]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/boards: make it safe to include for linux-user
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
777872e5 20#ifndef _WIN32
a98d49b1 21#include <sys/types.h>
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
055403b2 25#include "qemu-common.h"
6180a181 26#include "cpu.h"
b67d9a52 27#include "tcg.h"
b3c7724c 28#include "hw/hw.h"
cc9e98cb 29#include "hw/qdev.h"
1de7afc9 30#include "qemu/osdep.h"
9c17d615 31#include "sysemu/kvm.h"
2ff3de68 32#include "sysemu/sysemu.h"
0d09e41a 33#include "hw/xen/xen.h"
1de7afc9
PB		 34#include "qemu/timer.h"
35#include "qemu/config-file.h"
75a34036 36#include "qemu/error-report.h"
022c62cb 37#include "exec/memory.h"
9c17d615 38#include "sysemu/dma.h"
022c62cb 39#include "exec/address-spaces.h"
53a5960a
PB		 40#if defined(CONFIG_USER_ONLY)
41#include <qemu.h>
432d268c 42#else /* !CONFIG_USER_ONLY */
9c17d615 43#include "sysemu/xen-mapcache.h"
6506e4f9 44#include "trace.h"
53a5960a 45#endif
0d6d3c87 46#include "exec/cpu-all.h"
0dc3f44a 47#include "qemu/rcu_queue.h"
022c62cb 48#include "exec/cputlb.h"
5b6dd868 49#include "translate-all.h"
0cac1b66 50
022c62cb 51#include "exec/memory-internal.h"
220c3ebd 52#include "exec/ram_addr.h"
67d95c15 53
b35ba30f
MT		 54#include "qemu/range.h"
55
db7b5426 56//#define DEBUG_SUBPAGE
1196be37 57
e2eef170 58#if !defined(CONFIG_USER_ONLY)
981fdf23 59static bool in_migration;
94a6b54f 60
0dc3f44a
MD		 61/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
62 * are protected by the ramlist lock.
63 */
0d53d9fe 64RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 65
66static MemoryRegion *system_memory;
309cb471 67static MemoryRegion *system_io;
62152b8a 68
f6790af6
AK		 69AddressSpace address_space_io;
70AddressSpace address_space_memory;
2673a5da 71
0844e007 72MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 73static MemoryRegion io_mem_unassigned;
0e0df1e2 74
7bd4f430
PB		 75/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
76#define RAM_PREALLOC (1 << 0)
77
dbcb8981
PB		 78/* RAM is mmap-ed with MAP_SHARED */
79#define RAM_SHARED (1 << 1)
80
62be4e3a
MT		 81/* Only a portion of RAM (used_length) is actually used, and migrated.
82 * This used_length size can change across reboots.
83 */
84#define RAM_RESIZEABLE (1 << 2)
85
e2eef170 86#endif
9fa3e853 87
bdc44640 88struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 89/* current CPU in the current thread. It is only valid inside
90 cpu_exec() */
4917cf44 91DEFINE_TLS(CPUState *, current_cpu);
2e70f6ef 92/* 0 = Do not count executed instructions.
bf20dc07 93 1 = Precise instruction counting.
2e70f6ef 94 2 = Adaptive rate instruction counting. */
5708fc66 95int use_icount;
6a00d601 96
e2eef170 97#if !defined(CONFIG_USER_ONLY)
4346ae3e 98
1db8abb1
PB		 99typedef struct PhysPageEntry PhysPageEntry;
100
101struct PhysPageEntry {
9736e55b 102 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 103 uint32_t skip : 6;
9736e55b 104 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 105 uint32_t ptr : 26;
1db8abb1
PB		 106};
107
8b795765
MT		 108#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
109
03f49957 110/* Size of the L2 (and L3, etc) page tables. */
57271d63 111#define ADDR_SPACE_BITS 64
03f49957 112
026736ce 113#define P_L2_BITS 9
03f49957
PB		 114#define P_L2_SIZE (1 << P_L2_BITS)
115
116#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
117
118typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 119
53cb28cb 120typedef struct PhysPageMap {
79e2b9ae
PB		 121 struct rcu_head rcu;
122
53cb28cb
MA		 123 unsigned sections_nb;
124 unsigned sections_nb_alloc;
125 unsigned nodes_nb;
126 unsigned nodes_nb_alloc;
127 Node *nodes;
128 MemoryRegionSection *sections;
129} PhysPageMap;
130
1db8abb1 131struct AddressSpaceDispatch {
79e2b9ae
PB		 132 struct rcu_head rcu;
133
1db8abb1
PB		 134 /* This is a multi-level map on the physical address space.
135 * The bottom level has pointers to MemoryRegionSections.
136 */
137 PhysPageEntry phys_map;
53cb28cb 138 PhysPageMap map;
acc9d80b 139 AddressSpace *as;
1db8abb1
PB		 140};
141
90260c6c
JK		 142#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
143typedef struct subpage_t {
144 MemoryRegion iomem;
acc9d80b 145 AddressSpace *as;
90260c6c
JK		 146 hwaddr base;
147 uint16_t sub_section[TARGET_PAGE_SIZE];
148} subpage_t;
149
b41aac4f
LPF		 150#define PHYS_SECTION_UNASSIGNED 0
151#define PHYS_SECTION_NOTDIRTY 1
152#define PHYS_SECTION_ROM 2
153#define PHYS_SECTION_WATCH 3
5312bd8b 154
e2eef170 155static void io_mem_init(void);
62152b8a 156static void memory_map_init(void);
09daed84 157static void tcg_commit(MemoryListener *listener);
e2eef170 158
1ec9b909 159static MemoryRegion io_mem_watch;
6658ffb8 160#endif
fd6ce8f6 161
6d9a1304 162#if !defined(CONFIG_USER_ONLY)
d6f2ea22 163
53cb28cb 164static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 165{
53cb28cb
MA		 166 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
167 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
168 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
169 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 170 }
f7bf5461
AK		 171}
172
53cb28cb 173static uint32_t phys_map_node_alloc(PhysPageMap *map)
f7bf5461
AK		 174{
175 unsigned i;
8b795765 176 uint32_t ret;
f7bf5461 177
53cb28cb 178 ret = map->nodes_nb++;
f7bf5461 179 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 180 assert(ret != map->nodes_nb_alloc);
03f49957 181 for (i = 0; i < P_L2_SIZE; ++i) {
53cb28cb
MA		 182 map->nodes[ret][i].skip = 1;
183 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 184 }
f7bf5461 185 return ret;
d6f2ea22
AK		 186}
187
53cb28cb
MA		 188static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
189 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 190 int level)
f7bf5461
AK		 191{
192 PhysPageEntry *p;
193 int i;
03f49957 194 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 195
9736e55b 196 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
53cb28cb
MA		 197 lp->ptr = phys_map_node_alloc(map);
198 p = map->nodes[lp->ptr];
f7bf5461 199 if (level == 0) {
03f49957 200 for (i = 0; i < P_L2_SIZE; i++) {
9736e55b 201 p[i].skip = 0;
b41aac4f 202 p[i].ptr = PHYS_SECTION_UNASSIGNED;
4346ae3e 203 }
67c4d23c 204 }
f7bf5461 205 } else {
53cb28cb 206 p = map->nodes[lp->ptr];
92e873b9 207 }
03f49957 208 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 209
03f49957 210 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 211 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 212 lp->skip = 0;
c19e8800 213 lp->ptr = leaf;
07f07b31
AK		 214 *index += step;
215 *nb -= step;
2999097b 216 } else {
53cb28cb 217 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 218 }
219 ++lp;
f7bf5461
AK		 220 }
221}
222
ac1970fb 223static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 224 hwaddr index, hwaddr nb,
2999097b 225 uint16_t leaf)
f7bf5461 226{
2999097b 227 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 228 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 229
53cb28cb 230 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 231}
232
b35ba30f
MT		 233/* Compact a non leaf page entry. Simply detect that the entry has a single child,
234 * and update our entry so we can skip it and go directly to the destination.
235 */
236static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
237{
238 unsigned valid_ptr = P_L2_SIZE;
239 int valid = 0;
240 PhysPageEntry *p;
241 int i;
242
243 if (lp->ptr == PHYS_MAP_NODE_NIL) {
244 return;
245 }
246
247 p = nodes[lp->ptr];
248 for (i = 0; i < P_L2_SIZE; i++) {
249 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
250 continue;
251 }
252
253 valid_ptr = i;
254 valid++;
255 if (p[i].skip) {
256 phys_page_compact(&p[i], nodes, compacted);
257 }
258 }
259
260 /* We can only compress if there's only one child. */
261 if (valid != 1) {
262 return;
263 }
264
265 assert(valid_ptr < P_L2_SIZE);
266
267 /* Don't compress if it won't fit in the # of bits we have. */
268 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
269 return;
270 }
271
272 lp->ptr = p[valid_ptr].ptr;
273 if (!p[valid_ptr].skip) {
274 /* If our only child is a leaf, make this a leaf. */
275 /* By design, we should have made this node a leaf to begin with so we
276 * should never reach here.
277 * But since it's so simple to handle this, let's do it just in case we
278 * change this rule.
279 */
280 lp->skip = 0;
281 } else {
282 lp->skip += p[valid_ptr].skip;
283 }
284}
285
286static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
287{
288 DECLARE_BITMAP(compacted, nodes_nb);
289
290 if (d->phys_map.skip) {
53cb28cb 291 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 292 }
293}
294
97115a8d 295static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 296 Node *nodes, MemoryRegionSection *sections)
92e873b9 297{
31ab2b4a 298 PhysPageEntry *p;
97115a8d 299 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 300 int i;
f1f6e3b8 301
9736e55b 302 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 303 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 304 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 305 }
9affd6fc 306 p = nodes[lp.ptr];
03f49957 307 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 308 }
b35ba30f
MT		 309
310 if (sections[lp.ptr].size.hi ||
311 range_covers_byte(sections[lp.ptr].offset_within_address_space,
312 sections[lp.ptr].size.lo, addr)) {
313 return &sections[lp.ptr];
314 } else {
315 return &sections[PHYS_SECTION_UNASSIGNED];
316 }
f3705d53
AK		 317}
318
e5548617
BS		 319bool memory_region_is_unassigned(MemoryRegion *mr)
320{
2a8e7499 321 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 322 && mr != &io_mem_watch;
fd6ce8f6 323}
149f54b5 324
79e2b9ae 325/* Called from RCU critical section */
c7086b4a 326static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 327 hwaddr addr,
328 bool resolve_subpage)
9f029603 329{
90260c6c
JK		 330 MemoryRegionSection *section;
331 subpage_t *subpage;
332
53cb28cb 333 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 334 if (resolve_subpage && section->mr->subpage) {
335 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 336 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 337 }
338 return section;
9f029603
JK		 339}
340
79e2b9ae 341/* Called from RCU critical section */
90260c6c 342static MemoryRegionSection *
c7086b4a 343address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 344 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 345{
346 MemoryRegionSection *section;
a87f3954 347 Int128 diff;
149f54b5 348
c7086b4a 349 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 350 /* Compute offset within MemoryRegionSection */
351 addr -= section->offset_within_address_space;
352
353 /* Compute offset within MemoryRegion */
354 *xlat = addr + section->offset_within_region;
355
356 diff = int128_sub(section->mr->size, int128_make64(addr));
3752a036 357 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
149f54b5
PB		 358 return section;
359}
90260c6c 360
a87f3954
PB		 361static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
362{
363 if (memory_region_is_ram(mr)) {
364 return !(is_write && mr->readonly);
365 }
366 if (memory_region_is_romd(mr)) {
367 return !is_write;
368 }
369
370 return false;
371}
372
5c8a00ce
PB		 373MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
374 hwaddr *xlat, hwaddr *plen,
375 bool is_write)
90260c6c 376{
30951157
AK		 377 IOMMUTLBEntry iotlb;
378 MemoryRegionSection *section;
379 MemoryRegion *mr;
380 hwaddr len = *plen;
381
79e2b9ae 382 rcu_read_lock();
30951157 383 for (;;) {
79e2b9ae
PB		 384 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
385 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 386 mr = section->mr;
387
388 if (!mr->iommu_ops) {
389 break;
390 }
391
8d7b8cb9 392 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 393 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
394 | (addr & iotlb.addr_mask));
395 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
396 if (!(iotlb.perm & (1 << is_write))) {
397 mr = &io_mem_unassigned;
398 break;
399 }
400
401 as = iotlb.target_as;
402 }
403
fe680d0d 404 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954
PB		 405 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
406 len = MIN(page, len);
407 }
408
30951157
AK		 409 *plen = len;
410 *xlat = addr;
79e2b9ae 411 rcu_read_unlock();
30951157 412 return mr;
90260c6c
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416MemoryRegionSection *
9d82b5a7
PB		 417address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen)
90260c6c 419{
30951157 420 MemoryRegionSection *section;
9d82b5a7
PB		 421 section = address_space_translate_internal(cpu->memory_dispatch,
422 addr, xlat, plen, false);
30951157
AK		 423
424 assert(!section->mr->iommu_ops);
425 return section;
90260c6c 426}
5b6dd868 427#endif
fd6ce8f6 428
5b6dd868 429void cpu_exec_init_all(void)
fdbb84d1 430{
5b6dd868 431#if !defined(CONFIG_USER_ONLY)
b2a8658e 432 qemu_mutex_init(&ram_list.mutex);
5b6dd868
BS		 433 memory_map_init();
434 io_mem_init();
fdbb84d1 435#endif
5b6dd868 436}
fdbb84d1 437
b170fce3 438#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 439
440static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 441{
259186a7 442 CPUState *cpu = opaque;
a513fe19 443
5b6dd868
BS		 444 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
445 version_id is increased. */
259186a7 446 cpu->interrupt_request &= ~0x01;
c01a71c1 447 tlb_flush(cpu, 1);
5b6dd868
BS		 448
449 return 0;
a513fe19 450}
7501267e 451
6c3bff0e
PD		 452static int cpu_common_pre_load(void *opaque)
453{
454 CPUState *cpu = opaque;
455
adee6424 456 cpu->exception_index = -1;
6c3bff0e
PD		 457
458 return 0;
459}
460
461static bool cpu_common_exception_index_needed(void *opaque)
462{
463 CPUState *cpu = opaque;
464
adee6424 465 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 466}
467
468static const VMStateDescription vmstate_cpu_common_exception_index = {
469 .name = "cpu_common/exception_index",
470 .version_id = 1,
471 .minimum_version_id = 1,
472 .fields = (VMStateField[]) {
473 VMSTATE_INT32(exception_index, CPUState),
474 VMSTATE_END_OF_LIST()
475 }
476};
477
1a1562f5 478const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 479 .name = "cpu_common",
480 .version_id = 1,
481 .minimum_version_id = 1,
6c3bff0e 482 .pre_load = cpu_common_pre_load,
5b6dd868 483 .post_load = cpu_common_post_load,
35d08458 484 .fields = (VMStateField[]) {
259186a7
AF		 485 VMSTATE_UINT32(halted, CPUState),
486 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 487 VMSTATE_END_OF_LIST()
6c3bff0e
PD		 488 },
489 .subsections = (VMStateSubsection[]) {
490 {
491 .vmsd = &vmstate_cpu_common_exception_index,
492 .needed = cpu_common_exception_index_needed,
493 } , {
494 /* empty */
495 }
5b6dd868
BS		 496 }
497};
1a1562f5 498
5b6dd868 499#endif
ea041c0e 500
38d8f5c8 501CPUState *qemu_get_cpu(int index)
ea041c0e 502{
bdc44640 503 CPUState *cpu;
ea041c0e 504
bdc44640 505 CPU_FOREACH(cpu) {
55e5c285 506 if (cpu->cpu_index == index) {
bdc44640 507 return cpu;
55e5c285 508 }
ea041c0e 509 }
5b6dd868 510
bdc44640 511 return NULL;
ea041c0e
FB		 512}
513
09daed84
EI		 514#if !defined(CONFIG_USER_ONLY)
515void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
516{
517 /* We only support one address space per cpu at the moment. */
518 assert(cpu->as == as);
519
520 if (cpu->tcg_as_listener) {
521 memory_listener_unregister(cpu->tcg_as_listener);
522 } else {
523 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
524 }
525 cpu->tcg_as_listener->commit = tcg_commit;
526 memory_listener_register(cpu->tcg_as_listener, as);
527}
528#endif
529
5b6dd868 530void cpu_exec_init(CPUArchState *env)
ea041c0e 531{
5b6dd868 532 CPUState *cpu = ENV_GET_CPU(env);
b170fce3 533 CPUClass *cc = CPU_GET_CLASS(cpu);
bdc44640 534 CPUState *some_cpu;
5b6dd868
BS		 535 int cpu_index;
536
537#if defined(CONFIG_USER_ONLY)
538 cpu_list_lock();
539#endif
5b6dd868 540 cpu_index = 0;
bdc44640 541 CPU_FOREACH(some_cpu) {
5b6dd868
BS		 542 cpu_index++;
543 }
55e5c285 544 cpu->cpu_index = cpu_index;
1b1ed8dc 545 cpu->numa_node = 0;
f0c3c505 546 QTAILQ_INIT(&cpu->breakpoints);
ff4700b0 547 QTAILQ_INIT(&cpu->watchpoints);
5b6dd868 548#ifndef CONFIG_USER_ONLY
09daed84 549 cpu->as = &address_space_memory;
5b6dd868
BS		 550 cpu->thread_id = qemu_get_thread_id();
551#endif
bdc44640 552 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 553#if defined(CONFIG_USER_ONLY)
554 cpu_list_unlock();
555#endif
e0d47944
AF		 556 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
557 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
558 }
5b6dd868 559#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 560 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
561 cpu_save, cpu_load, env);
b170fce3 562 assert(cc->vmsd == NULL);
e0d47944 563 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 564#endif
b170fce3
AF		 565 if (cc->vmsd != NULL) {
566 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
567 }
ea041c0e
FB		 568}
569
94df27fd 570#if defined(CONFIG_USER_ONLY)
00b941e5 571static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 572{
573 tb_invalidate_phys_page_range(pc, pc + 1, 0);
574}
575#else
00b941e5 576static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 577{
e8262a1b
MF		 578 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
579 if (phys != -1) {
09daed84 580 tb_invalidate_phys_addr(cpu->as,
29d8ec7b 581 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 582 }
1e7855a5 583}
c27004ec 584#endif
d720b93d 585
c527ee8f 586#if defined(CONFIG_USER_ONLY)
75a34036 587void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 588
589{
590}
591
3ee887e8
PM		 592int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
593 int flags)
594{
595 return -ENOSYS;
596}
597
598void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
599{
600}
601
75a34036 602int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 603 int flags, CPUWatchpoint **watchpoint)
604{
605 return -ENOSYS;
606}
607#else
6658ffb8 608/* Add a watchpoint. */
75a34036 609int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 610 int flags, CPUWatchpoint **watchpoint)
6658ffb8 611{
c0ce998e 612 CPUWatchpoint *wp;
6658ffb8 613
05068c0d 614 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 615 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 616 error_report("tried to set invalid watchpoint at %"
617 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 618 return -EINVAL;
619 }
7267c094 620 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 621
622 wp->vaddr = addr;
05068c0d 623 wp->len = len;
a1d1bb31
AL		 624 wp->flags = flags;
625
2dc9f411 626 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 627 if (flags & BP_GDB) {
628 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
629 } else {
630 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
631 }
6658ffb8 632
31b030d4 633 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 634
635 if (watchpoint)
636 *watchpoint = wp;
637 return 0;
6658ffb8
PB		 638}
639
a1d1bb31 640/* Remove a specific watchpoint. */
75a34036 641int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 642 int flags)
6658ffb8 643{
a1d1bb31 644 CPUWatchpoint *wp;
6658ffb8 645
ff4700b0 646 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 647 if (addr == wp->vaddr && len == wp->len
6e140f28 648 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 649 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 650 return 0;
651 }
652 }
a1d1bb31 653 return -ENOENT;
6658ffb8
PB		 654}
655
a1d1bb31 656/* Remove a specific watchpoint by reference. */
75a34036 657void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 658{
ff4700b0 659 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 660
31b030d4 661 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 662
7267c094 663 g_free(watchpoint);
a1d1bb31
AL		 664}
665
666/* Remove all matching watchpoints. */
75a34036 667void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 668{
c0ce998e 669 CPUWatchpoint *wp, *next;
a1d1bb31 670
ff4700b0 671 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 672 if (wp->flags & mask) {
673 cpu_watchpoint_remove_by_ref(cpu, wp);
674 }
c0ce998e 675 }
7d03f82f 676}
05068c0d
PM		 677
678/* Return true if this watchpoint address matches the specified
679 * access (ie the address range covered by the watchpoint overlaps
680 * partially or completely with the address range covered by the
681 * access).
682 */
683static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
684 vaddr addr,
685 vaddr len)
686{
687 /* We know the lengths are non-zero, but a little caution is
688 * required to avoid errors in the case where the range ends
689 * exactly at the top of the address space and so addr + len
690 * wraps round to zero.
691 */
692 vaddr wpend = wp->vaddr + wp->len - 1;
693 vaddr addrend = addr + len - 1;
694
695 return !(addr > wpend || wp->vaddr > addrend);
696}
697
c527ee8f 698#endif
7d03f82f 699
a1d1bb31 700/* Add a breakpoint. */
b3310ab3 701int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 702 CPUBreakpoint **breakpoint)
4c3a88a2 703{
c0ce998e 704 CPUBreakpoint *bp;
3b46e624 705
7267c094 706 bp = g_malloc(sizeof(*bp));
4c3a88a2 707
a1d1bb31
AL		 708 bp->pc = pc;
709 bp->flags = flags;
710
2dc9f411 711 /* keep all GDB-injected breakpoints in front */
00b941e5 712 if (flags & BP_GDB) {
f0c3c505 713 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 714 } else {
f0c3c505 715 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 716 }
3b46e624 717
f0c3c505 718 breakpoint_invalidate(cpu, pc);
a1d1bb31 719
00b941e5 720 if (breakpoint) {
a1d1bb31 721 *breakpoint = bp;
00b941e5 722 }
4c3a88a2 723 return 0;
4c3a88a2
FB		 724}
725
a1d1bb31 726/* Remove a specific breakpoint. */
b3310ab3 727int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 728{
a1d1bb31
AL		 729 CPUBreakpoint *bp;
730
f0c3c505 731 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 732 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 733 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 734 return 0;
735 }
7d03f82f 736 }
a1d1bb31 737 return -ENOENT;
7d03f82f
EI		 738}
739
a1d1bb31 740/* Remove a specific breakpoint by reference. */
b3310ab3 741void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 742{
f0c3c505
AF		 743 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
744
745 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 746
7267c094 747 g_free(breakpoint);
a1d1bb31
AL		 748}
749
750/* Remove all matching breakpoints. */
b3310ab3 751void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 752{
c0ce998e 753 CPUBreakpoint *bp, *next;
a1d1bb31 754
f0c3c505 755 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 756 if (bp->flags & mask) {
757 cpu_breakpoint_remove_by_ref(cpu, bp);
758 }
c0ce998e 759 }
4c3a88a2
FB		 760}
761
c33a346e
FB		 762/* enable or disable single step mode. EXCP_DEBUG is returned by the
763 CPU loop after each instruction */
3825b28f 764void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 765{
ed2803da
AF		 766 if (cpu->singlestep_enabled != enabled) {
767 cpu->singlestep_enabled = enabled;
768 if (kvm_enabled()) {
38e478ec 769 kvm_update_guest_debug(cpu, 0);
ed2803da 770 } else {
ccbb4d44 771 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 772 /* XXX: only flush what is necessary */
38e478ec 773 CPUArchState *env = cpu->env_ptr;
e22a25c9
AL		 774 tb_flush(env);
775 }
c33a346e 776 }
c33a346e
FB		 777}
778
a47dddd7 779void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 780{
781 va_list ap;
493ae1f0 782 va_list ap2;
7501267e
FB		 783
784 va_start(ap, fmt);
493ae1f0 785 va_copy(ap2, ap);
7501267e
FB		 786 fprintf(stderr, "qemu: fatal: ");
787 vfprintf(stderr, fmt, ap);
788 fprintf(stderr, "\n");
878096ee 789 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 790 if (qemu_log_enabled()) {
791 qemu_log("qemu: fatal: ");
792 qemu_log_vprintf(fmt, ap2);
793 qemu_log("\n");
a0762859 794 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 795 qemu_log_flush();
93fcfe39 796 qemu_log_close();
924edcae 797 }
493ae1f0 798 va_end(ap2);
f9373291 799 va_end(ap);
fd052bf6
RV		 800#if defined(CONFIG_USER_ONLY)
801 {
802 struct sigaction act;
803 sigfillset(&act.sa_mask);
804 act.sa_handler = SIG_DFL;
805 sigaction(SIGABRT, &act, NULL);
806 }
807#endif
7501267e
FB		 808 abort();
809}
810
0124311e 811#if !defined(CONFIG_USER_ONLY)
0dc3f44a 812/* Called from RCU critical section */
041603fe
PB		 813static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
814{
815 RAMBlock *block;
816
43771539 817 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 818 if (block && addr - block->offset < block->max_length) {
041603fe
PB		 819 goto found;
820 }
0dc3f44a 821 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 822 if (addr - block->offset < block->max_length) {
041603fe
PB		 823 goto found;
824 }
825 }
826
827 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
828 abort();
829
830found:
43771539
PB		 831 /* It is safe to write mru_block outside the iothread lock. This
832 * is what happens:
833 *
834 * mru_block = xxx
835 * rcu_read_unlock()
836 * xxx removed from list
837 * rcu_read_lock()
838 * read mru_block
839 * mru_block = NULL;
840 * call_rcu(reclaim_ramblock, xxx);
841 * rcu_read_unlock()
842 *
843 * atomic_rcu_set is not needed here. The block was already published
844 * when it was placed into the list. Here we're just making an extra
845 * copy of the pointer.
846 */
041603fe
PB		 847 ram_list.mru_block = block;
848 return block;
849}
850
a2f4d5be 851static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 852{
041603fe 853 ram_addr_t start1;
a2f4d5be
JQ		 854 RAMBlock *block;
855 ram_addr_t end;
856
857 end = TARGET_PAGE_ALIGN(start + length);
858 start &= TARGET_PAGE_MASK;
d24981d3 859
0dc3f44a 860 rcu_read_lock();
041603fe
PB		 861 block = qemu_get_ram_block(start);
862 assert(block == qemu_get_ram_block(end - 1));
1240be24 863 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
041603fe 864 cpu_tlb_reset_dirty_all(start1, length);
0dc3f44a 865 rcu_read_unlock();
d24981d3
JQ		 866}
867
5579c7f3 868/* Note: start and end must be within the same ram block. */
a2f4d5be 869void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
52159192 870 unsigned client)
1ccde1cb 871{
1ccde1cb
FB		 872 if (length == 0)
873 return;
c8d6f66a 874 cpu_physical_memory_clear_dirty_range_type(start, length, client);
f23db169 875
d24981d3 876 if (tcg_enabled()) {
a2f4d5be 877 tlb_reset_dirty_range_all(start, length);
5579c7f3 878 }
1ccde1cb
FB		 879}
880
981fdf23 881static void cpu_physical_memory_set_dirty_tracking(bool enable)
74576198
AL		 882{
883 in_migration = enable;
74576198
AL		 884}
885
79e2b9ae 886/* Called from RCU critical section */
bb0e627a 887hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 888 MemoryRegionSection *section,
889 target_ulong vaddr,
890 hwaddr paddr, hwaddr xlat,
891 int prot,
892 target_ulong *address)
e5548617 893{
a8170e5e 894 hwaddr iotlb;
e5548617
BS		 895 CPUWatchpoint *wp;
896
cc5bea60 897 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 898 /* Normal RAM. */
899 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 900 + xlat;
e5548617 901 if (!section->readonly) {
b41aac4f 902 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 903 } else {
b41aac4f 904 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 905 }
906 } else {
1b3fb98f 907 iotlb = section - section->address_space->dispatch->map.sections;
149f54b5 908 iotlb += xlat;
e5548617
BS		 909 }
910
911 /* Make accesses to pages with watchpoints go via the
912 watchpoint trap routines. */
ff4700b0 913 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 914 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 915 /* Avoid trapping reads of pages with a write breakpoint. */
916 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 917 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 918 *address |= TLB_MMIO;
919 break;
920 }
921 }
922 }
923
924 return iotlb;
925}
9fa3e853
FB		 926#endif /* defined(CONFIG_USER_ONLY) */
927
e2eef170 928#if !defined(CONFIG_USER_ONLY)
8da3ff18 929
c227f099 930static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 931 uint16_t section);
acc9d80b 932static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 933
a2b257d6
IM		 934static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
935 qemu_anon_ram_alloc;
91138037
MA		 936
937/*
938 * Set a custom physical guest memory alloator.
939 * Accelerators with unusual needs may need this. Hopefully, we can
940 * get rid of it eventually.
941 */
a2b257d6 942void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 943{
944 phys_mem_alloc = alloc;
945}
946
53cb28cb
MA		 947static uint16_t phys_section_add(PhysPageMap *map,
948 MemoryRegionSection *section)
5312bd8b 949{
68f3f65b
PB		 950 /* The physical section number is ORed with a page-aligned
951 * pointer to produce the iotlb entries. Thus it should
952 * never overflow into the page-aligned value.
953 */
53cb28cb 954 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 955
53cb28cb
MA		 956 if (map->sections_nb == map->sections_nb_alloc) {
957 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
958 map->sections = g_renew(MemoryRegionSection, map->sections,
959 map->sections_nb_alloc);
5312bd8b 960 }
53cb28cb 961 map->sections[map->sections_nb] = *section;
dfde4e6e 962 memory_region_ref(section->mr);
53cb28cb 963 return map->sections_nb++;
5312bd8b
AK		 964}
965
058bc4b5
PB		 966static void phys_section_destroy(MemoryRegion *mr)
967{
dfde4e6e
PB		 968 memory_region_unref(mr);
969
058bc4b5
PB		 970 if (mr->subpage) {
971 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 972 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 973 g_free(subpage);
974 }
975}
976
6092666e 977static void phys_sections_free(PhysPageMap *map)
5312bd8b 978{
9affd6fc
PB		 979 while (map->sections_nb > 0) {
980 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 981 phys_section_destroy(section->mr);
982 }
9affd6fc
PB		 983 g_free(map->sections);
984 g_free(map->nodes);
5312bd8b
AK		 985}
986
ac1970fb 987static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 988{
989 subpage_t *subpage;
a8170e5e 990 hwaddr base = section->offset_within_address_space
0f0cb164 991 & TARGET_PAGE_MASK;
97115a8d 992 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 993 d->map.nodes, d->map.sections);
0f0cb164
AK		 994 MemoryRegionSection subsection = {
995 .offset_within_address_space = base,
052e87b0 996 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 997 };
a8170e5e 998 hwaddr start, end;
0f0cb164 999
f3705d53 1000 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1001
f3705d53 1002 if (!(existing->mr->subpage)) {
acc9d80b 1003 subpage = subpage_init(d->as, base);
3be91e86 1004 subsection.address_space = d->as;
0f0cb164 1005 subsection.mr = &subpage->iomem;
ac1970fb 1006 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1007 phys_section_add(&d->map, &subsection));
0f0cb164 1008 } else {
f3705d53 1009 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1010 }
1011 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1012 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1013 subpage_register(subpage, start, end,
1014 phys_section_add(&d->map, section));
0f0cb164
AK		 1015}
1016
1017
052e87b0
PB		 1018static void register_multipage(AddressSpaceDispatch *d,
1019 MemoryRegionSection *section)
33417e70 1020{
a8170e5e 1021 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1022 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1023 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1024 TARGET_PAGE_BITS));
dd81124b 1025
733d5ef5
PB		 1026 assert(num_pages);
1027 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1028}
1029
ac1970fb 1030static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1031{
89ae337a 1032 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1033 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1034 MemoryRegionSection now = *section, remain = *section;
052e87b0 1035 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1036
733d5ef5
PB		 1037 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1038 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1039 - now.offset_within_address_space;
1040
052e87b0 1041 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1042 register_subpage(d, &now);
733d5ef5 1043 } else {
052e87b0 1044 now.size = int128_zero();
733d5ef5 1045 }
052e87b0
PB		 1046 while (int128_ne(remain.size, now.size)) {
1047 remain.size = int128_sub(remain.size, now.size);
1048 remain.offset_within_address_space += int128_get64(now.size);
1049 remain.offset_within_region += int128_get64(now.size);
69b67646 1050 now = remain;
052e87b0 1051 if (int128_lt(remain.size, page_size)) {
733d5ef5 1052 register_subpage(d, &now);
88266249 1053 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1054 now.size = page_size;
ac1970fb 1055 register_subpage(d, &now);
69b67646 1056 } else {
052e87b0 1057 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1058 register_multipage(d, &now);
69b67646 1059 }
0f0cb164
AK		 1060 }
1061}
1062
62a2744c
SY		 1063void qemu_flush_coalesced_mmio_buffer(void)
1064{
1065 if (kvm_enabled())
1066 kvm_flush_coalesced_mmio_buffer();
1067}
1068
b2a8658e
UD		 1069void qemu_mutex_lock_ramlist(void)
1070{
1071 qemu_mutex_lock(&ram_list.mutex);
1072}
1073
1074void qemu_mutex_unlock_ramlist(void)
1075{
1076 qemu_mutex_unlock(&ram_list.mutex);
1077}
1078
e1e84ba0 1079#ifdef __linux__
c902760f
MT		 1080
1081#include <sys/vfs.h>
1082
1083#define HUGETLBFS_MAGIC 0x958458f6
1084
fc7a5800 1085static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1086{
1087 struct statfs fs;
1088 int ret;
1089
1090 do {
9742bf26 1091 ret = statfs(path, &fs);
c902760f
MT		 1092 } while (ret != 0 && errno == EINTR);
1093
1094 if (ret != 0) {
fc7a5800
HT		 1095 error_setg_errno(errp, errno, "failed to get page size of file %s",
1096 path);
9742bf26 1097 return 0;
c902760f
MT		 1098 }
1099
1100 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 1101 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 1102
1103 return fs.f_bsize;
1104}
1105
04b16653
AW		 1106static void *file_ram_alloc(RAMBlock *block,
1107 ram_addr_t memory,
7f56e740
PB		 1108 const char *path,
1109 Error **errp)
c902760f
MT		 1110{
1111 char *filename;
8ca761f6
PF		 1112 char *sanitized_name;
1113 char *c;
557529dd 1114 void *area = NULL;
c902760f 1115 int fd;
557529dd 1116 uint64_t hpagesize;
fc7a5800 1117 Error *local_err = NULL;
c902760f 1118
fc7a5800
HT		 1119 hpagesize = gethugepagesize(path, &local_err);
1120 if (local_err) {
1121 error_propagate(errp, local_err);
f9a49dfa 1122 goto error;
c902760f 1123 }
a2b257d6 1124 block->mr->align = hpagesize;
c902760f
MT		 1125
1126 if (memory < hpagesize) {
557529dd
HT		 1127 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1128 "or larger than huge page size 0x%" PRIx64,
1129 memory, hpagesize);
1130 goto error;
c902760f
MT		 1131 }
1132
1133 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1134 error_setg(errp,
1135 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1136 goto error;
c902760f
MT		 1137 }
1138
8ca761f6 1139 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
83234bf2 1140 sanitized_name = g_strdup(memory_region_name(block->mr));
8ca761f6
PF		 1141 for (c = sanitized_name; *c != '\0'; c++) {
1142 if (*c == '/')
1143 *c = '_';
1144 }
1145
1146 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1147 sanitized_name);
1148 g_free(sanitized_name);
c902760f
MT		 1149
1150 fd = mkstemp(filename);
1151 if (fd < 0) {
7f56e740
PB		 1152 error_setg_errno(errp, errno,
1153 "unable to create backing store for hugepages");
e4ada482 1154 g_free(filename);
f9a49dfa 1155 goto error;
c902760f
MT		 1156 }
1157 unlink(filename);
e4ada482 1158 g_free(filename);
c902760f
MT		 1159
1160 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1161
1162 /*
1163 * ftruncate is not supported by hugetlbfs in older
1164 * hosts, so don't bother bailing out on errors.
1165 * If anything goes wrong with it under other filesystems,
1166 * mmap will fail.
1167 */
7f56e740 1168 if (ftruncate(fd, memory)) {
9742bf26 1169 perror("ftruncate");
7f56e740 1170 }
c902760f 1171
dbcb8981
PB		 1172 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1173 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1174 fd, 0);
c902760f 1175 if (area == MAP_FAILED) {
7f56e740
PB		 1176 error_setg_errno(errp, errno,
1177 "unable to map backing store for hugepages");
9742bf26 1178 close(fd);
f9a49dfa 1179 goto error;
c902760f 1180 }
ef36fa14
MT		 1181
1182 if (mem_prealloc) {
38183310 1183 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1184 }
1185
04b16653 1186 block->fd = fd;
c902760f 1187 return area;
f9a49dfa
MT		 1188
1189error:
1190 if (mem_prealloc) {
81b07353 1191 error_report("%s", error_get_pretty(*errp));
f9a49dfa
MT		 1192 exit(1);
1193 }
1194 return NULL;
c902760f
MT		 1195}
1196#endif
1197
0dc3f44a 1198/* Called with the ramlist lock held. */
d17b5288 1199static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1200{
1201 RAMBlock *block, *next_block;
3e837b2c 1202 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1203
49cd9ac6
SH		 1204 assert(size != 0); /* it would hand out same offset multiple times */
1205
0dc3f44a 1206 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1207 return 0;
0d53d9fe 1208 }
04b16653 1209
0dc3f44a 1210 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1211 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1212
62be4e3a 1213 end = block->offset + block->max_length;
04b16653 1214
0dc3f44a 1215 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1216 if (next_block->offset >= end) {
1217 next = MIN(next, next_block->offset);
1218 }
1219 }
1220 if (next - end >= size && next - end < mingap) {
3e837b2c 1221 offset = end;
04b16653
AW		 1222 mingap = next - end;
1223 }
1224 }
3e837b2c
AW		 1225
1226 if (offset == RAM_ADDR_MAX) {
1227 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1228 (uint64_t)size);
1229 abort();
1230 }
1231
04b16653
AW		 1232 return offset;
1233}
1234
652d7ec2 1235ram_addr_t last_ram_offset(void)
d17b5288
AW		 1236{
1237 RAMBlock *block;
1238 ram_addr_t last = 0;
1239
0dc3f44a
MD		 1240 rcu_read_lock();
1241 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1242 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1243 }
0dc3f44a 1244 rcu_read_unlock();
d17b5288
AW		 1245 return last;
1246}
1247
ddb97f1d
JB		 1248static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1249{
1250 int ret;
ddb97f1d
JB		 1251
1252 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2ff3de68
MA		 1253 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1254 "dump-guest-core", true)) {
ddb97f1d
JB		 1255 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1256 if (ret) {
1257 perror("qemu_madvise");
1258 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1259 "but dump_guest_core=off specified\n");
1260 }
1261 }
1262}
1263
0dc3f44a
MD		 1264/* Called within an RCU critical section, or while the ramlist lock
1265 * is held.
1266 */
20cfe881 1267static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1268{
20cfe881 1269 RAMBlock *block;
84b89d78 1270
0dc3f44a 1271 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1272 if (block->offset == addr) {
20cfe881 1273 return block;
c5705a77
AK		 1274 }
1275 }
20cfe881
HT		 1276
1277 return NULL;
1278}
1279
ae3a7047 1280/* Called with iothread lock held. */
20cfe881
HT		 1281void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1282{
ae3a7047 1283 RAMBlock *new_block, *block;
20cfe881 1284
0dc3f44a 1285 rcu_read_lock();
ae3a7047 1286 new_block = find_ram_block(addr);
c5705a77
AK		 1287 assert(new_block);
1288 assert(!new_block->idstr[0]);
84b89d78 1289
09e5ab63
AL		 1290 if (dev) {
1291 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1292 if (id) {
1293 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1294 g_free(id);
84b89d78
CM		 1295 }
1296 }
1297 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1298
0dc3f44a 1299 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1300 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1301 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1302 new_block->idstr);
1303 abort();
1304 }
1305 }
0dc3f44a 1306 rcu_read_unlock();
c5705a77
AK		 1307}
1308
ae3a7047 1309/* Called with iothread lock held. */
20cfe881
HT		 1310void qemu_ram_unset_idstr(ram_addr_t addr)
1311{
ae3a7047 1312 RAMBlock *block;
20cfe881 1313
ae3a7047
MD		 1314 /* FIXME: arch_init.c assumes that this is not called throughout
1315 * migration. Ignore the problem since hot-unplug during migration
1316 * does not work anyway.
1317 */
1318
0dc3f44a 1319 rcu_read_lock();
ae3a7047 1320 block = find_ram_block(addr);
20cfe881
HT		 1321 if (block) {
1322 memset(block->idstr, 0, sizeof(block->idstr));
1323 }
0dc3f44a 1324 rcu_read_unlock();
20cfe881
HT		 1325}
1326
8490fc78
LC		 1327static int memory_try_enable_merging(void *addr, size_t len)
1328{
2ff3de68 1329 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
8490fc78
LC		 1330 /* disabled by the user */
1331 return 0;
1332 }
1333
1334 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1335}
1336
62be4e3a
MT		 1337/* Only legal before guest might have detected the memory size: e.g. on
1338 * incoming migration, or right after reset.
1339 *
1340 * As memory core doesn't know how is memory accessed, it is up to
1341 * resize callback to update device state and/or add assertions to detect
1342 * misuse, if necessary.
1343 */
1344int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1345{
1346 RAMBlock *block = find_ram_block(base);
1347
1348 assert(block);
1349
129ddaf3
MT		 1350 newsize = TARGET_PAGE_ALIGN(newsize);
1351
62be4e3a
MT		 1352 if (block->used_length == newsize) {
1353 return 0;
1354 }
1355
1356 if (!(block->flags & RAM_RESIZEABLE)) {
1357 error_setg_errno(errp, EINVAL,
1358 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1359 " in != 0x" RAM_ADDR_FMT, block->idstr,
1360 newsize, block->used_length);
1361 return -EINVAL;
1362 }
1363
1364 if (block->max_length < newsize) {
1365 error_setg_errno(errp, EINVAL,
1366 "Length too large: %s: 0x" RAM_ADDR_FMT
1367 " > 0x" RAM_ADDR_FMT, block->idstr,
1368 newsize, block->max_length);
1369 return -EINVAL;
1370 }
1371
1372 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1373 block->used_length = newsize;
1374 cpu_physical_memory_set_dirty_range(block->offset, block->used_length);
1375 memory_region_set_size(block->mr, newsize);
1376 if (block->resized) {
1377 block->resized(block->idstr, newsize, block->host);
1378 }
1379 return 0;
1380}
1381
ef701d7b 1382static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1383{
e1c57ab8 1384 RAMBlock *block;
0d53d9fe 1385 RAMBlock *last_block = NULL;
2152f5ca
JQ		 1386 ram_addr_t old_ram_size, new_ram_size;
1387
1388 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1389
b2a8658e 1390 qemu_mutex_lock_ramlist();
9b8424d5 1391 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1392
1393 if (!new_block->host) {
1394 if (xen_enabled()) {
9b8424d5
MT		 1395 xen_ram_alloc(new_block->offset, new_block->max_length,
1396 new_block->mr);
e1c57ab8 1397 } else {
9b8424d5 1398 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1399 &new_block->mr->align);
39228250 1400 if (!new_block->host) {
ef701d7b
HT		 1401 error_setg_errno(errp, errno,
1402 "cannot set up guest memory '%s'",
1403 memory_region_name(new_block->mr));
1404 qemu_mutex_unlock_ramlist();
1405 return -1;
39228250 1406 }
9b8424d5 1407 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1408 }
c902760f 1409 }
94a6b54f 1410
0d53d9fe
MD		 1411 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1412 * QLIST (which has an RCU-friendly variant) does not have insertion at
1413 * tail, so save the last element in last_block.
1414 */
0dc3f44a 1415 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1416 last_block = block;
9b8424d5 1417 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1418 break;
1419 }
1420 }
1421 if (block) {
0dc3f44a 1422 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1423 } else if (last_block) {
0dc3f44a 1424 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1425 } else { /* list is empty */
0dc3f44a 1426 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1427 }
0d6d3c87 1428 ram_list.mru_block = NULL;
94a6b54f 1429
0dc3f44a
MD		 1430 /* Write list before version */
1431 smp_wmb();
f798b07f 1432 ram_list.version++;
b2a8658e 1433 qemu_mutex_unlock_ramlist();
f798b07f 1434
2152f5ca
JQ		 1435 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1436
1437 if (new_ram_size > old_ram_size) {
1ab4c8ce 1438 int i;
ae3a7047
MD		 1439
1440 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1441 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1442 ram_list.dirty_memory[i] =
1443 bitmap_zero_extend(ram_list.dirty_memory[i],
1444 old_ram_size, new_ram_size);
1445 }
2152f5ca 1446 }
9b8424d5
MT		 1447 cpu_physical_memory_set_dirty_range(new_block->offset,
1448 new_block->used_length);
94a6b54f 1449
a904c911
PB		 1450 if (new_block->host) {
1451 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1452 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1453 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1454 if (kvm_enabled()) {
1455 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1456 }
e1c57ab8 1457 }
6f0437e8 1458
94a6b54f
PB		 1459 return new_block->offset;
1460}
e9a1ab19 1461
0b183fc8 1462#ifdef __linux__
e1c57ab8 1463ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1464 bool share, const char *mem_path,
7f56e740 1465 Error **errp)
e1c57ab8
PB		 1466{
1467 RAMBlock *new_block;
ef701d7b
HT		 1468 ram_addr_t addr;
1469 Error *local_err = NULL;
e1c57ab8
PB		 1470
1471 if (xen_enabled()) {
7f56e740
PB		 1472 error_setg(errp, "-mem-path not supported with Xen");
1473 return -1;
e1c57ab8
PB		 1474 }
1475
1476 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1477 /*
1478 * file_ram_alloc() needs to allocate just like
1479 * phys_mem_alloc, but we haven't bothered to provide
1480 * a hook there.
1481 */
7f56e740
PB		 1482 error_setg(errp,
1483 "-mem-path not supported with this accelerator");
1484 return -1;
e1c57ab8
PB		 1485 }
1486
1487 size = TARGET_PAGE_ALIGN(size);
1488 new_block = g_malloc0(sizeof(*new_block));
1489 new_block->mr = mr;
9b8424d5
MT		 1490 new_block->used_length = size;
1491 new_block->max_length = size;
dbcb8981 1492 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1493 new_block->host = file_ram_alloc(new_block, size,
1494 mem_path, errp);
1495 if (!new_block->host) {
1496 g_free(new_block);
1497 return -1;
1498 }
1499
ef701d7b
HT		 1500 addr = ram_block_add(new_block, &local_err);
1501 if (local_err) {
1502 g_free(new_block);
1503 error_propagate(errp, local_err);
1504 return -1;
1505 }
1506 return addr;
e1c57ab8 1507}
0b183fc8 1508#endif
e1c57ab8 1509
62be4e3a
MT		 1510static
1511ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1512 void (*resized)(const char*,
1513 uint64_t length,
1514 void *host),
1515 void *host, bool resizeable,
ef701d7b 1516 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1517{
1518 RAMBlock *new_block;
ef701d7b
HT		 1519 ram_addr_t addr;
1520 Error *local_err = NULL;
e1c57ab8
PB		 1521
1522 size = TARGET_PAGE_ALIGN(size);
62be4e3a 1523 max_size = TARGET_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1524 new_block = g_malloc0(sizeof(*new_block));
1525 new_block->mr = mr;
62be4e3a 1526 new_block->resized = resized;
9b8424d5
MT		 1527 new_block->used_length = size;
1528 new_block->max_length = max_size;
62be4e3a 1529 assert(max_size >= size);
e1c57ab8
PB		 1530 new_block->fd = -1;
1531 new_block->host = host;
1532 if (host) {
7bd4f430 1533 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1534 }
62be4e3a
MT		 1535 if (resizeable) {
1536 new_block->flags |= RAM_RESIZEABLE;
1537 }
ef701d7b
HT		 1538 addr = ram_block_add(new_block, &local_err);
1539 if (local_err) {
1540 g_free(new_block);
1541 error_propagate(errp, local_err);
1542 return -1;
1543 }
1544 return addr;
e1c57ab8
PB		 1545}
1546
62be4e3a
MT		 1547ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1548 MemoryRegion *mr, Error **errp)
1549{
1550 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1551}
1552
ef701d7b 1553ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1554{
62be4e3a
MT		 1555 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1556}
1557
1558ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1559 void (*resized)(const char*,
1560 uint64_t length,
1561 void *host),
1562 MemoryRegion *mr, Error **errp)
1563{
1564 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1565}
1566
1f2e98b6
AW		 1567void qemu_ram_free_from_ptr(ram_addr_t addr)
1568{
1569 RAMBlock *block;
1570
b2a8658e 1571 qemu_mutex_lock_ramlist();
0dc3f44a 1572 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1f2e98b6 1573 if (addr == block->offset) {
0dc3f44a 1574 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1575 ram_list.mru_block = NULL;
0dc3f44a
MD		 1576 /* Write list before version */
1577 smp_wmb();
f798b07f 1578 ram_list.version++;
43771539 1579 g_free_rcu(block, rcu);
b2a8658e 1580 break;
1f2e98b6
AW		 1581 }
1582 }
b2a8658e 1583 qemu_mutex_unlock_ramlist();
1f2e98b6
AW		 1584}
1585
43771539
PB		 1586static void reclaim_ramblock(RAMBlock *block)
1587{
1588 if (block->flags & RAM_PREALLOC) {
1589 ;
1590 } else if (xen_enabled()) {
1591 xen_invalidate_map_cache_entry(block->host);
1592#ifndef _WIN32
1593 } else if (block->fd >= 0) {
1594 munmap(block->host, block->max_length);
1595 close(block->fd);
1596#endif
1597 } else {
1598 qemu_anon_ram_free(block->host, block->max_length);
1599 }
1600 g_free(block);
1601}
1602
c227f099 1603void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1604{
04b16653
AW		 1605 RAMBlock *block;
1606
b2a8658e 1607 qemu_mutex_lock_ramlist();
0dc3f44a 1608 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1609 if (addr == block->offset) {
0dc3f44a 1610 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1611 ram_list.mru_block = NULL;
0dc3f44a
MD		 1612 /* Write list before version */
1613 smp_wmb();
f798b07f 1614 ram_list.version++;
43771539 1615 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1616 break;
04b16653
AW		 1617 }
1618 }
b2a8658e 1619 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1620}
1621
cd19cfa2
HY		 1622#ifndef _WIN32
1623void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1624{
1625 RAMBlock *block;
1626 ram_addr_t offset;
1627 int flags;
1628 void *area, *vaddr;
1629
0dc3f44a 1630 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1631 offset = addr - block->offset;
9b8424d5 1632 if (offset < block->max_length) {
1240be24 1633 vaddr = ramblock_ptr(block, offset);
7bd4f430 1634 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1635 ;
dfeaf2ab
MA		 1636 } else if (xen_enabled()) {
1637 abort();
cd19cfa2
HY		 1638 } else {
1639 flags = MAP_FIXED;
1640 munmap(vaddr, length);
3435f395 1641 if (block->fd >= 0) {
dbcb8981
PB		 1642 flags |= (block->flags & RAM_SHARED ?
1643 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1644 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1645 flags, block->fd, offset);
cd19cfa2 1646 } else {
2eb9fbaa
MA		 1647 /*
1648 * Remap needs to match alloc. Accelerators that
1649 * set phys_mem_alloc never remap. If they did,
1650 * we'd need a remap hook here.
1651 */
1652 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1653
cd19cfa2
HY		 1654 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1655 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1656 flags, -1, 0);
cd19cfa2
HY		 1657 }
1658 if (area != vaddr) {
f15fbc4b
AP		 1659 fprintf(stderr, "Could not remap addr: "
1660 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1661 length, addr);
1662 exit(1);
1663 }
8490fc78 1664 memory_try_enable_merging(vaddr, length);
ddb97f1d 1665 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1666 }
cd19cfa2
HY		 1667 }
1668 }
1669}
1670#endif /* !_WIN32 */
1671
a35ba7be
PB		 1672int qemu_get_ram_fd(ram_addr_t addr)
1673{
ae3a7047
MD		 1674 RAMBlock *block;
1675 int fd;
a35ba7be 1676
0dc3f44a 1677 rcu_read_lock();
ae3a7047
MD		 1678 block = qemu_get_ram_block(addr);
1679 fd = block->fd;
0dc3f44a 1680 rcu_read_unlock();
ae3a7047 1681 return fd;
a35ba7be
PB		 1682}
1683
3fd74b84
DM		 1684void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1685{
ae3a7047
MD		 1686 RAMBlock *block;
1687 void *ptr;
3fd74b84 1688
0dc3f44a 1689 rcu_read_lock();
ae3a7047
MD		 1690 block = qemu_get_ram_block(addr);
1691 ptr = ramblock_ptr(block, 0);
0dc3f44a 1692 rcu_read_unlock();
ae3a7047 1693 return ptr;
3fd74b84
DM		 1694}
1695
1b5ec234 1696/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1697 * This should not be used for general purpose DMA. Use address_space_map
1698 * or address_space_rw instead. For local memory (e.g. video ram) that the
1699 * device owns, use memory_region_get_ram_ptr.
0dc3f44a
MD		 1700 *
1701 * By the time this function returns, the returned pointer is not protected
1702 * by RCU anymore. If the caller is not within an RCU critical section and
1703 * does not hold the iothread lock, it must have other means of protecting the
1704 * pointer, such as a reference to the region that includes the incoming
1705 * ram_addr_t.
1b5ec234
PB		 1706 */
1707void *qemu_get_ram_ptr(ram_addr_t addr)
1708{
ae3a7047
MD		 1709 RAMBlock *block;
1710 void *ptr;
1b5ec234 1711
0dc3f44a 1712 rcu_read_lock();
ae3a7047
MD		 1713 block = qemu_get_ram_block(addr);
1714
1715 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1716 /* We need to check if the requested address is in the RAM
1717 * because we don't want to map the entire memory in QEMU.
1718 * In that case just map until the end of the page.
1719 */
1720 if (block->offset == 0) {
ae3a7047 1721 ptr = xen_map_cache(addr, 0, 0);
0dc3f44a 1722 goto unlock;
0d6d3c87 1723 }
ae3a7047
MD		 1724
1725 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1726 }
ae3a7047
MD		 1727 ptr = ramblock_ptr(block, addr - block->offset);
1728
0dc3f44a
MD		 1729unlock:
1730 rcu_read_unlock();
ae3a7047 1731 return ptr;
dc828ca1
PB		 1732}
1733
38bee5dc 1734/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1735 * but takes a size argument.
0dc3f44a
MD		 1736 *
1737 * By the time this function returns, the returned pointer is not protected
1738 * by RCU anymore. If the caller is not within an RCU critical section and
1739 * does not hold the iothread lock, it must have other means of protecting the
1740 * pointer, such as a reference to the region that includes the incoming
1741 * ram_addr_t.
ae3a7047 1742 */
cb85f7ab 1743static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1744{
ae3a7047 1745 void *ptr;
8ab934f9
SS		 1746 if (*size == 0) {
1747 return NULL;
1748 }
868bb33f 1749 if (xen_enabled()) {
e41d7c69 1750 return xen_map_cache(addr, *size, 1);
868bb33f 1751 } else {
38bee5dc 1752 RAMBlock *block;
0dc3f44a
MD		 1753 rcu_read_lock();
1754 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5
MT		 1755 if (addr - block->offset < block->max_length) {
1756 if (addr - block->offset + *size > block->max_length)
1757 *size = block->max_length - addr + block->offset;
ae3a7047 1758 ptr = ramblock_ptr(block, addr - block->offset);
0dc3f44a 1759 rcu_read_unlock();
ae3a7047 1760 return ptr;
38bee5dc
SS		 1761 }
1762 }
1763
1764 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1765 abort();
38bee5dc
SS		 1766 }
1767}
1768
7443b437 1769/* Some of the softmmu routines need to translate from a host pointer
ae3a7047
MD		 1770 * (typically a TLB entry) back to a ram offset.
1771 *
1772 * By the time this function returns, the returned pointer is not protected
1773 * by RCU anymore. If the caller is not within an RCU critical section and
1774 * does not hold the iothread lock, it must have other means of protecting the
1775 * pointer, such as a reference to the region that includes the incoming
1776 * ram_addr_t.
1777 */
1b5ec234 1778MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 1779{
94a6b54f
PB		 1780 RAMBlock *block;
1781 uint8_t *host = ptr;
ae3a7047 1782 MemoryRegion *mr;
94a6b54f 1783
868bb33f 1784 if (xen_enabled()) {
0dc3f44a 1785 rcu_read_lock();
e41d7c69 1786 *ram_addr = xen_ram_addr_from_mapcache(ptr);
ae3a7047 1787 mr = qemu_get_ram_block(*ram_addr)->mr;
0dc3f44a 1788 rcu_read_unlock();
ae3a7047 1789 return mr;
712c2b41
SS		 1790 }
1791
0dc3f44a
MD		 1792 rcu_read_lock();
1793 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1794 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1795 goto found;
1796 }
1797
0dc3f44a 1798 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1799 /* This case append when the block is not mapped. */
1800 if (block->host == NULL) {
1801 continue;
1802 }
9b8424d5 1803 if (host - block->host < block->max_length) {
23887b79 1804 goto found;
f471a17e 1805 }
94a6b54f 1806 }
432d268c 1807
0dc3f44a 1808 rcu_read_unlock();
1b5ec234 1809 return NULL;
23887b79
PB		 1810
1811found:
1812 *ram_addr = block->offset + (host - block->host);
ae3a7047 1813 mr = block->mr;
0dc3f44a 1814 rcu_read_unlock();
ae3a7047 1815 return mr;
e890261f 1816}
f471a17e 1817
a8170e5e 1818static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1819 uint64_t val, unsigned size)
9fa3e853 1820{
52159192 1821 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1822 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1823 }
0e0df1e2
AK		 1824 switch (size) {
1825 case 1:
1826 stb_p(qemu_get_ram_ptr(ram_addr), val);
1827 break;
1828 case 2:
1829 stw_p(qemu_get_ram_ptr(ram_addr), val);
1830 break;
1831 case 4:
1832 stl_p(qemu_get_ram_ptr(ram_addr), val);
1833 break;
1834 default:
1835 abort();
3a7d929e 1836 }
6886867e 1837 cpu_physical_memory_set_dirty_range_nocode(ram_addr, size);
f23db169
FB		 1838 /* we remove the notdirty callback only if the code has been
1839 flushed */
a2cd8c85 1840 if (!cpu_physical_memory_is_clean(ram_addr)) {
4917cf44 1841 CPUArchState *env = current_cpu->env_ptr;
93afeade 1842 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
4917cf44 1843 }
9fa3e853
FB		 1844}
1845
b018ddf6
PB		 1846static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1847 unsigned size, bool is_write)
1848{
1849 return is_write;
1850}
1851
0e0df1e2 1852static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1853 .write = notdirty_mem_write,
b018ddf6 1854 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1855 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1856};
1857
0f459d16 1858/* Generate a debug exception if a watchpoint has been hit. */
05068c0d 1859static void check_watchpoint(int offset, int len, int flags)
0f459d16 1860{
93afeade
AF		 1861 CPUState *cpu = current_cpu;
1862 CPUArchState *env = cpu->env_ptr;
06d55cc1 1863 target_ulong pc, cs_base;
0f459d16 1864 target_ulong vaddr;
a1d1bb31 1865 CPUWatchpoint *wp;
06d55cc1 1866 int cpu_flags;
0f459d16 1867
ff4700b0 1868 if (cpu->watchpoint_hit) {
06d55cc1
AL		 1869 /* We re-entered the check after replacing the TB. Now raise
1870 * the debug interrupt so that is will trigger after the
1871 * current instruction. */
93afeade 1872 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 1873 return;
1874 }
93afeade 1875 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 1876 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 1877 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1878 && (wp->flags & flags)) {
08225676
PM		 1879 if (flags == BP_MEM_READ) {
1880 wp->flags |= BP_WATCHPOINT_HIT_READ;
1881 } else {
1882 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1883 }
1884 wp->hitaddr = vaddr;
ff4700b0
AF		 1885 if (!cpu->watchpoint_hit) {
1886 cpu->watchpoint_hit = wp;
239c51a5 1887 tb_check_watchpoint(cpu);
6e140f28 1888 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 1889 cpu->exception_index = EXCP_DEBUG;
5638d180 1890 cpu_loop_exit(cpu);
6e140f28
AL		 1891 } else {
1892 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 1893 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 1894 cpu_resume_from_signal(cpu, NULL);
6e140f28 1895 }
06d55cc1 1896 }
6e140f28
AL		 1897 } else {
1898 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 1899 }
1900 }
1901}
1902
6658ffb8
PB		 1903/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1904 so these check for a hit then pass through to the normal out-of-line
1905 phys routines. */
a8170e5e 1906static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1ec9b909 1907 unsigned size)
6658ffb8 1908{
05068c0d 1909 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_READ);
1ec9b909 1910 switch (size) {
2c17449b 1911 case 1: return ldub_phys(&address_space_memory, addr);
41701aa4 1912 case 2: return lduw_phys(&address_space_memory, addr);
fdfba1a2 1913 case 4: return ldl_phys(&address_space_memory, addr);
1ec9b909
AK		 1914 default: abort();
1915 }
6658ffb8
PB		 1916}
1917
a8170e5e 1918static void watch_mem_write(void *opaque, hwaddr addr,
1ec9b909 1919 uint64_t val, unsigned size)
6658ffb8 1920{
05068c0d 1921 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_WRITE);
1ec9b909 1922 switch (size) {
67364150 1923 case 1:
db3be60d 1924 stb_phys(&address_space_memory, addr, val);
67364150
MF		 1925 break;
1926 case 2:
5ce5944d 1927 stw_phys(&address_space_memory, addr, val);
67364150
MF		 1928 break;
1929 case 4:
ab1da857 1930 stl_phys(&address_space_memory, addr, val);
67364150 1931 break;
1ec9b909
AK		 1932 default: abort();
1933 }
6658ffb8
PB		 1934}
1935
1ec9b909
AK		 1936static const MemoryRegionOps watch_mem_ops = {
1937 .read = watch_mem_read,
1938 .write = watch_mem_write,
1939 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 1940};
6658ffb8 1941
a8170e5e 1942static uint64_t subpage_read(void *opaque, hwaddr addr,
70c68e44 1943 unsigned len)
db7b5426 1944{
acc9d80b 1945 subpage_t *subpage = opaque;
ff6cff75 1946 uint8_t buf[8];
791af8c8 1947
db7b5426 1948#if defined(DEBUG_SUBPAGE)
016e9d62 1949 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 1950 subpage, len, addr);
db7b5426 1951#endif
acc9d80b
JK		 1952 address_space_read(subpage->as, addr + subpage->base, buf, len);
1953 switch (len) {
1954 case 1:
1955 return ldub_p(buf);
1956 case 2:
1957 return lduw_p(buf);
1958 case 4:
1959 return ldl_p(buf);
ff6cff75
PB		 1960 case 8:
1961 return ldq_p(buf);
acc9d80b
JK		 1962 default:
1963 abort();
1964 }
db7b5426
BS		 1965}
1966
a8170e5e 1967static void subpage_write(void *opaque, hwaddr addr,
70c68e44 1968 uint64_t value, unsigned len)
db7b5426 1969{
acc9d80b 1970 subpage_t *subpage = opaque;
ff6cff75 1971 uint8_t buf[8];
acc9d80b 1972
db7b5426 1973#if defined(DEBUG_SUBPAGE)
016e9d62 1974 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 1975 " value %"PRIx64"\n",
1976 __func__, subpage, len, addr, value);
db7b5426 1977#endif
acc9d80b
JK		 1978 switch (len) {
1979 case 1:
1980 stb_p(buf, value);
1981 break;
1982 case 2:
1983 stw_p(buf, value);
1984 break;
1985 case 4:
1986 stl_p(buf, value);
1987 break;
ff6cff75
PB		 1988 case 8:
1989 stq_p(buf, value);
1990 break;
acc9d80b
JK		 1991 default:
1992 abort();
1993 }
1994 address_space_write(subpage->as, addr + subpage->base, buf, len);
db7b5426
BS		 1995}
1996
c353e4cc 1997static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 1998 unsigned len, bool is_write)
c353e4cc 1999{
acc9d80b 2000 subpage_t *subpage = opaque;
c353e4cc 2001#if defined(DEBUG_SUBPAGE)
016e9d62 2002 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2003 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2004#endif
2005
acc9d80b 2006 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2007 len, is_write);
c353e4cc
PB		 2008}
2009
70c68e44
AK		 2010static const MemoryRegionOps subpage_ops = {
2011 .read = subpage_read,
2012 .write = subpage_write,
ff6cff75
PB		 2013 .impl.min_access_size = 1,
2014 .impl.max_access_size = 8,
2015 .valid.min_access_size = 1,
2016 .valid.max_access_size = 8,
c353e4cc 2017 .valid.accepts = subpage_accepts,
70c68e44 2018 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2019};
2020
c227f099 2021static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2022 uint16_t section)
db7b5426
BS		 2023{
2024 int idx, eidx;
2025
2026 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2027 return -1;
2028 idx = SUBPAGE_IDX(start);
2029 eidx = SUBPAGE_IDX(end);
2030#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2031 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2032 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2033#endif
db7b5426 2034 for (; idx <= eidx; idx++) {
5312bd8b 2035 mmio->sub_section[idx] = section;
db7b5426
BS		 2036 }
2037
2038 return 0;
2039}
2040
acc9d80b 2041static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2042{
c227f099 2043 subpage_t *mmio;
db7b5426 2044
7267c094 2045 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2046
acc9d80b 2047 mmio->as = as;
1eec614b 2048 mmio->base = base;
2c9b15ca 2049 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2050 NULL, TARGET_PAGE_SIZE);
b3b00c78 2051 mmio->iomem.subpage = true;
db7b5426 2052#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2053 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2054 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2055#endif
b41aac4f 2056 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2057
2058 return mmio;
2059}
2060
a656e22f
PC		 2061static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2062 MemoryRegion *mr)
5312bd8b 2063{
a656e22f 2064 assert(as);
5312bd8b 2065 MemoryRegionSection section = {
a656e22f 2066 .address_space = as,
5312bd8b
AK		 2067 .mr = mr,
2068 .offset_within_address_space = 0,
2069 .offset_within_region = 0,
052e87b0 2070 .size = int128_2_64(),
5312bd8b
AK		 2071 };
2072
53cb28cb 2073 return phys_section_add(map, &section);
5312bd8b
AK		 2074}
2075
9d82b5a7 2076MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
aa102231 2077{
79e2b9ae
PB		 2078 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2079 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2080
2081 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2082}
2083
e9179ce1
AK		 2084static void io_mem_init(void)
2085{
1f6245e5 2086 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2087 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2088 NULL, UINT64_MAX);
2c9b15ca 2089 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2090 NULL, UINT64_MAX);
2c9b15ca 2091 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2092 NULL, UINT64_MAX);
e9179ce1
AK		 2093}
2094
ac1970fb 2095static void mem_begin(MemoryListener *listener)
00752703
PB		 2096{
2097 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2098 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2099 uint16_t n;
2100
a656e22f 2101 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2102 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2103 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2104 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2105 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2106 assert(n == PHYS_SECTION_ROM);
a656e22f 2107 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2108 assert(n == PHYS_SECTION_WATCH);
00752703 2109
9736e55b 2110 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2111 d->as = as;
2112 as->next_dispatch = d;
2113}
2114
79e2b9ae
PB		 2115static void address_space_dispatch_free(AddressSpaceDispatch *d)
2116{
2117 phys_sections_free(&d->map);
2118 g_free(d);
2119}
2120
00752703 2121static void mem_commit(MemoryListener *listener)
ac1970fb 2122{
89ae337a 2123 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2124 AddressSpaceDispatch *cur = as->dispatch;
2125 AddressSpaceDispatch *next = as->next_dispatch;
2126
53cb28cb 2127 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2128
79e2b9ae 2129 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2130 if (cur) {
79e2b9ae 2131 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2132 }
9affd6fc
PB		 2133}
2134
1d71148e 2135static void tcg_commit(MemoryListener *listener)
50c1e149 2136{
182735ef 2137 CPUState *cpu;
117712c3
AK		 2138
2139 /* since each CPU stores ram addresses in its TLB cache, we must
2140 reset the modified entries */
2141 /* XXX: slow ! */
bdc44640 2142 CPU_FOREACH(cpu) {
33bde2e1
EI		 2143 /* FIXME: Disentangle the cpu.h circular files deps so we can
2144 directly get the right CPU from listener. */
2145 if (cpu->tcg_as_listener != listener) {
2146 continue;
2147 }
76e5c76f 2148 cpu_reload_memory_map(cpu);
117712c3 2149 }
50c1e149
AK		 2150}
2151
93632747
AK		 2152static void core_log_global_start(MemoryListener *listener)
2153{
981fdf23 2154 cpu_physical_memory_set_dirty_tracking(true);
93632747
AK		 2155}
2156
2157static void core_log_global_stop(MemoryListener *listener)
2158{
981fdf23 2159 cpu_physical_memory_set_dirty_tracking(false);
93632747
AK		 2160}
2161
93632747 2162static MemoryListener core_memory_listener = {
93632747
AK		 2163 .log_global_start = core_log_global_start,
2164 .log_global_stop = core_log_global_stop,
ac1970fb 2165 .priority = 1,
93632747
AK		 2166};
2167
ac1970fb
AK		 2168void address_space_init_dispatch(AddressSpace *as)
2169{
00752703 2170 as->dispatch = NULL;
89ae337a 2171 as->dispatch_listener = (MemoryListener) {
ac1970fb 2172 .begin = mem_begin,
00752703 2173 .commit = mem_commit,
ac1970fb
AK		 2174 .region_add = mem_add,
2175 .region_nop = mem_add,
2176 .priority = 0,
2177 };
89ae337a 2178 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2179}
2180
6e48e8f9
PB		 2181void address_space_unregister(AddressSpace *as)
2182{
2183 memory_listener_unregister(&as->dispatch_listener);
2184}
2185
83f3c251
AK		 2186void address_space_destroy_dispatch(AddressSpace *as)
2187{
2188 AddressSpaceDispatch *d = as->dispatch;
2189
79e2b9ae
PB		 2190 atomic_rcu_set(&as->dispatch, NULL);
2191 if (d) {
2192 call_rcu(d, address_space_dispatch_free, rcu);
2193 }
83f3c251
AK		 2194}
2195
62152b8a
AK		 2196static void memory_map_init(void)
2197{
7267c094 2198 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2199
57271d63 2200 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2201 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2202
7267c094 2203 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2204 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2205 65536);
7dca8043 2206 address_space_init(&address_space_io, system_io, "I/O");
93632747 2207
f6790af6 2208 memory_listener_register(&core_memory_listener, &address_space_memory);
62152b8a
AK		 2209}
2210
2211MemoryRegion *get_system_memory(void)
2212{
2213 return system_memory;
2214}
2215
309cb471
AK		 2216MemoryRegion *get_system_io(void)
2217{
2218 return system_io;
2219}
2220
e2eef170
PB		 2221#endif /* !defined(CONFIG_USER_ONLY) */
2222
13eb76e0
FB		 2223/* physical memory access (slow version, mainly for debug) */
2224#if defined(CONFIG_USER_ONLY)
f17ec444 2225int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2226 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2227{
2228 int l, flags;
2229 target_ulong page;
53a5960a 2230 void * p;
13eb76e0
FB		 2231
2232 while (len > 0) {
2233 page = addr & TARGET_PAGE_MASK;
2234 l = (page + TARGET_PAGE_SIZE) - addr;
2235 if (l > len)
2236 l = len;
2237 flags = page_get_flags(page);
2238 if (!(flags & PAGE_VALID))
a68fe89c 2239 return -1;
13eb76e0
FB		 2240 if (is_write) {
2241 if (!(flags & PAGE_WRITE))
a68fe89c 2242 return -1;
579a97f7 2243 /* XXX: this code should not depend on lock_user */
72fb7daa 2244 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2245 return -1;
72fb7daa
AJ		 2246 memcpy(p, buf, l);
2247 unlock_user(p, addr, l);
13eb76e0
FB		 2248 } else {
2249 if (!(flags & PAGE_READ))
a68fe89c 2250 return -1;
579a97f7 2251 /* XXX: this code should not depend on lock_user */
72fb7daa 2252 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2253 return -1;
72fb7daa 2254 memcpy(buf, p, l);
5b257578 2255 unlock_user(p, addr, 0);
13eb76e0
FB		 2256 }
2257 len -= l;
2258 buf += l;
2259 addr += l;
2260 }
a68fe89c 2261 return 0;
13eb76e0 2262}
8df1cd07 2263
13eb76e0 2264#else
51d7a9eb 2265
a8170e5e
AK		 2266static void invalidate_and_set_dirty(hwaddr addr,
2267 hwaddr length)
51d7a9eb 2268{
f874bf90
PM		 2269 if (cpu_physical_memory_range_includes_clean(addr, length)) {
2270 tb_invalidate_phys_range(addr, addr + length, 0);
6886867e 2271 cpu_physical_memory_set_dirty_range_nocode(addr, length);
51d7a9eb 2272 }
e226939d 2273 xen_modified_memory(addr, length);
51d7a9eb
AP		 2274}
2275
23326164 2276static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2277{
e1622f4b 2278 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2279
2280 /* Regions are assumed to support 1-4 byte accesses unless
2281 otherwise specified. */
23326164
RH		 2282 if (access_size_max == 0) {
2283 access_size_max = 4;
2284 }
2285
2286 /* Bound the maximum access by the alignment of the address. */
2287 if (!mr->ops->impl.unaligned) {
2288 unsigned align_size_max = addr & -addr;
2289 if (align_size_max != 0 && align_size_max < access_size_max) {
2290 access_size_max = align_size_max;
2291 }
82f2563f 2292 }
23326164
RH		 2293
2294 /* Don't attempt accesses larger than the maximum. */
2295 if (l > access_size_max) {
2296 l = access_size_max;
82f2563f 2297 }
098178f2
PB		 2298 if (l & (l - 1)) {
2299 l = 1 << (qemu_fls(l) - 1);
2300 }
23326164
RH		 2301
2302 return l;
82f2563f
PB		 2303}
2304
fd8aaa76 2305bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
ac1970fb 2306 int len, bool is_write)
13eb76e0 2307{
149f54b5 2308 hwaddr l;
13eb76e0 2309 uint8_t *ptr;
791af8c8 2310 uint64_t val;
149f54b5 2311 hwaddr addr1;
5c8a00ce 2312 MemoryRegion *mr;
fd8aaa76 2313 bool error = false;
3b46e624 2314
13eb76e0 2315 while (len > 0) {
149f54b5 2316 l = len;
5c8a00ce 2317 mr = address_space_translate(as, addr, &addr1, &l, is_write);
3b46e624 2318
13eb76e0 2319 if (is_write) {
5c8a00ce
PB		 2320 if (!memory_access_is_direct(mr, is_write)) {
2321 l = memory_access_size(mr, l, addr1);
4917cf44 2322 /* XXX: could force current_cpu to NULL to avoid
6a00d601 2323 potential bugs */
23326164
RH		 2324 switch (l) {
2325 case 8:
2326 /* 64 bit write access */
2327 val = ldq_p(buf);
2328 error |= io_mem_write(mr, addr1, val, 8);
2329 break;
2330 case 4:
1c213d19 2331 /* 32 bit write access */
c27004ec 2332 val = ldl_p(buf);
5c8a00ce 2333 error |= io_mem_write(mr, addr1, val, 4);
23326164
RH		 2334 break;
2335 case 2:
1c213d19 2336 /* 16 bit write access */
c27004ec 2337 val = lduw_p(buf);
5c8a00ce 2338 error |= io_mem_write(mr, addr1, val, 2);
23326164
RH		 2339 break;
2340 case 1:
1c213d19 2341 /* 8 bit write access */
c27004ec 2342 val = ldub_p(buf);
5c8a00ce 2343 error |= io_mem_write(mr, addr1, val, 1);
23326164
RH		 2344 break;
2345 default:
2346 abort();
13eb76e0 2347 }
2bbfa05d 2348 } else {
5c8a00ce 2349 addr1 += memory_region_get_ram_addr(mr);
13eb76e0 2350 /* RAM case */
5579c7f3 2351 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 2352 memcpy(ptr, buf, l);
51d7a9eb 2353 invalidate_and_set_dirty(addr1, l);
13eb76e0
FB		 2354 }
2355 } else {
5c8a00ce 2356 if (!memory_access_is_direct(mr, is_write)) {
13eb76e0 2357 /* I/O case */
5c8a00ce 2358 l = memory_access_size(mr, l, addr1);
23326164
RH		 2359 switch (l) {
2360 case 8:
2361 /* 64 bit read access */
2362 error |= io_mem_read(mr, addr1, &val, 8);
2363 stq_p(buf, val);
2364 break;
2365 case 4:
13eb76e0 2366 /* 32 bit read access */
5c8a00ce 2367 error |= io_mem_read(mr, addr1, &val, 4);
c27004ec 2368 stl_p(buf, val);
23326164
RH		 2369 break;
2370 case 2:
13eb76e0 2371 /* 16 bit read access */
5c8a00ce 2372 error |= io_mem_read(mr, addr1, &val, 2);
c27004ec 2373 stw_p(buf, val);
23326164
RH		 2374 break;
2375 case 1:
1c213d19 2376 /* 8 bit read access */
5c8a00ce 2377 error |= io_mem_read(mr, addr1, &val, 1);
c27004ec 2378 stb_p(buf, val);
23326164
RH		 2379 break;
2380 default:
2381 abort();
13eb76e0
FB		 2382 }
2383 } else {
2384 /* RAM case */
5c8a00ce 2385 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
f3705d53 2386 memcpy(buf, ptr, l);
13eb76e0
FB		 2387 }
2388 }
2389 len -= l;
2390 buf += l;
2391 addr += l;
2392 }
fd8aaa76
PB		 2393
2394 return error;
13eb76e0 2395}
8df1cd07 2396
fd8aaa76 2397bool address_space_write(AddressSpace *as, hwaddr addr,
ac1970fb
AK		 2398 const uint8_t *buf, int len)
2399{
fd8aaa76 2400 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
ac1970fb
AK		 2401}
2402
fd8aaa76 2403bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
ac1970fb 2404{
fd8aaa76 2405 return address_space_rw(as, addr, buf, len, false);
ac1970fb
AK		 2406}
2407
2408
a8170e5e 2409void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2410 int len, int is_write)
2411{
fd8aaa76 2412 address_space_rw(&address_space_memory, addr, buf, len, is_write);
ac1970fb
AK		 2413}
2414
582b55a9
AG		 2415enum write_rom_type {
2416 WRITE_DATA,
2417 FLUSH_CACHE,
2418};
2419
2a221651 2420static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2421 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2422{
149f54b5 2423 hwaddr l;
d0ecd2aa 2424 uint8_t *ptr;
149f54b5 2425 hwaddr addr1;
5c8a00ce 2426 MemoryRegion *mr;
3b46e624 2427
d0ecd2aa 2428 while (len > 0) {
149f54b5 2429 l = len;
2a221651 2430 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2431
5c8a00ce
PB		 2432 if (!(memory_region_is_ram(mr) ||
2433 memory_region_is_romd(mr))) {
d0ecd2aa
FB		 2434 /* do nothing */
2435 } else {
5c8a00ce 2436 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2437 /* ROM/RAM case */
5579c7f3 2438 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2439 switch (type) {
2440 case WRITE_DATA:
2441 memcpy(ptr, buf, l);
2442 invalidate_and_set_dirty(addr1, l);
2443 break;
2444 case FLUSH_CACHE:
2445 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2446 break;
2447 }
d0ecd2aa
FB		 2448 }
2449 len -= l;
2450 buf += l;
2451 addr += l;
2452 }
2453}
2454
582b55a9 2455/* used for ROM loading : can write in RAM and ROM */
2a221651 2456void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2457 const uint8_t *buf, int len)
2458{
2a221651 2459 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2460}
2461
2462void cpu_flush_icache_range(hwaddr start, int len)
2463{
2464 /*
2465 * This function should do the same thing as an icache flush that was
2466 * triggered from within the guest. For TCG we are always cache coherent,
2467 * so there is no need to flush anything. For KVM / Xen we need to flush
2468 * the host's instruction cache at least.
2469 */
2470 if (tcg_enabled()) {
2471 return;
2472 }
2473
2a221651
EI		 2474 cpu_physical_memory_write_rom_internal(&address_space_memory,
2475 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2476}
2477
6d16c2f8 2478typedef struct {
d3e71559 2479 MemoryRegion *mr;
6d16c2f8 2480 void *buffer;
a8170e5e
AK		 2481 hwaddr addr;
2482 hwaddr len;
6d16c2f8
AL		 2483} BounceBuffer;
2484
2485static BounceBuffer bounce;
2486
ba223c29
AL		 2487typedef struct MapClient {
2488 void *opaque;
2489 void (*callback)(void *opaque);
72cf2d4f 2490 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2491} MapClient;
2492
72cf2d4f
BS		 2493static QLIST_HEAD(map_client_list, MapClient) map_client_list
2494 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 2495
2496void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2497{
7267c094 2498 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 2499
2500 client->opaque = opaque;
2501 client->callback = callback;
72cf2d4f 2502 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 2503 return client;
2504}
2505
8b9c99d9 2506static void cpu_unregister_map_client(void *_client)
ba223c29
AL		 2507{
2508 MapClient *client = (MapClient *)_client;
2509
72cf2d4f 2510 QLIST_REMOVE(client, link);
7267c094 2511 g_free(client);
ba223c29
AL		 2512}
2513
2514static void cpu_notify_map_clients(void)
2515{
2516 MapClient *client;
2517
72cf2d4f
BS		 2518 while (!QLIST_EMPTY(&map_client_list)) {
2519 client = QLIST_FIRST(&map_client_list);
ba223c29 2520 client->callback(client->opaque);
34d5e948 2521 cpu_unregister_map_client(client);
ba223c29
AL		 2522 }
2523}
2524
51644ab7
PB		 2525bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2526{
5c8a00ce 2527 MemoryRegion *mr;
51644ab7
PB		 2528 hwaddr l, xlat;
2529
2530 while (len > 0) {
2531 l = len;
5c8a00ce
PB		 2532 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2533 if (!memory_access_is_direct(mr, is_write)) {
2534 l = memory_access_size(mr, l, addr);
2535 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2536 return false;
2537 }
2538 }
2539
2540 len -= l;
2541 addr += l;
2542 }
2543 return true;
2544}
2545
6d16c2f8
AL		 2546/* Map a physical memory region into a host virtual address.
2547 * May map a subset of the requested range, given by and returned in *plen.
2548 * May return NULL if resources needed to perform the mapping are exhausted.
2549 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2550 * Use cpu_register_map_client() to know when retrying the map operation is
2551 * likely to succeed.
6d16c2f8 2552 */
ac1970fb 2553void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2554 hwaddr addr,
2555 hwaddr *plen,
ac1970fb 2556 bool is_write)
6d16c2f8 2557{
a8170e5e 2558 hwaddr len = *plen;
e3127ae0
PB		 2559 hwaddr done = 0;
2560 hwaddr l, xlat, base;
2561 MemoryRegion *mr, *this_mr;
2562 ram_addr_t raddr;
6d16c2f8 2563
e3127ae0
PB		 2564 if (len == 0) {
2565 return NULL;
2566 }
38bee5dc 2567
e3127ae0
PB		 2568 l = len;
2569 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2570 if (!memory_access_is_direct(mr, is_write)) {
2571 if (bounce.buffer) {
2572 return NULL;
6d16c2f8 2573 }
e85d9db5
KW		 2574 /* Avoid unbounded allocations */
2575 l = MIN(l, TARGET_PAGE_SIZE);
2576 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2577 bounce.addr = addr;
2578 bounce.len = l;
d3e71559
PB		 2579
2580 memory_region_ref(mr);
2581 bounce.mr = mr;
e3127ae0
PB		 2582 if (!is_write) {
2583 address_space_read(as, addr, bounce.buffer, l);
8ab934f9 2584 }
6d16c2f8 2585
e3127ae0
PB		 2586 *plen = l;
2587 return bounce.buffer;
2588 }
2589
2590 base = xlat;
2591 raddr = memory_region_get_ram_addr(mr);
2592
2593 for (;;) {
6d16c2f8
AL		 2594 len -= l;
2595 addr += l;
e3127ae0
PB		 2596 done += l;
2597 if (len == 0) {
2598 break;
2599 }
2600
2601 l = len;
2602 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2603 if (this_mr != mr || xlat != base + done) {
2604 break;
2605 }
6d16c2f8 2606 }
e3127ae0 2607
d3e71559 2608 memory_region_ref(mr);
e3127ae0
PB		 2609 *plen = done;
2610 return qemu_ram_ptr_length(raddr + base, plen);
6d16c2f8
AL		 2611}
2612
ac1970fb 2613/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2614 * Will also mark the memory as dirty if is_write == 1. access_len gives
2615 * the amount of memory that was actually read or written by the caller.
2616 */
a8170e5e
AK		 2617void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2618 int is_write, hwaddr access_len)
6d16c2f8
AL		 2619{
2620 if (buffer != bounce.buffer) {
d3e71559
PB		 2621 MemoryRegion *mr;
2622 ram_addr_t addr1;
2623
2624 mr = qemu_ram_addr_from_host(buffer, &addr1);
2625 assert(mr != NULL);
6d16c2f8 2626 if (is_write) {
6886867e 2627 invalidate_and_set_dirty(addr1, access_len);
6d16c2f8 2628 }
868bb33f 2629 if (xen_enabled()) {
e41d7c69 2630 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2631 }
d3e71559 2632 memory_region_unref(mr);
6d16c2f8
AL		 2633 return;
2634 }
2635 if (is_write) {
ac1970fb 2636 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 2637 }
f8a83245 2638 qemu_vfree(bounce.buffer);
6d16c2f8 2639 bounce.buffer = NULL;
d3e71559 2640 memory_region_unref(bounce.mr);
ba223c29 2641 cpu_notify_map_clients();
6d16c2f8 2642}
d0ecd2aa 2643
a8170e5e
AK		 2644void *cpu_physical_memory_map(hwaddr addr,
2645 hwaddr *plen,
ac1970fb
AK		 2646 int is_write)
2647{
2648 return address_space_map(&address_space_memory, addr, plen, is_write);
2649}
2650
a8170e5e
AK		 2651void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2652 int is_write, hwaddr access_len)
ac1970fb
AK		 2653{
2654 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2655}
2656
8df1cd07 2657/* warning: addr must be aligned */
fdfba1a2 2658static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2659 enum device_endian endian)
8df1cd07 2660{
8df1cd07 2661 uint8_t *ptr;
791af8c8 2662 uint64_t val;
5c8a00ce 2663 MemoryRegion *mr;
149f54b5
PB		 2664 hwaddr l = 4;
2665 hwaddr addr1;
8df1cd07 2666
fdfba1a2 2667 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2668 if (l < 4 || !memory_access_is_direct(mr, false)) {
8df1cd07 2669 /* I/O case */
5c8a00ce 2670 io_mem_read(mr, addr1, &val, 4);
1e78bcc1
AG		 2671#if defined(TARGET_WORDS_BIGENDIAN)
2672 if (endian == DEVICE_LITTLE_ENDIAN) {
2673 val = bswap32(val);
2674 }
2675#else
2676 if (endian == DEVICE_BIG_ENDIAN) {
2677 val = bswap32(val);
2678 }
2679#endif
8df1cd07
FB		 2680 } else {
2681 /* RAM case */
5c8a00ce 2682 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2683 & TARGET_PAGE_MASK)
149f54b5 2684 + addr1);
1e78bcc1
AG		 2685 switch (endian) {
2686 case DEVICE_LITTLE_ENDIAN:
2687 val = ldl_le_p(ptr);
2688 break;
2689 case DEVICE_BIG_ENDIAN:
2690 val = ldl_be_p(ptr);
2691 break;
2692 default:
2693 val = ldl_p(ptr);
2694 break;
2695 }
8df1cd07
FB		 2696 }
2697 return val;
2698}
2699
fdfba1a2 2700uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2701{
fdfba1a2 2702 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2703}
2704
fdfba1a2 2705uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2706{
fdfba1a2 2707 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2708}
2709
fdfba1a2 2710uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2711{
fdfba1a2 2712 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2713}
2714
84b7b8e7 2715/* warning: addr must be aligned */
2c17449b 2716static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2717 enum device_endian endian)
84b7b8e7 2718{
84b7b8e7
FB		 2719 uint8_t *ptr;
2720 uint64_t val;
5c8a00ce 2721 MemoryRegion *mr;
149f54b5
PB		 2722 hwaddr l = 8;
2723 hwaddr addr1;
84b7b8e7 2724
2c17449b 2725 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2726 false);
2727 if (l < 8 || !memory_access_is_direct(mr, false)) {
84b7b8e7 2728 /* I/O case */
5c8a00ce 2729 io_mem_read(mr, addr1, &val, 8);
968a5627
PB		 2730#if defined(TARGET_WORDS_BIGENDIAN)
2731 if (endian == DEVICE_LITTLE_ENDIAN) {
2732 val = bswap64(val);
2733 }
2734#else
2735 if (endian == DEVICE_BIG_ENDIAN) {
2736 val = bswap64(val);
2737 }
84b7b8e7
FB		 2738#endif
2739 } else {
2740 /* RAM case */
5c8a00ce 2741 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2742 & TARGET_PAGE_MASK)
149f54b5 2743 + addr1);
1e78bcc1
AG		 2744 switch (endian) {
2745 case DEVICE_LITTLE_ENDIAN:
2746 val = ldq_le_p(ptr);
2747 break;
2748 case DEVICE_BIG_ENDIAN:
2749 val = ldq_be_p(ptr);
2750 break;
2751 default:
2752 val = ldq_p(ptr);
2753 break;
2754 }
84b7b8e7
FB		 2755 }
2756 return val;
2757}
2758
2c17449b 2759uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2760{
2c17449b 2761 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2762}
2763
2c17449b 2764uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2765{
2c17449b 2766 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2767}
2768
2c17449b 2769uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2770{
2c17449b 2771 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2772}
2773
aab33094 2774/* XXX: optimize */
2c17449b 2775uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
aab33094
FB		 2776{
2777 uint8_t val;
2c17449b 2778 address_space_rw(as, addr, &val, 1, 0);
aab33094
FB		 2779 return val;
2780}
2781
733f0b02 2782/* warning: addr must be aligned */
41701aa4 2783static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
1e78bcc1 2784 enum device_endian endian)
aab33094 2785{
733f0b02
MT		 2786 uint8_t *ptr;
2787 uint64_t val;
5c8a00ce 2788 MemoryRegion *mr;
149f54b5
PB		 2789 hwaddr l = 2;
2790 hwaddr addr1;
733f0b02 2791
41701aa4 2792 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2793 false);
2794 if (l < 2 || !memory_access_is_direct(mr, false)) {
733f0b02 2795 /* I/O case */
5c8a00ce 2796 io_mem_read(mr, addr1, &val, 2);
1e78bcc1
AG		 2797#if defined(TARGET_WORDS_BIGENDIAN)
2798 if (endian == DEVICE_LITTLE_ENDIAN) {
2799 val = bswap16(val);
2800 }
2801#else
2802 if (endian == DEVICE_BIG_ENDIAN) {
2803 val = bswap16(val);
2804 }
2805#endif
733f0b02
MT		 2806 } else {
2807 /* RAM case */
5c8a00ce 2808 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 2809 & TARGET_PAGE_MASK)
149f54b5 2810 + addr1);
1e78bcc1
AG		 2811 switch (endian) {
2812 case DEVICE_LITTLE_ENDIAN:
2813 val = lduw_le_p(ptr);
2814 break;
2815 case DEVICE_BIG_ENDIAN:
2816 val = lduw_be_p(ptr);
2817 break;
2818 default:
2819 val = lduw_p(ptr);
2820 break;
2821 }
733f0b02
MT		 2822 }
2823 return val;
aab33094
FB		 2824}
2825
41701aa4 2826uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2827{
41701aa4 2828 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2829}
2830
41701aa4 2831uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2832{
41701aa4 2833 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2834}
2835
41701aa4 2836uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 2837{
41701aa4 2838 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2839}
2840
8df1cd07
FB		 2841/* warning: addr must be aligned. The ram page is not masked as dirty
2842 and the code inside is not invalidated. It is useful if the dirty
2843 bits are used to track modified PTEs */
2198a121 2844void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
8df1cd07 2845{
8df1cd07 2846 uint8_t *ptr;
5c8a00ce 2847 MemoryRegion *mr;
149f54b5
PB		 2848 hwaddr l = 4;
2849 hwaddr addr1;
8df1cd07 2850
2198a121 2851 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2852 true);
2853 if (l < 4 || !memory_access_is_direct(mr, true)) {
2854 io_mem_write(mr, addr1, val, 4);
8df1cd07 2855 } else {
5c8a00ce 2856 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2857 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 2858 stl_p(ptr, val);
74576198
AL		 2859
2860 if (unlikely(in_migration)) {
a2cd8c85 2861 if (cpu_physical_memory_is_clean(addr1)) {
74576198
AL		 2862 /* invalidate code */
2863 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2864 /* set dirty bit */
6886867e 2865 cpu_physical_memory_set_dirty_range_nocode(addr1, 4);
74576198
AL		 2866 }
2867 }
8df1cd07
FB		 2868 }
2869}
2870
2871/* warning: addr must be aligned */
ab1da857
EI		 2872static inline void stl_phys_internal(AddressSpace *as,
2873 hwaddr addr, uint32_t val,
1e78bcc1 2874 enum device_endian endian)
8df1cd07 2875{
8df1cd07 2876 uint8_t *ptr;
5c8a00ce 2877 MemoryRegion *mr;
149f54b5
PB		 2878 hwaddr l = 4;
2879 hwaddr addr1;
8df1cd07 2880
ab1da857 2881 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 2882 true);
2883 if (l < 4 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2884#if defined(TARGET_WORDS_BIGENDIAN)
2885 if (endian == DEVICE_LITTLE_ENDIAN) {
2886 val = bswap32(val);
2887 }
2888#else
2889 if (endian == DEVICE_BIG_ENDIAN) {
2890 val = bswap32(val);
2891 }
2892#endif
5c8a00ce 2893 io_mem_write(mr, addr1, val, 4);
8df1cd07 2894 } else {
8df1cd07 2895 /* RAM case */
5c8a00ce 2896 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 2897 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2898 switch (endian) {
2899 case DEVICE_LITTLE_ENDIAN:
2900 stl_le_p(ptr, val);
2901 break;
2902 case DEVICE_BIG_ENDIAN:
2903 stl_be_p(ptr, val);
2904 break;
2905 default:
2906 stl_p(ptr, val);
2907 break;
2908 }
51d7a9eb 2909 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 2910 }
2911}
2912
ab1da857 2913void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2914{
ab1da857 2915 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2916}
2917
ab1da857 2918void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2919{
ab1da857 2920 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2921}
2922
ab1da857 2923void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2924{
ab1da857 2925 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2926}
2927
aab33094 2928/* XXX: optimize */
db3be60d 2929void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
aab33094
FB		 2930{
2931 uint8_t v = val;
db3be60d 2932 address_space_rw(as, addr, &v, 1, 1);
aab33094
FB		 2933}
2934
733f0b02 2935/* warning: addr must be aligned */
5ce5944d
EI		 2936static inline void stw_phys_internal(AddressSpace *as,
2937 hwaddr addr, uint32_t val,
1e78bcc1 2938 enum device_endian endian)
aab33094 2939{
733f0b02 2940 uint8_t *ptr;
5c8a00ce 2941 MemoryRegion *mr;
149f54b5
PB		 2942 hwaddr l = 2;
2943 hwaddr addr1;
733f0b02 2944
5ce5944d 2945 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 2946 if (l < 2 || !memory_access_is_direct(mr, true)) {
1e78bcc1
AG		 2947#if defined(TARGET_WORDS_BIGENDIAN)
2948 if (endian == DEVICE_LITTLE_ENDIAN) {
2949 val = bswap16(val);
2950 }
2951#else
2952 if (endian == DEVICE_BIG_ENDIAN) {
2953 val = bswap16(val);
2954 }
2955#endif
5c8a00ce 2956 io_mem_write(mr, addr1, val, 2);
733f0b02 2957 } else {
733f0b02 2958 /* RAM case */
5c8a00ce 2959 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 2960 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 2961 switch (endian) {
2962 case DEVICE_LITTLE_ENDIAN:
2963 stw_le_p(ptr, val);
2964 break;
2965 case DEVICE_BIG_ENDIAN:
2966 stw_be_p(ptr, val);
2967 break;
2968 default:
2969 stw_p(ptr, val);
2970 break;
2971 }
51d7a9eb 2972 invalidate_and_set_dirty(addr1, 2);
733f0b02 2973 }
aab33094
FB		 2974}
2975
5ce5944d 2976void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2977{
5ce5944d 2978 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
1e78bcc1
AG		 2979}
2980
5ce5944d 2981void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2982{
5ce5944d 2983 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
1e78bcc1
AG		 2984}
2985
5ce5944d 2986void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 2987{
5ce5944d 2988 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
1e78bcc1
AG		 2989}
2990
aab33094 2991/* XXX: optimize */
f606604f 2992void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
aab33094
FB		 2993{
2994 val = tswap64(val);
f606604f 2995 address_space_rw(as, addr, (void *) &val, 8, 1);
aab33094
FB		 2996}
2997
f606604f 2998void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1
AG		 2999{
3000 val = cpu_to_le64(val);
f606604f 3001 address_space_rw(as, addr, (void *) &val, 8, 1);
1e78bcc1
AG		 3002}
3003
f606604f 3004void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1
AG		 3005{
3006 val = cpu_to_be64(val);
f606604f 3007 address_space_rw(as, addr, (void *) &val, 8, 1);
1e78bcc1
AG		 3008}
3009
5e2972fd 3010/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3011int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3012 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3013{
3014 int l;
a8170e5e 3015 hwaddr phys_addr;
9b3c35e0 3016 target_ulong page;
13eb76e0
FB		 3017
3018 while (len > 0) {
3019 page = addr & TARGET_PAGE_MASK;
f17ec444 3020 phys_addr = cpu_get_phys_page_debug(cpu, page);
13eb76e0
FB		 3021 /* if no physical page mapped, return an error */
3022 if (phys_addr == -1)
3023 return -1;
3024 l = (page + TARGET_PAGE_SIZE) - addr;
3025 if (l > len)
3026 l = len;
5e2972fd 3027 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b
EI		 3028 if (is_write) {
3029 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3030 } else {
3031 address_space_rw(cpu->as, phys_addr, buf, l, 0);
3032 }
13eb76e0
FB		 3033 len -= l;
3034 buf += l;
3035 addr += l;
3036 }
3037 return 0;
3038}
a68fe89c 3039#endif
13eb76e0 3040
8e4a424b
BS		 3041/*
3042 * A helper function for the _utterly broken_ virtio device model to find out if
3043 * it's running on a big endian machine. Don't do this at home kids!
3044 */
98ed8ecf
GK		 3045bool target_words_bigendian(void);
3046bool target_words_bigendian(void)
8e4a424b
BS		 3047{
3048#if defined(TARGET_WORDS_BIGENDIAN)
3049 return true;
3050#else
3051 return false;
3052#endif
3053}
3054
76f35538 3055#ifndef CONFIG_USER_ONLY
a8170e5e 3056bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3057{
5c8a00ce 3058 MemoryRegion*mr;
149f54b5 3059 hwaddr l = 1;
76f35538 3060
5c8a00ce
PB		 3061 mr = address_space_translate(&address_space_memory,
3062 phys_addr, &phys_addr, &l, false);
76f35538 3063
5c8a00ce
PB		 3064 return !(memory_region_is_ram(mr) ||
3065 memory_region_is_romd(mr));
76f35538 3066}
bd2fa51f
MH		 3067
3068void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3069{
3070 RAMBlock *block;
3071
0dc3f44a
MD		 3072 rcu_read_lock();
3073 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 3074 func(block->host, block->offset, block->used_length, opaque);
bd2fa51f 3075 }
0dc3f44a 3076 rcu_read_unlock();
bd2fa51f 3077}
ec3f8c99 3078#endif
QEMU mirror