]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: avoid unnecessary object_ref/unref
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
4485bd26 31#endif
cc9e98cb 32#include "hw/qdev.h"
1de7afc9 33#include "qemu/osdep.h"
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
0d09e41a 36#include "hw/xen/xen.h"
1de7afc9
PB		 37#include "qemu/timer.h"
38#include "qemu/config-file.h"
75a34036 39#include "qemu/error-report.h"
022c62cb 40#include "exec/memory.h"
9c17d615 41#include "sysemu/dma.h"
022c62cb 42#include "exec/address-spaces.h"
53a5960a
PB		 43#if defined(CONFIG_USER_ONLY)
44#include <qemu.h>
432d268c 45#else /* !CONFIG_USER_ONLY */
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
67d95c15 57
b35ba30f 58#include "qemu/range.h"
794e8f30
MT		 59#ifndef _WIN32
60#include "qemu/mmap-alloc.h"
61#endif
b35ba30f 62
db7b5426 63//#define DEBUG_SUBPAGE
1196be37 64
e2eef170 65#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 66/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
0d53d9fe 69RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 70
71static MemoryRegion *system_memory;
309cb471 72static MemoryRegion *system_io;
62152b8a 73
f6790af6
AK		 74AddressSpace address_space_io;
75AddressSpace address_space_memory;
2673a5da 76
0844e007 77MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 78static MemoryRegion io_mem_unassigned;
0e0df1e2 79
7bd4f430
PB		 80/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81#define RAM_PREALLOC (1 << 0)
82
dbcb8981
PB		 83/* RAM is mmap-ed with MAP_SHARED */
84#define RAM_SHARED (1 << 1)
85
62be4e3a
MT		 86/* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89#define RAM_RESIZEABLE (1 << 2)
90
e2eef170 91#endif
9fa3e853 92
bdc44640 93struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 94/* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
f240eb6f 96__thread CPUState *current_cpu;
2e70f6ef 97/* 0 = Do not count executed instructions.
bf20dc07 98 1 = Precise instruction counting.
2e70f6ef 99 2 = Adaptive rate instruction counting. */
5708fc66 100int use_icount;
6a00d601 101
e2eef170 102#if !defined(CONFIG_USER_ONLY)
4346ae3e 103
1db8abb1
PB		 104typedef struct PhysPageEntry PhysPageEntry;
105
106struct PhysPageEntry {
9736e55b 107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 108 uint32_t skip : 6;
9736e55b 109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 110 uint32_t ptr : 26;
1db8abb1
PB		 111};
112
8b795765
MT		 113#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
03f49957 115/* Size of the L2 (and L3, etc) page tables. */
57271d63 116#define ADDR_SPACE_BITS 64
03f49957 117
026736ce 118#define P_L2_BITS 9
03f49957
PB		 119#define P_L2_SIZE (1 << P_L2_BITS)
120
121#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 124
53cb28cb 125typedef struct PhysPageMap {
79e2b9ae
PB		 126 struct rcu_head rcu;
127
53cb28cb
MA		 128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134} PhysPageMap;
135
1db8abb1 136struct AddressSpaceDispatch {
79e2b9ae
PB		 137 struct rcu_head rcu;
138
1db8abb1
PB		 139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
53cb28cb 143 PhysPageMap map;
acc9d80b 144 AddressSpace *as;
1db8abb1
PB		 145};
146
90260c6c
JK		 147#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148typedef struct subpage_t {
149 MemoryRegion iomem;
acc9d80b 150 AddressSpace *as;
90260c6c
JK		 151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153} subpage_t;
154
b41aac4f
LPF		 155#define PHYS_SECTION_UNASSIGNED 0
156#define PHYS_SECTION_NOTDIRTY 1
157#define PHYS_SECTION_ROM 2
158#define PHYS_SECTION_WATCH 3
5312bd8b 159
e2eef170 160static void io_mem_init(void);
62152b8a 161static void memory_map_init(void);
09daed84 162static void tcg_commit(MemoryListener *listener);
e2eef170 163
1ec9b909 164static MemoryRegion io_mem_watch;
32857f4d
PM		 165
166/**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178};
179
6658ffb8 180#endif
fd6ce8f6 181
6d9a1304 182#if !defined(CONFIG_USER_ONLY)
d6f2ea22 183
53cb28cb 184static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 185{
53cb28cb
MA		 186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 190 }
f7bf5461
AK		 191}
192
db94604b 193static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 194{
195 unsigned i;
8b795765 196 uint32_t ret;
db94604b
PB		 197 PhysPageEntry e;
198 PhysPageEntry *p;
f7bf5461 199
53cb28cb 200 ret = map->nodes_nb++;
db94604b 201 p = map->nodes[ret];
f7bf5461 202 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 203 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 207 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 208 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 209 }
f7bf5461 210 return ret;
d6f2ea22
AK		 211}
212
53cb28cb
MA		 213static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 215 int level)
f7bf5461
AK		 216{
217 PhysPageEntry *p;
03f49957 218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 219
9736e55b 220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 221 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 222 }
db94604b 223 p = map->nodes[lp->ptr];
03f49957 224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 225
03f49957 226 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 227 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 228 lp->skip = 0;
c19e8800 229 lp->ptr = leaf;
07f07b31
AK		 230 *index += step;
231 *nb -= step;
2999097b 232 } else {
53cb28cb 233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 234 }
235 ++lp;
f7bf5461
AK		 236 }
237}
238
ac1970fb 239static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 240 hwaddr index, hwaddr nb,
2999097b 241 uint16_t leaf)
f7bf5461 242{
2999097b 243 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 245
53cb28cb 246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 247}
248
b35ba30f
MT		 249/* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253{
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300}
301
302static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303{
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
53cb28cb 307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 308 }
309}
310
97115a8d 311static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 312 Node *nodes, MemoryRegionSection *sections)
92e873b9 313{
31ab2b4a 314 PhysPageEntry *p;
97115a8d 315 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 316 int i;
f1f6e3b8 317
9736e55b 318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 320 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 321 }
9affd6fc 322 p = nodes[lp.ptr];
03f49957 323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 324 }
b35ba30f
MT		 325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
f3705d53
AK		 333}
334
e5548617
BS		 335bool memory_region_is_unassigned(MemoryRegion *mr)
336{
2a8e7499 337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 338 && mr != &io_mem_watch;
fd6ce8f6 339}
149f54b5 340
79e2b9ae 341/* Called from RCU critical section */
c7086b4a 342static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 343 hwaddr addr,
344 bool resolve_subpage)
9f029603 345{
90260c6c
JK		 346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
53cb28cb 349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 353 }
354 return section;
9f029603
JK		 355}
356
79e2b9ae 357/* Called from RCU critical section */
90260c6c 358static MemoryRegionSection *
c7086b4a 359address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 360 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 361{
362 MemoryRegionSection *section;
965eb2fc 363 MemoryRegion *mr;
a87f3954 364 Int128 diff;
149f54b5 365
c7086b4a 366 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
965eb2fc 373 mr = section->mr;
b242e0e0
PB		 374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
965eb2fc 386 if (memory_region_is_ram(mr)) {
e4a511f8 387 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
149f54b5
PB		 390 return section;
391}
90260c6c 392
a87f3954
PB		 393static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
394{
395 if (memory_region_is_ram(mr)) {
396 return !(is_write && mr->readonly);
397 }
398 if (memory_region_is_romd(mr)) {
399 return !is_write;
400 }
401
402 return false;
403}
404
41063e1e 405/* Called from RCU critical section */
5c8a00ce
PB		 406MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
407 hwaddr *xlat, hwaddr *plen,
408 bool is_write)
90260c6c 409{
30951157
AK		 410 IOMMUTLBEntry iotlb;
411 MemoryRegionSection *section;
412 MemoryRegion *mr;
30951157
AK		 413
414 for (;;) {
79e2b9ae
PB		 415 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
416 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 417 mr = section->mr;
418
419 if (!mr->iommu_ops) {
420 break;
421 }
422
8d7b8cb9 423 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 424 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
425 | (addr & iotlb.addr_mask));
23820dbf 426 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 427 if (!(iotlb.perm & (1 << is_write))) {
428 mr = &io_mem_unassigned;
429 break;
430 }
431
432 as = iotlb.target_as;
433 }
434
fe680d0d 435 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 436 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 437 *plen = MIN(page, *plen);
a87f3954
PB		 438 }
439
30951157
AK		 440 *xlat = addr;
441 return mr;
90260c6c
JK		 442}
443
79e2b9ae 444/* Called from RCU critical section */
90260c6c 445MemoryRegionSection *
9d82b5a7
PB		 446address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
447 hwaddr *xlat, hwaddr *plen)
90260c6c 448{
30951157 449 MemoryRegionSection *section;
32857f4d 450 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
9d82b5a7 451 addr, xlat, plen, false);
30951157
AK		 452
453 assert(!section->mr->iommu_ops);
454 return section;
90260c6c 455}
5b6dd868 456#endif
fd6ce8f6 457
b170fce3 458#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 459
460static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 461{
259186a7 462 CPUState *cpu = opaque;
a513fe19 463
5b6dd868
BS		 464 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
465 version_id is increased. */
259186a7 466 cpu->interrupt_request &= ~0x01;
c01a71c1 467 tlb_flush(cpu, 1);
5b6dd868
BS		 468
469 return 0;
a513fe19 470}
7501267e 471
6c3bff0e
PD		 472static int cpu_common_pre_load(void *opaque)
473{
474 CPUState *cpu = opaque;
475
adee6424 476 cpu->exception_index = -1;
6c3bff0e
PD		 477
478 return 0;
479}
480
481static bool cpu_common_exception_index_needed(void *opaque)
482{
483 CPUState *cpu = opaque;
484
adee6424 485 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 486}
487
488static const VMStateDescription vmstate_cpu_common_exception_index = {
489 .name = "cpu_common/exception_index",
490 .version_id = 1,
491 .minimum_version_id = 1,
5cd8cada 492 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 493 .fields = (VMStateField[]) {
494 VMSTATE_INT32(exception_index, CPUState),
495 VMSTATE_END_OF_LIST()
496 }
497};
498
bac05aa9
AS		 499static bool cpu_common_crash_occurred_needed(void *opaque)
500{
501 CPUState *cpu = opaque;
502
503 return cpu->crash_occurred;
504}
505
506static const VMStateDescription vmstate_cpu_common_crash_occurred = {
507 .name = "cpu_common/crash_occurred",
508 .version_id = 1,
509 .minimum_version_id = 1,
510 .needed = cpu_common_crash_occurred_needed,
511 .fields = (VMStateField[]) {
512 VMSTATE_BOOL(crash_occurred, CPUState),
513 VMSTATE_END_OF_LIST()
514 }
515};
516
1a1562f5 517const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 518 .name = "cpu_common",
519 .version_id = 1,
520 .minimum_version_id = 1,
6c3bff0e 521 .pre_load = cpu_common_pre_load,
5b6dd868 522 .post_load = cpu_common_post_load,
35d08458 523 .fields = (VMStateField[]) {
259186a7
AF		 524 VMSTATE_UINT32(halted, CPUState),
525 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 526 VMSTATE_END_OF_LIST()
6c3bff0e 527 },
5cd8cada
JQ		 528 .subsections = (const VMStateDescription*[]) {
529 &vmstate_cpu_common_exception_index,
bac05aa9 530 &vmstate_cpu_common_crash_occurred,
5cd8cada 531 NULL
5b6dd868
BS		 532 }
533};
1a1562f5 534
5b6dd868 535#endif
ea041c0e 536
38d8f5c8 537CPUState *qemu_get_cpu(int index)
ea041c0e 538{
bdc44640 539 CPUState *cpu;
ea041c0e 540
bdc44640 541 CPU_FOREACH(cpu) {
55e5c285 542 if (cpu->cpu_index == index) {
bdc44640 543 return cpu;
55e5c285 544 }
ea041c0e 545 }
5b6dd868 546
bdc44640 547 return NULL;
ea041c0e
FB		 548}
549
09daed84
EI		 550#if !defined(CONFIG_USER_ONLY)
551void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
552{
553 /* We only support one address space per cpu at the moment. */
554 assert(cpu->as == as);
555
32857f4d
PM		 556 if (cpu->cpu_ases) {
557 /* We've already registered the listener for our only AS */
558 return;
09daed84 559 }
32857f4d
PM		 560
561 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
562 cpu->cpu_ases[0].cpu = cpu;
563 cpu->cpu_ases[0].as = as;
564 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
565 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
09daed84
EI		 566}
567#endif
568
b7bca733
BR		 569#ifndef CONFIG_USER_ONLY
570static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
571
572static int cpu_get_free_index(Error **errp)
573{
574 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
575
576 if (cpu >= MAX_CPUMASK_BITS) {
577 error_setg(errp, "Trying to use more CPUs than max of %d",
578 MAX_CPUMASK_BITS);
579 return -1;
580 }
581
582 bitmap_set(cpu_index_map, cpu, 1);
583 return cpu;
584}
585
586void cpu_exec_exit(CPUState *cpu)
587{
588 if (cpu->cpu_index == -1) {
589 /* cpu_index was never allocated by this @cpu or was already freed. */
590 return;
591 }
592
593 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
594 cpu->cpu_index = -1;
595}
596#else
597
598static int cpu_get_free_index(Error **errp)
599{
600 CPUState *some_cpu;
601 int cpu_index = 0;
602
603 CPU_FOREACH(some_cpu) {
604 cpu_index++;
605 }
606 return cpu_index;
607}
608
609void cpu_exec_exit(CPUState *cpu)
610{
611}
612#endif
613
4bad9e39 614void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 615{
b170fce3 616 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 617 int cpu_index;
b7bca733 618 Error *local_err = NULL;
5b6dd868 619
291135b5
EH		 620#ifndef CONFIG_USER_ONLY
621 cpu->as = &address_space_memory;
622 cpu->thread_id = qemu_get_thread_id();
291135b5
EH		 623#endif
624
5b6dd868
BS		 625#if defined(CONFIG_USER_ONLY)
626 cpu_list_lock();
627#endif
b7bca733
BR		 628 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
629 if (local_err) {
630 error_propagate(errp, local_err);
631#if defined(CONFIG_USER_ONLY)
632 cpu_list_unlock();
633#endif
634 return;
5b6dd868 635 }
bdc44640 636 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 637#if defined(CONFIG_USER_ONLY)
638 cpu_list_unlock();
639#endif
e0d47944
AF		 640 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
641 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
642 }
5b6dd868 643#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 644 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 645 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 646 assert(cc->vmsd == NULL);
e0d47944 647 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 648#endif
b170fce3
AF		 649 if (cc->vmsd != NULL) {
650 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
651 }
ea041c0e
FB		 652}
653
94df27fd 654#if defined(CONFIG_USER_ONLY)
00b941e5 655static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 656{
657 tb_invalidate_phys_page_range(pc, pc + 1, 0);
658}
659#else
00b941e5 660static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 661{
e8262a1b
MF		 662 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
663 if (phys != -1) {
09daed84 664 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 665 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 666 }
1e7855a5 667}
c27004ec 668#endif
d720b93d 669
c527ee8f 670#if defined(CONFIG_USER_ONLY)
75a34036 671void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 672
673{
674}
675
3ee887e8
PM		 676int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
677 int flags)
678{
679 return -ENOSYS;
680}
681
682void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
683{
684}
685
75a34036 686int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 687 int flags, CPUWatchpoint **watchpoint)
688{
689 return -ENOSYS;
690}
691#else
6658ffb8 692/* Add a watchpoint. */
75a34036 693int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 694 int flags, CPUWatchpoint **watchpoint)
6658ffb8 695{
c0ce998e 696 CPUWatchpoint *wp;
6658ffb8 697
05068c0d 698 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 699 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 700 error_report("tried to set invalid watchpoint at %"
701 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 702 return -EINVAL;
703 }
7267c094 704 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 705
706 wp->vaddr = addr;
05068c0d 707 wp->len = len;
a1d1bb31
AL		 708 wp->flags = flags;
709
2dc9f411 710 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 711 if (flags & BP_GDB) {
712 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
713 } else {
714 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
715 }
6658ffb8 716
31b030d4 717 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 718
719 if (watchpoint)
720 *watchpoint = wp;
721 return 0;
6658ffb8
PB		 722}
723
a1d1bb31 724/* Remove a specific watchpoint. */
75a34036 725int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 726 int flags)
6658ffb8 727{
a1d1bb31 728 CPUWatchpoint *wp;
6658ffb8 729
ff4700b0 730 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 731 if (addr == wp->vaddr && len == wp->len
6e140f28 732 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 733 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 734 return 0;
735 }
736 }
a1d1bb31 737 return -ENOENT;
6658ffb8
PB		 738}
739
a1d1bb31 740/* Remove a specific watchpoint by reference. */
75a34036 741void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 742{
ff4700b0 743 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 744
31b030d4 745 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 746
7267c094 747 g_free(watchpoint);
a1d1bb31
AL		 748}
749
750/* Remove all matching watchpoints. */
75a34036 751void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 752{
c0ce998e 753 CPUWatchpoint *wp, *next;
a1d1bb31 754
ff4700b0 755 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 756 if (wp->flags & mask) {
757 cpu_watchpoint_remove_by_ref(cpu, wp);
758 }
c0ce998e 759 }
7d03f82f 760}
05068c0d
PM		 761
762/* Return true if this watchpoint address matches the specified
763 * access (ie the address range covered by the watchpoint overlaps
764 * partially or completely with the address range covered by the
765 * access).
766 */
767static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
768 vaddr addr,
769 vaddr len)
770{
771 /* We know the lengths are non-zero, but a little caution is
772 * required to avoid errors in the case where the range ends
773 * exactly at the top of the address space and so addr + len
774 * wraps round to zero.
775 */
776 vaddr wpend = wp->vaddr + wp->len - 1;
777 vaddr addrend = addr + len - 1;
778
779 return !(addr > wpend || wp->vaddr > addrend);
780}
781
c527ee8f 782#endif
7d03f82f 783
a1d1bb31 784/* Add a breakpoint. */
b3310ab3 785int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 786 CPUBreakpoint **breakpoint)
4c3a88a2 787{
c0ce998e 788 CPUBreakpoint *bp;
3b46e624 789
7267c094 790 bp = g_malloc(sizeof(*bp));
4c3a88a2 791
a1d1bb31
AL		 792 bp->pc = pc;
793 bp->flags = flags;
794
2dc9f411 795 /* keep all GDB-injected breakpoints in front */
00b941e5 796 if (flags & BP_GDB) {
f0c3c505 797 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 798 } else {
f0c3c505 799 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 800 }
3b46e624 801
f0c3c505 802 breakpoint_invalidate(cpu, pc);
a1d1bb31 803
00b941e5 804 if (breakpoint) {
a1d1bb31 805 *breakpoint = bp;
00b941e5 806 }
4c3a88a2 807 return 0;
4c3a88a2
FB		 808}
809
a1d1bb31 810/* Remove a specific breakpoint. */
b3310ab3 811int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 812{
a1d1bb31
AL		 813 CPUBreakpoint *bp;
814
f0c3c505 815 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 816 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 817 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 818 return 0;
819 }
7d03f82f 820 }
a1d1bb31 821 return -ENOENT;
7d03f82f
EI		 822}
823
a1d1bb31 824/* Remove a specific breakpoint by reference. */
b3310ab3 825void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 826{
f0c3c505
AF		 827 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
828
829 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 830
7267c094 831 g_free(breakpoint);
a1d1bb31
AL		 832}
833
834/* Remove all matching breakpoints. */
b3310ab3 835void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 836{
c0ce998e 837 CPUBreakpoint *bp, *next;
a1d1bb31 838
f0c3c505 839 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 840 if (bp->flags & mask) {
841 cpu_breakpoint_remove_by_ref(cpu, bp);
842 }
c0ce998e 843 }
4c3a88a2
FB		 844}
845
c33a346e
FB		 846/* enable or disable single step mode. EXCP_DEBUG is returned by the
847 CPU loop after each instruction */
3825b28f 848void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 849{
ed2803da
AF		 850 if (cpu->singlestep_enabled != enabled) {
851 cpu->singlestep_enabled = enabled;
852 if (kvm_enabled()) {
38e478ec 853 kvm_update_guest_debug(cpu, 0);
ed2803da 854 } else {
ccbb4d44 855 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 856 /* XXX: only flush what is necessary */
bbd77c18 857 tb_flush(cpu);
e22a25c9 858 }
c33a346e 859 }
c33a346e
FB		 860}
861
a47dddd7 862void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 863{
864 va_list ap;
493ae1f0 865 va_list ap2;
7501267e
FB		 866
867 va_start(ap, fmt);
493ae1f0 868 va_copy(ap2, ap);
7501267e
FB		 869 fprintf(stderr, "qemu: fatal: ");
870 vfprintf(stderr, fmt, ap);
871 fprintf(stderr, "\n");
878096ee 872 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 873 if (qemu_log_separate()) {
93fcfe39
AL		 874 qemu_log("qemu: fatal: ");
875 qemu_log_vprintf(fmt, ap2);
876 qemu_log("\n");
a0762859 877 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 878 qemu_log_flush();
93fcfe39 879 qemu_log_close();
924edcae 880 }
493ae1f0 881 va_end(ap2);
f9373291 882 va_end(ap);
7615936e 883 replay_finish();
fd052bf6
RV		 884#if defined(CONFIG_USER_ONLY)
885 {
886 struct sigaction act;
887 sigfillset(&act.sa_mask);
888 act.sa_handler = SIG_DFL;
889 sigaction(SIGABRT, &act, NULL);
890 }
891#endif
7501267e
FB		 892 abort();
893}
894
0124311e 895#if !defined(CONFIG_USER_ONLY)
0dc3f44a 896/* Called from RCU critical section */
041603fe
PB		 897static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
898{
899 RAMBlock *block;
900
43771539 901 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 902 if (block && addr - block->offset < block->max_length) {
68851b98 903 return block;
041603fe 904 }
0dc3f44a 905 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 906 if (addr - block->offset < block->max_length) {
041603fe
PB		 907 goto found;
908 }
909 }
910
911 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
912 abort();
913
914found:
43771539
PB		 915 /* It is safe to write mru_block outside the iothread lock. This
916 * is what happens:
917 *
918 * mru_block = xxx
919 * rcu_read_unlock()
920 * xxx removed from list
921 * rcu_read_lock()
922 * read mru_block
923 * mru_block = NULL;
924 * call_rcu(reclaim_ramblock, xxx);
925 * rcu_read_unlock()
926 *
927 * atomic_rcu_set is not needed here. The block was already published
928 * when it was placed into the list. Here we're just making an extra
929 * copy of the pointer.
930 */
041603fe
PB		 931 ram_list.mru_block = block;
932 return block;
933}
934
a2f4d5be 935static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 936{
9a13565d 937 CPUState *cpu;
041603fe 938 ram_addr_t start1;
a2f4d5be
JQ		 939 RAMBlock *block;
940 ram_addr_t end;
941
942 end = TARGET_PAGE_ALIGN(start + length);
943 start &= TARGET_PAGE_MASK;
d24981d3 944
0dc3f44a 945 rcu_read_lock();
041603fe
PB		 946 block = qemu_get_ram_block(start);
947 assert(block == qemu_get_ram_block(end - 1));
1240be24 948 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 949 CPU_FOREACH(cpu) {
950 tlb_reset_dirty(cpu, start1, length);
951 }
0dc3f44a 952 rcu_read_unlock();
d24981d3
JQ		 953}
954
5579c7f3 955/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 956bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
957 ram_addr_t length,
958 unsigned client)
1ccde1cb 959{
03eebc9e
SH		 960 unsigned long end, page;
961 bool dirty;
962
963 if (length == 0) {
964 return false;
965 }
f23db169 966
03eebc9e
SH		 967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
969 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
970 page, end - page);
971
972 if (dirty && tcg_enabled()) {
a2f4d5be 973 tlb_reset_dirty_range_all(start, length);
5579c7f3 974 }
03eebc9e
SH		 975
976 return dirty;
1ccde1cb
FB		 977}
978
79e2b9ae 979/* Called from RCU critical section */
bb0e627a 980hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 981 MemoryRegionSection *section,
982 target_ulong vaddr,
983 hwaddr paddr, hwaddr xlat,
984 int prot,
985 target_ulong *address)
e5548617 986{
a8170e5e 987 hwaddr iotlb;
e5548617
BS		 988 CPUWatchpoint *wp;
989
cc5bea60 990 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 991 /* Normal RAM. */
992 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 993 + xlat;
e5548617 994 if (!section->readonly) {
b41aac4f 995 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 996 } else {
b41aac4f 997 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 998 }
999 } else {
0b8e2c10
PM		 1000 AddressSpaceDispatch *d;
1001
1002 d = atomic_rcu_read(&section->address_space->dispatch);
1003 iotlb = section - d->map.sections;
149f54b5 1004 iotlb += xlat;
e5548617
BS		 1005 }
1006
1007 /* Make accesses to pages with watchpoints go via the
1008 watchpoint trap routines. */
ff4700b0 1009 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1010 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1011 /* Avoid trapping reads of pages with a write breakpoint. */
1012 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1013 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1014 *address |= TLB_MMIO;
1015 break;
1016 }
1017 }
1018 }
1019
1020 return iotlb;
1021}
9fa3e853
FB		 1022#endif /* defined(CONFIG_USER_ONLY) */
1023
e2eef170 1024#if !defined(CONFIG_USER_ONLY)
8da3ff18 1025
c227f099 1026static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1027 uint16_t section);
acc9d80b 1028static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1029
a2b257d6
IM		 1030static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1031 qemu_anon_ram_alloc;
91138037
MA		 1032
1033/*
1034 * Set a custom physical guest memory alloator.
1035 * Accelerators with unusual needs may need this. Hopefully, we can
1036 * get rid of it eventually.
1037 */
a2b257d6 1038void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1039{
1040 phys_mem_alloc = alloc;
1041}
1042
53cb28cb
MA		 1043static uint16_t phys_section_add(PhysPageMap *map,
1044 MemoryRegionSection *section)
5312bd8b 1045{
68f3f65b
PB		 1046 /* The physical section number is ORed with a page-aligned
1047 * pointer to produce the iotlb entries. Thus it should
1048 * never overflow into the page-aligned value.
1049 */
53cb28cb 1050 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1051
53cb28cb
MA		 1052 if (map->sections_nb == map->sections_nb_alloc) {
1053 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1054 map->sections = g_renew(MemoryRegionSection, map->sections,
1055 map->sections_nb_alloc);
5312bd8b 1056 }
53cb28cb 1057 map->sections[map->sections_nb] = *section;
dfde4e6e 1058 memory_region_ref(section->mr);
53cb28cb 1059 return map->sections_nb++;
5312bd8b
AK		 1060}
1061
058bc4b5
PB		 1062static void phys_section_destroy(MemoryRegion *mr)
1063{
55b4e80b
DS		 1064 bool have_sub_page = mr->subpage;
1065
dfde4e6e
PB		 1066 memory_region_unref(mr);
1067
55b4e80b 1068 if (have_sub_page) {
058bc4b5 1069 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1070 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1071 g_free(subpage);
1072 }
1073}
1074
6092666e 1075static void phys_sections_free(PhysPageMap *map)
5312bd8b 1076{
9affd6fc
PB		 1077 while (map->sections_nb > 0) {
1078 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1079 phys_section_destroy(section->mr);
1080 }
9affd6fc
PB		 1081 g_free(map->sections);
1082 g_free(map->nodes);
5312bd8b
AK		 1083}
1084
ac1970fb 1085static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1086{
1087 subpage_t *subpage;
a8170e5e 1088 hwaddr base = section->offset_within_address_space
0f0cb164 1089 & TARGET_PAGE_MASK;
97115a8d 1090 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1091 d->map.nodes, d->map.sections);
0f0cb164
AK		 1092 MemoryRegionSection subsection = {
1093 .offset_within_address_space = base,
052e87b0 1094 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1095 };
a8170e5e 1096 hwaddr start, end;
0f0cb164 1097
f3705d53 1098 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1099
f3705d53 1100 if (!(existing->mr->subpage)) {
acc9d80b 1101 subpage = subpage_init(d->as, base);
3be91e86 1102 subsection.address_space = d->as;
0f0cb164 1103 subsection.mr = &subpage->iomem;
ac1970fb 1104 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1105 phys_section_add(&d->map, &subsection));
0f0cb164 1106 } else {
f3705d53 1107 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1108 }
1109 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1110 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1111 subpage_register(subpage, start, end,
1112 phys_section_add(&d->map, section));
0f0cb164
AK		 1113}
1114
1115
052e87b0
PB		 1116static void register_multipage(AddressSpaceDispatch *d,
1117 MemoryRegionSection *section)
33417e70 1118{
a8170e5e 1119 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1120 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1121 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1122 TARGET_PAGE_BITS));
dd81124b 1123
733d5ef5
PB		 1124 assert(num_pages);
1125 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1126}
1127
ac1970fb 1128static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1129{
89ae337a 1130 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1131 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1132 MemoryRegionSection now = *section, remain = *section;
052e87b0 1133 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1134
733d5ef5
PB		 1135 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1136 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1137 - now.offset_within_address_space;
1138
052e87b0 1139 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1140 register_subpage(d, &now);
733d5ef5 1141 } else {
052e87b0 1142 now.size = int128_zero();
733d5ef5 1143 }
052e87b0
PB		 1144 while (int128_ne(remain.size, now.size)) {
1145 remain.size = int128_sub(remain.size, now.size);
1146 remain.offset_within_address_space += int128_get64(now.size);
1147 remain.offset_within_region += int128_get64(now.size);
69b67646 1148 now = remain;
052e87b0 1149 if (int128_lt(remain.size, page_size)) {
733d5ef5 1150 register_subpage(d, &now);
88266249 1151 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1152 now.size = page_size;
ac1970fb 1153 register_subpage(d, &now);
69b67646 1154 } else {
052e87b0 1155 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1156 register_multipage(d, &now);
69b67646 1157 }
0f0cb164
AK		 1158 }
1159}
1160
62a2744c
SY		 1161void qemu_flush_coalesced_mmio_buffer(void)
1162{
1163 if (kvm_enabled())
1164 kvm_flush_coalesced_mmio_buffer();
1165}
1166
b2a8658e
UD		 1167void qemu_mutex_lock_ramlist(void)
1168{
1169 qemu_mutex_lock(&ram_list.mutex);
1170}
1171
1172void qemu_mutex_unlock_ramlist(void)
1173{
1174 qemu_mutex_unlock(&ram_list.mutex);
1175}
1176
e1e84ba0 1177#ifdef __linux__
c902760f
MT		 1178
1179#include <sys/vfs.h>
1180
1181#define HUGETLBFS_MAGIC 0x958458f6
1182
fc7a5800 1183static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1184{
1185 struct statfs fs;
1186 int ret;
1187
1188 do {
9742bf26 1189 ret = statfs(path, &fs);
c902760f
MT		 1190 } while (ret != 0 && errno == EINTR);
1191
1192 if (ret != 0) {
fc7a5800
HT		 1193 error_setg_errno(errp, errno, "failed to get page size of file %s",
1194 path);
9742bf26 1195 return 0;
c902760f
MT		 1196 }
1197
c902760f
MT		 1198 return fs.f_bsize;
1199}
1200
04b16653
AW		 1201static void *file_ram_alloc(RAMBlock *block,
1202 ram_addr_t memory,
7f56e740
PB		 1203 const char *path,
1204 Error **errp)
c902760f 1205{
8d31d6b6 1206 struct stat st;
c902760f 1207 char *filename;
8ca761f6
PF		 1208 char *sanitized_name;
1209 char *c;
794e8f30 1210 void *area;
c902760f 1211 int fd;
557529dd 1212 uint64_t hpagesize;
fc7a5800 1213 Error *local_err = NULL;
c902760f 1214
fc7a5800
HT		 1215 hpagesize = gethugepagesize(path, &local_err);
1216 if (local_err) {
1217 error_propagate(errp, local_err);
f9a49dfa 1218 goto error;
c902760f 1219 }
a2b257d6 1220 block->mr->align = hpagesize;
c902760f
MT		 1221
1222 if (memory < hpagesize) {
557529dd
HT		 1223 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1224 "or larger than huge page size 0x%" PRIx64,
1225 memory, hpagesize);
1226 goto error;
c902760f
MT		 1227 }
1228
1229 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1230 error_setg(errp,
1231 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1232 goto error;
c902760f
MT		 1233 }
1234
8d31d6b6
PF		 1235 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1237 sanitized_name = g_strdup(memory_region_name(block->mr));
1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/') {
1240 *c = '_';
1241 }
1242 }
8ca761f6 1243
8d31d6b6
PF		 1244 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1245 sanitized_name);
1246 g_free(sanitized_name);
1247
1248 fd = mkstemp(filename);
1249 if (fd >= 0) {
1250 unlink(filename);
1251 }
1252 g_free(filename);
1253 } else {
1254 fd = open(path, O_RDWR | O_CREAT, 0644);
1255 }
c902760f 1256
c902760f 1257 if (fd < 0) {
7f56e740
PB		 1258 error_setg_errno(errp, errno,
1259 "unable to create backing store for hugepages");
f9a49dfa 1260 goto error;
c902760f 1261 }
c902760f 1262
9284f319 1263 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1264
1265 /*
1266 * ftruncate is not supported by hugetlbfs in older
1267 * hosts, so don't bother bailing out on errors.
1268 * If anything goes wrong with it under other filesystems,
1269 * mmap will fail.
1270 */
7f56e740 1271 if (ftruncate(fd, memory)) {
9742bf26 1272 perror("ftruncate");
7f56e740 1273 }
c902760f 1274
794e8f30 1275 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1276 if (area == MAP_FAILED) {
7f56e740
PB		 1277 error_setg_errno(errp, errno,
1278 "unable to map backing store for hugepages");
9742bf26 1279 close(fd);
f9a49dfa 1280 goto error;
c902760f 1281 }
ef36fa14
MT		 1282
1283 if (mem_prealloc) {
38183310 1284 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1285 }
1286
04b16653 1287 block->fd = fd;
c902760f 1288 return area;
f9a49dfa
MT		 1289
1290error:
f9a49dfa 1291 return NULL;
c902760f
MT		 1292}
1293#endif
1294
0dc3f44a 1295/* Called with the ramlist lock held. */
d17b5288 1296static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1297{
1298 RAMBlock *block, *next_block;
3e837b2c 1299 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1300
49cd9ac6
SH		 1301 assert(size != 0); /* it would hand out same offset multiple times */
1302
0dc3f44a 1303 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1304 return 0;
0d53d9fe 1305 }
04b16653 1306
0dc3f44a 1307 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1308 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1309
62be4e3a 1310 end = block->offset + block->max_length;
04b16653 1311
0dc3f44a 1312 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1313 if (next_block->offset >= end) {
1314 next = MIN(next, next_block->offset);
1315 }
1316 }
1317 if (next - end >= size && next - end < mingap) {
3e837b2c 1318 offset = end;
04b16653
AW		 1319 mingap = next - end;
1320 }
1321 }
3e837b2c
AW		 1322
1323 if (offset == RAM_ADDR_MAX) {
1324 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1325 (uint64_t)size);
1326 abort();
1327 }
1328
04b16653
AW		 1329 return offset;
1330}
1331
652d7ec2 1332ram_addr_t last_ram_offset(void)
d17b5288
AW		 1333{
1334 RAMBlock *block;
1335 ram_addr_t last = 0;
1336
0dc3f44a
MD		 1337 rcu_read_lock();
1338 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1339 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1340 }
0dc3f44a 1341 rcu_read_unlock();
d17b5288
AW		 1342 return last;
1343}
1344
ddb97f1d
JB		 1345static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1346{
1347 int ret;
ddb97f1d
JB		 1348
1349 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1350 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1351 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1352 if (ret) {
1353 perror("qemu_madvise");
1354 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1355 "but dump_guest_core=off specified\n");
1356 }
1357 }
1358}
1359
0dc3f44a
MD		 1360/* Called within an RCU critical section, or while the ramlist lock
1361 * is held.
1362 */
20cfe881 1363static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1364{
20cfe881 1365 RAMBlock *block;
84b89d78 1366
0dc3f44a 1367 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1368 if (block->offset == addr) {
20cfe881 1369 return block;
c5705a77
AK		 1370 }
1371 }
20cfe881
HT		 1372
1373 return NULL;
1374}
1375
422148d3
DDAG		 1376const char *qemu_ram_get_idstr(RAMBlock *rb)
1377{
1378 return rb->idstr;
1379}
1380
ae3a7047 1381/* Called with iothread lock held. */
20cfe881
HT		 1382void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1383{
ae3a7047 1384 RAMBlock *new_block, *block;
20cfe881 1385
0dc3f44a 1386 rcu_read_lock();
ae3a7047 1387 new_block = find_ram_block(addr);
c5705a77
AK		 1388 assert(new_block);
1389 assert(!new_block->idstr[0]);
84b89d78 1390
09e5ab63
AL		 1391 if (dev) {
1392 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1393 if (id) {
1394 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1395 g_free(id);
84b89d78
CM		 1396 }
1397 }
1398 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1399
0dc3f44a 1400 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1401 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1402 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1403 new_block->idstr);
1404 abort();
1405 }
1406 }
0dc3f44a 1407 rcu_read_unlock();
c5705a77
AK		 1408}
1409
ae3a7047 1410/* Called with iothread lock held. */
20cfe881
HT		 1411void qemu_ram_unset_idstr(ram_addr_t addr)
1412{
ae3a7047 1413 RAMBlock *block;
20cfe881 1414
ae3a7047
MD		 1415 /* FIXME: arch_init.c assumes that this is not called throughout
1416 * migration. Ignore the problem since hot-unplug during migration
1417 * does not work anyway.
1418 */
1419
0dc3f44a 1420 rcu_read_lock();
ae3a7047 1421 block = find_ram_block(addr);
20cfe881
HT		 1422 if (block) {
1423 memset(block->idstr, 0, sizeof(block->idstr));
1424 }
0dc3f44a 1425 rcu_read_unlock();
20cfe881
HT		 1426}
1427
8490fc78
LC		 1428static int memory_try_enable_merging(void *addr, size_t len)
1429{
75cc7f01 1430 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1431 /* disabled by the user */
1432 return 0;
1433 }
1434
1435 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1436}
1437
62be4e3a
MT		 1438/* Only legal before guest might have detected the memory size: e.g. on
1439 * incoming migration, or right after reset.
1440 *
1441 * As memory core doesn't know how is memory accessed, it is up to
1442 * resize callback to update device state and/or add assertions to detect
1443 * misuse, if necessary.
1444 */
1445int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1446{
1447 RAMBlock *block = find_ram_block(base);
1448
1449 assert(block);
1450
4ed023ce 1451 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1452
62be4e3a
MT		 1453 if (block->used_length == newsize) {
1454 return 0;
1455 }
1456
1457 if (!(block->flags & RAM_RESIZEABLE)) {
1458 error_setg_errno(errp, EINVAL,
1459 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1460 " in != 0x" RAM_ADDR_FMT, block->idstr,
1461 newsize, block->used_length);
1462 return -EINVAL;
1463 }
1464
1465 if (block->max_length < newsize) {
1466 error_setg_errno(errp, EINVAL,
1467 "Length too large: %s: 0x" RAM_ADDR_FMT
1468 " > 0x" RAM_ADDR_FMT, block->idstr,
1469 newsize, block->max_length);
1470 return -EINVAL;
1471 }
1472
1473 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1474 block->used_length = newsize;
58d2707e
PB		 1475 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1476 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1477 memory_region_set_size(block->mr, newsize);
1478 if (block->resized) {
1479 block->resized(block->idstr, newsize, block->host);
1480 }
1481 return 0;
1482}
1483
ef701d7b 1484static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1485{
e1c57ab8 1486 RAMBlock *block;
0d53d9fe 1487 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1488 ram_addr_t old_ram_size, new_ram_size;
1489
1490 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1491
b2a8658e 1492 qemu_mutex_lock_ramlist();
9b8424d5 1493 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1494
1495 if (!new_block->host) {
1496 if (xen_enabled()) {
9b8424d5
MT		 1497 xen_ram_alloc(new_block->offset, new_block->max_length,
1498 new_block->mr);
e1c57ab8 1499 } else {
9b8424d5 1500 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1501 &new_block->mr->align);
39228250 1502 if (!new_block->host) {
ef701d7b
HT		 1503 error_setg_errno(errp, errno,
1504 "cannot set up guest memory '%s'",
1505 memory_region_name(new_block->mr));
1506 qemu_mutex_unlock_ramlist();
1507 return -1;
39228250 1508 }
9b8424d5 1509 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1510 }
c902760f 1511 }
94a6b54f 1512
dd631697
LZ		 1513 new_ram_size = MAX(old_ram_size,
1514 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1515 if (new_ram_size > old_ram_size) {
1516 migration_bitmap_extend(old_ram_size, new_ram_size);
1517 }
0d53d9fe
MD		 1518 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1519 * QLIST (which has an RCU-friendly variant) does not have insertion at
1520 * tail, so save the last element in last_block.
1521 */
0dc3f44a 1522 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1523 last_block = block;
9b8424d5 1524 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1525 break;
1526 }
1527 }
1528 if (block) {
0dc3f44a 1529 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1530 } else if (last_block) {
0dc3f44a 1531 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1532 } else { /* list is empty */
0dc3f44a 1533 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1534 }
0d6d3c87 1535 ram_list.mru_block = NULL;
94a6b54f 1536
0dc3f44a
MD		 1537 /* Write list before version */
1538 smp_wmb();
f798b07f 1539 ram_list.version++;
b2a8658e 1540 qemu_mutex_unlock_ramlist();
f798b07f 1541
2152f5ca
JQ		 1542 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1543
1544 if (new_ram_size > old_ram_size) {
1ab4c8ce 1545 int i;
ae3a7047
MD		 1546
1547 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1548 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1549 ram_list.dirty_memory[i] =
1550 bitmap_zero_extend(ram_list.dirty_memory[i],
1551 old_ram_size, new_ram_size);
1552 }
2152f5ca 1553 }
9b8424d5 1554 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1555 new_block->used_length,
1556 DIRTY_CLIENTS_ALL);
94a6b54f 1557
a904c911
PB		 1558 if (new_block->host) {
1559 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1560 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1561 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1562 if (kvm_enabled()) {
1563 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1564 }
e1c57ab8 1565 }
6f0437e8 1566
94a6b54f
PB		 1567 return new_block->offset;
1568}
e9a1ab19 1569
0b183fc8 1570#ifdef __linux__
e1c57ab8 1571ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1572 bool share, const char *mem_path,
7f56e740 1573 Error **errp)
e1c57ab8
PB		 1574{
1575 RAMBlock *new_block;
ef701d7b
HT		 1576 ram_addr_t addr;
1577 Error *local_err = NULL;
e1c57ab8
PB		 1578
1579 if (xen_enabled()) {
7f56e740
PB		 1580 error_setg(errp, "-mem-path not supported with Xen");
1581 return -1;
e1c57ab8
PB		 1582 }
1583
1584 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1585 /*
1586 * file_ram_alloc() needs to allocate just like
1587 * phys_mem_alloc, but we haven't bothered to provide
1588 * a hook there.
1589 */
7f56e740
PB		 1590 error_setg(errp,
1591 "-mem-path not supported with this accelerator");
1592 return -1;
e1c57ab8
PB		 1593 }
1594
4ed023ce 1595 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1596 new_block = g_malloc0(sizeof(*new_block));
1597 new_block->mr = mr;
9b8424d5
MT		 1598 new_block->used_length = size;
1599 new_block->max_length = size;
dbcb8981 1600 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1601 new_block->host = file_ram_alloc(new_block, size,
1602 mem_path, errp);
1603 if (!new_block->host) {
1604 g_free(new_block);
1605 return -1;
1606 }
1607
ef701d7b
HT		 1608 addr = ram_block_add(new_block, &local_err);
1609 if (local_err) {
1610 g_free(new_block);
1611 error_propagate(errp, local_err);
1612 return -1;
1613 }
1614 return addr;
e1c57ab8 1615}
0b183fc8 1616#endif
e1c57ab8 1617
62be4e3a
MT		 1618static
1619ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1620 void (*resized)(const char*,
1621 uint64_t length,
1622 void *host),
1623 void *host, bool resizeable,
ef701d7b 1624 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1625{
1626 RAMBlock *new_block;
ef701d7b
HT		 1627 ram_addr_t addr;
1628 Error *local_err = NULL;
e1c57ab8 1629
4ed023ce
DDAG		 1630 size = HOST_PAGE_ALIGN(size);
1631 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1632 new_block = g_malloc0(sizeof(*new_block));
1633 new_block->mr = mr;
62be4e3a 1634 new_block->resized = resized;
9b8424d5
MT		 1635 new_block->used_length = size;
1636 new_block->max_length = max_size;
62be4e3a 1637 assert(max_size >= size);
e1c57ab8
PB		 1638 new_block->fd = -1;
1639 new_block->host = host;
1640 if (host) {
7bd4f430 1641 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1642 }
62be4e3a
MT		 1643 if (resizeable) {
1644 new_block->flags |= RAM_RESIZEABLE;
1645 }
ef701d7b
HT		 1646 addr = ram_block_add(new_block, &local_err);
1647 if (local_err) {
1648 g_free(new_block);
1649 error_propagate(errp, local_err);
1650 return -1;
1651 }
1652 return addr;
e1c57ab8
PB		 1653}
1654
62be4e3a
MT		 1655ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1656 MemoryRegion *mr, Error **errp)
1657{
1658 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1659}
1660
ef701d7b 1661ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1662{
62be4e3a
MT		 1663 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1664}
1665
1666ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1667 void (*resized)(const char*,
1668 uint64_t length,
1669 void *host),
1670 MemoryRegion *mr, Error **errp)
1671{
1672 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1673}
1674
43771539
PB		 1675static void reclaim_ramblock(RAMBlock *block)
1676{
1677 if (block->flags & RAM_PREALLOC) {
1678 ;
1679 } else if (xen_enabled()) {
1680 xen_invalidate_map_cache_entry(block->host);
1681#ifndef _WIN32
1682 } else if (block->fd >= 0) {
2f3a2bb1 1683 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1684 close(block->fd);
1685#endif
1686 } else {
1687 qemu_anon_ram_free(block->host, block->max_length);
1688 }
1689 g_free(block);
1690}
1691
c227f099 1692void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1693{
04b16653
AW		 1694 RAMBlock *block;
1695
b2a8658e 1696 qemu_mutex_lock_ramlist();
0dc3f44a 1697 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1698 if (addr == block->offset) {
0dc3f44a 1699 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1700 ram_list.mru_block = NULL;
0dc3f44a
MD		 1701 /* Write list before version */
1702 smp_wmb();
f798b07f 1703 ram_list.version++;
43771539 1704 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1705 break;
04b16653
AW		 1706 }
1707 }
b2a8658e 1708 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1709}
1710
cd19cfa2
HY		 1711#ifndef _WIN32
1712void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1713{
1714 RAMBlock *block;
1715 ram_addr_t offset;
1716 int flags;
1717 void *area, *vaddr;
1718
0dc3f44a 1719 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1720 offset = addr - block->offset;
9b8424d5 1721 if (offset < block->max_length) {
1240be24 1722 vaddr = ramblock_ptr(block, offset);
7bd4f430 1723 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1724 ;
dfeaf2ab
MA		 1725 } else if (xen_enabled()) {
1726 abort();
cd19cfa2
HY		 1727 } else {
1728 flags = MAP_FIXED;
3435f395 1729 if (block->fd >= 0) {
dbcb8981
PB		 1730 flags |= (block->flags & RAM_SHARED ?
1731 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1732 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1733 flags, block->fd, offset);
cd19cfa2 1734 } else {
2eb9fbaa
MA		 1735 /*
1736 * Remap needs to match alloc. Accelerators that
1737 * set phys_mem_alloc never remap. If they did,
1738 * we'd need a remap hook here.
1739 */
1740 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1741
cd19cfa2
HY		 1742 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1743 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1744 flags, -1, 0);
cd19cfa2
HY		 1745 }
1746 if (area != vaddr) {
f15fbc4b
AP		 1747 fprintf(stderr, "Could not remap addr: "
1748 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1749 length, addr);
1750 exit(1);
1751 }
8490fc78 1752 memory_try_enable_merging(vaddr, length);
ddb97f1d 1753 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1754 }
cd19cfa2
HY		 1755 }
1756 }
1757}
1758#endif /* !_WIN32 */
1759
a35ba7be
PB		 1760int qemu_get_ram_fd(ram_addr_t addr)
1761{
ae3a7047
MD		 1762 RAMBlock *block;
1763 int fd;
a35ba7be 1764
0dc3f44a 1765 rcu_read_lock();
ae3a7047
MD		 1766 block = qemu_get_ram_block(addr);
1767 fd = block->fd;
0dc3f44a 1768 rcu_read_unlock();
ae3a7047 1769 return fd;
a35ba7be
PB		 1770}
1771
3fd74b84
DM		 1772void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1773{
ae3a7047
MD		 1774 RAMBlock *block;
1775 void *ptr;
3fd74b84 1776
0dc3f44a 1777 rcu_read_lock();
ae3a7047
MD		 1778 block = qemu_get_ram_block(addr);
1779 ptr = ramblock_ptr(block, 0);
0dc3f44a 1780 rcu_read_unlock();
ae3a7047 1781 return ptr;
3fd74b84
DM		 1782}
1783
1b5ec234 1784/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1785 * This should not be used for general purpose DMA. Use address_space_map
1786 * or address_space_rw instead. For local memory (e.g. video ram) that the
1787 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1788 *
49b24afc 1789 * Called within RCU critical section.
1b5ec234
PB		 1790 */
1791void *qemu_get_ram_ptr(ram_addr_t addr)
1792{
49b24afc 1793 RAMBlock *block = qemu_get_ram_block(addr);
ae3a7047
MD		 1794
1795 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1796 /* We need to check if the requested address is in the RAM
1797 * because we don't want to map the entire memory in QEMU.
1798 * In that case just map until the end of the page.
1799 */
1800 if (block->offset == 0) {
49b24afc 1801 return xen_map_cache(addr, 0, 0);
0d6d3c87 1802 }
ae3a7047
MD		 1803
1804 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1805 }
49b24afc 1806 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1807}
1808
38bee5dc 1809/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1810 * but takes a size argument.
0dc3f44a 1811 *
e81bcda5 1812 * Called within RCU critical section.
ae3a7047 1813 */
cb85f7ab 1814static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1815{
e81bcda5
PB		 1816 RAMBlock *block;
1817 ram_addr_t offset_inside_block;
8ab934f9
SS		 1818 if (*size == 0) {
1819 return NULL;
1820 }
e81bcda5
PB		 1821
1822 block = qemu_get_ram_block(addr);
1823 offset_inside_block = addr - block->offset;
1824 *size = MIN(*size, block->max_length - offset_inside_block);
1825
1826 if (xen_enabled() && block->host == NULL) {
1827 /* We need to check if the requested address is in the RAM
1828 * because we don't want to map the entire memory in QEMU.
1829 * In that case just map the requested area.
1830 */
1831 if (block->offset == 0) {
1832 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1833 }
1834
e81bcda5 1835 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1836 }
e81bcda5
PB		 1837
1838 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1839}
1840
422148d3
DDAG		 1841/*
1842 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1843 * in that RAMBlock.
1844 *
1845 * ptr: Host pointer to look up
1846 * round_offset: If true round the result offset down to a page boundary
1847 * *ram_addr: set to result ram_addr
1848 * *offset: set to result offset within the RAMBlock
1849 *
1850 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1851 *
1852 * By the time this function returns, the returned pointer is not protected
1853 * by RCU anymore. If the caller is not within an RCU critical section and
1854 * does not hold the iothread lock, it must have other means of protecting the
1855 * pointer, such as a reference to the region that includes the incoming
1856 * ram_addr_t.
1857 */
422148d3
DDAG		 1858RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1859 ram_addr_t *ram_addr,
1860 ram_addr_t *offset)
5579c7f3 1861{
94a6b54f
PB		 1862 RAMBlock *block;
1863 uint8_t *host = ptr;
1864
868bb33f 1865 if (xen_enabled()) {
0dc3f44a 1866 rcu_read_lock();
e41d7c69 1867 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1868 block = qemu_get_ram_block(*ram_addr);
1869 if (block) {
1870 *offset = (host - block->host);
1871 }
0dc3f44a 1872 rcu_read_unlock();
422148d3 1873 return block;
712c2b41
SS		 1874 }
1875
0dc3f44a
MD		 1876 rcu_read_lock();
1877 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1878 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1879 goto found;
1880 }
1881
0dc3f44a 1882 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1883 /* This case append when the block is not mapped. */
1884 if (block->host == NULL) {
1885 continue;
1886 }
9b8424d5 1887 if (host - block->host < block->max_length) {
23887b79 1888 goto found;
f471a17e 1889 }
94a6b54f 1890 }
432d268c 1891
0dc3f44a 1892 rcu_read_unlock();
1b5ec234 1893 return NULL;
23887b79
PB		 1894
1895found:
422148d3
DDAG		 1896 *offset = (host - block->host);
1897 if (round_offset) {
1898 *offset &= TARGET_PAGE_MASK;
1899 }
1900 *ram_addr = block->offset + *offset;
0dc3f44a 1901 rcu_read_unlock();
422148d3
DDAG		 1902 return block;
1903}
1904
e3dd7493
DDAG		 1905/*
1906 * Finds the named RAMBlock
1907 *
1908 * name: The name of RAMBlock to find
1909 *
1910 * Returns: RAMBlock (or NULL if not found)
1911 */
1912RAMBlock *qemu_ram_block_by_name(const char *name)
1913{
1914 RAMBlock *block;
1915
1916 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1917 if (!strcmp(name, block->idstr)) {
1918 return block;
1919 }
1920 }
1921
1922 return NULL;
1923}
1924
422148d3
DDAG		 1925/* Some of the softmmu routines need to translate from a host pointer
1926 (typically a TLB entry) back to a ram offset. */
1927MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1928{
1929 RAMBlock *block;
1930 ram_addr_t offset; /* Not used */
1931
1932 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1933
1934 if (!block) {
1935 return NULL;
1936 }
1937
1938 return block->mr;
e890261f 1939}
f471a17e 1940
49b24afc 1941/* Called within RCU critical section. */
a8170e5e 1942static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1943 uint64_t val, unsigned size)
9fa3e853 1944{
52159192 1945 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1946 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1947 }
0e0df1e2
AK		 1948 switch (size) {
1949 case 1:
1950 stb_p(qemu_get_ram_ptr(ram_addr), val);
1951 break;
1952 case 2:
1953 stw_p(qemu_get_ram_ptr(ram_addr), val);
1954 break;
1955 case 4:
1956 stl_p(qemu_get_ram_ptr(ram_addr), val);
1957 break;
1958 default:
1959 abort();
3a7d929e 1960 }
58d2707e
PB		 1961 /* Set both VGA and migration bits for simplicity and to remove
1962 * the notdirty callback faster.
1963 */
1964 cpu_physical_memory_set_dirty_range(ram_addr, size,
1965 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1966 /* we remove the notdirty callback only if the code has been
1967 flushed */
a2cd8c85 1968 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1969 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1970 }
9fa3e853
FB		 1971}
1972
b018ddf6
PB		 1973static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1974 unsigned size, bool is_write)
1975{
1976 return is_write;
1977}
1978
0e0df1e2 1979static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1980 .write = notdirty_mem_write,
b018ddf6 1981 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1982 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1983};
1984
0f459d16 1985/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1986static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1987{
93afeade
AF		 1988 CPUState *cpu = current_cpu;
1989 CPUArchState *env = cpu->env_ptr;
06d55cc1 1990 target_ulong pc, cs_base;
0f459d16 1991 target_ulong vaddr;
a1d1bb31 1992 CPUWatchpoint *wp;
06d55cc1 1993 int cpu_flags;
0f459d16 1994
ff4700b0 1995 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1996 /* We re-entered the check after replacing the TB. Now raise
1997 * the debug interrupt so that is will trigger after the
1998 * current instruction. */
93afeade 1999 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2000 return;
2001 }
93afeade 2002 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2003 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2004 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2005 && (wp->flags & flags)) {
08225676
PM		 2006 if (flags == BP_MEM_READ) {
2007 wp->flags |= BP_WATCHPOINT_HIT_READ;
2008 } else {
2009 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2010 }
2011 wp->hitaddr = vaddr;
66b9b43c 2012 wp->hitattrs = attrs;
ff4700b0
AF		 2013 if (!cpu->watchpoint_hit) {
2014 cpu->watchpoint_hit = wp;
239c51a5 2015 tb_check_watchpoint(cpu);
6e140f28 2016 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2017 cpu->exception_index = EXCP_DEBUG;
5638d180 2018 cpu_loop_exit(cpu);
6e140f28
AL		 2019 } else {
2020 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2021 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2022 cpu_resume_from_signal(cpu, NULL);
6e140f28 2023 }
06d55cc1 2024 }
6e140f28
AL		 2025 } else {
2026 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2027 }
2028 }
2029}
2030
6658ffb8
PB		 2031/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2032 so these check for a hit then pass through to the normal out-of-line
2033 phys routines. */
66b9b43c
PM		 2034static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2035 unsigned size, MemTxAttrs attrs)
6658ffb8 2036{
66b9b43c
PM		 2037 MemTxResult res;
2038 uint64_t data;
2039
2040 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2041 switch (size) {
66b9b43c
PM		 2042 case 1:
2043 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2044 break;
2045 case 2:
2046 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2047 break;
2048 case 4:
2049 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2050 break;
1ec9b909
AK		 2051 default: abort();
2052 }
66b9b43c
PM		 2053 *pdata = data;
2054 return res;
6658ffb8
PB		 2055}
2056
66b9b43c
PM		 2057static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2058 uint64_t val, unsigned size,
2059 MemTxAttrs attrs)
6658ffb8 2060{
66b9b43c
PM		 2061 MemTxResult res;
2062
2063 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2064 switch (size) {
67364150 2065 case 1:
66b9b43c 2066 address_space_stb(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2067 break;
2068 case 2:
66b9b43c 2069 address_space_stw(&address_space_memory, addr, val, attrs, &res);
67364150
MF		 2070 break;
2071 case 4:
66b9b43c 2072 address_space_stl(&address_space_memory, addr, val, attrs, &res);
67364150 2073 break;
1ec9b909
AK		 2074 default: abort();
2075 }
66b9b43c 2076 return res;
6658ffb8
PB		 2077}
2078
1ec9b909 2079static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2080 .read_with_attrs = watch_mem_read,
2081 .write_with_attrs = watch_mem_write,
1ec9b909 2082 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2083};
6658ffb8 2084
f25a49e0
PM		 2085static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2086 unsigned len, MemTxAttrs attrs)
db7b5426 2087{
acc9d80b 2088 subpage_t *subpage = opaque;
ff6cff75 2089 uint8_t buf[8];
5c9eb028 2090 MemTxResult res;
791af8c8 2091
db7b5426 2092#if defined(DEBUG_SUBPAGE)
016e9d62 2093 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2094 subpage, len, addr);
db7b5426 2095#endif
5c9eb028
PM		 2096 res = address_space_read(subpage->as, addr + subpage->base,
2097 attrs, buf, len);
2098 if (res) {
2099 return res;
f25a49e0 2100 }
acc9d80b
JK		 2101 switch (len) {
2102 case 1:
f25a49e0
PM		 2103 *data = ldub_p(buf);
2104 return MEMTX_OK;
acc9d80b 2105 case 2:
f25a49e0
PM		 2106 *data = lduw_p(buf);
2107 return MEMTX_OK;
acc9d80b 2108 case 4:
f25a49e0
PM		 2109 *data = ldl_p(buf);
2110 return MEMTX_OK;
ff6cff75 2111 case 8:
f25a49e0
PM		 2112 *data = ldq_p(buf);
2113 return MEMTX_OK;
acc9d80b
JK		 2114 default:
2115 abort();
2116 }
db7b5426
BS		 2117}
2118
f25a49e0
PM		 2119static MemTxResult subpage_write(void *opaque, hwaddr addr,
2120 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2121{
acc9d80b 2122 subpage_t *subpage = opaque;
ff6cff75 2123 uint8_t buf[8];
acc9d80b 2124
db7b5426 2125#if defined(DEBUG_SUBPAGE)
016e9d62 2126 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2127 " value %"PRIx64"\n",
2128 __func__, subpage, len, addr, value);
db7b5426 2129#endif
acc9d80b
JK		 2130 switch (len) {
2131 case 1:
2132 stb_p(buf, value);
2133 break;
2134 case 2:
2135 stw_p(buf, value);
2136 break;
2137 case 4:
2138 stl_p(buf, value);
2139 break;
ff6cff75
PB		 2140 case 8:
2141 stq_p(buf, value);
2142 break;
acc9d80b
JK		 2143 default:
2144 abort();
2145 }
5c9eb028
PM		 2146 return address_space_write(subpage->as, addr + subpage->base,
2147 attrs, buf, len);
db7b5426
BS		 2148}
2149
c353e4cc 2150static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2151 unsigned len, bool is_write)
c353e4cc 2152{
acc9d80b 2153 subpage_t *subpage = opaque;
c353e4cc 2154#if defined(DEBUG_SUBPAGE)
016e9d62 2155 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2156 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2157#endif
2158
acc9d80b 2159 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2160 len, is_write);
c353e4cc
PB		 2161}
2162
70c68e44 2163static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2164 .read_with_attrs = subpage_read,
2165 .write_with_attrs = subpage_write,
ff6cff75
PB		 2166 .impl.min_access_size = 1,
2167 .impl.max_access_size = 8,
2168 .valid.min_access_size = 1,
2169 .valid.max_access_size = 8,
c353e4cc 2170 .valid.accepts = subpage_accepts,
70c68e44 2171 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2172};
2173
c227f099 2174static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2175 uint16_t section)
db7b5426
BS		 2176{
2177 int idx, eidx;
2178
2179 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2180 return -1;
2181 idx = SUBPAGE_IDX(start);
2182 eidx = SUBPAGE_IDX(end);
2183#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2184 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2185 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2186#endif
db7b5426 2187 for (; idx <= eidx; idx++) {
5312bd8b 2188 mmio->sub_section[idx] = section;
db7b5426
BS		 2189 }
2190
2191 return 0;
2192}
2193
acc9d80b 2194static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2195{
c227f099 2196 subpage_t *mmio;
db7b5426 2197
7267c094 2198 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2199
acc9d80b 2200 mmio->as = as;
1eec614b 2201 mmio->base = base;
2c9b15ca 2202 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2203 NULL, TARGET_PAGE_SIZE);
b3b00c78 2204 mmio->iomem.subpage = true;
db7b5426 2205#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2206 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2207 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2208#endif
b41aac4f 2209 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2210
2211 return mmio;
2212}
2213
a656e22f
PC		 2214static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2215 MemoryRegion *mr)
5312bd8b 2216{
a656e22f 2217 assert(as);
5312bd8b 2218 MemoryRegionSection section = {
a656e22f 2219 .address_space = as,
5312bd8b
AK		 2220 .mr = mr,
2221 .offset_within_address_space = 0,
2222 .offset_within_region = 0,
052e87b0 2223 .size = int128_2_64(),
5312bd8b
AK		 2224 };
2225
53cb28cb 2226 return phys_section_add(map, &section);
5312bd8b
AK		 2227}
2228
9d82b5a7 2229MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2230{
32857f4d
PM		 2231 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2232 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2233 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2234
2235 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2236}
2237
e9179ce1
AK		 2238static void io_mem_init(void)
2239{
1f6245e5 2240 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2241 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2242 NULL, UINT64_MAX);
2c9b15ca 2243 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2244 NULL, UINT64_MAX);
2c9b15ca 2245 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2246 NULL, UINT64_MAX);
e9179ce1
AK		 2247}
2248
ac1970fb 2249static void mem_begin(MemoryListener *listener)
00752703
PB		 2250{
2251 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2252 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2253 uint16_t n;
2254
a656e22f 2255 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2256 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2257 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2258 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2259 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2260 assert(n == PHYS_SECTION_ROM);
a656e22f 2261 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2262 assert(n == PHYS_SECTION_WATCH);
00752703 2263
9736e55b 2264 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2265 d->as = as;
2266 as->next_dispatch = d;
2267}
2268
79e2b9ae
PB		 2269static void address_space_dispatch_free(AddressSpaceDispatch *d)
2270{
2271 phys_sections_free(&d->map);
2272 g_free(d);
2273}
2274
00752703 2275static void mem_commit(MemoryListener *listener)
ac1970fb 2276{
89ae337a 2277 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2278 AddressSpaceDispatch *cur = as->dispatch;
2279 AddressSpaceDispatch *next = as->next_dispatch;
2280
53cb28cb 2281 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2282
79e2b9ae 2283 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2284 if (cur) {
79e2b9ae 2285 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2286 }
9affd6fc
PB		 2287}
2288
1d71148e 2289static void tcg_commit(MemoryListener *listener)
50c1e149 2290{
32857f4d
PM		 2291 CPUAddressSpace *cpuas;
2292 AddressSpaceDispatch *d;
117712c3
AK		 2293
2294 /* since each CPU stores ram addresses in its TLB cache, we must
2295 reset the modified entries */
32857f4d
PM		 2296 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2297 cpu_reloading_memory_map();
2298 /* The CPU and TLB are protected by the iothread lock.
2299 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2300 * may have split the RCU critical section.
2301 */
2302 d = atomic_rcu_read(&cpuas->as->dispatch);
2303 cpuas->memory_dispatch = d;
2304 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2305}
2306
ac1970fb
AK		 2307void address_space_init_dispatch(AddressSpace *as)
2308{
00752703 2309 as->dispatch = NULL;
89ae337a 2310 as->dispatch_listener = (MemoryListener) {
ac1970fb 2311 .begin = mem_begin,
00752703 2312 .commit = mem_commit,
ac1970fb
AK		 2313 .region_add = mem_add,
2314 .region_nop = mem_add,
2315 .priority = 0,
2316 };
89ae337a 2317 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2318}
2319
6e48e8f9
PB		 2320void address_space_unregister(AddressSpace *as)
2321{
2322 memory_listener_unregister(&as->dispatch_listener);
2323}
2324
83f3c251
AK		 2325void address_space_destroy_dispatch(AddressSpace *as)
2326{
2327 AddressSpaceDispatch *d = as->dispatch;
2328
79e2b9ae
PB		 2329 atomic_rcu_set(&as->dispatch, NULL);
2330 if (d) {
2331 call_rcu(d, address_space_dispatch_free, rcu);
2332 }
83f3c251
AK		 2333}
2334
62152b8a
AK		 2335static void memory_map_init(void)
2336{
7267c094 2337 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2338
57271d63 2339 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2340 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2341
7267c094 2342 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2343 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2344 65536);
7dca8043 2345 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2346}
2347
2348MemoryRegion *get_system_memory(void)
2349{
2350 return system_memory;
2351}
2352
309cb471
AK		 2353MemoryRegion *get_system_io(void)
2354{
2355 return system_io;
2356}
2357
e2eef170
PB		 2358#endif /* !defined(CONFIG_USER_ONLY) */
2359
13eb76e0
FB		 2360/* physical memory access (slow version, mainly for debug) */
2361#if defined(CONFIG_USER_ONLY)
f17ec444 2362int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2363 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2364{
2365 int l, flags;
2366 target_ulong page;
53a5960a 2367 void * p;
13eb76e0
FB		 2368
2369 while (len > 0) {
2370 page = addr & TARGET_PAGE_MASK;
2371 l = (page + TARGET_PAGE_SIZE) - addr;
2372 if (l > len)
2373 l = len;
2374 flags = page_get_flags(page);
2375 if (!(flags & PAGE_VALID))
a68fe89c 2376 return -1;
13eb76e0
FB		 2377 if (is_write) {
2378 if (!(flags & PAGE_WRITE))
a68fe89c 2379 return -1;
579a97f7 2380 /* XXX: this code should not depend on lock_user */
72fb7daa 2381 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2382 return -1;
72fb7daa
AJ		 2383 memcpy(p, buf, l);
2384 unlock_user(p, addr, l);
13eb76e0
FB		 2385 } else {
2386 if (!(flags & PAGE_READ))
a68fe89c 2387 return -1;
579a97f7 2388 /* XXX: this code should not depend on lock_user */
72fb7daa 2389 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2390 return -1;
72fb7daa 2391 memcpy(buf, p, l);
5b257578 2392 unlock_user(p, addr, 0);
13eb76e0
FB		 2393 }
2394 len -= l;
2395 buf += l;
2396 addr += l;
2397 }
a68fe89c 2398 return 0;
13eb76e0 2399}
8df1cd07 2400
13eb76e0 2401#else
51d7a9eb 2402
845b6214 2403static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2404 hwaddr length)
51d7a9eb 2405{
e87f7778
PB		 2406 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2407 /* No early return if dirty_log_mask is or becomes 0, because
2408 * cpu_physical_memory_set_dirty_range will still call
2409 * xen_modified_memory.
2410 */
2411 if (dirty_log_mask) {
2412 dirty_log_mask =
2413 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2414 }
2415 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2416 tb_invalidate_phys_range(addr, addr + length);
2417 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2418 }
e87f7778 2419 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2420}
2421
23326164 2422static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2423{
e1622f4b 2424 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2425
2426 /* Regions are assumed to support 1-4 byte accesses unless
2427 otherwise specified. */
23326164
RH		 2428 if (access_size_max == 0) {
2429 access_size_max = 4;
2430 }
2431
2432 /* Bound the maximum access by the alignment of the address. */
2433 if (!mr->ops->impl.unaligned) {
2434 unsigned align_size_max = addr & -addr;
2435 if (align_size_max != 0 && align_size_max < access_size_max) {
2436 access_size_max = align_size_max;
2437 }
82f2563f 2438 }
23326164
RH		 2439
2440 /* Don't attempt accesses larger than the maximum. */
2441 if (l > access_size_max) {
2442 l = access_size_max;
82f2563f 2443 }
6554f5c0 2444 l = pow2floor(l);
23326164
RH		 2445
2446 return l;
82f2563f
PB		 2447}
2448
4840f10e 2449static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2450{
4840f10e
JK		 2451 bool unlocked = !qemu_mutex_iothread_locked();
2452 bool release_lock = false;
2453
2454 if (unlocked && mr->global_locking) {
2455 qemu_mutex_lock_iothread();
2456 unlocked = false;
2457 release_lock = true;
2458 }
125b3806 2459 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2460 if (unlocked) {
2461 qemu_mutex_lock_iothread();
2462 }
125b3806 2463 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2464 if (unlocked) {
2465 qemu_mutex_unlock_iothread();
2466 }
125b3806 2467 }
4840f10e
JK		 2468
2469 return release_lock;
125b3806
PB		 2470}
2471
5c9eb028
PM		 2472MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2473 uint8_t *buf, int len, bool is_write)
13eb76e0 2474{
149f54b5 2475 hwaddr l;
13eb76e0 2476 uint8_t *ptr;
791af8c8 2477 uint64_t val;
149f54b5 2478 hwaddr addr1;
5c8a00ce 2479 MemoryRegion *mr;
3b643495 2480 MemTxResult result = MEMTX_OK;
4840f10e 2481 bool release_lock = false;
3b46e624 2482
41063e1e 2483 rcu_read_lock();
13eb76e0 2484 while (len > 0) {
149f54b5 2485 l = len;
5c8a00ce 2486 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2487
13eb76e0 2488 if (is_write) {
5c8a00ce 2489 if (!memory_access_is_direct(mr, is_write)) {
4840f10e 2490 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2491 l = memory_access_size(mr, l, addr1);
4917cf44 2492 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2493 potential bugs */
23326164
RH		 2494 switch (l) {
2495 case 8:
2496 /* 64 bit write access */
2497 val = ldq_p(buf);
3b643495
PM		 2498 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2499 attrs);
23326164
RH		 2500 break;
2501 case 4:
1c213d19 2502 /* 32 bit write access */
c27004ec 2503 val = ldl_p(buf);
3b643495
PM		 2504 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2505 attrs);
23326164
RH		 2506 break;
2507 case 2:
1c213d19 2508 /* 16 bit write access */
c27004ec 2509 val = lduw_p(buf);
3b643495
PM		 2510 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2511 attrs);
23326164
RH		 2512 break;
2513 case 1:
1c213d19 2514 /* 8 bit write access */
c27004ec 2515 val = ldub_p(buf);
3b643495
PM		 2516 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2517 attrs);
23326164
RH		 2518 break;
2519 default:
2520 abort();
13eb76e0 2521 }
2bbfa05d 2522 } else {
5c8a00ce 2523 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2524 /* RAM case */
5579c7f3 2525 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2526 memcpy(ptr, buf, l);
845b6214 2527 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0
FB		 2528 }
2529 } else {
5c8a00ce 2530 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2531 /* I/O case */
4840f10e 2532 release_lock |= prepare_mmio_access(mr);
5c8a00ce 2533 l = memory_access_size(mr, l, addr1);
23326164
RH		 2534 switch (l) {
2535 case 8:
2536 /* 64 bit read access */
3b643495
PM		 2537 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2538 attrs);
23326164
RH		 2539 stq_p(buf, val);
2540 break;
2541 case 4:
13eb76e0 2542 /* 32 bit read access */
3b643495
PM		 2543 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2544 attrs);
c27004ec 2545 stl_p(buf, val);
23326164
RH		 2546 break;
2547 case 2:
13eb76e0 2548 /* 16 bit read access */
3b643495
PM		 2549 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2550 attrs);
c27004ec 2551 stw_p(buf, val);
23326164
RH		 2552 break;
2553 case 1:
1c213d19 2554 /* 8 bit read access */
3b643495
PM		 2555 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2556 attrs);
c27004ec 2557 stb_p(buf, val);
23326164
RH		 2558 break;
2559 default:
2560 abort();
13eb76e0
FB		 2561 }
2562 } else {
2563 /* RAM case */
5c8a00ce 2564 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2565 memcpy(buf, ptr, l);
13eb76e0
FB		 2566 }
2567 }
4840f10e
JK		 2568
2569 if (release_lock) {
2570 qemu_mutex_unlock_iothread();
2571 release_lock = false;
2572 }
2573
13eb76e0
FB		 2574 len -= l;
2575 buf += l;
2576 addr += l;
2577 }
41063e1e 2578 rcu_read_unlock();
fd8aaa76 2579
3b643495 2580 return result;
13eb76e0 2581}
8df1cd07 2582
5c9eb028
PM		 2583MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2584 const uint8_t *buf, int len)
ac1970fb 2585{
5c9eb028 2586 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
ac1970fb
AK		 2587}
2588
5c9eb028
PM		 2589MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2590 uint8_t *buf, int len)
ac1970fb 2591{
5c9eb028 2592 return address_space_rw(as, addr, attrs, buf, len, false);
ac1970fb
AK		 2593}
2594
2595
a8170e5e 2596void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2597 int len, int is_write)
2598{
5c9eb028
PM		 2599 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2600 buf, len, is_write);
ac1970fb
AK		 2601}
2602
582b55a9
AG		 2603enum write_rom_type {
2604 WRITE_DATA,
2605 FLUSH_CACHE,
2606};
2607
2a221651 2608static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2609 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2610{
149f54b5 2611 hwaddr l;
d0ecd2aa 2612 uint8_t *ptr;
149f54b5 2613 hwaddr addr1;
5c8a00ce 2614 MemoryRegion *mr;
3b46e624 2615
41063e1e 2616 rcu_read_lock();
d0ecd2aa 2617 while (len > 0) {
149f54b5 2618 l = len;
2a221651 2619 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2620
5c8a00ce
PB		 2621 if (!(memory_region_is_ram(mr) ||
2622 memory_region_is_romd(mr))) {
b242e0e0 2623 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2624 } else {
5c8a00ce 2625 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2626 /* ROM/RAM case */
5579c7f3 2627 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2628 switch (type) {
2629 case WRITE_DATA:
2630 memcpy(ptr, buf, l);
845b6214 2631 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2632 break;
2633 case FLUSH_CACHE:
2634 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2635 break;
2636 }
d0ecd2aa
FB		 2637 }
2638 len -= l;
2639 buf += l;
2640 addr += l;
2641 }
41063e1e 2642 rcu_read_unlock();
d0ecd2aa
FB		 2643}
2644
582b55a9 2645/* used for ROM loading : can write in RAM and ROM */
2a221651 2646void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2647 const uint8_t *buf, int len)
2648{
2a221651 2649 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2650}
2651
2652void cpu_flush_icache_range(hwaddr start, int len)
2653{
2654 /*
2655 * This function should do the same thing as an icache flush that was
2656 * triggered from within the guest. For TCG we are always cache coherent,
2657 * so there is no need to flush anything. For KVM / Xen we need to flush
2658 * the host's instruction cache at least.
2659 */
2660 if (tcg_enabled()) {
2661 return;
2662 }
2663
2a221651
EI		 2664 cpu_physical_memory_write_rom_internal(&address_space_memory,
2665 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2666}
2667
6d16c2f8 2668typedef struct {
d3e71559 2669 MemoryRegion *mr;
6d16c2f8 2670 void *buffer;
a8170e5e
AK		 2671 hwaddr addr;
2672 hwaddr len;
c2cba0ff 2673 bool in_use;
6d16c2f8
AL		 2674} BounceBuffer;
2675
2676static BounceBuffer bounce;
2677
ba223c29 2678typedef struct MapClient {
e95205e1 2679 QEMUBH *bh;
72cf2d4f 2680 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2681} MapClient;
2682
38e047b5 2683QemuMutex map_client_list_lock;
72cf2d4f
BS		 2684static QLIST_HEAD(map_client_list, MapClient) map_client_list
2685 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2686
e95205e1
FZ		 2687static void cpu_unregister_map_client_do(MapClient *client)
2688{
2689 QLIST_REMOVE(client, link);
2690 g_free(client);
2691}
2692
33b6c2ed
FZ		 2693static void cpu_notify_map_clients_locked(void)
2694{
2695 MapClient *client;
2696
2697 while (!QLIST_EMPTY(&map_client_list)) {
2698 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2699 qemu_bh_schedule(client->bh);
2700 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2701 }
2702}
2703
e95205e1 2704void cpu_register_map_client(QEMUBH *bh)
ba223c29 2705{
7267c094 2706 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2707
38e047b5 2708 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2709 client->bh = bh;
72cf2d4f 2710 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2711 if (!atomic_read(&bounce.in_use)) {
2712 cpu_notify_map_clients_locked();
2713 }
38e047b5 2714 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2715}
2716
38e047b5 2717void cpu_exec_init_all(void)
ba223c29 2718{
38e047b5 2719 qemu_mutex_init(&ram_list.mutex);
38e047b5 2720 io_mem_init();
680a4783 2721 memory_map_init();
38e047b5 2722 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2723}
2724
e95205e1 2725void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2726{
2727 MapClient *client;
2728
e95205e1
FZ		 2729 qemu_mutex_lock(&map_client_list_lock);
2730 QLIST_FOREACH(client, &map_client_list, link) {
2731 if (client->bh == bh) {
2732 cpu_unregister_map_client_do(client);
2733 break;
2734 }
ba223c29 2735 }
e95205e1 2736 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2737}
2738
2739static void cpu_notify_map_clients(void)
2740{
38e047b5 2741 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2742 cpu_notify_map_clients_locked();
38e047b5 2743 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2744}
2745
51644ab7
PB		 2746bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2747{
5c8a00ce 2748 MemoryRegion *mr;
51644ab7
PB		 2749 hwaddr l, xlat;
2750
41063e1e 2751 rcu_read_lock();
51644ab7
PB		 2752 while (len > 0) {
2753 l = len;
5c8a00ce
PB		 2754 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2755 if (!memory_access_is_direct(mr, is_write)) {
2756 l = memory_access_size(mr, l, addr);
2757 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2758 return false;
2759 }
2760 }
2761
2762 len -= l;
2763 addr += l;
2764 }
41063e1e 2765 rcu_read_unlock();
51644ab7
PB		 2766 return true;
2767}
2768
6d16c2f8
AL		 2769/* Map a physical memory region into a host virtual address.
2770 * May map a subset of the requested range, given by and returned in *plen.
2771 * May return NULL if resources needed to perform the mapping are exhausted.
2772 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2773 * Use cpu_register_map_client() to know when retrying the map operation is
2774 * likely to succeed.
6d16c2f8 2775 */
ac1970fb 2776void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2777 hwaddr addr,
2778 hwaddr *plen,
ac1970fb 2779 bool is_write)
6d16c2f8 2780{
a8170e5e 2781 hwaddr len = *plen;
e3127ae0
PB		 2782 hwaddr done = 0;
2783 hwaddr l, xlat, base;
2784 MemoryRegion *mr, *this_mr;
2785 ram_addr_t raddr;
e81bcda5 2786 void *ptr;
6d16c2f8 2787
e3127ae0
PB		 2788 if (len == 0) {
2789 return NULL;
2790 }
38bee5dc 2791
e3127ae0 2792 l = len;
41063e1e 2793 rcu_read_lock();
e3127ae0 2794 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2795
e3127ae0 2796 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2797 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2798 rcu_read_unlock();
e3127ae0 2799 return NULL;
6d16c2f8 2800 }
e85d9db5
KW		 2801 /* Avoid unbounded allocations */
2802 l = MIN(l, TARGET_PAGE_SIZE);
2803 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2804 bounce.addr = addr;
2805 bounce.len = l;
d3e71559
PB		 2806
2807 memory_region_ref(mr);
2808 bounce.mr = mr;
e3127ae0 2809 if (!is_write) {
5c9eb028
PM		 2810 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2811 bounce.buffer, l);
8ab934f9 2812 }
6d16c2f8 2813
41063e1e 2814 rcu_read_unlock();
e3127ae0
PB		 2815 *plen = l;
2816 return bounce.buffer;
2817 }
2818
2819 base = xlat;
2820 raddr = memory_region_get_ram_addr(mr);
2821
2822 for (;;) {
6d16c2f8
AL		 2823 len -= l;
2824 addr += l;
e3127ae0
PB		 2825 done += l;
2826 if (len == 0) {
2827 break;
2828 }
2829
2830 l = len;
2831 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2832 if (this_mr != mr || xlat != base + done) {
2833 break;
2834 }
6d16c2f8 2835 }
e3127ae0 2836
d3e71559 2837 memory_region_ref(mr);
e3127ae0 2838 *plen = done;
e81bcda5
PB		 2839 ptr = qemu_ram_ptr_length(raddr + base, plen);
2840 rcu_read_unlock();
2841
2842 return ptr;
6d16c2f8
AL		 2843}
2844
ac1970fb 2845/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2846 * Will also mark the memory as dirty if is_write == 1. access_len gives
2847 * the amount of memory that was actually read or written by the caller.
2848 */
a8170e5e
AK		 2849void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2850 int is_write, hwaddr access_len)
6d16c2f8
AL		 2851{
2852 if (buffer != bounce.buffer) {
d3e71559
PB		 2853 MemoryRegion *mr;
2854 ram_addr_t addr1;
2855
2856 mr = qemu_ram_addr_from_host(buffer, &addr1);
2857 assert(mr != NULL);
6d16c2f8 2858 if (is_write) {
845b6214 2859 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2860 }
868bb33f 2861 if (xen_enabled()) {
e41d7c69 2862 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2863 }
d3e71559 2864 memory_region_unref(mr);
6d16c2f8
AL		 2865 return;
2866 }
2867 if (is_write) {
5c9eb028
PM		 2868 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2869 bounce.buffer, access_len);
6d16c2f8 2870 }
f8a83245 2871 qemu_vfree(bounce.buffer);
6d16c2f8 2872 bounce.buffer = NULL;
d3e71559 2873 memory_region_unref(bounce.mr);
c2cba0ff 2874 atomic_mb_set(&bounce.in_use, false);
ba223c29 2875 cpu_notify_map_clients();
6d16c2f8 2876}
d0ecd2aa 2877
a8170e5e
AK		 2878void *cpu_physical_memory_map(hwaddr addr,
2879 hwaddr *plen,
ac1970fb
AK		 2880 int is_write)
2881{
2882 return address_space_map(&address_space_memory, addr, plen, is_write);
2883}
2884
a8170e5e
AK		 2885void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2886 int is_write, hwaddr access_len)
ac1970fb
AK		 2887{
2888 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2889}
2890
8df1cd07 2891/* warning: addr must be aligned */
50013115
PM		 2892static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2893 MemTxAttrs attrs,
2894 MemTxResult *result,
2895 enum device_endian endian)
8df1cd07 2896{
8df1cd07 2897 uint8_t *ptr;
791af8c8 2898 uint64_t val;
5c8a00ce 2899 MemoryRegion *mr;
149f54b5
PB		 2900 hwaddr l = 4;
2901 hwaddr addr1;
50013115 2902 MemTxResult r;
4840f10e 2903 bool release_lock = false;
8df1cd07 2904
41063e1e 2905 rcu_read_lock();
fdfba1a2 2906 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2907 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2908 release_lock |= prepare_mmio_access(mr);
125b3806 2909
8df1cd07 2910 /* I/O case */
50013115 2911 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 2912#if defined(TARGET_WORDS_BIGENDIAN)
2913 if (endian == DEVICE_LITTLE_ENDIAN) {
2914 val = bswap32(val);
2915 }
2916#else
2917 if (endian == DEVICE_BIG_ENDIAN) {
2918 val = bswap32(val);
2919 }
2920#endif
8df1cd07
FB		 2921 } else {
2922 /* RAM case */
5c8a00ce 2923 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2924 & TARGET_PAGE_MASK)
149f54b5 2925 + addr1);
1e78bcc1
AG		 2926 switch (endian) {
2927 case DEVICE_LITTLE_ENDIAN:
2928 val = ldl_le_p(ptr);
2929 break;
2930 case DEVICE_BIG_ENDIAN:
2931 val = ldl_be_p(ptr);
2932 break;
2933 default:
2934 val = ldl_p(ptr);
2935 break;
2936 }
50013115
PM		 2937 r = MEMTX_OK;
2938 }
2939 if (result) {
2940 *result = r;
8df1cd07 2941 }
4840f10e
JK		 2942 if (release_lock) {
2943 qemu_mutex_unlock_iothread();
2944 }
41063e1e 2945 rcu_read_unlock();
8df1cd07
FB		 2946 return val;
2947}
2948
50013115
PM		 2949uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2950 MemTxAttrs attrs, MemTxResult *result)
2951{
2952 return address_space_ldl_internal(as, addr, attrs, result,
2953 DEVICE_NATIVE_ENDIAN);
2954}
2955
2956uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2957 MemTxAttrs attrs, MemTxResult *result)
2958{
2959 return address_space_ldl_internal(as, addr, attrs, result,
2960 DEVICE_LITTLE_ENDIAN);
2961}
2962
2963uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2964 MemTxAttrs attrs, MemTxResult *result)
2965{
2966 return address_space_ldl_internal(as, addr, attrs, result,
2967 DEVICE_BIG_ENDIAN);
2968}
2969
fdfba1a2 2970uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2971{
50013115 2972 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2973}
2974
fdfba1a2 2975uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2976{
50013115 2977 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2978}
2979
fdfba1a2 2980uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2981{
50013115 2982 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 2983}
2984
84b7b8e7 2985/* warning: addr must be aligned */
50013115
PM		 2986static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2987 MemTxAttrs attrs,
2988 MemTxResult *result,
2989 enum device_endian endian)
84b7b8e7 2990{
84b7b8e7
FB		 2991 uint8_t *ptr;
2992 uint64_t val;
5c8a00ce 2993 MemoryRegion *mr;
149f54b5
PB		 2994 hwaddr l = 8;
2995 hwaddr addr1;
50013115 2996 MemTxResult r;
4840f10e 2997 bool release_lock = false;
84b7b8e7 2998
41063e1e 2999 rcu_read_lock();
2c17449b 3000 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3001 false);
3002 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3003 release_lock |= prepare_mmio_access(mr);
125b3806 3004
84b7b8e7 3005 /* I/O case */
50013115 3006 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3007#if defined(TARGET_WORDS_BIGENDIAN)
3008 if (endian == DEVICE_LITTLE_ENDIAN) {
3009 val = bswap64(val);
3010 }
3011#else
3012 if (endian == DEVICE_BIG_ENDIAN) {
3013 val = bswap64(val);
3014 }
84b7b8e7
FB		 3015#endif
3016 } else {
3017 /* RAM case */
5c8a00ce 3018 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3019 & TARGET_PAGE_MASK)
149f54b5 3020 + addr1);
1e78bcc1
AG		 3021 switch (endian) {
3022 case DEVICE_LITTLE_ENDIAN:
3023 val = ldq_le_p(ptr);
3024 break;
3025 case DEVICE_BIG_ENDIAN:
3026 val = ldq_be_p(ptr);
3027 break;
3028 default:
3029 val = ldq_p(ptr);
3030 break;
3031 }
50013115
PM		 3032 r = MEMTX_OK;
3033 }
3034 if (result) {
3035 *result = r;
84b7b8e7 3036 }
4840f10e
JK		 3037 if (release_lock) {
3038 qemu_mutex_unlock_iothread();
3039 }
41063e1e 3040 rcu_read_unlock();
84b7b8e7
FB		 3041 return val;
3042}
3043
50013115
PM		 3044uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3045 MemTxAttrs attrs, MemTxResult *result)
3046{
3047 return address_space_ldq_internal(as, addr, attrs, result,
3048 DEVICE_NATIVE_ENDIAN);
3049}
3050
3051uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3052 MemTxAttrs attrs, MemTxResult *result)
3053{
3054 return address_space_ldq_internal(as, addr, attrs, result,
3055 DEVICE_LITTLE_ENDIAN);
3056}
3057
3058uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3059 MemTxAttrs attrs, MemTxResult *result)
3060{
3061 return address_space_ldq_internal(as, addr, attrs, result,
3062 DEVICE_BIG_ENDIAN);
3063}
3064
2c17449b 3065uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3066{
50013115 3067 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3068}
3069
2c17449b 3070uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3071{
50013115 3072 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3073}
3074
2c17449b 3075uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3076{
50013115 3077 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3078}
3079
aab33094 3080/* XXX: optimize */
50013115
PM		 3081uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3082 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3083{
3084 uint8_t val;
50013115
PM		 3085 MemTxResult r;
3086
3087 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3088 if (result) {
3089 *result = r;
3090 }
aab33094
FB		 3091 return val;
3092}
3093
50013115
PM		 3094uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3095{
3096 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3097}
3098
733f0b02 3099/* warning: addr must be aligned */
50013115
PM		 3100static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3101 hwaddr addr,
3102 MemTxAttrs attrs,
3103 MemTxResult *result,
3104 enum device_endian endian)
aab33094 3105{
733f0b02
MT		 3106 uint8_t *ptr;
3107 uint64_t val;
5c8a00ce 3108 MemoryRegion *mr;
149f54b5
PB		 3109 hwaddr l = 2;
3110 hwaddr addr1;
50013115 3111 MemTxResult r;
4840f10e 3112 bool release_lock = false;
733f0b02 3113
41063e1e 3114 rcu_read_lock();
41701aa4 3115 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3116 false);
3117 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3118 release_lock |= prepare_mmio_access(mr);
125b3806 3119
733f0b02 3120 /* I/O case */
50013115 3121 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3122#if defined(TARGET_WORDS_BIGENDIAN)
3123 if (endian == DEVICE_LITTLE_ENDIAN) {
3124 val = bswap16(val);
3125 }
3126#else
3127 if (endian == DEVICE_BIG_ENDIAN) {
3128 val = bswap16(val);
3129 }
3130#endif
733f0b02
MT		 3131 } else {
3132 /* RAM case */
5c8a00ce 3133 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3134 & TARGET_PAGE_MASK)
149f54b5 3135 + addr1);
1e78bcc1
AG		 3136 switch (endian) {
3137 case DEVICE_LITTLE_ENDIAN:
3138 val = lduw_le_p(ptr);
3139 break;
3140 case DEVICE_BIG_ENDIAN:
3141 val = lduw_be_p(ptr);
3142 break;
3143 default:
3144 val = lduw_p(ptr);
3145 break;
3146 }
50013115
PM		 3147 r = MEMTX_OK;
3148 }
3149 if (result) {
3150 *result = r;
733f0b02 3151 }
4840f10e
JK		 3152 if (release_lock) {
3153 qemu_mutex_unlock_iothread();
3154 }
41063e1e 3155 rcu_read_unlock();
733f0b02 3156 return val;
aab33094
FB		 3157}
3158
50013115
PM		 3159uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3160 MemTxAttrs attrs, MemTxResult *result)
3161{
3162 return address_space_lduw_internal(as, addr, attrs, result,
3163 DEVICE_NATIVE_ENDIAN);
3164}
3165
3166uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3167 MemTxAttrs attrs, MemTxResult *result)
3168{
3169 return address_space_lduw_internal(as, addr, attrs, result,
3170 DEVICE_LITTLE_ENDIAN);
3171}
3172
3173uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3174 MemTxAttrs attrs, MemTxResult *result)
3175{
3176 return address_space_lduw_internal(as, addr, attrs, result,
3177 DEVICE_BIG_ENDIAN);
3178}
3179
41701aa4 3180uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3181{
50013115 3182 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3183}
3184
41701aa4 3185uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3186{
50013115 3187 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3188}
3189
41701aa4 3190uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3191{
50013115 3192 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3193}
3194
8df1cd07
FB		 3195/* warning: addr must be aligned. The ram page is not masked as dirty
3196 and the code inside is not invalidated. It is useful if the dirty
3197 bits are used to track modified PTEs */
50013115
PM		 3198void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3199 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3200{
8df1cd07 3201 uint8_t *ptr;
5c8a00ce 3202 MemoryRegion *mr;
149f54b5
PB		 3203 hwaddr l = 4;
3204 hwaddr addr1;
50013115 3205 MemTxResult r;
845b6214 3206 uint8_t dirty_log_mask;
4840f10e 3207 bool release_lock = false;
8df1cd07 3208
41063e1e 3209 rcu_read_lock();
2198a121 3210 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3211 true);
3212 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3213 release_lock |= prepare_mmio_access(mr);
125b3806 3214
50013115 3215 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3216 } else {
5c8a00ce 3217 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3218 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3219 stl_p(ptr, val);
74576198 3220
845b6214
PB		 3221 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3222 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3223 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3224 r = MEMTX_OK;
3225 }
3226 if (result) {
3227 *result = r;
8df1cd07 3228 }
4840f10e
JK		 3229 if (release_lock) {
3230 qemu_mutex_unlock_iothread();
3231 }
41063e1e 3232 rcu_read_unlock();
8df1cd07
FB		 3233}
3234
50013115
PM		 3235void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3236{
3237 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3238}
3239
8df1cd07 3240/* warning: addr must be aligned */
50013115
PM		 3241static inline void address_space_stl_internal(AddressSpace *as,
3242 hwaddr addr, uint32_t val,
3243 MemTxAttrs attrs,
3244 MemTxResult *result,
3245 enum device_endian endian)
8df1cd07 3246{
8df1cd07 3247 uint8_t *ptr;
5c8a00ce 3248 MemoryRegion *mr;
149f54b5
PB		 3249 hwaddr l = 4;
3250 hwaddr addr1;
50013115 3251 MemTxResult r;
4840f10e 3252 bool release_lock = false;
8df1cd07 3253
41063e1e 3254 rcu_read_lock();
ab1da857 3255 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3256 true);
3257 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3258 release_lock |= prepare_mmio_access(mr);
125b3806 3259
1e78bcc1
AG		 3260#if defined(TARGET_WORDS_BIGENDIAN)
3261 if (endian == DEVICE_LITTLE_ENDIAN) {
3262 val = bswap32(val);
3263 }
3264#else
3265 if (endian == DEVICE_BIG_ENDIAN) {
3266 val = bswap32(val);
3267 }
3268#endif
50013115 3269 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3270 } else {
8df1cd07 3271 /* RAM case */
5c8a00ce 3272 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3273 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3274 switch (endian) {
3275 case DEVICE_LITTLE_ENDIAN:
3276 stl_le_p(ptr, val);
3277 break;
3278 case DEVICE_BIG_ENDIAN:
3279 stl_be_p(ptr, val);
3280 break;
3281 default:
3282 stl_p(ptr, val);
3283 break;
3284 }
845b6214 3285 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3286 r = MEMTX_OK;
3287 }
3288 if (result) {
3289 *result = r;
8df1cd07 3290 }
4840f10e
JK		 3291 if (release_lock) {
3292 qemu_mutex_unlock_iothread();
3293 }
41063e1e 3294 rcu_read_unlock();
8df1cd07
FB		 3295}
3296
50013115
PM		 3297void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3298 MemTxAttrs attrs, MemTxResult *result)
3299{
3300 address_space_stl_internal(as, addr, val, attrs, result,
3301 DEVICE_NATIVE_ENDIAN);
3302}
3303
3304void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3305 MemTxAttrs attrs, MemTxResult *result)
3306{
3307 address_space_stl_internal(as, addr, val, attrs, result,
3308 DEVICE_LITTLE_ENDIAN);
3309}
3310
3311void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3312 MemTxAttrs attrs, MemTxResult *result)
3313{
3314 address_space_stl_internal(as, addr, val, attrs, result,
3315 DEVICE_BIG_ENDIAN);
3316}
3317
ab1da857 3318void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3319{
50013115 3320 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3321}
3322
ab1da857 3323void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3324{
50013115 3325 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3326}
3327
ab1da857 3328void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3329{
50013115 3330 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3331}
3332
aab33094 3333/* XXX: optimize */
50013115
PM		 3334void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3335 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3336{
3337 uint8_t v = val;
50013115
PM		 3338 MemTxResult r;
3339
3340 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3341 if (result) {
3342 *result = r;
3343 }
3344}
3345
3346void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3347{
3348 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3349}
3350
733f0b02 3351/* warning: addr must be aligned */
50013115
PM		 3352static inline void address_space_stw_internal(AddressSpace *as,
3353 hwaddr addr, uint32_t val,
3354 MemTxAttrs attrs,
3355 MemTxResult *result,
3356 enum device_endian endian)
aab33094 3357{
733f0b02 3358 uint8_t *ptr;
5c8a00ce 3359 MemoryRegion *mr;
149f54b5
PB		 3360 hwaddr l = 2;
3361 hwaddr addr1;
50013115 3362 MemTxResult r;
4840f10e 3363 bool release_lock = false;
733f0b02 3364
41063e1e 3365 rcu_read_lock();
5ce5944d 3366 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3367 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3368 release_lock |= prepare_mmio_access(mr);
125b3806 3369
1e78bcc1
AG		 3370#if defined(TARGET_WORDS_BIGENDIAN)
3371 if (endian == DEVICE_LITTLE_ENDIAN) {
3372 val = bswap16(val);
3373 }
3374#else
3375 if (endian == DEVICE_BIG_ENDIAN) {
3376 val = bswap16(val);
3377 }
3378#endif
50013115 3379 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3380 } else {
733f0b02 3381 /* RAM case */
5c8a00ce 3382 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3383 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3384 switch (endian) {
3385 case DEVICE_LITTLE_ENDIAN:
3386 stw_le_p(ptr, val);
3387 break;
3388 case DEVICE_BIG_ENDIAN:
3389 stw_be_p(ptr, val);
3390 break;
3391 default:
3392 stw_p(ptr, val);
3393 break;
3394 }
845b6214 3395 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3396 r = MEMTX_OK;
3397 }
3398 if (result) {
3399 *result = r;
733f0b02 3400 }
4840f10e
JK		 3401 if (release_lock) {
3402 qemu_mutex_unlock_iothread();
3403 }
41063e1e 3404 rcu_read_unlock();
aab33094
FB		 3405}
3406
50013115
PM		 3407void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs, MemTxResult *result)
3409{
3410 address_space_stw_internal(as, addr, val, attrs, result,
3411 DEVICE_NATIVE_ENDIAN);
3412}
3413
3414void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3415 MemTxAttrs attrs, MemTxResult *result)
3416{
3417 address_space_stw_internal(as, addr, val, attrs, result,
3418 DEVICE_LITTLE_ENDIAN);
3419}
3420
3421void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3422 MemTxAttrs attrs, MemTxResult *result)
3423{
3424 address_space_stw_internal(as, addr, val, attrs, result,
3425 DEVICE_BIG_ENDIAN);
3426}
3427
5ce5944d 3428void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3429{
50013115 3430 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3431}
3432
5ce5944d 3433void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3434{
50013115 3435 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3436}
3437
5ce5944d 3438void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3439{
50013115 3440 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3441}
3442
aab33094 3443/* XXX: optimize */
50013115
PM		 3444void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3445 MemTxAttrs attrs, MemTxResult *result)
aab33094 3446{
50013115 3447 MemTxResult r;
aab33094 3448 val = tswap64(val);
50013115
PM		 3449 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3450 if (result) {
3451 *result = r;
3452 }
aab33094
FB		 3453}
3454
50013115
PM		 3455void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3456 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3457{
50013115 3458 MemTxResult r;
1e78bcc1 3459 val = cpu_to_le64(val);
50013115
PM		 3460 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3461 if (result) {
3462 *result = r;
3463 }
3464}
3465void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
3467{
3468 MemTxResult r;
3469 val = cpu_to_be64(val);
3470 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3471 if (result) {
3472 *result = r;
3473 }
3474}
3475
3476void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3477{
3478 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3479}
3480
3481void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3482{
3483 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3484}
3485
f606604f 3486void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3487{
50013115 3488 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3489}
3490
5e2972fd 3491/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3492int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3493 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3494{
3495 int l;
a8170e5e 3496 hwaddr phys_addr;
9b3c35e0 3497 target_ulong page;
13eb76e0
FB		 3498
3499 while (len > 0) {
3500 page = addr & TARGET_PAGE_MASK;
f17ec444 3501 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3502 /* if no physical page mapped, return an error */
3503 if (phys_addr == -1)
3504 return -1;
3505 l = (page + TARGET_PAGE_SIZE) - addr;
3506 if (l > len)
3507 l = len;
5e2972fd 3508 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3509 if (is_write) {
3510 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3511 } else {
5c9eb028
PM		 3512 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3513 buf, l, 0);
2e38847b 3514 }
13eb76e0
FB		 3515 len -= l;
3516 buf += l;
3517 addr += l;
3518 }
3519 return 0;
3520}
038629a6
DDAG		 3521
3522/*
3523 * Allows code that needs to deal with migration bitmaps etc to still be built
3524 * target independent.
3525 */
3526size_t qemu_target_page_bits(void)
3527{
3528 return TARGET_PAGE_BITS;
3529}
3530
a68fe89c 3531#endif
13eb76e0 3532
8e4a424b
BS		 3533/*
3534 * A helper function for the _utterly broken_ virtio device model to find out if
3535 * it's running on a big endian machine. Don't do this at home kids!
3536 */
98ed8ecf
GK		 3537bool target_words_bigendian(void);
3538bool target_words_bigendian(void)
8e4a424b
BS		 3539{
3540#if defined(TARGET_WORDS_BIGENDIAN)
3541 return true;
3542#else
3543 return false;
3544#endif
3545}
3546
76f35538 3547#ifndef CONFIG_USER_ONLY
a8170e5e 3548bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3549{
5c8a00ce 3550 MemoryRegion*mr;
149f54b5 3551 hwaddr l = 1;
41063e1e 3552 bool res;
76f35538 3553
41063e1e 3554 rcu_read_lock();
5c8a00ce
PB		 3555 mr = address_space_translate(&address_space_memory,
3556 phys_addr, &phys_addr, &l, false);
76f35538 3557
41063e1e
PB		 3558 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3559 rcu_read_unlock();
3560 return res;
76f35538 3561}
bd2fa51f 3562
e3807054 3563int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3564{
3565 RAMBlock *block;
e3807054 3566 int ret = 0;
bd2fa51f 3567
0dc3f44a
MD		 3568 rcu_read_lock();
3569 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3570 ret = func(block->idstr, block->host, block->offset,
3571 block->used_length, opaque);
3572 if (ret) {
3573 break;
3574 }
bd2fa51f 3575 }
0dc3f44a 3576 rcu_read_unlock();
e3807054 3577 return ret;
bd2fa51f 3578}
ec3f8c99 3579#endif
QEMU mirror