]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: store MemoryRegionSection pointers in phys_map
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 189typedef struct PhysPageDesc {
190 /* offset in host memory of the page + io_index in the low bits */
191 ram_addr_t phys_offset;
192 ram_addr_t region_offset;
193} PhysPageDesc;
194
4346ae3e
AK		 195typedef struct PhysPageEntry PhysPageEntry;
196
5312bd8b
AK		 197static MemoryRegionSection *phys_sections;
198static unsigned phys_sections_nb, phys_sections_nb_alloc;
199static uint16_t phys_section_unassigned;
200
4346ae3e
AK		 201struct PhysPageEntry {
202 union {
5312bd8b 203 uint16_t leaf; /* index into phys_sections */
4346ae3e
AK		 204 PhysPageEntry *node;
205 } u;
206};
207
5cd2c5b6
RH		 208/* This is a multi-level map on the physical address space.
209 The bottom level has pointers to PhysPageDesc. */
4346ae3e 210static PhysPageEntry phys_map;
6d9a1304 211
e2eef170 212static void io_mem_init(void);
62152b8a 213static void memory_map_init(void);
e2eef170 214
33417e70 215/* io memory support */
a621f38d 216MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 217static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 218static MemoryRegion io_mem_watch;
6658ffb8 219#endif
33417e70 220
34865134 221/* log support */
1e8b27ca
JR		 222#ifdef WIN32
223static const char *logfilename = "qemu.log";
224#else
d9b630fd 225static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 226#endif
34865134
FB		 227FILE *logfile;
228int loglevel;
e735b91c 229static int log_append = 0;
34865134 230
e3db7226 231/* statistics */
b3755a91 232#if !defined(CONFIG_USER_ONLY)
e3db7226 233static int tlb_flush_count;
b3755a91 234#endif
e3db7226
FB		 235static int tb_flush_count;
236static int tb_phys_invalidate_count;
237
7cb69cae
FB		 238#ifdef _WIN32
239static void map_exec(void *addr, long size)
240{
241 DWORD old_protect;
242 VirtualProtect(addr, size,
243 PAGE_EXECUTE_READWRITE, &old_protect);
244
245}
246#else
247static void map_exec(void *addr, long size)
248{
4369415f 249 unsigned long start, end, page_size;
7cb69cae 250
4369415f 251 page_size = getpagesize();
7cb69cae 252 start = (unsigned long)addr;
4369415f 253 start &= ~(page_size - 1);
7cb69cae
FB		 254
255 end = (unsigned long)addr + size;
4369415f
FB		 256 end += page_size - 1;
257 end &= ~(page_size - 1);
7cb69cae
FB		 258
259 mprotect((void *)start, end - start,
260 PROT_READ | PROT_WRITE | PROT_EXEC);
261}
262#endif
263
b346ff46 264static void page_init(void)
54936004 265{
83fb7adf 266 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 267 TARGET_PAGE_SIZE */
c2b48b69
AL		 268#ifdef _WIN32
269 {
270 SYSTEM_INFO system_info;
271
272 GetSystemInfo(&system_info);
273 qemu_real_host_page_size = system_info.dwPageSize;
274 }
275#else
276 qemu_real_host_page_size = getpagesize();
277#endif
83fb7adf
FB		 278 if (qemu_host_page_size == 0)
279 qemu_host_page_size = qemu_real_host_page_size;
280 if (qemu_host_page_size < TARGET_PAGE_SIZE)
281 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 282 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 283
2e9a5713 284#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 285 {
f01576f1
JL		 286#ifdef HAVE_KINFO_GETVMMAP
287 struct kinfo_vmentry *freep;
288 int i, cnt;
289
290 freep = kinfo_getvmmap(getpid(), &cnt);
291 if (freep) {
292 mmap_lock();
293 for (i = 0; i < cnt; i++) {
294 unsigned long startaddr, endaddr;
295
296 startaddr = freep[i].kve_start;
297 endaddr = freep[i].kve_end;
298 if (h2g_valid(startaddr)) {
299 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
300
301 if (h2g_valid(endaddr)) {
302 endaddr = h2g(endaddr);
fd436907 303 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 304 } else {
305#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
306 endaddr = ~0ul;
fd436907 307 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 308#endif
309 }
310 }
311 }
312 free(freep);
313 mmap_unlock();
314 }
315#else
50a9569b 316 FILE *f;
50a9569b 317
0776590d 318 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 319
fd436907 320 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 321 if (f) {
5cd2c5b6
RH		 322 mmap_lock();
323
50a9569b 324 do {
5cd2c5b6
RH		 325 unsigned long startaddr, endaddr;
326 int n;
327
328 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
329
330 if (n == 2 && h2g_valid(startaddr)) {
331 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
332
333 if (h2g_valid(endaddr)) {
334 endaddr = h2g(endaddr);
335 } else {
336 endaddr = ~0ul;
337 }
338 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 339 }
340 } while (!feof(f));
5cd2c5b6 341
50a9569b 342 fclose(f);
5cd2c5b6 343 mmap_unlock();
50a9569b 344 }
f01576f1 345#endif
50a9569b
AZ		 346 }
347#endif
54936004
FB		 348}
349
41c1b1c9 350static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 351{
41c1b1c9
PB		 352 PageDesc *pd;
353 void **lp;
354 int i;
355
5cd2c5b6 356#if defined(CONFIG_USER_ONLY)
7267c094 357 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 358# define ALLOC(P, SIZE) \
359 do { \
360 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
361 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 362 } while (0)
363#else
364# define ALLOC(P, SIZE) \
7267c094 365 do { P = g_malloc0(SIZE); } while (0)
17e2377a 366#endif
434929bf 367
5cd2c5b6
RH		 368 /* Level 1. Always allocated. */
369 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
370
371 /* Level 2..N-1. */
372 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
373 void **p = *lp;
374
375 if (p == NULL) {
376 if (!alloc) {
377 return NULL;
378 }
379 ALLOC(p, sizeof(void *) * L2_SIZE);
380 *lp = p;
17e2377a 381 }
5cd2c5b6
RH		 382
383 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
384 }
385
386 pd = *lp;
387 if (pd == NULL) {
388 if (!alloc) {
389 return NULL;
390 }
391 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
392 *lp = pd;
54936004 393 }
5cd2c5b6
RH		 394
395#undef ALLOC
5cd2c5b6
RH		 396
397 return pd + (index & (L2_SIZE - 1));
54936004
FB		 398}
399
41c1b1c9 400static inline PageDesc *page_find(tb_page_addr_t index)
54936004 401{
5cd2c5b6 402 return page_find_alloc(index, 0);
fd6ce8f6
FB		 403}
404
6d9a1304 405#if !defined(CONFIG_USER_ONLY)
5312bd8b 406static uint16_t *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 407{
4346ae3e
AK		 408 PhysPageEntry *lp, *p;
409 int i, j;
92e873b9 410
3eef53df 411 lp = &phys_map;
108c49b8 412
4346ae3e
AK		 413 /* Level 1..N. */
414 for (i = P_L2_LEVELS - 1; i >= 0; i--) {
415 if (lp->u.node == NULL) {
5cd2c5b6
RH		 416 if (!alloc) {
417 return NULL;
418 }
4346ae3e
AK		 419 lp->u.node = p = g_malloc0(sizeof(PhysPageEntry) * L2_SIZE);
420 if (i == 0) {
4346ae3e 421 for (j = 0; j < L2_SIZE; j++) {
5312bd8b 422 p[j].u.leaf = phys_section_unassigned;
4346ae3e
AK		 423 }
424 }
67c4d23c 425 }
4346ae3e 426 lp = &lp->u.node[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
92e873b9 427 }
5cd2c5b6 428
4346ae3e 429 return &lp->u.leaf;
92e873b9
FB		 430}
431
f1f6e3b8 432static inline PhysPageDesc phys_page_find(target_phys_addr_t index)
92e873b9 433{
5312bd8b
AK		 434 uint16_t *p = phys_page_find_alloc(index, 0);
435 uint16_t s_index = phys_section_unassigned;
436 MemoryRegionSection *section;
437 PhysPageDesc pd;
f1f6e3b8
AK		 438
439 if (p) {
5312bd8b
AK		 440 s_index = *p;
441 }
442 section = &phys_sections[s_index];
443 index <<= TARGET_PAGE_BITS;
444 assert(section->offset_within_address_space <= index
445 && index <= section->offset_within_address_space + section->size-1);
446 pd.phys_offset = section->mr->ram_addr;
447 pd.region_offset = (index - section->offset_within_address_space)
448 + section->offset_within_region;
449 if (memory_region_is_ram(section->mr)) {
450 pd.phys_offset += pd.region_offset;
451 pd.region_offset = 0;
452 } else if (section->mr->rom_device) {
453 pd.phys_offset += pd.region_offset;
f1f6e3b8 454 }
5312bd8b
AK		 455 if (section->readonly) {
456 pd.phys_offset |= io_mem_rom.ram_addr;
457 }
458 return pd;
92e873b9
FB		 459}
460
c227f099
AL		 461static void tlb_protect_code(ram_addr_t ram_addr);
462static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 463 target_ulong vaddr);
c8a706fe
PB		 464#define mmap_lock() do { } while(0)
465#define mmap_unlock() do { } while(0)
9fa3e853 466#endif
fd6ce8f6 467
4369415f
FB		 468#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
469
470#if defined(CONFIG_USER_ONLY)
ccbb4d44 471/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 472 user mode. It will change when a dedicated libc will be used */
473#define USE_STATIC_CODE_GEN_BUFFER
474#endif
475
476#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 477static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
478 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 479#endif
480
8fcd3692 481static void code_gen_alloc(unsigned long tb_size)
26a5f13b 482{
4369415f
FB		 483#ifdef USE_STATIC_CODE_GEN_BUFFER
484 code_gen_buffer = static_code_gen_buffer;
485 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
486 map_exec(code_gen_buffer, code_gen_buffer_size);
487#else
26a5f13b
FB		 488 code_gen_buffer_size = tb_size;
489 if (code_gen_buffer_size == 0) {
4369415f 490#if defined(CONFIG_USER_ONLY)
4369415f
FB		 491 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
492#else
ccbb4d44 493 /* XXX: needs adjustments */
94a6b54f 494 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 495#endif
26a5f13b
FB		 496 }
497 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
498 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
499 /* The code gen buffer location may have constraints depending on
500 the host cpu and OS */
501#if defined(__linux__)
502 {
503 int flags;
141ac468
BS		 504 void *start = NULL;
505
26a5f13b
FB		 506 flags = MAP_PRIVATE | MAP_ANONYMOUS;
507#if defined(__x86_64__)
508 flags |= MAP_32BIT;
509 /* Cannot map more than that */
510 if (code_gen_buffer_size > (800 * 1024 * 1024))
511 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 512#elif defined(__sparc_v9__)
513 // Map the buffer below 2G, so we can use direct calls and branches
514 flags |= MAP_FIXED;
515 start = (void *) 0x60000000UL;
516 if (code_gen_buffer_size > (512 * 1024 * 1024))
517 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 518#elif defined(__arm__)
5c84bd90 519 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 520 if (code_gen_buffer_size > 16 * 1024 * 1024)
521 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 522#elif defined(__s390x__)
523 /* Map the buffer so that we can use direct calls and branches. */
524 /* We have a +- 4GB range on the branches; leave some slop. */
525 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
526 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
527 }
528 start = (void *)0x90000000UL;
26a5f13b 529#endif
141ac468
BS		 530 code_gen_buffer = mmap(start, code_gen_buffer_size,
531 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 532 flags, -1, 0);
533 if (code_gen_buffer == MAP_FAILED) {
534 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
535 exit(1);
536 }
537 }
cbb608a5 538#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 539 || defined(__DragonFly__) || defined(__OpenBSD__) \
540 || defined(__NetBSD__)
06e67a82
AL		 541 {
542 int flags;
543 void *addr = NULL;
544 flags = MAP_PRIVATE | MAP_ANONYMOUS;
545#if defined(__x86_64__)
546 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
547 * 0x40000000 is free */
548 flags |= MAP_FIXED;
549 addr = (void *)0x40000000;
550 /* Cannot map more than that */
551 if (code_gen_buffer_size > (800 * 1024 * 1024))
552 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 553#elif defined(__sparc_v9__)
554 // Map the buffer below 2G, so we can use direct calls and branches
555 flags |= MAP_FIXED;
556 addr = (void *) 0x60000000UL;
557 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
558 code_gen_buffer_size = (512 * 1024 * 1024);
559 }
06e67a82
AL		 560#endif
561 code_gen_buffer = mmap(addr, code_gen_buffer_size,
562 PROT_WRITE | PROT_READ | PROT_EXEC,
563 flags, -1, 0);
564 if (code_gen_buffer == MAP_FAILED) {
565 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
566 exit(1);
567 }
568 }
26a5f13b 569#else
7267c094 570 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 571 map_exec(code_gen_buffer, code_gen_buffer_size);
572#endif
4369415f 573#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 574 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 575 code_gen_buffer_max_size = code_gen_buffer_size -
576 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 577 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 578 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 579}
580
581/* Must be called before using the QEMU cpus. 'tb_size' is the size
582 (in bytes) allocated to the translation buffer. Zero means default
583 size. */
d5ab9713 584void tcg_exec_init(unsigned long tb_size)
26a5f13b 585{
26a5f13b
FB		 586 cpu_gen_init();
587 code_gen_alloc(tb_size);
588 code_gen_ptr = code_gen_buffer;
4369415f 589 page_init();
9002ec79
RH		 590#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
591 /* There's no guest base to take into account, so go ahead and
592 initialize the prologue now. */
593 tcg_prologue_init(&tcg_ctx);
594#endif
26a5f13b
FB		 595}
596
d5ab9713
JK		 597bool tcg_enabled(void)
598{
599 return code_gen_buffer != NULL;
600}
601
602void cpu_exec_init_all(void)
603{
604#if !defined(CONFIG_USER_ONLY)
605 memory_map_init();
606 io_mem_init();
607#endif
608}
609
9656f324
PB		 610#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
611
e59fb374 612static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 613{
614 CPUState *env = opaque;
9656f324 615
3098dba0
AJ		 616 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
617 version_id is increased. */
618 env->interrupt_request &= ~0x01;
9656f324
PB		 619 tlb_flush(env, 1);
620
621 return 0;
622}
e7f4eff7
JQ		 623
624static const VMStateDescription vmstate_cpu_common = {
625 .name = "cpu_common",
626 .version_id = 1,
627 .minimum_version_id = 1,
628 .minimum_version_id_old = 1,
e7f4eff7
JQ		 629 .post_load = cpu_common_post_load,
630 .fields = (VMStateField []) {
631 VMSTATE_UINT32(halted, CPUState),
632 VMSTATE_UINT32(interrupt_request, CPUState),
633 VMSTATE_END_OF_LIST()
634 }
635};
9656f324
PB		 636#endif
637
950f1472
GC		 638CPUState *qemu_get_cpu(int cpu)
639{
640 CPUState *env = first_cpu;
641
642 while (env) {
643 if (env->cpu_index == cpu)
644 break;
645 env = env->next_cpu;
646 }
647
648 return env;
649}
650
6a00d601 651void cpu_exec_init(CPUState *env)
fd6ce8f6 652{
6a00d601
FB		 653 CPUState **penv;
654 int cpu_index;
655
c2764719
PB		 656#if defined(CONFIG_USER_ONLY)
657 cpu_list_lock();
658#endif
6a00d601
FB		 659 env->next_cpu = NULL;
660 penv = &first_cpu;
661 cpu_index = 0;
662 while (*penv != NULL) {
1e9fa730 663 penv = &(*penv)->next_cpu;
6a00d601
FB		 664 cpu_index++;
665 }
666 env->cpu_index = cpu_index;
268a362c 667 env->numa_node = 0;
72cf2d4f
BS		 668 QTAILQ_INIT(&env->breakpoints);
669 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 670#ifndef CONFIG_USER_ONLY
671 env->thread_id = qemu_get_thread_id();
672#endif
6a00d601 673 *penv = env;
c2764719
PB		 674#if defined(CONFIG_USER_ONLY)
675 cpu_list_unlock();
676#endif
b3c7724c 677#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 678 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
679 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 680 cpu_save, cpu_load, env);
681#endif
fd6ce8f6
FB		 682}
683
d1a1eb74
TG		 684/* Allocate a new translation block. Flush the translation buffer if
685 too many translation blocks or too much generated code. */
686static TranslationBlock *tb_alloc(target_ulong pc)
687{
688 TranslationBlock *tb;
689
690 if (nb_tbs >= code_gen_max_blocks ||
691 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
692 return NULL;
693 tb = &tbs[nb_tbs++];
694 tb->pc = pc;
695 tb->cflags = 0;
696 return tb;
697}
698
699void tb_free(TranslationBlock *tb)
700{
701 /* In practice this is mostly used for single use temporary TB
702 Ignore the hard cases and just back up if this TB happens to
703 be the last one generated. */
704 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
705 code_gen_ptr = tb->tc_ptr;
706 nb_tbs--;
707 }
708}
709
9fa3e853
FB		 710static inline void invalidate_page_bitmap(PageDesc *p)
711{
712 if (p->code_bitmap) {
7267c094 713 g_free(p->code_bitmap);
9fa3e853
FB		 714 p->code_bitmap = NULL;
715 }
716 p->code_write_count = 0;
717}
718
5cd2c5b6
RH		 719/* Set to NULL all the 'first_tb' fields in all PageDescs. */
720
721static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 722{
5cd2c5b6 723 int i;
fd6ce8f6 724
5cd2c5b6
RH		 725 if (*lp == NULL) {
726 return;
727 }
728 if (level == 0) {
729 PageDesc *pd = *lp;
7296abac 730 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 731 pd[i].first_tb = NULL;
732 invalidate_page_bitmap(pd + i);
fd6ce8f6 733 }
5cd2c5b6
RH		 734 } else {
735 void **pp = *lp;
7296abac 736 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 737 page_flush_tb_1 (level - 1, pp + i);
738 }
739 }
740}
741
742static void page_flush_tb(void)
743{
744 int i;
745 for (i = 0; i < V_L1_SIZE; i++) {
746 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 747 }
748}
749
750/* flush all the translation blocks */
d4e8164f 751/* XXX: tb_flush is currently not thread safe */
6a00d601 752void tb_flush(CPUState *env1)
fd6ce8f6 753{
6a00d601 754 CPUState *env;
0124311e 755#if defined(DEBUG_FLUSH)
ab3d1727
BS		 756 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
757 (unsigned long)(code_gen_ptr - code_gen_buffer),
758 nb_tbs, nb_tbs > 0 ?
759 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 760#endif
26a5f13b 761 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 762 cpu_abort(env1, "Internal error: code buffer overflow\n");
763
fd6ce8f6 764 nb_tbs = 0;
3b46e624 765
6a00d601
FB		 766 for(env = first_cpu; env != NULL; env = env->next_cpu) {
767 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
768 }
9fa3e853 769
8a8a608f 770 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 771 page_flush_tb();
9fa3e853 772
fd6ce8f6 773 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 774 /* XXX: flush processor icache at this point if cache flush is
775 expensive */
e3db7226 776 tb_flush_count++;
fd6ce8f6
FB		 777}
778
779#ifdef DEBUG_TB_CHECK
780
bc98a7ef 781static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 782{
783 TranslationBlock *tb;
784 int i;
785 address &= TARGET_PAGE_MASK;
99773bd4
PB		 786 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
787 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 788 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
789 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 790 printf("ERROR invalidate: address=" TARGET_FMT_lx
791 " PC=%08lx size=%04x\n",
99773bd4 792 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 793 }
794 }
795 }
796}
797
798/* verify that all the pages have correct rights for code */
799static void tb_page_check(void)
800{
801 TranslationBlock *tb;
802 int i, flags1, flags2;
3b46e624 803
99773bd4
PB		 804 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
805 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 806 flags1 = page_get_flags(tb->pc);
807 flags2 = page_get_flags(tb->pc + tb->size - 1);
808 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
809 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 810 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 811 }
812 }
813 }
814}
815
816#endif
817
818/* invalidate one TB */
819static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
820 int next_offset)
821{
822 TranslationBlock *tb1;
823 for(;;) {
824 tb1 = *ptb;
825 if (tb1 == tb) {
826 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
827 break;
828 }
829 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
830 }
831}
832
9fa3e853
FB		 833static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
834{
835 TranslationBlock *tb1;
836 unsigned int n1;
837
838 for(;;) {
839 tb1 = *ptb;
840 n1 = (long)tb1 & 3;
841 tb1 = (TranslationBlock *)((long)tb1 & ~3);
842 if (tb1 == tb) {
843 *ptb = tb1->page_next[n1];
844 break;
845 }
846 ptb = &tb1->page_next[n1];
847 }
848}
849
d4e8164f
FB		 850static inline void tb_jmp_remove(TranslationBlock *tb, int n)
851{
852 TranslationBlock *tb1, **ptb;
853 unsigned int n1;
854
855 ptb = &tb->jmp_next[n];
856 tb1 = *ptb;
857 if (tb1) {
858 /* find tb(n) in circular list */
859 for(;;) {
860 tb1 = *ptb;
861 n1 = (long)tb1 & 3;
862 tb1 = (TranslationBlock *)((long)tb1 & ~3);
863 if (n1 == n && tb1 == tb)
864 break;
865 if (n1 == 2) {
866 ptb = &tb1->jmp_first;
867 } else {
868 ptb = &tb1->jmp_next[n1];
869 }
870 }
871 /* now we can suppress tb(n) from the list */
872 *ptb = tb->jmp_next[n];
873
874 tb->jmp_next[n] = NULL;
875 }
876}
877
878/* reset the jump entry 'n' of a TB so that it is not chained to
879 another TB */
880static inline void tb_reset_jump(TranslationBlock *tb, int n)
881{
882 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
883}
884
41c1b1c9 885void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 886{
6a00d601 887 CPUState *env;
8a40a180 888 PageDesc *p;
d4e8164f 889 unsigned int h, n1;
41c1b1c9 890 tb_page_addr_t phys_pc;
8a40a180 891 TranslationBlock *tb1, *tb2;
3b46e624 892
8a40a180
FB		 893 /* remove the TB from the hash list */
894 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
895 h = tb_phys_hash_func(phys_pc);
5fafdf24 896 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 897 offsetof(TranslationBlock, phys_hash_next));
898
899 /* remove the TB from the page list */
900 if (tb->page_addr[0] != page_addr) {
901 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
902 tb_page_remove(&p->first_tb, tb);
903 invalidate_page_bitmap(p);
904 }
905 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
906 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
907 tb_page_remove(&p->first_tb, tb);
908 invalidate_page_bitmap(p);
909 }
910
36bdbe54 911 tb_invalidated_flag = 1;
59817ccb 912
fd6ce8f6 913 /* remove the TB from the hash list */
8a40a180 914 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 915 for(env = first_cpu; env != NULL; env = env->next_cpu) {
916 if (env->tb_jmp_cache[h] == tb)
917 env->tb_jmp_cache[h] = NULL;
918 }
d4e8164f
FB		 919
920 /* suppress this TB from the two jump lists */
921 tb_jmp_remove(tb, 0);
922 tb_jmp_remove(tb, 1);
923
924 /* suppress any remaining jumps to this TB */
925 tb1 = tb->jmp_first;
926 for(;;) {
927 n1 = (long)tb1 & 3;
928 if (n1 == 2)
929 break;
930 tb1 = (TranslationBlock *)((long)tb1 & ~3);
931 tb2 = tb1->jmp_next[n1];
932 tb_reset_jump(tb1, n1);
933 tb1->jmp_next[n1] = NULL;
934 tb1 = tb2;
935 }
936 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 937
e3db7226 938 tb_phys_invalidate_count++;
9fa3e853
FB		 939}
940
941static inline void set_bits(uint8_t *tab, int start, int len)
942{
943 int end, mask, end1;
944
945 end = start + len;
946 tab += start >> 3;
947 mask = 0xff << (start & 7);
948 if ((start & ~7) == (end & ~7)) {
949 if (start < end) {
950 mask &= ~(0xff << (end & 7));
951 *tab |= mask;
952 }
953 } else {
954 *tab++ |= mask;
955 start = (start + 8) & ~7;
956 end1 = end & ~7;
957 while (start < end1) {
958 *tab++ = 0xff;
959 start += 8;
960 }
961 if (start < end) {
962 mask = ~(0xff << (end & 7));
963 *tab |= mask;
964 }
965 }
966}
967
968static void build_page_bitmap(PageDesc *p)
969{
970 int n, tb_start, tb_end;
971 TranslationBlock *tb;
3b46e624 972
7267c094 973 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 974
975 tb = p->first_tb;
976 while (tb != NULL) {
977 n = (long)tb & 3;
978 tb = (TranslationBlock *)((long)tb & ~3);
979 /* NOTE: this is subtle as a TB may span two physical pages */
980 if (n == 0) {
981 /* NOTE: tb_end may be after the end of the page, but
982 it is not a problem */
983 tb_start = tb->pc & ~TARGET_PAGE_MASK;
984 tb_end = tb_start + tb->size;
985 if (tb_end > TARGET_PAGE_SIZE)
986 tb_end = TARGET_PAGE_SIZE;
987 } else {
988 tb_start = 0;
989 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
990 }
991 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
992 tb = tb->page_next[n];
993 }
994}
995
2e70f6ef
PB		 996TranslationBlock *tb_gen_code(CPUState *env,
997 target_ulong pc, target_ulong cs_base,
998 int flags, int cflags)
d720b93d
FB		 999{
1000 TranslationBlock *tb;
1001 uint8_t *tc_ptr;
41c1b1c9
PB		 1002 tb_page_addr_t phys_pc, phys_page2;
1003 target_ulong virt_page2;
d720b93d
FB		 1004 int code_gen_size;
1005
41c1b1c9 1006 phys_pc = get_page_addr_code(env, pc);
c27004ec 1007 tb = tb_alloc(pc);
d720b93d
FB		 1008 if (!tb) {
1009 /* flush must be done */
1010 tb_flush(env);
1011 /* cannot fail at this point */
c27004ec 1012 tb = tb_alloc(pc);
2e70f6ef
PB		 1013 /* Don't forget to invalidate previous TB info. */
1014 tb_invalidated_flag = 1;
d720b93d
FB		 1015 }
1016 tc_ptr = code_gen_ptr;
1017 tb->tc_ptr = tc_ptr;
1018 tb->cs_base = cs_base;
1019 tb->flags = flags;
1020 tb->cflags = cflags;
d07bde88 1021 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1022 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1023
d720b93d 1024 /* check next page if needed */
c27004ec 1025 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1026 phys_page2 = -1;
c27004ec 1027 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1028 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1029 }
41c1b1c9 1030 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1031 return tb;
d720b93d 1032}
3b46e624 1033
9fa3e853
FB		 1034/* invalidate all TBs which intersect with the target physical page
1035 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1036 the same physical page. 'is_cpu_write_access' should be true if called
1037 from a real cpu write access: the virtual CPU will exit the current
1038 TB if code is modified inside this TB. */
41c1b1c9 1039void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1040 int is_cpu_write_access)
1041{
6b917547 1042 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1043 CPUState *env = cpu_single_env;
41c1b1c9 1044 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1045 PageDesc *p;
1046 int n;
1047#ifdef TARGET_HAS_PRECISE_SMC
1048 int current_tb_not_found = is_cpu_write_access;
1049 TranslationBlock *current_tb = NULL;
1050 int current_tb_modified = 0;
1051 target_ulong current_pc = 0;
1052 target_ulong current_cs_base = 0;
1053 int current_flags = 0;
1054#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1055
1056 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1057 if (!p)
9fa3e853 1058 return;
5fafdf24 1059 if (!p->code_bitmap &&
d720b93d
FB		 1060 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1061 is_cpu_write_access) {
9fa3e853
FB		 1062 /* build code bitmap */
1063 build_page_bitmap(p);
1064 }
1065
1066 /* we remove all the TBs in the range [start, end[ */
1067 /* XXX: see if in some cases it could be faster to invalidate all the code */
1068 tb = p->first_tb;
1069 while (tb != NULL) {
1070 n = (long)tb & 3;
1071 tb = (TranslationBlock *)((long)tb & ~3);
1072 tb_next = tb->page_next[n];
1073 /* NOTE: this is subtle as a TB may span two physical pages */
1074 if (n == 0) {
1075 /* NOTE: tb_end may be after the end of the page, but
1076 it is not a problem */
1077 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1078 tb_end = tb_start + tb->size;
1079 } else {
1080 tb_start = tb->page_addr[1];
1081 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1082 }
1083 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1084#ifdef TARGET_HAS_PRECISE_SMC
1085 if (current_tb_not_found) {
1086 current_tb_not_found = 0;
1087 current_tb = NULL;
2e70f6ef 1088 if (env->mem_io_pc) {
d720b93d 1089 /* now we have a real cpu fault */
2e70f6ef 1090 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1091 }
1092 }
1093 if (current_tb == tb &&
2e70f6ef 1094 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1095 /* If we are modifying the current TB, we must stop
1096 its execution. We could be more precise by checking
1097 that the modification is after the current PC, but it
1098 would require a specialized function to partially
1099 restore the CPU state */
3b46e624 1100
d720b93d 1101 current_tb_modified = 1;
618ba8e6 1102 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1103 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1104 &current_flags);
d720b93d
FB		 1105 }
1106#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1107 /* we need to do that to handle the case where a signal
1108 occurs while doing tb_phys_invalidate() */
1109 saved_tb = NULL;
1110 if (env) {
1111 saved_tb = env->current_tb;
1112 env->current_tb = NULL;
1113 }
9fa3e853 1114 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1115 if (env) {
1116 env->current_tb = saved_tb;
1117 if (env->interrupt_request && env->current_tb)
1118 cpu_interrupt(env, env->interrupt_request);
1119 }
9fa3e853
FB		 1120 }
1121 tb = tb_next;
1122 }
1123#if !defined(CONFIG_USER_ONLY)
1124 /* if no code remaining, no need to continue to use slow writes */
1125 if (!p->first_tb) {
1126 invalidate_page_bitmap(p);
d720b93d 1127 if (is_cpu_write_access) {
2e70f6ef 1128 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1129 }
1130 }
1131#endif
1132#ifdef TARGET_HAS_PRECISE_SMC
1133 if (current_tb_modified) {
1134 /* we generate a block containing just the instruction
1135 modifying the memory. It will ensure that it cannot modify
1136 itself */
ea1c1802 1137 env->current_tb = NULL;
2e70f6ef 1138 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1139 cpu_resume_from_signal(env, NULL);
9fa3e853 1140 }
fd6ce8f6 1141#endif
9fa3e853 1142}
fd6ce8f6 1143
9fa3e853 1144/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1145static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1146{
1147 PageDesc *p;
1148 int offset, b;
59817ccb 1149#if 0
a4193c8a 1150 if (1) {
93fcfe39
AL		 1151 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1152 cpu_single_env->mem_io_vaddr, len,
1153 cpu_single_env->eip,
1154 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1155 }
1156#endif
9fa3e853 1157 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1158 if (!p)
9fa3e853
FB		 1159 return;
1160 if (p->code_bitmap) {
1161 offset = start & ~TARGET_PAGE_MASK;
1162 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1163 if (b & ((1 << len) - 1))
1164 goto do_invalidate;
1165 } else {
1166 do_invalidate:
d720b93d 1167 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1168 }
1169}
1170
9fa3e853 1171#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1172static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1173 unsigned long pc, void *puc)
9fa3e853 1174{
6b917547 1175 TranslationBlock *tb;
9fa3e853 1176 PageDesc *p;
6b917547 1177 int n;
d720b93d 1178#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1179 TranslationBlock *current_tb = NULL;
d720b93d 1180 CPUState *env = cpu_single_env;
6b917547
AL		 1181 int current_tb_modified = 0;
1182 target_ulong current_pc = 0;
1183 target_ulong current_cs_base = 0;
1184 int current_flags = 0;
d720b93d 1185#endif
9fa3e853
FB		 1186
1187 addr &= TARGET_PAGE_MASK;
1188 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1189 if (!p)
9fa3e853
FB		 1190 return;
1191 tb = p->first_tb;
d720b93d
FB		 1192#ifdef TARGET_HAS_PRECISE_SMC
1193 if (tb && pc != 0) {
1194 current_tb = tb_find_pc(pc);
1195 }
1196#endif
9fa3e853
FB		 1197 while (tb != NULL) {
1198 n = (long)tb & 3;
1199 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1200#ifdef TARGET_HAS_PRECISE_SMC
1201 if (current_tb == tb &&
2e70f6ef 1202 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1203 /* If we are modifying the current TB, we must stop
1204 its execution. We could be more precise by checking
1205 that the modification is after the current PC, but it
1206 would require a specialized function to partially
1207 restore the CPU state */
3b46e624 1208
d720b93d 1209 current_tb_modified = 1;
618ba8e6 1210 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1211 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1212 &current_flags);
d720b93d
FB		 1213 }
1214#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1215 tb_phys_invalidate(tb, addr);
1216 tb = tb->page_next[n];
1217 }
fd6ce8f6 1218 p->first_tb = NULL;
d720b93d
FB		 1219#ifdef TARGET_HAS_PRECISE_SMC
1220 if (current_tb_modified) {
1221 /* we generate a block containing just the instruction
1222 modifying the memory. It will ensure that it cannot modify
1223 itself */
ea1c1802 1224 env->current_tb = NULL;
2e70f6ef 1225 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1226 cpu_resume_from_signal(env, puc);
1227 }
1228#endif
fd6ce8f6 1229}
9fa3e853 1230#endif
fd6ce8f6
FB		 1231
1232/* add the tb in the target page and protect it if necessary */
5fafdf24 1233static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1234 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1235{
1236 PageDesc *p;
4429ab44
JQ		 1237#ifndef CONFIG_USER_ONLY
1238 bool page_already_protected;
1239#endif
9fa3e853
FB		 1240
1241 tb->page_addr[n] = page_addr;
5cd2c5b6 1242 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1243 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1244#ifndef CONFIG_USER_ONLY
1245 page_already_protected = p->first_tb != NULL;
1246#endif
9fa3e853
FB		 1247 p->first_tb = (TranslationBlock *)((long)tb | n);
1248 invalidate_page_bitmap(p);
fd6ce8f6 1249
107db443 1250#if defined(TARGET_HAS_SMC) || 1
d720b93d 1251
9fa3e853 1252#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1253 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1254 target_ulong addr;
1255 PageDesc *p2;
9fa3e853
FB		 1256 int prot;
1257
fd6ce8f6
FB		 1258 /* force the host page as non writable (writes will have a
1259 page fault + mprotect overhead) */
53a5960a 1260 page_addr &= qemu_host_page_mask;
fd6ce8f6 1261 prot = 0;
53a5960a
PB		 1262 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1263 addr += TARGET_PAGE_SIZE) {
1264
1265 p2 = page_find (addr >> TARGET_PAGE_BITS);
1266 if (!p2)
1267 continue;
1268 prot |= p2->flags;
1269 p2->flags &= ~PAGE_WRITE;
53a5960a 1270 }
5fafdf24 1271 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1272 (prot & PAGE_BITS) & ~PAGE_WRITE);
1273#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1274 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1275 page_addr);
fd6ce8f6 1276#endif
fd6ce8f6 1277 }
9fa3e853
FB		 1278#else
1279 /* if some code is already present, then the pages are already
1280 protected. So we handle the case where only the first TB is
1281 allocated in a physical page */
4429ab44 1282 if (!page_already_protected) {
6a00d601 1283 tlb_protect_code(page_addr);
9fa3e853
FB		 1284 }
1285#endif
d720b93d
FB		 1286
1287#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1288}
1289
9fa3e853
FB		 1290/* add a new TB and link it to the physical page tables. phys_page2 is
1291 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1292void tb_link_page(TranslationBlock *tb,
1293 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1294{
9fa3e853
FB		 1295 unsigned int h;
1296 TranslationBlock **ptb;
1297
c8a706fe
PB		 1298 /* Grab the mmap lock to stop another thread invalidating this TB
1299 before we are done. */
1300 mmap_lock();
9fa3e853
FB		 1301 /* add in the physical hash table */
1302 h = tb_phys_hash_func(phys_pc);
1303 ptb = &tb_phys_hash[h];
1304 tb->phys_hash_next = *ptb;
1305 *ptb = tb;
fd6ce8f6
FB		 1306
1307 /* add in the page list */
9fa3e853
FB		 1308 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1309 if (phys_page2 != -1)
1310 tb_alloc_page(tb, 1, phys_page2);
1311 else
1312 tb->page_addr[1] = -1;
9fa3e853 1313
d4e8164f
FB		 1314 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1315 tb->jmp_next[0] = NULL;
1316 tb->jmp_next[1] = NULL;
1317
1318 /* init original jump addresses */
1319 if (tb->tb_next_offset[0] != 0xffff)
1320 tb_reset_jump(tb, 0);
1321 if (tb->tb_next_offset[1] != 0xffff)
1322 tb_reset_jump(tb, 1);
8a40a180
FB		 1323
1324#ifdef DEBUG_TB_CHECK
1325 tb_page_check();
1326#endif
c8a706fe 1327 mmap_unlock();
fd6ce8f6
FB		 1328}
1329
9fa3e853
FB		 1330/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1331 tb[1].tc_ptr. Return NULL if not found */
1332TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1333{
9fa3e853
FB		 1334 int m_min, m_max, m;
1335 unsigned long v;
1336 TranslationBlock *tb;
a513fe19
FB		 1337
1338 if (nb_tbs <= 0)
1339 return NULL;
1340 if (tc_ptr < (unsigned long)code_gen_buffer ||
1341 tc_ptr >= (unsigned long)code_gen_ptr)
1342 return NULL;
1343 /* binary search (cf Knuth) */
1344 m_min = 0;
1345 m_max = nb_tbs - 1;
1346 while (m_min <= m_max) {
1347 m = (m_min + m_max) >> 1;
1348 tb = &tbs[m];
1349 v = (unsigned long)tb->tc_ptr;
1350 if (v == tc_ptr)
1351 return tb;
1352 else if (tc_ptr < v) {
1353 m_max = m - 1;
1354 } else {
1355 m_min = m + 1;
1356 }
5fafdf24 1357 }
a513fe19
FB		 1358 return &tbs[m_max];
1359}
7501267e 1360
ea041c0e
FB		 1361static void tb_reset_jump_recursive(TranslationBlock *tb);
1362
1363static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1364{
1365 TranslationBlock *tb1, *tb_next, **ptb;
1366 unsigned int n1;
1367
1368 tb1 = tb->jmp_next[n];
1369 if (tb1 != NULL) {
1370 /* find head of list */
1371 for(;;) {
1372 n1 = (long)tb1 & 3;
1373 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1374 if (n1 == 2)
1375 break;
1376 tb1 = tb1->jmp_next[n1];
1377 }
1378 /* we are now sure now that tb jumps to tb1 */
1379 tb_next = tb1;
1380
1381 /* remove tb from the jmp_first list */
1382 ptb = &tb_next->jmp_first;
1383 for(;;) {
1384 tb1 = *ptb;
1385 n1 = (long)tb1 & 3;
1386 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1387 if (n1 == n && tb1 == tb)
1388 break;
1389 ptb = &tb1->jmp_next[n1];
1390 }
1391 *ptb = tb->jmp_next[n];
1392 tb->jmp_next[n] = NULL;
3b46e624 1393
ea041c0e
FB		 1394 /* suppress the jump to next tb in generated code */
1395 tb_reset_jump(tb, n);
1396
0124311e 1397 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1398 tb_reset_jump_recursive(tb_next);
1399 }
1400}
1401
1402static void tb_reset_jump_recursive(TranslationBlock *tb)
1403{
1404 tb_reset_jump_recursive2(tb, 0);
1405 tb_reset_jump_recursive2(tb, 1);
1406}
1407
1fddef4b 1408#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1409#if defined(CONFIG_USER_ONLY)
1410static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1411{
1412 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1413}
1414#else
d720b93d
FB		 1415static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1416{
c227f099 1417 target_phys_addr_t addr;
9b3c35e0 1418 target_ulong pd;
c227f099 1419 ram_addr_t ram_addr;
f1f6e3b8 1420 PhysPageDesc p;
d720b93d 1421
c2f07f81
PB		 1422 addr = cpu_get_phys_page_debug(env, pc);
1423 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 1424 pd = p.phys_offset;
c2f07f81 1425 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1426 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1427}
c27004ec 1428#endif
94df27fd 1429#endif /* TARGET_HAS_ICE */
d720b93d 1430
c527ee8f
PB		 1431#if defined(CONFIG_USER_ONLY)
1432void cpu_watchpoint_remove_all(CPUState *env, int mask)
1433
1434{
1435}
1436
1437int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1438 int flags, CPUWatchpoint **watchpoint)
1439{
1440 return -ENOSYS;
1441}
1442#else
6658ffb8 1443/* Add a watchpoint. */
a1d1bb31
AL		 1444int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1445 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1446{
b4051334 1447 target_ulong len_mask = ~(len - 1);
c0ce998e 1448 CPUWatchpoint *wp;
6658ffb8 1449
b4051334
AL		 1450 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1451 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1452 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1453 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1454 return -EINVAL;
1455 }
7267c094 1456 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1457
1458 wp->vaddr = addr;
b4051334 1459 wp->len_mask = len_mask;
a1d1bb31
AL		 1460 wp->flags = flags;
1461
2dc9f411 1462 /* keep all GDB-injected watchpoints in front */
c0ce998e 1463 if (flags & BP_GDB)
72cf2d4f 1464 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1465 else
72cf2d4f 1466 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1467
6658ffb8 1468 tlb_flush_page(env, addr);
a1d1bb31
AL		 1469
1470 if (watchpoint)
1471 *watchpoint = wp;
1472 return 0;
6658ffb8
PB		 1473}
1474
a1d1bb31
AL		 1475/* Remove a specific watchpoint. */
1476int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1477 int flags)
6658ffb8 1478{
b4051334 1479 target_ulong len_mask = ~(len - 1);
a1d1bb31 1480 CPUWatchpoint *wp;
6658ffb8 1481
72cf2d4f 1482 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1483 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1484 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1485 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1486 return 0;
1487 }
1488 }
a1d1bb31 1489 return -ENOENT;
6658ffb8
PB		 1490}
1491
a1d1bb31
AL		 1492/* Remove a specific watchpoint by reference. */
1493void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1494{
72cf2d4f 1495 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1496
a1d1bb31
AL		 1497 tlb_flush_page(env, watchpoint->vaddr);
1498
7267c094 1499 g_free(watchpoint);
a1d1bb31
AL		 1500}
1501
1502/* Remove all matching watchpoints. */
1503void cpu_watchpoint_remove_all(CPUState *env, int mask)
1504{
c0ce998e 1505 CPUWatchpoint *wp, *next;
a1d1bb31 1506
72cf2d4f 1507 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1508 if (wp->flags & mask)
1509 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1510 }
7d03f82f 1511}
c527ee8f 1512#endif
7d03f82f 1513
a1d1bb31
AL		 1514/* Add a breakpoint. */
1515int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1516 CPUBreakpoint **breakpoint)
4c3a88a2 1517{
1fddef4b 1518#if defined(TARGET_HAS_ICE)
c0ce998e 1519 CPUBreakpoint *bp;
3b46e624 1520
7267c094 1521 bp = g_malloc(sizeof(*bp));
4c3a88a2 1522
a1d1bb31
AL		 1523 bp->pc = pc;
1524 bp->flags = flags;
1525
2dc9f411 1526 /* keep all GDB-injected breakpoints in front */
c0ce998e 1527 if (flags & BP_GDB)
72cf2d4f 1528 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1529 else
72cf2d4f 1530 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1531
d720b93d 1532 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1533
1534 if (breakpoint)
1535 *breakpoint = bp;
4c3a88a2
FB		 1536 return 0;
1537#else
a1d1bb31 1538 return -ENOSYS;
4c3a88a2
FB		 1539#endif
1540}
1541
a1d1bb31
AL		 1542/* Remove a specific breakpoint. */
1543int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1544{
7d03f82f 1545#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1546 CPUBreakpoint *bp;
1547
72cf2d4f 1548 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1549 if (bp->pc == pc && bp->flags == flags) {
1550 cpu_breakpoint_remove_by_ref(env, bp);
1551 return 0;
1552 }
7d03f82f 1553 }
a1d1bb31
AL		 1554 return -ENOENT;
1555#else
1556 return -ENOSYS;
7d03f82f
EI		 1557#endif
1558}
1559
a1d1bb31
AL		 1560/* Remove a specific breakpoint by reference. */
1561void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1562{
1fddef4b 1563#if defined(TARGET_HAS_ICE)
72cf2d4f 1564 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1565
a1d1bb31
AL		 1566 breakpoint_invalidate(env, breakpoint->pc);
1567
7267c094 1568 g_free(breakpoint);
a1d1bb31
AL		 1569#endif
1570}
1571
1572/* Remove all matching breakpoints. */
1573void cpu_breakpoint_remove_all(CPUState *env, int mask)
1574{
1575#if defined(TARGET_HAS_ICE)
c0ce998e 1576 CPUBreakpoint *bp, *next;
a1d1bb31 1577
72cf2d4f 1578 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1579 if (bp->flags & mask)
1580 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1581 }
4c3a88a2
FB		 1582#endif
1583}
1584
c33a346e
FB		 1585/* enable or disable single step mode. EXCP_DEBUG is returned by the
1586 CPU loop after each instruction */
1587void cpu_single_step(CPUState *env, int enabled)
1588{
1fddef4b 1589#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1590 if (env->singlestep_enabled != enabled) {
1591 env->singlestep_enabled = enabled;
e22a25c9
AL		 1592 if (kvm_enabled())
1593 kvm_update_guest_debug(env, 0);
1594 else {
ccbb4d44 1595 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1596 /* XXX: only flush what is necessary */
1597 tb_flush(env);
1598 }
c33a346e
FB		 1599 }
1600#endif
1601}
1602
34865134
FB		 1603/* enable or disable low levels log */
1604void cpu_set_log(int log_flags)
1605{
1606 loglevel = log_flags;
1607 if (loglevel && !logfile) {
11fcfab4 1608 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1609 if (!logfile) {
1610 perror(logfilename);
1611 _exit(1);
1612 }
9fa3e853
FB		 1613#if !defined(CONFIG_SOFTMMU)
1614 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1615 {
b55266b5 1616 static char logfile_buf[4096];
9fa3e853
FB		 1617 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1618 }
daf767b1
SW		 1619#elif defined(_WIN32)
1620 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1621 setvbuf(logfile, NULL, _IONBF, 0);
1622#else
34865134 1623 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1624#endif
e735b91c
PB		 1625 log_append = 1;
1626 }
1627 if (!loglevel && logfile) {
1628 fclose(logfile);
1629 logfile = NULL;
34865134
FB		 1630 }
1631}
1632
1633void cpu_set_log_filename(const char *filename)
1634{
1635 logfilename = strdup(filename);
e735b91c
PB		 1636 if (logfile) {
1637 fclose(logfile);
1638 logfile = NULL;
1639 }
1640 cpu_set_log(loglevel);
34865134 1641}
c33a346e 1642
3098dba0 1643static void cpu_unlink_tb(CPUState *env)
ea041c0e 1644{
3098dba0
AJ		 1645 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1646 problem and hope the cpu will stop of its own accord. For userspace
1647 emulation this often isn't actually as bad as it sounds. Often
1648 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1649 TranslationBlock *tb;
c227f099 1650 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1651
cab1b4bd 1652 spin_lock(&interrupt_lock);
3098dba0
AJ		 1653 tb = env->current_tb;
1654 /* if the cpu is currently executing code, we must unlink it and
1655 all the potentially executing TB */
f76cfe56 1656 if (tb) {
3098dba0
AJ		 1657 env->current_tb = NULL;
1658 tb_reset_jump_recursive(tb);
be214e6c 1659 }
cab1b4bd 1660 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1661}
1662
97ffbd8d 1663#ifndef CONFIG_USER_ONLY
3098dba0 1664/* mask must never be zero, except for A20 change call */
ec6959d0 1665static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1666{
1667 int old_mask;
be214e6c 1668
2e70f6ef 1669 old_mask = env->interrupt_request;
68a79315 1670 env->interrupt_request |= mask;
3098dba0 1671
8edac960
AL		 1672 /*
1673 * If called from iothread context, wake the target cpu in
1674 * case its halted.
1675 */
b7680cb6 1676 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1677 qemu_cpu_kick(env);
1678 return;
1679 }
8edac960 1680
2e70f6ef 1681 if (use_icount) {
266910c4 1682 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1683 if (!can_do_io(env)
be214e6c 1684 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1685 cpu_abort(env, "Raised interrupt while not in I/O function");
1686 }
2e70f6ef 1687 } else {
3098dba0 1688 cpu_unlink_tb(env);
ea041c0e
FB		 1689 }
1690}
1691
ec6959d0
JK		 1692CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1693
97ffbd8d
JK		 1694#else /* CONFIG_USER_ONLY */
1695
1696void cpu_interrupt(CPUState *env, int mask)
1697{
1698 env->interrupt_request |= mask;
1699 cpu_unlink_tb(env);
1700}
1701#endif /* CONFIG_USER_ONLY */
1702
b54ad049
FB		 1703void cpu_reset_interrupt(CPUState *env, int mask)
1704{
1705 env->interrupt_request &= ~mask;
1706}
1707
3098dba0
AJ		 1708void cpu_exit(CPUState *env)
1709{
1710 env->exit_request = 1;
1711 cpu_unlink_tb(env);
1712}
1713
c7cd6a37 1714const CPULogItem cpu_log_items[] = {
5fafdf24 1715 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1716 "show generated host assembly code for each compiled TB" },
1717 { CPU_LOG_TB_IN_ASM, "in_asm",
1718 "show target assembly code for each compiled TB" },
5fafdf24 1719 { CPU_LOG_TB_OP, "op",
57fec1fe 1720 "show micro ops for each compiled TB" },
f193c797 1721 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1722 "show micro ops "
1723#ifdef TARGET_I386
1724 "before eflags optimization and "
f193c797 1725#endif
e01a1157 1726 "after liveness analysis" },
f193c797
FB		 1727 { CPU_LOG_INT, "int",
1728 "show interrupts/exceptions in short format" },
1729 { CPU_LOG_EXEC, "exec",
1730 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1731 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1732 "show CPU state before block translation" },
f193c797
FB		 1733#ifdef TARGET_I386
1734 { CPU_LOG_PCALL, "pcall",
1735 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1736 { CPU_LOG_RESET, "cpu_reset",
1737 "show CPU state before CPU resets" },
f193c797 1738#endif
8e3a9fd2 1739#ifdef DEBUG_IOPORT
fd872598
FB		 1740 { CPU_LOG_IOPORT, "ioport",
1741 "show all i/o ports accesses" },
8e3a9fd2 1742#endif
f193c797
FB		 1743 { 0, NULL, NULL },
1744};
1745
1746static int cmp1(const char *s1, int n, const char *s2)
1747{
1748 if (strlen(s2) != n)
1749 return 0;
1750 return memcmp(s1, s2, n) == 0;
1751}
3b46e624 1752
f193c797
FB		 1753/* takes a comma separated list of log masks. Return 0 if error. */
1754int cpu_str_to_log_mask(const char *str)
1755{
c7cd6a37 1756 const CPULogItem *item;
f193c797
FB		 1757 int mask;
1758 const char *p, *p1;
1759
1760 p = str;
1761 mask = 0;
1762 for(;;) {
1763 p1 = strchr(p, ',');
1764 if (!p1)
1765 p1 = p + strlen(p);
9742bf26
YT		 1766 if(cmp1(p,p1-p,"all")) {
1767 for(item = cpu_log_items; item->mask != 0; item++) {
1768 mask |= item->mask;
1769 }
1770 } else {
1771 for(item = cpu_log_items; item->mask != 0; item++) {
1772 if (cmp1(p, p1 - p, item->name))
1773 goto found;
1774 }
1775 return 0;
f193c797 1776 }
f193c797
FB		 1777 found:
1778 mask |= item->mask;
1779 if (*p1 != ',')
1780 break;
1781 p = p1 + 1;
1782 }
1783 return mask;
1784}
ea041c0e 1785
7501267e
FB		 1786void cpu_abort(CPUState *env, const char *fmt, ...)
1787{
1788 va_list ap;
493ae1f0 1789 va_list ap2;
7501267e
FB		 1790
1791 va_start(ap, fmt);
493ae1f0 1792 va_copy(ap2, ap);
7501267e
FB		 1793 fprintf(stderr, "qemu: fatal: ");
1794 vfprintf(stderr, fmt, ap);
1795 fprintf(stderr, "\n");
1796#ifdef TARGET_I386
7fe48483
FB		 1797 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1798#else
1799 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1800#endif
93fcfe39
AL		 1801 if (qemu_log_enabled()) {
1802 qemu_log("qemu: fatal: ");
1803 qemu_log_vprintf(fmt, ap2);
1804 qemu_log("\n");
f9373291 1805#ifdef TARGET_I386
93fcfe39 1806 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1807#else
93fcfe39 1808 log_cpu_state(env, 0);
f9373291 1809#endif
31b1a7b4 1810 qemu_log_flush();
93fcfe39 1811 qemu_log_close();
924edcae 1812 }
493ae1f0 1813 va_end(ap2);
f9373291 1814 va_end(ap);
fd052bf6
RV		 1815#if defined(CONFIG_USER_ONLY)
1816 {
1817 struct sigaction act;
1818 sigfillset(&act.sa_mask);
1819 act.sa_handler = SIG_DFL;
1820 sigaction(SIGABRT, &act, NULL);
1821 }
1822#endif
7501267e
FB		 1823 abort();
1824}
1825
c5be9f08
TS		 1826CPUState *cpu_copy(CPUState *env)
1827{
01ba9816 1828 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1829 CPUState *next_cpu = new_env->next_cpu;
1830 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1831#if defined(TARGET_HAS_ICE)
1832 CPUBreakpoint *bp;
1833 CPUWatchpoint *wp;
1834#endif
1835
c5be9f08 1836 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1837
1838 /* Preserve chaining and index. */
c5be9f08
TS		 1839 new_env->next_cpu = next_cpu;
1840 new_env->cpu_index = cpu_index;
5a38f081
AL		 1841
1842 /* Clone all break/watchpoints.
1843 Note: Once we support ptrace with hw-debug register access, make sure
1844 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1845 QTAILQ_INIT(&env->breakpoints);
1846 QTAILQ_INIT(&env->watchpoints);
5a38f081 1847#if defined(TARGET_HAS_ICE)
72cf2d4f 1848 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1849 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1850 }
72cf2d4f 1851 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1852 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1853 wp->flags, NULL);
1854 }
1855#endif
1856
c5be9f08
TS		 1857 return new_env;
1858}
1859
0124311e
FB		 1860#if !defined(CONFIG_USER_ONLY)
1861
5c751e99
EI		 1862static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1863{
1864 unsigned int i;
1865
1866 /* Discard jump cache entries for any tb which might potentially
1867 overlap the flushed page. */
1868 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1869 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1870 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1871
1872 i = tb_jmp_cache_hash_page(addr);
1873 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1874 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1875}
1876
08738984
IK		 1877static CPUTLBEntry s_cputlb_empty_entry = {
1878 .addr_read = -1,
1879 .addr_write = -1,
1880 .addr_code = -1,
1881 .addend = -1,
1882};
1883
771124e1
PM		 1884/* NOTE:
1885 * If flush_global is true (the usual case), flush all tlb entries.
1886 * If flush_global is false, flush (at least) all tlb entries not
1887 * marked global.
1888 *
1889 * Since QEMU doesn't currently implement a global/not-global flag
1890 * for tlb entries, at the moment tlb_flush() will also flush all
1891 * tlb entries in the flush_global == false case. This is OK because
1892 * CPU architectures generally permit an implementation to drop
1893 * entries from the TLB at any time, so flushing more entries than
1894 * required is only an efficiency issue, not a correctness issue.
1895 */
ee8b7021 1896void tlb_flush(CPUState *env, int flush_global)
33417e70 1897{
33417e70 1898 int i;
0124311e 1899
9fa3e853
FB		 1900#if defined(DEBUG_TLB)
1901 printf("tlb_flush:\n");
1902#endif
0124311e
FB		 1903 /* must reset current TB so that interrupts cannot modify the
1904 links while we are modifying them */
1905 env->current_tb = NULL;
1906
33417e70 1907 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1908 int mmu_idx;
1909 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1910 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1911 }
33417e70 1912 }
9fa3e853 1913
8a40a180 1914 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1915
d4c430a8
PB		 1916 env->tlb_flush_addr = -1;
1917 env->tlb_flush_mask = 0;
e3db7226 1918 tlb_flush_count++;
33417e70
FB		 1919}
1920
274da6b2 1921static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1922{
5fafdf24 1923 if (addr == (tlb_entry->addr_read &
84b7b8e7 1924 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1925 addr == (tlb_entry->addr_write &
84b7b8e7 1926 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1927 addr == (tlb_entry->addr_code &
84b7b8e7 1928 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1929 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1930 }
61382a50
FB		 1931}
1932
2e12669a 1933void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1934{
8a40a180 1935 int i;
cfde4bd9 1936 int mmu_idx;
0124311e 1937
9fa3e853 1938#if defined(DEBUG_TLB)
108c49b8 1939 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1940#endif
d4c430a8
PB		 1941 /* Check if we need to flush due to large pages. */
1942 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1943#if defined(DEBUG_TLB)
1944 printf("tlb_flush_page: forced full flush ("
1945 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1946 env->tlb_flush_addr, env->tlb_flush_mask);
1947#endif
1948 tlb_flush(env, 1);
1949 return;
1950 }
0124311e
FB		 1951 /* must reset current TB so that interrupts cannot modify the
1952 links while we are modifying them */
1953 env->current_tb = NULL;
61382a50
FB		 1954
1955 addr &= TARGET_PAGE_MASK;
1956 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 1957 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1958 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 1959
5c751e99 1960 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 1961}
1962
9fa3e853
FB		 1963/* update the TLBs so that writes to code in the virtual page 'addr'
1964 can be detected */
c227f099 1965static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 1966{
5fafdf24 1967 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 1968 ram_addr + TARGET_PAGE_SIZE,
1969 CODE_DIRTY_FLAG);
9fa3e853
FB		 1970}
1971
9fa3e853 1972/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 1973 tested for self modifying code */
c227f099 1974static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 1975 target_ulong vaddr)
9fa3e853 1976{
f7c11b53 1977 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 1978}
1979
5fafdf24 1980static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 1981 unsigned long start, unsigned long length)
1982{
1983 unsigned long addr;
0e0df1e2 1984 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 1985 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 1986 if ((addr - start) < length) {
0f459d16 1987 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 1988 }
1989 }
1990}
1991
5579c7f3 1992/* Note: start and end must be within the same ram block. */
c227f099 1993void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1994 int dirty_flags)
1ccde1cb
FB		 1995{
1996 CPUState *env;
4f2ac237 1997 unsigned long length, start1;
f7c11b53 1998 int i;
1ccde1cb
FB		 1999
2000 start &= TARGET_PAGE_MASK;
2001 end = TARGET_PAGE_ALIGN(end);
2002
2003 length = end - start;
2004 if (length == 0)
2005 return;
f7c11b53 2006 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2007
1ccde1cb
FB		 2008 /* we modify the TLB cache so that the dirty bit will be set again
2009 when accessing the range */
b2e0a138 2010 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2011 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2012 address comparisons below. */
b2e0a138 2013 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2014 != (end - 1) - start) {
2015 abort();
2016 }
2017
6a00d601 2018 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2019 int mmu_idx;
2020 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2021 for(i = 0; i < CPU_TLB_SIZE; i++)
2022 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2023 start1, length);
2024 }
6a00d601 2025 }
1ccde1cb
FB		 2026}
2027
74576198
AL		 2028int cpu_physical_memory_set_dirty_tracking(int enable)
2029{
f6f3fbca 2030 int ret = 0;
74576198 2031 in_migration = enable;
f6f3fbca 2032 return ret;
74576198
AL		 2033}
2034
3a7d929e
FB		 2035static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2036{
c227f099 2037 ram_addr_t ram_addr;
5579c7f3 2038 void *p;
3a7d929e 2039
0e0df1e2 2040 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2041 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2042 + tlb_entry->addend);
e890261f 2043 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2044 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2045 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2046 }
2047 }
2048}
2049
2050/* update the TLB according to the current state of the dirty bits */
2051void cpu_tlb_update_dirty(CPUState *env)
2052{
2053 int i;
cfde4bd9
IY		 2054 int mmu_idx;
2055 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2056 for(i = 0; i < CPU_TLB_SIZE; i++)
2057 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2058 }
3a7d929e
FB		 2059}
2060
0f459d16 2061static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2062{
0f459d16
PB		 2063 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2064 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2065}
2066
0f459d16
PB		 2067/* update the TLB corresponding to virtual page vaddr
2068 so that it is no longer dirty */
2069static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2070{
1ccde1cb 2071 int i;
cfde4bd9 2072 int mmu_idx;
1ccde1cb 2073
0f459d16 2074 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2075 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2076 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2077 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2078}
2079
d4c430a8
PB		 2080/* Our TLB does not support large pages, so remember the area covered by
2081 large pages and trigger a full TLB flush if these are invalidated. */
2082static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2083 target_ulong size)
2084{
2085 target_ulong mask = ~(size - 1);
2086
2087 if (env->tlb_flush_addr == (target_ulong)-1) {
2088 env->tlb_flush_addr = vaddr & mask;
2089 env->tlb_flush_mask = mask;
2090 return;
2091 }
2092 /* Extend the existing region to include the new page.
2093 This is a compromise between unnecessary flushes and the cost
2094 of maintaining a full variable size TLB. */
2095 mask &= env->tlb_flush_mask;
2096 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2097 mask <<= 1;
2098 }
2099 env->tlb_flush_addr &= mask;
2100 env->tlb_flush_mask = mask;
2101}
2102
1d393fa2
AK		 2103static bool is_ram_rom(ram_addr_t pd)
2104{
2105 pd &= ~TARGET_PAGE_MASK;
0e0df1e2 2106 return pd == io_mem_ram.ram_addr || pd == io_mem_rom.ram_addr;
1d393fa2
AK		 2107}
2108
75c578dc
AK		 2109static bool is_romd(ram_addr_t pd)
2110{
2111 MemoryRegion *mr;
2112
2113 pd &= ~TARGET_PAGE_MASK;
11c7ef0c 2114 mr = io_mem_region[pd];
75c578dc
AK		 2115 return mr->rom_device && mr->readable;
2116}
2117
1d393fa2
AK		 2118static bool is_ram_rom_romd(ram_addr_t pd)
2119{
75c578dc 2120 return is_ram_rom(pd) || is_romd(pd);
1d393fa2
AK		 2121}
2122
d4c430a8
PB		 2123/* Add a new TLB entry. At most one entry for a given virtual address
2124 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2125 supplied size is only used by tlb_flush_page. */
2126void tlb_set_page(CPUState *env, target_ulong vaddr,
2127 target_phys_addr_t paddr, int prot,
2128 int mmu_idx, target_ulong size)
9fa3e853 2129{
f1f6e3b8 2130 PhysPageDesc p;
4f2ac237 2131 unsigned long pd;
9fa3e853 2132 unsigned int index;
4f2ac237 2133 target_ulong address;
0f459d16 2134 target_ulong code_address;
355b1943 2135 unsigned long addend;
84b7b8e7 2136 CPUTLBEntry *te;
a1d1bb31 2137 CPUWatchpoint *wp;
c227f099 2138 target_phys_addr_t iotlb;
9fa3e853 2139
d4c430a8
PB		 2140 assert(size >= TARGET_PAGE_SIZE);
2141 if (size != TARGET_PAGE_SIZE) {
2142 tlb_add_large_page(env, vaddr, size);
2143 }
92e873b9 2144 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
f1f6e3b8 2145 pd = p.phys_offset;
9fa3e853 2146#if defined(DEBUG_TLB)
7fd3f494
SW		 2147 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2148 " prot=%x idx=%d pd=0x%08lx\n",
2149 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2150#endif
2151
0f459d16 2152 address = vaddr;
1d393fa2 2153 if (!is_ram_rom_romd(pd)) {
0f459d16
PB		 2154 /* IO memory case (romd handled later) */
2155 address |= TLB_MMIO;
2156 }
5579c7f3 2157 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
1d393fa2 2158 if (is_ram_rom(pd)) {
0f459d16
PB		 2159 /* Normal RAM. */
2160 iotlb = pd & TARGET_PAGE_MASK;
0e0df1e2
AK		 2161 if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr)
2162 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2163 else
0e0df1e2 2164 iotlb |= io_mem_rom.ram_addr;
0f459d16 2165 } else {
ccbb4d44 2166 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2167 It would be nice to pass an offset from the base address
2168 of that region. This would avoid having to special case RAM,
2169 and avoid full address decoding in every device.
2170 We can't use the high bits of pd for this because
2171 IO_MEM_ROMD uses these as a ram address. */
8da3ff18 2172 iotlb = (pd & ~TARGET_PAGE_MASK);
f1f6e3b8 2173 iotlb += p.region_offset;
0f459d16
PB		 2174 }
2175
2176 code_address = address;
2177 /* Make accesses to pages with watchpoints go via the
2178 watchpoint trap routines. */
72cf2d4f 2179 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2180 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2181 /* Avoid trapping reads of pages with a write breakpoint. */
2182 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2183 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2184 address |= TLB_MMIO;
2185 break;
2186 }
6658ffb8 2187 }
0f459d16 2188 }
d79acba4 2189
0f459d16
PB		 2190 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2191 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2192 te = &env->tlb_table[mmu_idx][index];
2193 te->addend = addend - vaddr;
2194 if (prot & PAGE_READ) {
2195 te->addr_read = address;
2196 } else {
2197 te->addr_read = -1;
2198 }
5c751e99 2199
0f459d16
PB		 2200 if (prot & PAGE_EXEC) {
2201 te->addr_code = code_address;
2202 } else {
2203 te->addr_code = -1;
2204 }
2205 if (prot & PAGE_WRITE) {
75c578dc 2206 if ((pd & ~TARGET_PAGE_MASK) == io_mem_rom.ram_addr || is_romd(pd)) {
0f459d16
PB		 2207 /* Write access calls the I/O callback. */
2208 te->addr_write = address | TLB_MMIO;
0e0df1e2 2209 } else if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr &&
0f459d16
PB		 2210 !cpu_physical_memory_is_dirty(pd)) {
2211 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2212 } else {
0f459d16 2213 te->addr_write = address;
9fa3e853 2214 }
0f459d16
PB		 2215 } else {
2216 te->addr_write = -1;
9fa3e853 2217 }
9fa3e853
FB		 2218}
2219
0124311e
FB		 2220#else
2221
ee8b7021 2222void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2223{
2224}
2225
2e12669a 2226void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2227{
2228}
2229
edf8e2af
MW		 2230/*
2231 * Walks guest process memory "regions" one by one
2232 * and calls callback function 'fn' for each region.
2233 */
5cd2c5b6
RH		 2234
2235struct walk_memory_regions_data
2236{
2237 walk_memory_regions_fn fn;
2238 void *priv;
2239 unsigned long start;
2240 int prot;
2241};
2242
2243static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2244 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2245{
2246 if (data->start != -1ul) {
2247 int rc = data->fn(data->priv, data->start, end, data->prot);
2248 if (rc != 0) {
2249 return rc;
2250 }
2251 }
2252
2253 data->start = (new_prot ? end : -1ul);
2254 data->prot = new_prot;
2255
2256 return 0;
2257}
2258
2259static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2260 abi_ulong base, int level, void **lp)
5cd2c5b6 2261{
b480d9b7 2262 abi_ulong pa;
5cd2c5b6
RH		 2263 int i, rc;
2264
2265 if (*lp == NULL) {
2266 return walk_memory_regions_end(data, base, 0);
2267 }
2268
2269 if (level == 0) {
2270 PageDesc *pd = *lp;
7296abac 2271 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2272 int prot = pd[i].flags;
2273
2274 pa = base | (i << TARGET_PAGE_BITS);
2275 if (prot != data->prot) {
2276 rc = walk_memory_regions_end(data, pa, prot);
2277 if (rc != 0) {
2278 return rc;
9fa3e853 2279 }
9fa3e853 2280 }
5cd2c5b6
RH		 2281 }
2282 } else {
2283 void **pp = *lp;
7296abac 2284 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2285 pa = base | ((abi_ulong)i <<
2286 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2287 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2288 if (rc != 0) {
2289 return rc;
2290 }
2291 }
2292 }
2293
2294 return 0;
2295}
2296
2297int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2298{
2299 struct walk_memory_regions_data data;
2300 unsigned long i;
2301
2302 data.fn = fn;
2303 data.priv = priv;
2304 data.start = -1ul;
2305 data.prot = 0;
2306
2307 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2308 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2309 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2310 if (rc != 0) {
2311 return rc;
9fa3e853 2312 }
33417e70 2313 }
5cd2c5b6
RH		 2314
2315 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2316}
2317
b480d9b7
PB		 2318static int dump_region(void *priv, abi_ulong start,
2319 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2320{
2321 FILE *f = (FILE *)priv;
2322
b480d9b7
PB		 2323 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2324 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2325 start, end, end - start,
2326 ((prot & PAGE_READ) ? 'r' : '-'),
2327 ((prot & PAGE_WRITE) ? 'w' : '-'),
2328 ((prot & PAGE_EXEC) ? 'x' : '-'));
2329
2330 return (0);
2331}
2332
2333/* dump memory mappings */
2334void page_dump(FILE *f)
2335{
2336 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2337 "start", "end", "size", "prot");
2338 walk_memory_regions(f, dump_region);
33417e70
FB		 2339}
2340
53a5960a 2341int page_get_flags(target_ulong address)
33417e70 2342{
9fa3e853
FB		 2343 PageDesc *p;
2344
2345 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2346 if (!p)
9fa3e853
FB		 2347 return 0;
2348 return p->flags;
2349}
2350
376a7909
RH		 2351/* Modify the flags of a page and invalidate the code if necessary.
2352 The flag PAGE_WRITE_ORG is positioned automatically depending
2353 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2354void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2355{
376a7909
RH		 2356 target_ulong addr, len;
2357
2358 /* This function should never be called with addresses outside the
2359 guest address space. If this assert fires, it probably indicates
2360 a missing call to h2g_valid. */
b480d9b7
PB		 2361#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2362 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2363#endif
2364 assert(start < end);
9fa3e853
FB		 2365
2366 start = start & TARGET_PAGE_MASK;
2367 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2368
2369 if (flags & PAGE_WRITE) {
9fa3e853 2370 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2371 }
2372
2373 for (addr = start, len = end - start;
2374 len != 0;
2375 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2376 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2377
2378 /* If the write protection bit is set, then we invalidate
2379 the code inside. */
5fafdf24 2380 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2381 (flags & PAGE_WRITE) &&
2382 p->first_tb) {
d720b93d 2383 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2384 }
2385 p->flags = flags;
2386 }
33417e70
FB		 2387}
2388
3d97b40b
TS		 2389int page_check_range(target_ulong start, target_ulong len, int flags)
2390{
2391 PageDesc *p;
2392 target_ulong end;
2393 target_ulong addr;
2394
376a7909
RH		 2395 /* This function should never be called with addresses outside the
2396 guest address space. If this assert fires, it probably indicates
2397 a missing call to h2g_valid. */
338e9e6c
BS		 2398#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2399 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2400#endif
2401
3e0650a9
RH		 2402 if (len == 0) {
2403 return 0;
2404 }
376a7909
RH		 2405 if (start + len - 1 < start) {
2406 /* We've wrapped around. */
55f280c9 2407 return -1;
376a7909 2408 }
55f280c9 2409
3d97b40b
TS		 2410 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2411 start = start & TARGET_PAGE_MASK;
2412
376a7909
RH		 2413 for (addr = start, len = end - start;
2414 len != 0;
2415 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2416 p = page_find(addr >> TARGET_PAGE_BITS);
2417 if( !p )
2418 return -1;
2419 if( !(p->flags & PAGE_VALID) )
2420 return -1;
2421
dae3270c 2422 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2423 return -1;
dae3270c
FB		 2424 if (flags & PAGE_WRITE) {
2425 if (!(p->flags & PAGE_WRITE_ORG))
2426 return -1;
2427 /* unprotect the page if it was put read-only because it
2428 contains translated code */
2429 if (!(p->flags & PAGE_WRITE)) {
2430 if (!page_unprotect(addr, 0, NULL))
2431 return -1;
2432 }
2433 return 0;
2434 }
3d97b40b
TS		 2435 }
2436 return 0;
2437}
2438
9fa3e853 2439/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2440 page. Return TRUE if the fault was successfully handled. */
53a5960a 2441int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2442{
45d679d6
AJ		 2443 unsigned int prot;
2444 PageDesc *p;
53a5960a 2445 target_ulong host_start, host_end, addr;
9fa3e853 2446
c8a706fe
PB		 2447 /* Technically this isn't safe inside a signal handler. However we
2448 know this only ever happens in a synchronous SEGV handler, so in
2449 practice it seems to be ok. */
2450 mmap_lock();
2451
45d679d6
AJ		 2452 p = page_find(address >> TARGET_PAGE_BITS);
2453 if (!p) {
c8a706fe 2454 mmap_unlock();
9fa3e853 2455 return 0;
c8a706fe 2456 }
45d679d6 2457
9fa3e853
FB		 2458 /* if the page was really writable, then we change its
2459 protection back to writable */
45d679d6
AJ		 2460 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2461 host_start = address & qemu_host_page_mask;
2462 host_end = host_start + qemu_host_page_size;
2463
2464 prot = 0;
2465 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2466 p = page_find(addr >> TARGET_PAGE_BITS);
2467 p->flags |= PAGE_WRITE;
2468 prot |= p->flags;
2469
9fa3e853
FB		 2470 /* and since the content will be modified, we must invalidate
2471 the corresponding translated code. */
45d679d6 2472 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2473#ifdef DEBUG_TB_CHECK
45d679d6 2474 tb_invalidate_check(addr);
9fa3e853 2475#endif
9fa3e853 2476 }
45d679d6
AJ		 2477 mprotect((void *)g2h(host_start), qemu_host_page_size,
2478 prot & PAGE_BITS);
2479
2480 mmap_unlock();
2481 return 1;
9fa3e853 2482 }
c8a706fe 2483 mmap_unlock();
9fa3e853
FB		 2484 return 0;
2485}
2486
6a00d601
FB		 2487static inline void tlb_set_dirty(CPUState *env,
2488 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2489{
2490}
9fa3e853
FB		 2491#endif /* defined(CONFIG_USER_ONLY) */
2492
e2eef170 2493#if !defined(CONFIG_USER_ONLY)
8da3ff18 2494
c04b2b78
PB		 2495#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2496typedef struct subpage_t {
70c68e44 2497 MemoryRegion iomem;
c04b2b78 2498 target_phys_addr_t base;
5312bd8b 2499 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2500} subpage_t;
2501
c227f099 2502static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b
AK		 2503 uint16_t section);
2504static subpage_t *subpage_init (target_phys_addr_t base, uint16_t *section,
2505 uint16_t orig_section);
db7b5426
BS		 2506#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2507 need_subpage) \
2508 do { \
2509 if (addr > start_addr) \
2510 start_addr2 = 0; \
2511 else { \
2512 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2513 if (start_addr2 > 0) \
2514 need_subpage = 1; \
2515 } \
2516 \
49e9fba2 2517 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2518 end_addr2 = TARGET_PAGE_SIZE - 1; \
2519 else { \
2520 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2521 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2522 need_subpage = 1; \
2523 } \
2524 } while (0)
2525
5312bd8b 2526static void destroy_page_desc(uint16_t section_index)
54688b1e 2527{
5312bd8b
AK		 2528 MemoryRegionSection *section = &phys_sections[section_index];
2529 MemoryRegion *mr = section->mr;
54688b1e
AK		 2530
2531 if (mr->subpage) {
2532 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2533 memory_region_destroy(&subpage->iomem);
2534 g_free(subpage);
2535 }
2536}
2537
4346ae3e 2538static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2539{
2540 unsigned i;
4346ae3e 2541 PhysPageEntry *p = lp->u.node;
54688b1e 2542
4346ae3e 2543 if (!p) {
54688b1e
AK		 2544 return;
2545 }
2546
4346ae3e
AK		 2547 for (i = 0; i < L2_SIZE; ++i) {
2548 if (level > 0) {
54688b1e 2549 destroy_l2_mapping(&p[i], level - 1);
4346ae3e
AK		 2550 } else {
2551 destroy_page_desc(p[i].u.leaf);
54688b1e 2552 }
54688b1e 2553 }
4346ae3e
AK		 2554 g_free(p);
2555 lp->u.node = NULL;
54688b1e
AK		 2556}
2557
2558static void destroy_all_mappings(void)
2559{
3eef53df 2560 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
54688b1e
AK		 2561}
2562
5312bd8b
AK		 2563static uint16_t phys_section_add(MemoryRegionSection *section)
2564{
2565 if (phys_sections_nb == phys_sections_nb_alloc) {
2566 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2567 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2568 phys_sections_nb_alloc);
2569 }
2570 phys_sections[phys_sections_nb] = *section;
2571 return phys_sections_nb++;
2572}
2573
2574static void phys_sections_clear(void)
2575{
2576 phys_sections_nb = 0;
2577}
2578
8f2498f9
MT		 2579/* register physical memory.
2580 For RAM, 'size' must be a multiple of the target page size.
2581 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2582 io memory page. The address used when calling the IO function is
2583 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2584 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2585 before calculating this offset. This should not be a problem unless
2586 the low bits of start_addr and region_offset differ. */
dd81124b 2587void cpu_register_physical_memory_log(MemoryRegionSection *section,
d7ec83e6 2588 bool readonly)
33417e70 2589{
dd81124b
AK		 2590 target_phys_addr_t start_addr = section->offset_within_address_space;
2591 ram_addr_t size = section->size;
c227f099 2592 target_phys_addr_t addr, end_addr;
5312bd8b 2593 uint16_t *p;
9d42037b 2594 CPUState *env;
c227f099 2595 ram_addr_t orig_size = size;
f6405247 2596 subpage_t *subpage;
5312bd8b 2597 uint16_t section_index = phys_section_add(section);
dd81124b 2598
3b8e6a2d 2599 assert(size);
f6f3fbca 2600
5fd386f6 2601 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2602 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2603
2604 addr = start_addr;
2605 do {
f1f6e3b8 2606 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 0);
5312bd8b
AK		 2607 if (p && *p != phys_section_unassigned) {
2608 uint16_t orig_memory= *p;
c227f099 2609 target_phys_addr_t start_addr2, end_addr2;
db7b5426 2610 int need_subpage = 0;
5312bd8b 2611 MemoryRegion *mr = phys_sections[orig_memory].mr;
db7b5426
BS		 2612
2613 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2614 need_subpage);
f6405247 2615 if (need_subpage) {
b3b00c78 2616 if (!(mr->subpage)) {
db7b5426 2617 subpage = subpage_init((addr & TARGET_PAGE_MASK),
5312bd8b 2618 p, orig_memory);
db7b5426 2619 } else {
a621f38d 2620 subpage = container_of(mr, subpage_t, iomem);
db7b5426 2621 }
5312bd8b
AK		 2622 subpage_register(subpage, start_addr2, end_addr2,
2623 section_index);
db7b5426 2624 } else {
5312bd8b 2625 *p = section_index;
db7b5426
BS		 2626 }
2627 } else {
5312bd8b 2628 MemoryRegion *mr = section->mr;
db7b5426 2629 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
5312bd8b
AK		 2630 *p = section_index;
2631 if (!(memory_region_is_ram(mr) || mr->rom_device)) {
c227f099 2632 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2633 int need_subpage = 0;
2634
2635 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2636 end_addr2, need_subpage);
2637
f6405247 2638 if (need_subpage) {
db7b5426 2639 subpage = subpage_init((addr & TARGET_PAGE_MASK),
5312bd8b 2640 p, phys_section_unassigned);
db7b5426 2641 subpage_register(subpage, start_addr2, end_addr2,
5312bd8b 2642 section_index);
db7b5426
BS		 2643 }
2644 }
2645 }
3b8e6a2d
EI		 2646 addr += TARGET_PAGE_SIZE;
2647 } while (addr != end_addr);
3b46e624 2648
9d42037b
FB		 2649 /* since each CPU stores ram addresses in its TLB cache, we must
2650 reset the modified entries */
2651 /* XXX: slow ! */
2652 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2653 tlb_flush(env, 1);
2654 }
33417e70
FB		 2655}
2656
c227f099 2657void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2658{
2659 if (kvm_enabled())
2660 kvm_coalesce_mmio_region(addr, size);
2661}
2662
c227f099 2663void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2664{
2665 if (kvm_enabled())
2666 kvm_uncoalesce_mmio_region(addr, size);
2667}
2668
62a2744c
SY		 2669void qemu_flush_coalesced_mmio_buffer(void)
2670{
2671 if (kvm_enabled())
2672 kvm_flush_coalesced_mmio_buffer();
2673}
2674
c902760f
MT		 2675#if defined(__linux__) && !defined(TARGET_S390X)
2676
2677#include <sys/vfs.h>
2678
2679#define HUGETLBFS_MAGIC 0x958458f6
2680
2681static long gethugepagesize(const char *path)
2682{
2683 struct statfs fs;
2684 int ret;
2685
2686 do {
9742bf26 2687 ret = statfs(path, &fs);
c902760f
MT		 2688 } while (ret != 0 && errno == EINTR);
2689
2690 if (ret != 0) {
9742bf26
YT		 2691 perror(path);
2692 return 0;
c902760f
MT		 2693 }
2694
2695 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2696 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2697
2698 return fs.f_bsize;
2699}
2700
04b16653
AW		 2701static void *file_ram_alloc(RAMBlock *block,
2702 ram_addr_t memory,
2703 const char *path)
c902760f
MT		 2704{
2705 char *filename;
2706 void *area;
2707 int fd;
2708#ifdef MAP_POPULATE
2709 int flags;
2710#endif
2711 unsigned long hpagesize;
2712
2713 hpagesize = gethugepagesize(path);
2714 if (!hpagesize) {
9742bf26 2715 return NULL;
c902760f
MT		 2716 }
2717
2718 if (memory < hpagesize) {
2719 return NULL;
2720 }
2721
2722 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2723 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2724 return NULL;
2725 }
2726
2727 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2728 return NULL;
c902760f
MT		 2729 }
2730
2731 fd = mkstemp(filename);
2732 if (fd < 0) {
9742bf26
YT		 2733 perror("unable to create backing store for hugepages");
2734 free(filename);
2735 return NULL;
c902760f
MT		 2736 }
2737 unlink(filename);
2738 free(filename);
2739
2740 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2741
2742 /*
2743 * ftruncate is not supported by hugetlbfs in older
2744 * hosts, so don't bother bailing out on errors.
2745 * If anything goes wrong with it under other filesystems,
2746 * mmap will fail.
2747 */
2748 if (ftruncate(fd, memory))
9742bf26 2749 perror("ftruncate");
c902760f
MT		 2750
2751#ifdef MAP_POPULATE
2752 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2753 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2754 * to sidestep this quirk.
2755 */
2756 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2757 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2758#else
2759 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2760#endif
2761 if (area == MAP_FAILED) {
9742bf26
YT		 2762 perror("file_ram_alloc: can't mmap RAM pages");
2763 close(fd);
2764 return (NULL);
c902760f 2765 }
04b16653 2766 block->fd = fd;
c902760f
MT		 2767 return area;
2768}
2769#endif
2770
d17b5288 2771static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2772{
2773 RAMBlock *block, *next_block;
3e837b2c 2774 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2775
2776 if (QLIST_EMPTY(&ram_list.blocks))
2777 return 0;
2778
2779 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2780 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2781
2782 end = block->offset + block->length;
2783
2784 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2785 if (next_block->offset >= end) {
2786 next = MIN(next, next_block->offset);
2787 }
2788 }
2789 if (next - end >= size && next - end < mingap) {
3e837b2c 2790 offset = end;
04b16653
AW		 2791 mingap = next - end;
2792 }
2793 }
3e837b2c
AW		 2794
2795 if (offset == RAM_ADDR_MAX) {
2796 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2797 (uint64_t)size);
2798 abort();
2799 }
2800
04b16653
AW		 2801 return offset;
2802}
2803
2804static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2805{
2806 RAMBlock *block;
2807 ram_addr_t last = 0;
2808
2809 QLIST_FOREACH(block, &ram_list.blocks, next)
2810 last = MAX(last, block->offset + block->length);
2811
2812 return last;
2813}
2814
c5705a77 2815void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2816{
2817 RAMBlock *new_block, *block;
2818
c5705a77
AK		 2819 new_block = NULL;
2820 QLIST_FOREACH(block, &ram_list.blocks, next) {
2821 if (block->offset == addr) {
2822 new_block = block;
2823 break;
2824 }
2825 }
2826 assert(new_block);
2827 assert(!new_block->idstr[0]);
84b89d78
CM		 2828
2829 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2830 char *id = dev->parent_bus->info->get_dev_path(dev);
2831 if (id) {
2832 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2833 g_free(id);
84b89d78
CM		 2834 }
2835 }
2836 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2837
2838 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2839 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2840 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2841 new_block->idstr);
2842 abort();
2843 }
2844 }
c5705a77
AK		 2845}
2846
2847ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2848 MemoryRegion *mr)
2849{
2850 RAMBlock *new_block;
2851
2852 size = TARGET_PAGE_ALIGN(size);
2853 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2854
7c637366 2855 new_block->mr = mr;
432d268c 2856 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2857 if (host) {
2858 new_block->host = host;
cd19cfa2 2859 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2860 } else {
2861 if (mem_path) {
c902760f 2862#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2863 new_block->host = file_ram_alloc(new_block, size, mem_path);
2864 if (!new_block->host) {
2865 new_block->host = qemu_vmalloc(size);
e78815a5 2866 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2867 }
c902760f 2868#else
6977dfe6
YT		 2869 fprintf(stderr, "-mem-path option unsupported\n");
2870 exit(1);
c902760f 2871#endif
6977dfe6 2872 } else {
6b02494d 2873#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2874 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2875 an system defined value, which is at least 256GB. Larger systems
2876 have larger values. We put the guest between the end of data
2877 segment (system break) and this value. We use 32GB as a base to
2878 have enough room for the system break to grow. */
2879 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2880 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2881 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2882 if (new_block->host == MAP_FAILED) {
2883 fprintf(stderr, "Allocating RAM failed\n");
2884 abort();
2885 }
6b02494d 2886#else
868bb33f 2887 if (xen_enabled()) {
fce537d4 2888 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2889 } else {
2890 new_block->host = qemu_vmalloc(size);
2891 }
6b02494d 2892#endif
e78815a5 2893 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2894 }
c902760f 2895 }
94a6b54f
PB		 2896 new_block->length = size;
2897
f471a17e 2898 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2899
7267c094 2900 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2901 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2902 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2903 0xff, size >> TARGET_PAGE_BITS);
2904
6f0437e8
JK		 2905 if (kvm_enabled())
2906 kvm_setup_guest_memory(new_block->host, size);
2907
94a6b54f
PB		 2908 return new_block->offset;
2909}
e9a1ab19 2910
c5705a77 2911ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2912{
c5705a77 2913 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2914}
2915
1f2e98b6
AW		 2916void qemu_ram_free_from_ptr(ram_addr_t addr)
2917{
2918 RAMBlock *block;
2919
2920 QLIST_FOREACH(block, &ram_list.blocks, next) {
2921 if (addr == block->offset) {
2922 QLIST_REMOVE(block, next);
7267c094 2923 g_free(block);
1f2e98b6
AW		 2924 return;
2925 }
2926 }
2927}
2928
c227f099 2929void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2930{
04b16653
AW		 2931 RAMBlock *block;
2932
2933 QLIST_FOREACH(block, &ram_list.blocks, next) {
2934 if (addr == block->offset) {
2935 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2936 if (block->flags & RAM_PREALLOC_MASK) {
2937 ;
2938 } else if (mem_path) {
04b16653
AW		 2939#if defined (__linux__) && !defined(TARGET_S390X)
2940 if (block->fd) {
2941 munmap(block->host, block->length);
2942 close(block->fd);
2943 } else {
2944 qemu_vfree(block->host);
2945 }
fd28aa13
JK		 2946#else
2947 abort();
04b16653
AW		 2948#endif
2949 } else {
2950#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2951 munmap(block->host, block->length);
2952#else
868bb33f 2953 if (xen_enabled()) {
e41d7c69 2954 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2955 } else {
2956 qemu_vfree(block->host);
2957 }
04b16653
AW		 2958#endif
2959 }
7267c094 2960 g_free(block);
04b16653
AW		 2961 return;
2962 }
2963 }
2964
e9a1ab19
FB		 2965}
2966
cd19cfa2
HY		 2967#ifndef _WIN32
2968void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2969{
2970 RAMBlock *block;
2971 ram_addr_t offset;
2972 int flags;
2973 void *area, *vaddr;
2974
2975 QLIST_FOREACH(block, &ram_list.blocks, next) {
2976 offset = addr - block->offset;
2977 if (offset < block->length) {
2978 vaddr = block->host + offset;
2979 if (block->flags & RAM_PREALLOC_MASK) {
2980 ;
2981 } else {
2982 flags = MAP_FIXED;
2983 munmap(vaddr, length);
2984 if (mem_path) {
2985#if defined(__linux__) && !defined(TARGET_S390X)
2986 if (block->fd) {
2987#ifdef MAP_POPULATE
2988 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2989 MAP_PRIVATE;
2990#else
2991 flags |= MAP_PRIVATE;
2992#endif
2993 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2994 flags, block->fd, offset);
2995 } else {
2996 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2997 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2998 flags, -1, 0);
2999 }
fd28aa13
JK		 3000#else
3001 abort();
cd19cfa2
HY		 3002#endif
3003 } else {
3004#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3005 flags |= MAP_SHARED | MAP_ANONYMOUS;
3006 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3007 flags, -1, 0);
3008#else
3009 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3010 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3011 flags, -1, 0);
3012#endif
3013 }
3014 if (area != vaddr) {
f15fbc4b
AP		 3015 fprintf(stderr, "Could not remap addr: "
3016 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3017 length, addr);
3018 exit(1);
3019 }
3020 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3021 }
3022 return;
3023 }
3024 }
3025}
3026#endif /* !_WIN32 */
3027
dc828ca1 3028/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3029 With the exception of the softmmu code in this file, this should
3030 only be used for local memory (e.g. video ram) that the device owns,
3031 and knows it isn't going to access beyond the end of the block.
3032
3033 It should not be used for general purpose DMA.
3034 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3035 */
c227f099 3036void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3037{
94a6b54f
PB		 3038 RAMBlock *block;
3039
f471a17e
AW		 3040 QLIST_FOREACH(block, &ram_list.blocks, next) {
3041 if (addr - block->offset < block->length) {
7d82af38
VP		 3042 /* Move this entry to to start of the list. */
3043 if (block != QLIST_FIRST(&ram_list.blocks)) {
3044 QLIST_REMOVE(block, next);
3045 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3046 }
868bb33f 3047 if (xen_enabled()) {
432d268c
JN		 3048 /* We need to check if the requested address is in the RAM
3049 * because we don't want to map the entire memory in QEMU.
712c2b41 3050 * In that case just map until the end of the page.
432d268c
JN		 3051 */
3052 if (block->offset == 0) {
e41d7c69 3053 return xen_map_cache(addr, 0, 0);
432d268c 3054 } else if (block->host == NULL) {
e41d7c69
JK		 3055 block->host =
3056 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3057 }
3058 }
f471a17e
AW		 3059 return block->host + (addr - block->offset);
3060 }
94a6b54f 3061 }
f471a17e
AW		 3062
3063 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3064 abort();
3065
3066 return NULL;
dc828ca1
PB		 3067}
3068
b2e0a138
MT		 3069/* Return a host pointer to ram allocated with qemu_ram_alloc.
3070 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3071 */
3072void *qemu_safe_ram_ptr(ram_addr_t addr)
3073{
3074 RAMBlock *block;
3075
3076 QLIST_FOREACH(block, &ram_list.blocks, next) {
3077 if (addr - block->offset < block->length) {
868bb33f 3078 if (xen_enabled()) {
432d268c
JN		 3079 /* We need to check if the requested address is in the RAM
3080 * because we don't want to map the entire memory in QEMU.
712c2b41 3081 * In that case just map until the end of the page.
432d268c
JN		 3082 */
3083 if (block->offset == 0) {
e41d7c69 3084 return xen_map_cache(addr, 0, 0);
432d268c 3085 } else if (block->host == NULL) {
e41d7c69
JK		 3086 block->host =
3087 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3088 }
3089 }
b2e0a138
MT		 3090 return block->host + (addr - block->offset);
3091 }
3092 }
3093
3094 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3095 abort();
3096
3097 return NULL;
3098}
3099
38bee5dc
SS		 3100/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3101 * but takes a size argument */
8ab934f9 3102void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3103{
8ab934f9
SS		 3104 if (*size == 0) {
3105 return NULL;
3106 }
868bb33f 3107 if (xen_enabled()) {
e41d7c69 3108 return xen_map_cache(addr, *size, 1);
868bb33f 3109 } else {
38bee5dc
SS		 3110 RAMBlock *block;
3111
3112 QLIST_FOREACH(block, &ram_list.blocks, next) {
3113 if (addr - block->offset < block->length) {
3114 if (addr - block->offset + *size > block->length)
3115 *size = block->length - addr + block->offset;
3116 return block->host + (addr - block->offset);
3117 }
3118 }
3119
3120 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3121 abort();
38bee5dc
SS		 3122 }
3123}
3124
050a0ddf
AP		 3125void qemu_put_ram_ptr(void *addr)
3126{
3127 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3128}
3129
e890261f 3130int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3131{
94a6b54f
PB		 3132 RAMBlock *block;
3133 uint8_t *host = ptr;
3134
868bb33f 3135 if (xen_enabled()) {
e41d7c69 3136 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3137 return 0;
3138 }
3139
f471a17e 3140 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3141 /* This case append when the block is not mapped. */
3142 if (block->host == NULL) {
3143 continue;
3144 }
f471a17e 3145 if (host - block->host < block->length) {
e890261f
MT		 3146 *ram_addr = block->offset + (host - block->host);
3147 return 0;
f471a17e 3148 }
94a6b54f 3149 }
432d268c 3150
e890261f
MT		 3151 return -1;
3152}
f471a17e 3153
e890261f
MT		 3154/* Some of the softmmu routines need to translate from a host pointer
3155 (typically a TLB entry) back to a ram offset. */
3156ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3157{
3158 ram_addr_t ram_addr;
f471a17e 3159
e890261f
MT		 3160 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3161 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3162 abort();
3163 }
3164 return ram_addr;
5579c7f3
PB		 3165}
3166
0e0df1e2
AK		 3167static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3168 unsigned size)
e18231a3
BS		 3169{
3170#ifdef DEBUG_UNASSIGNED
3171 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3172#endif
5b450407 3173#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3174 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3175#endif
3176 return 0;
3177}
3178
0e0df1e2
AK		 3179static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3180 uint64_t val, unsigned size)
e18231a3
BS		 3181{
3182#ifdef DEBUG_UNASSIGNED
0e0df1e2 3183 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3184#endif
5b450407 3185#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3186 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3187#endif
33417e70
FB		 3188}
3189
0e0df1e2
AK		 3190static const MemoryRegionOps unassigned_mem_ops = {
3191 .read = unassigned_mem_read,
3192 .write = unassigned_mem_write,
3193 .endianness = DEVICE_NATIVE_ENDIAN,
3194};
e18231a3 3195
0e0df1e2
AK		 3196static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3197 unsigned size)
e18231a3 3198{
0e0df1e2 3199 abort();
e18231a3
BS		 3200}
3201
0e0df1e2
AK		 3202static void error_mem_write(void *opaque, target_phys_addr_t addr,
3203 uint64_t value, unsigned size)
e18231a3 3204{
0e0df1e2 3205 abort();
33417e70
FB		 3206}
3207
0e0df1e2
AK		 3208static const MemoryRegionOps error_mem_ops = {
3209 .read = error_mem_read,
3210 .write = error_mem_write,
3211 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3212};
3213
0e0df1e2
AK		 3214static const MemoryRegionOps rom_mem_ops = {
3215 .read = error_mem_read,
3216 .write = unassigned_mem_write,
3217 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3218};
3219
0e0df1e2
AK		 3220static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3221 uint64_t val, unsigned size)
9fa3e853 3222{
3a7d929e 3223 int dirty_flags;
f7c11b53 3224 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3225 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3226#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3227 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3228 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3229#endif
3a7d929e 3230 }
0e0df1e2
AK		 3231 switch (size) {
3232 case 1:
3233 stb_p(qemu_get_ram_ptr(ram_addr), val);
3234 break;
3235 case 2:
3236 stw_p(qemu_get_ram_ptr(ram_addr), val);
3237 break;
3238 case 4:
3239 stl_p(qemu_get_ram_ptr(ram_addr), val);
3240 break;
3241 default:
3242 abort();
3a7d929e 3243 }
f23db169 3244 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3245 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3246 /* we remove the notdirty callback only if the code has been
3247 flushed */
3248 if (dirty_flags == 0xff)
2e70f6ef 3249 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3250}
3251
0e0df1e2
AK		 3252static const MemoryRegionOps notdirty_mem_ops = {
3253 .read = error_mem_read,
3254 .write = notdirty_mem_write,
3255 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3256};
3257
0f459d16 3258/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3259static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3260{
3261 CPUState *env = cpu_single_env;
06d55cc1
AL		 3262 target_ulong pc, cs_base;
3263 TranslationBlock *tb;
0f459d16 3264 target_ulong vaddr;
a1d1bb31 3265 CPUWatchpoint *wp;
06d55cc1 3266 int cpu_flags;
0f459d16 3267
06d55cc1
AL		 3268 if (env->watchpoint_hit) {
3269 /* We re-entered the check after replacing the TB. Now raise
3270 * the debug interrupt so that is will trigger after the
3271 * current instruction. */
3272 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3273 return;
3274 }
2e70f6ef 3275 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3276 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3277 if ((vaddr == (wp->vaddr & len_mask) ||
3278 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3279 wp->flags |= BP_WATCHPOINT_HIT;
3280 if (!env->watchpoint_hit) {
3281 env->watchpoint_hit = wp;
3282 tb = tb_find_pc(env->mem_io_pc);
3283 if (!tb) {
3284 cpu_abort(env, "check_watchpoint: could not find TB for "
3285 "pc=%p", (void *)env->mem_io_pc);
3286 }
618ba8e6 3287 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3288 tb_phys_invalidate(tb, -1);
3289 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3290 env->exception_index = EXCP_DEBUG;
3291 } else {
3292 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3293 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3294 }
3295 cpu_resume_from_signal(env, NULL);
06d55cc1 3296 }
6e140f28
AL		 3297 } else {
3298 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3299 }
3300 }
3301}
3302
6658ffb8
PB		 3303/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3304 so these check for a hit then pass through to the normal out-of-line
3305 phys routines. */
1ec9b909
AK		 3306static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3307 unsigned size)
6658ffb8 3308{
1ec9b909
AK		 3309 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3310 switch (size) {
3311 case 1: return ldub_phys(addr);
3312 case 2: return lduw_phys(addr);
3313 case 4: return ldl_phys(addr);
3314 default: abort();
3315 }
6658ffb8
PB		 3316}
3317
1ec9b909
AK		 3318static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3319 uint64_t val, unsigned size)
6658ffb8 3320{
1ec9b909
AK		 3321 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3322 switch (size) {
3323 case 1: stb_phys(addr, val);
3324 case 2: stw_phys(addr, val);
3325 case 4: stl_phys(addr, val);
3326 default: abort();
3327 }
6658ffb8
PB		 3328}
3329
1ec9b909
AK		 3330static const MemoryRegionOps watch_mem_ops = {
3331 .read = watch_mem_read,
3332 .write = watch_mem_write,
3333 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3334};
6658ffb8 3335
70c68e44
AK		 3336static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3337 unsigned len)
db7b5426 3338{
70c68e44 3339 subpage_t *mmio = opaque;
f6405247 3340 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3341 MemoryRegionSection *section;
db7b5426
BS		 3342#if defined(DEBUG_SUBPAGE)
3343 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3344 mmio, len, addr, idx);
3345#endif
db7b5426 3346
5312bd8b
AK		 3347 section = &phys_sections[mmio->sub_section[idx]];
3348 addr += mmio->base;
3349 addr -= section->offset_within_address_space;
3350 addr += section->offset_within_region;
3351 return io_mem_read(section->mr->ram_addr, addr, len);
db7b5426
BS		 3352}
3353
70c68e44
AK		 3354static void subpage_write(void *opaque, target_phys_addr_t addr,
3355 uint64_t value, unsigned len)
db7b5426 3356{
70c68e44 3357 subpage_t *mmio = opaque;
f6405247 3358 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3359 MemoryRegionSection *section;
db7b5426 3360#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3361 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3362 " idx %d value %"PRIx64"\n",
f6405247 3363 __func__, mmio, len, addr, idx, value);
db7b5426 3364#endif
f6405247 3365
5312bd8b
AK		 3366 section = &phys_sections[mmio->sub_section[idx]];
3367 addr += mmio->base;
3368 addr -= section->offset_within_address_space;
3369 addr += section->offset_within_region;
3370 io_mem_write(section->mr->ram_addr, addr, value, len);
db7b5426
BS		 3371}
3372
70c68e44
AK		 3373static const MemoryRegionOps subpage_ops = {
3374 .read = subpage_read,
3375 .write = subpage_write,
3376 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3377};
3378
de712f94
AK		 3379static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3380 unsigned size)
56384e8b
AF		 3381{
3382 ram_addr_t raddr = addr;
3383 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3384 switch (size) {
3385 case 1: return ldub_p(ptr);
3386 case 2: return lduw_p(ptr);
3387 case 4: return ldl_p(ptr);
3388 default: abort();
3389 }
56384e8b
AF		 3390}
3391
de712f94
AK		 3392static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3393 uint64_t value, unsigned size)
56384e8b
AF		 3394{
3395 ram_addr_t raddr = addr;
3396 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3397 switch (size) {
3398 case 1: return stb_p(ptr, value);
3399 case 2: return stw_p(ptr, value);
3400 case 4: return stl_p(ptr, value);
3401 default: abort();
3402 }
56384e8b
AF		 3403}
3404
de712f94
AK		 3405static const MemoryRegionOps subpage_ram_ops = {
3406 .read = subpage_ram_read,
3407 .write = subpage_ram_write,
3408 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3409};
3410
c227f099 3411static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3412 uint16_t section)
db7b5426
BS		 3413{
3414 int idx, eidx;
3415
3416 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3417 return -1;
3418 idx = SUBPAGE_IDX(start);
3419 eidx = SUBPAGE_IDX(end);
3420#if defined(DEBUG_SUBPAGE)
0bf9e31a 3421 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3422 mmio, start, end, idx, eidx, memory);
3423#endif
5312bd8b
AK		 3424 if (memory_region_is_ram(phys_sections[section].mr)) {
3425 MemoryRegionSection new_section = phys_sections[section];
3426 new_section.mr = &io_mem_subpage_ram;
3427 section = phys_section_add(&new_section);
56384e8b 3428 }
db7b5426 3429 for (; idx <= eidx; idx++) {
5312bd8b 3430 mmio->sub_section[idx] = section;
db7b5426
BS		 3431 }
3432
3433 return 0;
3434}
3435
5312bd8b
AK		 3436static subpage_t *subpage_init (target_phys_addr_t base, uint16_t *section_ind,
3437 uint16_t orig_section)
db7b5426 3438{
c227f099 3439 subpage_t *mmio;
5312bd8b
AK		 3440 MemoryRegionSection section = {
3441 .offset_within_address_space = base,
3442 .size = TARGET_PAGE_SIZE,
3443 };
db7b5426 3444
7267c094 3445 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3446
3447 mmio->base = base;
70c68e44
AK		 3448 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3449 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3450 mmio->iomem.subpage = true;
5312bd8b 3451 section.mr = &mmio->iomem;
db7b5426 3452#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3453 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3454 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3455#endif
5312bd8b
AK		 3456 *section_ind = phys_section_add(&section);
3457 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_section);
db7b5426
BS		 3458
3459 return mmio;
3460}
3461
88715657
AL		 3462static int get_free_io_mem_idx(void)
3463{
3464 int i;
3465
3466 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3467 if (!io_mem_used[i]) {
3468 io_mem_used[i] = 1;
3469 return i;
3470 }
c6703b47 3471 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3472 return -1;
3473}
3474
33417e70
FB		 3475/* mem_read and mem_write are arrays of functions containing the
3476 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3477 2). Functions can be omitted with a NULL function pointer.
3ee89922 3478 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3479 modified. If it is zero, a new io zone is allocated. The return
3480 value can be used with cpu_register_physical_memory(). (-1) is
3481 returned if error. */
a621f38d 3482static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3483{
33417e70 3484 if (io_index <= 0) {
88715657
AL		 3485 io_index = get_free_io_mem_idx();
3486 if (io_index == -1)
3487 return io_index;
33417e70
FB		 3488 } else {
3489 if (io_index >= IO_MEM_NB_ENTRIES)
3490 return -1;
3491 }
b5ff1b31 3492
a621f38d 3493 io_mem_region[io_index] = mr;
f6405247 3494
11c7ef0c 3495 return io_index;
33417e70 3496}
61382a50 3497
a621f38d 3498int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3499{
a621f38d 3500 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3501}
3502
11c7ef0c 3503void cpu_unregister_io_memory(int io_index)
88715657 3504{
a621f38d 3505 io_mem_region[io_index] = NULL;
88715657
AL		 3506 io_mem_used[io_index] = 0;
3507}
3508
5312bd8b
AK		 3509static uint16_t dummy_section(MemoryRegion *mr)
3510{
3511 MemoryRegionSection section = {
3512 .mr = mr,
3513 .offset_within_address_space = 0,
3514 .offset_within_region = 0,
3515 .size = UINT64_MAX,
3516 };
3517
3518 return phys_section_add(&section);
3519}
3520
e9179ce1
AK		 3521static void io_mem_init(void)
3522{
3523 int i;
3524
0e0df1e2
AK		 3525 /* Must be first: */
3526 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3527 assert(io_mem_ram.ram_addr == 0);
3528 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3529 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3530 "unassigned", UINT64_MAX);
3531 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3532 "notdirty", UINT64_MAX);
de712f94
AK		 3533 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3534 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3535 for (i=0; i<5; i++)
3536 io_mem_used[i] = 1;
3537
1ec9b909
AK		 3538 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3539 "watch", UINT64_MAX);
e9179ce1
AK		 3540}
3541
50c1e149
AK		 3542static void core_begin(MemoryListener *listener)
3543{
54688b1e 3544 destroy_all_mappings();
5312bd8b
AK		 3545 phys_sections_clear();
3546 phys_section_unassigned = dummy_section(&io_mem_unassigned);
50c1e149
AK		 3547}
3548
3549static void core_commit(MemoryListener *listener)
3550{
3551}
3552
93632747
AK		 3553static void core_region_add(MemoryListener *listener,
3554 MemoryRegionSection *section)
3555{
4855d41a 3556 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3557}
3558
3559static void core_region_del(MemoryListener *listener,
3560 MemoryRegionSection *section)
3561{
93632747
AK		 3562}
3563
50c1e149
AK		 3564static void core_region_nop(MemoryListener *listener,
3565 MemoryRegionSection *section)
3566{
54688b1e 3567 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3568}
3569
93632747
AK		 3570static void core_log_start(MemoryListener *listener,
3571 MemoryRegionSection *section)
3572{
3573}
3574
3575static void core_log_stop(MemoryListener *listener,
3576 MemoryRegionSection *section)
3577{
3578}
3579
3580static void core_log_sync(MemoryListener *listener,
3581 MemoryRegionSection *section)
3582{
3583}
3584
3585static void core_log_global_start(MemoryListener *listener)
3586{
3587 cpu_physical_memory_set_dirty_tracking(1);
3588}
3589
3590static void core_log_global_stop(MemoryListener *listener)
3591{
3592 cpu_physical_memory_set_dirty_tracking(0);
3593}
3594
3595static void core_eventfd_add(MemoryListener *listener,
3596 MemoryRegionSection *section,
3597 bool match_data, uint64_t data, int fd)
3598{
3599}
3600
3601static void core_eventfd_del(MemoryListener *listener,
3602 MemoryRegionSection *section,
3603 bool match_data, uint64_t data, int fd)
3604{
3605}
3606
50c1e149
AK		 3607static void io_begin(MemoryListener *listener)
3608{
3609}
3610
3611static void io_commit(MemoryListener *listener)
3612{
3613}
3614
4855d41a
AK		 3615static void io_region_add(MemoryListener *listener,
3616 MemoryRegionSection *section)
3617{
3618 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3619 section->offset_within_address_space, section->size);
3620 ioport_register(&section->mr->iorange);
3621}
3622
3623static void io_region_del(MemoryListener *listener,
3624 MemoryRegionSection *section)
3625{
3626 isa_unassign_ioport(section->offset_within_address_space, section->size);
3627}
3628
50c1e149
AK		 3629static void io_region_nop(MemoryListener *listener,
3630 MemoryRegionSection *section)
3631{
3632}
3633
4855d41a
AK		 3634static void io_log_start(MemoryListener *listener,
3635 MemoryRegionSection *section)
3636{
3637}
3638
3639static void io_log_stop(MemoryListener *listener,
3640 MemoryRegionSection *section)
3641{
3642}
3643
3644static void io_log_sync(MemoryListener *listener,
3645 MemoryRegionSection *section)
3646{
3647}
3648
3649static void io_log_global_start(MemoryListener *listener)
3650{
3651}
3652
3653static void io_log_global_stop(MemoryListener *listener)
3654{
3655}
3656
3657static void io_eventfd_add(MemoryListener *listener,
3658 MemoryRegionSection *section,
3659 bool match_data, uint64_t data, int fd)
3660{
3661}
3662
3663static void io_eventfd_del(MemoryListener *listener,
3664 MemoryRegionSection *section,
3665 bool match_data, uint64_t data, int fd)
3666{
3667}
3668
93632747 3669static MemoryListener core_memory_listener = {
50c1e149
AK		 3670 .begin = core_begin,
3671 .commit = core_commit,
93632747
AK		 3672 .region_add = core_region_add,
3673 .region_del = core_region_del,
50c1e149 3674 .region_nop = core_region_nop,
93632747
AK		 3675 .log_start = core_log_start,
3676 .log_stop = core_log_stop,
3677 .log_sync = core_log_sync,
3678 .log_global_start = core_log_global_start,
3679 .log_global_stop = core_log_global_stop,
3680 .eventfd_add = core_eventfd_add,
3681 .eventfd_del = core_eventfd_del,
3682 .priority = 0,
3683};
3684
4855d41a 3685static MemoryListener io_memory_listener = {
50c1e149
AK		 3686 .begin = io_begin,
3687 .commit = io_commit,
4855d41a
AK		 3688 .region_add = io_region_add,
3689 .region_del = io_region_del,
50c1e149 3690 .region_nop = io_region_nop,
4855d41a
AK		 3691 .log_start = io_log_start,
3692 .log_stop = io_log_stop,
3693 .log_sync = io_log_sync,
3694 .log_global_start = io_log_global_start,
3695 .log_global_stop = io_log_global_stop,
3696 .eventfd_add = io_eventfd_add,
3697 .eventfd_del = io_eventfd_del,
3698 .priority = 0,
3699};
3700
62152b8a
AK		 3701static void memory_map_init(void)
3702{
7267c094 3703 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3704 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3705 set_system_memory_map(system_memory);
309cb471 3706
7267c094 3707 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3708 memory_region_init(system_io, "io", 65536);
3709 set_system_io_map(system_io);
93632747 3710
4855d41a
AK		 3711 memory_listener_register(&core_memory_listener, system_memory);
3712 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3713}
3714
3715MemoryRegion *get_system_memory(void)
3716{
3717 return system_memory;
3718}
3719
309cb471
AK		 3720MemoryRegion *get_system_io(void)
3721{
3722 return system_io;
3723}
3724
e2eef170
PB		 3725#endif /* !defined(CONFIG_USER_ONLY) */
3726
13eb76e0
FB		 3727/* physical memory access (slow version, mainly for debug) */
3728#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3729int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3730 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3731{
3732 int l, flags;
3733 target_ulong page;
53a5960a 3734 void * p;
13eb76e0
FB		 3735
3736 while (len > 0) {
3737 page = addr & TARGET_PAGE_MASK;
3738 l = (page + TARGET_PAGE_SIZE) - addr;
3739 if (l > len)
3740 l = len;
3741 flags = page_get_flags(page);
3742 if (!(flags & PAGE_VALID))
a68fe89c 3743 return -1;
13eb76e0
FB		 3744 if (is_write) {
3745 if (!(flags & PAGE_WRITE))
a68fe89c 3746 return -1;
579a97f7 3747 /* XXX: this code should not depend on lock_user */
72fb7daa 3748 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3749 return -1;
72fb7daa
AJ		 3750 memcpy(p, buf, l);
3751 unlock_user(p, addr, l);
13eb76e0
FB		 3752 } else {
3753 if (!(flags & PAGE_READ))
a68fe89c 3754 return -1;
579a97f7 3755 /* XXX: this code should not depend on lock_user */
72fb7daa 3756 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3757 return -1;
72fb7daa 3758 memcpy(buf, p, l);
5b257578 3759 unlock_user(p, addr, 0);
13eb76e0
FB		 3760 }
3761 len -= l;
3762 buf += l;
3763 addr += l;
3764 }
a68fe89c 3765 return 0;
13eb76e0 3766}
8df1cd07 3767
13eb76e0 3768#else
c227f099 3769void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3770 int len, int is_write)
3771{
3772 int l, io_index;
3773 uint8_t *ptr;
3774 uint32_t val;
c227f099 3775 target_phys_addr_t page;
8ca5692d 3776 ram_addr_t pd;
f1f6e3b8 3777 PhysPageDesc p;
3b46e624 3778
13eb76e0
FB		 3779 while (len > 0) {
3780 page = addr & TARGET_PAGE_MASK;
3781 l = (page + TARGET_PAGE_SIZE) - addr;
3782 if (l > len)
3783 l = len;
92e873b9 3784 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3785 pd = p.phys_offset;
3b46e624 3786
13eb76e0 3787 if (is_write) {
0e0df1e2 3788 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
f1f6e3b8 3789 target_phys_addr_t addr1;
11c7ef0c 3790 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3791 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6a00d601
FB		 3792 /* XXX: could force cpu_single_env to NULL to avoid
3793 potential bugs */
6c2934db 3794 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3795 /* 32 bit write access */
c27004ec 3796 val = ldl_p(buf);
acbbec5d 3797 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3798 l = 4;
6c2934db 3799 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3800 /* 16 bit write access */
c27004ec 3801 val = lduw_p(buf);
acbbec5d 3802 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3803 l = 2;
3804 } else {
1c213d19 3805 /* 8 bit write access */
c27004ec 3806 val = ldub_p(buf);
acbbec5d 3807 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3808 l = 1;
3809 }
3810 } else {
8ca5692d 3811 ram_addr_t addr1;
b448f2f3 3812 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3813 /* RAM case */
5579c7f3 3814 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3815 memcpy(ptr, buf, l);
3a7d929e
FB		 3816 if (!cpu_physical_memory_is_dirty(addr1)) {
3817 /* invalidate code */
3818 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3819 /* set dirty bit */
f7c11b53
YT		 3820 cpu_physical_memory_set_dirty_flags(
3821 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3822 }
050a0ddf 3823 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3824 }
3825 } else {
1d393fa2 3826 if (!is_ram_rom_romd(pd)) {
f1f6e3b8 3827 target_phys_addr_t addr1;
13eb76e0 3828 /* I/O case */
11c7ef0c 3829 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3830 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6c2934db 3831 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3832 /* 32 bit read access */
acbbec5d 3833 val = io_mem_read(io_index, addr1, 4);
c27004ec 3834 stl_p(buf, val);
13eb76e0 3835 l = 4;
6c2934db 3836 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3837 /* 16 bit read access */
acbbec5d 3838 val = io_mem_read(io_index, addr1, 2);
c27004ec 3839 stw_p(buf, val);
13eb76e0
FB		 3840 l = 2;
3841 } else {
1c213d19 3842 /* 8 bit read access */
acbbec5d 3843 val = io_mem_read(io_index, addr1, 1);
c27004ec 3844 stb_p(buf, val);
13eb76e0
FB		 3845 l = 1;
3846 }
3847 } else {
3848 /* RAM case */
050a0ddf
AP		 3849 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3850 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3851 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3852 }
3853 }
3854 len -= l;
3855 buf += l;
3856 addr += l;
3857 }
3858}
8df1cd07 3859
d0ecd2aa 3860/* used for ROM loading : can write in RAM and ROM */
c227f099 3861void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3862 const uint8_t *buf, int len)
3863{
3864 int l;
3865 uint8_t *ptr;
c227f099 3866 target_phys_addr_t page;
d0ecd2aa 3867 unsigned long pd;
f1f6e3b8 3868 PhysPageDesc p;
3b46e624 3869
d0ecd2aa
FB		 3870 while (len > 0) {
3871 page = addr & TARGET_PAGE_MASK;
3872 l = (page + TARGET_PAGE_SIZE) - addr;
3873 if (l > len)
3874 l = len;
3875 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3876 pd = p.phys_offset;
3b46e624 3877
1d393fa2 3878 if (!is_ram_rom_romd(pd)) {
d0ecd2aa
FB		 3879 /* do nothing */
3880 } else {
3881 unsigned long addr1;
3882 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3883 /* ROM/RAM case */
5579c7f3 3884 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3885 memcpy(ptr, buf, l);
050a0ddf 3886 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3887 }
3888 len -= l;
3889 buf += l;
3890 addr += l;
3891 }
3892}
3893
6d16c2f8
AL		 3894typedef struct {
3895 void *buffer;
c227f099
AL		 3896 target_phys_addr_t addr;
3897 target_phys_addr_t len;
6d16c2f8
AL		 3898} BounceBuffer;
3899
3900static BounceBuffer bounce;
3901
ba223c29
AL		 3902typedef struct MapClient {
3903 void *opaque;
3904 void (*callback)(void *opaque);
72cf2d4f 3905 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3906} MapClient;
3907
72cf2d4f
BS		 3908static QLIST_HEAD(map_client_list, MapClient) map_client_list
3909 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3910
3911void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3912{
7267c094 3913 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3914
3915 client->opaque = opaque;
3916 client->callback = callback;
72cf2d4f 3917 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3918 return client;
3919}
3920
3921void cpu_unregister_map_client(void *_client)
3922{
3923 MapClient *client = (MapClient *)_client;
3924
72cf2d4f 3925 QLIST_REMOVE(client, link);
7267c094 3926 g_free(client);
ba223c29
AL		 3927}
3928
3929static void cpu_notify_map_clients(void)
3930{
3931 MapClient *client;
3932
72cf2d4f
BS		 3933 while (!QLIST_EMPTY(&map_client_list)) {
3934 client = QLIST_FIRST(&map_client_list);
ba223c29 3935 client->callback(client->opaque);
34d5e948 3936 cpu_unregister_map_client(client);
ba223c29
AL		 3937 }
3938}
3939
6d16c2f8
AL		 3940/* Map a physical memory region into a host virtual address.
3941 * May map a subset of the requested range, given by and returned in *plen.
3942 * May return NULL if resources needed to perform the mapping are exhausted.
3943 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3944 * Use cpu_register_map_client() to know when retrying the map operation is
3945 * likely to succeed.
6d16c2f8 3946 */
c227f099
AL		 3947void *cpu_physical_memory_map(target_phys_addr_t addr,
3948 target_phys_addr_t *plen,
6d16c2f8
AL		 3949 int is_write)
3950{
c227f099 3951 target_phys_addr_t len = *plen;
38bee5dc 3952 target_phys_addr_t todo = 0;
6d16c2f8 3953 int l;
c227f099 3954 target_phys_addr_t page;
6d16c2f8 3955 unsigned long pd;
f1f6e3b8 3956 PhysPageDesc p;
f15fbc4b 3957 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3958 ram_addr_t rlen;
3959 void *ret;
6d16c2f8
AL		 3960
3961 while (len > 0) {
3962 page = addr & TARGET_PAGE_MASK;
3963 l = (page + TARGET_PAGE_SIZE) - addr;
3964 if (l > len)
3965 l = len;
3966 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3967 pd = p.phys_offset;
6d16c2f8 3968
0e0df1e2 3969 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
38bee5dc 3970 if (todo || bounce.buffer) {
6d16c2f8
AL		 3971 break;
3972 }
3973 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3974 bounce.addr = addr;
3975 bounce.len = l;
3976 if (!is_write) {
54f7b4a3 3977 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3978 }
38bee5dc
SS		 3979
3980 *plen = l;
3981 return bounce.buffer;
6d16c2f8 3982 }
8ab934f9
SS		 3983 if (!todo) {
3984 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3985 }
6d16c2f8
AL		 3986
3987 len -= l;
3988 addr += l;
38bee5dc 3989 todo += l;
6d16c2f8 3990 }
8ab934f9
SS		 3991 rlen = todo;
3992 ret = qemu_ram_ptr_length(raddr, &rlen);
3993 *plen = rlen;
3994 return ret;
6d16c2f8
AL		 3995}
3996
3997/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3998 * Will also mark the memory as dirty if is_write == 1. access_len gives
3999 * the amount of memory that was actually read or written by the caller.
4000 */
c227f099
AL		 4001void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4002 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4003{
4004 if (buffer != bounce.buffer) {
4005 if (is_write) {
e890261f 4006 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4007 while (access_len) {
4008 unsigned l;
4009 l = TARGET_PAGE_SIZE;
4010 if (l > access_len)
4011 l = access_len;
4012 if (!cpu_physical_memory_is_dirty(addr1)) {
4013 /* invalidate code */
4014 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4015 /* set dirty bit */
f7c11b53
YT		 4016 cpu_physical_memory_set_dirty_flags(
4017 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4018 }
4019 addr1 += l;
4020 access_len -= l;
4021 }
4022 }
868bb33f 4023 if (xen_enabled()) {
e41d7c69 4024 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4025 }
6d16c2f8
AL		 4026 return;
4027 }
4028 if (is_write) {
4029 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4030 }
f8a83245 4031 qemu_vfree(bounce.buffer);
6d16c2f8 4032 bounce.buffer = NULL;
ba223c29 4033 cpu_notify_map_clients();
6d16c2f8 4034}
d0ecd2aa 4035
8df1cd07 4036/* warning: addr must be aligned */
1e78bcc1
AG		 4037static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4038 enum device_endian endian)
8df1cd07
FB		 4039{
4040 int io_index;
4041 uint8_t *ptr;
4042 uint32_t val;
4043 unsigned long pd;
f1f6e3b8 4044 PhysPageDesc p;
8df1cd07
FB		 4045
4046 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4047 pd = p.phys_offset;
3b46e624 4048
1d393fa2 4049 if (!is_ram_rom_romd(pd)) {
8df1cd07 4050 /* I/O case */
11c7ef0c 4051 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4052 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4053 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4054#if defined(TARGET_WORDS_BIGENDIAN)
4055 if (endian == DEVICE_LITTLE_ENDIAN) {
4056 val = bswap32(val);
4057 }
4058#else
4059 if (endian == DEVICE_BIG_ENDIAN) {
4060 val = bswap32(val);
4061 }
4062#endif
8df1cd07
FB		 4063 } else {
4064 /* RAM case */
5579c7f3 4065 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4066 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4067 switch (endian) {
4068 case DEVICE_LITTLE_ENDIAN:
4069 val = ldl_le_p(ptr);
4070 break;
4071 case DEVICE_BIG_ENDIAN:
4072 val = ldl_be_p(ptr);
4073 break;
4074 default:
4075 val = ldl_p(ptr);
4076 break;
4077 }
8df1cd07
FB		 4078 }
4079 return val;
4080}
4081
1e78bcc1
AG		 4082uint32_t ldl_phys(target_phys_addr_t addr)
4083{
4084 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4085}
4086
4087uint32_t ldl_le_phys(target_phys_addr_t addr)
4088{
4089 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4090}
4091
4092uint32_t ldl_be_phys(target_phys_addr_t addr)
4093{
4094 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4095}
4096
84b7b8e7 4097/* warning: addr must be aligned */
1e78bcc1
AG		 4098static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4099 enum device_endian endian)
84b7b8e7
FB		 4100{
4101 int io_index;
4102 uint8_t *ptr;
4103 uint64_t val;
4104 unsigned long pd;
f1f6e3b8 4105 PhysPageDesc p;
84b7b8e7
FB		 4106
4107 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4108 pd = p.phys_offset;
3b46e624 4109
1d393fa2 4110 if (!is_ram_rom_romd(pd)) {
84b7b8e7 4111 /* I/O case */
11c7ef0c 4112 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4113 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4114
4115 /* XXX This is broken when device endian != cpu endian.
4116 Fix and add "endian" variable check */
84b7b8e7 4117#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4118 val = io_mem_read(io_index, addr, 4) << 32;
4119 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4120#else
acbbec5d
AK		 4121 val = io_mem_read(io_index, addr, 4);
4122 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4123#endif
4124 } else {
4125 /* RAM case */
5579c7f3 4126 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4127 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4128 switch (endian) {
4129 case DEVICE_LITTLE_ENDIAN:
4130 val = ldq_le_p(ptr);
4131 break;
4132 case DEVICE_BIG_ENDIAN:
4133 val = ldq_be_p(ptr);
4134 break;
4135 default:
4136 val = ldq_p(ptr);
4137 break;
4138 }
84b7b8e7
FB		 4139 }
4140 return val;
4141}
4142
1e78bcc1
AG		 4143uint64_t ldq_phys(target_phys_addr_t addr)
4144{
4145 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4146}
4147
4148uint64_t ldq_le_phys(target_phys_addr_t addr)
4149{
4150 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4151}
4152
4153uint64_t ldq_be_phys(target_phys_addr_t addr)
4154{
4155 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4156}
4157
aab33094 4158/* XXX: optimize */
c227f099 4159uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4160{
4161 uint8_t val;
4162 cpu_physical_memory_read(addr, &val, 1);
4163 return val;
4164}
4165
733f0b02 4166/* warning: addr must be aligned */
1e78bcc1
AG		 4167static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4168 enum device_endian endian)
aab33094 4169{
733f0b02
MT		 4170 int io_index;
4171 uint8_t *ptr;
4172 uint64_t val;
4173 unsigned long pd;
f1f6e3b8 4174 PhysPageDesc p;
733f0b02
MT		 4175
4176 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4177 pd = p.phys_offset;
733f0b02 4178
1d393fa2 4179 if (!is_ram_rom_romd(pd)) {
733f0b02 4180 /* I/O case */
11c7ef0c 4181 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4182 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4183 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4184#if defined(TARGET_WORDS_BIGENDIAN)
4185 if (endian == DEVICE_LITTLE_ENDIAN) {
4186 val = bswap16(val);
4187 }
4188#else
4189 if (endian == DEVICE_BIG_ENDIAN) {
4190 val = bswap16(val);
4191 }
4192#endif
733f0b02
MT		 4193 } else {
4194 /* RAM case */
4195 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4196 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4197 switch (endian) {
4198 case DEVICE_LITTLE_ENDIAN:
4199 val = lduw_le_p(ptr);
4200 break;
4201 case DEVICE_BIG_ENDIAN:
4202 val = lduw_be_p(ptr);
4203 break;
4204 default:
4205 val = lduw_p(ptr);
4206 break;
4207 }
733f0b02
MT		 4208 }
4209 return val;
aab33094
FB		 4210}
4211
1e78bcc1
AG		 4212uint32_t lduw_phys(target_phys_addr_t addr)
4213{
4214 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4215}
4216
4217uint32_t lduw_le_phys(target_phys_addr_t addr)
4218{
4219 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4220}
4221
4222uint32_t lduw_be_phys(target_phys_addr_t addr)
4223{
4224 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4225}
4226
8df1cd07
FB		 4227/* warning: addr must be aligned. The ram page is not masked as dirty
4228 and the code inside is not invalidated. It is useful if the dirty
4229 bits are used to track modified PTEs */
c227f099 4230void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4231{
4232 int io_index;
4233 uint8_t *ptr;
4234 unsigned long pd;
f1f6e3b8 4235 PhysPageDesc p;
8df1cd07
FB		 4236
4237 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4238 pd = p.phys_offset;
3b46e624 4239
0e0df1e2 4240 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4241 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4242 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4243 io_mem_write(io_index, addr, val, 4);
8df1cd07 4244 } else {
74576198 4245 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4246 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4247 stl_p(ptr, val);
74576198
AL		 4248
4249 if (unlikely(in_migration)) {
4250 if (!cpu_physical_memory_is_dirty(addr1)) {
4251 /* invalidate code */
4252 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4253 /* set dirty bit */
f7c11b53
YT		 4254 cpu_physical_memory_set_dirty_flags(
4255 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4256 }
4257 }
8df1cd07
FB		 4258 }
4259}
4260
c227f099 4261void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4262{
4263 int io_index;
4264 uint8_t *ptr;
4265 unsigned long pd;
f1f6e3b8 4266 PhysPageDesc p;
bc98a7ef
JM		 4267
4268 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4269 pd = p.phys_offset;
3b46e624 4270
0e0df1e2 4271 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4272 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4273 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
bc98a7ef 4274#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4275 io_mem_write(io_index, addr, val >> 32, 4);
4276 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4277#else
acbbec5d
AK		 4278 io_mem_write(io_index, addr, (uint32_t)val, 4);
4279 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4280#endif
4281 } else {
5579c7f3 4282 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4283 (addr & ~TARGET_PAGE_MASK);
4284 stq_p(ptr, val);
4285 }
4286}
4287
8df1cd07 4288/* warning: addr must be aligned */
1e78bcc1
AG		 4289static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4290 enum device_endian endian)
8df1cd07
FB		 4291{
4292 int io_index;
4293 uint8_t *ptr;
4294 unsigned long pd;
f1f6e3b8 4295 PhysPageDesc p;
8df1cd07
FB		 4296
4297 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4298 pd = p.phys_offset;
3b46e624 4299
0e0df1e2 4300 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4301 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4302 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4303#if defined(TARGET_WORDS_BIGENDIAN)
4304 if (endian == DEVICE_LITTLE_ENDIAN) {
4305 val = bswap32(val);
4306 }
4307#else
4308 if (endian == DEVICE_BIG_ENDIAN) {
4309 val = bswap32(val);
4310 }
4311#endif
acbbec5d 4312 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4313 } else {
4314 unsigned long addr1;
4315 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4316 /* RAM case */
5579c7f3 4317 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4318 switch (endian) {
4319 case DEVICE_LITTLE_ENDIAN:
4320 stl_le_p(ptr, val);
4321 break;
4322 case DEVICE_BIG_ENDIAN:
4323 stl_be_p(ptr, val);
4324 break;
4325 default:
4326 stl_p(ptr, val);
4327 break;
4328 }
3a7d929e
FB		 4329 if (!cpu_physical_memory_is_dirty(addr1)) {
4330 /* invalidate code */
4331 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4332 /* set dirty bit */
f7c11b53
YT		 4333 cpu_physical_memory_set_dirty_flags(addr1,
4334 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4335 }
8df1cd07
FB		 4336 }
4337}
4338
1e78bcc1
AG		 4339void stl_phys(target_phys_addr_t addr, uint32_t val)
4340{
4341 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4342}
4343
4344void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4345{
4346 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4347}
4348
4349void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4350{
4351 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4352}
4353
aab33094 4354/* XXX: optimize */
c227f099 4355void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4356{
4357 uint8_t v = val;
4358 cpu_physical_memory_write(addr, &v, 1);
4359}
4360
733f0b02 4361/* warning: addr must be aligned */
1e78bcc1
AG		 4362static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4363 enum device_endian endian)
aab33094 4364{
733f0b02
MT		 4365 int io_index;
4366 uint8_t *ptr;
4367 unsigned long pd;
f1f6e3b8 4368 PhysPageDesc p;
733f0b02
MT		 4369
4370 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4371 pd = p.phys_offset;
733f0b02 4372
0e0df1e2 4373 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4374 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4375 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4376#if defined(TARGET_WORDS_BIGENDIAN)
4377 if (endian == DEVICE_LITTLE_ENDIAN) {
4378 val = bswap16(val);
4379 }
4380#else
4381 if (endian == DEVICE_BIG_ENDIAN) {
4382 val = bswap16(val);
4383 }
4384#endif
acbbec5d 4385 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4386 } else {
4387 unsigned long addr1;
4388 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4389 /* RAM case */
4390 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4391 switch (endian) {
4392 case DEVICE_LITTLE_ENDIAN:
4393 stw_le_p(ptr, val);
4394 break;
4395 case DEVICE_BIG_ENDIAN:
4396 stw_be_p(ptr, val);
4397 break;
4398 default:
4399 stw_p(ptr, val);
4400 break;
4401 }
733f0b02
MT		 4402 if (!cpu_physical_memory_is_dirty(addr1)) {
4403 /* invalidate code */
4404 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4405 /* set dirty bit */
4406 cpu_physical_memory_set_dirty_flags(addr1,
4407 (0xff & ~CODE_DIRTY_FLAG));
4408 }
4409 }
aab33094
FB		 4410}
4411
1e78bcc1
AG		 4412void stw_phys(target_phys_addr_t addr, uint32_t val)
4413{
4414 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4415}
4416
4417void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4418{
4419 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4420}
4421
4422void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4423{
4424 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4425}
4426
aab33094 4427/* XXX: optimize */
c227f099 4428void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4429{
4430 val = tswap64(val);
71d2b725 4431 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4432}
4433
1e78bcc1
AG		 4434void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4435{
4436 val = cpu_to_le64(val);
4437 cpu_physical_memory_write(addr, &val, 8);
4438}
4439
4440void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4441{
4442 val = cpu_to_be64(val);
4443 cpu_physical_memory_write(addr, &val, 8);
4444}
4445
5e2972fd 4446/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4447int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4448 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4449{
4450 int l;
c227f099 4451 target_phys_addr_t phys_addr;
9b3c35e0 4452 target_ulong page;
13eb76e0
FB		 4453
4454 while (len > 0) {
4455 page = addr & TARGET_PAGE_MASK;
4456 phys_addr = cpu_get_phys_page_debug(env, page);
4457 /* if no physical page mapped, return an error */
4458 if (phys_addr == -1)
4459 return -1;
4460 l = (page + TARGET_PAGE_SIZE) - addr;
4461 if (l > len)
4462 l = len;
5e2972fd 4463 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4464 if (is_write)
4465 cpu_physical_memory_write_rom(phys_addr, buf, l);
4466 else
5e2972fd 4467 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4468 len -= l;
4469 buf += l;
4470 addr += l;
4471 }
4472 return 0;
4473}
a68fe89c 4474#endif
13eb76e0 4475
2e70f6ef
PB		 4476/* in deterministic execution mode, instructions doing device I/Os
4477 must be at the end of the TB */
4478void cpu_io_recompile(CPUState *env, void *retaddr)
4479{
4480 TranslationBlock *tb;
4481 uint32_t n, cflags;
4482 target_ulong pc, cs_base;
4483 uint64_t flags;
4484
4485 tb = tb_find_pc((unsigned long)retaddr);
4486 if (!tb) {
4487 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4488 retaddr);
4489 }
4490 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4491 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4492 /* Calculate how many instructions had been executed before the fault
bf20dc07 4493 occurred. */
2e70f6ef
PB		 4494 n = n - env->icount_decr.u16.low;
4495 /* Generate a new TB ending on the I/O insn. */
4496 n++;
4497 /* On MIPS and SH, delay slot instructions can only be restarted if
4498 they were already the first instruction in the TB. If this is not
bf20dc07 4499 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4500 branch. */
4501#if defined(TARGET_MIPS)
4502 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4503 env->active_tc.PC -= 4;
4504 env->icount_decr.u16.low++;
4505 env->hflags &= ~MIPS_HFLAG_BMASK;
4506 }
4507#elif defined(TARGET_SH4)
4508 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4509 && n > 1) {
4510 env->pc -= 2;
4511 env->icount_decr.u16.low++;
4512 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4513 }
4514#endif
4515 /* This should never happen. */
4516 if (n > CF_COUNT_MASK)
4517 cpu_abort(env, "TB too big during recompile");
4518
4519 cflags = n | CF_LAST_IO;
4520 pc = tb->pc;
4521 cs_base = tb->cs_base;
4522 flags = tb->flags;
4523 tb_phys_invalidate(tb, -1);
4524 /* FIXME: In theory this could raise an exception. In practice
4525 we have already translated the block once so it's probably ok. */
4526 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4527 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4528 the first in the TB) then we end up generating a whole new TB and
4529 repeating the fault, which is horribly inefficient.
4530 Better would be to execute just this insn uncached, or generate a
4531 second new TB. */
4532 cpu_resume_from_signal(env, NULL);
4533}
4534
b3755a91
PB		 4535#if !defined(CONFIG_USER_ONLY)
4536
055403b2 4537void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4538{
4539 int i, target_code_size, max_target_code_size;
4540 int direct_jmp_count, direct_jmp2_count, cross_page;
4541 TranslationBlock *tb;
3b46e624 4542
e3db7226
FB		 4543 target_code_size = 0;
4544 max_target_code_size = 0;
4545 cross_page = 0;
4546 direct_jmp_count = 0;
4547 direct_jmp2_count = 0;
4548 for(i = 0; i < nb_tbs; i++) {
4549 tb = &tbs[i];
4550 target_code_size += tb->size;
4551 if (tb->size > max_target_code_size)
4552 max_target_code_size = tb->size;
4553 if (tb->page_addr[1] != -1)
4554 cross_page++;
4555 if (tb->tb_next_offset[0] != 0xffff) {
4556 direct_jmp_count++;
4557 if (tb->tb_next_offset[1] != 0xffff) {
4558 direct_jmp2_count++;
4559 }
4560 }
4561 }
4562 /* XXX: avoid using doubles ? */
57fec1fe 4563 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4564 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4565 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4566 cpu_fprintf(f, "TB count %d/%d\n",
4567 nb_tbs, code_gen_max_blocks);
5fafdf24 4568 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4569 nb_tbs ? target_code_size / nb_tbs : 0,
4570 max_target_code_size);
055403b2 4571 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4572 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4573 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4574 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4575 cross_page,
e3db7226
FB		 4576 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4577 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4578 direct_jmp_count,
e3db7226
FB		 4579 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4580 direct_jmp2_count,
4581 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4582 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4583 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4584 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4585 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4586 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4587}
4588
d39e8222
AK		 4589/* NOTE: this function can trigger an exception */
4590/* NOTE2: the returned address is not exactly the physical address: it
4591 is the offset relative to phys_ram_base */
4592tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4593{
4594 int mmu_idx, page_index, pd;
4595 void *p;
4596
4597 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4598 mmu_idx = cpu_mmu_index(env1);
4599 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4600 (addr & TARGET_PAGE_MASK))) {
4601 ldub_code(addr);
4602 }
4603 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4604 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
75c578dc 4605 && !is_romd(pd)) {
d39e8222
AK		 4606#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4607 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4608#else
4609 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4610#endif
4611 }
4612 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4613 return qemu_ram_addr_from_host_nofail(p);
4614}
4615
82afa586
BH		 4616/*
4617 * A helper function for the _utterly broken_ virtio device model to find out if
4618 * it's running on a big endian machine. Don't do this at home kids!
4619 */
4620bool virtio_is_big_endian(void);
4621bool virtio_is_big_endian(void)
4622{
4623#if defined(TARGET_WORDS_BIGENDIAN)
4624 return true;
4625#else
4626 return false;
4627#endif
4628}
4629
61382a50 4630#define MMUSUFFIX _cmmu
3917149d 4631#undef GETPC
61382a50
FB		 4632#define GETPC() NULL
4633#define env cpu_single_env
b769d8fe 4634#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4635
4636#define SHIFT 0
4637#include "softmmu_template.h"
4638
4639#define SHIFT 1
4640#include "softmmu_template.h"
4641
4642#define SHIFT 2
4643#include "softmmu_template.h"
4644
4645#define SHIFT 3
4646#include "softmmu_template.h"
4647
4648#undef env
4649
4650#endif
QEMU mirror