]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: extract TB watchpoint check
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a 36#include "memory.h"
9e11908f 37#include "dma.h"
62152b8a 38#include "exec-memory.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
f01576f1
JL		 41#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
42#include <sys/param.h>
43#if __FreeBSD_version >= 700104
44#define HAVE_KINFO_GETVMMAP
45#define sigqueue sigqueue_freebsd /* avoid redefinition */
46#include <sys/time.h>
47#include <sys/proc.h>
48#include <machine/profile.h>
49#define _KERNEL
50#include <sys/user.h>
51#undef _KERNEL
52#undef sigqueue
53#include <libutil.h>
54#endif
55#endif
432d268c
JN		 56#else /* !CONFIG_USER_ONLY */
57#include "xen-mapcache.h"
6506e4f9 58#include "trace.h"
53a5960a 59#endif
54936004 60
0cac1b66
BS		 61#include "cputlb.h"
62
7762c2c1 63#include "memory-internal.h"
67d95c15 64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
44209fc4 82/* Code generation and translation blocks */
bdaf78e0 83static TranslationBlock *tbs;
24ab68ac 84static int code_gen_max_blocks;
9fa3e853 85TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 86static int nb_tbs;
eb51d102 87/* any access to the tbs or the page table must use this lock */
c227f099 88spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 89
4438c8a9 90uint8_t *code_gen_prologue;
bdaf78e0 91static uint8_t *code_gen_buffer;
f1bc0bcc 92static size_t code_gen_buffer_size;
26a5f13b 93/* threshold to flush the translated code buffer */
f1bc0bcc 94static size_t code_gen_buffer_max_size;
24ab68ac 95static uint8_t *code_gen_ptr;
fd6ce8f6 96
e2eef170 97#if !defined(CONFIG_USER_ONLY)
9fa3e853 98int phys_ram_fd;
74576198 99static int in_migration;
94a6b54f 100
85d59fef 101RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 102
103static MemoryRegion *system_memory;
309cb471 104static MemoryRegion *system_io;
62152b8a 105
f6790af6
AK		 106AddressSpace address_space_io;
107AddressSpace address_space_memory;
9e11908f 108DMAContext dma_context_memory;
2673a5da 109
0e0df1e2 110MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 111static MemoryRegion io_mem_subpage_ram;
0e0df1e2 112
e2eef170 113#endif
9fa3e853 114
9349b4f9 115CPUArchState *first_cpu;
6a00d601
FB		 116/* current CPU in the current thread. It is only valid inside
117 cpu_exec() */
9349b4f9 118DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 119/* 0 = Do not count executed instructions.
bf20dc07 120 1 = Precise instruction counting.
2e70f6ef
PB		 121 2 = Adaptive rate instruction counting. */
122int use_icount = 0;
6a00d601 123
54936004 124typedef struct PageDesc {
92e873b9 125 /* list of TBs intersecting this ram page */
fd6ce8f6 126 TranslationBlock *first_tb;
9fa3e853
FB		 127 /* in order to optimize self modifying code, we count the number
128 of lookups we do to a given page to use a bitmap */
129 unsigned int code_write_count;
130 uint8_t *code_bitmap;
131#if defined(CONFIG_USER_ONLY)
132 unsigned long flags;
133#endif
54936004
FB		 134} PageDesc;
135
41c1b1c9 136/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 137 while in user mode we want it to be based on virtual addresses. */
138#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 139#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
140# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
141#else
5cd2c5b6 142# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 143#endif
bedb69ea 144#else
5cd2c5b6 145# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 146#endif
54936004 147
5cd2c5b6
RH		 148/* Size of the L2 (and L3, etc) page tables. */
149#define L2_BITS 10
54936004
FB		 150#define L2_SIZE (1 << L2_BITS)
151
3eef53df
AK		 152#define P_L2_LEVELS \
153 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
154
5cd2c5b6 155/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 156#define V_L1_BITS_REM \
157 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
158
5cd2c5b6
RH		 159#if V_L1_BITS_REM < 4
160#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
161#else
162#define V_L1_BITS V_L1_BITS_REM
163#endif
164
5cd2c5b6
RH		 165#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
166
5cd2c5b6
RH		 167#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
168
c6d50674
SW		 169uintptr_t qemu_real_host_page_size;
170uintptr_t qemu_host_page_size;
171uintptr_t qemu_host_page_mask;
54936004 172
5cd2c5b6
RH		 173/* This is a multi-level map on the virtual address space.
174 The bottom level has pointers to PageDesc. */
175static void *l1_map[V_L1_SIZE];
54936004 176
e2eef170 177#if !defined(CONFIG_USER_ONLY)
4346ae3e 178
5312bd8b
AK		 179static MemoryRegionSection *phys_sections;
180static unsigned phys_sections_nb, phys_sections_nb_alloc;
181static uint16_t phys_section_unassigned;
aa102231
AK		 182static uint16_t phys_section_notdirty;
183static uint16_t phys_section_rom;
184static uint16_t phys_section_watch;
5312bd8b 185
d6f2ea22
AK		 186/* Simple allocator for PhysPageEntry nodes */
187static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
188static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
189
07f07b31 190#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 191
e2eef170 192static void io_mem_init(void);
62152b8a 193static void memory_map_init(void);
8b9c99d9 194static void *qemu_safe_ram_ptr(ram_addr_t addr);
e2eef170 195
1ec9b909 196static MemoryRegion io_mem_watch;
6658ffb8 197#endif
8b9c99d9
BS		 198static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
199 tb_page_addr_t phys_page2);
33417e70 200
e3db7226 201/* statistics */
e3db7226
FB		 202static int tb_flush_count;
203static int tb_phys_invalidate_count;
204
7cb69cae 205#ifdef _WIN32
4438c8a9 206static inline void map_exec(void *addr, long size)
7cb69cae
FB		 207{
208 DWORD old_protect;
209 VirtualProtect(addr, size,
210 PAGE_EXECUTE_READWRITE, &old_protect);
7cb69cae
FB		 211}
212#else
4438c8a9 213static inline void map_exec(void *addr, long size)
7cb69cae 214{
4369415f 215 unsigned long start, end, page_size;
44209fc4 216
4369415f 217 page_size = getpagesize();
7cb69cae 218 start = (unsigned long)addr;
4369415f 219 start &= ~(page_size - 1);
44209fc4 220
7cb69cae 221 end = (unsigned long)addr + size;
4369415f
FB		 222 end += page_size - 1;
223 end &= ~(page_size - 1);
44209fc4 224
7cb69cae
FB		 225 mprotect((void *)start, end - start,
226 PROT_READ | PROT_WRITE | PROT_EXEC);
227}
228#endif
229
b346ff46 230static void page_init(void)
54936004 231{
83fb7adf 232 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 233 TARGET_PAGE_SIZE */
c2b48b69
AL		 234#ifdef _WIN32
235 {
236 SYSTEM_INFO system_info;
237
238 GetSystemInfo(&system_info);
239 qemu_real_host_page_size = system_info.dwPageSize;
240 }
241#else
242 qemu_real_host_page_size = getpagesize();
243#endif
44209fc4 244 if (qemu_host_page_size == 0) {
83fb7adf 245 qemu_host_page_size = qemu_real_host_page_size;
44209fc4
BS		 246 }
247 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
83fb7adf 248 qemu_host_page_size = TARGET_PAGE_SIZE;
44209fc4 249 }
83fb7adf 250 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 251
2e9a5713 252#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 253 {
f01576f1
JL		 254#ifdef HAVE_KINFO_GETVMMAP
255 struct kinfo_vmentry *freep;
256 int i, cnt;
257
258 freep = kinfo_getvmmap(getpid(), &cnt);
259 if (freep) {
260 mmap_lock();
261 for (i = 0; i < cnt; i++) {
262 unsigned long startaddr, endaddr;
263
264 startaddr = freep[i].kve_start;
265 endaddr = freep[i].kve_end;
266 if (h2g_valid(startaddr)) {
267 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
268
269 if (h2g_valid(endaddr)) {
270 endaddr = h2g(endaddr);
fd436907 271 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 272 } else {
273#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
274 endaddr = ~0ul;
fd436907 275 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 276#endif
277 }
278 }
279 }
280 free(freep);
281 mmap_unlock();
282 }
283#else
50a9569b 284 FILE *f;
50a9569b 285
0776590d 286 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 287
fd436907 288 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 289 if (f) {
5cd2c5b6
RH		 290 mmap_lock();
291
50a9569b 292 do {
5cd2c5b6
RH		 293 unsigned long startaddr, endaddr;
294 int n;
295
44209fc4 296 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
5cd2c5b6
RH		 297
298 if (n == 2 && h2g_valid(startaddr)) {
299 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
300
301 if (h2g_valid(endaddr)) {
302 endaddr = h2g(endaddr);
303 } else {
304 endaddr = ~0ul;
305 }
306 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 307 }
308 } while (!feof(f));
5cd2c5b6 309
50a9569b 310 fclose(f);
5cd2c5b6 311 mmap_unlock();
50a9569b 312 }
f01576f1 313#endif
50a9569b
AZ		 314 }
315#endif
54936004
FB		 316}
317
41c1b1c9 318static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 319{
41c1b1c9
PB		 320 PageDesc *pd;
321 void **lp;
322 int i;
323
5cd2c5b6 324#if defined(CONFIG_USER_ONLY)
7267c094 325 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 326# define ALLOC(P, SIZE) \
327 do { \
328 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
329 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 330 } while (0)
331#else
332# define ALLOC(P, SIZE) \
7267c094 333 do { P = g_malloc0(SIZE); } while (0)
17e2377a 334#endif
434929bf 335
5cd2c5b6
RH		 336 /* Level 1. Always allocated. */
337 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
338
339 /* Level 2..N-1. */
340 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
341 void **p = *lp;
342
343 if (p == NULL) {
344 if (!alloc) {
345 return NULL;
346 }
347 ALLOC(p, sizeof(void *) * L2_SIZE);
348 *lp = p;
17e2377a 349 }
5cd2c5b6
RH		 350
351 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
352 }
353
354 pd = *lp;
355 if (pd == NULL) {
356 if (!alloc) {
357 return NULL;
358 }
359 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
360 *lp = pd;
54936004 361 }
5cd2c5b6
RH		 362
363#undef ALLOC
5cd2c5b6
RH		 364
365 return pd + (index & (L2_SIZE - 1));
54936004
FB		 366}
367
41c1b1c9 368static inline PageDesc *page_find(tb_page_addr_t index)
54936004 369{
5cd2c5b6 370 return page_find_alloc(index, 0);
fd6ce8f6
FB		 371}
372
6d9a1304 373#if !defined(CONFIG_USER_ONLY)
d6f2ea22 374
f7bf5461 375static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 376{
f7bf5461 377 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 378 typedef PhysPageEntry Node[L2_SIZE];
379 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 380 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
381 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 382 phys_map_nodes = g_renew(Node, phys_map_nodes,
383 phys_map_nodes_nb_alloc);
384 }
f7bf5461
AK		 385}
386
387static uint16_t phys_map_node_alloc(void)
388{
389 unsigned i;
390 uint16_t ret;
391
392 ret = phys_map_nodes_nb++;
393 assert(ret != PHYS_MAP_NODE_NIL);
394 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 395 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 396 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 397 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 398 }
f7bf5461 399 return ret;
d6f2ea22
AK		 400}
401
402static void phys_map_nodes_reset(void)
403{
404 phys_map_nodes_nb = 0;
405}
406
92e873b9 407
a8170e5e
AK		 408static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
409 hwaddr *nb, uint16_t leaf,
2999097b 410 int level)
f7bf5461
AK		 411{
412 PhysPageEntry *p;
413 int i;
a8170e5e 414 hwaddr step = (hwaddr)1 << (level * L2_BITS);
108c49b8 415
07f07b31 416 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 417 lp->ptr = phys_map_node_alloc();
418 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 419 if (level == 0) {
420 for (i = 0; i < L2_SIZE; i++) {
07f07b31 421 p[i].is_leaf = 1;
c19e8800 422 p[i].ptr = phys_section_unassigned;
4346ae3e 423 }
67c4d23c 424 }
f7bf5461 425 } else {
c19e8800 426 p = phys_map_nodes[lp->ptr];
92e873b9 427 }
2999097b 428 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 429
2999097b 430 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 431 if ((*index & (step - 1)) == 0 && *nb >= step) {
432 lp->is_leaf = true;
c19e8800 433 lp->ptr = leaf;
07f07b31
AK		 434 *index += step;
435 *nb -= step;
2999097b
AK		 436 } else {
437 phys_page_set_level(lp, index, nb, leaf, level - 1);
438 }
439 ++lp;
f7bf5461
AK		 440 }
441}
442
ac1970fb 443static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 444 hwaddr index, hwaddr nb,
2999097b 445 uint16_t leaf)
f7bf5461 446{
2999097b 447 /* Wildly overreserve - it doesn't matter much. */
07f07b31 448 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 449
ac1970fb 450 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 451}
452
a8170e5e 453MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
92e873b9 454{
ac1970fb 455 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 456 PhysPageEntry *p;
457 int i;
31ab2b4a 458 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 459
07f07b31 460 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 461 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 462 goto not_found;
463 }
c19e8800 464 p = phys_map_nodes[lp.ptr];
31ab2b4a 465 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 466 }
31ab2b4a 467
c19e8800 468 s_index = lp.ptr;
31ab2b4a 469not_found:
f3705d53
AK		 470 return &phys_sections[s_index];
471}
472
e5548617
BS		 473bool memory_region_is_unassigned(MemoryRegion *mr)
474{
475 return mr != &io_mem_ram && mr != &io_mem_rom
476 && mr != &io_mem_notdirty && !mr->rom_device
477 && mr != &io_mem_watch;
478}
479
c8a706fe
PB		 480#define mmap_lock() do { } while(0)
481#define mmap_unlock() do { } while(0)
9fa3e853 482#endif
fd6ce8f6 483
4369415f 484#if defined(CONFIG_USER_ONLY)
ccbb4d44 485/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 486 user mode. It will change when a dedicated libc will be used. */
487/* ??? 64-bit hosts ought to have no problem mmaping data outside the
488 region in which the guest needs to run. Revisit this. */
4369415f
FB		 489#define USE_STATIC_CODE_GEN_BUFFER
490#endif
491
f1bc0bcc
RH		 492/* ??? Should configure for this, not list operating systems here. */
493#if (defined(__linux__) \
494 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
495 || defined(__DragonFly__) || defined(__OpenBSD__) \
496 || defined(__NetBSD__))
497# define USE_MMAP
4369415f
FB		 498#endif
499
74d590c8
RH		 500/* Minimum size of the code gen buffer. This number is randomly chosen,
501 but not so small that we can't have a fair number of TB's live. */
502#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
503
f1bc0bcc
RH		 504/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
505 indicated, this is constrained by the range of direct branches on the
506 host cpu, as used by the TCG implementation of goto_tb. */
507#if defined(__x86_64__)
508# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
509#elif defined(__sparc__)
510# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
511#elif defined(__arm__)
512# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
513#elif defined(__s390x__)
514 /* We have a +- 4GB range on the branches; leave some slop. */
515# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
516#else
517# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
518#endif
519
3d85a72f
RH		 520#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
521
522#define DEFAULT_CODE_GEN_BUFFER_SIZE \
523 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
524 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 525
526static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 527{
f1bc0bcc
RH		 528 /* Size the buffer. */
529 if (tb_size == 0) {
4369415f 530#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 531 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 532#else
f1bc0bcc
RH		 533 /* ??? Needs adjustments. */
534 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
535 static buffer, we could size this on RESERVED_VA, on the text
536 segment size of the executable, or continue to use the default. */
537 tb_size = (unsigned long)(ram_size / 4);
4369415f 538#endif
26a5f13b 539 }
f1bc0bcc
RH		 540 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
541 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 542 }
f1bc0bcc
RH		 543 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
544 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 545 }
f1bc0bcc
RH		 546 code_gen_buffer_size = tb_size;
547 return tb_size;
548}
549
550#ifdef USE_STATIC_CODE_GEN_BUFFER
551static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
552 __attribute__((aligned(CODE_GEN_ALIGN)));
553
554static inline void *alloc_code_gen_buffer(void)
555{
556 map_exec(static_code_gen_buffer, code_gen_buffer_size);
557 return static_code_gen_buffer;
558}
559#elif defined(USE_MMAP)
560static inline void *alloc_code_gen_buffer(void)
561{
562 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
563 uintptr_t start = 0;
564 void *buf;
565
566 /* Constrain the position of the buffer based on the host cpu.
567 Note that these addresses are chosen in concert with the
568 addresses assigned in the relevant linker script file. */
405def18
RH		 569# if defined(__PIE__) || defined(__PIC__)
570 /* Don't bother setting a preferred location if we're building
571 a position-independent executable. We're more likely to get
572 an address near the main executable if we let the kernel
573 choose the address. */
574# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 575 /* Force the memory down into low memory with the executable.
576 Leave the choice of exact location with the kernel. */
577 flags |= MAP_32BIT;
578 /* Cannot expect to map more than 800MB in low memory. */
579 if (code_gen_buffer_size > 800u * 1024 * 1024) {
580 code_gen_buffer_size = 800u * 1024 * 1024;
581 }
582# elif defined(__sparc__)
583 start = 0x40000000ul;
584# elif defined(__s390x__)
585 start = 0x90000000ul;
586# endif
587
588 buf = mmap((void *)start, code_gen_buffer_size,
589 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
590 return buf == MAP_FAILED ? NULL : buf;
591}
26a5f13b 592#else
f1bc0bcc
RH		 593static inline void *alloc_code_gen_buffer(void)
594{
595 void *buf = g_malloc(code_gen_buffer_size);
44209fc4 596
f1bc0bcc
RH		 597 if (buf) {
598 map_exec(buf, code_gen_buffer_size);
599 }
600 return buf;
601}
602#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
603
604static inline void code_gen_alloc(size_t tb_size)
605{
606 code_gen_buffer_size = size_code_gen_buffer(tb_size);
607 code_gen_buffer = alloc_code_gen_buffer();
608 if (code_gen_buffer == NULL) {
609 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
610 exit(1);
611 }
612
0be4835b
RH		 613 qemu_madvise(code_gen_buffer, code_gen_buffer_size, QEMU_MADV_HUGEPAGE);
614
4438c8a9
RH		 615 /* Steal room for the prologue at the end of the buffer. This ensures
616 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
617 from TB's to the prologue are going to be in range. It also means
618 that we don't need to mark (additional) portions of the data segment
619 as executable. */
620 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
621 code_gen_buffer_size -= 1024;
622
a884da8a
PM		 623 code_gen_buffer_max_size = code_gen_buffer_size -
624 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 625 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 626 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 627}
628
629/* Must be called before using the QEMU cpus. 'tb_size' is the size
630 (in bytes) allocated to the translation buffer. Zero means default
631 size. */
d5ab9713 632void tcg_exec_init(unsigned long tb_size)
26a5f13b 633{
26a5f13b
FB		 634 cpu_gen_init();
635 code_gen_alloc(tb_size);
636 code_gen_ptr = code_gen_buffer;
813da627 637 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 638 page_init();
9002ec79
RH		 639#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
640 /* There's no guest base to take into account, so go ahead and
641 initialize the prologue now. */
642 tcg_prologue_init(&tcg_ctx);
643#endif
26a5f13b
FB		 644}
645
d5ab9713
JK		 646bool tcg_enabled(void)
647{
648 return code_gen_buffer != NULL;
649}
650
651void cpu_exec_init_all(void)
652{
653#if !defined(CONFIG_USER_ONLY)
654 memory_map_init();
655 io_mem_init();
656#endif
657}
658
9656f324
PB		 659#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
660
e59fb374 661static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 662{
9349b4f9 663 CPUArchState *env = opaque;
9656f324 664
3098dba0
AJ		 665 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
666 version_id is increased. */
667 env->interrupt_request &= ~0x01;
9656f324
PB		 668 tlb_flush(env, 1);
669
670 return 0;
671}
e7f4eff7
JQ		 672
673static const VMStateDescription vmstate_cpu_common = {
674 .name = "cpu_common",
675 .version_id = 1,
676 .minimum_version_id = 1,
677 .minimum_version_id_old = 1,
e7f4eff7
JQ		 678 .post_load = cpu_common_post_load,
679 .fields = (VMStateField []) {
9349b4f9
AF		 680 VMSTATE_UINT32(halted, CPUArchState),
681 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 682 VMSTATE_END_OF_LIST()
683 }
684};
9656f324
PB		 685#endif
686
9349b4f9 687CPUArchState *qemu_get_cpu(int cpu)
950f1472 688{
9349b4f9 689 CPUArchState *env = first_cpu;
950f1472
GC		 690
691 while (env) {
692 if (env->cpu_index == cpu)
693 break;
694 env = env->next_cpu;
695 }
696
697 return env;
698}
699
9349b4f9 700void cpu_exec_init(CPUArchState *env)
fd6ce8f6 701{
9f09e18a
AF		 702#ifndef CONFIG_USER_ONLY
703 CPUState *cpu = ENV_GET_CPU(env);
704#endif
9349b4f9 705 CPUArchState **penv;
6a00d601
FB		 706 int cpu_index;
707
c2764719
PB		 708#if defined(CONFIG_USER_ONLY)
709 cpu_list_lock();
710#endif
6a00d601
FB		 711 env->next_cpu = NULL;
712 penv = &first_cpu;
713 cpu_index = 0;
714 while (*penv != NULL) {
1e9fa730 715 penv = &(*penv)->next_cpu;
6a00d601
FB		 716 cpu_index++;
717 }
718 env->cpu_index = cpu_index;
268a362c 719 env->numa_node = 0;
72cf2d4f
BS		 720 QTAILQ_INIT(&env->breakpoints);
721 QTAILQ_INIT(&env->watchpoints);
dc7a09cf 722#ifndef CONFIG_USER_ONLY
9f09e18a 723 cpu->thread_id = qemu_get_thread_id();
dc7a09cf 724#endif
6a00d601 725 *penv = env;
c2764719
PB		 726#if defined(CONFIG_USER_ONLY)
727 cpu_list_unlock();
728#endif
b3c7724c 729#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 730 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
731 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 732 cpu_save, cpu_load, env);
733#endif
fd6ce8f6
FB		 734}
735
d1a1eb74
TG		 736/* Allocate a new translation block. Flush the translation buffer if
737 too many translation blocks or too much generated code. */
738static TranslationBlock *tb_alloc(target_ulong pc)
739{
740 TranslationBlock *tb;
741
742 if (nb_tbs >= code_gen_max_blocks ||
44209fc4 743 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size) {
d1a1eb74 744 return NULL;
44209fc4 745 }
d1a1eb74
TG		 746 tb = &tbs[nb_tbs++];
747 tb->pc = pc;
748 tb->cflags = 0;
749 return tb;
750}
751
752void tb_free(TranslationBlock *tb)
753{
754 /* In practice this is mostly used for single use temporary TB
755 Ignore the hard cases and just back up if this TB happens to
756 be the last one generated. */
757 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
758 code_gen_ptr = tb->tc_ptr;
759 nb_tbs--;
760 }
761}
762
9fa3e853
FB		 763static inline void invalidate_page_bitmap(PageDesc *p)
764{
765 if (p->code_bitmap) {
7267c094 766 g_free(p->code_bitmap);
9fa3e853
FB		 767 p->code_bitmap = NULL;
768 }
769 p->code_write_count = 0;
770}
771
5cd2c5b6 772/* Set to NULL all the 'first_tb' fields in all PageDescs. */
44209fc4 773static void page_flush_tb_1(int level, void **lp)
fd6ce8f6 774{
5cd2c5b6 775 int i;
fd6ce8f6 776
5cd2c5b6
RH		 777 if (*lp == NULL) {
778 return;
779 }
780 if (level == 0) {
781 PageDesc *pd = *lp;
44209fc4 782
7296abac 783 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 784 pd[i].first_tb = NULL;
785 invalidate_page_bitmap(pd + i);
fd6ce8f6 786 }
5cd2c5b6
RH		 787 } else {
788 void **pp = *lp;
44209fc4 789
7296abac 790 for (i = 0; i < L2_SIZE; ++i) {
44209fc4 791 page_flush_tb_1(level - 1, pp + i);
5cd2c5b6
RH		 792 }
793 }
794}
795
796static void page_flush_tb(void)
797{
798 int i;
44209fc4 799
5cd2c5b6
RH		 800 for (i = 0; i < V_L1_SIZE; i++) {
801 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 802 }
803}
804
805/* flush all the translation blocks */
d4e8164f 806/* XXX: tb_flush is currently not thread safe */
9349b4f9 807void tb_flush(CPUArchState *env1)
fd6ce8f6 808{
9349b4f9 809 CPUArchState *env;
44209fc4 810
0124311e 811#if defined(DEBUG_FLUSH)
ab3d1727
BS		 812 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
813 (unsigned long)(code_gen_ptr - code_gen_buffer),
814 nb_tbs, nb_tbs > 0 ?
815 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 816#endif
44209fc4
BS		 817 if ((unsigned long)(code_gen_ptr - code_gen_buffer)
818 > code_gen_buffer_size) {
a208e54a 819 cpu_abort(env1, "Internal error: code buffer overflow\n");
44209fc4 820 }
fd6ce8f6 821 nb_tbs = 0;
3b46e624 822
44209fc4
BS		 823 for (env = first_cpu; env != NULL; env = env->next_cpu) {
824 memset(env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof(void *));
6a00d601 825 }
9fa3e853 826
44209fc4 827 memset(tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof(void *));
fd6ce8f6 828 page_flush_tb();
9fa3e853 829
fd6ce8f6 830 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 831 /* XXX: flush processor icache at this point if cache flush is
832 expensive */
e3db7226 833 tb_flush_count++;
fd6ce8f6
FB		 834}
835
836#ifdef DEBUG_TB_CHECK
837
bc98a7ef 838static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 839{
840 TranslationBlock *tb;
841 int i;
44209fc4 842
fd6ce8f6 843 address &= TARGET_PAGE_MASK;
44209fc4
BS		 844 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
845 for (tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 846 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
847 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 848 printf("ERROR invalidate: address=" TARGET_FMT_lx
849 " PC=%08lx size=%04x\n",
99773bd4 850 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 851 }
852 }
853 }
854}
855
856/* verify that all the pages have correct rights for code */
857static void tb_page_check(void)
858{
859 TranslationBlock *tb;
860 int i, flags1, flags2;
3b46e624 861
44209fc4
BS		 862 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
863 for (tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 864 flags1 = page_get_flags(tb->pc);
865 flags2 = page_get_flags(tb->pc + tb->size - 1);
866 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
867 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 868 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 869 }
870 }
871 }
872}
873
874#endif
875
44209fc4 876
fd6ce8f6
FB		 877/* invalidate one TB */
878static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
879 int next_offset)
880{
881 TranslationBlock *tb1;
44209fc4
BS		 882
883 for (;;) {
fd6ce8f6
FB		 884 tb1 = *ptb;
885 if (tb1 == tb) {
886 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
887 break;
888 }
889 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
890 }
891}
892
9fa3e853
FB		 893static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
894{
895 TranslationBlock *tb1;
896 unsigned int n1;
897
44209fc4 898 for (;;) {
9fa3e853 899 tb1 = *ptb;
8efe0ca8
SW		 900 n1 = (uintptr_t)tb1 & 3;
901 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 902 if (tb1 == tb) {
903 *ptb = tb1->page_next[n1];
904 break;
905 }
906 ptb = &tb1->page_next[n1];
907 }
908}
909
d4e8164f
FB		 910static inline void tb_jmp_remove(TranslationBlock *tb, int n)
911{
912 TranslationBlock *tb1, **ptb;
913 unsigned int n1;
914
915 ptb = &tb->jmp_next[n];
916 tb1 = *ptb;
917 if (tb1) {
918 /* find tb(n) in circular list */
44209fc4 919 for (;;) {
d4e8164f 920 tb1 = *ptb;
8efe0ca8
SW		 921 n1 = (uintptr_t)tb1 & 3;
922 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
44209fc4 923 if (n1 == n && tb1 == tb) {
d4e8164f 924 break;
44209fc4 925 }
d4e8164f
FB		 926 if (n1 == 2) {
927 ptb = &tb1->jmp_first;
928 } else {
929 ptb = &tb1->jmp_next[n1];
930 }
931 }
932 /* now we can suppress tb(n) from the list */
933 *ptb = tb->jmp_next[n];
934
935 tb->jmp_next[n] = NULL;
936 }
937}
938
939/* reset the jump entry 'n' of a TB so that it is not chained to
940 another TB */
941static inline void tb_reset_jump(TranslationBlock *tb, int n)
942{
8efe0ca8 943 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 944}
945
41c1b1c9 946void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 947{
9349b4f9 948 CPUArchState *env;
8a40a180 949 PageDesc *p;
d4e8164f 950 unsigned int h, n1;
41c1b1c9 951 tb_page_addr_t phys_pc;
8a40a180 952 TranslationBlock *tb1, *tb2;
3b46e624 953
8a40a180
FB		 954 /* remove the TB from the hash list */
955 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
956 h = tb_phys_hash_func(phys_pc);
5fafdf24 957 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 958 offsetof(TranslationBlock, phys_hash_next));
959
960 /* remove the TB from the page list */
961 if (tb->page_addr[0] != page_addr) {
962 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
963 tb_page_remove(&p->first_tb, tb);
964 invalidate_page_bitmap(p);
965 }
966 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
967 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
968 tb_page_remove(&p->first_tb, tb);
969 invalidate_page_bitmap(p);
970 }
971
36bdbe54 972 tb_invalidated_flag = 1;
59817ccb 973
fd6ce8f6 974 /* remove the TB from the hash list */
8a40a180 975 h = tb_jmp_cache_hash_func(tb->pc);
44209fc4
BS		 976 for (env = first_cpu; env != NULL; env = env->next_cpu) {
977 if (env->tb_jmp_cache[h] == tb) {
6a00d601 978 env->tb_jmp_cache[h] = NULL;
44209fc4 979 }
6a00d601 980 }
d4e8164f
FB		 981
982 /* suppress this TB from the two jump lists */
983 tb_jmp_remove(tb, 0);
984 tb_jmp_remove(tb, 1);
985
986 /* suppress any remaining jumps to this TB */
987 tb1 = tb->jmp_first;
44209fc4 988 for (;;) {
8efe0ca8 989 n1 = (uintptr_t)tb1 & 3;
44209fc4 990 if (n1 == 2) {
d4e8164f 991 break;
44209fc4 992 }
8efe0ca8 993 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 994 tb2 = tb1->jmp_next[n1];
995 tb_reset_jump(tb1, n1);
996 tb1->jmp_next[n1] = NULL;
997 tb1 = tb2;
998 }
8efe0ca8 999 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 1000
e3db7226 1001 tb_phys_invalidate_count++;
9fa3e853
FB		 1002}
1003
1004static inline void set_bits(uint8_t *tab, int start, int len)
1005{
1006 int end, mask, end1;
1007
1008 end = start + len;
1009 tab += start >> 3;
1010 mask = 0xff << (start & 7);
1011 if ((start & ~7) == (end & ~7)) {
1012 if (start < end) {
1013 mask &= ~(0xff << (end & 7));
1014 *tab |= mask;
1015 }
1016 } else {
1017 *tab++ |= mask;
1018 start = (start + 8) & ~7;
1019 end1 = end & ~7;
1020 while (start < end1) {
1021 *tab++ = 0xff;
1022 start += 8;
1023 }
1024 if (start < end) {
1025 mask = ~(0xff << (end & 7));
1026 *tab |= mask;
1027 }
1028 }
1029}
1030
1031static void build_page_bitmap(PageDesc *p)
1032{
1033 int n, tb_start, tb_end;
1034 TranslationBlock *tb;
3b46e624 1035
7267c094 1036 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1037
1038 tb = p->first_tb;
1039 while (tb != NULL) {
8efe0ca8
SW		 1040 n = (uintptr_t)tb & 3;
1041 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1042 /* NOTE: this is subtle as a TB may span two physical pages */
1043 if (n == 0) {
1044 /* NOTE: tb_end may be after the end of the page, but
1045 it is not a problem */
1046 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1047 tb_end = tb_start + tb->size;
44209fc4 1048 if (tb_end > TARGET_PAGE_SIZE) {
9fa3e853 1049 tb_end = TARGET_PAGE_SIZE;
44209fc4 1050 }
9fa3e853
FB		 1051 } else {
1052 tb_start = 0;
1053 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1054 }
1055 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1056 tb = tb->page_next[n];
1057 }
1058}
1059
9349b4f9 1060TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1061 target_ulong pc, target_ulong cs_base,
1062 int flags, int cflags)
d720b93d
FB		 1063{
1064 TranslationBlock *tb;
1065 uint8_t *tc_ptr;
41c1b1c9
PB		 1066 tb_page_addr_t phys_pc, phys_page2;
1067 target_ulong virt_page2;
d720b93d
FB		 1068 int code_gen_size;
1069
41c1b1c9 1070 phys_pc = get_page_addr_code(env, pc);
c27004ec 1071 tb = tb_alloc(pc);
d720b93d
FB		 1072 if (!tb) {
1073 /* flush must be done */
1074 tb_flush(env);
1075 /* cannot fail at this point */
c27004ec 1076 tb = tb_alloc(pc);
2e70f6ef
PB		 1077 /* Don't forget to invalidate previous TB info. */
1078 tb_invalidated_flag = 1;
d720b93d
FB		 1079 }
1080 tc_ptr = code_gen_ptr;
1081 tb->tc_ptr = tc_ptr;
1082 tb->cs_base = cs_base;
1083 tb->flags = flags;
1084 tb->cflags = cflags;
d07bde88 1085 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1086 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1087 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1088
d720b93d 1089 /* check next page if needed */
c27004ec 1090 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1091 phys_page2 = -1;
c27004ec 1092 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1093 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1094 }
41c1b1c9 1095 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1096 return tb;
d720b93d 1097}
3b46e624 1098
77a8f1a5 1099/*
8e0fdce3
JK		 1100 * Invalidate all TBs which intersect with the target physical address range
1101 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1102 * 'is_cpu_write_access' should be true if called from a real cpu write
1103 * access: the virtual CPU will exit the current TB if code is modified inside
1104 * this TB.
77a8f1a5
AG		 1105 */
1106void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1107 int is_cpu_write_access)
1108{
1109 while (start < end) {
1110 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1111 start &= TARGET_PAGE_MASK;
1112 start += TARGET_PAGE_SIZE;
1113 }
1114}
1115
8e0fdce3
JK		 1116/*
1117 * Invalidate all TBs which intersect with the target physical address range
1118 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1119 * 'is_cpu_write_access' should be true if called from a real cpu write
1120 * access: the virtual CPU will exit the current TB if code is modified inside
1121 * this TB.
1122 */
41c1b1c9 1123void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1124 int is_cpu_write_access)
1125{
6b917547 1126 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1127 CPUArchState *env = cpu_single_env;
41c1b1c9 1128 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1129 PageDesc *p;
1130 int n;
1131#ifdef TARGET_HAS_PRECISE_SMC
1132 int current_tb_not_found = is_cpu_write_access;
1133 TranslationBlock *current_tb = NULL;
1134 int current_tb_modified = 0;
1135 target_ulong current_pc = 0;
1136 target_ulong current_cs_base = 0;
1137 int current_flags = 0;
1138#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1139
1140 p = page_find(start >> TARGET_PAGE_BITS);
44209fc4 1141 if (!p) {
9fa3e853 1142 return;
44209fc4 1143 }
5fafdf24 1144 if (!p->code_bitmap &&
d720b93d
FB		 1145 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1146 is_cpu_write_access) {
9fa3e853
FB		 1147 /* build code bitmap */
1148 build_page_bitmap(p);
1149 }
1150
1151 /* we remove all the TBs in the range [start, end[ */
44209fc4
BS		 1152 /* XXX: see if in some cases it could be faster to invalidate all
1153 the code */
9fa3e853
FB		 1154 tb = p->first_tb;
1155 while (tb != NULL) {
8efe0ca8
SW		 1156 n = (uintptr_t)tb & 3;
1157 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1158 tb_next = tb->page_next[n];
1159 /* NOTE: this is subtle as a TB may span two physical pages */
1160 if (n == 0) {
1161 /* NOTE: tb_end may be after the end of the page, but
1162 it is not a problem */
1163 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1164 tb_end = tb_start + tb->size;
1165 } else {
1166 tb_start = tb->page_addr[1];
1167 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1168 }
1169 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1170#ifdef TARGET_HAS_PRECISE_SMC
1171 if (current_tb_not_found) {
1172 current_tb_not_found = 0;
1173 current_tb = NULL;
2e70f6ef 1174 if (env->mem_io_pc) {
d720b93d 1175 /* now we have a real cpu fault */
2e70f6ef 1176 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1177 }
1178 }
1179 if (current_tb == tb &&
2e70f6ef 1180 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1181 /* If we are modifying the current TB, we must stop
1182 its execution. We could be more precise by checking
1183 that the modification is after the current PC, but it
1184 would require a specialized function to partially
1185 restore the CPU state */
3b46e624 1186
d720b93d 1187 current_tb_modified = 1;
618ba8e6 1188 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1189 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1190 &current_flags);
d720b93d
FB		 1191 }
1192#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1193 /* we need to do that to handle the case where a signal
1194 occurs while doing tb_phys_invalidate() */
1195 saved_tb = NULL;
1196 if (env) {
1197 saved_tb = env->current_tb;
1198 env->current_tb = NULL;
1199 }
9fa3e853 1200 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1201 if (env) {
1202 env->current_tb = saved_tb;
44209fc4 1203 if (env->interrupt_request && env->current_tb) {
6f5a9f7e 1204 cpu_interrupt(env, env->interrupt_request);
44209fc4 1205 }
6f5a9f7e 1206 }
9fa3e853
FB		 1207 }
1208 tb = tb_next;
1209 }
1210#if !defined(CONFIG_USER_ONLY)
1211 /* if no code remaining, no need to continue to use slow writes */
1212 if (!p->first_tb) {
1213 invalidate_page_bitmap(p);
d720b93d 1214 if (is_cpu_write_access) {
2e70f6ef 1215 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1216 }
1217 }
1218#endif
1219#ifdef TARGET_HAS_PRECISE_SMC
1220 if (current_tb_modified) {
1221 /* we generate a block containing just the instruction
1222 modifying the memory. It will ensure that it cannot modify
1223 itself */
ea1c1802 1224 env->current_tb = NULL;
2e70f6ef 1225 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1226 cpu_resume_from_signal(env, NULL);
9fa3e853 1227 }
fd6ce8f6 1228#endif
9fa3e853 1229}
fd6ce8f6 1230
9fa3e853 1231/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1232static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1233{
1234 PageDesc *p;
1235 int offset, b;
44209fc4 1236
59817ccb 1237#if 0
a4193c8a 1238 if (1) {
93fcfe39
AL		 1239 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1240 cpu_single_env->mem_io_vaddr, len,
1241 cpu_single_env->eip,
8efe0ca8
SW		 1242 cpu_single_env->eip +
1243 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1244 }
1245#endif
9fa3e853 1246 p = page_find(start >> TARGET_PAGE_BITS);
44209fc4 1247 if (!p) {
9fa3e853 1248 return;
44209fc4 1249 }
9fa3e853
FB		 1250 if (p->code_bitmap) {
1251 offset = start & ~TARGET_PAGE_MASK;
1252 b = p->code_bitmap[offset >> 3] >> (offset & 7);
44209fc4 1253 if (b & ((1 << len) - 1)) {
9fa3e853 1254 goto do_invalidate;
44209fc4 1255 }
9fa3e853
FB		 1256 } else {
1257 do_invalidate:
d720b93d 1258 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1259 }
1260}
1261
9fa3e853 1262#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1263static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1264 uintptr_t pc, void *puc)
9fa3e853 1265{
6b917547 1266 TranslationBlock *tb;
9fa3e853 1267 PageDesc *p;
6b917547 1268 int n;
d720b93d 1269#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1270 TranslationBlock *current_tb = NULL;
9349b4f9 1271 CPUArchState *env = cpu_single_env;
6b917547
AL		 1272 int current_tb_modified = 0;
1273 target_ulong current_pc = 0;
1274 target_ulong current_cs_base = 0;
1275 int current_flags = 0;
d720b93d 1276#endif
9fa3e853
FB		 1277
1278 addr &= TARGET_PAGE_MASK;
1279 p = page_find(addr >> TARGET_PAGE_BITS);
44209fc4 1280 if (!p) {
9fa3e853 1281 return;
44209fc4 1282 }
9fa3e853 1283 tb = p->first_tb;
d720b93d
FB		 1284#ifdef TARGET_HAS_PRECISE_SMC
1285 if (tb && pc != 0) {
1286 current_tb = tb_find_pc(pc);
1287 }
1288#endif
9fa3e853 1289 while (tb != NULL) {
8efe0ca8
SW		 1290 n = (uintptr_t)tb & 3;
1291 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1292#ifdef TARGET_HAS_PRECISE_SMC
1293 if (current_tb == tb &&
2e70f6ef 1294 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1295 /* If we are modifying the current TB, we must stop
1296 its execution. We could be more precise by checking
1297 that the modification is after the current PC, but it
1298 would require a specialized function to partially
1299 restore the CPU state */
3b46e624 1300
d720b93d 1301 current_tb_modified = 1;
618ba8e6 1302 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1303 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1304 &current_flags);
d720b93d
FB		 1305 }
1306#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1307 tb_phys_invalidate(tb, addr);
1308 tb = tb->page_next[n];
1309 }
fd6ce8f6 1310 p->first_tb = NULL;
d720b93d
FB		 1311#ifdef TARGET_HAS_PRECISE_SMC
1312 if (current_tb_modified) {
1313 /* we generate a block containing just the instruction
1314 modifying the memory. It will ensure that it cannot modify
1315 itself */
ea1c1802 1316 env->current_tb = NULL;
2e70f6ef 1317 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1318 cpu_resume_from_signal(env, puc);
1319 }
1320#endif
fd6ce8f6 1321}
9fa3e853 1322#endif
fd6ce8f6
FB		 1323
1324/* add the tb in the target page and protect it if necessary */
5fafdf24 1325static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1326 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1327{
1328 PageDesc *p;
4429ab44
JQ		 1329#ifndef CONFIG_USER_ONLY
1330 bool page_already_protected;
1331#endif
9fa3e853
FB		 1332
1333 tb->page_addr[n] = page_addr;
5cd2c5b6 1334 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1335 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1336#ifndef CONFIG_USER_ONLY
1337 page_already_protected = p->first_tb != NULL;
1338#endif
8efe0ca8 1339 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1340 invalidate_page_bitmap(p);
fd6ce8f6 1341
107db443 1342#if defined(TARGET_HAS_SMC) || 1
d720b93d 1343
9fa3e853 1344#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1345 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1346 target_ulong addr;
1347 PageDesc *p2;
9fa3e853
FB		 1348 int prot;
1349
fd6ce8f6
FB		 1350 /* force the host page as non writable (writes will have a
1351 page fault + mprotect overhead) */
53a5960a 1352 page_addr &= qemu_host_page_mask;
fd6ce8f6 1353 prot = 0;
44209fc4 1354 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
53a5960a
PB		 1355 addr += TARGET_PAGE_SIZE) {
1356
44209fc4
BS		 1357 p2 = page_find(addr >> TARGET_PAGE_BITS);
1358 if (!p2) {
53a5960a 1359 continue;
44209fc4 1360 }
53a5960a
PB		 1361 prot |= p2->flags;
1362 p2->flags &= ~PAGE_WRITE;
53a5960a 1363 }
5fafdf24 1364 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1365 (prot & PAGE_BITS) & ~PAGE_WRITE);
1366#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1367 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1368 page_addr);
fd6ce8f6 1369#endif
fd6ce8f6 1370 }
9fa3e853
FB		 1371#else
1372 /* if some code is already present, then the pages are already
1373 protected. So we handle the case where only the first TB is
1374 allocated in a physical page */
4429ab44 1375 if (!page_already_protected) {
6a00d601 1376 tlb_protect_code(page_addr);
9fa3e853
FB		 1377 }
1378#endif
d720b93d
FB		 1379
1380#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1381}
1382
9fa3e853
FB		 1383/* add a new TB and link it to the physical page tables. phys_page2 is
1384 (-1) to indicate that only one page contains the TB. */
8b9c99d9
BS		 1385static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1386 tb_page_addr_t phys_page2)
d4e8164f 1387{
9fa3e853
FB		 1388 unsigned int h;
1389 TranslationBlock **ptb;
1390
c8a706fe
PB		 1391 /* Grab the mmap lock to stop another thread invalidating this TB
1392 before we are done. */
1393 mmap_lock();
9fa3e853
FB		 1394 /* add in the physical hash table */
1395 h = tb_phys_hash_func(phys_pc);
1396 ptb = &tb_phys_hash[h];
1397 tb->phys_hash_next = *ptb;
1398 *ptb = tb;
fd6ce8f6
FB		 1399
1400 /* add in the page list */
9fa3e853 1401 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
44209fc4 1402 if (phys_page2 != -1) {
9fa3e853 1403 tb_alloc_page(tb, 1, phys_page2);
44209fc4 1404 } else {
9fa3e853 1405 tb->page_addr[1] = -1;
44209fc4 1406 }
9fa3e853 1407
8efe0ca8 1408 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1409 tb->jmp_next[0] = NULL;
1410 tb->jmp_next[1] = NULL;
1411
1412 /* init original jump addresses */
44209fc4 1413 if (tb->tb_next_offset[0] != 0xffff) {
d4e8164f 1414 tb_reset_jump(tb, 0);
44209fc4
BS		 1415 }
1416 if (tb->tb_next_offset[1] != 0xffff) {
d4e8164f 1417 tb_reset_jump(tb, 1);
44209fc4 1418 }
8a40a180
FB		 1419
1420#ifdef DEBUG_TB_CHECK
1421 tb_page_check();
1422#endif
c8a706fe 1423 mmap_unlock();
fd6ce8f6
FB		 1424}
1425
fdbb84d1
YL		 1426#if defined(CONFIG_QEMU_LDST_OPTIMIZATION) && defined(CONFIG_SOFTMMU)
1427/* check whether the given addr is in TCG generated code buffer or not */
1428bool is_tcg_gen_code(uintptr_t tc_ptr)
1429{
1430 /* This can be called during code generation, code_gen_buffer_max_size
1431 is used instead of code_gen_ptr for upper boundary checking */
1432 return (tc_ptr >= (uintptr_t)code_gen_buffer &&
1433 tc_ptr < (uintptr_t)(code_gen_buffer + code_gen_buffer_max_size));
1434}
1435#endif
1436
9fa3e853
FB		 1437/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1438 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1439TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1440{
9fa3e853 1441 int m_min, m_max, m;
8efe0ca8 1442 uintptr_t v;
9fa3e853 1443 TranslationBlock *tb;
a513fe19 1444
44209fc4 1445 if (nb_tbs <= 0) {
a513fe19 1446 return NULL;
44209fc4 1447 }
8efe0ca8
SW		 1448 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1449 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1450 return NULL;
8efe0ca8 1451 }
a513fe19
FB		 1452 /* binary search (cf Knuth) */
1453 m_min = 0;
1454 m_max = nb_tbs - 1;
1455 while (m_min <= m_max) {
1456 m = (m_min + m_max) >> 1;
1457 tb = &tbs[m];
8efe0ca8 1458 v = (uintptr_t)tb->tc_ptr;
44209fc4 1459 if (v == tc_ptr) {
a513fe19 1460 return tb;
44209fc4 1461 } else if (tc_ptr < v) {
a513fe19
FB		 1462 m_max = m - 1;
1463 } else {
1464 m_min = m + 1;
1465 }
5fafdf24 1466 }
a513fe19
FB		 1467 return &tbs[m_max];
1468}
7501267e 1469
ea041c0e
FB		 1470static void tb_reset_jump_recursive(TranslationBlock *tb);
1471
1472static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1473{
1474 TranslationBlock *tb1, *tb_next, **ptb;
1475 unsigned int n1;
1476
1477 tb1 = tb->jmp_next[n];
1478 if (tb1 != NULL) {
1479 /* find head of list */
44209fc4 1480 for (;;) {
8efe0ca8
SW		 1481 n1 = (uintptr_t)tb1 & 3;
1482 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
44209fc4 1483 if (n1 == 2) {
ea041c0e 1484 break;
44209fc4 1485 }
ea041c0e
FB		 1486 tb1 = tb1->jmp_next[n1];
1487 }
1488 /* we are now sure now that tb jumps to tb1 */
1489 tb_next = tb1;
1490
1491 /* remove tb from the jmp_first list */
1492 ptb = &tb_next->jmp_first;
44209fc4 1493 for (;;) {
ea041c0e 1494 tb1 = *ptb;
8efe0ca8
SW		 1495 n1 = (uintptr_t)tb1 & 3;
1496 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
44209fc4 1497 if (n1 == n && tb1 == tb) {
ea041c0e 1498 break;
44209fc4 1499 }
ea041c0e
FB		 1500 ptb = &tb1->jmp_next[n1];
1501 }
1502 *ptb = tb->jmp_next[n];
1503 tb->jmp_next[n] = NULL;
3b46e624 1504
ea041c0e
FB		 1505 /* suppress the jump to next tb in generated code */
1506 tb_reset_jump(tb, n);
1507
0124311e 1508 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1509 tb_reset_jump_recursive(tb_next);
1510 }
1511}
1512
1513static void tb_reset_jump_recursive(TranslationBlock *tb)
1514{
1515 tb_reset_jump_recursive2(tb, 0);
1516 tb_reset_jump_recursive2(tb, 1);
1517}
1518
1fddef4b 1519#if defined(TARGET_HAS_ICE)
94df27fd 1520#if defined(CONFIG_USER_ONLY)
9349b4f9 1521static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1522{
1523 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1524}
1525#else
a8170e5e 1526void tb_invalidate_phys_addr(hwaddr addr)
d720b93d 1527{
c227f099 1528 ram_addr_t ram_addr;
f3705d53 1529 MemoryRegionSection *section;
d720b93d 1530
44209fc4
BS		 1531 section = phys_page_find(address_space_memory.dispatch,
1532 addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1533 if (!(memory_region_is_ram(section->mr)
1534 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1535 return;
1536 }
f3705d53 1537 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1538 + memory_region_section_addr(section, addr);
706cd4b5 1539 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1540}
1e7855a5
MF		 1541
1542static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1543{
9d70c4b7
MF		 1544 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1545 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1546}
c27004ec 1547#endif
94df27fd 1548#endif /* TARGET_HAS_ICE */
d720b93d 1549
c527ee8f 1550#if defined(CONFIG_USER_ONLY)
9349b4f9 1551void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1552
1553{
1554}
1555
9349b4f9 1556int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1557 int flags, CPUWatchpoint **watchpoint)
1558{
1559 return -ENOSYS;
1560}
1561#else
6658ffb8 1562/* Add a watchpoint. */
9349b4f9 1563int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1564 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1565{
b4051334 1566 target_ulong len_mask = ~(len - 1);
c0ce998e 1567 CPUWatchpoint *wp;
6658ffb8 1568
b4051334 1569 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1570 if ((len & (len - 1)) || (addr & ~len_mask) ||
1571 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1572 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1573 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1574 return -EINVAL;
1575 }
7267c094 1576 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1577
1578 wp->vaddr = addr;
b4051334 1579 wp->len_mask = len_mask;
a1d1bb31
AL		 1580 wp->flags = flags;
1581
2dc9f411 1582 /* keep all GDB-injected watchpoints in front */
c0ce998e 1583 if (flags & BP_GDB)
72cf2d4f 1584 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1585 else
72cf2d4f 1586 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1587
6658ffb8 1588 tlb_flush_page(env, addr);
a1d1bb31
AL		 1589
1590 if (watchpoint)
1591 *watchpoint = wp;
1592 return 0;
6658ffb8
PB		 1593}
1594
a1d1bb31 1595/* Remove a specific watchpoint. */
9349b4f9 1596int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1597 int flags)
6658ffb8 1598{
b4051334 1599 target_ulong len_mask = ~(len - 1);
a1d1bb31 1600 CPUWatchpoint *wp;
6658ffb8 1601
72cf2d4f 1602 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1603 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1604 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1605 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1606 return 0;
1607 }
1608 }
a1d1bb31 1609 return -ENOENT;
6658ffb8
PB		 1610}
1611
a1d1bb31 1612/* Remove a specific watchpoint by reference. */
9349b4f9 1613void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1614{
72cf2d4f 1615 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1616
a1d1bb31
AL		 1617 tlb_flush_page(env, watchpoint->vaddr);
1618
7267c094 1619 g_free(watchpoint);
a1d1bb31
AL		 1620}
1621
1622/* Remove all matching watchpoints. */
9349b4f9 1623void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1624{
c0ce998e 1625 CPUWatchpoint *wp, *next;
a1d1bb31 1626
72cf2d4f 1627 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1628 if (wp->flags & mask)
1629 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1630 }
7d03f82f 1631}
c527ee8f 1632#endif
7d03f82f 1633
a1d1bb31 1634/* Add a breakpoint. */
9349b4f9 1635int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1636 CPUBreakpoint **breakpoint)
4c3a88a2 1637{
1fddef4b 1638#if defined(TARGET_HAS_ICE)
c0ce998e 1639 CPUBreakpoint *bp;
3b46e624 1640
7267c094 1641 bp = g_malloc(sizeof(*bp));
4c3a88a2 1642
a1d1bb31
AL		 1643 bp->pc = pc;
1644 bp->flags = flags;
1645
2dc9f411 1646 /* keep all GDB-injected breakpoints in front */
c0ce998e 1647 if (flags & BP_GDB)
72cf2d4f 1648 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1649 else
72cf2d4f 1650 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1651
d720b93d 1652 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1653
1654 if (breakpoint)
1655 *breakpoint = bp;
4c3a88a2
FB		 1656 return 0;
1657#else
a1d1bb31 1658 return -ENOSYS;
4c3a88a2
FB		 1659#endif
1660}
1661
a1d1bb31 1662/* Remove a specific breakpoint. */
9349b4f9 1663int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1664{
7d03f82f 1665#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1666 CPUBreakpoint *bp;
1667
72cf2d4f 1668 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1669 if (bp->pc == pc && bp->flags == flags) {
1670 cpu_breakpoint_remove_by_ref(env, bp);
1671 return 0;
1672 }
7d03f82f 1673 }
a1d1bb31
AL		 1674 return -ENOENT;
1675#else
1676 return -ENOSYS;
7d03f82f
EI		 1677#endif
1678}
1679
a1d1bb31 1680/* Remove a specific breakpoint by reference. */
9349b4f9 1681void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1682{
1fddef4b 1683#if defined(TARGET_HAS_ICE)
72cf2d4f 1684 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1685
a1d1bb31
AL		 1686 breakpoint_invalidate(env, breakpoint->pc);
1687
7267c094 1688 g_free(breakpoint);
a1d1bb31
AL		 1689#endif
1690}
1691
1692/* Remove all matching breakpoints. */
9349b4f9 1693void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1694{
1695#if defined(TARGET_HAS_ICE)
c0ce998e 1696 CPUBreakpoint *bp, *next;
a1d1bb31 1697
72cf2d4f 1698 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1699 if (bp->flags & mask)
1700 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1701 }
4c3a88a2
FB		 1702#endif
1703}
1704
c33a346e
FB		 1705/* enable or disable single step mode. EXCP_DEBUG is returned by the
1706 CPU loop after each instruction */
9349b4f9 1707void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1708{
1fddef4b 1709#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1710 if (env->singlestep_enabled != enabled) {
1711 env->singlestep_enabled = enabled;
e22a25c9
AL		 1712 if (kvm_enabled())
1713 kvm_update_guest_debug(env, 0);
1714 else {
ccbb4d44 1715 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1716 /* XXX: only flush what is necessary */
1717 tb_flush(env);
1718 }
c33a346e
FB		 1719 }
1720#endif
1721}
1722
9349b4f9 1723static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1724{
3098dba0
AJ		 1725 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1726 problem and hope the cpu will stop of its own accord. For userspace
1727 emulation this often isn't actually as bad as it sounds. Often
1728 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1729 TranslationBlock *tb;
c227f099 1730 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1731
cab1b4bd 1732 spin_lock(&interrupt_lock);
3098dba0
AJ		 1733 tb = env->current_tb;
1734 /* if the cpu is currently executing code, we must unlink it and
1735 all the potentially executing TB */
f76cfe56 1736 if (tb) {
3098dba0
AJ		 1737 env->current_tb = NULL;
1738 tb_reset_jump_recursive(tb);
be214e6c 1739 }
cab1b4bd 1740 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1741}
1742
97ffbd8d 1743#ifndef CONFIG_USER_ONLY
3098dba0 1744/* mask must never be zero, except for A20 change call */
9349b4f9 1745static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0 1746{
60e82579 1747 CPUState *cpu = ENV_GET_CPU(env);
3098dba0 1748 int old_mask;
be214e6c 1749
2e70f6ef 1750 old_mask = env->interrupt_request;
68a79315 1751 env->interrupt_request |= mask;
3098dba0 1752
8edac960
AL		 1753 /*
1754 * If called from iothread context, wake the target cpu in
1755 * case its halted.
1756 */
60e82579 1757 if (!qemu_cpu_is_self(cpu)) {
c08d7424 1758 qemu_cpu_kick(cpu);
8edac960
AL		 1759 return;
1760 }
8edac960 1761
2e70f6ef 1762 if (use_icount) {
266910c4 1763 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1764 if (!can_do_io(env)
be214e6c 1765 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1766 cpu_abort(env, "Raised interrupt while not in I/O function");
1767 }
2e70f6ef 1768 } else {
3098dba0 1769 cpu_unlink_tb(env);
ea041c0e
FB		 1770 }
1771}
1772
ec6959d0
JK		 1773CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1774
97ffbd8d
JK		 1775#else /* CONFIG_USER_ONLY */
1776
9349b4f9 1777void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1778{
1779 env->interrupt_request |= mask;
1780 cpu_unlink_tb(env);
1781}
1782#endif /* CONFIG_USER_ONLY */
1783
9349b4f9 1784void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1785{
1786 env->interrupt_request &= ~mask;
1787}
1788
9349b4f9 1789void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1790{
1791 env->exit_request = 1;
1792 cpu_unlink_tb(env);
1793}
1794
9349b4f9 1795void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1796{
1797 va_list ap;
493ae1f0 1798 va_list ap2;
7501267e
FB		 1799
1800 va_start(ap, fmt);
493ae1f0 1801 va_copy(ap2, ap);
7501267e
FB		 1802 fprintf(stderr, "qemu: fatal: ");
1803 vfprintf(stderr, fmt, ap);
1804 fprintf(stderr, "\n");
6fd2a026 1805 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1806 if (qemu_log_enabled()) {
1807 qemu_log("qemu: fatal: ");
1808 qemu_log_vprintf(fmt, ap2);
1809 qemu_log("\n");
6fd2a026 1810 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1811 qemu_log_flush();
93fcfe39 1812 qemu_log_close();
924edcae 1813 }
493ae1f0 1814 va_end(ap2);
f9373291 1815 va_end(ap);
fd052bf6
RV		 1816#if defined(CONFIG_USER_ONLY)
1817 {
1818 struct sigaction act;
1819 sigfillset(&act.sa_mask);
1820 act.sa_handler = SIG_DFL;
1821 sigaction(SIGABRT, &act, NULL);
1822 }
1823#endif
7501267e
FB		 1824 abort();
1825}
1826
9349b4f9 1827CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1828{
9349b4f9
AF		 1829 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1830 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1831 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1832#if defined(TARGET_HAS_ICE)
1833 CPUBreakpoint *bp;
1834 CPUWatchpoint *wp;
1835#endif
1836
9349b4f9 1837 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1838
1839 /* Preserve chaining and index. */
c5be9f08
TS		 1840 new_env->next_cpu = next_cpu;
1841 new_env->cpu_index = cpu_index;
5a38f081
AL		 1842
1843 /* Clone all break/watchpoints.
1844 Note: Once we support ptrace with hw-debug register access, make sure
1845 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1846 QTAILQ_INIT(&env->breakpoints);
1847 QTAILQ_INIT(&env->watchpoints);
5a38f081 1848#if defined(TARGET_HAS_ICE)
72cf2d4f 1849 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1850 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1851 }
72cf2d4f 1852 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1853 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1854 wp->flags, NULL);
1855 }
1856#endif
1857
c5be9f08
TS		 1858 return new_env;
1859}
1860
0124311e 1861#if !defined(CONFIG_USER_ONLY)
0cac1b66 1862void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1863{
1864 unsigned int i;
1865
1866 /* Discard jump cache entries for any tb which might potentially
1867 overlap the flushed page. */
1868 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1869 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1870 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1871
1872 i = tb_jmp_cache_hash_page(addr);
1873 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1874 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1875}
1876
d24981d3
JQ		 1877static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1878 uintptr_t length)
1879{
1880 uintptr_t start1;
1881
1882 /* we modify the TLB cache so that the dirty bit will be set again
1883 when accessing the range */
1884 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1885 /* Check that we don't span multiple blocks - this breaks the
1886 address comparisons below. */
1887 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1888 != (end - 1) - start) {
1889 abort();
1890 }
1891 cpu_tlb_reset_dirty_all(start1, length);
1892
1893}
1894
5579c7f3 1895/* Note: start and end must be within the same ram block. */
c227f099 1896void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1897 int dirty_flags)
1ccde1cb 1898{
d24981d3 1899 uintptr_t length;
1ccde1cb
FB		 1900
1901 start &= TARGET_PAGE_MASK;
1902 end = TARGET_PAGE_ALIGN(end);
1903
1904 length = end - start;
1905 if (length == 0)
1906 return;
f7c11b53 1907 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1908
d24981d3
JQ		 1909 if (tcg_enabled()) {
1910 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1911 }
1ccde1cb
FB		 1912}
1913
8b9c99d9 1914static int cpu_physical_memory_set_dirty_tracking(int enable)
74576198 1915{
f6f3fbca 1916 int ret = 0;
74576198 1917 in_migration = enable;
f6f3fbca 1918 return ret;
74576198
AL		 1919}
1920
a8170e5e 1921hwaddr memory_region_section_get_iotlb(CPUArchState *env,
e5548617
BS		 1922 MemoryRegionSection *section,
1923 target_ulong vaddr,
a8170e5e 1924 hwaddr paddr,
e5548617
BS		 1925 int prot,
1926 target_ulong *address)
1927{
a8170e5e 1928 hwaddr iotlb;
e5548617
BS		 1929 CPUWatchpoint *wp;
1930
cc5bea60 1931 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1932 /* Normal RAM. */
1933 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1934 + memory_region_section_addr(section, paddr);
e5548617
BS		 1935 if (!section->readonly) {
1936 iotlb |= phys_section_notdirty;
1937 } else {
1938 iotlb |= phys_section_rom;
1939 }
1940 } else {
1941 /* IO handlers are currently passed a physical address.
1942 It would be nice to pass an offset from the base address
1943 of that region. This would avoid having to special case RAM,
1944 and avoid full address decoding in every device.
1945 We can't use the high bits of pd for this because
1946 IO_MEM_ROMD uses these as a ram address. */
1947 iotlb = section - phys_sections;
cc5bea60 1948 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1949 }
1950
1951 /* Make accesses to pages with watchpoints go via the
1952 watchpoint trap routines. */
1953 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1954 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1955 /* Avoid trapping reads of pages with a write breakpoint. */
1956 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1957 iotlb = phys_section_watch + paddr;
1958 *address |= TLB_MMIO;
1959 break;
1960 }
1961 }
1962 }
1963
1964 return iotlb;
1965}
1966
0124311e 1967#else
edf8e2af
MW		 1968/*
1969 * Walks guest process memory "regions" one by one
1970 * and calls callback function 'fn' for each region.
1971 */
44209fc4 1972struct walk_memory_regions_data {
5cd2c5b6
RH		 1973 walk_memory_regions_fn fn;
1974 void *priv;
8efe0ca8 1975 uintptr_t start;
5cd2c5b6
RH		 1976 int prot;
1977};
1978
1979static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1980 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1981{
1982 if (data->start != -1ul) {
1983 int rc = data->fn(data->priv, data->start, end, data->prot);
1984 if (rc != 0) {
1985 return rc;
1986 }
1987 }
1988
1989 data->start = (new_prot ? end : -1ul);
1990 data->prot = new_prot;
1991
1992 return 0;
1993}
1994
1995static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1996 abi_ulong base, int level, void **lp)
5cd2c5b6 1997{
b480d9b7 1998 abi_ulong pa;
5cd2c5b6
RH		 1999 int i, rc;
2000
2001 if (*lp == NULL) {
2002 return walk_memory_regions_end(data, base, 0);
2003 }
2004
2005 if (level == 0) {
2006 PageDesc *pd = *lp;
44209fc4 2007
7296abac 2008 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2009 int prot = pd[i].flags;
2010
2011 pa = base | (i << TARGET_PAGE_BITS);
2012 if (prot != data->prot) {
2013 rc = walk_memory_regions_end(data, pa, prot);
2014 if (rc != 0) {
2015 return rc;
9fa3e853 2016 }
9fa3e853 2017 }
5cd2c5b6
RH		 2018 }
2019 } else {
2020 void **pp = *lp;
44209fc4 2021
7296abac 2022 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2023 pa = base | ((abi_ulong)i <<
2024 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2025 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2026 if (rc != 0) {
2027 return rc;
2028 }
2029 }
2030 }
2031
2032 return 0;
2033}
2034
2035int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2036{
2037 struct walk_memory_regions_data data;
8efe0ca8 2038 uintptr_t i;
5cd2c5b6
RH		 2039
2040 data.fn = fn;
2041 data.priv = priv;
2042 data.start = -1ul;
2043 data.prot = 0;
2044
2045 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2046 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6 2047 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
44209fc4 2048
5cd2c5b6
RH		 2049 if (rc != 0) {
2050 return rc;
9fa3e853 2051 }
33417e70 2052 }
5cd2c5b6
RH		 2053
2054 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2055}
2056
b480d9b7
PB		 2057static int dump_region(void *priv, abi_ulong start,
2058 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2059{
2060 FILE *f = (FILE *)priv;
2061
b480d9b7
PB		 2062 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2063 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2064 start, end, end - start,
2065 ((prot & PAGE_READ) ? 'r' : '-'),
2066 ((prot & PAGE_WRITE) ? 'w' : '-'),
2067 ((prot & PAGE_EXEC) ? 'x' : '-'));
2068
44209fc4 2069 return 0;
edf8e2af
MW		 2070}
2071
2072/* dump memory mappings */
2073void page_dump(FILE *f)
2074{
2075 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2076 "start", "end", "size", "prot");
2077 walk_memory_regions(f, dump_region);
33417e70
FB		 2078}
2079
53a5960a 2080int page_get_flags(target_ulong address)
33417e70 2081{
9fa3e853
FB		 2082 PageDesc *p;
2083
2084 p = page_find(address >> TARGET_PAGE_BITS);
44209fc4 2085 if (!p) {
9fa3e853 2086 return 0;
44209fc4 2087 }
9fa3e853
FB		 2088 return p->flags;
2089}
2090
376a7909
RH		 2091/* Modify the flags of a page and invalidate the code if necessary.
2092 The flag PAGE_WRITE_ORG is positioned automatically depending
2093 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2094void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2095{
376a7909
RH		 2096 target_ulong addr, len;
2097
2098 /* This function should never be called with addresses outside the
2099 guest address space. If this assert fires, it probably indicates
2100 a missing call to h2g_valid. */
b480d9b7
PB		 2101#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2102 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2103#endif
2104 assert(start < end);
9fa3e853
FB		 2105
2106 start = start & TARGET_PAGE_MASK;
2107 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2108
2109 if (flags & PAGE_WRITE) {
9fa3e853 2110 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2111 }
2112
2113 for (addr = start, len = end - start;
2114 len != 0;
2115 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2116 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2117
2118 /* If the write protection bit is set, then we invalidate
2119 the code inside. */
5fafdf24 2120 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2121 (flags & PAGE_WRITE) &&
2122 p->first_tb) {
d720b93d 2123 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2124 }
2125 p->flags = flags;
2126 }
33417e70
FB		 2127}
2128
3d97b40b
TS		 2129int page_check_range(target_ulong start, target_ulong len, int flags)
2130{
2131 PageDesc *p;
2132 target_ulong end;
2133 target_ulong addr;
2134
376a7909
RH		 2135 /* This function should never be called with addresses outside the
2136 guest address space. If this assert fires, it probably indicates
2137 a missing call to h2g_valid. */
338e9e6c
BS		 2138#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2139 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2140#endif
2141
3e0650a9
RH		 2142 if (len == 0) {
2143 return 0;
2144 }
376a7909
RH		 2145 if (start + len - 1 < start) {
2146 /* We've wrapped around. */
55f280c9 2147 return -1;
376a7909 2148 }
55f280c9 2149
44209fc4
BS		 2150 /* must do before we loose bits in the next step */
2151 end = TARGET_PAGE_ALIGN(start + len);
3d97b40b
TS		 2152 start = start & TARGET_PAGE_MASK;
2153
376a7909
RH		 2154 for (addr = start, len = end - start;
2155 len != 0;
2156 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b 2157 p = page_find(addr >> TARGET_PAGE_BITS);
44209fc4 2158 if (!p) {
3d97b40b 2159 return -1;
44209fc4
BS		 2160 }
2161 if (!(p->flags & PAGE_VALID)) {
3d97b40b 2162 return -1;
44209fc4 2163 }
3d97b40b 2164
44209fc4 2165 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
3d97b40b 2166 return -1;
44209fc4 2167 }
dae3270c 2168 if (flags & PAGE_WRITE) {
44209fc4 2169 if (!(p->flags & PAGE_WRITE_ORG)) {
dae3270c 2170 return -1;
44209fc4 2171 }
dae3270c
FB		 2172 /* unprotect the page if it was put read-only because it
2173 contains translated code */
2174 if (!(p->flags & PAGE_WRITE)) {
44209fc4 2175 if (!page_unprotect(addr, 0, NULL)) {
dae3270c 2176 return -1;
44209fc4 2177 }
dae3270c
FB		 2178 }
2179 return 0;
2180 }
3d97b40b
TS		 2181 }
2182 return 0;
2183}
2184
9fa3e853 2185/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2186 page. Return TRUE if the fault was successfully handled. */
6375e09e 2187int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2188{
45d679d6
AJ		 2189 unsigned int prot;
2190 PageDesc *p;
53a5960a 2191 target_ulong host_start, host_end, addr;
9fa3e853 2192
c8a706fe
PB		 2193 /* Technically this isn't safe inside a signal handler. However we
2194 know this only ever happens in a synchronous SEGV handler, so in
2195 practice it seems to be ok. */
2196 mmap_lock();
2197
45d679d6
AJ		 2198 p = page_find(address >> TARGET_PAGE_BITS);
2199 if (!p) {
c8a706fe 2200 mmap_unlock();
9fa3e853 2201 return 0;
c8a706fe 2202 }
45d679d6 2203
9fa3e853
FB		 2204 /* if the page was really writable, then we change its
2205 protection back to writable */
45d679d6
AJ		 2206 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2207 host_start = address & qemu_host_page_mask;
2208 host_end = host_start + qemu_host_page_size;
2209
2210 prot = 0;
2211 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2212 p = page_find(addr >> TARGET_PAGE_BITS);
2213 p->flags |= PAGE_WRITE;
2214 prot |= p->flags;
2215
9fa3e853
FB		 2216 /* and since the content will be modified, we must invalidate
2217 the corresponding translated code. */
45d679d6 2218 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2219#ifdef DEBUG_TB_CHECK
45d679d6 2220 tb_invalidate_check(addr);
9fa3e853 2221#endif
9fa3e853 2222 }
45d679d6
AJ		 2223 mprotect((void *)g2h(host_start), qemu_host_page_size,
2224 prot & PAGE_BITS);
2225
2226 mmap_unlock();
2227 return 1;
9fa3e853 2228 }
c8a706fe 2229 mmap_unlock();
9fa3e853
FB		 2230 return 0;
2231}
9fa3e853
FB		 2232#endif /* defined(CONFIG_USER_ONLY) */
2233
e2eef170 2234#if !defined(CONFIG_USER_ONLY)
8da3ff18 2235
c04b2b78
PB		 2236#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2237typedef struct subpage_t {
70c68e44 2238 MemoryRegion iomem;
a8170e5e 2239 hwaddr base;
5312bd8b 2240 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2241} subpage_t;
2242
c227f099 2243static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2244 uint16_t section);
a8170e5e 2245static subpage_t *subpage_init(hwaddr base);
5312bd8b 2246static void destroy_page_desc(uint16_t section_index)
54688b1e 2247{
5312bd8b
AK		 2248 MemoryRegionSection *section = &phys_sections[section_index];
2249 MemoryRegion *mr = section->mr;
54688b1e
AK		 2250
2251 if (mr->subpage) {
2252 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2253 memory_region_destroy(&subpage->iomem);
2254 g_free(subpage);
2255 }
2256}
2257
4346ae3e 2258static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2259{
2260 unsigned i;
d6f2ea22 2261 PhysPageEntry *p;
54688b1e 2262
c19e8800 2263 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2264 return;
2265 }
2266
c19e8800 2267 p = phys_map_nodes[lp->ptr];
4346ae3e 2268 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2269 if (!p[i].is_leaf) {
54688b1e 2270 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2271 } else {
c19e8800 2272 destroy_page_desc(p[i].ptr);
54688b1e 2273 }
54688b1e 2274 }
07f07b31 2275 lp->is_leaf = 0;
c19e8800 2276 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2277}
2278
ac1970fb 2279static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 2280{
ac1970fb 2281 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 2282 phys_map_nodes_reset();
54688b1e
AK		 2283}
2284
5312bd8b
AK		 2285static uint16_t phys_section_add(MemoryRegionSection *section)
2286{
2287 if (phys_sections_nb == phys_sections_nb_alloc) {
2288 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2289 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2290 phys_sections_nb_alloc);
2291 }
2292 phys_sections[phys_sections_nb] = *section;
2293 return phys_sections_nb++;
2294}
2295
2296static void phys_sections_clear(void)
2297{
2298 phys_sections_nb = 0;
2299}
2300
ac1970fb 2301static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 2302{
2303 subpage_t *subpage;
a8170e5e 2304 hwaddr base = section->offset_within_address_space
0f0cb164 2305 & TARGET_PAGE_MASK;
ac1970fb 2306 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2307 MemoryRegionSection subsection = {
2308 .offset_within_address_space = base,
2309 .size = TARGET_PAGE_SIZE,
2310 };
a8170e5e 2311 hwaddr start, end;
0f0cb164 2312
f3705d53 2313 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2314
f3705d53 2315 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2316 subpage = subpage_init(base);
2317 subsection.mr = &subpage->iomem;
ac1970fb 2318 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 2319 phys_section_add(&subsection));
0f0cb164 2320 } else {
f3705d53 2321 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2322 }
2323 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2324 end = start + section->size - 1;
0f0cb164
AK		 2325 subpage_register(subpage, start, end, phys_section_add(section));
2326}
2327
2328
ac1970fb 2329static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 2330{
a8170e5e 2331 hwaddr start_addr = section->offset_within_address_space;
dd81124b 2332 ram_addr_t size = section->size;
a8170e5e 2333 hwaddr addr;
5312bd8b 2334 uint16_t section_index = phys_section_add(section);
dd81124b 2335
3b8e6a2d 2336 assert(size);
f6f3fbca 2337
3b8e6a2d 2338 addr = start_addr;
ac1970fb 2339 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 2340 section_index);
33417e70
FB		 2341}
2342
ac1970fb 2343static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 2344{
ac1970fb 2345 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
0f0cb164
AK		 2346 MemoryRegionSection now = *section, remain = *section;
2347
2348 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2349 || (now.size < TARGET_PAGE_SIZE)) {
2350 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2351 - now.offset_within_address_space,
2352 now.size);
ac1970fb 2353 register_subpage(d, &now);
0f0cb164
AK		 2354 remain.size -= now.size;
2355 remain.offset_within_address_space += now.size;
2356 remain.offset_within_region += now.size;
2357 }
69b67646
TH		 2358 while (remain.size >= TARGET_PAGE_SIZE) {
2359 now = remain;
2360 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2361 now.size = TARGET_PAGE_SIZE;
ac1970fb 2362 register_subpage(d, &now);
69b67646
TH		 2363 } else {
2364 now.size &= TARGET_PAGE_MASK;
ac1970fb 2365 register_multipage(d, &now);
69b67646 2366 }
0f0cb164
AK		 2367 remain.size -= now.size;
2368 remain.offset_within_address_space += now.size;
2369 remain.offset_within_region += now.size;
2370 }
2371 now = remain;
2372 if (now.size) {
ac1970fb 2373 register_subpage(d, &now);
0f0cb164
AK		 2374 }
2375}
2376
62a2744c
SY		 2377void qemu_flush_coalesced_mmio_buffer(void)
2378{
2379 if (kvm_enabled())
2380 kvm_flush_coalesced_mmio_buffer();
2381}
2382
c902760f
MT		 2383#if defined(__linux__) && !defined(TARGET_S390X)
2384
2385#include <sys/vfs.h>
2386
2387#define HUGETLBFS_MAGIC 0x958458f6
2388
2389static long gethugepagesize(const char *path)
2390{
2391 struct statfs fs;
2392 int ret;
2393
2394 do {
9742bf26 2395 ret = statfs(path, &fs);
c902760f
MT		 2396 } while (ret != 0 && errno == EINTR);
2397
2398 if (ret != 0) {
9742bf26
YT		 2399 perror(path);
2400 return 0;
c902760f
MT		 2401 }
2402
2403 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2404 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2405
2406 return fs.f_bsize;
2407}
2408
04b16653
AW		 2409static void *file_ram_alloc(RAMBlock *block,
2410 ram_addr_t memory,
2411 const char *path)
c902760f
MT		 2412{
2413 char *filename;
2414 void *area;
2415 int fd;
2416#ifdef MAP_POPULATE
2417 int flags;
2418#endif
2419 unsigned long hpagesize;
2420
2421 hpagesize = gethugepagesize(path);
2422 if (!hpagesize) {
9742bf26 2423 return NULL;
c902760f
MT		 2424 }
2425
2426 if (memory < hpagesize) {
2427 return NULL;
2428 }
2429
2430 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2431 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2432 return NULL;
2433 }
2434
2435 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2436 return NULL;
c902760f
MT		 2437 }
2438
2439 fd = mkstemp(filename);
2440 if (fd < 0) {
9742bf26
YT		 2441 perror("unable to create backing store for hugepages");
2442 free(filename);
2443 return NULL;
c902760f
MT		 2444 }
2445 unlink(filename);
2446 free(filename);
2447
2448 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2449
2450 /*
2451 * ftruncate is not supported by hugetlbfs in older
2452 * hosts, so don't bother bailing out on errors.
2453 * If anything goes wrong with it under other filesystems,
2454 * mmap will fail.
2455 */
2456 if (ftruncate(fd, memory))
9742bf26 2457 perror("ftruncate");
c902760f
MT		 2458
2459#ifdef MAP_POPULATE
2460 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2461 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2462 * to sidestep this quirk.
2463 */
2464 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2465 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2466#else
2467 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2468#endif
2469 if (area == MAP_FAILED) {
9742bf26
YT		 2470 perror("file_ram_alloc: can't mmap RAM pages");
2471 close(fd);
2472 return (NULL);
c902760f 2473 }
04b16653 2474 block->fd = fd;
c902760f
MT		 2475 return area;
2476}
2477#endif
2478
d17b5288 2479static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2480{
2481 RAMBlock *block, *next_block;
3e837b2c 2482 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2483
2484 if (QLIST_EMPTY(&ram_list.blocks))
2485 return 0;
2486
2487 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2488 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2489
2490 end = block->offset + block->length;
2491
2492 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2493 if (next_block->offset >= end) {
2494 next = MIN(next, next_block->offset);
2495 }
2496 }
2497 if (next - end >= size && next - end < mingap) {
3e837b2c 2498 offset = end;
04b16653
AW		 2499 mingap = next - end;
2500 }
2501 }
3e837b2c
AW		 2502
2503 if (offset == RAM_ADDR_MAX) {
2504 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2505 (uint64_t)size);
2506 abort();
2507 }
2508
04b16653
AW		 2509 return offset;
2510}
2511
652d7ec2 2512ram_addr_t last_ram_offset(void)
d17b5288
AW		 2513{
2514 RAMBlock *block;
2515 ram_addr_t last = 0;
2516
2517 QLIST_FOREACH(block, &ram_list.blocks, next)
2518 last = MAX(last, block->offset + block->length);
2519
2520 return last;
2521}
2522
ddb97f1d
JB		 2523static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2524{
2525 int ret;
2526 QemuOpts *machine_opts;
2527
2528 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2529 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2530 if (machine_opts &&
2531 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2532 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2533 if (ret) {
2534 perror("qemu_madvise");
2535 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2536 "but dump_guest_core=off specified\n");
2537 }
2538 }
2539}
2540
c5705a77 2541void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2542{
2543 RAMBlock *new_block, *block;
2544
c5705a77
AK		 2545 new_block = NULL;
2546 QLIST_FOREACH(block, &ram_list.blocks, next) {
2547 if (block->offset == addr) {
2548 new_block = block;
2549 break;
2550 }
2551 }
2552 assert(new_block);
2553 assert(!new_block->idstr[0]);
84b89d78 2554
09e5ab63
AL		 2555 if (dev) {
2556 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2557 if (id) {
2558 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2559 g_free(id);
84b89d78
CM		 2560 }
2561 }
2562 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2563
2564 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2565 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2566 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2567 new_block->idstr);
2568 abort();
2569 }
2570 }
c5705a77
AK		 2571}
2572
8490fc78
LC		 2573static int memory_try_enable_merging(void *addr, size_t len)
2574{
2575 QemuOpts *opts;
2576
2577 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2578 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2579 /* disabled by the user */
2580 return 0;
2581 }
2582
2583 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2584}
2585
c5705a77
AK		 2586ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2587 MemoryRegion *mr)
2588{
2589 RAMBlock *new_block;
2590
2591 size = TARGET_PAGE_ALIGN(size);
2592 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2593
7c637366 2594 new_block->mr = mr;
432d268c 2595 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2596 if (host) {
2597 new_block->host = host;
cd19cfa2 2598 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2599 } else {
2600 if (mem_path) {
c902760f 2601#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2602 new_block->host = file_ram_alloc(new_block, size, mem_path);
2603 if (!new_block->host) {
2604 new_block->host = qemu_vmalloc(size);
8490fc78 2605 memory_try_enable_merging(new_block->host, size);
6977dfe6 2606 }
c902760f 2607#else
6977dfe6
YT		 2608 fprintf(stderr, "-mem-path option unsupported\n");
2609 exit(1);
c902760f 2610#endif
6977dfe6 2611 } else {
868bb33f 2612 if (xen_enabled()) {
fce537d4 2613 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2614 } else if (kvm_enabled()) {
2615 /* some s390/kvm configurations have special constraints */
2616 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2617 } else {
2618 new_block->host = qemu_vmalloc(size);
2619 }
8490fc78 2620 memory_try_enable_merging(new_block->host, size);
6977dfe6 2621 }
c902760f 2622 }
94a6b54f
PB		 2623 new_block->length = size;
2624
f471a17e 2625 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2626
7267c094 2627 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2628 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2629 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2630 0, size >> TARGET_PAGE_BITS);
1720aeee 2631 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2632
ddb97f1d 2633 qemu_ram_setup_dump(new_block->host, size);
ad0b5321 2634 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
ddb97f1d 2635
6f0437e8
JK		 2636 if (kvm_enabled())
2637 kvm_setup_guest_memory(new_block->host, size);
2638
94a6b54f
PB		 2639 return new_block->offset;
2640}
e9a1ab19 2641
c5705a77 2642ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2643{
c5705a77 2644 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2645}
2646
1f2e98b6
AW		 2647void qemu_ram_free_from_ptr(ram_addr_t addr)
2648{
2649 RAMBlock *block;
2650
2651 QLIST_FOREACH(block, &ram_list.blocks, next) {
2652 if (addr == block->offset) {
2653 QLIST_REMOVE(block, next);
7267c094 2654 g_free(block);
1f2e98b6
AW		 2655 return;
2656 }
2657 }
2658}
2659
c227f099 2660void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2661{
04b16653
AW		 2662 RAMBlock *block;
2663
2664 QLIST_FOREACH(block, &ram_list.blocks, next) {
2665 if (addr == block->offset) {
2666 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2667 if (block->flags & RAM_PREALLOC_MASK) {
2668 ;
2669 } else if (mem_path) {
04b16653
AW		 2670#if defined (__linux__) && !defined(TARGET_S390X)
2671 if (block->fd) {
2672 munmap(block->host, block->length);
2673 close(block->fd);
2674 } else {
2675 qemu_vfree(block->host);
2676 }
fd28aa13
JK		 2677#else
2678 abort();
04b16653
AW		 2679#endif
2680 } else {
2681#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2682 munmap(block->host, block->length);
2683#else
868bb33f 2684 if (xen_enabled()) {
e41d7c69 2685 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2686 } else {
2687 qemu_vfree(block->host);
2688 }
04b16653
AW		 2689#endif
2690 }
7267c094 2691 g_free(block);
04b16653
AW		 2692 return;
2693 }
2694 }
2695
e9a1ab19
FB		 2696}
2697
cd19cfa2
HY		 2698#ifndef _WIN32
2699void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2700{
2701 RAMBlock *block;
2702 ram_addr_t offset;
2703 int flags;
2704 void *area, *vaddr;
2705
2706 QLIST_FOREACH(block, &ram_list.blocks, next) {
2707 offset = addr - block->offset;
2708 if (offset < block->length) {
2709 vaddr = block->host + offset;
2710 if (block->flags & RAM_PREALLOC_MASK) {
2711 ;
2712 } else {
2713 flags = MAP_FIXED;
2714 munmap(vaddr, length);
2715 if (mem_path) {
2716#if defined(__linux__) && !defined(TARGET_S390X)
2717 if (block->fd) {
2718#ifdef MAP_POPULATE
2719 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2720 MAP_PRIVATE;
2721#else
2722 flags |= MAP_PRIVATE;
2723#endif
2724 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2725 flags, block->fd, offset);
2726 } else {
2727 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2728 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2729 flags, -1, 0);
2730 }
fd28aa13
JK		 2731#else
2732 abort();
cd19cfa2
HY		 2733#endif
2734 } else {
2735#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2736 flags |= MAP_SHARED | MAP_ANONYMOUS;
2737 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2738 flags, -1, 0);
2739#else
2740 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2741 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2742 flags, -1, 0);
2743#endif
2744 }
2745 if (area != vaddr) {
f15fbc4b
AP		 2746 fprintf(stderr, "Could not remap addr: "
2747 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2748 length, addr);
2749 exit(1);
2750 }
8490fc78 2751 memory_try_enable_merging(vaddr, length);
ddb97f1d 2752 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2753 }
2754 return;
2755 }
2756 }
2757}
2758#endif /* !_WIN32 */
2759
dc828ca1 2760/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2761 With the exception of the softmmu code in this file, this should
2762 only be used for local memory (e.g. video ram) that the device owns,
2763 and knows it isn't going to access beyond the end of the block.
2764
2765 It should not be used for general purpose DMA.
2766 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2767 */
c227f099 2768void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2769{
94a6b54f
PB		 2770 RAMBlock *block;
2771
f471a17e
AW		 2772 QLIST_FOREACH(block, &ram_list.blocks, next) {
2773 if (addr - block->offset < block->length) {
7d82af38
VP		 2774 /* Move this entry to to start of the list. */
2775 if (block != QLIST_FIRST(&ram_list.blocks)) {
2776 QLIST_REMOVE(block, next);
2777 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2778 }
868bb33f 2779 if (xen_enabled()) {
432d268c
JN		 2780 /* We need to check if the requested address is in the RAM
2781 * because we don't want to map the entire memory in QEMU.
712c2b41 2782 * In that case just map until the end of the page.
432d268c
JN		 2783 */
2784 if (block->offset == 0) {
e41d7c69 2785 return xen_map_cache(addr, 0, 0);
432d268c 2786 } else if (block->host == NULL) {
e41d7c69
JK		 2787 block->host =
2788 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2789 }
2790 }
f471a17e
AW		 2791 return block->host + (addr - block->offset);
2792 }
94a6b54f 2793 }
f471a17e
AW		 2794
2795 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2796 abort();
2797
2798 return NULL;
dc828ca1
PB		 2799}
2800
b2e0a138
MT		 2801/* Return a host pointer to ram allocated with qemu_ram_alloc.
2802 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2803 */
8b9c99d9 2804static void *qemu_safe_ram_ptr(ram_addr_t addr)
b2e0a138
MT		 2805{
2806 RAMBlock *block;
2807
2808 QLIST_FOREACH(block, &ram_list.blocks, next) {
2809 if (addr - block->offset < block->length) {
868bb33f 2810 if (xen_enabled()) {
432d268c
JN		 2811 /* We need to check if the requested address is in the RAM
2812 * because we don't want to map the entire memory in QEMU.
712c2b41 2813 * In that case just map until the end of the page.
432d268c
JN		 2814 */
2815 if (block->offset == 0) {
e41d7c69 2816 return xen_map_cache(addr, 0, 0);
432d268c 2817 } else if (block->host == NULL) {
e41d7c69
JK		 2818 block->host =
2819 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2820 }
2821 }
b2e0a138
MT		 2822 return block->host + (addr - block->offset);
2823 }
2824 }
2825
2826 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2827 abort();
2828
2829 return NULL;
2830}
2831
38bee5dc
SS		 2832/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2833 * but takes a size argument */
8b9c99d9 2834static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2835{
8ab934f9
SS		 2836 if (*size == 0) {
2837 return NULL;
2838 }
868bb33f 2839 if (xen_enabled()) {
e41d7c69 2840 return xen_map_cache(addr, *size, 1);
868bb33f 2841 } else {
38bee5dc
SS		 2842 RAMBlock *block;
2843
2844 QLIST_FOREACH(block, &ram_list.blocks, next) {
2845 if (addr - block->offset < block->length) {
2846 if (addr - block->offset + *size > block->length)
2847 *size = block->length - addr + block->offset;
2848 return block->host + (addr - block->offset);
2849 }
2850 }
2851
2852 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2853 abort();
38bee5dc
SS		 2854 }
2855}
2856
050a0ddf
AP		 2857void qemu_put_ram_ptr(void *addr)
2858{
2859 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2860}
2861
e890261f 2862int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2863{
94a6b54f
PB		 2864 RAMBlock *block;
2865 uint8_t *host = ptr;
2866
868bb33f 2867 if (xen_enabled()) {
e41d7c69 2868 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2869 return 0;
2870 }
2871
f471a17e 2872 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2873 /* This case append when the block is not mapped. */
2874 if (block->host == NULL) {
2875 continue;
2876 }
f471a17e 2877 if (host - block->host < block->length) {
e890261f
MT		 2878 *ram_addr = block->offset + (host - block->host);
2879 return 0;
f471a17e 2880 }
94a6b54f 2881 }
432d268c 2882
e890261f
MT		 2883 return -1;
2884}
f471a17e 2885
e890261f
MT		 2886/* Some of the softmmu routines need to translate from a host pointer
2887 (typically a TLB entry) back to a ram offset. */
2888ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2889{
2890 ram_addr_t ram_addr;
f471a17e 2891
e890261f
MT		 2892 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2893 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2894 abort();
2895 }
2896 return ram_addr;
5579c7f3
PB		 2897}
2898
a8170e5e 2899static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2900 unsigned size)
e18231a3
BS		 2901{
2902#ifdef DEBUG_UNASSIGNED
2903 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2904#endif
5b450407 2905#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2906 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2907#endif
2908 return 0;
2909}
2910
a8170e5e 2911static void unassigned_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2912 uint64_t val, unsigned size)
e18231a3
BS		 2913{
2914#ifdef DEBUG_UNASSIGNED
0e0df1e2 2915 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2916#endif
5b450407 2917#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2918 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2919#endif
33417e70
FB		 2920}
2921
0e0df1e2
AK		 2922static const MemoryRegionOps unassigned_mem_ops = {
2923 .read = unassigned_mem_read,
2924 .write = unassigned_mem_write,
2925 .endianness = DEVICE_NATIVE_ENDIAN,
2926};
e18231a3 2927
a8170e5e 2928static uint64_t error_mem_read(void *opaque, hwaddr addr,
0e0df1e2 2929 unsigned size)
e18231a3 2930{
0e0df1e2 2931 abort();
e18231a3
BS		 2932}
2933
a8170e5e 2934static void error_mem_write(void *opaque, hwaddr addr,
0e0df1e2 2935 uint64_t value, unsigned size)
e18231a3 2936{
0e0df1e2 2937 abort();
33417e70
FB		 2938}
2939
0e0df1e2
AK		 2940static const MemoryRegionOps error_mem_ops = {
2941 .read = error_mem_read,
2942 .write = error_mem_write,
2943 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2944};
2945
0e0df1e2
AK		 2946static const MemoryRegionOps rom_mem_ops = {
2947 .read = error_mem_read,
2948 .write = unassigned_mem_write,
2949 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2950};
2951
a8170e5e 2952static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2953 uint64_t val, unsigned size)
9fa3e853 2954{
3a7d929e 2955 int dirty_flags;
f7c11b53 2956 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2957 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2958#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2959 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2960 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2961#endif
3a7d929e 2962 }
0e0df1e2
AK		 2963 switch (size) {
2964 case 1:
2965 stb_p(qemu_get_ram_ptr(ram_addr), val);
2966 break;
2967 case 2:
2968 stw_p(qemu_get_ram_ptr(ram_addr), val);
2969 break;
2970 case 4:
2971 stl_p(qemu_get_ram_ptr(ram_addr), val);
2972 break;
2973 default:
2974 abort();
3a7d929e 2975 }
f23db169 2976 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2977 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2978 /* we remove the notdirty callback only if the code has been
2979 flushed */
2980 if (dirty_flags == 0xff)
2e70f6ef 2981 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2982}
2983
0e0df1e2
AK		 2984static const MemoryRegionOps notdirty_mem_ops = {
2985 .read = error_mem_read,
2986 .write = notdirty_mem_write,
2987 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2988};
2989
5a316526
BS		 2990static void tb_check_watchpoint(CPUArchState *env)
2991{
2992 TranslationBlock *tb;
2993
2994 tb = tb_find_pc(env->mem_io_pc);
2995 if (!tb) {
2996 cpu_abort(env, "check_watchpoint: could not find TB for pc=%p",
2997 (void *)env->mem_io_pc);
2998 }
2999 cpu_restore_state(tb, env, env->mem_io_pc);
3000 tb_phys_invalidate(tb, -1);
3001}
3002
0f459d16 3003/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3004static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 3005{
9349b4f9 3006 CPUArchState *env = cpu_single_env;
06d55cc1 3007 target_ulong pc, cs_base;
0f459d16 3008 target_ulong vaddr;
a1d1bb31 3009 CPUWatchpoint *wp;
06d55cc1 3010 int cpu_flags;
0f459d16 3011
06d55cc1
AL		 3012 if (env->watchpoint_hit) {
3013 /* We re-entered the check after replacing the TB. Now raise
3014 * the debug interrupt so that is will trigger after the
3015 * current instruction. */
3016 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3017 return;
3018 }
2e70f6ef 3019 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3020 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3021 if ((vaddr == (wp->vaddr & len_mask) ||
3022 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3023 wp->flags |= BP_WATCHPOINT_HIT;
3024 if (!env->watchpoint_hit) {
3025 env->watchpoint_hit = wp;
5a316526 3026 tb_check_watchpoint(env);
6e140f28
AL		 3027 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3028 env->exception_index = EXCP_DEBUG;
488d6577 3029 cpu_loop_exit(env);
6e140f28
AL		 3030 } else {
3031 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3032 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 3033 cpu_resume_from_signal(env, NULL);
6e140f28 3034 }
06d55cc1 3035 }
6e140f28
AL		 3036 } else {
3037 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3038 }
3039 }
3040}
3041
6658ffb8
PB		 3042/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3043 so these check for a hit then pass through to the normal out-of-line
3044 phys routines. */
a8170e5e 3045static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 3046 unsigned size)
6658ffb8 3047{
1ec9b909
AK		 3048 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3049 switch (size) {
3050 case 1: return ldub_phys(addr);
3051 case 2: return lduw_phys(addr);
3052 case 4: return ldl_phys(addr);
3053 default: abort();
3054 }
6658ffb8
PB		 3055}
3056
a8170e5e 3057static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 3058 uint64_t val, unsigned size)
6658ffb8 3059{
1ec9b909
AK		 3060 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3061 switch (size) {
67364150
MF		 3062 case 1:
3063 stb_phys(addr, val);
3064 break;
3065 case 2:
3066 stw_phys(addr, val);
3067 break;
3068 case 4:
3069 stl_phys(addr, val);
3070 break;
1ec9b909
AK		 3071 default: abort();
3072 }
6658ffb8
PB		 3073}
3074
1ec9b909
AK		 3075static const MemoryRegionOps watch_mem_ops = {
3076 .read = watch_mem_read,
3077 .write = watch_mem_write,
3078 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3079};
6658ffb8 3080
a8170e5e 3081static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 3082 unsigned len)
db7b5426 3083{
70c68e44 3084 subpage_t *mmio = opaque;
f6405247 3085 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3086 MemoryRegionSection *section;
db7b5426
BS		 3087#if defined(DEBUG_SUBPAGE)
3088 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3089 mmio, len, addr, idx);
3090#endif
db7b5426 3091
5312bd8b
AK		 3092 section = &phys_sections[mmio->sub_section[idx]];
3093 addr += mmio->base;
3094 addr -= section->offset_within_address_space;
3095 addr += section->offset_within_region;
37ec01d4 3096 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3097}
3098
a8170e5e 3099static void subpage_write(void *opaque, hwaddr addr,
70c68e44 3100 uint64_t value, unsigned len)
db7b5426 3101{
70c68e44 3102 subpage_t *mmio = opaque;
f6405247 3103 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3104 MemoryRegionSection *section;
db7b5426 3105#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3106 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3107 " idx %d value %"PRIx64"\n",
f6405247 3108 __func__, mmio, len, addr, idx, value);
db7b5426 3109#endif
f6405247 3110
5312bd8b
AK		 3111 section = &phys_sections[mmio->sub_section[idx]];
3112 addr += mmio->base;
3113 addr -= section->offset_within_address_space;
3114 addr += section->offset_within_region;
37ec01d4 3115 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3116}
3117
70c68e44
AK		 3118static const MemoryRegionOps subpage_ops = {
3119 .read = subpage_read,
3120 .write = subpage_write,
3121 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3122};
3123
a8170e5e 3124static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
de712f94 3125 unsigned size)
56384e8b
AF		 3126{
3127 ram_addr_t raddr = addr;
3128 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3129 switch (size) {
3130 case 1: return ldub_p(ptr);
3131 case 2: return lduw_p(ptr);
3132 case 4: return ldl_p(ptr);
3133 default: abort();
3134 }
56384e8b
AF		 3135}
3136
a8170e5e 3137static void subpage_ram_write(void *opaque, hwaddr addr,
de712f94 3138 uint64_t value, unsigned size)
56384e8b
AF		 3139{
3140 ram_addr_t raddr = addr;
3141 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3142 switch (size) {
3143 case 1: return stb_p(ptr, value);
3144 case 2: return stw_p(ptr, value);
3145 case 4: return stl_p(ptr, value);
3146 default: abort();
3147 }
56384e8b
AF		 3148}
3149
de712f94
AK		 3150static const MemoryRegionOps subpage_ram_ops = {
3151 .read = subpage_ram_read,
3152 .write = subpage_ram_write,
3153 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3154};
3155
c227f099 3156static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3157 uint16_t section)
db7b5426
BS		 3158{
3159 int idx, eidx;
3160
3161 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3162 return -1;
3163 idx = SUBPAGE_IDX(start);
3164 eidx = SUBPAGE_IDX(end);
3165#if defined(DEBUG_SUBPAGE)
0bf9e31a 3166 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3167 mmio, start, end, idx, eidx, memory);
3168#endif
5312bd8b
AK		 3169 if (memory_region_is_ram(phys_sections[section].mr)) {
3170 MemoryRegionSection new_section = phys_sections[section];
3171 new_section.mr = &io_mem_subpage_ram;
3172 section = phys_section_add(&new_section);
56384e8b 3173 }
db7b5426 3174 for (; idx <= eidx; idx++) {
5312bd8b 3175 mmio->sub_section[idx] = section;
db7b5426
BS		 3176 }
3177
3178 return 0;
3179}
3180
a8170e5e 3181static subpage_t *subpage_init(hwaddr base)
db7b5426 3182{
c227f099 3183 subpage_t *mmio;
db7b5426 3184
7267c094 3185 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3186
3187 mmio->base = base;
70c68e44
AK		 3188 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3189 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3190 mmio->iomem.subpage = true;
db7b5426 3191#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3192 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3193 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3194#endif
0f0cb164 3195 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3196
3197 return mmio;
3198}
3199
5312bd8b
AK		 3200static uint16_t dummy_section(MemoryRegion *mr)
3201{
3202 MemoryRegionSection section = {
3203 .mr = mr,
3204 .offset_within_address_space = 0,
3205 .offset_within_region = 0,
3206 .size = UINT64_MAX,
3207 };
3208
3209 return phys_section_add(&section);
3210}
3211
a8170e5e 3212MemoryRegion *iotlb_to_region(hwaddr index)
aa102231 3213{
37ec01d4 3214 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3215}
3216
e9179ce1
AK		 3217static void io_mem_init(void)
3218{
0e0df1e2 3219 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3220 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3221 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3222 "unassigned", UINT64_MAX);
3223 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3224 "notdirty", UINT64_MAX);
de712f94
AK		 3225 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3226 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3227 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3228 "watch", UINT64_MAX);
e9179ce1
AK		 3229}
3230
ac1970fb
AK		 3231static void mem_begin(MemoryListener *listener)
3232{
3233 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3234
3235 destroy_all_mappings(d);
3236 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3237}
3238
50c1e149
AK		 3239static void core_begin(MemoryListener *listener)
3240{
5312bd8b
AK		 3241 phys_sections_clear();
3242 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3243 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3244 phys_section_rom = dummy_section(&io_mem_rom);
3245 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3246}
3247
1d71148e 3248static void tcg_commit(MemoryListener *listener)
50c1e149 3249{
9349b4f9 3250 CPUArchState *env;
117712c3
AK		 3251
3252 /* since each CPU stores ram addresses in its TLB cache, we must
3253 reset the modified entries */
3254 /* XXX: slow ! */
3255 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3256 tlb_flush(env, 1);
3257 }
50c1e149
AK		 3258}
3259
93632747
AK		 3260static void core_log_global_start(MemoryListener *listener)
3261{
3262 cpu_physical_memory_set_dirty_tracking(1);
3263}
3264
3265static void core_log_global_stop(MemoryListener *listener)
3266{
3267 cpu_physical_memory_set_dirty_tracking(0);
3268}
3269
4855d41a
AK		 3270static void io_region_add(MemoryListener *listener,
3271 MemoryRegionSection *section)
3272{
a2d33521
AK		 3273 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3274
3275 mrio->mr = section->mr;
3276 mrio->offset = section->offset_within_region;
3277 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3278 section->offset_within_address_space, section->size);
a2d33521 3279 ioport_register(&mrio->iorange);
4855d41a
AK		 3280}
3281
3282static void io_region_del(MemoryListener *listener,
3283 MemoryRegionSection *section)
3284{
3285 isa_unassign_ioport(section->offset_within_address_space, section->size);
3286}
3287
93632747 3288static MemoryListener core_memory_listener = {
50c1e149 3289 .begin = core_begin,
93632747
AK		 3290 .log_global_start = core_log_global_start,
3291 .log_global_stop = core_log_global_stop,
ac1970fb 3292 .priority = 1,
93632747
AK		 3293};
3294
4855d41a
AK		 3295static MemoryListener io_memory_listener = {
3296 .region_add = io_region_add,
3297 .region_del = io_region_del,
4855d41a
AK		 3298 .priority = 0,
3299};
3300
1d71148e
AK		 3301static MemoryListener tcg_memory_listener = {
3302 .commit = tcg_commit,
3303};
3304
ac1970fb
AK		 3305void address_space_init_dispatch(AddressSpace *as)
3306{
3307 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3308
3309 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3310 d->listener = (MemoryListener) {
3311 .begin = mem_begin,
3312 .region_add = mem_add,
3313 .region_nop = mem_add,
3314 .priority = 0,
3315 };
3316 as->dispatch = d;
3317 memory_listener_register(&d->listener, as);
3318}
3319
83f3c251
AK		 3320void address_space_destroy_dispatch(AddressSpace *as)
3321{
3322 AddressSpaceDispatch *d = as->dispatch;
3323
3324 memory_listener_unregister(&d->listener);
3325 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
3326 g_free(d);
3327 as->dispatch = NULL;
3328}
3329
62152b8a
AK		 3330static void memory_map_init(void)
3331{
7267c094 3332 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3333 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 3334 address_space_init(&address_space_memory, system_memory);
3335 address_space_memory.name = "memory";
309cb471 3336
7267c094 3337 system_io = g_malloc(sizeof(*system_io));
309cb471 3338 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 3339 address_space_init(&address_space_io, system_io);
3340 address_space_io.name = "I/O";
93632747 3341
f6790af6
AK		 3342 memory_listener_register(&core_memory_listener, &address_space_memory);
3343 memory_listener_register(&io_memory_listener, &address_space_io);
3344 memory_listener_register(&tcg_memory_listener, &address_space_memory);
9e11908f
PM		 3345
3346 dma_context_init(&dma_context_memory, &address_space_memory,
3347 NULL, NULL, NULL);
62152b8a
AK		 3348}
3349
3350MemoryRegion *get_system_memory(void)
3351{
3352 return system_memory;
3353}
3354
309cb471
AK		 3355MemoryRegion *get_system_io(void)
3356{
3357 return system_io;
3358}
3359
e2eef170
PB		 3360#endif /* !defined(CONFIG_USER_ONLY) */
3361
13eb76e0
FB		 3362/* physical memory access (slow version, mainly for debug) */
3363#if defined(CONFIG_USER_ONLY)
9349b4f9 3364int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3365 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3366{
3367 int l, flags;
3368 target_ulong page;
53a5960a 3369 void * p;
13eb76e0
FB		 3370
3371 while (len > 0) {
3372 page = addr & TARGET_PAGE_MASK;
3373 l = (page + TARGET_PAGE_SIZE) - addr;
3374 if (l > len)
3375 l = len;
3376 flags = page_get_flags(page);
3377 if (!(flags & PAGE_VALID))
a68fe89c 3378 return -1;
13eb76e0
FB		 3379 if (is_write) {
3380 if (!(flags & PAGE_WRITE))
a68fe89c 3381 return -1;
579a97f7 3382 /* XXX: this code should not depend on lock_user */
72fb7daa 3383 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3384 return -1;
72fb7daa
AJ		 3385 memcpy(p, buf, l);
3386 unlock_user(p, addr, l);
13eb76e0
FB		 3387 } else {
3388 if (!(flags & PAGE_READ))
a68fe89c 3389 return -1;
579a97f7 3390 /* XXX: this code should not depend on lock_user */
72fb7daa 3391 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3392 return -1;
72fb7daa 3393 memcpy(buf, p, l);
5b257578 3394 unlock_user(p, addr, 0);
13eb76e0
FB		 3395 }
3396 len -= l;
3397 buf += l;
3398 addr += l;
3399 }
a68fe89c 3400 return 0;
13eb76e0 3401}
8df1cd07 3402
13eb76e0 3403#else
51d7a9eb 3404
a8170e5e
AK		 3405static void invalidate_and_set_dirty(hwaddr addr,
3406 hwaddr length)
51d7a9eb
AP		 3407{
3408 if (!cpu_physical_memory_is_dirty(addr)) {
3409 /* invalidate code */
3410 tb_invalidate_phys_page_range(addr, addr + length, 0);
3411 /* set dirty bit */
3412 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3413 }
e226939d 3414 xen_modified_memory(addr, length);
51d7a9eb
AP		 3415}
3416
a8170e5e 3417void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 3418 int len, bool is_write)
13eb76e0 3419{
ac1970fb 3420 AddressSpaceDispatch *d = as->dispatch;
37ec01d4 3421 int l;
13eb76e0
FB		 3422 uint8_t *ptr;
3423 uint32_t val;
a8170e5e 3424 hwaddr page;
f3705d53 3425 MemoryRegionSection *section;
3b46e624 3426
13eb76e0
FB		 3427 while (len > 0) {
3428 page = addr & TARGET_PAGE_MASK;
3429 l = (page + TARGET_PAGE_SIZE) - addr;
3430 if (l > len)
3431 l = len;
ac1970fb 3432 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3433
13eb76e0 3434 if (is_write) {
f3705d53 3435 if (!memory_region_is_ram(section->mr)) {
a8170e5e 3436 hwaddr addr1;
cc5bea60 3437 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3438 /* XXX: could force cpu_single_env to NULL to avoid
3439 potential bugs */
6c2934db 3440 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3441 /* 32 bit write access */
c27004ec 3442 val = ldl_p(buf);
37ec01d4 3443 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3444 l = 4;
6c2934db 3445 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3446 /* 16 bit write access */
c27004ec 3447 val = lduw_p(buf);
37ec01d4 3448 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3449 l = 2;
3450 } else {
1c213d19 3451 /* 8 bit write access */
c27004ec 3452 val = ldub_p(buf);
37ec01d4 3453 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3454 l = 1;
3455 }
f3705d53 3456 } else if (!section->readonly) {
8ca5692d 3457 ram_addr_t addr1;
f3705d53 3458 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3459 + memory_region_section_addr(section, addr);
13eb76e0 3460 /* RAM case */
5579c7f3 3461 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3462 memcpy(ptr, buf, l);
51d7a9eb 3463 invalidate_and_set_dirty(addr1, l);
050a0ddf 3464 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3465 }
3466 } else {
cc5bea60
BS		 3467 if (!(memory_region_is_ram(section->mr) ||
3468 memory_region_is_romd(section->mr))) {
a8170e5e 3469 hwaddr addr1;
13eb76e0 3470 /* I/O case */
cc5bea60 3471 addr1 = memory_region_section_addr(section, addr);
6c2934db 3472 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3473 /* 32 bit read access */
37ec01d4 3474 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3475 stl_p(buf, val);
13eb76e0 3476 l = 4;
6c2934db 3477 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3478 /* 16 bit read access */
37ec01d4 3479 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3480 stw_p(buf, val);
13eb76e0
FB		 3481 l = 2;
3482 } else {
1c213d19 3483 /* 8 bit read access */
37ec01d4 3484 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3485 stb_p(buf, val);
13eb76e0
FB		 3486 l = 1;
3487 }
3488 } else {
3489 /* RAM case */
0a1b357f 3490 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3491 + memory_region_section_addr(section,
3492 addr));
f3705d53 3493 memcpy(buf, ptr, l);
050a0ddf 3494 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3495 }
3496 }
3497 len -= l;
3498 buf += l;
3499 addr += l;
3500 }
3501}
8df1cd07 3502
a8170e5e 3503void address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 3504 const uint8_t *buf, int len)
3505{
3506 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3507}
3508
3509/**
3510 * address_space_read: read from an address space.
3511 *
3512 * @as: #AddressSpace to be accessed
3513 * @addr: address within that address space
3514 * @buf: buffer with the data transferred
3515 */
a8170e5e 3516void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb
AK		 3517{
3518 address_space_rw(as, addr, buf, len, false);
3519}
3520
3521
a8170e5e 3522void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 3523 int len, int is_write)
3524{
3525 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3526}
3527
d0ecd2aa 3528/* used for ROM loading : can write in RAM and ROM */
a8170e5e 3529void cpu_physical_memory_write_rom(hwaddr addr,
d0ecd2aa
FB		 3530 const uint8_t *buf, int len)
3531{
ac1970fb 3532 AddressSpaceDispatch *d = address_space_memory.dispatch;
d0ecd2aa
FB		 3533 int l;
3534 uint8_t *ptr;
a8170e5e 3535 hwaddr page;
f3705d53 3536 MemoryRegionSection *section;
3b46e624 3537
d0ecd2aa
FB		 3538 while (len > 0) {
3539 page = addr & TARGET_PAGE_MASK;
3540 l = (page + TARGET_PAGE_SIZE) - addr;
3541 if (l > len)
3542 l = len;
ac1970fb 3543 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3544
cc5bea60
BS		 3545 if (!(memory_region_is_ram(section->mr) ||
3546 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3547 /* do nothing */
3548 } else {
3549 unsigned long addr1;
f3705d53 3550 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3551 + memory_region_section_addr(section, addr);
d0ecd2aa 3552 /* ROM/RAM case */
5579c7f3 3553 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3554 memcpy(ptr, buf, l);
51d7a9eb 3555 invalidate_and_set_dirty(addr1, l);
050a0ddf 3556 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3557 }
3558 len -= l;
3559 buf += l;
3560 addr += l;
3561 }
3562}
3563
6d16c2f8
AL		 3564typedef struct {
3565 void *buffer;
a8170e5e
AK		 3566 hwaddr addr;
3567 hwaddr len;
6d16c2f8
AL		 3568} BounceBuffer;
3569
3570static BounceBuffer bounce;
3571
ba223c29
AL		 3572typedef struct MapClient {
3573 void *opaque;
3574 void (*callback)(void *opaque);
72cf2d4f 3575 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3576} MapClient;
3577
72cf2d4f
BS		 3578static QLIST_HEAD(map_client_list, MapClient) map_client_list
3579 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3580
3581void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3582{
7267c094 3583 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3584
3585 client->opaque = opaque;
3586 client->callback = callback;
72cf2d4f 3587 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3588 return client;
3589}
3590
8b9c99d9 3591static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 3592{
3593 MapClient *client = (MapClient *)_client;
3594
72cf2d4f 3595 QLIST_REMOVE(client, link);
7267c094 3596 g_free(client);
ba223c29
AL		 3597}
3598
3599static void cpu_notify_map_clients(void)
3600{
3601 MapClient *client;
3602
72cf2d4f
BS		 3603 while (!QLIST_EMPTY(&map_client_list)) {
3604 client = QLIST_FIRST(&map_client_list);
ba223c29 3605 client->callback(client->opaque);
34d5e948 3606 cpu_unregister_map_client(client);
ba223c29
AL		 3607 }
3608}
3609
6d16c2f8
AL		 3610/* Map a physical memory region into a host virtual address.
3611 * May map a subset of the requested range, given by and returned in *plen.
3612 * May return NULL if resources needed to perform the mapping are exhausted.
3613 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3614 * Use cpu_register_map_client() to know when retrying the map operation is
3615 * likely to succeed.
6d16c2f8 3616 */
ac1970fb 3617void *address_space_map(AddressSpace *as,
a8170e5e
AK		 3618 hwaddr addr,
3619 hwaddr *plen,
ac1970fb 3620 bool is_write)
6d16c2f8 3621{
ac1970fb 3622 AddressSpaceDispatch *d = as->dispatch;
a8170e5e
AK		 3623 hwaddr len = *plen;
3624 hwaddr todo = 0;
6d16c2f8 3625 int l;
a8170e5e 3626 hwaddr page;
f3705d53 3627 MemoryRegionSection *section;
f15fbc4b 3628 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3629 ram_addr_t rlen;
3630 void *ret;
6d16c2f8
AL		 3631
3632 while (len > 0) {
3633 page = addr & TARGET_PAGE_MASK;
3634 l = (page + TARGET_PAGE_SIZE) - addr;
3635 if (l > len)
3636 l = len;
ac1970fb 3637 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
6d16c2f8 3638
f3705d53 3639 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3640 if (todo || bounce.buffer) {
6d16c2f8
AL		 3641 break;
3642 }
3643 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3644 bounce.addr = addr;
3645 bounce.len = l;
3646 if (!is_write) {
ac1970fb 3647 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 3648 }
38bee5dc
SS		 3649
3650 *plen = l;
3651 return bounce.buffer;
6d16c2f8 3652 }
8ab934f9 3653 if (!todo) {
f3705d53 3654 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3655 + memory_region_section_addr(section, addr);
8ab934f9 3656 }
6d16c2f8
AL		 3657
3658 len -= l;
3659 addr += l;
38bee5dc 3660 todo += l;
6d16c2f8 3661 }
8ab934f9
SS		 3662 rlen = todo;
3663 ret = qemu_ram_ptr_length(raddr, &rlen);
3664 *plen = rlen;
3665 return ret;
6d16c2f8
AL		 3666}
3667
ac1970fb 3668/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3669 * Will also mark the memory as dirty if is_write == 1. access_len gives
3670 * the amount of memory that was actually read or written by the caller.
3671 */
a8170e5e
AK		 3672void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3673 int is_write, hwaddr access_len)
6d16c2f8
AL		 3674{
3675 if (buffer != bounce.buffer) {
3676 if (is_write) {
e890261f 3677 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3678 while (access_len) {
3679 unsigned l;
3680 l = TARGET_PAGE_SIZE;
3681 if (l > access_len)
3682 l = access_len;
51d7a9eb 3683 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3684 addr1 += l;
3685 access_len -= l;
3686 }
3687 }
868bb33f 3688 if (xen_enabled()) {
e41d7c69 3689 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3690 }
6d16c2f8
AL		 3691 return;
3692 }
3693 if (is_write) {
ac1970fb 3694 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 3695 }
f8a83245 3696 qemu_vfree(bounce.buffer);
6d16c2f8 3697 bounce.buffer = NULL;
ba223c29 3698 cpu_notify_map_clients();
6d16c2f8 3699}
d0ecd2aa 3700
a8170e5e
AK		 3701void *cpu_physical_memory_map(hwaddr addr,
3702 hwaddr *plen,
ac1970fb
AK		 3703 int is_write)
3704{
3705 return address_space_map(&address_space_memory, addr, plen, is_write);
3706}
3707
a8170e5e
AK		 3708void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3709 int is_write, hwaddr access_len)
ac1970fb
AK		 3710{
3711 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3712}
3713
8df1cd07 3714/* warning: addr must be aligned */
a8170e5e 3715static inline uint32_t ldl_phys_internal(hwaddr addr,
1e78bcc1 3716 enum device_endian endian)
8df1cd07 3717{
8df1cd07
FB		 3718 uint8_t *ptr;
3719 uint32_t val;
f3705d53 3720 MemoryRegionSection *section;
8df1cd07 3721
ac1970fb 3722 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3723
cc5bea60
BS		 3724 if (!(memory_region_is_ram(section->mr) ||
3725 memory_region_is_romd(section->mr))) {
8df1cd07 3726 /* I/O case */
cc5bea60 3727 addr = memory_region_section_addr(section, addr);
37ec01d4 3728 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3729#if defined(TARGET_WORDS_BIGENDIAN)
3730 if (endian == DEVICE_LITTLE_ENDIAN) {
3731 val = bswap32(val);
3732 }
3733#else
3734 if (endian == DEVICE_BIG_ENDIAN) {
3735 val = bswap32(val);
3736 }
3737#endif
8df1cd07
FB		 3738 } else {
3739 /* RAM case */
f3705d53 3740 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3741 & TARGET_PAGE_MASK)
cc5bea60 3742 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3743 switch (endian) {
3744 case DEVICE_LITTLE_ENDIAN:
3745 val = ldl_le_p(ptr);
3746 break;
3747 case DEVICE_BIG_ENDIAN:
3748 val = ldl_be_p(ptr);
3749 break;
3750 default:
3751 val = ldl_p(ptr);
3752 break;
3753 }
8df1cd07
FB		 3754 }
3755 return val;
3756}
3757
a8170e5e 3758uint32_t ldl_phys(hwaddr addr)
1e78bcc1
AG		 3759{
3760 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3761}
3762
a8170e5e 3763uint32_t ldl_le_phys(hwaddr addr)
1e78bcc1
AG		 3764{
3765 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3766}
3767
a8170e5e 3768uint32_t ldl_be_phys(hwaddr addr)
1e78bcc1
AG		 3769{
3770 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3771}
3772
84b7b8e7 3773/* warning: addr must be aligned */
a8170e5e 3774static inline uint64_t ldq_phys_internal(hwaddr addr,
1e78bcc1 3775 enum device_endian endian)
84b7b8e7 3776{
84b7b8e7
FB		 3777 uint8_t *ptr;
3778 uint64_t val;
f3705d53 3779 MemoryRegionSection *section;
84b7b8e7 3780
ac1970fb 3781 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3782
cc5bea60
BS		 3783 if (!(memory_region_is_ram(section->mr) ||
3784 memory_region_is_romd(section->mr))) {
84b7b8e7 3785 /* I/O case */
cc5bea60 3786 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3787
3788 /* XXX This is broken when device endian != cpu endian.
3789 Fix and add "endian" variable check */
84b7b8e7 3790#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3791 val = io_mem_read(section->mr, addr, 4) << 32;
3792 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3793#else
37ec01d4
AK		 3794 val = io_mem_read(section->mr, addr, 4);
3795 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3796#endif
3797 } else {
3798 /* RAM case */
f3705d53 3799 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3800 & TARGET_PAGE_MASK)
cc5bea60 3801 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3802 switch (endian) {
3803 case DEVICE_LITTLE_ENDIAN:
3804 val = ldq_le_p(ptr);
3805 break;
3806 case DEVICE_BIG_ENDIAN:
3807 val = ldq_be_p(ptr);
3808 break;
3809 default:
3810 val = ldq_p(ptr);
3811 break;
3812 }
84b7b8e7
FB		 3813 }
3814 return val;
3815}
3816
a8170e5e 3817uint64_t ldq_phys(hwaddr addr)
1e78bcc1
AG		 3818{
3819 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3820}
3821
a8170e5e 3822uint64_t ldq_le_phys(hwaddr addr)
1e78bcc1
AG		 3823{
3824 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3825}
3826
a8170e5e 3827uint64_t ldq_be_phys(hwaddr addr)
1e78bcc1
AG		 3828{
3829 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3830}
3831
aab33094 3832/* XXX: optimize */
a8170e5e 3833uint32_t ldub_phys(hwaddr addr)
aab33094
FB		 3834{
3835 uint8_t val;
3836 cpu_physical_memory_read(addr, &val, 1);
3837 return val;
3838}
3839
733f0b02 3840/* warning: addr must be aligned */
a8170e5e 3841static inline uint32_t lduw_phys_internal(hwaddr addr,
1e78bcc1 3842 enum device_endian endian)
aab33094 3843{
733f0b02
MT		 3844 uint8_t *ptr;
3845 uint64_t val;
f3705d53 3846 MemoryRegionSection *section;
733f0b02 3847
ac1970fb 3848 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3849
cc5bea60
BS		 3850 if (!(memory_region_is_ram(section->mr) ||
3851 memory_region_is_romd(section->mr))) {
733f0b02 3852 /* I/O case */
cc5bea60 3853 addr = memory_region_section_addr(section, addr);
37ec01d4 3854 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3855#if defined(TARGET_WORDS_BIGENDIAN)
3856 if (endian == DEVICE_LITTLE_ENDIAN) {
3857 val = bswap16(val);
3858 }
3859#else
3860 if (endian == DEVICE_BIG_ENDIAN) {
3861 val = bswap16(val);
3862 }
3863#endif
733f0b02
MT		 3864 } else {
3865 /* RAM case */
f3705d53 3866 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3867 & TARGET_PAGE_MASK)
cc5bea60 3868 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3869 switch (endian) {
3870 case DEVICE_LITTLE_ENDIAN:
3871 val = lduw_le_p(ptr);
3872 break;
3873 case DEVICE_BIG_ENDIAN:
3874 val = lduw_be_p(ptr);
3875 break;
3876 default:
3877 val = lduw_p(ptr);
3878 break;
3879 }
733f0b02
MT		 3880 }
3881 return val;
aab33094
FB		 3882}
3883
a8170e5e 3884uint32_t lduw_phys(hwaddr addr)
1e78bcc1
AG		 3885{
3886 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3887}
3888
a8170e5e 3889uint32_t lduw_le_phys(hwaddr addr)
1e78bcc1
AG		 3890{
3891 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3892}
3893
a8170e5e 3894uint32_t lduw_be_phys(hwaddr addr)
1e78bcc1
AG		 3895{
3896 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3897}
3898
8df1cd07
FB		 3899/* warning: addr must be aligned. The ram page is not masked as dirty
3900 and the code inside is not invalidated. It is useful if the dirty
3901 bits are used to track modified PTEs */
a8170e5e 3902void stl_phys_notdirty(hwaddr addr, uint32_t val)
8df1cd07 3903{
8df1cd07 3904 uint8_t *ptr;
f3705d53 3905 MemoryRegionSection *section;
8df1cd07 3906
ac1970fb 3907 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3908
f3705d53 3909 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3910 addr = memory_region_section_addr(section, addr);
f3705d53 3911 if (memory_region_is_ram(section->mr)) {
37ec01d4 3912 section = &phys_sections[phys_section_rom];
06ef3525 3913 }
37ec01d4 3914 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3915 } else {
f3705d53 3916 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3917 & TARGET_PAGE_MASK)
cc5bea60 3918 + memory_region_section_addr(section, addr);
5579c7f3 3919 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3920 stl_p(ptr, val);
74576198
AL		 3921
3922 if (unlikely(in_migration)) {
3923 if (!cpu_physical_memory_is_dirty(addr1)) {
3924 /* invalidate code */
3925 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3926 /* set dirty bit */
f7c11b53
YT		 3927 cpu_physical_memory_set_dirty_flags(
3928 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3929 }
3930 }
8df1cd07
FB		 3931 }
3932}
3933
a8170e5e 3934void stq_phys_notdirty(hwaddr addr, uint64_t val)
bc98a7ef 3935{
bc98a7ef 3936 uint8_t *ptr;
f3705d53 3937 MemoryRegionSection *section;
bc98a7ef 3938
ac1970fb 3939 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3940
f3705d53 3941 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3942 addr = memory_region_section_addr(section, addr);
f3705d53 3943 if (memory_region_is_ram(section->mr)) {
37ec01d4 3944 section = &phys_sections[phys_section_rom];
06ef3525 3945 }
bc98a7ef 3946#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3947 io_mem_write(section->mr, addr, val >> 32, 4);
3948 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3949#else
37ec01d4
AK		 3950 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3951 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3952#endif
3953 } else {
f3705d53 3954 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3955 & TARGET_PAGE_MASK)
cc5bea60 3956 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3957 stq_p(ptr, val);
3958 }
3959}
3960
8df1cd07 3961/* warning: addr must be aligned */
a8170e5e 3962static inline void stl_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 3963 enum device_endian endian)
8df1cd07 3964{
8df1cd07 3965 uint8_t *ptr;
f3705d53 3966 MemoryRegionSection *section;
8df1cd07 3967
ac1970fb 3968 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3969
f3705d53 3970 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3971 addr = memory_region_section_addr(section, addr);
f3705d53 3972 if (memory_region_is_ram(section->mr)) {
37ec01d4 3973 section = &phys_sections[phys_section_rom];
06ef3525 3974 }
1e78bcc1
AG		 3975#if defined(TARGET_WORDS_BIGENDIAN)
3976 if (endian == DEVICE_LITTLE_ENDIAN) {
3977 val = bswap32(val);
3978 }
3979#else
3980 if (endian == DEVICE_BIG_ENDIAN) {
3981 val = bswap32(val);
3982 }
3983#endif
37ec01d4 3984 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3985 } else {
3986 unsigned long addr1;
f3705d53 3987 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3988 + memory_region_section_addr(section, addr);
8df1cd07 3989 /* RAM case */
5579c7f3 3990 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3991 switch (endian) {
3992 case DEVICE_LITTLE_ENDIAN:
3993 stl_le_p(ptr, val);
3994 break;
3995 case DEVICE_BIG_ENDIAN:
3996 stl_be_p(ptr, val);
3997 break;
3998 default:
3999 stl_p(ptr, val);
4000 break;
4001 }
51d7a9eb 4002 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 4003 }
4004}
4005
a8170e5e 4006void stl_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4007{
4008 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4009}
4010
a8170e5e 4011void stl_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4012{
4013 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4014}
4015
a8170e5e 4016void stl_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4017{
4018 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4019}
4020
aab33094 4021/* XXX: optimize */
a8170e5e 4022void stb_phys(hwaddr addr, uint32_t val)
aab33094
FB		 4023{
4024 uint8_t v = val;
4025 cpu_physical_memory_write(addr, &v, 1);
4026}
4027
733f0b02 4028/* warning: addr must be aligned */
a8170e5e 4029static inline void stw_phys_internal(hwaddr addr, uint32_t val,
1e78bcc1 4030 enum device_endian endian)
aab33094 4031{
733f0b02 4032 uint8_t *ptr;
f3705d53 4033 MemoryRegionSection *section;
733f0b02 4034
ac1970fb 4035 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 4036
f3705d53 4037 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4038 addr = memory_region_section_addr(section, addr);
f3705d53 4039 if (memory_region_is_ram(section->mr)) {
37ec01d4 4040 section = &phys_sections[phys_section_rom];
06ef3525 4041 }
1e78bcc1
AG		 4042#if defined(TARGET_WORDS_BIGENDIAN)
4043 if (endian == DEVICE_LITTLE_ENDIAN) {
4044 val = bswap16(val);
4045 }
4046#else
4047 if (endian == DEVICE_BIG_ENDIAN) {
4048 val = bswap16(val);
4049 }
4050#endif
37ec01d4 4051 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4052 } else {
4053 unsigned long addr1;
f3705d53 4054 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4055 + memory_region_section_addr(section, addr);
733f0b02
MT		 4056 /* RAM case */
4057 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4058 switch (endian) {
4059 case DEVICE_LITTLE_ENDIAN:
4060 stw_le_p(ptr, val);
4061 break;
4062 case DEVICE_BIG_ENDIAN:
4063 stw_be_p(ptr, val);
4064 break;
4065 default:
4066 stw_p(ptr, val);
4067 break;
4068 }
51d7a9eb 4069 invalidate_and_set_dirty(addr1, 2);
733f0b02 4070 }
aab33094
FB		 4071}
4072
a8170e5e 4073void stw_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4074{
4075 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4076}
4077
a8170e5e 4078void stw_le_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4079{
4080 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4081}
4082
a8170e5e 4083void stw_be_phys(hwaddr addr, uint32_t val)
1e78bcc1
AG		 4084{
4085 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4086}
4087
aab33094 4088/* XXX: optimize */
a8170e5e 4089void stq_phys(hwaddr addr, uint64_t val)
aab33094
FB		 4090{
4091 val = tswap64(val);
71d2b725 4092 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4093}
4094
a8170e5e 4095void stq_le_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4096{
4097 val = cpu_to_le64(val);
4098 cpu_physical_memory_write(addr, &val, 8);
4099}
4100
a8170e5e 4101void stq_be_phys(hwaddr addr, uint64_t val)
1e78bcc1
AG		 4102{
4103 val = cpu_to_be64(val);
4104 cpu_physical_memory_write(addr, &val, 8);
4105}
4106
5e2972fd 4107/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4108int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4109 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4110{
4111 int l;
a8170e5e 4112 hwaddr phys_addr;
9b3c35e0 4113 target_ulong page;
13eb76e0
FB		 4114
4115 while (len > 0) {
4116 page = addr & TARGET_PAGE_MASK;
4117 phys_addr = cpu_get_phys_page_debug(env, page);
4118 /* if no physical page mapped, return an error */
4119 if (phys_addr == -1)
4120 return -1;
4121 l = (page + TARGET_PAGE_SIZE) - addr;
4122 if (l > len)
4123 l = len;
5e2972fd 4124 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4125 if (is_write)
4126 cpu_physical_memory_write_rom(phys_addr, buf, l);
4127 else
5e2972fd 4128 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4129 len -= l;
4130 buf += l;
4131 addr += l;
4132 }
4133 return 0;
4134}
a68fe89c 4135#endif
13eb76e0 4136
2e70f6ef
PB		 4137/* in deterministic execution mode, instructions doing device I/Os
4138 must be at the end of the TB */
20503968 4139void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4140{
4141 TranslationBlock *tb;
4142 uint32_t n, cflags;
4143 target_ulong pc, cs_base;
4144 uint64_t flags;
4145
20503968 4146 tb = tb_find_pc(retaddr);
2e70f6ef 4147 if (!tb) {
44209fc4 4148 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4149 (void *)retaddr);
2e70f6ef
PB		 4150 }
4151 n = env->icount_decr.u16.low + tb->icount;
20503968 4152 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4153 /* Calculate how many instructions had been executed before the fault
bf20dc07 4154 occurred. */
2e70f6ef
PB		 4155 n = n - env->icount_decr.u16.low;
4156 /* Generate a new TB ending on the I/O insn. */
4157 n++;
4158 /* On MIPS and SH, delay slot instructions can only be restarted if
4159 they were already the first instruction in the TB. If this is not
bf20dc07 4160 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4161 branch. */
4162#if defined(TARGET_MIPS)
4163 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4164 env->active_tc.PC -= 4;
4165 env->icount_decr.u16.low++;
4166 env->hflags &= ~MIPS_HFLAG_BMASK;
4167 }
4168#elif defined(TARGET_SH4)
4169 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4170 && n > 1) {
4171 env->pc -= 2;
4172 env->icount_decr.u16.low++;
4173 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4174 }
4175#endif
4176 /* This should never happen. */
44209fc4 4177 if (n > CF_COUNT_MASK) {
2e70f6ef 4178 cpu_abort(env, "TB too big during recompile");
44209fc4 4179 }
2e70f6ef
PB		 4180
4181 cflags = n | CF_LAST_IO;
4182 pc = tb->pc;
4183 cs_base = tb->cs_base;
4184 flags = tb->flags;
4185 tb_phys_invalidate(tb, -1);
4186 /* FIXME: In theory this could raise an exception. In practice
4187 we have already translated the block once so it's probably ok. */
4188 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4189 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4190 the first in the TB) then we end up generating a whole new TB and
4191 repeating the fault, which is horribly inefficient.
4192 Better would be to execute just this insn uncached, or generate a
4193 second new TB. */
4194 cpu_resume_from_signal(env, NULL);
4195}
4196
b3755a91
PB		 4197#if !defined(CONFIG_USER_ONLY)
4198
055403b2 4199void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4200{
4201 int i, target_code_size, max_target_code_size;
4202 int direct_jmp_count, direct_jmp2_count, cross_page;
4203 TranslationBlock *tb;
3b46e624 4204
e3db7226
FB		 4205 target_code_size = 0;
4206 max_target_code_size = 0;
4207 cross_page = 0;
4208 direct_jmp_count = 0;
4209 direct_jmp2_count = 0;
44209fc4 4210 for (i = 0; i < nb_tbs; i++) {
e3db7226
FB		 4211 tb = &tbs[i];
4212 target_code_size += tb->size;
44209fc4 4213 if (tb->size > max_target_code_size) {
e3db7226 4214 max_target_code_size = tb->size;
44209fc4
BS		 4215 }
4216 if (tb->page_addr[1] != -1) {
e3db7226 4217 cross_page++;
44209fc4 4218 }
e3db7226
FB		 4219 if (tb->tb_next_offset[0] != 0xffff) {
4220 direct_jmp_count++;
4221 if (tb->tb_next_offset[1] != 0xffff) {
4222 direct_jmp2_count++;
4223 }
4224 }
4225 }
4226 /* XXX: avoid using doubles ? */
57fec1fe 4227 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4228 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b 4229 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
44209fc4 4230 cpu_fprintf(f, "TB count %d/%d\n",
26a5f13b 4231 nb_tbs, code_gen_max_blocks);
5fafdf24 4232 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4233 nb_tbs ? target_code_size / nb_tbs : 0,
4234 max_target_code_size);
055403b2 4235 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226 4236 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
44209fc4
BS		 4237 target_code_size ? (double) (code_gen_ptr - code_gen_buffer)
4238 / target_code_size : 0);
5fafdf24
TS		 4239 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4240 cross_page,
e3db7226
FB		 4241 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4242 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4243 direct_jmp_count,
e3db7226
FB		 4244 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4245 direct_jmp2_count,
4246 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4247 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4248 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4249 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4250 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4251 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4252}
4253
82afa586
BH		 4254/*
4255 * A helper function for the _utterly broken_ virtio device model to find out if
4256 * it's running on a big endian machine. Don't do this at home kids!
4257 */
4258bool virtio_is_big_endian(void);
4259bool virtio_is_big_endian(void)
4260{
4261#if defined(TARGET_WORDS_BIGENDIAN)
4262 return true;
4263#else
4264 return false;
4265#endif
4266}
4267
61382a50 4268#endif
76f35538
WC		 4269
4270#ifndef CONFIG_USER_ONLY
a8170e5e 4271bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538
WC		 4272{
4273 MemoryRegionSection *section;
4274
ac1970fb
AK		 4275 section = phys_page_find(address_space_memory.dispatch,
4276 phys_addr >> TARGET_PAGE_BITS);
76f35538
WC		 4277
4278 return !(memory_region_is_ram(section->mr) ||
4279 memory_region_is_romd(section->mr));
4280}
4281#endif
Qemu copy for testing