3140 true);
3141 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3142 release_lock |= prepare_mmio_access(mr);
125b3806 3143
50013115 3144 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3145 } else {
5c8a00ce 3146 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3147 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3148 stl_p(ptr, val);
74576198 3149
845b6214
PB		 3150 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3151 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3152 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3153 r = MEMTX_OK;
3154 }
3155 if (result) {
3156 *result = r;
8df1cd07 3157 }
4840f10e
JK		 3158 if (release_lock) {
3159 qemu_mutex_unlock_iothread();
3160 }
41063e1e 3161 rcu_read_unlock();
8df1cd07
FB		 3162}
3163
50013115
PM		 3164void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3165{
3166 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3167}
3168
8df1cd07 3169/* warning: addr must be aligned */
50013115
PM		 3170static inline void address_space_stl_internal(AddressSpace *as,
3171 hwaddr addr, uint32_t val,
3172 MemTxAttrs attrs,
3173 MemTxResult *result,
3174 enum device_endian endian)
8df1cd07 3175{
8df1cd07 3176 uint8_t *ptr;
5c8a00ce 3177 MemoryRegion *mr;
149f54b5
PB		 3178 hwaddr l = 4;
3179 hwaddr addr1;
50013115 3180 MemTxResult r;
4840f10e 3181 bool release_lock = false;
8df1cd07 3182
41063e1e 3183 rcu_read_lock();
ab1da857 3184 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3185 true);
3186 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3187 release_lock |= prepare_mmio_access(mr);
125b3806 3188
1e78bcc1
AG		 3189#if defined(TARGET_WORDS_BIGENDIAN)
3190 if (endian == DEVICE_LITTLE_ENDIAN) {
3191 val = bswap32(val);
3192 }
3193#else
3194 if (endian == DEVICE_BIG_ENDIAN) {
3195 val = bswap32(val);
3196 }
3197#endif
50013115 3198 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3199 } else {
8df1cd07 3200 /* RAM case */
5c8a00ce 3201 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3202 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3203 switch (endian) {
3204 case DEVICE_LITTLE_ENDIAN:
3205 stl_le_p(ptr, val);
3206 break;
3207 case DEVICE_BIG_ENDIAN:
3208 stl_be_p(ptr, val);
3209 break;
3210 default:
3211 stl_p(ptr, val);
3212 break;
3213 }
845b6214 3214 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3215 r = MEMTX_OK;
3216 }
3217 if (result) {
3218 *result = r;
8df1cd07 3219 }
4840f10e
JK		 3220 if (release_lock) {
3221 qemu_mutex_unlock_iothread();
3222 }
41063e1e 3223 rcu_read_unlock();
8df1cd07
FB		 3224}
3225
50013115
PM		 3226void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3227 MemTxAttrs attrs, MemTxResult *result)
3228{
3229 address_space_stl_internal(as, addr, val, attrs, result,
3230 DEVICE_NATIVE_ENDIAN);
3231}
3232
3233void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3234 MemTxAttrs attrs, MemTxResult *result)
3235{
3236 address_space_stl_internal(as, addr, val, attrs, result,
3237 DEVICE_LITTLE_ENDIAN);
3238}
3239
3240void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3241 MemTxAttrs attrs, MemTxResult *result)
3242{
3243 address_space_stl_internal(as, addr, val, attrs, result,
3244 DEVICE_BIG_ENDIAN);
3245}
3246
ab1da857 3247void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3248{
50013115 3249 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3250}
3251
ab1da857 3252void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3253{
50013115 3254 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3255}
3256
ab1da857 3257void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3258{
50013115 3259 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3260}
3261
aab33094 3262/* XXX: optimize */
50013115
PM		 3263void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3264 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3265{
3266 uint8_t v = val;
50013115
PM		 3267 MemTxResult r;
3268
3269 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3270 if (result) {
3271 *result = r;
3272 }
3273}
3274
3275void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3276{
3277 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3278}
3279
733f0b02 3280/* warning: addr must be aligned */
50013115
PM		 3281static inline void address_space_stw_internal(AddressSpace *as,
3282 hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs,
3284 MemTxResult *result,
3285 enum device_endian endian)
aab33094 3286{
733f0b02 3287 uint8_t *ptr;
5c8a00ce 3288 MemoryRegion *mr;
149f54b5
PB		 3289 hwaddr l = 2;
3290 hwaddr addr1;
50013115 3291 MemTxResult r;
4840f10e 3292 bool release_lock = false;
733f0b02 3293
41063e1e 3294 rcu_read_lock();
5ce5944d 3295 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3296 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3297 release_lock |= prepare_mmio_access(mr);
125b3806 3298
1e78bcc1
AG		 3299#if defined(TARGET_WORDS_BIGENDIAN)
3300 if (endian == DEVICE_LITTLE_ENDIAN) {
3301 val = bswap16(val);
3302 }
3303#else
3304 if (endian == DEVICE_BIG_ENDIAN) {
3305 val = bswap16(val);
3306 }
3307#endif
50013115 3308 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3309 } else {
733f0b02 3310 /* RAM case */
5c8a00ce 3311 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3312 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3313 switch (endian) {
3314 case DEVICE_LITTLE_ENDIAN:
3315 stw_le_p(ptr, val);
3316 break;
3317 case DEVICE_BIG_ENDIAN:
3318 stw_be_p(ptr, val);
3319 break;
3320 default:
3321 stw_p(ptr, val);
3322 break;
3323 }
845b6214 3324 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3325 r = MEMTX_OK;
3326 }
3327 if (result) {
3328 *result = r;
733f0b02 3329 }
4840f10e
JK		 3330 if (release_lock) {
3331 qemu_mutex_unlock_iothread();
3332 }
41063e1e 3333 rcu_read_unlock();
aab33094
FB		 3334}
3335
50013115
PM		 3336void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3337 MemTxAttrs attrs, MemTxResult *result)
3338{
3339 address_space_stw_internal(as, addr, val, attrs, result,
3340 DEVICE_NATIVE_ENDIAN);
3341}
3342
3343void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3344 MemTxAttrs attrs, MemTxResult *result)
3345{
3346 address_space_stw_internal(as, addr, val, attrs, result,
3347 DEVICE_LITTLE_ENDIAN);
3348}
3349
3350void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3351 MemTxAttrs attrs, MemTxResult *result)
3352{
3353 address_space_stw_internal(as, addr, val, attrs, result,
3354 DEVICE_BIG_ENDIAN);
3355}
3356
5ce5944d 3357void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3358{
50013115 3359 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3360}
3361
5ce5944d 3362void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3363{
50013115 3364 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3365}
3366
5ce5944d 3367void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3368{
50013115 3369 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3370}
3371
aab33094 3372/* XXX: optimize */
50013115
PM		 3373void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3374 MemTxAttrs attrs, MemTxResult *result)
aab33094 3375{
50013115 3376 MemTxResult r;
aab33094 3377 val = tswap64(val);
50013115
PM		 3378 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3379 if (result) {
3380 *result = r;
3381 }
aab33094
FB		 3382}
3383
50013115
PM		 3384void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3385 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3386{
50013115 3387 MemTxResult r;
1e78bcc1 3388 val = cpu_to_le64(val);
50013115
PM		 3389 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3390 if (result) {
3391 *result = r;
3392 }
3393}
3394void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3395 MemTxAttrs attrs, MemTxResult *result)
3396{
3397 MemTxResult r;
3398 val = cpu_to_be64(val);
3399 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3400 if (result) {
3401 *result = r;
3402 }
3403}
3404
3405void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3406{
3407 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3408}
3409
3410void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3411{
3412 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3413}
3414
f606604f 3415void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3416{
50013115 3417 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3418}
3419
5e2972fd 3420/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3421int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3422 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3423{
3424 int l;
a8170e5e 3425 hwaddr phys_addr;
9b3c35e0 3426 target_ulong page;
13eb76e0
FB		 3427
3428 while (len > 0) {
3429 page = addr & TARGET_PAGE_MASK;
f17ec444 3430 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3431 /* if no physical page mapped, return an error */
3432 if (phys_addr == -1)
3433 return -1;
3434 l = (page + TARGET_PAGE_SIZE) - addr;
3435 if (l > len)
3436 l = len;
5e2972fd 3437 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3438 if (is_write) {
3439 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3440 } else {
5c9eb028
PM		 3441 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3442 buf, l, 0);
2e38847b 3443 }
13eb76e0
FB		 3444 len -= l;
3445 buf += l;
3446 addr += l;
3447 }
3448 return 0;
3449}
a68fe89c 3450#endif
13eb76e0 3451
8e4a424b
BS		 3452/*
3453 * A helper function for the _utterly broken_ virtio device model to find out if
3454 * it's running on a big endian machine. Don't do this at home kids!
3455 */
98ed8ecf
GK		 3456bool target_words_bigendian(void);
3457bool target_words_bigendian(void)
8e4a424b
BS		 3458{
3459#if defined(TARGET_WORDS_BIGENDIAN)
3460 return true;
3461#else
3462 return false;
3463#endif
3464}
3465
76f35538 3466#ifndef CONFIG_USER_ONLY
a8170e5e 3467bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3468{
5c8a00ce 3469 MemoryRegion*mr;
149f54b5 3470 hwaddr l = 1;
41063e1e 3471 bool res;
76f35538 3472
41063e1e 3473 rcu_read_lock();
5c8a00ce
PB		 3474 mr = address_space_translate(&address_space_memory,
3475 phys_addr, &phys_addr, &l, false);
76f35538 3476
41063e1e
PB		 3477 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3478 rcu_read_unlock();
3479 return res;
76f35538 3480}
bd2fa51f 3481
e3807054 3482int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3483{
3484 RAMBlock *block;
e3807054 3485 int ret = 0;
bd2fa51f 3486
0dc3f44a
MD		 3487 rcu_read_lock();
3488 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3489 ret = func(block->idstr, block->host, block->offset,
3490 block->used_length, opaque);
3491 if (ret) {
3492 break;
3493 }
bd2fa51f 3494 }
0dc3f44a 3495 rcu_read_unlock();
e3807054 3496 return ret;
bd2fa51f 3497}
ec3f8c99 3498#endif
QEMU mirror