]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
doc: Drop ref to Bochs from -no-fd-bootchk documentation
[qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
1de7afc9 32#include "qemu/osdep.h"
9c17d615 33#include "sysemu/kvm.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
022c62cb 37#include "exec/memory.h"
9c17d615 38#include "sysemu/dma.h"
022c62cb 39#include "exec/address-spaces.h"
53a5960a
PB		 40#if defined(CONFIG_USER_ONLY)
41#include <qemu.h>
432d268c 42#else /* !CONFIG_USER_ONLY */
9c17d615 43#include "sysemu/xen-mapcache.h"
6506e4f9 44#include "trace.h"
53a5960a 45#endif
0d6d3c87 46#include "exec/cpu-all.h"
54936004 47
022c62cb 48#include "exec/cputlb.h"
5b6dd868 49#include "translate-all.h"
0cac1b66 50
022c62cb 51#include "exec/memory-internal.h"
67d95c15 52
db7b5426 53//#define DEBUG_SUBPAGE
1196be37 54
e2eef170 55#if !defined(CONFIG_USER_ONLY)
9fa3e853 56int phys_ram_fd;
74576198 57static int in_migration;
94a6b54f 58
a3161038 59RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 60
61static MemoryRegion *system_memory;
309cb471 62static MemoryRegion *system_io;
62152b8a 63
f6790af6
AK		 64AddressSpace address_space_io;
65AddressSpace address_space_memory;
9e11908f 66DMAContext dma_context_memory;
2673a5da 67
0844e007
PB		 68MemoryRegion io_mem_rom, io_mem_notdirty;
69static MemoryRegion io_mem_unassigned, io_mem_subpage_ram;
0e0df1e2 70
e2eef170 71#endif
9fa3e853 72
9349b4f9 73CPUArchState *first_cpu;
6a00d601
FB		 74/* current CPU in the current thread. It is only valid inside
75 cpu_exec() */
9349b4f9 76DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 77/* 0 = Do not count executed instructions.
bf20dc07 78 1 = Precise instruction counting.
2e70f6ef 79 2 = Adaptive rate instruction counting. */
5708fc66 80int use_icount;
6a00d601 81
e2eef170 82#if !defined(CONFIG_USER_ONLY)
4346ae3e 83
5312bd8b
AK		 84static MemoryRegionSection *phys_sections;
85static unsigned phys_sections_nb, phys_sections_nb_alloc;
86static uint16_t phys_section_unassigned;
aa102231
AK		 87static uint16_t phys_section_notdirty;
88static uint16_t phys_section_rom;
89static uint16_t phys_section_watch;
5312bd8b 90
d6f2ea22
AK		 91/* Simple allocator for PhysPageEntry nodes */
92static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
93static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
94
07f07b31 95#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 96
e2eef170 97static void io_mem_init(void);
62152b8a 98static void memory_map_init(void);
8b9c99d9 99static void *qemu_safe_ram_ptr(ram_addr_t addr);
e2eef170 100
1ec9b909 101static MemoryRegion io_mem_watch;
6658ffb8 102#endif
fd6ce8f6 103
6d9a1304 104#if !defined(CONFIG_USER_ONLY)
d6f2ea22 105
f7bf5461 106static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 107{
f7bf5461 108 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 109 typedef PhysPageEntry Node[L2_SIZE];
110 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
112 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 113 phys_map_nodes = g_renew(Node, phys_map_nodes,
114 phys_map_nodes_nb_alloc);
115 }
f7bf5461
AK		 116}
117
118static uint16_t phys_map_node_alloc(void)
119{
120 unsigned i;
121 uint16_t ret;
122
123 ret = phys_map_nodes_nb++;
124 assert(ret != PHYS_MAP_NODE_NIL);
125 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 126 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 127 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 128 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 129 }
f7bf5461 130 return ret;
d6f2ea22
AK		 131}
132
133static void phys_map_nodes_reset(void)
134{
135 phys_map_nodes_nb = 0;
136}
137
92e873b9 138
a8170e5e
AK		 139static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
140 hwaddr *nb, uint16_t leaf,
2999097b 141 int level)
f7bf5461
AK		 142{
143 PhysPageEntry *p;
144 int i;
a8170e5e 145 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 146
07f07b31 147 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 148 lp->ptr = phys_map_node_alloc();
149 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 150 if (level == 0) {
151 for (i = 0; i < L2_SIZE; i++) {
07f07b31 152 p[i].is_leaf = 1;
c19e8800 153 p[i].ptr = phys_section_unassigned;
4346ae3e 154 }
67c4d23c 155 }
f7bf5461 156 } else {
c19e8800 157 p = phys_map_nodes[lp->ptr];
92e873b9 158 }
2999097b 159 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 160
2999097b 161 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 162 if ((*index & (step - 1)) == 0 && *nb >= step) {
163 lp->is_leaf = true;
c19e8800 164 lp->ptr = leaf;
07f07b31
AK		 165 *index += step;
166 *nb -= step;
2999097b
AK		 167 } else {
168 phys_page_set_level(lp, index, nb, leaf, level - 1);
169 }
170 ++lp;
f7bf5461
AK		 171 }
172}
173
ac1970fb 174static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 175 hwaddr index, hwaddr nb,
2999097b 176 uint16_t leaf)
f7bf5461 177{
2999097b 178 /* Wildly overreserve - it doesn't matter much. */
07f07b31 179 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 180
ac1970fb 181 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 182}
183
149f54b5 184static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 185{
ac1970fb 186 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 187 PhysPageEntry *p;
188 int i;
f1f6e3b8 189
07f07b31 190 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 191 if (lp.ptr == PHYS_MAP_NODE_NIL) {
fd298934 192 return &phys_sections[phys_section_unassigned];
31ab2b4a 193 }
c19e8800 194 p = phys_map_nodes[lp.ptr];
31ab2b4a 195 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 196 }
fd298934 197 return &phys_sections[lp.ptr];
f3705d53
AK		 198}
199
e5548617
BS		 200bool memory_region_is_unassigned(MemoryRegion *mr)
201{
2a8e7499 202 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 203 && mr != &io_mem_watch;
fd6ce8f6 204}
149f54b5
PB		 205
206MemoryRegionSection *address_space_translate(AddressSpace *as, hwaddr addr,
207 hwaddr *xlat, hwaddr *plen,
208 bool is_write)
209{
210 MemoryRegionSection *section;
211 Int128 diff;
212
213 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
214 /* Compute offset within MemoryRegionSection */
215 addr -= section->offset_within_address_space;
216
217 /* Compute offset within MemoryRegion */
218 *xlat = addr + section->offset_within_region;
219
220 diff = int128_sub(section->mr->size, int128_make64(addr));
221 *plen = MIN(int128_get64(diff), *plen);
222 return section;
223}
5b6dd868 224#endif
fd6ce8f6 225
5b6dd868 226void cpu_exec_init_all(void)
fdbb84d1 227{
5b6dd868 228#if !defined(CONFIG_USER_ONLY)
b2a8658e 229 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 230 memory_map_init();
231 io_mem_init();
fdbb84d1 232#endif
5b6dd868 233}
fdbb84d1 234
b170fce3 235#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 236
237static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 238{
259186a7 239 CPUState *cpu = opaque;
a513fe19 240
5b6dd868
BS		 241 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
242 version_id is increased. */
259186a7
AF		 243 cpu->interrupt_request &= ~0x01;
244 tlb_flush(cpu->env_ptr, 1);
5b6dd868
BS		 245
246 return 0;
a513fe19 247}
7501267e 248
5b6dd868
BS		 249static const VMStateDescription vmstate_cpu_common = {
250 .name = "cpu_common",
251 .version_id = 1,
252 .minimum_version_id = 1,
253 .minimum_version_id_old = 1,
254 .post_load = cpu_common_post_load,
255 .fields = (VMStateField []) {
259186a7
AF		 256 VMSTATE_UINT32(halted, CPUState),
257 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868
BS		 258 VMSTATE_END_OF_LIST()
259 }
260};
b170fce3
AF		 261#else
262#define vmstate_cpu_common vmstate_dummy
5b6dd868 263#endif
ea041c0e 264
38d8f5c8 265CPUState *qemu_get_cpu(int index)
ea041c0e 266{
5b6dd868 267 CPUArchState *env = first_cpu;
38d8f5c8 268 CPUState *cpu = NULL;
ea041c0e 269
5b6dd868 270 while (env) {
55e5c285
AF		 271 cpu = ENV_GET_CPU(env);
272 if (cpu->cpu_index == index) {
5b6dd868 273 break;
55e5c285 274 }
5b6dd868 275 env = env->next_cpu;
ea041c0e 276 }
5b6dd868 277
d76fddae 278 return env ? cpu : NULL;
ea041c0e
FB		 279}
280
d6b9e0d6
MT		 281void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
282{
283 CPUArchState *env = first_cpu;
284
285 while (env) {
286 func(ENV_GET_CPU(env), data);
287 env = env->next_cpu;
288 }
289}
290
5b6dd868 291void cpu_exec_init(CPUArchState *env)
ea041c0e 292{
5b6dd868 293 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 294 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868
BS		 295 CPUArchState **penv;
296 int cpu_index;
297
298#if defined(CONFIG_USER_ONLY)
299 cpu_list_lock();
300#endif
301 env->next_cpu = NULL;
302 penv = &first_cpu;
303 cpu_index = 0;
304 while (*penv != NULL) {
305 penv = &(*penv)->next_cpu;
306 cpu_index++;
307 }
55e5c285 308 cpu->cpu_index = cpu_index;
1b1ed8dc 309 cpu->numa_node = 0;
5b6dd868
BS		 310 QTAILQ_INIT(&env->breakpoints);
311 QTAILQ_INIT(&env->watchpoints);
312#ifndef CONFIG_USER_ONLY
313 cpu->thread_id = qemu_get_thread_id();
314#endif
315 *penv = env;
316#if defined(CONFIG_USER_ONLY)
317 cpu_list_unlock();
318#endif
259186a7 319 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
5b6dd868 320#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 321 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
322 cpu_save, cpu_load, env);
b170fce3 323 assert(cc->vmsd == NULL);
5b6dd868 324#endif
b170fce3
AF		 325 if (cc->vmsd != NULL) {
326 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
327 }
ea041c0e
FB		 328}
329
1fddef4b 330#if defined(TARGET_HAS_ICE)
94df27fd 331#if defined(CONFIG_USER_ONLY)
9349b4f9 332static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 333{
334 tb_invalidate_phys_page_range(pc, pc + 1, 0);
335}
336#else
1e7855a5
MF		 337static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
338{
9d70c4b7
MF		 339 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
340 (pc & ~TARGET_PAGE_MASK));
1e7855a5 341}
c27004ec 342#endif
94df27fd 343#endif /* TARGET_HAS_ICE */
d720b93d 344
c527ee8f 345#if defined(CONFIG_USER_ONLY)
9349b4f9 346void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 347
348{
349}
350
9349b4f9 351int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 352 int flags, CPUWatchpoint **watchpoint)
353{
354 return -ENOSYS;
355}
356#else
6658ffb8 357/* Add a watchpoint. */
9349b4f9 358int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 359 int flags, CPUWatchpoint **watchpoint)
6658ffb8 360{
b4051334 361 target_ulong len_mask = ~(len - 1);
c0ce998e 362 CPUWatchpoint *wp;
6658ffb8 363
b4051334 364 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 365 if ((len & (len - 1)) || (addr & ~len_mask) ||
366 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 367 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
368 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
369 return -EINVAL;
370 }
7267c094 371 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 372
373 wp->vaddr = addr;
b4051334 374 wp->len_mask = len_mask;
a1d1bb31
AL		 375 wp->flags = flags;
376
2dc9f411 377 /* keep all GDB-injected watchpoints in front */
c0ce998e 378 if (flags & BP_GDB)
72cf2d4f 379 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 380 else
72cf2d4f 381 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 382
6658ffb8 383 tlb_flush_page(env, addr);
a1d1bb31
AL		 384
385 if (watchpoint)
386 *watchpoint = wp;
387 return 0;
6658ffb8
PB		 388}
389
a1d1bb31 390/* Remove a specific watchpoint. */
9349b4f9 391int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 392 int flags)
6658ffb8 393{
b4051334 394 target_ulong len_mask = ~(len - 1);
a1d1bb31 395 CPUWatchpoint *wp;
6658ffb8 396
72cf2d4f 397 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 398 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 399 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 400 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 401 return 0;
402 }
403 }
a1d1bb31 404 return -ENOENT;
6658ffb8
PB		 405}
406
a1d1bb31 407/* Remove a specific watchpoint by reference. */
9349b4f9 408void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 409{
72cf2d4f 410 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 411
a1d1bb31
AL		 412 tlb_flush_page(env, watchpoint->vaddr);
413
7267c094 414 g_free(watchpoint);
a1d1bb31
AL		 415}
416
417/* Remove all matching watchpoints. */
9349b4f9 418void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 419{
c0ce998e 420 CPUWatchpoint *wp, *next;
a1d1bb31 421
72cf2d4f 422 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 423 if (wp->flags & mask)
424 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 425 }
7d03f82f 426}
c527ee8f 427#endif
7d03f82f 428
a1d1bb31 429/* Add a breakpoint. */
9349b4f9 430int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 431 CPUBreakpoint **breakpoint)
4c3a88a2 432{
1fddef4b 433#if defined(TARGET_HAS_ICE)
c0ce998e 434 CPUBreakpoint *bp;
3b46e624 435
7267c094 436 bp = g_malloc(sizeof(*bp));
4c3a88a2 437
a1d1bb31
AL		 438 bp->pc = pc;
439 bp->flags = flags;
440
2dc9f411 441 /* keep all GDB-injected breakpoints in front */
c0ce998e 442 if (flags & BP_GDB)
72cf2d4f 443 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 444 else
72cf2d4f 445 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 446
d720b93d 447 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 448
449 if (breakpoint)
450 *breakpoint = bp;
4c3a88a2
FB		 451 return 0;
452#else
a1d1bb31 453 return -ENOSYS;
4c3a88a2
FB		 454#endif
455}
456
a1d1bb31 457/* Remove a specific breakpoint. */
9349b4f9 458int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 459{
7d03f82f 460#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 461 CPUBreakpoint *bp;
462
72cf2d4f 463 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 464 if (bp->pc == pc && bp->flags == flags) {
465 cpu_breakpoint_remove_by_ref(env, bp);
466 return 0;
467 }
7d03f82f 468 }
a1d1bb31
AL		 469 return -ENOENT;
470#else
471 return -ENOSYS;
7d03f82f
EI		 472#endif
473}
474
a1d1bb31 475/* Remove a specific breakpoint by reference. */
9349b4f9 476void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 477{
1fddef4b 478#if defined(TARGET_HAS_ICE)
72cf2d4f 479 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 480
a1d1bb31
AL		 481 breakpoint_invalidate(env, breakpoint->pc);
482
7267c094 483 g_free(breakpoint);
a1d1bb31
AL		 484#endif
485}
486
487/* Remove all matching breakpoints. */
9349b4f9 488void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 489{
490#if defined(TARGET_HAS_ICE)
c0ce998e 491 CPUBreakpoint *bp, *next;
a1d1bb31 492
72cf2d4f 493 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 494 if (bp->flags & mask)
495 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 496 }
4c3a88a2
FB		 497#endif
498}
499
c33a346e
FB		 500/* enable or disable single step mode. EXCP_DEBUG is returned by the
501 CPU loop after each instruction */
9349b4f9 502void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 503{
1fddef4b 504#if defined(TARGET_HAS_ICE)
c33a346e
FB		 505 if (env->singlestep_enabled != enabled) {
506 env->singlestep_enabled = enabled;
e22a25c9
AL		 507 if (kvm_enabled())
508 kvm_update_guest_debug(env, 0);
509 else {
ccbb4d44 510 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 511 /* XXX: only flush what is necessary */
512 tb_flush(env);
513 }
c33a346e
FB		 514 }
515#endif
516}
517
9349b4f9 518void cpu_exit(CPUArchState *env)
3098dba0 519{
fcd7d003
AF		 520 CPUState *cpu = ENV_GET_CPU(env);
521
522 cpu->exit_request = 1;
378df4b2 523 cpu->tcg_exit_req = 1;
3098dba0
AJ		 524}
525
9349b4f9 526void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 527{
528 va_list ap;
493ae1f0 529 va_list ap2;
7501267e
FB		 530
531 va_start(ap, fmt);
493ae1f0 532 va_copy(ap2, ap);
7501267e
FB		 533 fprintf(stderr, "qemu: fatal: ");
534 vfprintf(stderr, fmt, ap);
535 fprintf(stderr, "\n");
6fd2a026 536 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 537 if (qemu_log_enabled()) {
538 qemu_log("qemu: fatal: ");
539 qemu_log_vprintf(fmt, ap2);
540 qemu_log("\n");
6fd2a026 541 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 542 qemu_log_flush();
93fcfe39 543 qemu_log_close();
924edcae 544 }
493ae1f0 545 va_end(ap2);
f9373291 546 va_end(ap);
fd052bf6
RV		 547#if defined(CONFIG_USER_ONLY)
548 {
549 struct sigaction act;
550 sigfillset(&act.sa_mask);
551 act.sa_handler = SIG_DFL;
552 sigaction(SIGABRT, &act, NULL);
553 }
554#endif
7501267e
FB		 555 abort();
556}
557
9349b4f9 558CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 559{
9349b4f9
AF		 560 CPUArchState *new_env = cpu_init(env->cpu_model_str);
561 CPUArchState *next_cpu = new_env->next_cpu;
5a38f081
AL		 562#if defined(TARGET_HAS_ICE)
563 CPUBreakpoint *bp;
564 CPUWatchpoint *wp;
565#endif
566
9349b4f9 567 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081 568
55e5c285 569 /* Preserve chaining. */
c5be9f08 570 new_env->next_cpu = next_cpu;
5a38f081
AL		 571
572 /* Clone all break/watchpoints.
573 Note: Once we support ptrace with hw-debug register access, make sure
574 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 575 QTAILQ_INIT(&env->breakpoints);
576 QTAILQ_INIT(&env->watchpoints);
5a38f081 577#if defined(TARGET_HAS_ICE)
72cf2d4f 578 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 579 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
580 }
72cf2d4f 581 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 582 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
583 wp->flags, NULL);
584 }
585#endif
586
c5be9f08
TS		 587 return new_env;
588}
589
0124311e 590#if !defined(CONFIG_USER_ONLY)
d24981d3
JQ		 591static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
592 uintptr_t length)
593{
594 uintptr_t start1;
595
596 /* we modify the TLB cache so that the dirty bit will be set again
597 when accessing the range */
598 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
599 /* Check that we don't span multiple blocks - this breaks the
600 address comparisons below. */
601 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
602 != (end - 1) - start) {
603 abort();
604 }
605 cpu_tlb_reset_dirty_all(start1, length);
606
607}
608
5579c7f3 609/* Note: start and end must be within the same ram block. */
c227f099 610void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 611 int dirty_flags)
1ccde1cb 612{
d24981d3 613 uintptr_t length;
1ccde1cb
FB		 614
615 start &= TARGET_PAGE_MASK;
616 end = TARGET_PAGE_ALIGN(end);
617
618 length = end - start;
619 if (length == 0)
620 return;
f7c11b53 621 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 622
d24981d3
JQ		 623 if (tcg_enabled()) {
624 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 625 }
1ccde1cb
FB		 626}
627
8b9c99d9 628static int cpu_physical_memory_set_dirty_tracking(int enable)
74576198 629{
f6f3fbca 630 int ret = 0;
74576198 631 in_migration = enable;
f6f3fbca 632 return ret;
74576198
AL		 633}
634
a8170e5e 635hwaddr memory_region_section_get_iotlb(CPUArchState *env,
149f54b5
PB		 636 MemoryRegionSection *section,
637 target_ulong vaddr,
638 hwaddr paddr, hwaddr xlat,
639 int prot,
640 target_ulong *address)
e5548617 641{
a8170e5e 642 hwaddr iotlb;
e5548617
BS		 643 CPUWatchpoint *wp;
644
cc5bea60 645 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 646 /* Normal RAM. */
647 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 648 + xlat;
e5548617
BS		 649 if (!section->readonly) {
650 iotlb |= phys_section_notdirty;
651 } else {
652 iotlb |= phys_section_rom;
653 }
654 } else {
e5548617 655 iotlb = section - phys_sections;
149f54b5 656 iotlb += xlat;
e5548617
BS		 657 }
658
659 /* Make accesses to pages with watchpoints go via the
660 watchpoint trap routines. */
661 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
662 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
663 /* Avoid trapping reads of pages with a write breakpoint. */
664 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
665 iotlb = phys_section_watch + paddr;
666 *address |= TLB_MMIO;
667 break;
668 }
669 }
670 }
671
672 return iotlb;
673}
9fa3e853
FB		 674#endif /* defined(CONFIG_USER_ONLY) */
675
e2eef170 676#if !defined(CONFIG_USER_ONLY)
8da3ff18 677
c04b2b78
PB		 678#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
679typedef struct subpage_t {
70c68e44 680 MemoryRegion iomem;
a8170e5e 681 hwaddr base;
5312bd8b 682 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 683} subpage_t;
684
c227f099 685static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 686 uint16_t section);
a8170e5e 687static subpage_t *subpage_init(hwaddr base);
5312bd8b 688static void destroy_page_desc(uint16_t section_index)
54688b1e 689{
5312bd8b
AK		 690 MemoryRegionSection *section = &phys_sections[section_index];
691 MemoryRegion *mr = section->mr;
54688b1e
AK		 692
693 if (mr->subpage) {
694 subpage_t *subpage = container_of(mr, subpage_t, iomem);
695 memory_region_destroy(&subpage->iomem);
696 g_free(subpage);
697 }
698}
699
4346ae3e 700static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 701{
702 unsigned i;
d6f2ea22 703 PhysPageEntry *p;
54688b1e 704
c19e8800 705 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 706 return;
707 }
708
c19e8800 709 p = phys_map_nodes[lp->ptr];
4346ae3e 710 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 711 if (!p[i].is_leaf) {
54688b1e 712 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 713 } else {
c19e8800 714 destroy_page_desc(p[i].ptr);
54688b1e 715 }
54688b1e 716 }
07f07b31 717 lp->is_leaf = 0;
c19e8800 718 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 719}
720
ac1970fb 721static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 722{
ac1970fb 723 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 724 phys_map_nodes_reset();
54688b1e
AK		 725}
726
5312bd8b
AK		 727static uint16_t phys_section_add(MemoryRegionSection *section)
728{
68f3f65b
PB		 729 /* The physical section number is ORed with a page-aligned
730 * pointer to produce the iotlb entries. Thus it should
731 * never overflow into the page-aligned value.
732 */
733 assert(phys_sections_nb < TARGET_PAGE_SIZE);
734
5312bd8b
AK		 735 if (phys_sections_nb == phys_sections_nb_alloc) {
736 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
737 phys_sections = g_renew(MemoryRegionSection, phys_sections,
738 phys_sections_nb_alloc);
739 }
740 phys_sections[phys_sections_nb] = *section;
741 return phys_sections_nb++;
742}
743
744static void phys_sections_clear(void)
745{
746 phys_sections_nb = 0;
747}
748
ac1970fb 749static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 750{
751 subpage_t *subpage;
a8170e5e 752 hwaddr base = section->offset_within_address_space
0f0cb164 753 & TARGET_PAGE_MASK;
ac1970fb 754 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 755 MemoryRegionSection subsection = {
756 .offset_within_address_space = base,
757 .size = TARGET_PAGE_SIZE,
758 };
a8170e5e 759 hwaddr start, end;
0f0cb164 760
f3705d53 761 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 762
f3705d53 763 if (!(existing->mr->subpage)) {
0f0cb164
AK		 764 subpage = subpage_init(base);
765 subsection.mr = &subpage->iomem;
ac1970fb 766 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 767 phys_section_add(&subsection));
0f0cb164 768 } else {
f3705d53 769 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 770 }
771 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 772 end = start + section->size - 1;
0f0cb164
AK		 773 subpage_register(subpage, start, end, phys_section_add(section));
774}
775
776
ac1970fb 777static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 778{
a8170e5e 779 hwaddr start_addr = section->offset_within_address_space;
dd81124b 780 ram_addr_t size = section->size;
a8170e5e 781 hwaddr addr;
5312bd8b 782 uint16_t section_index = phys_section_add(section);
dd81124b 783
3b8e6a2d 784 assert(size);
f6f3fbca 785
3b8e6a2d 786 addr = start_addr;
ac1970fb 787 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 788 section_index);
33417e70
FB		 789}
790
86a86236
AK		 791QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > MAX_PHYS_ADDR_SPACE_BITS)
792
793static MemoryRegionSection limit(MemoryRegionSection section)
794{
795 section.size = MIN(section.offset_within_address_space + section.size,
796 MAX_PHYS_ADDR + 1)
797 - section.offset_within_address_space;
798
799 return section;
800}
801
ac1970fb 802static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 803{
ac1970fb 804 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
86a86236 805 MemoryRegionSection now = limit(*section), remain = limit(*section);
0f0cb164
AK		 806
807 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
808 || (now.size < TARGET_PAGE_SIZE)) {
809 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
810 - now.offset_within_address_space,
811 now.size);
ac1970fb 812 register_subpage(d, &now);
0f0cb164
AK		 813 remain.size -= now.size;
814 remain.offset_within_address_space += now.size;
815 remain.offset_within_region += now.size;
816 }
69b67646
TH		 817 while (remain.size >= TARGET_PAGE_SIZE) {
818 now = remain;
819 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
820 now.size = TARGET_PAGE_SIZE;
ac1970fb 821 register_subpage(d, &now);
69b67646
TH		 822 } else {
823 now.size &= TARGET_PAGE_MASK;
ac1970fb 824 register_multipage(d, &now);
69b67646 825 }
0f0cb164
AK		 826 remain.size -= now.size;
827 remain.offset_within_address_space += now.size;
828 remain.offset_within_region += now.size;
829 }
830 now = remain;
831 if (now.size) {
ac1970fb 832 register_subpage(d, &now);
0f0cb164
AK		 833 }
834}
835
62a2744c
SY		 836void qemu_flush_coalesced_mmio_buffer(void)
837{
838 if (kvm_enabled())
839 kvm_flush_coalesced_mmio_buffer();
840}
841
b2a8658e
UD		 842void qemu_mutex_lock_ramlist(void)
843{
844 qemu_mutex_lock(&ram_list.mutex);
845}
846
847void qemu_mutex_unlock_ramlist(void)
848{
849 qemu_mutex_unlock(&ram_list.mutex);
850}
851
c902760f
MT		 852#if defined(__linux__) && !defined(TARGET_S390X)
853
854#include <sys/vfs.h>
855
856#define HUGETLBFS_MAGIC 0x958458f6
857
858static long gethugepagesize(const char *path)
859{
860 struct statfs fs;
861 int ret;
862
863 do {
9742bf26 864 ret = statfs(path, &fs);
c902760f
MT		 865 } while (ret != 0 && errno == EINTR);
866
867 if (ret != 0) {
9742bf26
YT		 868 perror(path);
869 return 0;
c902760f
MT		 870 }
871
872 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 873 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 874
875 return fs.f_bsize;
876}
877
04b16653
AW		 878static void *file_ram_alloc(RAMBlock *block,
879 ram_addr_t memory,
880 const char *path)
c902760f
MT		 881{
882 char *filename;
8ca761f6
PF		 883 char *sanitized_name;
884 char *c;
c902760f
MT		 885 void *area;
886 int fd;
887#ifdef MAP_POPULATE
888 int flags;
889#endif
890 unsigned long hpagesize;
891
892 hpagesize = gethugepagesize(path);
893 if (!hpagesize) {
9742bf26 894 return NULL;
c902760f
MT		 895 }
896
897 if (memory < hpagesize) {
898 return NULL;
899 }
900
901 if (kvm_enabled() && !kvm_has_sync_mmu()) {
902 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
903 return NULL;
904 }
905
8ca761f6
PF		 906 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
907 sanitized_name = g_strdup(block->mr->name);
908 for (c = sanitized_name; *c != '\0'; c++) {
909 if (*c == '/')
910 *c = '_';
911 }
912
913 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
914 sanitized_name);
915 g_free(sanitized_name);
c902760f
MT		 916
917 fd = mkstemp(filename);
918 if (fd < 0) {
9742bf26 919 perror("unable to create backing store for hugepages");
e4ada482 920 g_free(filename);
9742bf26 921 return NULL;
c902760f
MT		 922 }
923 unlink(filename);
e4ada482 924 g_free(filename);
c902760f
MT		 925
926 memory = (memory+hpagesize-1) & ~(hpagesize-1);
927
928 /*
929 * ftruncate is not supported by hugetlbfs in older
930 * hosts, so don't bother bailing out on errors.
931 * If anything goes wrong with it under other filesystems,
932 * mmap will fail.
933 */
934 if (ftruncate(fd, memory))
9742bf26 935 perror("ftruncate");
c902760f
MT		 936
937#ifdef MAP_POPULATE
938 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
939 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
940 * to sidestep this quirk.
941 */
942 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
943 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
944#else
945 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
946#endif
947 if (area == MAP_FAILED) {
9742bf26
YT		 948 perror("file_ram_alloc: can't mmap RAM pages");
949 close(fd);
950 return (NULL);
c902760f 951 }
04b16653 952 block->fd = fd;
c902760f
MT		 953 return area;
954}
955#endif
956
d17b5288 957static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 958{
959 RAMBlock *block, *next_block;
3e837b2c 960 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 961
49cd9ac6
SH		 962 assert(size != 0); /* it would hand out same offset multiple times */
963
a3161038 964 if (QTAILQ_EMPTY(&ram_list.blocks))
04b16653
AW		 965 return 0;
966
a3161038 967 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 968 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 969
970 end = block->offset + block->length;
971
a3161038 972 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
04b16653
AW		 973 if (next_block->offset >= end) {
974 next = MIN(next, next_block->offset);
975 }
976 }
977 if (next - end >= size && next - end < mingap) {
3e837b2c 978 offset = end;
04b16653
AW		 979 mingap = next - end;
980 }
981 }
3e837b2c
AW		 982
983 if (offset == RAM_ADDR_MAX) {
984 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
985 (uint64_t)size);
986 abort();
987 }
988
04b16653
AW		 989 return offset;
990}
991
652d7ec2 992ram_addr_t last_ram_offset(void)
d17b5288
AW		 993{
994 RAMBlock *block;
995 ram_addr_t last = 0;
996
a3161038 997 QTAILQ_FOREACH(block, &ram_list.blocks, next)
d17b5288
AW		 998 last = MAX(last, block->offset + block->length);
999
1000 return last;
1001}
1002
ddb97f1d
JB		 1003static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1004{
1005 int ret;
1006 QemuOpts *machine_opts;
1007
1008 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1009 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1010 if (machine_opts &&
1011 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1012 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1013 if (ret) {
1014 perror("qemu_madvise");
1015 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1016 "but dump_guest_core=off specified\n");
1017 }
1018 }
1019}
1020
c5705a77 1021void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 1022{
1023 RAMBlock *new_block, *block;
1024
c5705a77 1025 new_block = NULL;
a3161038 1026 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77
AK		 1027 if (block->offset == addr) {
1028 new_block = block;
1029 break;
1030 }
1031 }
1032 assert(new_block);
1033 assert(!new_block->idstr[0]);
84b89d78 1034
09e5ab63
AL		 1035 if (dev) {
1036 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1037 if (id) {
1038 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1039 g_free(id);
84b89d78
CM		 1040 }
1041 }
1042 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1043
b2a8658e
UD		 1044 /* This assumes the iothread lock is taken here too. */
1045 qemu_mutex_lock_ramlist();
a3161038 1046 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
c5705a77 1047 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1048 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1049 new_block->idstr);
1050 abort();
1051 }
1052 }
b2a8658e 1053 qemu_mutex_unlock_ramlist();
c5705a77
AK		 1054}
1055
8490fc78
LC		 1056static int memory_try_enable_merging(void *addr, size_t len)
1057{
1058 QemuOpts *opts;
1059
1060 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1061 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1062 /* disabled by the user */
1063 return 0;
1064 }
1065
1066 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1067}
1068
c5705a77
AK		 1069ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1070 MemoryRegion *mr)
1071{
abb26d63 1072 RAMBlock *block, *new_block;
c5705a77
AK		 1073
1074 size = TARGET_PAGE_ALIGN(size);
1075 new_block = g_malloc0(sizeof(*new_block));
84b89d78 1076
b2a8658e
UD		 1077 /* This assumes the iothread lock is taken here too. */
1078 qemu_mutex_lock_ramlist();
7c637366 1079 new_block->mr = mr;
432d268c 1080 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 1081 if (host) {
1082 new_block->host = host;
cd19cfa2 1083 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 1084 } else {
1085 if (mem_path) {
c902760f 1086#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 1087 new_block->host = file_ram_alloc(new_block, size, mem_path);
1088 if (!new_block->host) {
6eebf958 1089 new_block->host = qemu_anon_ram_alloc(size);
8490fc78 1090 memory_try_enable_merging(new_block->host, size);
6977dfe6 1091 }
c902760f 1092#else
6977dfe6
YT		 1093 fprintf(stderr, "-mem-path option unsupported\n");
1094 exit(1);
c902760f 1095#endif
6977dfe6 1096 } else {
868bb33f 1097 if (xen_enabled()) {
fce537d4 1098 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 1099 } else if (kvm_enabled()) {
1100 /* some s390/kvm configurations have special constraints */
6eebf958 1101 new_block->host = kvm_ram_alloc(size);
432d268c 1102 } else {
6eebf958 1103 new_block->host = qemu_anon_ram_alloc(size);
432d268c 1104 }
8490fc78 1105 memory_try_enable_merging(new_block->host, size);
6977dfe6 1106 }
c902760f 1107 }
94a6b54f
PB		 1108 new_block->length = size;
1109
abb26d63
PB		 1110 /* Keep the list sorted from biggest to smallest block. */
1111 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1112 if (block->length < new_block->length) {
1113 break;
1114 }
1115 }
1116 if (block) {
1117 QTAILQ_INSERT_BEFORE(block, new_block, next);
1118 } else {
1119 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1120 }
0d6d3c87 1121 ram_list.mru_block = NULL;
94a6b54f 1122
f798b07f 1123 ram_list.version++;
b2a8658e 1124 qemu_mutex_unlock_ramlist();
f798b07f 1125
7267c094 1126 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 1127 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 1128 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1129 0, size >> TARGET_PAGE_BITS);
1720aeee 1130 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 1131
ddb97f1d 1132 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 1133 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 1134
6f0437e8
JK		 1135 if (kvm_enabled())
1136 kvm_setup_guest_memory(new_block->host, size);
1137
94a6b54f
PB		 1138 return new_block->offset;
1139}
e9a1ab19 1140
c5705a77 1141ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 1142{
c5705a77 1143 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 1144}
1145
1f2e98b6
AW		 1146void qemu_ram_free_from_ptr(ram_addr_t addr)
1147{
1148 RAMBlock *block;
1149
b2a8658e
UD		 1150 /* This assumes the iothread lock is taken here too. */
1151 qemu_mutex_lock_ramlist();
a3161038 1152 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1f2e98b6 1153 if (addr == block->offset) {
a3161038 1154 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1155 ram_list.mru_block = NULL;
f798b07f 1156 ram_list.version++;
7267c094 1157 g_free(block);
b2a8658e 1158 break;
1f2e98b6
AW		 1159 }
1160 }
b2a8658e 1161 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1162}
1163
c227f099 1164void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1165{
04b16653
AW		 1166 RAMBlock *block;
1167
b2a8658e
UD		 1168 /* This assumes the iothread lock is taken here too. */
1169 qemu_mutex_lock_ramlist();
a3161038 1170 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
04b16653 1171 if (addr == block->offset) {
a3161038 1172 QTAILQ_REMOVE(&ram_list.blocks, block, next);
0d6d3c87 1173 ram_list.mru_block = NULL;
f798b07f 1174 ram_list.version++;
cd19cfa2
HY		 1175 if (block->flags & RAM_PREALLOC_MASK) {
1176 ;
1177 } else if (mem_path) {
04b16653
AW		 1178#if defined (__linux__) && !defined(TARGET_S390X)
1179 if (block->fd) {
1180 munmap(block->host, block->length);
1181 close(block->fd);
1182 } else {
e7a09b92 1183 qemu_anon_ram_free(block->host, block->length);
04b16653 1184 }
fd28aa13
JK		 1185#else
1186 abort();
04b16653
AW		 1187#endif
1188 } else {
868bb33f 1189 if (xen_enabled()) {
e41d7c69 1190 xen_invalidate_map_cache_entry(block->host);
432d268c 1191 } else {
e7a09b92 1192 qemu_anon_ram_free(block->host, block->length);
432d268c 1193 }
04b16653 1194 }
7267c094 1195 g_free(block);
b2a8658e 1196 break;
04b16653
AW		 1197 }
1198 }
b2a8658e 1199 qemu_mutex_unlock_ramlist();
04b16653 1200
e9a1ab19
FB		 1201}
1202
cd19cfa2
HY		 1203#ifndef _WIN32
1204void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1205{
1206 RAMBlock *block;
1207 ram_addr_t offset;
1208 int flags;
1209 void *area, *vaddr;
1210
a3161038 1211 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
cd19cfa2
HY		 1212 offset = addr - block->offset;
1213 if (offset < block->length) {
1214 vaddr = block->host + offset;
1215 if (block->flags & RAM_PREALLOC_MASK) {
1216 ;
1217 } else {
1218 flags = MAP_FIXED;
1219 munmap(vaddr, length);
1220 if (mem_path) {
1221#if defined(__linux__) && !defined(TARGET_S390X)
1222 if (block->fd) {
1223#ifdef MAP_POPULATE
1224 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1225 MAP_PRIVATE;
1226#else
1227 flags |= MAP_PRIVATE;
1228#endif
1229 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1230 flags, block->fd, offset);
1231 } else {
1232 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1233 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1234 flags, -1, 0);
1235 }
fd28aa13
JK		 1236#else
1237 abort();
cd19cfa2
HY		 1238#endif
1239 } else {
1240#if defined(TARGET_S390X) && defined(CONFIG_KVM)
1241 flags |= MAP_SHARED | MAP_ANONYMOUS;
1242 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1243 flags, -1, 0);
1244#else
1245 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1246 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1247 flags, -1, 0);
1248#endif
1249 }
1250 if (area != vaddr) {
f15fbc4b
AP		 1251 fprintf(stderr, "Could not remap addr: "
1252 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1253 length, addr);
1254 exit(1);
1255 }
8490fc78 1256 memory_try_enable_merging(vaddr, length);
ddb97f1d 1257 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 1258 }
1259 return;
1260 }
1261 }
1262}
1263#endif /* !_WIN32 */
1264
dc828ca1 1265/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 1266 With the exception of the softmmu code in this file, this should
1267 only be used for local memory (e.g. video ram) that the device owns,
1268 and knows it isn't going to access beyond the end of the block.
1269
1270 It should not be used for general purpose DMA.
1271 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1272 */
c227f099 1273void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 1274{
94a6b54f
PB		 1275 RAMBlock *block;
1276
b2a8658e 1277 /* The list is protected by the iothread lock here. */
0d6d3c87
PB		 1278 block = ram_list.mru_block;
1279 if (block && addr - block->offset < block->length) {
1280 goto found;
1281 }
a3161038 1282 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
f471a17e 1283 if (addr - block->offset < block->length) {
0d6d3c87 1284 goto found;
f471a17e 1285 }
94a6b54f 1286 }
f471a17e
AW		 1287
1288 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1289 abort();
1290
0d6d3c87
PB		 1291found:
1292 ram_list.mru_block = block;
1293 if (xen_enabled()) {
1294 /* We need to check if the requested address is in the RAM
1295 * because we don't want to map the entire memory in QEMU.
1296 * In that case just map until the end of the page.
1297 */
1298 if (block->offset == 0) {
1299 return xen_map_cache(addr, 0, 0);
1300 } else if (block->host == NULL) {
1301 block->host =
1302 xen_map_cache(block->offset, block->length, 1);
1303 }
1304 }
1305 return block->host + (addr - block->offset);
dc828ca1
PB		 1306}
1307
0d6d3c87
PB		 1308/* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1309 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1310 *
1311 * ??? Is this still necessary?
b2e0a138 1312 */
8b9c99d9 1313static void *qemu_safe_ram_ptr(ram_addr_t addr)
b2e0a138
MT		 1314{
1315 RAMBlock *block;
1316
b2a8658e 1317 /* The list is protected by the iothread lock here. */
a3161038 1318 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
b2e0a138 1319 if (addr - block->offset < block->length) {
868bb33f 1320 if (xen_enabled()) {
432d268c
JN		 1321 /* We need to check if the requested address is in the RAM
1322 * because we don't want to map the entire memory in QEMU.
712c2b41 1323 * In that case just map until the end of the page.
432d268c
JN		 1324 */
1325 if (block->offset == 0) {
e41d7c69 1326 return xen_map_cache(addr, 0, 0);
432d268c 1327 } else if (block->host == NULL) {
e41d7c69
JK		 1328 block->host =
1329 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 1330 }
1331 }
b2e0a138
MT		 1332 return block->host + (addr - block->offset);
1333 }
1334 }
1335
1336 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1337 abort();
1338
1339 return NULL;
1340}
1341
38bee5dc
SS		 1342/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1343 * but takes a size argument */
8b9c99d9 1344static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 1345{
8ab934f9
SS		 1346 if (*size == 0) {
1347 return NULL;
1348 }
868bb33f 1349 if (xen_enabled()) {
e41d7c69 1350 return xen_map_cache(addr, *size, 1);
868bb33f 1351 } else {
38bee5dc
SS		 1352 RAMBlock *block;
1353
a3161038 1354 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
38bee5dc
SS		 1355 if (addr - block->offset < block->length) {
1356 if (addr - block->offset + *size > block->length)
1357 *size = block->length - addr + block->offset;
1358 return block->host + (addr - block->offset);
1359 }
1360 }
1361
1362 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1363 abort();
38bee5dc
SS		 1364 }
1365}
1366
e890261f 1367int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1368{
94a6b54f
PB		 1369 RAMBlock *block;
1370 uint8_t *host = ptr;
1371
868bb33f 1372 if (xen_enabled()) {
e41d7c69 1373 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 1374 return 0;
1375 }
1376
a3161038 1377 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 1378 /* This case append when the block is not mapped. */
1379 if (block->host == NULL) {
1380 continue;
1381 }
f471a17e 1382 if (host - block->host < block->length) {
e890261f
MT		 1383 *ram_addr = block->offset + (host - block->host);
1384 return 0;
f471a17e 1385 }
94a6b54f 1386 }
432d268c 1387
e890261f
MT		 1388 return -1;
1389}
f471a17e 1390
e890261f
MT		 1391/* Some of the softmmu routines need to translate from a host pointer
1392 (typically a TLB entry) back to a ram offset. */
1393ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1394{
1395 ram_addr_t ram_addr;
f471a17e 1396
e890261f
MT		 1397 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1398 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1399 abort();
1400 }
1401 return ram_addr;
5579c7f3
PB		 1402}
1403
a8170e5e 1404static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1405 uint64_t val, unsigned size)
9fa3e853 1406{
3a7d929e 1407 int dirty_flags;
f7c11b53 1408 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1409 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
0e0df1e2 1410 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 1411 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 1412 }
0e0df1e2
AK		 1413 switch (size) {
1414 case 1:
1415 stb_p(qemu_get_ram_ptr(ram_addr), val);
1416 break;
1417 case 2:
1418 stw_p(qemu_get_ram_ptr(ram_addr), val);
1419 break;
1420 case 4:
1421 stl_p(qemu_get_ram_ptr(ram_addr), val);
1422 break;
1423 default:
1424 abort();
3a7d929e 1425 }
f23db169 1426 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 1427 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 1428 /* we remove the notdirty callback only if the code has been
1429 flushed */
1430 if (dirty_flags == 0xff)
2e70f6ef 1431 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 1432}
1433
b018ddf6
PB		 1434static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1435 unsigned size, bool is_write)
1436{
1437 return is_write;
1438}
1439
0e0df1e2 1440static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1441 .write = notdirty_mem_write,
b018ddf6 1442 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1443 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1444};
1445
0f459d16 1446/* Generate a debug exception if a watchpoint has been hit. */
b4051334 1447static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 1448{
9349b4f9 1449 CPUArchState *env = cpu_single_env;
06d55cc1 1450 target_ulong pc, cs_base;
0f459d16 1451 target_ulong vaddr;
a1d1bb31 1452 CPUWatchpoint *wp;
06d55cc1 1453 int cpu_flags;
0f459d16 1454
06d55cc1
AL		 1455 if (env->watchpoint_hit) {
1456 /* We re-entered the check after replacing the TB. Now raise
1457 * the debug interrupt so that is will trigger after the
1458 * current instruction. */
c3affe56 1459 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1460 return;
1461 }
2e70f6ef 1462 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 1463 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 1464 if ((vaddr == (wp->vaddr & len_mask) ||
1465 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 1466 wp->flags |= BP_WATCHPOINT_HIT;
1467 if (!env->watchpoint_hit) {
1468 env->watchpoint_hit = wp;
5a316526 1469 tb_check_watchpoint(env);
6e140f28
AL		 1470 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1471 env->exception_index = EXCP_DEBUG;
488d6577 1472 cpu_loop_exit(env);
6e140f28
AL		 1473 } else {
1474 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1475 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 1476 cpu_resume_from_signal(env, NULL);
6e140f28 1477 }
06d55cc1 1478 }
6e140f28
AL		 1479 } else {
1480 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1481 }
1482 }
1483}
1484
6658ffb8
PB		 1485/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1486 so these check for a hit then pass through to the normal out-of-line
1487 phys routines. */
a8170e5e 1488static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1489 unsigned size)
6658ffb8 1490{
1ec9b909
AK		 1491 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1492 switch (size) {
1493 case 1: return ldub_phys(addr);
1494 case 2: return lduw_phys(addr);
1495 case 4: return ldl_phys(addr);
1496 default: abort();
1497 }
6658ffb8
PB		 1498}
1499
a8170e5e 1500static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1501 uint64_t val, unsigned size)
6658ffb8 1502{
1ec9b909
AK		 1503 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1504 switch (size) {
67364150
MF		 1505 case 1:
1506 stb_phys(addr, val);
1507 break;
1508 case 2:
1509 stw_phys(addr, val);
1510 break;
1511 case 4:
1512 stl_phys(addr, val);
1513 break;
1ec9b909
AK		 1514 default: abort();
1515 }
6658ffb8
PB		 1516}
1517
1ec9b909
AK		 1518static const MemoryRegionOps watch_mem_ops = {
1519 .read = watch_mem_read,
1520 .write = watch_mem_write,
1521 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1522};
6658ffb8 1523
a8170e5e 1524static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1525 unsigned len)
db7b5426 1526{
70c68e44 1527 subpage_t *mmio = opaque;
f6405247 1528 unsigned int idx = SUBPAGE_IDX(addr);
791af8c8
PB		 1529 uint64_t val;
1530
5312bd8b 1531 MemoryRegionSection *section;
db7b5426
BS		 1532#if defined(DEBUG_SUBPAGE)
1533 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1534 mmio, len, addr, idx);
1535#endif
db7b5426 1536
5312bd8b
AK		 1537 section = &phys_sections[mmio->sub_section[idx]];
1538 addr += mmio->base;
1539 addr -= section->offset_within_address_space;
1540 addr += section->offset_within_region;
791af8c8
PB		 1541 io_mem_read(section->mr, addr, &val, len);
1542 return val;
db7b5426
BS		 1543}
1544
a8170e5e 1545static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1546 uint64_t value, unsigned len)
db7b5426 1547{
70c68e44 1548 subpage_t *mmio = opaque;
f6405247 1549 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 1550 MemoryRegionSection *section;
db7b5426 1551#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 1552 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1553 " idx %d value %"PRIx64"\n",
f6405247 1554 __func__, mmio, len, addr, idx, value);
db7b5426 1555#endif
f6405247 1556
5312bd8b
AK		 1557 section = &phys_sections[mmio->sub_section[idx]];
1558 addr += mmio->base;
1559 addr -= section->offset_within_address_space;
1560 addr += section->offset_within_region;
37ec01d4 1561 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 1562}
1563
c353e4cc
PB		 1564static bool subpage_accepts(void *opaque, hwaddr addr,
1565 unsigned size, bool is_write)
1566{
1567 subpage_t *mmio = opaque;
1568 unsigned int idx = SUBPAGE_IDX(addr);
1569 MemoryRegionSection *section;
1570#if defined(DEBUG_SUBPAGE)
1571 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx
1572 " idx %d\n", __func__, mmio,
1573 is_write ? 'w' : 'r', len, addr, idx);
1574#endif
1575
1576 section = &phys_sections[mmio->sub_section[idx]];
1577 addr += mmio->base;
1578 addr -= section->offset_within_address_space;
1579 addr += section->offset_within_region;
1580 return memory_region_access_valid(section->mr, addr, size, is_write);
1581}
1582
70c68e44
AK		 1583static const MemoryRegionOps subpage_ops = {
1584 .read = subpage_read,
1585 .write = subpage_write,
c353e4cc 1586 .valid.accepts = subpage_accepts,
70c68e44 1587 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 1588};
1589
a8170e5e 1590static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
de712f94 1591 unsigned size)
56384e8b
AF		 1592{
1593 ram_addr_t raddr = addr;
1594 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 1595 switch (size) {
1596 case 1: return ldub_p(ptr);
1597 case 2: return lduw_p(ptr);
1598 case 4: return ldl_p(ptr);
1599 default: abort();
1600 }
56384e8b
AF		 1601}
1602
a8170e5e 1603static void subpage_ram_write(void *opaque, hwaddr addr,
de712f94 1604 uint64_t value, unsigned size)
56384e8b
AF		 1605{
1606 ram_addr_t raddr = addr;
1607 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 1608 switch (size) {
1609 case 1: return stb_p(ptr, value);
1610 case 2: return stw_p(ptr, value);
1611 case 4: return stl_p(ptr, value);
1612 default: abort();
1613 }
56384e8b
AF		 1614}
1615
de712f94
AK		 1616static const MemoryRegionOps subpage_ram_ops = {
1617 .read = subpage_ram_read,
1618 .write = subpage_ram_write,
1619 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 1620};
1621
c227f099 1622static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1623 uint16_t section)
db7b5426
BS		 1624{
1625 int idx, eidx;
1626
1627 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1628 return -1;
1629 idx = SUBPAGE_IDX(start);
1630 eidx = SUBPAGE_IDX(end);
1631#if defined(DEBUG_SUBPAGE)
0bf9e31a 1632 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 1633 mmio, start, end, idx, eidx, memory);
1634#endif
5312bd8b
AK		 1635 if (memory_region_is_ram(phys_sections[section].mr)) {
1636 MemoryRegionSection new_section = phys_sections[section];
1637 new_section.mr = &io_mem_subpage_ram;
1638 section = phys_section_add(&new_section);
56384e8b 1639 }
db7b5426 1640 for (; idx <= eidx; idx++) {
5312bd8b 1641 mmio->sub_section[idx] = section;
db7b5426
BS		 1642 }
1643
1644 return 0;
1645}
1646
a8170e5e 1647static subpage_t *subpage_init(hwaddr base)
db7b5426 1648{
c227f099 1649 subpage_t *mmio;
db7b5426 1650
7267c094 1651 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 1652
1653 mmio->base = base;
70c68e44
AK		 1654 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1655 "subpage", TARGET_PAGE_SIZE);
b3b00c78 1656 mmio->iomem.subpage = true;
db7b5426 1657#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 1658 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1659 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 1660#endif
0f0cb164 1661 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 1662
1663 return mmio;
1664}
1665
5312bd8b
AK		 1666static uint16_t dummy_section(MemoryRegion *mr)
1667{
1668 MemoryRegionSection section = {
1669 .mr = mr,
1670 .offset_within_address_space = 0,
1671 .offset_within_region = 0,
1672 .size = UINT64_MAX,
1673 };
1674
1675 return phys_section_add(&section);
1676}
1677
a8170e5e 1678MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 1679{
37ec01d4 1680 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 1681}
1682
e9179ce1
AK		 1683static void io_mem_init(void)
1684{
bf8d5166 1685 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
0e0df1e2
AK		 1686 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1687 "unassigned", UINT64_MAX);
1688 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1689 "notdirty", UINT64_MAX);
de712f94
AK		 1690 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1691 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 1692 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1693 "watch", UINT64_MAX);
e9179ce1
AK		 1694}
1695
ac1970fb
AK		 1696static void mem_begin(MemoryListener *listener)
1697{
1698 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1699
1700 destroy_all_mappings(d);
1701 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1702}
1703
50c1e149
AK		 1704static void core_begin(MemoryListener *listener)
1705{
5312bd8b
AK		 1706 phys_sections_clear();
1707 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 1708 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1709 phys_section_rom = dummy_section(&io_mem_rom);
1710 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 1711}
1712
1d71148e 1713static void tcg_commit(MemoryListener *listener)
50c1e149 1714{
9349b4f9 1715 CPUArchState *env;
117712c3
AK		 1716
1717 /* since each CPU stores ram addresses in its TLB cache, we must
1718 reset the modified entries */
1719 /* XXX: slow ! */
1720 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1721 tlb_flush(env, 1);
1722 }
50c1e149
AK		 1723}
1724
93632747
AK		 1725static void core_log_global_start(MemoryListener *listener)
1726{
1727 cpu_physical_memory_set_dirty_tracking(1);
1728}
1729
1730static void core_log_global_stop(MemoryListener *listener)
1731{
1732 cpu_physical_memory_set_dirty_tracking(0);
1733}
1734
4855d41a
AK		 1735static void io_region_add(MemoryListener *listener,
1736 MemoryRegionSection *section)
1737{
a2d33521
AK		 1738 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1739
1740 mrio->mr = section->mr;
1741 mrio->offset = section->offset_within_region;
1742 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 1743 section->offset_within_address_space, section->size);
a2d33521 1744 ioport_register(&mrio->iorange);
4855d41a
AK		 1745}
1746
1747static void io_region_del(MemoryListener *listener,
1748 MemoryRegionSection *section)
1749{
1750 isa_unassign_ioport(section->offset_within_address_space, section->size);
1751}
1752
93632747 1753static MemoryListener core_memory_listener = {
50c1e149 1754 .begin = core_begin,
93632747
AK		 1755 .log_global_start = core_log_global_start,
1756 .log_global_stop = core_log_global_stop,
ac1970fb 1757 .priority = 1,
93632747
AK		 1758};
1759
4855d41a
AK		 1760static MemoryListener io_memory_listener = {
1761 .region_add = io_region_add,
1762 .region_del = io_region_del,
4855d41a
AK		 1763 .priority = 0,
1764};
1765
1d71148e
AK		 1766static MemoryListener tcg_memory_listener = {
1767 .commit = tcg_commit,
1768};
1769
ac1970fb
AK		 1770void address_space_init_dispatch(AddressSpace *as)
1771{
1772 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1773
1774 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1775 d->listener = (MemoryListener) {
1776 .begin = mem_begin,
1777 .region_add = mem_add,
1778 .region_nop = mem_add,
1779 .priority = 0,
1780 };
1781 as->dispatch = d;
1782 memory_listener_register(&d->listener, as);
1783}
1784
83f3c251
AK		 1785void address_space_destroy_dispatch(AddressSpace *as)
1786{
1787 AddressSpaceDispatch *d = as->dispatch;
1788
1789 memory_listener_unregister(&d->listener);
1790 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1791 g_free(d);
1792 as->dispatch = NULL;
1793}
1794
62152b8a
AK		 1795static void memory_map_init(void)
1796{
7267c094 1797 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 1798 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 1799 address_space_init(&address_space_memory, system_memory);
1800 address_space_memory.name = "memory";
309cb471 1801
7267c094 1802 system_io = g_malloc(sizeof(*system_io));
309cb471 1803 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 1804 address_space_init(&address_space_io, system_io);
1805 address_space_io.name = "I/O";
93632747 1806
f6790af6
AK		 1807 memory_listener_register(&core_memory_listener, &address_space_memory);
1808 memory_listener_register(&io_memory_listener, &address_space_io);
1809 memory_listener_register(&tcg_memory_listener, &address_space_memory);
9e11908f
PM		 1810
1811 dma_context_init(&dma_context_memory, &address_space_memory,
1812 NULL, NULL, NULL);
62152b8a
AK		 1813}
1814
1815MemoryRegion *get_system_memory(void)
1816{
1817 return system_memory;
1818}
1819
309cb471
AK		 1820MemoryRegion *get_system_io(void)
1821{
1822 return system_io;
1823}
1824
e2eef170
PB		 1825#endif /* !defined(CONFIG_USER_ONLY) */
1826
13eb76e0
FB		 1827/* physical memory access (slow version, mainly for debug) */
1828#if defined(CONFIG_USER_ONLY)
9349b4f9 1829int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 1830 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 1831{
1832 int l, flags;
1833 target_ulong page;
53a5960a 1834 void * p;
13eb76e0
FB		 1835
1836 while (len > 0) {
1837 page = addr & TARGET_PAGE_MASK;
1838 l = (page + TARGET_PAGE_SIZE) - addr;
1839 if (l > len)
1840 l = len;
1841 flags = page_get_flags(page);
1842 if (!(flags & PAGE_VALID))
a68fe89c 1843 return -1;
13eb76e0
FB		 1844 if (is_write) {
1845 if (!(flags & PAGE_WRITE))
a68fe89c 1846 return -1;
579a97f7 1847 /* XXX: this code should not depend on lock_user */
72fb7daa 1848 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 1849 return -1;
72fb7daa
AJ		 1850 memcpy(p, buf, l);
1851 unlock_user(p, addr, l);
13eb76e0
FB		 1852 } else {
1853 if (!(flags & PAGE_READ))
a68fe89c 1854 return -1;
579a97f7 1855 /* XXX: this code should not depend on lock_user */
72fb7daa 1856 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 1857 return -1;
72fb7daa 1858 memcpy(buf, p, l);
5b257578 1859 unlock_user(p, addr, 0);
13eb76e0
FB		 1860 }
1861 len -= l;
1862 buf += l;
1863 addr += l;
1864 }
a68fe89c 1865 return 0;
13eb76e0 1866}
8df1cd07 1867
13eb76e0 1868#else
51d7a9eb 1869
a8170e5e
AK		 1870static void invalidate_and_set_dirty(hwaddr addr,
1871 hwaddr length)
51d7a9eb
AP		 1872{
1873 if (!cpu_physical_memory_is_dirty(addr)) {
1874 /* invalidate code */
1875 tb_invalidate_phys_page_range(addr, addr + length, 0);
1876 /* set dirty bit */
1877 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1878 }
e226939d 1879 xen_modified_memory(addr, length);
51d7a9eb
AP		 1880}
1881
2bbfa05d
PB		 1882static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1883{
1884 if (memory_region_is_ram(mr)) {
1885 return !(is_write && mr->readonly);
1886 }
1887 if (memory_region_is_romd(mr)) {
1888 return !is_write;
1889 }
1890
1891 return false;
1892}
1893
82f2563f
PB		 1894static inline int memory_access_size(int l, hwaddr addr)
1895{
1896 if (l >= 4 && ((addr & 3) == 0)) {
1897 return 4;
1898 }
1899 if (l >= 2 && ((addr & 1) == 0)) {
1900 return 2;
1901 }
1902 return 1;
1903}
1904
fd8aaa76 1905bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 1906 int len, bool is_write)
13eb76e0 1907{
149f54b5 1908 hwaddr l;
13eb76e0 1909 uint8_t *ptr;
791af8c8 1910 uint64_t val;
149f54b5 1911 hwaddr addr1;
f3705d53 1912 MemoryRegionSection *section;
fd8aaa76 1913 bool error = false;
3b46e624 1914
13eb76e0 1915 while (len > 0) {
149f54b5
PB		 1916 l = len;
1917 section = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 1918
13eb76e0 1919 if (is_write) {
2bbfa05d 1920 if (!memory_access_is_direct(section->mr, is_write)) {
82f2563f 1921 l = memory_access_size(l, addr1);
6a00d601
FB		 1922 /* XXX: could force cpu_single_env to NULL to avoid
1923 potential bugs */
82f2563f 1924 if (l == 4) {
1c213d19 1925 /* 32 bit write access */
c27004ec 1926 val = ldl_p(buf);
fd8aaa76 1927 error |= io_mem_write(section->mr, addr1, val, 4);
82f2563f 1928 } else if (l == 2) {
1c213d19 1929 /* 16 bit write access */
c27004ec 1930 val = lduw_p(buf);
fd8aaa76 1931 error |= io_mem_write(section->mr, addr1, val, 2);
13eb76e0 1932 } else {
1c213d19 1933 /* 8 bit write access */
c27004ec 1934 val = ldub_p(buf);
fd8aaa76 1935 error |= io_mem_write(section->mr, addr1, val, 1);
13eb76e0 1936 }
2bbfa05d 1937 } else {
149f54b5 1938 addr1 += memory_region_get_ram_addr(section->mr);
13eb76e0 1939 /* RAM case */
5579c7f3 1940 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 1941 memcpy(ptr, buf, l);
51d7a9eb 1942 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 1943 }
1944 } else {
2bbfa05d 1945 if (!memory_access_is_direct(section->mr, is_write)) {
13eb76e0 1946 /* I/O case */
82f2563f
PB		 1947 l = memory_access_size(l, addr1);
1948 if (l == 4) {
13eb76e0 1949 /* 32 bit read access */
fd8aaa76 1950 error |= io_mem_read(section->mr, addr1, &val, 4);
c27004ec 1951 stl_p(buf, val);
82f2563f 1952 } else if (l == 2) {
13eb76e0 1953 /* 16 bit read access */
fd8aaa76 1954 error |= io_mem_read(section->mr, addr1, &val, 2);
c27004ec 1955 stw_p(buf, val);
13eb76e0 1956 } else {
1c213d19 1957 /* 8 bit read access */
fd8aaa76 1958 error |= io_mem_read(section->mr, addr1, &val, 1);
c27004ec 1959 stb_p(buf, val);
13eb76e0
FB		 1960 }
1961 } else {
1962 /* RAM case */
149f54b5 1963 ptr = qemu_get_ram_ptr(section->mr->ram_addr + addr1);
f3705d53 1964 memcpy(buf, ptr, l);
13eb76e0
FB		 1965 }
1966 }
1967 len -= l;
1968 buf += l;
1969 addr += l;
1970 }
fd8aaa76
PB		 1971
1972 return error;
13eb76e0 1973}
8df1cd07 1974
fd8aaa76 1975bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 1976 const uint8_t *buf, int len)
1977{
fd8aaa76 1978 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 1979}
1980
fd8aaa76 1981bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 1982{
fd8aaa76 1983 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 1984}
1985
1986
a8170e5e 1987void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 1988 int len, int is_write)
1989{
fd8aaa76 1990 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 1991}
1992
d0ecd2aa 1993/* used for ROM loading : can write in RAM and ROM */
a8170e5e 1994void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 1995 const uint8_t *buf, int len)
1996{
149f54b5 1997 hwaddr l;
d0ecd2aa 1998 uint8_t *ptr;
149f54b5 1999 hwaddr addr1;
f3705d53 2000 MemoryRegionSection *section;
3b46e624 2001
d0ecd2aa 2002 while (len > 0) {
149f54b5
PB		 2003 l = len;
2004 section = address_space_translate(&address_space_memory,
2005 addr, &addr1, &l, true);
3b46e624 2006
cc5bea60
BS		 2007 if (!(memory_region_is_ram(section->mr) ||
2008 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 2009 /* do nothing */
2010 } else {
149f54b5 2011 addr1 += memory_region_get_ram_addr(section->mr);
d0ecd2aa 2012 /* ROM/RAM case */
5579c7f3 2013 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 2014 memcpy(ptr, buf, l);
51d7a9eb 2015 invalidate_and_set_dirty(addr1, l);
d0ecd2aa
FB		 2016 }
2017 len -= l;
2018 buf += l;
2019 addr += l;
2020 }
2021}
2022
6d16c2f8
AL		 2023typedef struct {
2024 void *buffer;
a8170e5e
AK		 2025 hwaddr addr;
2026 hwaddr len;
6d16c2f8
AL		 2027} BounceBuffer;
2028
2029static BounceBuffer bounce;
2030
ba223c29
AL		 2031typedef struct MapClient {
2032 void *opaque;
2033 void (*callback)(void *opaque);
72cf2d4f 2034 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2035} MapClient;
2036
72cf2d4f
BS		 2037static QLIST_HEAD(map_client_list, MapClient) map_client_list
2038 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2039
2040void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2041{
7267c094 2042 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2043
2044 client->opaque = opaque;
2045 client->callback = callback;
72cf2d4f 2046 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2047 return client;
2048}
2049
8b9c99d9 2050static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2051{
2052 MapClient *client = (MapClient *)_client;
2053
72cf2d4f 2054 QLIST_REMOVE(client, link);
7267c094 2055 g_free(client);
ba223c29
AL		 2056}
2057
2058static void cpu_notify_map_clients(void)
2059{
2060 MapClient *client;
2061
72cf2d4f
BS		 2062 while (!QLIST_EMPTY(&map_client_list)) {
2063 client = QLIST_FIRST(&map_client_list);
ba223c29 2064 client->callback(client->opaque);
34d5e948 2065 cpu_unregister_map_client(client);
ba223c29
AL		 2066 }
2067}
2068
51644ab7
PB		 2069bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2070{
2071 MemoryRegionSection *section;
2072 hwaddr l, xlat;
2073
2074 while (len > 0) {
2075 l = len;
2076 section = address_space_translate(as, addr, &xlat, &l, is_write);
2077 if (!memory_access_is_direct(section->mr, is_write)) {
2078 l = memory_access_size(l, addr);
2079 if (!memory_region_access_valid(section->mr, xlat, l, is_write)) {
2080 return false;
2081 }
2082 }
2083
2084 len -= l;
2085 addr += l;
2086 }
2087 return true;
2088}
2089
6d16c2f8
AL		 2090/* Map a physical memory region into a host virtual address.
2091 * May map a subset of the requested range, given by and returned in *plen.
2092 * May return NULL if resources needed to perform the mapping are exhausted.
2093 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2094 * Use cpu_register_map_client() to know when retrying the map operation is
2095 * likely to succeed.
6d16c2f8 2096 */
ac1970fb 2097void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2098 hwaddr addr,
2099 hwaddr *plen,
ac1970fb 2100 bool is_write)
6d16c2f8 2101{
a8170e5e
AK		 2102 hwaddr len = *plen;
2103 hwaddr todo = 0;
149f54b5 2104 hwaddr l, xlat;
f3705d53 2105 MemoryRegionSection *section;
f15fbc4b 2106 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 2107 ram_addr_t rlen;
2108 void *ret;
6d16c2f8
AL		 2109
2110 while (len > 0) {
149f54b5
PB		 2111 l = len;
2112 section = address_space_translate(as, addr, &xlat, &l, is_write);
6d16c2f8 2113
2bbfa05d 2114 if (!memory_access_is_direct(section->mr, is_write)) {
38bee5dc 2115 if (todo || bounce.buffer) {
6d16c2f8
AL		 2116 break;
2117 }
2118 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2119 bounce.addr = addr;
2120 bounce.len = l;
2121 if (!is_write) {
ac1970fb 2122 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 2123 }
38bee5dc
SS		 2124
2125 *plen = l;
2126 return bounce.buffer;
6d16c2f8 2127 }
8ab934f9 2128 if (!todo) {
149f54b5
PB		 2129 raddr = memory_region_get_ram_addr(section->mr) + xlat;
2130 } else {
2131 if (memory_region_get_ram_addr(section->mr) + xlat != raddr + todo) {
2132 break;
2133 }
8ab934f9 2134 }
6d16c2f8
AL		 2135
2136 len -= l;
2137 addr += l;
38bee5dc 2138 todo += l;
6d16c2f8 2139 }
8ab934f9
SS		 2140 rlen = todo;
2141 ret = qemu_ram_ptr_length(raddr, &rlen);
2142 *plen = rlen;
2143 return ret;
6d16c2f8
AL		 2144}
2145
ac1970fb 2146/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2147 * Will also mark the memory as dirty if is_write == 1. access_len gives
2148 * the amount of memory that was actually read or written by the caller.
2149 */
a8170e5e
AK		 2150void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2151 int is_write, hwaddr access_len)
6d16c2f8
AL		 2152{
2153 if (buffer != bounce.buffer) {
2154 if (is_write) {
e890261f 2155 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 2156 while (access_len) {
2157 unsigned l;
2158 l = TARGET_PAGE_SIZE;
2159 if (l > access_len)
2160 l = access_len;
51d7a9eb 2161 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 2162 addr1 += l;
2163 access_len -= l;
2164 }
2165 }
868bb33f 2166 if (xen_enabled()) {
e41d7c69 2167 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2168 }
6d16c2f8
AL		 2169 return;
2170 }
2171 if (is_write) {
ac1970fb 2172 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2173 }
f8a83245 2174 qemu_vfree(bounce.buffer);
6d16c2f8 2175 bounce.buffer = NULL;
ba223c29 2176 cpu_notify_map_clients();
6d16c2f8 2177}
d0ecd2aa 2178
a8170e5e
AK		 2179void *cpu_physical_memory_map(hwaddr addr,
2180 hwaddr *plen,
ac1970fb
AK		 2181 int is_write)
2182{
2183 return address_space_map(&address_space_memory, addr, plen, is_write);
2184}
2185
a8170e5e
AK		 2186void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2187 int is_write, hwaddr access_len)
ac1970fb
AK		 2188{
2189 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2190}
2191
8df1cd07 2192/* warning: addr must be aligned */
a8170e5e 2193static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 2194 enum device_endian endian)
8df1cd07 2195{
8df1cd07 2196 uint8_t *ptr;
791af8c8 2197 uint64_t val;
f3705d53 2198 MemoryRegionSection *section;
149f54b5
PB		 2199 hwaddr l = 4;
2200 hwaddr addr1;
8df1cd07 2201
149f54b5
PB		 2202 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2203 false);
2bbfa05d 2204 if (l < 4 || !memory_access_is_direct(section->mr, false)) {
8df1cd07 2205 /* I/O case */
791af8c8 2206 io_mem_read(section->mr, addr1, &val, 4);
1e78bcc1
AG		 2207#if defined(TARGET_WORDS_BIGENDIAN)
2208 if (endian == DEVICE_LITTLE_ENDIAN) {
2209 val = bswap32(val);
2210 }
2211#else
2212 if (endian == DEVICE_BIG_ENDIAN) {
2213 val = bswap32(val);
2214 }
2215#endif
8df1cd07
FB		 2216 } else {
2217 /* RAM case */
f3705d53 2218 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 2219 & TARGET_PAGE_MASK)
149f54b5 2220 + addr1);
1e78bcc1
AG		 2221 switch (endian) {
2222 case DEVICE_LITTLE_ENDIAN:
2223 val = ldl_le_p(ptr);
2224 break;
2225 case DEVICE_BIG_ENDIAN:
2226 val = ldl_be_p(ptr);
2227 break;
2228 default:
2229 val = ldl_p(ptr);
2230 break;
2231 }
8df1cd07
FB		 2232 }
2233 return val;
2234}
2235
a8170e5e 2236uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 2237{
2238 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2239}
2240
a8170e5e 2241uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 2242{
2243 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2244}
2245
a8170e5e 2246uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 2247{
2248 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2249}
2250
84b7b8e7 2251/* warning: addr must be aligned */
a8170e5e 2252static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 2253 enum device_endian endian)
84b7b8e7 2254{
84b7b8e7
FB		 2255 uint8_t *ptr;
2256 uint64_t val;
f3705d53 2257 MemoryRegionSection *section;
149f54b5
PB		 2258 hwaddr l = 8;
2259 hwaddr addr1;
84b7b8e7 2260
149f54b5
PB		 2261 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2262 false);
2bbfa05d 2263 if (l < 8 || !memory_access_is_direct(section->mr, false)) {
84b7b8e7 2264 /* I/O case */
791af8c8 2265 io_mem_read(section->mr, addr1, &val, 8);
968a5627
PB		 2266#if defined(TARGET_WORDS_BIGENDIAN)
2267 if (endian == DEVICE_LITTLE_ENDIAN) {
2268 val = bswap64(val);
2269 }
2270#else
2271 if (endian == DEVICE_BIG_ENDIAN) {
2272 val = bswap64(val);
2273 }
84b7b8e7
FB		 2274#endif
2275 } else {
2276 /* RAM case */
f3705d53 2277 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 2278 & TARGET_PAGE_MASK)
149f54b5 2279 + addr1);
1e78bcc1
AG		 2280 switch (endian) {
2281 case DEVICE_LITTLE_ENDIAN:
2282 val = ldq_le_p(ptr);
2283 break;
2284 case DEVICE_BIG_ENDIAN:
2285 val = ldq_be_p(ptr);
2286 break;
2287 default:
2288 val = ldq_p(ptr);
2289 break;
2290 }
84b7b8e7
FB		 2291 }
2292 return val;
2293}
2294
a8170e5e 2295uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 2296{
2297 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2298}
2299
a8170e5e 2300uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 2301{
2302 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2303}
2304
a8170e5e 2305uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 2306{
2307 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2308}
2309
aab33094 2310/* XXX: optimize */
a8170e5e 2311uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 2312{
2313 uint8_t val;
2314 cpu_physical_memory_read(addr, &val, 1);
2315 return val;
2316}
2317
733f0b02 2318/* warning: addr must be aligned */
a8170e5e 2319static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 2320 enum device_endian endian)
aab33094 2321{
733f0b02
MT		 2322 uint8_t *ptr;
2323 uint64_t val;
f3705d53 2324 MemoryRegionSection *section;
149f54b5
PB		 2325 hwaddr l = 2;
2326 hwaddr addr1;
733f0b02 2327
149f54b5
PB		 2328 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2329 false);
2bbfa05d 2330 if (l < 2 || !memory_access_is_direct(section->mr, false)) {
733f0b02 2331 /* I/O case */
791af8c8 2332 io_mem_read(section->mr, addr1, &val, 2);
1e78bcc1
AG		 2333#if defined(TARGET_WORDS_BIGENDIAN)
2334 if (endian == DEVICE_LITTLE_ENDIAN) {
2335 val = bswap16(val);
2336 }
2337#else
2338 if (endian == DEVICE_BIG_ENDIAN) {
2339 val = bswap16(val);
2340 }
2341#endif
733f0b02
MT		 2342 } else {
2343 /* RAM case */
f3705d53 2344 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 2345 & TARGET_PAGE_MASK)
149f54b5 2346 + addr1);
1e78bcc1
AG		 2347 switch (endian) {
2348 case DEVICE_LITTLE_ENDIAN:
2349 val = lduw_le_p(ptr);
2350 break;
2351 case DEVICE_BIG_ENDIAN:
2352 val = lduw_be_p(ptr);
2353 break;
2354 default:
2355 val = lduw_p(ptr);
2356 break;
2357 }
733f0b02
MT		 2358 }
2359 return val;
aab33094
FB		 2360}
2361
a8170e5e 2362uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 2363{
2364 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2365}
2366
a8170e5e 2367uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 2368{
2369 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2370}
2371
a8170e5e 2372uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 2373{
2374 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2375}
2376
8df1cd07
FB		 2377/* warning: addr must be aligned. The ram page is not masked as dirty
2378 and the code inside is not invalidated. It is useful if the dirty
2379 bits are used to track modified PTEs */
a8170e5e 2380void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 2381{
8df1cd07 2382 uint8_t *ptr;
f3705d53 2383 MemoryRegionSection *section;
149f54b5
PB		 2384 hwaddr l = 4;
2385 hwaddr addr1;
8df1cd07 2386
149f54b5
PB		 2387 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2388 true);
2bbfa05d 2389 if (l < 4 || !memory_access_is_direct(section->mr, true)) {
149f54b5 2390 io_mem_write(section->mr, addr1, val, 4);
8df1cd07 2391 } else {
149f54b5 2392 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
5579c7f3 2393 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2394 stl_p(ptr, val);
74576198
AL		 2395
2396 if (unlikely(in_migration)) {
2397 if (!cpu_physical_memory_is_dirty(addr1)) {
2398 /* invalidate code */
2399 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2400 /* set dirty bit */
f7c11b53
YT		 2401 cpu_physical_memory_set_dirty_flags(
2402 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 2403 }
2404 }
8df1cd07
FB		 2405 }
2406}
2407
2408/* warning: addr must be aligned */
a8170e5e 2409static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2410 enum device_endian endian)
8df1cd07 2411{
8df1cd07 2412 uint8_t *ptr;
f3705d53 2413 MemoryRegionSection *section;
149f54b5
PB		 2414 hwaddr l = 4;
2415 hwaddr addr1;
8df1cd07 2416
149f54b5
PB		 2417 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2418 true);
2bbfa05d 2419 if (l < 4 || !memory_access_is_direct(section->mr, true)) {
1e78bcc1
AG		 2420#if defined(TARGET_WORDS_BIGENDIAN)
2421 if (endian == DEVICE_LITTLE_ENDIAN) {
2422 val = bswap32(val);
2423 }
2424#else
2425 if (endian == DEVICE_BIG_ENDIAN) {
2426 val = bswap32(val);
2427 }
2428#endif
149f54b5 2429 io_mem_write(section->mr, addr1, val, 4);
8df1cd07 2430 } else {
8df1cd07 2431 /* RAM case */
149f54b5 2432 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
5579c7f3 2433 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2434 switch (endian) {
2435 case DEVICE_LITTLE_ENDIAN:
2436 stl_le_p(ptr, val);
2437 break;
2438 case DEVICE_BIG_ENDIAN:
2439 stl_be_p(ptr, val);
2440 break;
2441 default:
2442 stl_p(ptr, val);
2443 break;
2444 }
51d7a9eb 2445 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2446 }
2447}
2448
a8170e5e 2449void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2450{
2451 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2452}
2453
a8170e5e 2454void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2455{
2456 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2457}
2458
a8170e5e 2459void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2460{
2461 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2462}
2463
aab33094 2464/* XXX: optimize */
a8170e5e 2465void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 2466{
2467 uint8_t v = val;
2468 cpu_physical_memory_write(addr, &v, 1);
2469}
2470
733f0b02 2471/* warning: addr must be aligned */
a8170e5e 2472static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 2473 enum device_endian endian)
aab33094 2474{
733f0b02 2475 uint8_t *ptr;
f3705d53 2476 MemoryRegionSection *section;
149f54b5
PB		 2477 hwaddr l = 2;
2478 hwaddr addr1;
733f0b02 2479
149f54b5
PB		 2480 section = address_space_translate(&address_space_memory, addr, &addr1, &l,
2481 true);
2bbfa05d 2482 if (l < 2 || !memory_access_is_direct(section->mr, true)) {
1e78bcc1
AG		 2483#if defined(TARGET_WORDS_BIGENDIAN)
2484 if (endian == DEVICE_LITTLE_ENDIAN) {
2485 val = bswap16(val);
2486 }
2487#else
2488 if (endian == DEVICE_BIG_ENDIAN) {
2489 val = bswap16(val);
2490 }
2491#endif
149f54b5 2492 io_mem_write(section->mr, addr1, val, 2);
733f0b02 2493 } else {
733f0b02 2494 /* RAM case */
149f54b5 2495 addr1 += memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK;
733f0b02 2496 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2497 switch (endian) {
2498 case DEVICE_LITTLE_ENDIAN:
2499 stw_le_p(ptr, val);
2500 break;
2501 case DEVICE_BIG_ENDIAN:
2502 stw_be_p(ptr, val);
2503 break;
2504 default:
2505 stw_p(ptr, val);
2506 break;
2507 }
51d7a9eb 2508 invalidate_and_set_dirty(addr1, 2);
733f0b02 2509 }
aab33094
FB		 2510}
2511
a8170e5e 2512void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2513{
2514 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2515}
2516
a8170e5e 2517void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2518{
2519 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2520}
2521
a8170e5e 2522void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 2523{
2524 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2525}
2526
aab33094 2527/* XXX: optimize */
a8170e5e 2528void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 2529{
2530 val = tswap64(val);
71d2b725 2531 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 2532}
2533
a8170e5e 2534void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2535{
2536 val = cpu_to_le64(val);
2537 cpu_physical_memory_write(addr, &val, 8);
2538}
2539
a8170e5e 2540void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 2541{
2542 val = cpu_to_be64(val);
2543 cpu_physical_memory_write(addr, &val, 8);
2544}
2545
5e2972fd 2546/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 2547int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 2548 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2549{
2550 int l;
a8170e5e 2551 hwaddr phys_addr;
9b3c35e0 2552 target_ulong page;
13eb76e0
FB		 2553
2554 while (len > 0) {
2555 page = addr & TARGET_PAGE_MASK;
2556 phys_addr = cpu_get_phys_page_debug(env, page);
2557 /* if no physical page mapped, return an error */
2558 if (phys_addr == -1)
2559 return -1;
2560 l = (page + TARGET_PAGE_SIZE) - addr;
2561 if (l > len)
2562 l = len;
5e2972fd 2563 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 2564 if (is_write)
2565 cpu_physical_memory_write_rom(phys_addr, buf, l);
2566 else
5e2972fd 2567 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 2568 len -= l;
2569 buf += l;
2570 addr += l;
2571 }
2572 return 0;
2573}
a68fe89c 2574#endif
13eb76e0 2575
8e4a424b
BS		 2576#if !defined(CONFIG_USER_ONLY)
2577
2578/*
2579 * A helper function for the _utterly broken_ virtio device model to find out if
2580 * it's running on a big endian machine. Don't do this at home kids!
2581 */
2582bool virtio_is_big_endian(void);
2583bool virtio_is_big_endian(void)
2584{
2585#if defined(TARGET_WORDS_BIGENDIAN)
2586 return true;
2587#else
2588 return false;
2589#endif
2590}
2591
2592#endif
2593
76f35538 2594#ifndef CONFIG_USER_ONLY
a8170e5e 2595bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538
WC		 2596{
2597 MemoryRegionSection *section;
149f54b5 2598 hwaddr l = 1;
76f35538 2599
149f54b5
PB		 2600 section = address_space_translate(&address_space_memory,
2601 phys_addr, &phys_addr, &l, false);
76f35538
WC		 2602
2603 return !(memory_region_is_ram(section->mr) ||
2604 memory_region_is_romd(section->mr));
2605}
2606#endif
Qemu copy for testing