]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: change memory registration to rebuild the memory map on each change
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
5cd2c5b6
RH		 163/* The bits remaining after N lower levels of page tables. */
164#define P_L1_BITS_REM \
165 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
166#define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
168
169/* Size of the L1 page table. Avoid silly small sizes. */
170#if P_L1_BITS_REM < 4
171#define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
172#else
173#define P_L1_BITS P_L1_BITS_REM
174#endif
175
176#if V_L1_BITS_REM < 4
177#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
178#else
179#define V_L1_BITS V_L1_BITS_REM
180#endif
181
182#define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
183#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
184
185#define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
186#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
187
83fb7adf 188unsigned long qemu_real_host_page_size;
83fb7adf
FB		 189unsigned long qemu_host_page_size;
190unsigned long qemu_host_page_mask;
54936004 191
5cd2c5b6
RH		 192/* This is a multi-level map on the virtual address space.
193 The bottom level has pointers to PageDesc. */
194static void *l1_map[V_L1_SIZE];
54936004 195
e2eef170 196#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 197typedef struct PhysPageDesc {
198 /* offset in host memory of the page + io_index in the low bits */
199 ram_addr_t phys_offset;
200 ram_addr_t region_offset;
201} PhysPageDesc;
202
5cd2c5b6
RH		 203/* This is a multi-level map on the physical address space.
204 The bottom level has pointers to PhysPageDesc. */
205static void *l1_phys_map[P_L1_SIZE];
6d9a1304 206
e2eef170 207static void io_mem_init(void);
62152b8a 208static void memory_map_init(void);
e2eef170 209
33417e70 210/* io memory support */
a621f38d 211MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 212static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 213static MemoryRegion io_mem_watch;
6658ffb8 214#endif
33417e70 215
34865134 216/* log support */
1e8b27ca
JR		 217#ifdef WIN32
218static const char *logfilename = "qemu.log";
219#else
d9b630fd 220static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 221#endif
34865134
FB		 222FILE *logfile;
223int loglevel;
e735b91c 224static int log_append = 0;
34865134 225
e3db7226 226/* statistics */
b3755a91 227#if !defined(CONFIG_USER_ONLY)
e3db7226 228static int tlb_flush_count;
b3755a91 229#endif
e3db7226
FB		 230static int tb_flush_count;
231static int tb_phys_invalidate_count;
232
7cb69cae
FB		 233#ifdef _WIN32
234static void map_exec(void *addr, long size)
235{
236 DWORD old_protect;
237 VirtualProtect(addr, size,
238 PAGE_EXECUTE_READWRITE, &old_protect);
239
240}
241#else
242static void map_exec(void *addr, long size)
243{
4369415f 244 unsigned long start, end, page_size;
7cb69cae 245
4369415f 246 page_size = getpagesize();
7cb69cae 247 start = (unsigned long)addr;
4369415f 248 start &= ~(page_size - 1);
7cb69cae
FB		 249
250 end = (unsigned long)addr + size;
4369415f
FB		 251 end += page_size - 1;
252 end &= ~(page_size - 1);
7cb69cae
FB		 253
254 mprotect((void *)start, end - start,
255 PROT_READ | PROT_WRITE | PROT_EXEC);
256}
257#endif
258
b346ff46 259static void page_init(void)
54936004 260{
83fb7adf 261 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 262 TARGET_PAGE_SIZE */
c2b48b69
AL		 263#ifdef _WIN32
264 {
265 SYSTEM_INFO system_info;
266
267 GetSystemInfo(&system_info);
268 qemu_real_host_page_size = system_info.dwPageSize;
269 }
270#else
271 qemu_real_host_page_size = getpagesize();
272#endif
83fb7adf
FB		 273 if (qemu_host_page_size == 0)
274 qemu_host_page_size = qemu_real_host_page_size;
275 if (qemu_host_page_size < TARGET_PAGE_SIZE)
276 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 277 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 278
2e9a5713 279#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 280 {
f01576f1
JL		 281#ifdef HAVE_KINFO_GETVMMAP
282 struct kinfo_vmentry *freep;
283 int i, cnt;
284
285 freep = kinfo_getvmmap(getpid(), &cnt);
286 if (freep) {
287 mmap_lock();
288 for (i = 0; i < cnt; i++) {
289 unsigned long startaddr, endaddr;
290
291 startaddr = freep[i].kve_start;
292 endaddr = freep[i].kve_end;
293 if (h2g_valid(startaddr)) {
294 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
295
296 if (h2g_valid(endaddr)) {
297 endaddr = h2g(endaddr);
fd436907 298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 299 } else {
300#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
301 endaddr = ~0ul;
fd436907 302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 303#endif
304 }
305 }
306 }
307 free(freep);
308 mmap_unlock();
309 }
310#else
50a9569b 311 FILE *f;
50a9569b 312
0776590d 313 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 314
fd436907 315 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 316 if (f) {
5cd2c5b6
RH		 317 mmap_lock();
318
50a9569b 319 do {
5cd2c5b6
RH		 320 unsigned long startaddr, endaddr;
321 int n;
322
323 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
324
325 if (n == 2 && h2g_valid(startaddr)) {
326 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
327
328 if (h2g_valid(endaddr)) {
329 endaddr = h2g(endaddr);
330 } else {
331 endaddr = ~0ul;
332 }
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 334 }
335 } while (!feof(f));
5cd2c5b6 336
50a9569b 337 fclose(f);
5cd2c5b6 338 mmap_unlock();
50a9569b 339 }
f01576f1 340#endif
50a9569b
AZ		 341 }
342#endif
54936004
FB		 343}
344
41c1b1c9 345static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 346{
41c1b1c9
PB		 347 PageDesc *pd;
348 void **lp;
349 int i;
350
5cd2c5b6 351#if defined(CONFIG_USER_ONLY)
7267c094 352 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 353# define ALLOC(P, SIZE) \
354 do { \
355 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
356 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 357 } while (0)
358#else
359# define ALLOC(P, SIZE) \
7267c094 360 do { P = g_malloc0(SIZE); } while (0)
17e2377a 361#endif
434929bf 362
5cd2c5b6
RH		 363 /* Level 1. Always allocated. */
364 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
365
366 /* Level 2..N-1. */
367 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
368 void **p = *lp;
369
370 if (p == NULL) {
371 if (!alloc) {
372 return NULL;
373 }
374 ALLOC(p, sizeof(void *) * L2_SIZE);
375 *lp = p;
17e2377a 376 }
5cd2c5b6
RH		 377
378 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
379 }
380
381 pd = *lp;
382 if (pd == NULL) {
383 if (!alloc) {
384 return NULL;
385 }
386 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
387 *lp = pd;
54936004 388 }
5cd2c5b6
RH		 389
390#undef ALLOC
5cd2c5b6
RH		 391
392 return pd + (index & (L2_SIZE - 1));
54936004
FB		 393}
394
41c1b1c9 395static inline PageDesc *page_find(tb_page_addr_t index)
54936004 396{
5cd2c5b6 397 return page_find_alloc(index, 0);
fd6ce8f6
FB		 398}
399
6d9a1304 400#if !defined(CONFIG_USER_ONLY)
c227f099 401static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 402{
e3f4e2a4 403 PhysPageDesc *pd;
5cd2c5b6
RH		 404 void **lp;
405 int i;
92e873b9 406
5cd2c5b6
RH		 407 /* Level 1. Always allocated. */
408 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
108c49b8 409
5cd2c5b6
RH		 410 /* Level 2..N-1. */
411 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
412 void **p = *lp;
413 if (p == NULL) {
414 if (!alloc) {
415 return NULL;
416 }
7267c094 417 *lp = p = g_malloc0(sizeof(void *) * L2_SIZE);
5cd2c5b6
RH		 418 }
419 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
108c49b8 420 }
5cd2c5b6 421
e3f4e2a4 422 pd = *lp;
5cd2c5b6 423 if (pd == NULL) {
e3f4e2a4 424 int i;
5ab97b7f 425 int first_index = index & ~(L2_SIZE - 1);
5cd2c5b6
RH		 426
427 if (!alloc) {
108c49b8 428 return NULL;
5cd2c5b6
RH		 429 }
430
7267c094 431 *lp = pd = g_malloc(sizeof(PhysPageDesc) * L2_SIZE);
5cd2c5b6 432
67c4d23c 433 for (i = 0; i < L2_SIZE; i++) {
0e0df1e2 434 pd[i].phys_offset = io_mem_unassigned.ram_addr;
5ab97b7f 435 pd[i].region_offset = (first_index + i) << TARGET_PAGE_BITS;
67c4d23c 436 }
92e873b9 437 }
5cd2c5b6
RH		 438
439 return pd + (index & (L2_SIZE - 1));
92e873b9
FB		 440}
441
f1f6e3b8 442static inline PhysPageDesc phys_page_find(target_phys_addr_t index)
92e873b9 443{
f1f6e3b8
AK		 444 PhysPageDesc *p = phys_page_find_alloc(index, 0);
445
446 if (p) {
447 return *p;
448 } else {
449 return (PhysPageDesc) {
0e0df1e2 450 .phys_offset = io_mem_unassigned.ram_addr,
f1f6e3b8
AK		 451 .region_offset = index << TARGET_PAGE_BITS,
452 };
453 }
92e873b9
FB		 454}
455
c227f099
AL		 456static void tlb_protect_code(ram_addr_t ram_addr);
457static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 458 target_ulong vaddr);
c8a706fe
PB		 459#define mmap_lock() do { } while(0)
460#define mmap_unlock() do { } while(0)
9fa3e853 461#endif
fd6ce8f6 462
4369415f
FB		 463#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
464
465#if defined(CONFIG_USER_ONLY)
ccbb4d44 466/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 467 user mode. It will change when a dedicated libc will be used */
468#define USE_STATIC_CODE_GEN_BUFFER
469#endif
470
471#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 472static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
473 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 474#endif
475
8fcd3692 476static void code_gen_alloc(unsigned long tb_size)
26a5f13b 477{
4369415f
FB		 478#ifdef USE_STATIC_CODE_GEN_BUFFER
479 code_gen_buffer = static_code_gen_buffer;
480 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
481 map_exec(code_gen_buffer, code_gen_buffer_size);
482#else
26a5f13b
FB		 483 code_gen_buffer_size = tb_size;
484 if (code_gen_buffer_size == 0) {
4369415f 485#if defined(CONFIG_USER_ONLY)
4369415f
FB		 486 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
487#else
ccbb4d44 488 /* XXX: needs adjustments */
94a6b54f 489 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 490#endif
26a5f13b
FB		 491 }
492 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
493 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
494 /* The code gen buffer location may have constraints depending on
495 the host cpu and OS */
496#if defined(__linux__)
497 {
498 int flags;
141ac468
BS		 499 void *start = NULL;
500
26a5f13b
FB		 501 flags = MAP_PRIVATE | MAP_ANONYMOUS;
502#if defined(__x86_64__)
503 flags |= MAP_32BIT;
504 /* Cannot map more than that */
505 if (code_gen_buffer_size > (800 * 1024 * 1024))
506 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 507#elif defined(__sparc_v9__)
508 // Map the buffer below 2G, so we can use direct calls and branches
509 flags |= MAP_FIXED;
510 start = (void *) 0x60000000UL;
511 if (code_gen_buffer_size > (512 * 1024 * 1024))
512 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 513#elif defined(__arm__)
5c84bd90 514 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 515 if (code_gen_buffer_size > 16 * 1024 * 1024)
516 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 517#elif defined(__s390x__)
518 /* Map the buffer so that we can use direct calls and branches. */
519 /* We have a +- 4GB range on the branches; leave some slop. */
520 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
521 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
522 }
523 start = (void *)0x90000000UL;
26a5f13b 524#endif
141ac468
BS		 525 code_gen_buffer = mmap(start, code_gen_buffer_size,
526 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 527 flags, -1, 0);
528 if (code_gen_buffer == MAP_FAILED) {
529 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
530 exit(1);
531 }
532 }
cbb608a5 533#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 534 || defined(__DragonFly__) || defined(__OpenBSD__) \
535 || defined(__NetBSD__)
06e67a82
AL		 536 {
537 int flags;
538 void *addr = NULL;
539 flags = MAP_PRIVATE | MAP_ANONYMOUS;
540#if defined(__x86_64__)
541 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
542 * 0x40000000 is free */
543 flags |= MAP_FIXED;
544 addr = (void *)0x40000000;
545 /* Cannot map more than that */
546 if (code_gen_buffer_size > (800 * 1024 * 1024))
547 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 548#elif defined(__sparc_v9__)
549 // Map the buffer below 2G, so we can use direct calls and branches
550 flags |= MAP_FIXED;
551 addr = (void *) 0x60000000UL;
552 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
553 code_gen_buffer_size = (512 * 1024 * 1024);
554 }
06e67a82
AL		 555#endif
556 code_gen_buffer = mmap(addr, code_gen_buffer_size,
557 PROT_WRITE | PROT_READ | PROT_EXEC,
558 flags, -1, 0);
559 if (code_gen_buffer == MAP_FAILED) {
560 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
561 exit(1);
562 }
563 }
26a5f13b 564#else
7267c094 565 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 566 map_exec(code_gen_buffer, code_gen_buffer_size);
567#endif
4369415f 568#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 569 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 570 code_gen_buffer_max_size = code_gen_buffer_size -
571 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 572 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 573 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 574}
575
576/* Must be called before using the QEMU cpus. 'tb_size' is the size
577 (in bytes) allocated to the translation buffer. Zero means default
578 size. */
d5ab9713 579void tcg_exec_init(unsigned long tb_size)
26a5f13b 580{
26a5f13b
FB		 581 cpu_gen_init();
582 code_gen_alloc(tb_size);
583 code_gen_ptr = code_gen_buffer;
4369415f 584 page_init();
9002ec79
RH		 585#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
586 /* There's no guest base to take into account, so go ahead and
587 initialize the prologue now. */
588 tcg_prologue_init(&tcg_ctx);
589#endif
26a5f13b
FB		 590}
591
d5ab9713
JK		 592bool tcg_enabled(void)
593{
594 return code_gen_buffer != NULL;
595}
596
597void cpu_exec_init_all(void)
598{
599#if !defined(CONFIG_USER_ONLY)
600 memory_map_init();
601 io_mem_init();
602#endif
603}
604
9656f324
PB		 605#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
606
e59fb374 607static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 608{
609 CPUState *env = opaque;
9656f324 610
3098dba0
AJ		 611 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
612 version_id is increased. */
613 env->interrupt_request &= ~0x01;
9656f324
PB		 614 tlb_flush(env, 1);
615
616 return 0;
617}
e7f4eff7
JQ		 618
619static const VMStateDescription vmstate_cpu_common = {
620 .name = "cpu_common",
621 .version_id = 1,
622 .minimum_version_id = 1,
623 .minimum_version_id_old = 1,
e7f4eff7
JQ		 624 .post_load = cpu_common_post_load,
625 .fields = (VMStateField []) {
626 VMSTATE_UINT32(halted, CPUState),
627 VMSTATE_UINT32(interrupt_request, CPUState),
628 VMSTATE_END_OF_LIST()
629 }
630};
9656f324
PB		 631#endif
632
950f1472
GC		 633CPUState *qemu_get_cpu(int cpu)
634{
635 CPUState *env = first_cpu;
636
637 while (env) {
638 if (env->cpu_index == cpu)
639 break;
640 env = env->next_cpu;
641 }
642
643 return env;
644}
645
6a00d601 646void cpu_exec_init(CPUState *env)
fd6ce8f6 647{
6a00d601
FB		 648 CPUState **penv;
649 int cpu_index;
650
c2764719
PB		 651#if defined(CONFIG_USER_ONLY)
652 cpu_list_lock();
653#endif
6a00d601
FB		 654 env->next_cpu = NULL;
655 penv = &first_cpu;
656 cpu_index = 0;
657 while (*penv != NULL) {
1e9fa730 658 penv = &(*penv)->next_cpu;
6a00d601
FB		 659 cpu_index++;
660 }
661 env->cpu_index = cpu_index;
268a362c 662 env->numa_node = 0;
72cf2d4f
BS		 663 QTAILQ_INIT(&env->breakpoints);
664 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 665#ifndef CONFIG_USER_ONLY
666 env->thread_id = qemu_get_thread_id();
667#endif
6a00d601 668 *penv = env;
c2764719
PB		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_unlock();
671#endif
b3c7724c 672#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 673 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
674 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 675 cpu_save, cpu_load, env);
676#endif
fd6ce8f6
FB		 677}
678
d1a1eb74
TG		 679/* Allocate a new translation block. Flush the translation buffer if
680 too many translation blocks or too much generated code. */
681static TranslationBlock *tb_alloc(target_ulong pc)
682{
683 TranslationBlock *tb;
684
685 if (nb_tbs >= code_gen_max_blocks ||
686 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
687 return NULL;
688 tb = &tbs[nb_tbs++];
689 tb->pc = pc;
690 tb->cflags = 0;
691 return tb;
692}
693
694void tb_free(TranslationBlock *tb)
695{
696 /* In practice this is mostly used for single use temporary TB
697 Ignore the hard cases and just back up if this TB happens to
698 be the last one generated. */
699 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
700 code_gen_ptr = tb->tc_ptr;
701 nb_tbs--;
702 }
703}
704
9fa3e853
FB		 705static inline void invalidate_page_bitmap(PageDesc *p)
706{
707 if (p->code_bitmap) {
7267c094 708 g_free(p->code_bitmap);
9fa3e853
FB		 709 p->code_bitmap = NULL;
710 }
711 p->code_write_count = 0;
712}
713
5cd2c5b6
RH		 714/* Set to NULL all the 'first_tb' fields in all PageDescs. */
715
716static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 717{
5cd2c5b6 718 int i;
fd6ce8f6 719
5cd2c5b6
RH		 720 if (*lp == NULL) {
721 return;
722 }
723 if (level == 0) {
724 PageDesc *pd = *lp;
7296abac 725 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 726 pd[i].first_tb = NULL;
727 invalidate_page_bitmap(pd + i);
fd6ce8f6 728 }
5cd2c5b6
RH		 729 } else {
730 void **pp = *lp;
7296abac 731 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 732 page_flush_tb_1 (level - 1, pp + i);
733 }
734 }
735}
736
737static void page_flush_tb(void)
738{
739 int i;
740 for (i = 0; i < V_L1_SIZE; i++) {
741 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 742 }
743}
744
745/* flush all the translation blocks */
d4e8164f 746/* XXX: tb_flush is currently not thread safe */
6a00d601 747void tb_flush(CPUState *env1)
fd6ce8f6 748{
6a00d601 749 CPUState *env;
0124311e 750#if defined(DEBUG_FLUSH)
ab3d1727
BS		 751 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
752 (unsigned long)(code_gen_ptr - code_gen_buffer),
753 nb_tbs, nb_tbs > 0 ?
754 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 755#endif
26a5f13b 756 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 757 cpu_abort(env1, "Internal error: code buffer overflow\n");
758
fd6ce8f6 759 nb_tbs = 0;
3b46e624 760
6a00d601
FB		 761 for(env = first_cpu; env != NULL; env = env->next_cpu) {
762 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
763 }
9fa3e853 764
8a8a608f 765 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 766 page_flush_tb();
9fa3e853 767
fd6ce8f6 768 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 769 /* XXX: flush processor icache at this point if cache flush is
770 expensive */
e3db7226 771 tb_flush_count++;
fd6ce8f6
FB		 772}
773
774#ifdef DEBUG_TB_CHECK
775
bc98a7ef 776static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 777{
778 TranslationBlock *tb;
779 int i;
780 address &= TARGET_PAGE_MASK;
99773bd4
PB		 781 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
782 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 783 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
784 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 785 printf("ERROR invalidate: address=" TARGET_FMT_lx
786 " PC=%08lx size=%04x\n",
99773bd4 787 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 788 }
789 }
790 }
791}
792
793/* verify that all the pages have correct rights for code */
794static void tb_page_check(void)
795{
796 TranslationBlock *tb;
797 int i, flags1, flags2;
3b46e624 798
99773bd4
PB		 799 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
800 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 801 flags1 = page_get_flags(tb->pc);
802 flags2 = page_get_flags(tb->pc + tb->size - 1);
803 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
804 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 805 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 806 }
807 }
808 }
809}
810
811#endif
812
813/* invalidate one TB */
814static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
815 int next_offset)
816{
817 TranslationBlock *tb1;
818 for(;;) {
819 tb1 = *ptb;
820 if (tb1 == tb) {
821 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
822 break;
823 }
824 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
825 }
826}
827
9fa3e853
FB		 828static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
829{
830 TranslationBlock *tb1;
831 unsigned int n1;
832
833 for(;;) {
834 tb1 = *ptb;
835 n1 = (long)tb1 & 3;
836 tb1 = (TranslationBlock *)((long)tb1 & ~3);
837 if (tb1 == tb) {
838 *ptb = tb1->page_next[n1];
839 break;
840 }
841 ptb = &tb1->page_next[n1];
842 }
843}
844
d4e8164f
FB		 845static inline void tb_jmp_remove(TranslationBlock *tb, int n)
846{
847 TranslationBlock *tb1, **ptb;
848 unsigned int n1;
849
850 ptb = &tb->jmp_next[n];
851 tb1 = *ptb;
852 if (tb1) {
853 /* find tb(n) in circular list */
854 for(;;) {
855 tb1 = *ptb;
856 n1 = (long)tb1 & 3;
857 tb1 = (TranslationBlock *)((long)tb1 & ~3);
858 if (n1 == n && tb1 == tb)
859 break;
860 if (n1 == 2) {
861 ptb = &tb1->jmp_first;
862 } else {
863 ptb = &tb1->jmp_next[n1];
864 }
865 }
866 /* now we can suppress tb(n) from the list */
867 *ptb = tb->jmp_next[n];
868
869 tb->jmp_next[n] = NULL;
870 }
871}
872
873/* reset the jump entry 'n' of a TB so that it is not chained to
874 another TB */
875static inline void tb_reset_jump(TranslationBlock *tb, int n)
876{
877 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
878}
879
41c1b1c9 880void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 881{
6a00d601 882 CPUState *env;
8a40a180 883 PageDesc *p;
d4e8164f 884 unsigned int h, n1;
41c1b1c9 885 tb_page_addr_t phys_pc;
8a40a180 886 TranslationBlock *tb1, *tb2;
3b46e624 887
8a40a180
FB		 888 /* remove the TB from the hash list */
889 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
890 h = tb_phys_hash_func(phys_pc);
5fafdf24 891 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 892 offsetof(TranslationBlock, phys_hash_next));
893
894 /* remove the TB from the page list */
895 if (tb->page_addr[0] != page_addr) {
896 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
897 tb_page_remove(&p->first_tb, tb);
898 invalidate_page_bitmap(p);
899 }
900 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
901 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
902 tb_page_remove(&p->first_tb, tb);
903 invalidate_page_bitmap(p);
904 }
905
36bdbe54 906 tb_invalidated_flag = 1;
59817ccb 907
fd6ce8f6 908 /* remove the TB from the hash list */
8a40a180 909 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 910 for(env = first_cpu; env != NULL; env = env->next_cpu) {
911 if (env->tb_jmp_cache[h] == tb)
912 env->tb_jmp_cache[h] = NULL;
913 }
d4e8164f
FB		 914
915 /* suppress this TB from the two jump lists */
916 tb_jmp_remove(tb, 0);
917 tb_jmp_remove(tb, 1);
918
919 /* suppress any remaining jumps to this TB */
920 tb1 = tb->jmp_first;
921 for(;;) {
922 n1 = (long)tb1 & 3;
923 if (n1 == 2)
924 break;
925 tb1 = (TranslationBlock *)((long)tb1 & ~3);
926 tb2 = tb1->jmp_next[n1];
927 tb_reset_jump(tb1, n1);
928 tb1->jmp_next[n1] = NULL;
929 tb1 = tb2;
930 }
931 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 932
e3db7226 933 tb_phys_invalidate_count++;
9fa3e853
FB		 934}
935
936static inline void set_bits(uint8_t *tab, int start, int len)
937{
938 int end, mask, end1;
939
940 end = start + len;
941 tab += start >> 3;
942 mask = 0xff << (start & 7);
943 if ((start & ~7) == (end & ~7)) {
944 if (start < end) {
945 mask &= ~(0xff << (end & 7));
946 *tab |= mask;
947 }
948 } else {
949 *tab++ |= mask;
950 start = (start + 8) & ~7;
951 end1 = end & ~7;
952 while (start < end1) {
953 *tab++ = 0xff;
954 start += 8;
955 }
956 if (start < end) {
957 mask = ~(0xff << (end & 7));
958 *tab |= mask;
959 }
960 }
961}
962
963static void build_page_bitmap(PageDesc *p)
964{
965 int n, tb_start, tb_end;
966 TranslationBlock *tb;
3b46e624 967
7267c094 968 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 969
970 tb = p->first_tb;
971 while (tb != NULL) {
972 n = (long)tb & 3;
973 tb = (TranslationBlock *)((long)tb & ~3);
974 /* NOTE: this is subtle as a TB may span two physical pages */
975 if (n == 0) {
976 /* NOTE: tb_end may be after the end of the page, but
977 it is not a problem */
978 tb_start = tb->pc & ~TARGET_PAGE_MASK;
979 tb_end = tb_start + tb->size;
980 if (tb_end > TARGET_PAGE_SIZE)
981 tb_end = TARGET_PAGE_SIZE;
982 } else {
983 tb_start = 0;
984 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
985 }
986 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
987 tb = tb->page_next[n];
988 }
989}
990
2e70f6ef
PB		 991TranslationBlock *tb_gen_code(CPUState *env,
992 target_ulong pc, target_ulong cs_base,
993 int flags, int cflags)
d720b93d
FB		 994{
995 TranslationBlock *tb;
996 uint8_t *tc_ptr;
41c1b1c9
PB		 997 tb_page_addr_t phys_pc, phys_page2;
998 target_ulong virt_page2;
d720b93d
FB		 999 int code_gen_size;
1000
41c1b1c9 1001 phys_pc = get_page_addr_code(env, pc);
c27004ec 1002 tb = tb_alloc(pc);
d720b93d
FB		 1003 if (!tb) {
1004 /* flush must be done */
1005 tb_flush(env);
1006 /* cannot fail at this point */
c27004ec 1007 tb = tb_alloc(pc);
2e70f6ef
PB		 1008 /* Don't forget to invalidate previous TB info. */
1009 tb_invalidated_flag = 1;
d720b93d
FB		 1010 }
1011 tc_ptr = code_gen_ptr;
1012 tb->tc_ptr = tc_ptr;
1013 tb->cs_base = cs_base;
1014 tb->flags = flags;
1015 tb->cflags = cflags;
d07bde88 1016 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1017 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1018
d720b93d 1019 /* check next page if needed */
c27004ec 1020 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1021 phys_page2 = -1;
c27004ec 1022 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1023 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1024 }
41c1b1c9 1025 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1026 return tb;
d720b93d 1027}
3b46e624 1028
9fa3e853
FB		 1029/* invalidate all TBs which intersect with the target physical page
1030 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1031 the same physical page. 'is_cpu_write_access' should be true if called
1032 from a real cpu write access: the virtual CPU will exit the current
1033 TB if code is modified inside this TB. */
41c1b1c9 1034void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1035 int is_cpu_write_access)
1036{
6b917547 1037 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1038 CPUState *env = cpu_single_env;
41c1b1c9 1039 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1040 PageDesc *p;
1041 int n;
1042#ifdef TARGET_HAS_PRECISE_SMC
1043 int current_tb_not_found = is_cpu_write_access;
1044 TranslationBlock *current_tb = NULL;
1045 int current_tb_modified = 0;
1046 target_ulong current_pc = 0;
1047 target_ulong current_cs_base = 0;
1048 int current_flags = 0;
1049#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1050
1051 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1052 if (!p)
9fa3e853 1053 return;
5fafdf24 1054 if (!p->code_bitmap &&
d720b93d
FB		 1055 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1056 is_cpu_write_access) {
9fa3e853
FB		 1057 /* build code bitmap */
1058 build_page_bitmap(p);
1059 }
1060
1061 /* we remove all the TBs in the range [start, end[ */
1062 /* XXX: see if in some cases it could be faster to invalidate all the code */
1063 tb = p->first_tb;
1064 while (tb != NULL) {
1065 n = (long)tb & 3;
1066 tb = (TranslationBlock *)((long)tb & ~3);
1067 tb_next = tb->page_next[n];
1068 /* NOTE: this is subtle as a TB may span two physical pages */
1069 if (n == 0) {
1070 /* NOTE: tb_end may be after the end of the page, but
1071 it is not a problem */
1072 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1073 tb_end = tb_start + tb->size;
1074 } else {
1075 tb_start = tb->page_addr[1];
1076 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1077 }
1078 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1079#ifdef TARGET_HAS_PRECISE_SMC
1080 if (current_tb_not_found) {
1081 current_tb_not_found = 0;
1082 current_tb = NULL;
2e70f6ef 1083 if (env->mem_io_pc) {
d720b93d 1084 /* now we have a real cpu fault */
2e70f6ef 1085 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1086 }
1087 }
1088 if (current_tb == tb &&
2e70f6ef 1089 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1090 /* If we are modifying the current TB, we must stop
1091 its execution. We could be more precise by checking
1092 that the modification is after the current PC, but it
1093 would require a specialized function to partially
1094 restore the CPU state */
3b46e624 1095
d720b93d 1096 current_tb_modified = 1;
618ba8e6 1097 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1098 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1099 &current_flags);
d720b93d
FB		 1100 }
1101#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1102 /* we need to do that to handle the case where a signal
1103 occurs while doing tb_phys_invalidate() */
1104 saved_tb = NULL;
1105 if (env) {
1106 saved_tb = env->current_tb;
1107 env->current_tb = NULL;
1108 }
9fa3e853 1109 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1110 if (env) {
1111 env->current_tb = saved_tb;
1112 if (env->interrupt_request && env->current_tb)
1113 cpu_interrupt(env, env->interrupt_request);
1114 }
9fa3e853
FB		 1115 }
1116 tb = tb_next;
1117 }
1118#if !defined(CONFIG_USER_ONLY)
1119 /* if no code remaining, no need to continue to use slow writes */
1120 if (!p->first_tb) {
1121 invalidate_page_bitmap(p);
d720b93d 1122 if (is_cpu_write_access) {
2e70f6ef 1123 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1124 }
1125 }
1126#endif
1127#ifdef TARGET_HAS_PRECISE_SMC
1128 if (current_tb_modified) {
1129 /* we generate a block containing just the instruction
1130 modifying the memory. It will ensure that it cannot modify
1131 itself */
ea1c1802 1132 env->current_tb = NULL;
2e70f6ef 1133 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1134 cpu_resume_from_signal(env, NULL);
9fa3e853 1135 }
fd6ce8f6 1136#endif
9fa3e853 1137}
fd6ce8f6 1138
9fa3e853 1139/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1140static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1141{
1142 PageDesc *p;
1143 int offset, b;
59817ccb 1144#if 0
a4193c8a 1145 if (1) {
93fcfe39
AL		 1146 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1147 cpu_single_env->mem_io_vaddr, len,
1148 cpu_single_env->eip,
1149 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1150 }
1151#endif
9fa3e853 1152 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1153 if (!p)
9fa3e853
FB		 1154 return;
1155 if (p->code_bitmap) {
1156 offset = start & ~TARGET_PAGE_MASK;
1157 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1158 if (b & ((1 << len) - 1))
1159 goto do_invalidate;
1160 } else {
1161 do_invalidate:
d720b93d 1162 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1163 }
1164}
1165
9fa3e853 1166#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1167static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1168 unsigned long pc, void *puc)
9fa3e853 1169{
6b917547 1170 TranslationBlock *tb;
9fa3e853 1171 PageDesc *p;
6b917547 1172 int n;
d720b93d 1173#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1174 TranslationBlock *current_tb = NULL;
d720b93d 1175 CPUState *env = cpu_single_env;
6b917547
AL		 1176 int current_tb_modified = 0;
1177 target_ulong current_pc = 0;
1178 target_ulong current_cs_base = 0;
1179 int current_flags = 0;
d720b93d 1180#endif
9fa3e853
FB		 1181
1182 addr &= TARGET_PAGE_MASK;
1183 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1184 if (!p)
9fa3e853
FB		 1185 return;
1186 tb = p->first_tb;
d720b93d
FB		 1187#ifdef TARGET_HAS_PRECISE_SMC
1188 if (tb && pc != 0) {
1189 current_tb = tb_find_pc(pc);
1190 }
1191#endif
9fa3e853
FB		 1192 while (tb != NULL) {
1193 n = (long)tb & 3;
1194 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1195#ifdef TARGET_HAS_PRECISE_SMC
1196 if (current_tb == tb &&
2e70f6ef 1197 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1198 /* If we are modifying the current TB, we must stop
1199 its execution. We could be more precise by checking
1200 that the modification is after the current PC, but it
1201 would require a specialized function to partially
1202 restore the CPU state */
3b46e624 1203
d720b93d 1204 current_tb_modified = 1;
618ba8e6 1205 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1206 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1207 &current_flags);
d720b93d
FB		 1208 }
1209#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1210 tb_phys_invalidate(tb, addr);
1211 tb = tb->page_next[n];
1212 }
fd6ce8f6 1213 p->first_tb = NULL;
d720b93d
FB		 1214#ifdef TARGET_HAS_PRECISE_SMC
1215 if (current_tb_modified) {
1216 /* we generate a block containing just the instruction
1217 modifying the memory. It will ensure that it cannot modify
1218 itself */
ea1c1802 1219 env->current_tb = NULL;
2e70f6ef 1220 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1221 cpu_resume_from_signal(env, puc);
1222 }
1223#endif
fd6ce8f6 1224}
9fa3e853 1225#endif
fd6ce8f6
FB		 1226
1227/* add the tb in the target page and protect it if necessary */
5fafdf24 1228static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1229 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1230{
1231 PageDesc *p;
4429ab44
JQ		 1232#ifndef CONFIG_USER_ONLY
1233 bool page_already_protected;
1234#endif
9fa3e853
FB		 1235
1236 tb->page_addr[n] = page_addr;
5cd2c5b6 1237 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1238 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1239#ifndef CONFIG_USER_ONLY
1240 page_already_protected = p->first_tb != NULL;
1241#endif
9fa3e853
FB		 1242 p->first_tb = (TranslationBlock *)((long)tb | n);
1243 invalidate_page_bitmap(p);
fd6ce8f6 1244
107db443 1245#if defined(TARGET_HAS_SMC) || 1
d720b93d 1246
9fa3e853 1247#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1248 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1249 target_ulong addr;
1250 PageDesc *p2;
9fa3e853
FB		 1251 int prot;
1252
fd6ce8f6
FB		 1253 /* force the host page as non writable (writes will have a
1254 page fault + mprotect overhead) */
53a5960a 1255 page_addr &= qemu_host_page_mask;
fd6ce8f6 1256 prot = 0;
53a5960a
PB		 1257 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1258 addr += TARGET_PAGE_SIZE) {
1259
1260 p2 = page_find (addr >> TARGET_PAGE_BITS);
1261 if (!p2)
1262 continue;
1263 prot |= p2->flags;
1264 p2->flags &= ~PAGE_WRITE;
53a5960a 1265 }
5fafdf24 1266 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1267 (prot & PAGE_BITS) & ~PAGE_WRITE);
1268#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1269 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1270 page_addr);
fd6ce8f6 1271#endif
fd6ce8f6 1272 }
9fa3e853
FB		 1273#else
1274 /* if some code is already present, then the pages are already
1275 protected. So we handle the case where only the first TB is
1276 allocated in a physical page */
4429ab44 1277 if (!page_already_protected) {
6a00d601 1278 tlb_protect_code(page_addr);
9fa3e853
FB		 1279 }
1280#endif
d720b93d
FB		 1281
1282#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1283}
1284
9fa3e853
FB		 1285/* add a new TB and link it to the physical page tables. phys_page2 is
1286 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1287void tb_link_page(TranslationBlock *tb,
1288 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1289{
9fa3e853
FB		 1290 unsigned int h;
1291 TranslationBlock **ptb;
1292
c8a706fe
PB		 1293 /* Grab the mmap lock to stop another thread invalidating this TB
1294 before we are done. */
1295 mmap_lock();
9fa3e853
FB		 1296 /* add in the physical hash table */
1297 h = tb_phys_hash_func(phys_pc);
1298 ptb = &tb_phys_hash[h];
1299 tb->phys_hash_next = *ptb;
1300 *ptb = tb;
fd6ce8f6
FB		 1301
1302 /* add in the page list */
9fa3e853
FB		 1303 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1304 if (phys_page2 != -1)
1305 tb_alloc_page(tb, 1, phys_page2);
1306 else
1307 tb->page_addr[1] = -1;
9fa3e853 1308
d4e8164f
FB		 1309 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1310 tb->jmp_next[0] = NULL;
1311 tb->jmp_next[1] = NULL;
1312
1313 /* init original jump addresses */
1314 if (tb->tb_next_offset[0] != 0xffff)
1315 tb_reset_jump(tb, 0);
1316 if (tb->tb_next_offset[1] != 0xffff)
1317 tb_reset_jump(tb, 1);
8a40a180
FB		 1318
1319#ifdef DEBUG_TB_CHECK
1320 tb_page_check();
1321#endif
c8a706fe 1322 mmap_unlock();
fd6ce8f6
FB		 1323}
1324
9fa3e853
FB		 1325/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1326 tb[1].tc_ptr. Return NULL if not found */
1327TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1328{
9fa3e853
FB		 1329 int m_min, m_max, m;
1330 unsigned long v;
1331 TranslationBlock *tb;
a513fe19
FB		 1332
1333 if (nb_tbs <= 0)
1334 return NULL;
1335 if (tc_ptr < (unsigned long)code_gen_buffer ||
1336 tc_ptr >= (unsigned long)code_gen_ptr)
1337 return NULL;
1338 /* binary search (cf Knuth) */
1339 m_min = 0;
1340 m_max = nb_tbs - 1;
1341 while (m_min <= m_max) {
1342 m = (m_min + m_max) >> 1;
1343 tb = &tbs[m];
1344 v = (unsigned long)tb->tc_ptr;
1345 if (v == tc_ptr)
1346 return tb;
1347 else if (tc_ptr < v) {
1348 m_max = m - 1;
1349 } else {
1350 m_min = m + 1;
1351 }
5fafdf24 1352 }
a513fe19
FB		 1353 return &tbs[m_max];
1354}
7501267e 1355
ea041c0e
FB		 1356static void tb_reset_jump_recursive(TranslationBlock *tb);
1357
1358static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1359{
1360 TranslationBlock *tb1, *tb_next, **ptb;
1361 unsigned int n1;
1362
1363 tb1 = tb->jmp_next[n];
1364 if (tb1 != NULL) {
1365 /* find head of list */
1366 for(;;) {
1367 n1 = (long)tb1 & 3;
1368 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1369 if (n1 == 2)
1370 break;
1371 tb1 = tb1->jmp_next[n1];
1372 }
1373 /* we are now sure now that tb jumps to tb1 */
1374 tb_next = tb1;
1375
1376 /* remove tb from the jmp_first list */
1377 ptb = &tb_next->jmp_first;
1378 for(;;) {
1379 tb1 = *ptb;
1380 n1 = (long)tb1 & 3;
1381 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1382 if (n1 == n && tb1 == tb)
1383 break;
1384 ptb = &tb1->jmp_next[n1];
1385 }
1386 *ptb = tb->jmp_next[n];
1387 tb->jmp_next[n] = NULL;
3b46e624 1388
ea041c0e
FB		 1389 /* suppress the jump to next tb in generated code */
1390 tb_reset_jump(tb, n);
1391
0124311e 1392 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1393 tb_reset_jump_recursive(tb_next);
1394 }
1395}
1396
1397static void tb_reset_jump_recursive(TranslationBlock *tb)
1398{
1399 tb_reset_jump_recursive2(tb, 0);
1400 tb_reset_jump_recursive2(tb, 1);
1401}
1402
1fddef4b 1403#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1404#if defined(CONFIG_USER_ONLY)
1405static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1406{
1407 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1408}
1409#else
d720b93d
FB		 1410static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1411{
c227f099 1412 target_phys_addr_t addr;
9b3c35e0 1413 target_ulong pd;
c227f099 1414 ram_addr_t ram_addr;
f1f6e3b8 1415 PhysPageDesc p;
d720b93d 1416
c2f07f81
PB		 1417 addr = cpu_get_phys_page_debug(env, pc);
1418 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 1419 pd = p.phys_offset;
c2f07f81 1420 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1421 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1422}
c27004ec 1423#endif
94df27fd 1424#endif /* TARGET_HAS_ICE */
d720b93d 1425
c527ee8f
PB		 1426#if defined(CONFIG_USER_ONLY)
1427void cpu_watchpoint_remove_all(CPUState *env, int mask)
1428
1429{
1430}
1431
1432int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1433 int flags, CPUWatchpoint **watchpoint)
1434{
1435 return -ENOSYS;
1436}
1437#else
6658ffb8 1438/* Add a watchpoint. */
a1d1bb31
AL		 1439int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1440 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1441{
b4051334 1442 target_ulong len_mask = ~(len - 1);
c0ce998e 1443 CPUWatchpoint *wp;
6658ffb8 1444
b4051334
AL		 1445 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1446 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1447 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1448 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1449 return -EINVAL;
1450 }
7267c094 1451 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1452
1453 wp->vaddr = addr;
b4051334 1454 wp->len_mask = len_mask;
a1d1bb31
AL		 1455 wp->flags = flags;
1456
2dc9f411 1457 /* keep all GDB-injected watchpoints in front */
c0ce998e 1458 if (flags & BP_GDB)
72cf2d4f 1459 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1460 else
72cf2d4f 1461 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1462
6658ffb8 1463 tlb_flush_page(env, addr);
a1d1bb31
AL		 1464
1465 if (watchpoint)
1466 *watchpoint = wp;
1467 return 0;
6658ffb8
PB		 1468}
1469
a1d1bb31
AL		 1470/* Remove a specific watchpoint. */
1471int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1472 int flags)
6658ffb8 1473{
b4051334 1474 target_ulong len_mask = ~(len - 1);
a1d1bb31 1475 CPUWatchpoint *wp;
6658ffb8 1476
72cf2d4f 1477 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1478 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1479 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1480 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1481 return 0;
1482 }
1483 }
a1d1bb31 1484 return -ENOENT;
6658ffb8
PB		 1485}
1486
a1d1bb31
AL		 1487/* Remove a specific watchpoint by reference. */
1488void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1489{
72cf2d4f 1490 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1491
a1d1bb31
AL		 1492 tlb_flush_page(env, watchpoint->vaddr);
1493
7267c094 1494 g_free(watchpoint);
a1d1bb31
AL		 1495}
1496
1497/* Remove all matching watchpoints. */
1498void cpu_watchpoint_remove_all(CPUState *env, int mask)
1499{
c0ce998e 1500 CPUWatchpoint *wp, *next;
a1d1bb31 1501
72cf2d4f 1502 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1503 if (wp->flags & mask)
1504 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1505 }
7d03f82f 1506}
c527ee8f 1507#endif
7d03f82f 1508
a1d1bb31
AL		 1509/* Add a breakpoint. */
1510int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1511 CPUBreakpoint **breakpoint)
4c3a88a2 1512{
1fddef4b 1513#if defined(TARGET_HAS_ICE)
c0ce998e 1514 CPUBreakpoint *bp;
3b46e624 1515
7267c094 1516 bp = g_malloc(sizeof(*bp));
4c3a88a2 1517
a1d1bb31
AL		 1518 bp->pc = pc;
1519 bp->flags = flags;
1520
2dc9f411 1521 /* keep all GDB-injected breakpoints in front */
c0ce998e 1522 if (flags & BP_GDB)
72cf2d4f 1523 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1524 else
72cf2d4f 1525 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1526
d720b93d 1527 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1528
1529 if (breakpoint)
1530 *breakpoint = bp;
4c3a88a2
FB		 1531 return 0;
1532#else
a1d1bb31 1533 return -ENOSYS;
4c3a88a2
FB		 1534#endif
1535}
1536
a1d1bb31
AL		 1537/* Remove a specific breakpoint. */
1538int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1539{
7d03f82f 1540#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1541 CPUBreakpoint *bp;
1542
72cf2d4f 1543 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1544 if (bp->pc == pc && bp->flags == flags) {
1545 cpu_breakpoint_remove_by_ref(env, bp);
1546 return 0;
1547 }
7d03f82f 1548 }
a1d1bb31
AL		 1549 return -ENOENT;
1550#else
1551 return -ENOSYS;
7d03f82f
EI		 1552#endif
1553}
1554
a1d1bb31
AL		 1555/* Remove a specific breakpoint by reference. */
1556void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1557{
1fddef4b 1558#if defined(TARGET_HAS_ICE)
72cf2d4f 1559 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1560
a1d1bb31
AL		 1561 breakpoint_invalidate(env, breakpoint->pc);
1562
7267c094 1563 g_free(breakpoint);
a1d1bb31
AL		 1564#endif
1565}
1566
1567/* Remove all matching breakpoints. */
1568void cpu_breakpoint_remove_all(CPUState *env, int mask)
1569{
1570#if defined(TARGET_HAS_ICE)
c0ce998e 1571 CPUBreakpoint *bp, *next;
a1d1bb31 1572
72cf2d4f 1573 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1574 if (bp->flags & mask)
1575 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1576 }
4c3a88a2
FB		 1577#endif
1578}
1579
c33a346e
FB		 1580/* enable or disable single step mode. EXCP_DEBUG is returned by the
1581 CPU loop after each instruction */
1582void cpu_single_step(CPUState *env, int enabled)
1583{
1fddef4b 1584#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1585 if (env->singlestep_enabled != enabled) {
1586 env->singlestep_enabled = enabled;
e22a25c9
AL		 1587 if (kvm_enabled())
1588 kvm_update_guest_debug(env, 0);
1589 else {
ccbb4d44 1590 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1591 /* XXX: only flush what is necessary */
1592 tb_flush(env);
1593 }
c33a346e
FB		 1594 }
1595#endif
1596}
1597
34865134
FB		 1598/* enable or disable low levels log */
1599void cpu_set_log(int log_flags)
1600{
1601 loglevel = log_flags;
1602 if (loglevel && !logfile) {
11fcfab4 1603 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1604 if (!logfile) {
1605 perror(logfilename);
1606 _exit(1);
1607 }
9fa3e853
FB		 1608#if !defined(CONFIG_SOFTMMU)
1609 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1610 {
b55266b5 1611 static char logfile_buf[4096];
9fa3e853
FB		 1612 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1613 }
daf767b1
SW		 1614#elif defined(_WIN32)
1615 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1616 setvbuf(logfile, NULL, _IONBF, 0);
1617#else
34865134 1618 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1619#endif
e735b91c
PB		 1620 log_append = 1;
1621 }
1622 if (!loglevel && logfile) {
1623 fclose(logfile);
1624 logfile = NULL;
34865134
FB		 1625 }
1626}
1627
1628void cpu_set_log_filename(const char *filename)
1629{
1630 logfilename = strdup(filename);
e735b91c
PB		 1631 if (logfile) {
1632 fclose(logfile);
1633 logfile = NULL;
1634 }
1635 cpu_set_log(loglevel);
34865134 1636}
c33a346e 1637
3098dba0 1638static void cpu_unlink_tb(CPUState *env)
ea041c0e 1639{
3098dba0
AJ		 1640 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1641 problem and hope the cpu will stop of its own accord. For userspace
1642 emulation this often isn't actually as bad as it sounds. Often
1643 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1644 TranslationBlock *tb;
c227f099 1645 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1646
cab1b4bd 1647 spin_lock(&interrupt_lock);
3098dba0
AJ		 1648 tb = env->current_tb;
1649 /* if the cpu is currently executing code, we must unlink it and
1650 all the potentially executing TB */
f76cfe56 1651 if (tb) {
3098dba0
AJ		 1652 env->current_tb = NULL;
1653 tb_reset_jump_recursive(tb);
be214e6c 1654 }
cab1b4bd 1655 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1656}
1657
97ffbd8d 1658#ifndef CONFIG_USER_ONLY
3098dba0 1659/* mask must never be zero, except for A20 change call */
ec6959d0 1660static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1661{
1662 int old_mask;
be214e6c 1663
2e70f6ef 1664 old_mask = env->interrupt_request;
68a79315 1665 env->interrupt_request |= mask;
3098dba0 1666
8edac960
AL		 1667 /*
1668 * If called from iothread context, wake the target cpu in
1669 * case its halted.
1670 */
b7680cb6 1671 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1672 qemu_cpu_kick(env);
1673 return;
1674 }
8edac960 1675
2e70f6ef 1676 if (use_icount) {
266910c4 1677 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1678 if (!can_do_io(env)
be214e6c 1679 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1680 cpu_abort(env, "Raised interrupt while not in I/O function");
1681 }
2e70f6ef 1682 } else {
3098dba0 1683 cpu_unlink_tb(env);
ea041c0e
FB		 1684 }
1685}
1686
ec6959d0
JK		 1687CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1688
97ffbd8d
JK		 1689#else /* CONFIG_USER_ONLY */
1690
1691void cpu_interrupt(CPUState *env, int mask)
1692{
1693 env->interrupt_request |= mask;
1694 cpu_unlink_tb(env);
1695}
1696#endif /* CONFIG_USER_ONLY */
1697
b54ad049
FB		 1698void cpu_reset_interrupt(CPUState *env, int mask)
1699{
1700 env->interrupt_request &= ~mask;
1701}
1702
3098dba0
AJ		 1703void cpu_exit(CPUState *env)
1704{
1705 env->exit_request = 1;
1706 cpu_unlink_tb(env);
1707}
1708
c7cd6a37 1709const CPULogItem cpu_log_items[] = {
5fafdf24 1710 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1711 "show generated host assembly code for each compiled TB" },
1712 { CPU_LOG_TB_IN_ASM, "in_asm",
1713 "show target assembly code for each compiled TB" },
5fafdf24 1714 { CPU_LOG_TB_OP, "op",
57fec1fe 1715 "show micro ops for each compiled TB" },
f193c797 1716 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1717 "show micro ops "
1718#ifdef TARGET_I386
1719 "before eflags optimization and "
f193c797 1720#endif
e01a1157 1721 "after liveness analysis" },
f193c797
FB		 1722 { CPU_LOG_INT, "int",
1723 "show interrupts/exceptions in short format" },
1724 { CPU_LOG_EXEC, "exec",
1725 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1726 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1727 "show CPU state before block translation" },
f193c797
FB		 1728#ifdef TARGET_I386
1729 { CPU_LOG_PCALL, "pcall",
1730 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1731 { CPU_LOG_RESET, "cpu_reset",
1732 "show CPU state before CPU resets" },
f193c797 1733#endif
8e3a9fd2 1734#ifdef DEBUG_IOPORT
fd872598
FB		 1735 { CPU_LOG_IOPORT, "ioport",
1736 "show all i/o ports accesses" },
8e3a9fd2 1737#endif
f193c797
FB		 1738 { 0, NULL, NULL },
1739};
1740
1741static int cmp1(const char *s1, int n, const char *s2)
1742{
1743 if (strlen(s2) != n)
1744 return 0;
1745 return memcmp(s1, s2, n) == 0;
1746}
3b46e624 1747
f193c797
FB		 1748/* takes a comma separated list of log masks. Return 0 if error. */
1749int cpu_str_to_log_mask(const char *str)
1750{
c7cd6a37 1751 const CPULogItem *item;
f193c797
FB		 1752 int mask;
1753 const char *p, *p1;
1754
1755 p = str;
1756 mask = 0;
1757 for(;;) {
1758 p1 = strchr(p, ',');
1759 if (!p1)
1760 p1 = p + strlen(p);
9742bf26
YT		 1761 if(cmp1(p,p1-p,"all")) {
1762 for(item = cpu_log_items; item->mask != 0; item++) {
1763 mask |= item->mask;
1764 }
1765 } else {
1766 for(item = cpu_log_items; item->mask != 0; item++) {
1767 if (cmp1(p, p1 - p, item->name))
1768 goto found;
1769 }
1770 return 0;
f193c797 1771 }
f193c797
FB		 1772 found:
1773 mask |= item->mask;
1774 if (*p1 != ',')
1775 break;
1776 p = p1 + 1;
1777 }
1778 return mask;
1779}
ea041c0e 1780
7501267e
FB		 1781void cpu_abort(CPUState *env, const char *fmt, ...)
1782{
1783 va_list ap;
493ae1f0 1784 va_list ap2;
7501267e
FB		 1785
1786 va_start(ap, fmt);
493ae1f0 1787 va_copy(ap2, ap);
7501267e
FB		 1788 fprintf(stderr, "qemu: fatal: ");
1789 vfprintf(stderr, fmt, ap);
1790 fprintf(stderr, "\n");
1791#ifdef TARGET_I386
7fe48483
FB		 1792 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1793#else
1794 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1795#endif
93fcfe39
AL		 1796 if (qemu_log_enabled()) {
1797 qemu_log("qemu: fatal: ");
1798 qemu_log_vprintf(fmt, ap2);
1799 qemu_log("\n");
f9373291 1800#ifdef TARGET_I386
93fcfe39 1801 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1802#else
93fcfe39 1803 log_cpu_state(env, 0);
f9373291 1804#endif
31b1a7b4 1805 qemu_log_flush();
93fcfe39 1806 qemu_log_close();
924edcae 1807 }
493ae1f0 1808 va_end(ap2);
f9373291 1809 va_end(ap);
fd052bf6
RV		 1810#if defined(CONFIG_USER_ONLY)
1811 {
1812 struct sigaction act;
1813 sigfillset(&act.sa_mask);
1814 act.sa_handler = SIG_DFL;
1815 sigaction(SIGABRT, &act, NULL);
1816 }
1817#endif
7501267e
FB		 1818 abort();
1819}
1820
c5be9f08
TS		 1821CPUState *cpu_copy(CPUState *env)
1822{
01ba9816 1823 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1824 CPUState *next_cpu = new_env->next_cpu;
1825 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1826#if defined(TARGET_HAS_ICE)
1827 CPUBreakpoint *bp;
1828 CPUWatchpoint *wp;
1829#endif
1830
c5be9f08 1831 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1832
1833 /* Preserve chaining and index. */
c5be9f08
TS		 1834 new_env->next_cpu = next_cpu;
1835 new_env->cpu_index = cpu_index;
5a38f081
AL		 1836
1837 /* Clone all break/watchpoints.
1838 Note: Once we support ptrace with hw-debug register access, make sure
1839 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1840 QTAILQ_INIT(&env->breakpoints);
1841 QTAILQ_INIT(&env->watchpoints);
5a38f081 1842#if defined(TARGET_HAS_ICE)
72cf2d4f 1843 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1844 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1845 }
72cf2d4f 1846 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1847 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1848 wp->flags, NULL);
1849 }
1850#endif
1851
c5be9f08
TS		 1852 return new_env;
1853}
1854
0124311e
FB		 1855#if !defined(CONFIG_USER_ONLY)
1856
5c751e99
EI		 1857static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1858{
1859 unsigned int i;
1860
1861 /* Discard jump cache entries for any tb which might potentially
1862 overlap the flushed page. */
1863 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1864 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1865 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1866
1867 i = tb_jmp_cache_hash_page(addr);
1868 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1869 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1870}
1871
08738984
IK		 1872static CPUTLBEntry s_cputlb_empty_entry = {
1873 .addr_read = -1,
1874 .addr_write = -1,
1875 .addr_code = -1,
1876 .addend = -1,
1877};
1878
771124e1
PM		 1879/* NOTE:
1880 * If flush_global is true (the usual case), flush all tlb entries.
1881 * If flush_global is false, flush (at least) all tlb entries not
1882 * marked global.
1883 *
1884 * Since QEMU doesn't currently implement a global/not-global flag
1885 * for tlb entries, at the moment tlb_flush() will also flush all
1886 * tlb entries in the flush_global == false case. This is OK because
1887 * CPU architectures generally permit an implementation to drop
1888 * entries from the TLB at any time, so flushing more entries than
1889 * required is only an efficiency issue, not a correctness issue.
1890 */
ee8b7021 1891void tlb_flush(CPUState *env, int flush_global)
33417e70 1892{
33417e70 1893 int i;
0124311e 1894
9fa3e853
FB		 1895#if defined(DEBUG_TLB)
1896 printf("tlb_flush:\n");
1897#endif
0124311e
FB		 1898 /* must reset current TB so that interrupts cannot modify the
1899 links while we are modifying them */
1900 env->current_tb = NULL;
1901
33417e70 1902 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1903 int mmu_idx;
1904 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1905 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1906 }
33417e70 1907 }
9fa3e853 1908
8a40a180 1909 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1910
d4c430a8
PB		 1911 env->tlb_flush_addr = -1;
1912 env->tlb_flush_mask = 0;
e3db7226 1913 tlb_flush_count++;
33417e70
FB		 1914}
1915
274da6b2 1916static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1917{
5fafdf24 1918 if (addr == (tlb_entry->addr_read &
84b7b8e7 1919 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1920 addr == (tlb_entry->addr_write &
84b7b8e7 1921 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1922 addr == (tlb_entry->addr_code &
84b7b8e7 1923 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1924 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1925 }
61382a50
FB		 1926}
1927
2e12669a 1928void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1929{
8a40a180 1930 int i;
cfde4bd9 1931 int mmu_idx;
0124311e 1932
9fa3e853 1933#if defined(DEBUG_TLB)
108c49b8 1934 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1935#endif
d4c430a8
PB		 1936 /* Check if we need to flush due to large pages. */
1937 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1938#if defined(DEBUG_TLB)
1939 printf("tlb_flush_page: forced full flush ("
1940 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1941 env->tlb_flush_addr, env->tlb_flush_mask);
1942#endif
1943 tlb_flush(env, 1);
1944 return;
1945 }
0124311e
FB		 1946 /* must reset current TB so that interrupts cannot modify the
1947 links while we are modifying them */
1948 env->current_tb = NULL;
61382a50
FB		 1949
1950 addr &= TARGET_PAGE_MASK;
1951 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 1952 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1953 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 1954
5c751e99 1955 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 1956}
1957
9fa3e853
FB		 1958/* update the TLBs so that writes to code in the virtual page 'addr'
1959 can be detected */
c227f099 1960static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 1961{
5fafdf24 1962 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 1963 ram_addr + TARGET_PAGE_SIZE,
1964 CODE_DIRTY_FLAG);
9fa3e853
FB		 1965}
1966
9fa3e853 1967/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 1968 tested for self modifying code */
c227f099 1969static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 1970 target_ulong vaddr)
9fa3e853 1971{
f7c11b53 1972 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 1973}
1974
5fafdf24 1975static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 1976 unsigned long start, unsigned long length)
1977{
1978 unsigned long addr;
0e0df1e2 1979 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 1980 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 1981 if ((addr - start) < length) {
0f459d16 1982 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 1983 }
1984 }
1985}
1986
5579c7f3 1987/* Note: start and end must be within the same ram block. */
c227f099 1988void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1989 int dirty_flags)
1ccde1cb
FB		 1990{
1991 CPUState *env;
4f2ac237 1992 unsigned long length, start1;
f7c11b53 1993 int i;
1ccde1cb
FB		 1994
1995 start &= TARGET_PAGE_MASK;
1996 end = TARGET_PAGE_ALIGN(end);
1997
1998 length = end - start;
1999 if (length == 0)
2000 return;
f7c11b53 2001 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2002
1ccde1cb
FB		 2003 /* we modify the TLB cache so that the dirty bit will be set again
2004 when accessing the range */
b2e0a138 2005 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2006 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2007 address comparisons below. */
b2e0a138 2008 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2009 != (end - 1) - start) {
2010 abort();
2011 }
2012
6a00d601 2013 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2014 int mmu_idx;
2015 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2016 for(i = 0; i < CPU_TLB_SIZE; i++)
2017 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2018 start1, length);
2019 }
6a00d601 2020 }
1ccde1cb
FB		 2021}
2022
74576198
AL		 2023int cpu_physical_memory_set_dirty_tracking(int enable)
2024{
f6f3fbca 2025 int ret = 0;
74576198 2026 in_migration = enable;
f6f3fbca 2027 return ret;
74576198
AL		 2028}
2029
3a7d929e
FB		 2030static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2031{
c227f099 2032 ram_addr_t ram_addr;
5579c7f3 2033 void *p;
3a7d929e 2034
0e0df1e2 2035 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2036 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2037 + tlb_entry->addend);
e890261f 2038 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2039 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2040 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2041 }
2042 }
2043}
2044
2045/* update the TLB according to the current state of the dirty bits */
2046void cpu_tlb_update_dirty(CPUState *env)
2047{
2048 int i;
cfde4bd9
IY		 2049 int mmu_idx;
2050 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2051 for(i = 0; i < CPU_TLB_SIZE; i++)
2052 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2053 }
3a7d929e
FB		 2054}
2055
0f459d16 2056static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2057{
0f459d16
PB		 2058 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2059 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2060}
2061
0f459d16
PB		 2062/* update the TLB corresponding to virtual page vaddr
2063 so that it is no longer dirty */
2064static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2065{
1ccde1cb 2066 int i;
cfde4bd9 2067 int mmu_idx;
1ccde1cb 2068
0f459d16 2069 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2070 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2071 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2072 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2073}
2074
d4c430a8
PB		 2075/* Our TLB does not support large pages, so remember the area covered by
2076 large pages and trigger a full TLB flush if these are invalidated. */
2077static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2078 target_ulong size)
2079{
2080 target_ulong mask = ~(size - 1);
2081
2082 if (env->tlb_flush_addr == (target_ulong)-1) {
2083 env->tlb_flush_addr = vaddr & mask;
2084 env->tlb_flush_mask = mask;
2085 return;
2086 }
2087 /* Extend the existing region to include the new page.
2088 This is a compromise between unnecessary flushes and the cost
2089 of maintaining a full variable size TLB. */
2090 mask &= env->tlb_flush_mask;
2091 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2092 mask <<= 1;
2093 }
2094 env->tlb_flush_addr &= mask;
2095 env->tlb_flush_mask = mask;
2096}
2097
1d393fa2
AK		 2098static bool is_ram_rom(ram_addr_t pd)
2099{
2100 pd &= ~TARGET_PAGE_MASK;
0e0df1e2 2101 return pd == io_mem_ram.ram_addr || pd == io_mem_rom.ram_addr;
1d393fa2
AK		 2102}
2103
75c578dc
AK		 2104static bool is_romd(ram_addr_t pd)
2105{
2106 MemoryRegion *mr;
2107
2108 pd &= ~TARGET_PAGE_MASK;
11c7ef0c 2109 mr = io_mem_region[pd];
75c578dc
AK		 2110 return mr->rom_device && mr->readable;
2111}
2112
1d393fa2
AK		 2113static bool is_ram_rom_romd(ram_addr_t pd)
2114{
75c578dc 2115 return is_ram_rom(pd) || is_romd(pd);
1d393fa2
AK		 2116}
2117
d4c430a8
PB		 2118/* Add a new TLB entry. At most one entry for a given virtual address
2119 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2120 supplied size is only used by tlb_flush_page. */
2121void tlb_set_page(CPUState *env, target_ulong vaddr,
2122 target_phys_addr_t paddr, int prot,
2123 int mmu_idx, target_ulong size)
9fa3e853 2124{
f1f6e3b8 2125 PhysPageDesc p;
4f2ac237 2126 unsigned long pd;
9fa3e853 2127 unsigned int index;
4f2ac237 2128 target_ulong address;
0f459d16 2129 target_ulong code_address;
355b1943 2130 unsigned long addend;
84b7b8e7 2131 CPUTLBEntry *te;
a1d1bb31 2132 CPUWatchpoint *wp;
c227f099 2133 target_phys_addr_t iotlb;
9fa3e853 2134
d4c430a8
PB		 2135 assert(size >= TARGET_PAGE_SIZE);
2136 if (size != TARGET_PAGE_SIZE) {
2137 tlb_add_large_page(env, vaddr, size);
2138 }
92e873b9 2139 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
f1f6e3b8 2140 pd = p.phys_offset;
9fa3e853 2141#if defined(DEBUG_TLB)
7fd3f494
SW		 2142 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2143 " prot=%x idx=%d pd=0x%08lx\n",
2144 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2145#endif
2146
0f459d16 2147 address = vaddr;
1d393fa2 2148 if (!is_ram_rom_romd(pd)) {
0f459d16
PB		 2149 /* IO memory case (romd handled later) */
2150 address |= TLB_MMIO;
2151 }
5579c7f3 2152 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
1d393fa2 2153 if (is_ram_rom(pd)) {
0f459d16
PB		 2154 /* Normal RAM. */
2155 iotlb = pd & TARGET_PAGE_MASK;
0e0df1e2
AK		 2156 if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr)
2157 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2158 else
0e0df1e2 2159 iotlb |= io_mem_rom.ram_addr;
0f459d16 2160 } else {
ccbb4d44 2161 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2162 It would be nice to pass an offset from the base address
2163 of that region. This would avoid having to special case RAM,
2164 and avoid full address decoding in every device.
2165 We can't use the high bits of pd for this because
2166 IO_MEM_ROMD uses these as a ram address. */
8da3ff18 2167 iotlb = (pd & ~TARGET_PAGE_MASK);
f1f6e3b8 2168 iotlb += p.region_offset;
0f459d16
PB		 2169 }
2170
2171 code_address = address;
2172 /* Make accesses to pages with watchpoints go via the
2173 watchpoint trap routines. */
72cf2d4f 2174 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2175 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2176 /* Avoid trapping reads of pages with a write breakpoint. */
2177 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2178 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2179 address |= TLB_MMIO;
2180 break;
2181 }
6658ffb8 2182 }
0f459d16 2183 }
d79acba4 2184
0f459d16
PB		 2185 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2186 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2187 te = &env->tlb_table[mmu_idx][index];
2188 te->addend = addend - vaddr;
2189 if (prot & PAGE_READ) {
2190 te->addr_read = address;
2191 } else {
2192 te->addr_read = -1;
2193 }
5c751e99 2194
0f459d16
PB		 2195 if (prot & PAGE_EXEC) {
2196 te->addr_code = code_address;
2197 } else {
2198 te->addr_code = -1;
2199 }
2200 if (prot & PAGE_WRITE) {
75c578dc 2201 if ((pd & ~TARGET_PAGE_MASK) == io_mem_rom.ram_addr || is_romd(pd)) {
0f459d16
PB		 2202 /* Write access calls the I/O callback. */
2203 te->addr_write = address | TLB_MMIO;
0e0df1e2 2204 } else if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr &&
0f459d16
PB		 2205 !cpu_physical_memory_is_dirty(pd)) {
2206 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2207 } else {
0f459d16 2208 te->addr_write = address;
9fa3e853 2209 }
0f459d16
PB		 2210 } else {
2211 te->addr_write = -1;
9fa3e853 2212 }
9fa3e853
FB		 2213}
2214
0124311e
FB		 2215#else
2216
ee8b7021 2217void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2218{
2219}
2220
2e12669a 2221void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2222{
2223}
2224
edf8e2af
MW		 2225/*
2226 * Walks guest process memory "regions" one by one
2227 * and calls callback function 'fn' for each region.
2228 */
5cd2c5b6
RH		 2229
2230struct walk_memory_regions_data
2231{
2232 walk_memory_regions_fn fn;
2233 void *priv;
2234 unsigned long start;
2235 int prot;
2236};
2237
2238static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2239 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2240{
2241 if (data->start != -1ul) {
2242 int rc = data->fn(data->priv, data->start, end, data->prot);
2243 if (rc != 0) {
2244 return rc;
2245 }
2246 }
2247
2248 data->start = (new_prot ? end : -1ul);
2249 data->prot = new_prot;
2250
2251 return 0;
2252}
2253
2254static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2255 abi_ulong base, int level, void **lp)
5cd2c5b6 2256{
b480d9b7 2257 abi_ulong pa;
5cd2c5b6
RH		 2258 int i, rc;
2259
2260 if (*lp == NULL) {
2261 return walk_memory_regions_end(data, base, 0);
2262 }
2263
2264 if (level == 0) {
2265 PageDesc *pd = *lp;
7296abac 2266 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2267 int prot = pd[i].flags;
2268
2269 pa = base | (i << TARGET_PAGE_BITS);
2270 if (prot != data->prot) {
2271 rc = walk_memory_regions_end(data, pa, prot);
2272 if (rc != 0) {
2273 return rc;
9fa3e853 2274 }
9fa3e853 2275 }
5cd2c5b6
RH		 2276 }
2277 } else {
2278 void **pp = *lp;
7296abac 2279 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2280 pa = base | ((abi_ulong)i <<
2281 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2282 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2283 if (rc != 0) {
2284 return rc;
2285 }
2286 }
2287 }
2288
2289 return 0;
2290}
2291
2292int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2293{
2294 struct walk_memory_regions_data data;
2295 unsigned long i;
2296
2297 data.fn = fn;
2298 data.priv = priv;
2299 data.start = -1ul;
2300 data.prot = 0;
2301
2302 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2303 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2304 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2305 if (rc != 0) {
2306 return rc;
9fa3e853 2307 }
33417e70 2308 }
5cd2c5b6
RH		 2309
2310 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2311}
2312
b480d9b7
PB		 2313static int dump_region(void *priv, abi_ulong start,
2314 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2315{
2316 FILE *f = (FILE *)priv;
2317
b480d9b7
PB		 2318 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2319 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2320 start, end, end - start,
2321 ((prot & PAGE_READ) ? 'r' : '-'),
2322 ((prot & PAGE_WRITE) ? 'w' : '-'),
2323 ((prot & PAGE_EXEC) ? 'x' : '-'));
2324
2325 return (0);
2326}
2327
2328/* dump memory mappings */
2329void page_dump(FILE *f)
2330{
2331 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2332 "start", "end", "size", "prot");
2333 walk_memory_regions(f, dump_region);
33417e70
FB		 2334}
2335
53a5960a 2336int page_get_flags(target_ulong address)
33417e70 2337{
9fa3e853
FB		 2338 PageDesc *p;
2339
2340 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2341 if (!p)
9fa3e853
FB		 2342 return 0;
2343 return p->flags;
2344}
2345
376a7909
RH		 2346/* Modify the flags of a page and invalidate the code if necessary.
2347 The flag PAGE_WRITE_ORG is positioned automatically depending
2348 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2349void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2350{
376a7909
RH		 2351 target_ulong addr, len;
2352
2353 /* This function should never be called with addresses outside the
2354 guest address space. If this assert fires, it probably indicates
2355 a missing call to h2g_valid. */
b480d9b7
PB		 2356#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2357 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2358#endif
2359 assert(start < end);
9fa3e853
FB		 2360
2361 start = start & TARGET_PAGE_MASK;
2362 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2363
2364 if (flags & PAGE_WRITE) {
9fa3e853 2365 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2366 }
2367
2368 for (addr = start, len = end - start;
2369 len != 0;
2370 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2371 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2372
2373 /* If the write protection bit is set, then we invalidate
2374 the code inside. */
5fafdf24 2375 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2376 (flags & PAGE_WRITE) &&
2377 p->first_tb) {
d720b93d 2378 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2379 }
2380 p->flags = flags;
2381 }
33417e70
FB		 2382}
2383
3d97b40b
TS		 2384int page_check_range(target_ulong start, target_ulong len, int flags)
2385{
2386 PageDesc *p;
2387 target_ulong end;
2388 target_ulong addr;
2389
376a7909
RH		 2390 /* This function should never be called with addresses outside the
2391 guest address space. If this assert fires, it probably indicates
2392 a missing call to h2g_valid. */
338e9e6c
BS		 2393#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2394 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2395#endif
2396
3e0650a9
RH		 2397 if (len == 0) {
2398 return 0;
2399 }
376a7909
RH		 2400 if (start + len - 1 < start) {
2401 /* We've wrapped around. */
55f280c9 2402 return -1;
376a7909 2403 }
55f280c9 2404
3d97b40b
TS		 2405 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2406 start = start & TARGET_PAGE_MASK;
2407
376a7909
RH		 2408 for (addr = start, len = end - start;
2409 len != 0;
2410 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2411 p = page_find(addr >> TARGET_PAGE_BITS);
2412 if( !p )
2413 return -1;
2414 if( !(p->flags & PAGE_VALID) )
2415 return -1;
2416
dae3270c 2417 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2418 return -1;
dae3270c
FB		 2419 if (flags & PAGE_WRITE) {
2420 if (!(p->flags & PAGE_WRITE_ORG))
2421 return -1;
2422 /* unprotect the page if it was put read-only because it
2423 contains translated code */
2424 if (!(p->flags & PAGE_WRITE)) {
2425 if (!page_unprotect(addr, 0, NULL))
2426 return -1;
2427 }
2428 return 0;
2429 }
3d97b40b
TS		 2430 }
2431 return 0;
2432}
2433
9fa3e853 2434/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2435 page. Return TRUE if the fault was successfully handled. */
53a5960a 2436int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2437{
45d679d6
AJ		 2438 unsigned int prot;
2439 PageDesc *p;
53a5960a 2440 target_ulong host_start, host_end, addr;
9fa3e853 2441
c8a706fe
PB		 2442 /* Technically this isn't safe inside a signal handler. However we
2443 know this only ever happens in a synchronous SEGV handler, so in
2444 practice it seems to be ok. */
2445 mmap_lock();
2446
45d679d6
AJ		 2447 p = page_find(address >> TARGET_PAGE_BITS);
2448 if (!p) {
c8a706fe 2449 mmap_unlock();
9fa3e853 2450 return 0;
c8a706fe 2451 }
45d679d6 2452
9fa3e853
FB		 2453 /* if the page was really writable, then we change its
2454 protection back to writable */
45d679d6
AJ		 2455 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2456 host_start = address & qemu_host_page_mask;
2457 host_end = host_start + qemu_host_page_size;
2458
2459 prot = 0;
2460 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2461 p = page_find(addr >> TARGET_PAGE_BITS);
2462 p->flags |= PAGE_WRITE;
2463 prot |= p->flags;
2464
9fa3e853
FB		 2465 /* and since the content will be modified, we must invalidate
2466 the corresponding translated code. */
45d679d6 2467 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2468#ifdef DEBUG_TB_CHECK
45d679d6 2469 tb_invalidate_check(addr);
9fa3e853 2470#endif
9fa3e853 2471 }
45d679d6
AJ		 2472 mprotect((void *)g2h(host_start), qemu_host_page_size,
2473 prot & PAGE_BITS);
2474
2475 mmap_unlock();
2476 return 1;
9fa3e853 2477 }
c8a706fe 2478 mmap_unlock();
9fa3e853
FB		 2479 return 0;
2480}
2481
6a00d601
FB		 2482static inline void tlb_set_dirty(CPUState *env,
2483 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2484{
2485}
9fa3e853
FB		 2486#endif /* defined(CONFIG_USER_ONLY) */
2487
e2eef170 2488#if !defined(CONFIG_USER_ONLY)
8da3ff18 2489
c04b2b78
PB		 2490#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2491typedef struct subpage_t {
70c68e44 2492 MemoryRegion iomem;
c04b2b78 2493 target_phys_addr_t base;
f6405247
RH		 2494 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2495 ram_addr_t region_offset[TARGET_PAGE_SIZE];
c04b2b78
PB		 2496} subpage_t;
2497
c227f099
AL		 2498static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2499 ram_addr_t memory, ram_addr_t region_offset);
f6405247
RH		 2500static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2501 ram_addr_t orig_memory,
2502 ram_addr_t region_offset);
db7b5426
BS		 2503#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2504 need_subpage) \
2505 do { \
2506 if (addr > start_addr) \
2507 start_addr2 = 0; \
2508 else { \
2509 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2510 if (start_addr2 > 0) \
2511 need_subpage = 1; \
2512 } \
2513 \
49e9fba2 2514 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2515 end_addr2 = TARGET_PAGE_SIZE - 1; \
2516 else { \
2517 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2518 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2519 need_subpage = 1; \
2520 } \
2521 } while (0)
2522
54688b1e
AK		 2523static void destroy_page_desc(PhysPageDesc pd)
2524{
2525 unsigned io_index = pd.phys_offset & ~TARGET_PAGE_MASK;
2526 MemoryRegion *mr = io_mem_region[io_index];
2527
2528 if (mr->subpage) {
2529 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2530 memory_region_destroy(&subpage->iomem);
2531 g_free(subpage);
2532 }
2533}
2534
2535static void destroy_l2_mapping(void **lp, unsigned level)
2536{
2537 unsigned i;
2538 void **p;
2539 PhysPageDesc *pd;
2540
2541 if (!*lp) {
2542 return;
2543 }
2544
2545 if (level > 0) {
2546 p = *lp;
2547 for (i = 0; i < L2_SIZE; ++i) {
2548 destroy_l2_mapping(&p[i], level - 1);
2549 }
2550 g_free(p);
2551 } else {
2552 pd = *lp;
2553 for (i = 0; i < L2_SIZE; ++i) {
2554 destroy_page_desc(pd[i]);
2555 }
2556 g_free(pd);
2557 }
2558 *lp = NULL;
2559}
2560
2561static void destroy_all_mappings(void)
2562{
2563 unsigned i;
2564
2565 for (i = 0; i < P_L1_SIZE; ++i) {
2566 destroy_l2_mapping(&l1_phys_map[i], P_L1_SHIFT / L2_BITS - 1);
2567 }
2568}
2569
8f2498f9
MT		 2570/* register physical memory.
2571 For RAM, 'size' must be a multiple of the target page size.
2572 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2573 io memory page. The address used when calling the IO function is
2574 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2575 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2576 before calculating this offset. This should not be a problem unless
2577 the low bits of start_addr and region_offset differ. */
dd81124b 2578void cpu_register_physical_memory_log(MemoryRegionSection *section,
d7ec83e6 2579 bool readonly)
33417e70 2580{
dd81124b
AK		 2581 target_phys_addr_t start_addr = section->offset_within_address_space;
2582 ram_addr_t size = section->size;
2583 ram_addr_t phys_offset = section->mr->ram_addr;
2584 ram_addr_t region_offset = section->offset_within_region;
c227f099 2585 target_phys_addr_t addr, end_addr;
92e873b9 2586 PhysPageDesc *p;
9d42037b 2587 CPUState *env;
c227f099 2588 ram_addr_t orig_size = size;
f6405247 2589 subpage_t *subpage;
33417e70 2590
dd81124b
AK		 2591 if (memory_region_is_ram(section->mr)) {
2592 phys_offset += region_offset;
2593 region_offset = 0;
2594 }
2595
dd81124b
AK		 2596 if (readonly) {
2597 phys_offset |= io_mem_rom.ram_addr;
2598 }
2599
3b8e6a2d 2600 assert(size);
f6f3fbca 2601
0e0df1e2 2602 if (phys_offset == io_mem_unassigned.ram_addr) {
67c4d23c
PB		 2603 region_offset = start_addr;
2604 }
8da3ff18 2605 region_offset &= TARGET_PAGE_MASK;
5fd386f6 2606 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2607 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2608
2609 addr = start_addr;
2610 do {
f1f6e3b8 2611 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 0);
0e0df1e2 2612 if (p && p->phys_offset != io_mem_unassigned.ram_addr) {
c227f099
AL		 2613 ram_addr_t orig_memory = p->phys_offset;
2614 target_phys_addr_t start_addr2, end_addr2;
db7b5426 2615 int need_subpage = 0;
11c7ef0c 2616 MemoryRegion *mr = io_mem_region[orig_memory & ~TARGET_PAGE_MASK];
db7b5426
BS		 2617
2618 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2619 need_subpage);
f6405247 2620 if (need_subpage) {
b3b00c78 2621 if (!(mr->subpage)) {
db7b5426 2622 subpage = subpage_init((addr & TARGET_PAGE_MASK),
8da3ff18
PB		 2623 &p->phys_offset, orig_memory,
2624 p->region_offset);
db7b5426 2625 } else {
a621f38d 2626 subpage = container_of(mr, subpage_t, iomem);
db7b5426 2627 }
8da3ff18
PB		 2628 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2629 region_offset);
2630 p->region_offset = 0;
db7b5426
BS		 2631 } else {
2632 p->phys_offset = phys_offset;
2774c6d0 2633 p->region_offset = region_offset;
1d393fa2 2634 if (is_ram_rom_romd(phys_offset))
db7b5426
BS		 2635 phys_offset += TARGET_PAGE_SIZE;
2636 }
2637 } else {
2638 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2639 p->phys_offset = phys_offset;
8da3ff18 2640 p->region_offset = region_offset;
1d393fa2 2641 if (is_ram_rom_romd(phys_offset)) {
db7b5426 2642 phys_offset += TARGET_PAGE_SIZE;
0e8f0967 2643 } else {
c227f099 2644 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2645 int need_subpage = 0;
2646
2647 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2648 end_addr2, need_subpage);
2649
f6405247 2650 if (need_subpage) {
db7b5426 2651 subpage = subpage_init((addr & TARGET_PAGE_MASK),
0e0df1e2
AK		 2652 &p->phys_offset,
2653 io_mem_unassigned.ram_addr,
67c4d23c 2654 addr & TARGET_PAGE_MASK);
db7b5426 2655 subpage_register(subpage, start_addr2, end_addr2,
8da3ff18
PB		 2656 phys_offset, region_offset);
2657 p->region_offset = 0;
db7b5426
BS		 2658 }
2659 }
2660 }
8da3ff18 2661 region_offset += TARGET_PAGE_SIZE;
3b8e6a2d
EI		 2662 addr += TARGET_PAGE_SIZE;
2663 } while (addr != end_addr);
3b46e624 2664
9d42037b
FB		 2665 /* since each CPU stores ram addresses in its TLB cache, we must
2666 reset the modified entries */
2667 /* XXX: slow ! */
2668 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2669 tlb_flush(env, 1);
2670 }
33417e70
FB		 2671}
2672
c227f099 2673void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2674{
2675 if (kvm_enabled())
2676 kvm_coalesce_mmio_region(addr, size);
2677}
2678
c227f099 2679void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2680{
2681 if (kvm_enabled())
2682 kvm_uncoalesce_mmio_region(addr, size);
2683}
2684
62a2744c
SY		 2685void qemu_flush_coalesced_mmio_buffer(void)
2686{
2687 if (kvm_enabled())
2688 kvm_flush_coalesced_mmio_buffer();
2689}
2690
c902760f
MT		 2691#if defined(__linux__) && !defined(TARGET_S390X)
2692
2693#include <sys/vfs.h>
2694
2695#define HUGETLBFS_MAGIC 0x958458f6
2696
2697static long gethugepagesize(const char *path)
2698{
2699 struct statfs fs;
2700 int ret;
2701
2702 do {
9742bf26 2703 ret = statfs(path, &fs);
c902760f
MT		 2704 } while (ret != 0 && errno == EINTR);
2705
2706 if (ret != 0) {
9742bf26
YT		 2707 perror(path);
2708 return 0;
c902760f
MT		 2709 }
2710
2711 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2712 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2713
2714 return fs.f_bsize;
2715}
2716
04b16653
AW		 2717static void *file_ram_alloc(RAMBlock *block,
2718 ram_addr_t memory,
2719 const char *path)
c902760f
MT		 2720{
2721 char *filename;
2722 void *area;
2723 int fd;
2724#ifdef MAP_POPULATE
2725 int flags;
2726#endif
2727 unsigned long hpagesize;
2728
2729 hpagesize = gethugepagesize(path);
2730 if (!hpagesize) {
9742bf26 2731 return NULL;
c902760f
MT		 2732 }
2733
2734 if (memory < hpagesize) {
2735 return NULL;
2736 }
2737
2738 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2739 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2740 return NULL;
2741 }
2742
2743 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2744 return NULL;
c902760f
MT		 2745 }
2746
2747 fd = mkstemp(filename);
2748 if (fd < 0) {
9742bf26
YT		 2749 perror("unable to create backing store for hugepages");
2750 free(filename);
2751 return NULL;
c902760f
MT		 2752 }
2753 unlink(filename);
2754 free(filename);
2755
2756 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2757
2758 /*
2759 * ftruncate is not supported by hugetlbfs in older
2760 * hosts, so don't bother bailing out on errors.
2761 * If anything goes wrong with it under other filesystems,
2762 * mmap will fail.
2763 */
2764 if (ftruncate(fd, memory))
9742bf26 2765 perror("ftruncate");
c902760f
MT		 2766
2767#ifdef MAP_POPULATE
2768 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2769 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2770 * to sidestep this quirk.
2771 */
2772 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2773 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2774#else
2775 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2776#endif
2777 if (area == MAP_FAILED) {
9742bf26
YT		 2778 perror("file_ram_alloc: can't mmap RAM pages");
2779 close(fd);
2780 return (NULL);
c902760f 2781 }
04b16653 2782 block->fd = fd;
c902760f
MT		 2783 return area;
2784}
2785#endif
2786
d17b5288 2787static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2788{
2789 RAMBlock *block, *next_block;
3e837b2c 2790 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2791
2792 if (QLIST_EMPTY(&ram_list.blocks))
2793 return 0;
2794
2795 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2796 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2797
2798 end = block->offset + block->length;
2799
2800 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2801 if (next_block->offset >= end) {
2802 next = MIN(next, next_block->offset);
2803 }
2804 }
2805 if (next - end >= size && next - end < mingap) {
3e837b2c 2806 offset = end;
04b16653
AW		 2807 mingap = next - end;
2808 }
2809 }
3e837b2c
AW		 2810
2811 if (offset == RAM_ADDR_MAX) {
2812 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2813 (uint64_t)size);
2814 abort();
2815 }
2816
04b16653
AW		 2817 return offset;
2818}
2819
2820static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2821{
2822 RAMBlock *block;
2823 ram_addr_t last = 0;
2824
2825 QLIST_FOREACH(block, &ram_list.blocks, next)
2826 last = MAX(last, block->offset + block->length);
2827
2828 return last;
2829}
2830
c5705a77 2831void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2832{
2833 RAMBlock *new_block, *block;
2834
c5705a77
AK		 2835 new_block = NULL;
2836 QLIST_FOREACH(block, &ram_list.blocks, next) {
2837 if (block->offset == addr) {
2838 new_block = block;
2839 break;
2840 }
2841 }
2842 assert(new_block);
2843 assert(!new_block->idstr[0]);
84b89d78
CM		 2844
2845 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2846 char *id = dev->parent_bus->info->get_dev_path(dev);
2847 if (id) {
2848 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2849 g_free(id);
84b89d78
CM		 2850 }
2851 }
2852 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2853
2854 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2855 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2856 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2857 new_block->idstr);
2858 abort();
2859 }
2860 }
c5705a77
AK		 2861}
2862
2863ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2864 MemoryRegion *mr)
2865{
2866 RAMBlock *new_block;
2867
2868 size = TARGET_PAGE_ALIGN(size);
2869 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2870
7c637366 2871 new_block->mr = mr;
432d268c 2872 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2873 if (host) {
2874 new_block->host = host;
cd19cfa2 2875 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2876 } else {
2877 if (mem_path) {
c902760f 2878#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2879 new_block->host = file_ram_alloc(new_block, size, mem_path);
2880 if (!new_block->host) {
2881 new_block->host = qemu_vmalloc(size);
e78815a5 2882 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2883 }
c902760f 2884#else
6977dfe6
YT		 2885 fprintf(stderr, "-mem-path option unsupported\n");
2886 exit(1);
c902760f 2887#endif
6977dfe6 2888 } else {
6b02494d 2889#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2890 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2891 an system defined value, which is at least 256GB. Larger systems
2892 have larger values. We put the guest between the end of data
2893 segment (system break) and this value. We use 32GB as a base to
2894 have enough room for the system break to grow. */
2895 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2896 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2897 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2898 if (new_block->host == MAP_FAILED) {
2899 fprintf(stderr, "Allocating RAM failed\n");
2900 abort();
2901 }
6b02494d 2902#else
868bb33f 2903 if (xen_enabled()) {
fce537d4 2904 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2905 } else {
2906 new_block->host = qemu_vmalloc(size);
2907 }
6b02494d 2908#endif
e78815a5 2909 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2910 }
c902760f 2911 }
94a6b54f
PB		 2912 new_block->length = size;
2913
f471a17e 2914 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2915
7267c094 2916 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2917 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2918 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2919 0xff, size >> TARGET_PAGE_BITS);
2920
6f0437e8
JK		 2921 if (kvm_enabled())
2922 kvm_setup_guest_memory(new_block->host, size);
2923
94a6b54f
PB		 2924 return new_block->offset;
2925}
e9a1ab19 2926
c5705a77 2927ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2928{
c5705a77 2929 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2930}
2931
1f2e98b6
AW		 2932void qemu_ram_free_from_ptr(ram_addr_t addr)
2933{
2934 RAMBlock *block;
2935
2936 QLIST_FOREACH(block, &ram_list.blocks, next) {
2937 if (addr == block->offset) {
2938 QLIST_REMOVE(block, next);
7267c094 2939 g_free(block);
1f2e98b6
AW		 2940 return;
2941 }
2942 }
2943}
2944
c227f099 2945void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2946{
04b16653
AW		 2947 RAMBlock *block;
2948
2949 QLIST_FOREACH(block, &ram_list.blocks, next) {
2950 if (addr == block->offset) {
2951 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2952 if (block->flags & RAM_PREALLOC_MASK) {
2953 ;
2954 } else if (mem_path) {
04b16653
AW		 2955#if defined (__linux__) && !defined(TARGET_S390X)
2956 if (block->fd) {
2957 munmap(block->host, block->length);
2958 close(block->fd);
2959 } else {
2960 qemu_vfree(block->host);
2961 }
fd28aa13
JK		 2962#else
2963 abort();
04b16653
AW		 2964#endif
2965 } else {
2966#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2967 munmap(block->host, block->length);
2968#else
868bb33f 2969 if (xen_enabled()) {
e41d7c69 2970 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2971 } else {
2972 qemu_vfree(block->host);
2973 }
04b16653
AW		 2974#endif
2975 }
7267c094 2976 g_free(block);
04b16653
AW		 2977 return;
2978 }
2979 }
2980
e9a1ab19
FB		 2981}
2982
cd19cfa2
HY		 2983#ifndef _WIN32
2984void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2985{
2986 RAMBlock *block;
2987 ram_addr_t offset;
2988 int flags;
2989 void *area, *vaddr;
2990
2991 QLIST_FOREACH(block, &ram_list.blocks, next) {
2992 offset = addr - block->offset;
2993 if (offset < block->length) {
2994 vaddr = block->host + offset;
2995 if (block->flags & RAM_PREALLOC_MASK) {
2996 ;
2997 } else {
2998 flags = MAP_FIXED;
2999 munmap(vaddr, length);
3000 if (mem_path) {
3001#if defined(__linux__) && !defined(TARGET_S390X)
3002 if (block->fd) {
3003#ifdef MAP_POPULATE
3004 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3005 MAP_PRIVATE;
3006#else
3007 flags |= MAP_PRIVATE;
3008#endif
3009 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3010 flags, block->fd, offset);
3011 } else {
3012 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3013 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3014 flags, -1, 0);
3015 }
fd28aa13
JK		 3016#else
3017 abort();
cd19cfa2
HY		 3018#endif
3019 } else {
3020#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3021 flags |= MAP_SHARED | MAP_ANONYMOUS;
3022 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3023 flags, -1, 0);
3024#else
3025 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3026 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3027 flags, -1, 0);
3028#endif
3029 }
3030 if (area != vaddr) {
f15fbc4b
AP		 3031 fprintf(stderr, "Could not remap addr: "
3032 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3033 length, addr);
3034 exit(1);
3035 }
3036 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3037 }
3038 return;
3039 }
3040 }
3041}
3042#endif /* !_WIN32 */
3043
dc828ca1 3044/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3045 With the exception of the softmmu code in this file, this should
3046 only be used for local memory (e.g. video ram) that the device owns,
3047 and knows it isn't going to access beyond the end of the block.
3048
3049 It should not be used for general purpose DMA.
3050 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3051 */
c227f099 3052void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3053{
94a6b54f
PB		 3054 RAMBlock *block;
3055
f471a17e
AW		 3056 QLIST_FOREACH(block, &ram_list.blocks, next) {
3057 if (addr - block->offset < block->length) {
7d82af38
VP		 3058 /* Move this entry to to start of the list. */
3059 if (block != QLIST_FIRST(&ram_list.blocks)) {
3060 QLIST_REMOVE(block, next);
3061 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3062 }
868bb33f 3063 if (xen_enabled()) {
432d268c
JN		 3064 /* We need to check if the requested address is in the RAM
3065 * because we don't want to map the entire memory in QEMU.
712c2b41 3066 * In that case just map until the end of the page.
432d268c
JN		 3067 */
3068 if (block->offset == 0) {
e41d7c69 3069 return xen_map_cache(addr, 0, 0);
432d268c 3070 } else if (block->host == NULL) {
e41d7c69
JK		 3071 block->host =
3072 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3073 }
3074 }
f471a17e
AW		 3075 return block->host + (addr - block->offset);
3076 }
94a6b54f 3077 }
f471a17e
AW		 3078
3079 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3080 abort();
3081
3082 return NULL;
dc828ca1
PB		 3083}
3084
b2e0a138
MT		 3085/* Return a host pointer to ram allocated with qemu_ram_alloc.
3086 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3087 */
3088void *qemu_safe_ram_ptr(ram_addr_t addr)
3089{
3090 RAMBlock *block;
3091
3092 QLIST_FOREACH(block, &ram_list.blocks, next) {
3093 if (addr - block->offset < block->length) {
868bb33f 3094 if (xen_enabled()) {
432d268c
JN		 3095 /* We need to check if the requested address is in the RAM
3096 * because we don't want to map the entire memory in QEMU.
712c2b41 3097 * In that case just map until the end of the page.
432d268c
JN		 3098 */
3099 if (block->offset == 0) {
e41d7c69 3100 return xen_map_cache(addr, 0, 0);
432d268c 3101 } else if (block->host == NULL) {
e41d7c69
JK		 3102 block->host =
3103 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3104 }
3105 }
b2e0a138
MT		 3106 return block->host + (addr - block->offset);
3107 }
3108 }
3109
3110 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3111 abort();
3112
3113 return NULL;
3114}
3115
38bee5dc
SS		 3116/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3117 * but takes a size argument */
8ab934f9 3118void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3119{
8ab934f9
SS		 3120 if (*size == 0) {
3121 return NULL;
3122 }
868bb33f 3123 if (xen_enabled()) {
e41d7c69 3124 return xen_map_cache(addr, *size, 1);
868bb33f 3125 } else {
38bee5dc
SS		 3126 RAMBlock *block;
3127
3128 QLIST_FOREACH(block, &ram_list.blocks, next) {
3129 if (addr - block->offset < block->length) {
3130 if (addr - block->offset + *size > block->length)
3131 *size = block->length - addr + block->offset;
3132 return block->host + (addr - block->offset);
3133 }
3134 }
3135
3136 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3137 abort();
38bee5dc
SS		 3138 }
3139}
3140
050a0ddf
AP		 3141void qemu_put_ram_ptr(void *addr)
3142{
3143 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3144}
3145
e890261f 3146int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3147{
94a6b54f
PB		 3148 RAMBlock *block;
3149 uint8_t *host = ptr;
3150
868bb33f 3151 if (xen_enabled()) {
e41d7c69 3152 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3153 return 0;
3154 }
3155
f471a17e 3156 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3157 /* This case append when the block is not mapped. */
3158 if (block->host == NULL) {
3159 continue;
3160 }
f471a17e 3161 if (host - block->host < block->length) {
e890261f
MT		 3162 *ram_addr = block->offset + (host - block->host);
3163 return 0;
f471a17e 3164 }
94a6b54f 3165 }
432d268c 3166
e890261f
MT		 3167 return -1;
3168}
f471a17e 3169
e890261f
MT		 3170/* Some of the softmmu routines need to translate from a host pointer
3171 (typically a TLB entry) back to a ram offset. */
3172ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3173{
3174 ram_addr_t ram_addr;
f471a17e 3175
e890261f
MT		 3176 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3177 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3178 abort();
3179 }
3180 return ram_addr;
5579c7f3
PB		 3181}
3182
0e0df1e2
AK		 3183static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3184 unsigned size)
e18231a3
BS		 3185{
3186#ifdef DEBUG_UNASSIGNED
3187 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3188#endif
5b450407 3189#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3190 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3191#endif
3192 return 0;
3193}
3194
0e0df1e2
AK		 3195static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3196 uint64_t val, unsigned size)
e18231a3
BS		 3197{
3198#ifdef DEBUG_UNASSIGNED
0e0df1e2 3199 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3200#endif
5b450407 3201#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3202 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3203#endif
33417e70
FB		 3204}
3205
0e0df1e2
AK		 3206static const MemoryRegionOps unassigned_mem_ops = {
3207 .read = unassigned_mem_read,
3208 .write = unassigned_mem_write,
3209 .endianness = DEVICE_NATIVE_ENDIAN,
3210};
e18231a3 3211
0e0df1e2
AK		 3212static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3213 unsigned size)
e18231a3 3214{
0e0df1e2 3215 abort();
e18231a3
BS		 3216}
3217
0e0df1e2
AK		 3218static void error_mem_write(void *opaque, target_phys_addr_t addr,
3219 uint64_t value, unsigned size)
e18231a3 3220{
0e0df1e2 3221 abort();
33417e70
FB		 3222}
3223
0e0df1e2
AK		 3224static const MemoryRegionOps error_mem_ops = {
3225 .read = error_mem_read,
3226 .write = error_mem_write,
3227 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3228};
3229
0e0df1e2
AK		 3230static const MemoryRegionOps rom_mem_ops = {
3231 .read = error_mem_read,
3232 .write = unassigned_mem_write,
3233 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3234};
3235
0e0df1e2
AK		 3236static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3237 uint64_t val, unsigned size)
9fa3e853 3238{
3a7d929e 3239 int dirty_flags;
f7c11b53 3240 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3241 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3242#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3243 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3244 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3245#endif
3a7d929e 3246 }
0e0df1e2
AK		 3247 switch (size) {
3248 case 1:
3249 stb_p(qemu_get_ram_ptr(ram_addr), val);
3250 break;
3251 case 2:
3252 stw_p(qemu_get_ram_ptr(ram_addr), val);
3253 break;
3254 case 4:
3255 stl_p(qemu_get_ram_ptr(ram_addr), val);
3256 break;
3257 default:
3258 abort();
3a7d929e 3259 }
f23db169 3260 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3261 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3262 /* we remove the notdirty callback only if the code has been
3263 flushed */
3264 if (dirty_flags == 0xff)
2e70f6ef 3265 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3266}
3267
0e0df1e2
AK		 3268static const MemoryRegionOps notdirty_mem_ops = {
3269 .read = error_mem_read,
3270 .write = notdirty_mem_write,
3271 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3272};
3273
0f459d16 3274/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3275static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3276{
3277 CPUState *env = cpu_single_env;
06d55cc1
AL		 3278 target_ulong pc, cs_base;
3279 TranslationBlock *tb;
0f459d16 3280 target_ulong vaddr;
a1d1bb31 3281 CPUWatchpoint *wp;
06d55cc1 3282 int cpu_flags;
0f459d16 3283
06d55cc1
AL		 3284 if (env->watchpoint_hit) {
3285 /* We re-entered the check after replacing the TB. Now raise
3286 * the debug interrupt so that is will trigger after the
3287 * current instruction. */
3288 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3289 return;
3290 }
2e70f6ef 3291 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3292 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3293 if ((vaddr == (wp->vaddr & len_mask) ||
3294 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3295 wp->flags |= BP_WATCHPOINT_HIT;
3296 if (!env->watchpoint_hit) {
3297 env->watchpoint_hit = wp;
3298 tb = tb_find_pc(env->mem_io_pc);
3299 if (!tb) {
3300 cpu_abort(env, "check_watchpoint: could not find TB for "
3301 "pc=%p", (void *)env->mem_io_pc);
3302 }
618ba8e6 3303 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3304 tb_phys_invalidate(tb, -1);
3305 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3306 env->exception_index = EXCP_DEBUG;
3307 } else {
3308 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3309 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3310 }
3311 cpu_resume_from_signal(env, NULL);
06d55cc1 3312 }
6e140f28
AL		 3313 } else {
3314 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3315 }
3316 }
3317}
3318
6658ffb8
PB		 3319/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3320 so these check for a hit then pass through to the normal out-of-line
3321 phys routines. */
1ec9b909
AK		 3322static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3323 unsigned size)
6658ffb8 3324{
1ec9b909
AK		 3325 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3326 switch (size) {
3327 case 1: return ldub_phys(addr);
3328 case 2: return lduw_phys(addr);
3329 case 4: return ldl_phys(addr);
3330 default: abort();
3331 }
6658ffb8
PB		 3332}
3333
1ec9b909
AK		 3334static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3335 uint64_t val, unsigned size)
6658ffb8 3336{
1ec9b909
AK		 3337 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3338 switch (size) {
3339 case 1: stb_phys(addr, val);
3340 case 2: stw_phys(addr, val);
3341 case 4: stl_phys(addr, val);
3342 default: abort();
3343 }
6658ffb8
PB		 3344}
3345
1ec9b909
AK		 3346static const MemoryRegionOps watch_mem_ops = {
3347 .read = watch_mem_read,
3348 .write = watch_mem_write,
3349 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3350};
6658ffb8 3351
70c68e44
AK		 3352static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3353 unsigned len)
db7b5426 3354{
70c68e44 3355 subpage_t *mmio = opaque;
f6405247 3356 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426
BS		 3357#if defined(DEBUG_SUBPAGE)
3358 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3359 mmio, len, addr, idx);
3360#endif
db7b5426 3361
f6405247
RH		 3362 addr += mmio->region_offset[idx];
3363 idx = mmio->sub_io_index[idx];
70c68e44 3364 return io_mem_read(idx, addr, len);
db7b5426
BS		 3365}
3366
70c68e44
AK		 3367static void subpage_write(void *opaque, target_phys_addr_t addr,
3368 uint64_t value, unsigned len)
db7b5426 3369{
70c68e44 3370 subpage_t *mmio = opaque;
f6405247 3371 unsigned int idx = SUBPAGE_IDX(addr);
db7b5426 3372#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3373 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3374 " idx %d value %"PRIx64"\n",
f6405247 3375 __func__, mmio, len, addr, idx, value);
db7b5426 3376#endif
f6405247
RH		 3377
3378 addr += mmio->region_offset[idx];
3379 idx = mmio->sub_io_index[idx];
70c68e44 3380 io_mem_write(idx, addr, value, len);
db7b5426
BS		 3381}
3382
70c68e44
AK		 3383static const MemoryRegionOps subpage_ops = {
3384 .read = subpage_read,
3385 .write = subpage_write,
3386 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3387};
3388
de712f94
AK		 3389static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3390 unsigned size)
56384e8b
AF		 3391{
3392 ram_addr_t raddr = addr;
3393 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3394 switch (size) {
3395 case 1: return ldub_p(ptr);
3396 case 2: return lduw_p(ptr);
3397 case 4: return ldl_p(ptr);
3398 default: abort();
3399 }
56384e8b
AF		 3400}
3401
de712f94
AK		 3402static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3403 uint64_t value, unsigned size)
56384e8b
AF		 3404{
3405 ram_addr_t raddr = addr;
3406 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3407 switch (size) {
3408 case 1: return stb_p(ptr, value);
3409 case 2: return stw_p(ptr, value);
3410 case 4: return stl_p(ptr, value);
3411 default: abort();
3412 }
56384e8b
AF		 3413}
3414
de712f94
AK		 3415static const MemoryRegionOps subpage_ram_ops = {
3416 .read = subpage_ram_read,
3417 .write = subpage_ram_write,
3418 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3419};
3420
c227f099
AL		 3421static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3422 ram_addr_t memory, ram_addr_t region_offset)
db7b5426
BS		 3423{
3424 int idx, eidx;
3425
3426 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3427 return -1;
3428 idx = SUBPAGE_IDX(start);
3429 eidx = SUBPAGE_IDX(end);
3430#if defined(DEBUG_SUBPAGE)
0bf9e31a 3431 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3432 mmio, start, end, idx, eidx, memory);
3433#endif
0e0df1e2 3434 if ((memory & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
de712f94 3435 memory = io_mem_subpage_ram.ram_addr;
56384e8b 3436 }
11c7ef0c 3437 memory &= IO_MEM_NB_ENTRIES - 1;
db7b5426 3438 for (; idx <= eidx; idx++) {
f6405247
RH		 3439 mmio->sub_io_index[idx] = memory;
3440 mmio->region_offset[idx] = region_offset;
db7b5426
BS		 3441 }
3442
3443 return 0;
3444}
3445
f6405247
RH		 3446static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3447 ram_addr_t orig_memory,
3448 ram_addr_t region_offset)
db7b5426 3449{
c227f099 3450 subpage_t *mmio;
db7b5426
BS		 3451 int subpage_memory;
3452
7267c094 3453 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3454
3455 mmio->base = base;
70c68e44
AK		 3456 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3457 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3458 mmio->iomem.subpage = true;
70c68e44 3459 subpage_memory = mmio->iomem.ram_addr;
db7b5426 3460#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3461 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3462 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3463#endif
b3b00c78 3464 *phys = subpage_memory;
f6405247 3465 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
db7b5426
BS		 3466
3467 return mmio;
3468}
3469
88715657
AL		 3470static int get_free_io_mem_idx(void)
3471{
3472 int i;
3473
3474 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3475 if (!io_mem_used[i]) {
3476 io_mem_used[i] = 1;
3477 return i;
3478 }
c6703b47 3479 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3480 return -1;
3481}
3482
33417e70
FB		 3483/* mem_read and mem_write are arrays of functions containing the
3484 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3485 2). Functions can be omitted with a NULL function pointer.
3ee89922 3486 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3487 modified. If it is zero, a new io zone is allocated. The return
3488 value can be used with cpu_register_physical_memory(). (-1) is
3489 returned if error. */
a621f38d 3490static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3491{
33417e70 3492 if (io_index <= 0) {
88715657
AL		 3493 io_index = get_free_io_mem_idx();
3494 if (io_index == -1)
3495 return io_index;
33417e70
FB		 3496 } else {
3497 if (io_index >= IO_MEM_NB_ENTRIES)
3498 return -1;
3499 }
b5ff1b31 3500
a621f38d 3501 io_mem_region[io_index] = mr;
f6405247 3502
11c7ef0c 3503 return io_index;
33417e70 3504}
61382a50 3505
a621f38d 3506int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3507{
a621f38d 3508 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3509}
3510
11c7ef0c 3511void cpu_unregister_io_memory(int io_index)
88715657 3512{
a621f38d 3513 io_mem_region[io_index] = NULL;
88715657
AL		 3514 io_mem_used[io_index] = 0;
3515}
3516
e9179ce1
AK		 3517static void io_mem_init(void)
3518{
3519 int i;
3520
0e0df1e2
AK		 3521 /* Must be first: */
3522 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3523 assert(io_mem_ram.ram_addr == 0);
3524 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3525 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3526 "unassigned", UINT64_MAX);
3527 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3528 "notdirty", UINT64_MAX);
de712f94
AK		 3529 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3530 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3531 for (i=0; i<5; i++)
3532 io_mem_used[i] = 1;
3533
1ec9b909
AK		 3534 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3535 "watch", UINT64_MAX);
e9179ce1
AK		 3536}
3537
50c1e149
AK		 3538static void core_begin(MemoryListener *listener)
3539{
54688b1e 3540 destroy_all_mappings();
50c1e149
AK		 3541}
3542
3543static void core_commit(MemoryListener *listener)
3544{
3545}
3546
93632747
AK		 3547static void core_region_add(MemoryListener *listener,
3548 MemoryRegionSection *section)
3549{
4855d41a 3550 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3551}
3552
3553static void core_region_del(MemoryListener *listener,
3554 MemoryRegionSection *section)
3555{
93632747
AK		 3556}
3557
50c1e149
AK		 3558static void core_region_nop(MemoryListener *listener,
3559 MemoryRegionSection *section)
3560{
54688b1e 3561 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3562}
3563
93632747
AK		 3564static void core_log_start(MemoryListener *listener,
3565 MemoryRegionSection *section)
3566{
3567}
3568
3569static void core_log_stop(MemoryListener *listener,
3570 MemoryRegionSection *section)
3571{
3572}
3573
3574static void core_log_sync(MemoryListener *listener,
3575 MemoryRegionSection *section)
3576{
3577}
3578
3579static void core_log_global_start(MemoryListener *listener)
3580{
3581 cpu_physical_memory_set_dirty_tracking(1);
3582}
3583
3584static void core_log_global_stop(MemoryListener *listener)
3585{
3586 cpu_physical_memory_set_dirty_tracking(0);
3587}
3588
3589static void core_eventfd_add(MemoryListener *listener,
3590 MemoryRegionSection *section,
3591 bool match_data, uint64_t data, int fd)
3592{
3593}
3594
3595static void core_eventfd_del(MemoryListener *listener,
3596 MemoryRegionSection *section,
3597 bool match_data, uint64_t data, int fd)
3598{
3599}
3600
50c1e149
AK		 3601static void io_begin(MemoryListener *listener)
3602{
3603}
3604
3605static void io_commit(MemoryListener *listener)
3606{
3607}
3608
4855d41a
AK		 3609static void io_region_add(MemoryListener *listener,
3610 MemoryRegionSection *section)
3611{
3612 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3613 section->offset_within_address_space, section->size);
3614 ioport_register(&section->mr->iorange);
3615}
3616
3617static void io_region_del(MemoryListener *listener,
3618 MemoryRegionSection *section)
3619{
3620 isa_unassign_ioport(section->offset_within_address_space, section->size);
3621}
3622
50c1e149
AK		 3623static void io_region_nop(MemoryListener *listener,
3624 MemoryRegionSection *section)
3625{
3626}
3627
4855d41a
AK		 3628static void io_log_start(MemoryListener *listener,
3629 MemoryRegionSection *section)
3630{
3631}
3632
3633static void io_log_stop(MemoryListener *listener,
3634 MemoryRegionSection *section)
3635{
3636}
3637
3638static void io_log_sync(MemoryListener *listener,
3639 MemoryRegionSection *section)
3640{
3641}
3642
3643static void io_log_global_start(MemoryListener *listener)
3644{
3645}
3646
3647static void io_log_global_stop(MemoryListener *listener)
3648{
3649}
3650
3651static void io_eventfd_add(MemoryListener *listener,
3652 MemoryRegionSection *section,
3653 bool match_data, uint64_t data, int fd)
3654{
3655}
3656
3657static void io_eventfd_del(MemoryListener *listener,
3658 MemoryRegionSection *section,
3659 bool match_data, uint64_t data, int fd)
3660{
3661}
3662
93632747 3663static MemoryListener core_memory_listener = {
50c1e149
AK		 3664 .begin = core_begin,
3665 .commit = core_commit,
93632747
AK		 3666 .region_add = core_region_add,
3667 .region_del = core_region_del,
50c1e149 3668 .region_nop = core_region_nop,
93632747
AK		 3669 .log_start = core_log_start,
3670 .log_stop = core_log_stop,
3671 .log_sync = core_log_sync,
3672 .log_global_start = core_log_global_start,
3673 .log_global_stop = core_log_global_stop,
3674 .eventfd_add = core_eventfd_add,
3675 .eventfd_del = core_eventfd_del,
3676 .priority = 0,
3677};
3678
4855d41a 3679static MemoryListener io_memory_listener = {
50c1e149
AK		 3680 .begin = io_begin,
3681 .commit = io_commit,
4855d41a
AK		 3682 .region_add = io_region_add,
3683 .region_del = io_region_del,
50c1e149 3684 .region_nop = io_region_nop,
4855d41a
AK		 3685 .log_start = io_log_start,
3686 .log_stop = io_log_stop,
3687 .log_sync = io_log_sync,
3688 .log_global_start = io_log_global_start,
3689 .log_global_stop = io_log_global_stop,
3690 .eventfd_add = io_eventfd_add,
3691 .eventfd_del = io_eventfd_del,
3692 .priority = 0,
3693};
3694
62152b8a
AK		 3695static void memory_map_init(void)
3696{
7267c094 3697 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3698 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3699 set_system_memory_map(system_memory);
309cb471 3700
7267c094 3701 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3702 memory_region_init(system_io, "io", 65536);
3703 set_system_io_map(system_io);
93632747 3704
4855d41a
AK		 3705 memory_listener_register(&core_memory_listener, system_memory);
3706 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3707}
3708
3709MemoryRegion *get_system_memory(void)
3710{
3711 return system_memory;
3712}
3713
309cb471
AK		 3714MemoryRegion *get_system_io(void)
3715{
3716 return system_io;
3717}
3718
e2eef170
PB		 3719#endif /* !defined(CONFIG_USER_ONLY) */
3720
13eb76e0
FB		 3721/* physical memory access (slow version, mainly for debug) */
3722#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3723int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3724 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3725{
3726 int l, flags;
3727 target_ulong page;
53a5960a 3728 void * p;
13eb76e0
FB		 3729
3730 while (len > 0) {
3731 page = addr & TARGET_PAGE_MASK;
3732 l = (page + TARGET_PAGE_SIZE) - addr;
3733 if (l > len)
3734 l = len;
3735 flags = page_get_flags(page);
3736 if (!(flags & PAGE_VALID))
a68fe89c 3737 return -1;
13eb76e0
FB		 3738 if (is_write) {
3739 if (!(flags & PAGE_WRITE))
a68fe89c 3740 return -1;
579a97f7 3741 /* XXX: this code should not depend on lock_user */
72fb7daa 3742 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3743 return -1;
72fb7daa
AJ		 3744 memcpy(p, buf, l);
3745 unlock_user(p, addr, l);
13eb76e0
FB		 3746 } else {
3747 if (!(flags & PAGE_READ))
a68fe89c 3748 return -1;
579a97f7 3749 /* XXX: this code should not depend on lock_user */
72fb7daa 3750 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3751 return -1;
72fb7daa 3752 memcpy(buf, p, l);
5b257578 3753 unlock_user(p, addr, 0);
13eb76e0
FB		 3754 }
3755 len -= l;
3756 buf += l;
3757 addr += l;
3758 }
a68fe89c 3759 return 0;
13eb76e0 3760}
8df1cd07 3761
13eb76e0 3762#else
c227f099 3763void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3764 int len, int is_write)
3765{
3766 int l, io_index;
3767 uint8_t *ptr;
3768 uint32_t val;
c227f099 3769 target_phys_addr_t page;
8ca5692d 3770 ram_addr_t pd;
f1f6e3b8 3771 PhysPageDesc p;
3b46e624 3772
13eb76e0
FB		 3773 while (len > 0) {
3774 page = addr & TARGET_PAGE_MASK;
3775 l = (page + TARGET_PAGE_SIZE) - addr;
3776 if (l > len)
3777 l = len;
92e873b9 3778 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3779 pd = p.phys_offset;
3b46e624 3780
13eb76e0 3781 if (is_write) {
0e0df1e2 3782 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
f1f6e3b8 3783 target_phys_addr_t addr1;
11c7ef0c 3784 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3785 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6a00d601
FB		 3786 /* XXX: could force cpu_single_env to NULL to avoid
3787 potential bugs */
6c2934db 3788 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3789 /* 32 bit write access */
c27004ec 3790 val = ldl_p(buf);
acbbec5d 3791 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3792 l = 4;
6c2934db 3793 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3794 /* 16 bit write access */
c27004ec 3795 val = lduw_p(buf);
acbbec5d 3796 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3797 l = 2;
3798 } else {
1c213d19 3799 /* 8 bit write access */
c27004ec 3800 val = ldub_p(buf);
acbbec5d 3801 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3802 l = 1;
3803 }
3804 } else {
8ca5692d 3805 ram_addr_t addr1;
b448f2f3 3806 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3807 /* RAM case */
5579c7f3 3808 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3809 memcpy(ptr, buf, l);
3a7d929e
FB		 3810 if (!cpu_physical_memory_is_dirty(addr1)) {
3811 /* invalidate code */
3812 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3813 /* set dirty bit */
f7c11b53
YT		 3814 cpu_physical_memory_set_dirty_flags(
3815 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3816 }
050a0ddf 3817 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3818 }
3819 } else {
1d393fa2 3820 if (!is_ram_rom_romd(pd)) {
f1f6e3b8 3821 target_phys_addr_t addr1;
13eb76e0 3822 /* I/O case */
11c7ef0c 3823 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3824 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6c2934db 3825 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3826 /* 32 bit read access */
acbbec5d 3827 val = io_mem_read(io_index, addr1, 4);
c27004ec 3828 stl_p(buf, val);
13eb76e0 3829 l = 4;
6c2934db 3830 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3831 /* 16 bit read access */
acbbec5d 3832 val = io_mem_read(io_index, addr1, 2);
c27004ec 3833 stw_p(buf, val);
13eb76e0
FB		 3834 l = 2;
3835 } else {
1c213d19 3836 /* 8 bit read access */
acbbec5d 3837 val = io_mem_read(io_index, addr1, 1);
c27004ec 3838 stb_p(buf, val);
13eb76e0
FB		 3839 l = 1;
3840 }
3841 } else {
3842 /* RAM case */
050a0ddf
AP		 3843 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3844 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3845 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3846 }
3847 }
3848 len -= l;
3849 buf += l;
3850 addr += l;
3851 }
3852}
8df1cd07 3853
d0ecd2aa 3854/* used for ROM loading : can write in RAM and ROM */
c227f099 3855void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3856 const uint8_t *buf, int len)
3857{
3858 int l;
3859 uint8_t *ptr;
c227f099 3860 target_phys_addr_t page;
d0ecd2aa 3861 unsigned long pd;
f1f6e3b8 3862 PhysPageDesc p;
3b46e624 3863
d0ecd2aa
FB		 3864 while (len > 0) {
3865 page = addr & TARGET_PAGE_MASK;
3866 l = (page + TARGET_PAGE_SIZE) - addr;
3867 if (l > len)
3868 l = len;
3869 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3870 pd = p.phys_offset;
3b46e624 3871
1d393fa2 3872 if (!is_ram_rom_romd(pd)) {
d0ecd2aa
FB		 3873 /* do nothing */
3874 } else {
3875 unsigned long addr1;
3876 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3877 /* ROM/RAM case */
5579c7f3 3878 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3879 memcpy(ptr, buf, l);
050a0ddf 3880 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3881 }
3882 len -= l;
3883 buf += l;
3884 addr += l;
3885 }
3886}
3887
6d16c2f8
AL		 3888typedef struct {
3889 void *buffer;
c227f099
AL		 3890 target_phys_addr_t addr;
3891 target_phys_addr_t len;
6d16c2f8
AL		 3892} BounceBuffer;
3893
3894static BounceBuffer bounce;
3895
ba223c29
AL		 3896typedef struct MapClient {
3897 void *opaque;
3898 void (*callback)(void *opaque);
72cf2d4f 3899 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3900} MapClient;
3901
72cf2d4f
BS		 3902static QLIST_HEAD(map_client_list, MapClient) map_client_list
3903 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3904
3905void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3906{
7267c094 3907 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3908
3909 client->opaque = opaque;
3910 client->callback = callback;
72cf2d4f 3911 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3912 return client;
3913}
3914
3915void cpu_unregister_map_client(void *_client)
3916{
3917 MapClient *client = (MapClient *)_client;
3918
72cf2d4f 3919 QLIST_REMOVE(client, link);
7267c094 3920 g_free(client);
ba223c29
AL		 3921}
3922
3923static void cpu_notify_map_clients(void)
3924{
3925 MapClient *client;
3926
72cf2d4f
BS		 3927 while (!QLIST_EMPTY(&map_client_list)) {
3928 client = QLIST_FIRST(&map_client_list);
ba223c29 3929 client->callback(client->opaque);
34d5e948 3930 cpu_unregister_map_client(client);
ba223c29
AL		 3931 }
3932}
3933
6d16c2f8
AL		 3934/* Map a physical memory region into a host virtual address.
3935 * May map a subset of the requested range, given by and returned in *plen.
3936 * May return NULL if resources needed to perform the mapping are exhausted.
3937 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3938 * Use cpu_register_map_client() to know when retrying the map operation is
3939 * likely to succeed.
6d16c2f8 3940 */
c227f099
AL		 3941void *cpu_physical_memory_map(target_phys_addr_t addr,
3942 target_phys_addr_t *plen,
6d16c2f8
AL		 3943 int is_write)
3944{
c227f099 3945 target_phys_addr_t len = *plen;
38bee5dc 3946 target_phys_addr_t todo = 0;
6d16c2f8 3947 int l;
c227f099 3948 target_phys_addr_t page;
6d16c2f8 3949 unsigned long pd;
f1f6e3b8 3950 PhysPageDesc p;
f15fbc4b 3951 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3952 ram_addr_t rlen;
3953 void *ret;
6d16c2f8
AL		 3954
3955 while (len > 0) {
3956 page = addr & TARGET_PAGE_MASK;
3957 l = (page + TARGET_PAGE_SIZE) - addr;
3958 if (l > len)
3959 l = len;
3960 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3961 pd = p.phys_offset;
6d16c2f8 3962
0e0df1e2 3963 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
38bee5dc 3964 if (todo || bounce.buffer) {
6d16c2f8
AL		 3965 break;
3966 }
3967 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3968 bounce.addr = addr;
3969 bounce.len = l;
3970 if (!is_write) {
54f7b4a3 3971 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3972 }
38bee5dc
SS		 3973
3974 *plen = l;
3975 return bounce.buffer;
6d16c2f8 3976 }
8ab934f9
SS		 3977 if (!todo) {
3978 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3979 }
6d16c2f8
AL		 3980
3981 len -= l;
3982 addr += l;
38bee5dc 3983 todo += l;
6d16c2f8 3984 }
8ab934f9
SS		 3985 rlen = todo;
3986 ret = qemu_ram_ptr_length(raddr, &rlen);
3987 *plen = rlen;
3988 return ret;
6d16c2f8
AL		 3989}
3990
3991/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3992 * Will also mark the memory as dirty if is_write == 1. access_len gives
3993 * the amount of memory that was actually read or written by the caller.
3994 */
c227f099
AL		 3995void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3996 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3997{
3998 if (buffer != bounce.buffer) {
3999 if (is_write) {
e890261f 4000 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4001 while (access_len) {
4002 unsigned l;
4003 l = TARGET_PAGE_SIZE;
4004 if (l > access_len)
4005 l = access_len;
4006 if (!cpu_physical_memory_is_dirty(addr1)) {
4007 /* invalidate code */
4008 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4009 /* set dirty bit */
f7c11b53
YT		 4010 cpu_physical_memory_set_dirty_flags(
4011 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4012 }
4013 addr1 += l;
4014 access_len -= l;
4015 }
4016 }
868bb33f 4017 if (xen_enabled()) {
e41d7c69 4018 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4019 }
6d16c2f8
AL		 4020 return;
4021 }
4022 if (is_write) {
4023 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4024 }
f8a83245 4025 qemu_vfree(bounce.buffer);
6d16c2f8 4026 bounce.buffer = NULL;
ba223c29 4027 cpu_notify_map_clients();
6d16c2f8 4028}
d0ecd2aa 4029
8df1cd07 4030/* warning: addr must be aligned */
1e78bcc1
AG		 4031static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4032 enum device_endian endian)
8df1cd07
FB		 4033{
4034 int io_index;
4035 uint8_t *ptr;
4036 uint32_t val;
4037 unsigned long pd;
f1f6e3b8 4038 PhysPageDesc p;
8df1cd07
FB		 4039
4040 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4041 pd = p.phys_offset;
3b46e624 4042
1d393fa2 4043 if (!is_ram_rom_romd(pd)) {
8df1cd07 4044 /* I/O case */
11c7ef0c 4045 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4046 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4047 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4048#if defined(TARGET_WORDS_BIGENDIAN)
4049 if (endian == DEVICE_LITTLE_ENDIAN) {
4050 val = bswap32(val);
4051 }
4052#else
4053 if (endian == DEVICE_BIG_ENDIAN) {
4054 val = bswap32(val);
4055 }
4056#endif
8df1cd07
FB		 4057 } else {
4058 /* RAM case */
5579c7f3 4059 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4060 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4061 switch (endian) {
4062 case DEVICE_LITTLE_ENDIAN:
4063 val = ldl_le_p(ptr);
4064 break;
4065 case DEVICE_BIG_ENDIAN:
4066 val = ldl_be_p(ptr);
4067 break;
4068 default:
4069 val = ldl_p(ptr);
4070 break;
4071 }
8df1cd07
FB		 4072 }
4073 return val;
4074}
4075
1e78bcc1
AG		 4076uint32_t ldl_phys(target_phys_addr_t addr)
4077{
4078 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4079}
4080
4081uint32_t ldl_le_phys(target_phys_addr_t addr)
4082{
4083 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4084}
4085
4086uint32_t ldl_be_phys(target_phys_addr_t addr)
4087{
4088 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4089}
4090
84b7b8e7 4091/* warning: addr must be aligned */
1e78bcc1
AG		 4092static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4093 enum device_endian endian)
84b7b8e7
FB		 4094{
4095 int io_index;
4096 uint8_t *ptr;
4097 uint64_t val;
4098 unsigned long pd;
f1f6e3b8 4099 PhysPageDesc p;
84b7b8e7
FB		 4100
4101 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4102 pd = p.phys_offset;
3b46e624 4103
1d393fa2 4104 if (!is_ram_rom_romd(pd)) {
84b7b8e7 4105 /* I/O case */
11c7ef0c 4106 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4107 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4108
4109 /* XXX This is broken when device endian != cpu endian.
4110 Fix and add "endian" variable check */
84b7b8e7 4111#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4112 val = io_mem_read(io_index, addr, 4) << 32;
4113 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4114#else
acbbec5d
AK		 4115 val = io_mem_read(io_index, addr, 4);
4116 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4117#endif
4118 } else {
4119 /* RAM case */
5579c7f3 4120 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4121 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4122 switch (endian) {
4123 case DEVICE_LITTLE_ENDIAN:
4124 val = ldq_le_p(ptr);
4125 break;
4126 case DEVICE_BIG_ENDIAN:
4127 val = ldq_be_p(ptr);
4128 break;
4129 default:
4130 val = ldq_p(ptr);
4131 break;
4132 }
84b7b8e7
FB		 4133 }
4134 return val;
4135}
4136
1e78bcc1
AG		 4137uint64_t ldq_phys(target_phys_addr_t addr)
4138{
4139 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4140}
4141
4142uint64_t ldq_le_phys(target_phys_addr_t addr)
4143{
4144 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4145}
4146
4147uint64_t ldq_be_phys(target_phys_addr_t addr)
4148{
4149 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4150}
4151
aab33094 4152/* XXX: optimize */
c227f099 4153uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4154{
4155 uint8_t val;
4156 cpu_physical_memory_read(addr, &val, 1);
4157 return val;
4158}
4159
733f0b02 4160/* warning: addr must be aligned */
1e78bcc1
AG		 4161static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4162 enum device_endian endian)
aab33094 4163{
733f0b02
MT		 4164 int io_index;
4165 uint8_t *ptr;
4166 uint64_t val;
4167 unsigned long pd;
f1f6e3b8 4168 PhysPageDesc p;
733f0b02
MT		 4169
4170 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4171 pd = p.phys_offset;
733f0b02 4172
1d393fa2 4173 if (!is_ram_rom_romd(pd)) {
733f0b02 4174 /* I/O case */
11c7ef0c 4175 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4176 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4177 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4178#if defined(TARGET_WORDS_BIGENDIAN)
4179 if (endian == DEVICE_LITTLE_ENDIAN) {
4180 val = bswap16(val);
4181 }
4182#else
4183 if (endian == DEVICE_BIG_ENDIAN) {
4184 val = bswap16(val);
4185 }
4186#endif
733f0b02
MT		 4187 } else {
4188 /* RAM case */
4189 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4190 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4191 switch (endian) {
4192 case DEVICE_LITTLE_ENDIAN:
4193 val = lduw_le_p(ptr);
4194 break;
4195 case DEVICE_BIG_ENDIAN:
4196 val = lduw_be_p(ptr);
4197 break;
4198 default:
4199 val = lduw_p(ptr);
4200 break;
4201 }
733f0b02
MT		 4202 }
4203 return val;
aab33094
FB		 4204}
4205
1e78bcc1
AG		 4206uint32_t lduw_phys(target_phys_addr_t addr)
4207{
4208 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4209}
4210
4211uint32_t lduw_le_phys(target_phys_addr_t addr)
4212{
4213 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4214}
4215
4216uint32_t lduw_be_phys(target_phys_addr_t addr)
4217{
4218 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4219}
4220
8df1cd07
FB		 4221/* warning: addr must be aligned. The ram page is not masked as dirty
4222 and the code inside is not invalidated. It is useful if the dirty
4223 bits are used to track modified PTEs */
c227f099 4224void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4225{
4226 int io_index;
4227 uint8_t *ptr;
4228 unsigned long pd;
f1f6e3b8 4229 PhysPageDesc p;
8df1cd07
FB		 4230
4231 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4232 pd = p.phys_offset;
3b46e624 4233
0e0df1e2 4234 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4235 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4236 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4237 io_mem_write(io_index, addr, val, 4);
8df1cd07 4238 } else {
74576198 4239 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4240 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4241 stl_p(ptr, val);
74576198
AL		 4242
4243 if (unlikely(in_migration)) {
4244 if (!cpu_physical_memory_is_dirty(addr1)) {
4245 /* invalidate code */
4246 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4247 /* set dirty bit */
f7c11b53
YT		 4248 cpu_physical_memory_set_dirty_flags(
4249 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4250 }
4251 }
8df1cd07
FB		 4252 }
4253}
4254
c227f099 4255void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4256{
4257 int io_index;
4258 uint8_t *ptr;
4259 unsigned long pd;
f1f6e3b8 4260 PhysPageDesc p;
bc98a7ef
JM		 4261
4262 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4263 pd = p.phys_offset;
3b46e624 4264
0e0df1e2 4265 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4266 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4267 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
bc98a7ef 4268#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4269 io_mem_write(io_index, addr, val >> 32, 4);
4270 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4271#else
acbbec5d
AK		 4272 io_mem_write(io_index, addr, (uint32_t)val, 4);
4273 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4274#endif
4275 } else {
5579c7f3 4276 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4277 (addr & ~TARGET_PAGE_MASK);
4278 stq_p(ptr, val);
4279 }
4280}
4281
8df1cd07 4282/* warning: addr must be aligned */
1e78bcc1
AG		 4283static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4284 enum device_endian endian)
8df1cd07
FB		 4285{
4286 int io_index;
4287 uint8_t *ptr;
4288 unsigned long pd;
f1f6e3b8 4289 PhysPageDesc p;
8df1cd07
FB		 4290
4291 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4292 pd = p.phys_offset;
3b46e624 4293
0e0df1e2 4294 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4295 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4296 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4297#if defined(TARGET_WORDS_BIGENDIAN)
4298 if (endian == DEVICE_LITTLE_ENDIAN) {
4299 val = bswap32(val);
4300 }
4301#else
4302 if (endian == DEVICE_BIG_ENDIAN) {
4303 val = bswap32(val);
4304 }
4305#endif
acbbec5d 4306 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4307 } else {
4308 unsigned long addr1;
4309 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4310 /* RAM case */
5579c7f3 4311 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4312 switch (endian) {
4313 case DEVICE_LITTLE_ENDIAN:
4314 stl_le_p(ptr, val);
4315 break;
4316 case DEVICE_BIG_ENDIAN:
4317 stl_be_p(ptr, val);
4318 break;
4319 default:
4320 stl_p(ptr, val);
4321 break;
4322 }
3a7d929e
FB		 4323 if (!cpu_physical_memory_is_dirty(addr1)) {
4324 /* invalidate code */
4325 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4326 /* set dirty bit */
f7c11b53
YT		 4327 cpu_physical_memory_set_dirty_flags(addr1,
4328 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4329 }
8df1cd07
FB		 4330 }
4331}
4332
1e78bcc1
AG		 4333void stl_phys(target_phys_addr_t addr, uint32_t val)
4334{
4335 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4336}
4337
4338void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4339{
4340 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4341}
4342
4343void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4344{
4345 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4346}
4347
aab33094 4348/* XXX: optimize */
c227f099 4349void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4350{
4351 uint8_t v = val;
4352 cpu_physical_memory_write(addr, &v, 1);
4353}
4354
733f0b02 4355/* warning: addr must be aligned */
1e78bcc1
AG		 4356static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4357 enum device_endian endian)
aab33094 4358{
733f0b02
MT		 4359 int io_index;
4360 uint8_t *ptr;
4361 unsigned long pd;
f1f6e3b8 4362 PhysPageDesc p;
733f0b02
MT		 4363
4364 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4365 pd = p.phys_offset;
733f0b02 4366
0e0df1e2 4367 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4368 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4369 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4370#if defined(TARGET_WORDS_BIGENDIAN)
4371 if (endian == DEVICE_LITTLE_ENDIAN) {
4372 val = bswap16(val);
4373 }
4374#else
4375 if (endian == DEVICE_BIG_ENDIAN) {
4376 val = bswap16(val);
4377 }
4378#endif
acbbec5d 4379 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4380 } else {
4381 unsigned long addr1;
4382 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4383 /* RAM case */
4384 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4385 switch (endian) {
4386 case DEVICE_LITTLE_ENDIAN:
4387 stw_le_p(ptr, val);
4388 break;
4389 case DEVICE_BIG_ENDIAN:
4390 stw_be_p(ptr, val);
4391 break;
4392 default:
4393 stw_p(ptr, val);
4394 break;
4395 }
733f0b02
MT		 4396 if (!cpu_physical_memory_is_dirty(addr1)) {
4397 /* invalidate code */
4398 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4399 /* set dirty bit */
4400 cpu_physical_memory_set_dirty_flags(addr1,
4401 (0xff & ~CODE_DIRTY_FLAG));
4402 }
4403 }
aab33094
FB		 4404}
4405
1e78bcc1
AG		 4406void stw_phys(target_phys_addr_t addr, uint32_t val)
4407{
4408 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4409}
4410
4411void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4412{
4413 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4414}
4415
4416void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4417{
4418 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4419}
4420
aab33094 4421/* XXX: optimize */
c227f099 4422void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4423{
4424 val = tswap64(val);
71d2b725 4425 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4426}
4427
1e78bcc1
AG		 4428void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4429{
4430 val = cpu_to_le64(val);
4431 cpu_physical_memory_write(addr, &val, 8);
4432}
4433
4434void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4435{
4436 val = cpu_to_be64(val);
4437 cpu_physical_memory_write(addr, &val, 8);
4438}
4439
5e2972fd 4440/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4441int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4442 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4443{
4444 int l;
c227f099 4445 target_phys_addr_t phys_addr;
9b3c35e0 4446 target_ulong page;
13eb76e0
FB		 4447
4448 while (len > 0) {
4449 page = addr & TARGET_PAGE_MASK;
4450 phys_addr = cpu_get_phys_page_debug(env, page);
4451 /* if no physical page mapped, return an error */
4452 if (phys_addr == -1)
4453 return -1;
4454 l = (page + TARGET_PAGE_SIZE) - addr;
4455 if (l > len)
4456 l = len;
5e2972fd 4457 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4458 if (is_write)
4459 cpu_physical_memory_write_rom(phys_addr, buf, l);
4460 else
5e2972fd 4461 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4462 len -= l;
4463 buf += l;
4464 addr += l;
4465 }
4466 return 0;
4467}
a68fe89c 4468#endif
13eb76e0 4469
2e70f6ef
PB		 4470/* in deterministic execution mode, instructions doing device I/Os
4471 must be at the end of the TB */
4472void cpu_io_recompile(CPUState *env, void *retaddr)
4473{
4474 TranslationBlock *tb;
4475 uint32_t n, cflags;
4476 target_ulong pc, cs_base;
4477 uint64_t flags;
4478
4479 tb = tb_find_pc((unsigned long)retaddr);
4480 if (!tb) {
4481 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4482 retaddr);
4483 }
4484 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4485 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4486 /* Calculate how many instructions had been executed before the fault
bf20dc07 4487 occurred. */
2e70f6ef
PB		 4488 n = n - env->icount_decr.u16.low;
4489 /* Generate a new TB ending on the I/O insn. */
4490 n++;
4491 /* On MIPS and SH, delay slot instructions can only be restarted if
4492 they were already the first instruction in the TB. If this is not
bf20dc07 4493 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4494 branch. */
4495#if defined(TARGET_MIPS)
4496 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4497 env->active_tc.PC -= 4;
4498 env->icount_decr.u16.low++;
4499 env->hflags &= ~MIPS_HFLAG_BMASK;
4500 }
4501#elif defined(TARGET_SH4)
4502 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4503 && n > 1) {
4504 env->pc -= 2;
4505 env->icount_decr.u16.low++;
4506 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4507 }
4508#endif
4509 /* This should never happen. */
4510 if (n > CF_COUNT_MASK)
4511 cpu_abort(env, "TB too big during recompile");
4512
4513 cflags = n | CF_LAST_IO;
4514 pc = tb->pc;
4515 cs_base = tb->cs_base;
4516 flags = tb->flags;
4517 tb_phys_invalidate(tb, -1);
4518 /* FIXME: In theory this could raise an exception. In practice
4519 we have already translated the block once so it's probably ok. */
4520 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4521 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4522 the first in the TB) then we end up generating a whole new TB and
4523 repeating the fault, which is horribly inefficient.
4524 Better would be to execute just this insn uncached, or generate a
4525 second new TB. */
4526 cpu_resume_from_signal(env, NULL);
4527}
4528
b3755a91
PB		 4529#if !defined(CONFIG_USER_ONLY)
4530
055403b2 4531void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4532{
4533 int i, target_code_size, max_target_code_size;
4534 int direct_jmp_count, direct_jmp2_count, cross_page;
4535 TranslationBlock *tb;
3b46e624 4536
e3db7226
FB		 4537 target_code_size = 0;
4538 max_target_code_size = 0;
4539 cross_page = 0;
4540 direct_jmp_count = 0;
4541 direct_jmp2_count = 0;
4542 for(i = 0; i < nb_tbs; i++) {
4543 tb = &tbs[i];
4544 target_code_size += tb->size;
4545 if (tb->size > max_target_code_size)
4546 max_target_code_size = tb->size;
4547 if (tb->page_addr[1] != -1)
4548 cross_page++;
4549 if (tb->tb_next_offset[0] != 0xffff) {
4550 direct_jmp_count++;
4551 if (tb->tb_next_offset[1] != 0xffff) {
4552 direct_jmp2_count++;
4553 }
4554 }
4555 }
4556 /* XXX: avoid using doubles ? */
57fec1fe 4557 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4558 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4559 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4560 cpu_fprintf(f, "TB count %d/%d\n",
4561 nb_tbs, code_gen_max_blocks);
5fafdf24 4562 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4563 nb_tbs ? target_code_size / nb_tbs : 0,
4564 max_target_code_size);
055403b2 4565 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4566 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4567 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4568 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4569 cross_page,
e3db7226
FB		 4570 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4571 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4572 direct_jmp_count,
e3db7226
FB		 4573 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4574 direct_jmp2_count,
4575 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4576 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4577 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4578 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4579 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4580 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4581}
4582
d39e8222
AK		 4583/* NOTE: this function can trigger an exception */
4584/* NOTE2: the returned address is not exactly the physical address: it
4585 is the offset relative to phys_ram_base */
4586tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4587{
4588 int mmu_idx, page_index, pd;
4589 void *p;
4590
4591 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4592 mmu_idx = cpu_mmu_index(env1);
4593 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4594 (addr & TARGET_PAGE_MASK))) {
4595 ldub_code(addr);
4596 }
4597 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4598 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
75c578dc 4599 && !is_romd(pd)) {
d39e8222
AK		 4600#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4601 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4602#else
4603 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4604#endif
4605 }
4606 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4607 return qemu_ram_addr_from_host_nofail(p);
4608}
4609
82afa586
BH		 4610/*
4611 * A helper function for the _utterly broken_ virtio device model to find out if
4612 * it's running on a big endian machine. Don't do this at home kids!
4613 */
4614bool virtio_is_big_endian(void);
4615bool virtio_is_big_endian(void)
4616{
4617#if defined(TARGET_WORDS_BIGENDIAN)
4618 return true;
4619#else
4620 return false;
4621#endif
4622}
4623
61382a50 4624#define MMUSUFFIX _cmmu
3917149d 4625#undef GETPC
61382a50
FB		 4626#define GETPC() NULL
4627#define env cpu_single_env
b769d8fe 4628#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4629
4630#define SHIFT 0
4631#include "softmmu_template.h"
4632
4633#define SHIFT 1
4634#include "softmmu_template.h"
4635
4636#define SHIFT 2
4637#include "softmmu_template.h"
4638
4639#define SHIFT 3
4640#include "softmmu_template.h"
4641
4642#undef env
4643
4644#endif
Qemu copy for testing