]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
exec: call cpu_exec_exit() from a CPU unrealize common function
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
efee678d 258static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
efee678d 278 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
b35ba30f 310 if (d->phys_map.skip) {
efee678d 311 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 312 }
313}
314
29cb533d
FZ		 315static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317{
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324}
325
97115a8d 326static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 327 Node *nodes, MemoryRegionSection *sections)
92e873b9 328{
31ab2b4a 329 PhysPageEntry *p;
97115a8d 330 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 331 int i;
f1f6e3b8 332
9736e55b 333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 335 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 336 }
9affd6fc 337 p = nodes[lp.ptr];
03f49957 338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 339 }
b35ba30f 340
29cb533d 341 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
f3705d53
AK		 346}
347
e5548617
BS		 348bool memory_region_is_unassigned(MemoryRegion *mr)
349{
2a8e7499 350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 351 && mr != &io_mem_watch;
fd6ce8f6 352}
149f54b5 353
79e2b9ae 354/* Called from RCU critical section */
c7086b4a 355static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 356 hwaddr addr,
357 bool resolve_subpage)
9f029603 358{
729633c2 359 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 360 subpage_t *subpage;
729633c2 361 bool update;
90260c6c 362
729633c2
FZ		 363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
90260c6c
JK		 371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 374 }
729633c2
FZ		 375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
90260c6c 378 return section;
9f029603
JK		 379}
380
79e2b9ae 381/* Called from RCU critical section */
90260c6c 382static MemoryRegionSection *
c7086b4a 383address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 384 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 385{
386 MemoryRegionSection *section;
965eb2fc 387 MemoryRegion *mr;
a87f3954 388 Int128 diff;
149f54b5 389
c7086b4a 390 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
965eb2fc 397 mr = section->mr;
b242e0e0
PB		 398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
965eb2fc 410 if (memory_region_is_ram(mr)) {
e4a511f8 411 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
149f54b5
PB		 414 return section;
415}
90260c6c 416
41063e1e 417/* Called from RCU critical section */
5c8a00ce
PB		 418MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
90260c6c 421{
30951157
AK		 422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
30951157
AK		 425
426 for (;;) {
79e2b9ae
PB		 427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
8d7b8cb9 435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
23820dbf 438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
fe680d0d 447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 449 *plen = MIN(page, *plen);
a87f3954
PB		 450 }
451
30951157
AK		 452 *xlat = addr;
453 return mr;
90260c6c
JK		 454}
455
79e2b9ae 456/* Called from RCU critical section */
90260c6c 457MemoryRegionSection *
d7898cda 458address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 459 hwaddr *xlat, hwaddr *plen)
90260c6c 460{
30951157 461 MemoryRegionSection *section;
d7898cda
PM		 462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 465
466 assert(!section->mr->iommu_ops);
467 return section;
90260c6c 468}
5b6dd868 469#endif
fd6ce8f6 470
b170fce3 471#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 472
473static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 474{
259186a7 475 CPUState *cpu = opaque;
a513fe19 476
5b6dd868
BS		 477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
259186a7 479 cpu->interrupt_request &= ~0x01;
c01a71c1 480 tlb_flush(cpu, 1);
5b6dd868
BS		 481
482 return 0;
a513fe19 483}
7501267e 484
6c3bff0e
PD		 485static int cpu_common_pre_load(void *opaque)
486{
487 CPUState *cpu = opaque;
488
adee6424 489 cpu->exception_index = -1;
6c3bff0e
PD		 490
491 return 0;
492}
493
494static bool cpu_common_exception_index_needed(void *opaque)
495{
496 CPUState *cpu = opaque;
497
adee6424 498 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 499}
500
501static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
5cd8cada 505 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510};
511
bac05aa9
AS		 512static bool cpu_common_crash_occurred_needed(void *opaque)
513{
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517}
518
519static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528};
529
1a1562f5 530const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
6c3bff0e 534 .pre_load = cpu_common_pre_load,
5b6dd868 535 .post_load = cpu_common_post_load,
35d08458 536 .fields = (VMStateField[]) {
259186a7
AF		 537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 539 VMSTATE_END_OF_LIST()
6c3bff0e 540 },
5cd8cada
JQ		 541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
bac05aa9 543 &vmstate_cpu_common_crash_occurred,
5cd8cada 544 NULL
5b6dd868
BS		 545 }
546};
1a1562f5 547
5b6dd868 548#endif
ea041c0e 549
38d8f5c8 550CPUState *qemu_get_cpu(int index)
ea041c0e 551{
bdc44640 552 CPUState *cpu;
ea041c0e 553
bdc44640 554 CPU_FOREACH(cpu) {
55e5c285 555 if (cpu->cpu_index == index) {
bdc44640 556 return cpu;
55e5c285 557 }
ea041c0e 558 }
5b6dd868 559
bdc44640 560 return NULL;
ea041c0e
FB		 561}
562
09daed84 563#if !defined(CONFIG_USER_ONLY)
56943e8c 564void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 565{
12ebc9a7
PM		 566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
56943e8c
PM		 571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
12ebc9a7
PM		 576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
09daed84 578
12ebc9a7
PM		 579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 581 }
32857f4d 582
12ebc9a7
PM		 583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
56943e8c 586 if (tcg_enabled()) {
12ebc9a7
PM		 587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 589 }
09daed84 590}
651a5bc0
PM		 591
592AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593{
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596}
09daed84
EI		 597#endif
598
7bbc124e 599void cpu_exec_unrealizefn(CPUState *cpu)
1c59eb39 600{
9dfeca7c
BR		 601 CPUClass *cc = CPU_GET_CLASS(cpu);
602
267f685b 603 cpu_list_remove(cpu);
9dfeca7c
BR		 604
605 if (cc->vmsd != NULL) {
606 vmstate_unregister(NULL, cc->vmsd, cpu);
607 }
608 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
609 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
610 }
1c59eb39
BR		 611}
612
39e329e3 613void cpu_exec_initfn(CPUState *cpu)
ea041c0e 614{
56943e8c 615 cpu->as = NULL;
12ebc9a7 616 cpu->num_ases = 0;
56943e8c 617
291135b5 618#ifndef CONFIG_USER_ONLY
291135b5 619 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 620
621 /* This is a softmmu CPU object, so create a property for it
622 * so users can wire up its memory. (This can't go in qom/cpu.c
623 * because that file is compiled only once for both user-mode
624 * and system builds.) The default if no link is set up is to use
625 * the system address space.
626 */
627 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
628 (Object **)&cpu->memory,
629 qdev_prop_allow_set_link_before_realize,
630 OBJ_PROP_LINK_UNREF_ON_RELEASE,
631 &error_abort);
632 cpu->memory = system_memory;
633 object_ref(OBJECT(cpu->memory));
291135b5 634#endif
39e329e3
LV		 635}
636
ce5b1bbf 637void cpu_exec_realizefn(CPUState *cpu, Error **errp)
39e329e3
LV		 638{
639 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
291135b5 640
267f685b 641 cpu_list_add(cpu);
1bc7e522
IM		 642
643#ifndef CONFIG_USER_ONLY
e0d47944 644 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 645 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 646 }
b170fce3 647 if (cc->vmsd != NULL) {
741da0d3 648 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 649 }
741da0d3 650#endif
ea041c0e
FB		 651}
652
94df27fd 653#if defined(CONFIG_USER_ONLY)
00b941e5 654static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 655{
656 tb_invalidate_phys_page_range(pc, pc + 1, 0);
657}
658#else
00b941e5 659static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 660{
5232e4c7
PM		 661 MemTxAttrs attrs;
662 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
663 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 664 if (phys != -1) {
5232e4c7 665 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 666 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 667 }
1e7855a5 668}
c27004ec 669#endif
d720b93d 670
c527ee8f 671#if defined(CONFIG_USER_ONLY)
75a34036 672void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 673
674{
675}
676
3ee887e8
PM		 677int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
678 int flags)
679{
680 return -ENOSYS;
681}
682
683void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
684{
685}
686
75a34036 687int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 688 int flags, CPUWatchpoint **watchpoint)
689{
690 return -ENOSYS;
691}
692#else
6658ffb8 693/* Add a watchpoint. */
75a34036 694int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 695 int flags, CPUWatchpoint **watchpoint)
6658ffb8 696{
c0ce998e 697 CPUWatchpoint *wp;
6658ffb8 698
05068c0d 699 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 700 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 701 error_report("tried to set invalid watchpoint at %"
702 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 703 return -EINVAL;
704 }
7267c094 705 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 706
707 wp->vaddr = addr;
05068c0d 708 wp->len = len;
a1d1bb31
AL		 709 wp->flags = flags;
710
2dc9f411 711 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 712 if (flags & BP_GDB) {
713 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
714 } else {
715 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
716 }
6658ffb8 717
31b030d4 718 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 719
720 if (watchpoint)
721 *watchpoint = wp;
722 return 0;
6658ffb8
PB		 723}
724
a1d1bb31 725/* Remove a specific watchpoint. */
75a34036 726int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 727 int flags)
6658ffb8 728{
a1d1bb31 729 CPUWatchpoint *wp;
6658ffb8 730
ff4700b0 731 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 732 if (addr == wp->vaddr && len == wp->len
6e140f28 733 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 734 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 735 return 0;
736 }
737 }
a1d1bb31 738 return -ENOENT;
6658ffb8
PB		 739}
740
a1d1bb31 741/* Remove a specific watchpoint by reference. */
75a34036 742void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 743{
ff4700b0 744 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 745
31b030d4 746 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 747
7267c094 748 g_free(watchpoint);
a1d1bb31
AL		 749}
750
751/* Remove all matching watchpoints. */
75a34036 752void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 753{
c0ce998e 754 CPUWatchpoint *wp, *next;
a1d1bb31 755
ff4700b0 756 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 757 if (wp->flags & mask) {
758 cpu_watchpoint_remove_by_ref(cpu, wp);
759 }
c0ce998e 760 }
7d03f82f 761}
05068c0d
PM		 762
763/* Return true if this watchpoint address matches the specified
764 * access (ie the address range covered by the watchpoint overlaps
765 * partially or completely with the address range covered by the
766 * access).
767 */
768static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
769 vaddr addr,
770 vaddr len)
771{
772 /* We know the lengths are non-zero, but a little caution is
773 * required to avoid errors in the case where the range ends
774 * exactly at the top of the address space and so addr + len
775 * wraps round to zero.
776 */
777 vaddr wpend = wp->vaddr + wp->len - 1;
778 vaddr addrend = addr + len - 1;
779
780 return !(addr > wpend || wp->vaddr > addrend);
781}
782
c527ee8f 783#endif
7d03f82f 784
a1d1bb31 785/* Add a breakpoint. */
b3310ab3 786int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 787 CPUBreakpoint **breakpoint)
4c3a88a2 788{
c0ce998e 789 CPUBreakpoint *bp;
3b46e624 790
7267c094 791 bp = g_malloc(sizeof(*bp));
4c3a88a2 792
a1d1bb31
AL		 793 bp->pc = pc;
794 bp->flags = flags;
795
2dc9f411 796 /* keep all GDB-injected breakpoints in front */
00b941e5 797 if (flags & BP_GDB) {
f0c3c505 798 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 799 } else {
f0c3c505 800 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 801 }
3b46e624 802
f0c3c505 803 breakpoint_invalidate(cpu, pc);
a1d1bb31 804
00b941e5 805 if (breakpoint) {
a1d1bb31 806 *breakpoint = bp;
00b941e5 807 }
4c3a88a2 808 return 0;
4c3a88a2
FB		 809}
810
a1d1bb31 811/* Remove a specific breakpoint. */
b3310ab3 812int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 813{
a1d1bb31
AL		 814 CPUBreakpoint *bp;
815
f0c3c505 816 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 817 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 818 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 819 return 0;
820 }
7d03f82f 821 }
a1d1bb31 822 return -ENOENT;
7d03f82f
EI		 823}
824
a1d1bb31 825/* Remove a specific breakpoint by reference. */
b3310ab3 826void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 827{
f0c3c505
AF		 828 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
829
830 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 831
7267c094 832 g_free(breakpoint);
a1d1bb31
AL		 833}
834
835/* Remove all matching breakpoints. */
b3310ab3 836void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 837{
c0ce998e 838 CPUBreakpoint *bp, *next;
a1d1bb31 839
f0c3c505 840 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 841 if (bp->flags & mask) {
842 cpu_breakpoint_remove_by_ref(cpu, bp);
843 }
c0ce998e 844 }
4c3a88a2
FB		 845}
846
c33a346e
FB		 847/* enable or disable single step mode. EXCP_DEBUG is returned by the
848 CPU loop after each instruction */
3825b28f 849void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 850{
ed2803da
AF		 851 if (cpu->singlestep_enabled != enabled) {
852 cpu->singlestep_enabled = enabled;
853 if (kvm_enabled()) {
38e478ec 854 kvm_update_guest_debug(cpu, 0);
ed2803da 855 } else {
ccbb4d44 856 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 857 /* XXX: only flush what is necessary */
bbd77c18 858 tb_flush(cpu);
e22a25c9 859 }
c33a346e 860 }
c33a346e
FB		 861}
862
a47dddd7 863void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 864{
865 va_list ap;
493ae1f0 866 va_list ap2;
7501267e
FB		 867
868 va_start(ap, fmt);
493ae1f0 869 va_copy(ap2, ap);
7501267e
FB		 870 fprintf(stderr, "qemu: fatal: ");
871 vfprintf(stderr, fmt, ap);
872 fprintf(stderr, "\n");
878096ee 873 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 874 if (qemu_log_separate()) {
93fcfe39
AL		 875 qemu_log("qemu: fatal: ");
876 qemu_log_vprintf(fmt, ap2);
877 qemu_log("\n");
a0762859 878 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 879 qemu_log_flush();
93fcfe39 880 qemu_log_close();
924edcae 881 }
493ae1f0 882 va_end(ap2);
f9373291 883 va_end(ap);
7615936e 884 replay_finish();
fd052bf6
RV		 885#if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892#endif
7501267e
FB		 893 abort();
894}
895
0124311e 896#if !defined(CONFIG_USER_ONLY)
0dc3f44a 897/* Called from RCU critical section */
041603fe
PB		 898static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899{
900 RAMBlock *block;
901
43771539 902 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 903 if (block && addr - block->offset < block->max_length) {
68851b98 904 return block;
041603fe 905 }
0dc3f44a 906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 907 if (addr - block->offset < block->max_length) {
041603fe
PB		 908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915found:
43771539
PB		 916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
041603fe
PB		 932 ram_list.mru_block = block;
933 return block;
934}
935
a2f4d5be 936static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 937{
9a13565d 938 CPUState *cpu;
041603fe 939 ram_addr_t start1;
a2f4d5be
JQ		 940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
d24981d3 945
0dc3f44a 946 rcu_read_lock();
041603fe
PB		 947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
1240be24 949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
0dc3f44a 953 rcu_read_unlock();
d24981d3
JQ		 954}
955
5579c7f3 956/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 957bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
1ccde1cb 960{
5b82b703 961 DirtyMemoryBlocks *blocks;
03eebc9e 962 unsigned long end, page;
5b82b703 963 bool dirty = false;
03eebc9e
SH		 964
965 if (length == 0) {
966 return false;
967 }
f23db169 968
03eebc9e
SH		 969 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
970 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 971
972 rcu_read_lock();
973
974 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
975
976 while (page < end) {
977 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
978 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
979 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
980
981 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
982 offset, num);
983 page += num;
984 }
985
986 rcu_read_unlock();
03eebc9e
SH		 987
988 if (dirty && tcg_enabled()) {
a2f4d5be 989 tlb_reset_dirty_range_all(start, length);
5579c7f3 990 }
03eebc9e
SH		 991
992 return dirty;
1ccde1cb
FB		 993}
994
79e2b9ae 995/* Called from RCU critical section */
bb0e627a 996hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 997 MemoryRegionSection *section,
998 target_ulong vaddr,
999 hwaddr paddr, hwaddr xlat,
1000 int prot,
1001 target_ulong *address)
e5548617 1002{
a8170e5e 1003 hwaddr iotlb;
e5548617
BS		 1004 CPUWatchpoint *wp;
1005
cc5bea60 1006 if (memory_region_is_ram(section->mr)) {
e5548617 1007 /* Normal RAM. */
e4e69794 1008 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1009 if (!section->readonly) {
b41aac4f 1010 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1011 } else {
b41aac4f 1012 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1013 }
1014 } else {
0b8e2c10
PM		 1015 AddressSpaceDispatch *d;
1016
1017 d = atomic_rcu_read(&section->address_space->dispatch);
1018 iotlb = section - d->map.sections;
149f54b5 1019 iotlb += xlat;
e5548617
BS		 1020 }
1021
1022 /* Make accesses to pages with watchpoints go via the
1023 watchpoint trap routines. */
ff4700b0 1024 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1025 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1026 /* Avoid trapping reads of pages with a write breakpoint. */
1027 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1028 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1029 *address |= TLB_MMIO;
1030 break;
1031 }
1032 }
1033 }
1034
1035 return iotlb;
1036}
9fa3e853
FB		 1037#endif /* defined(CONFIG_USER_ONLY) */
1038
e2eef170 1039#if !defined(CONFIG_USER_ONLY)
8da3ff18 1040
c227f099 1041static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1042 uint16_t section);
acc9d80b 1043static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1044
a2b257d6
IM		 1045static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1046 qemu_anon_ram_alloc;
91138037
MA		 1047
1048/*
1049 * Set a custom physical guest memory alloator.
1050 * Accelerators with unusual needs may need this. Hopefully, we can
1051 * get rid of it eventually.
1052 */
a2b257d6 1053void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1054{
1055 phys_mem_alloc = alloc;
1056}
1057
53cb28cb
MA		 1058static uint16_t phys_section_add(PhysPageMap *map,
1059 MemoryRegionSection *section)
5312bd8b 1060{
68f3f65b
PB		 1061 /* The physical section number is ORed with a page-aligned
1062 * pointer to produce the iotlb entries. Thus it should
1063 * never overflow into the page-aligned value.
1064 */
53cb28cb 1065 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1066
53cb28cb
MA		 1067 if (map->sections_nb == map->sections_nb_alloc) {
1068 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1069 map->sections = g_renew(MemoryRegionSection, map->sections,
1070 map->sections_nb_alloc);
5312bd8b 1071 }
53cb28cb 1072 map->sections[map->sections_nb] = *section;
dfde4e6e 1073 memory_region_ref(section->mr);
53cb28cb 1074 return map->sections_nb++;
5312bd8b
AK		 1075}
1076
058bc4b5
PB		 1077static void phys_section_destroy(MemoryRegion *mr)
1078{
55b4e80b
DS		 1079 bool have_sub_page = mr->subpage;
1080
dfde4e6e
PB		 1081 memory_region_unref(mr);
1082
55b4e80b 1083 if (have_sub_page) {
058bc4b5 1084 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1085 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1086 g_free(subpage);
1087 }
1088}
1089
6092666e 1090static void phys_sections_free(PhysPageMap *map)
5312bd8b 1091{
9affd6fc
PB		 1092 while (map->sections_nb > 0) {
1093 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1094 phys_section_destroy(section->mr);
1095 }
9affd6fc
PB		 1096 g_free(map->sections);
1097 g_free(map->nodes);
5312bd8b
AK		 1098}
1099
ac1970fb 1100static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1101{
1102 subpage_t *subpage;
a8170e5e 1103 hwaddr base = section->offset_within_address_space
0f0cb164 1104 & TARGET_PAGE_MASK;
97115a8d 1105 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1106 d->map.nodes, d->map.sections);
0f0cb164
AK		 1107 MemoryRegionSection subsection = {
1108 .offset_within_address_space = base,
052e87b0 1109 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1110 };
a8170e5e 1111 hwaddr start, end;
0f0cb164 1112
f3705d53 1113 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1114
f3705d53 1115 if (!(existing->mr->subpage)) {
acc9d80b 1116 subpage = subpage_init(d->as, base);
3be91e86 1117 subsection.address_space = d->as;
0f0cb164 1118 subsection.mr = &subpage->iomem;
ac1970fb 1119 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1120 phys_section_add(&d->map, &subsection));
0f0cb164 1121 } else {
f3705d53 1122 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1123 }
1124 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1125 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1126 subpage_register(subpage, start, end,
1127 phys_section_add(&d->map, section));
0f0cb164
AK		 1128}
1129
1130
052e87b0
PB		 1131static void register_multipage(AddressSpaceDispatch *d,
1132 MemoryRegionSection *section)
33417e70 1133{
a8170e5e 1134 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1135 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1136 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1137 TARGET_PAGE_BITS));
dd81124b 1138
733d5ef5
PB		 1139 assert(num_pages);
1140 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1141}
1142
ac1970fb 1143static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1144{
89ae337a 1145 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1146 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1147 MemoryRegionSection now = *section, remain = *section;
052e87b0 1148 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1149
733d5ef5
PB		 1150 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1152 - now.offset_within_address_space;
1153
052e87b0 1154 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1155 register_subpage(d, &now);
733d5ef5 1156 } else {
052e87b0 1157 now.size = int128_zero();
733d5ef5 1158 }
052e87b0
PB		 1159 while (int128_ne(remain.size, now.size)) {
1160 remain.size = int128_sub(remain.size, now.size);
1161 remain.offset_within_address_space += int128_get64(now.size);
1162 remain.offset_within_region += int128_get64(now.size);
69b67646 1163 now = remain;
052e87b0 1164 if (int128_lt(remain.size, page_size)) {
733d5ef5 1165 register_subpage(d, &now);
88266249 1166 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1167 now.size = page_size;
ac1970fb 1168 register_subpage(d, &now);
69b67646 1169 } else {
052e87b0 1170 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1171 register_multipage(d, &now);
69b67646 1172 }
0f0cb164
AK		 1173 }
1174}
1175
62a2744c
SY		 1176void qemu_flush_coalesced_mmio_buffer(void)
1177{
1178 if (kvm_enabled())
1179 kvm_flush_coalesced_mmio_buffer();
1180}
1181
b2a8658e
UD		 1182void qemu_mutex_lock_ramlist(void)
1183{
1184 qemu_mutex_lock(&ram_list.mutex);
1185}
1186
1187void qemu_mutex_unlock_ramlist(void)
1188{
1189 qemu_mutex_unlock(&ram_list.mutex);
1190}
1191
e1e84ba0 1192#ifdef __linux__
04b16653
AW		 1193static void *file_ram_alloc(RAMBlock *block,
1194 ram_addr_t memory,
7f56e740
PB		 1195 const char *path,
1196 Error **errp)
c902760f 1197{
fd97fd44 1198 bool unlink_on_error = false;
c902760f 1199 char *filename;
8ca761f6
PF		 1200 char *sanitized_name;
1201 char *c;
056b68af 1202 void *area = MAP_FAILED;
5c3ece79 1203 int fd = -1;
c902760f
MT		 1204
1205 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1206 error_setg(errp,
1207 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1208 return NULL;
c902760f
MT		 1209 }
1210
fd97fd44
MA		 1211 for (;;) {
1212 fd = open(path, O_RDWR);
1213 if (fd >= 0) {
1214 /* @path names an existing file, use it */
1215 break;
8d31d6b6 1216 }
fd97fd44
MA		 1217 if (errno == ENOENT) {
1218 /* @path names a file that doesn't exist, create it */
1219 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1220 if (fd >= 0) {
1221 unlink_on_error = true;
1222 break;
1223 }
1224 } else if (errno == EISDIR) {
1225 /* @path names a directory, create a file there */
1226 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1227 sanitized_name = g_strdup(memory_region_name(block->mr));
1228 for (c = sanitized_name; *c != '\0'; c++) {
1229 if (*c == '/') {
1230 *c = '_';
1231 }
1232 }
8ca761f6 1233
fd97fd44
MA		 1234 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1235 sanitized_name);
1236 g_free(sanitized_name);
8d31d6b6 1237
fd97fd44
MA		 1238 fd = mkstemp(filename);
1239 if (fd >= 0) {
1240 unlink(filename);
1241 g_free(filename);
1242 break;
1243 }
1244 g_free(filename);
8d31d6b6 1245 }
fd97fd44
MA		 1246 if (errno != EEXIST && errno != EINTR) {
1247 error_setg_errno(errp, errno,
1248 "can't open backing store %s for guest RAM",
1249 path);
1250 goto error;
1251 }
1252 /*
1253 * Try again on EINTR and EEXIST. The latter happens when
1254 * something else creates the file between our two open().
1255 */
8d31d6b6 1256 }
c902760f 1257
863e9621 1258 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1259 block->mr->align = block->page_size;
1260#if defined(__s390x__)
1261 if (kvm_enabled()) {
1262 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1263 }
1264#endif
fd97fd44 1265
863e9621 1266 if (memory < block->page_size) {
fd97fd44 1267 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1268 "or larger than page size 0x%zx",
1269 memory, block->page_size);
f9a49dfa 1270 goto error;
c902760f 1271 }
c902760f 1272
863e9621 1273 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1274
1275 /*
1276 * ftruncate is not supported by hugetlbfs in older
1277 * hosts, so don't bother bailing out on errors.
1278 * If anything goes wrong with it under other filesystems,
1279 * mmap will fail.
1280 */
7f56e740 1281 if (ftruncate(fd, memory)) {
9742bf26 1282 perror("ftruncate");
7f56e740 1283 }
c902760f 1284
d2f39add
DD		 1285 area = qemu_ram_mmap(fd, memory, block->mr->align,
1286 block->flags & RAM_SHARED);
c902760f 1287 if (area == MAP_FAILED) {
7f56e740 1288 error_setg_errno(errp, errno,
fd97fd44 1289 "unable to map backing store for guest RAM");
f9a49dfa 1290 goto error;
c902760f 1291 }
ef36fa14
MT		 1292
1293 if (mem_prealloc) {
056b68af
IM		 1294 os_mem_prealloc(fd, area, memory, errp);
1295 if (errp && *errp) {
1296 goto error;
1297 }
ef36fa14
MT		 1298 }
1299
04b16653 1300 block->fd = fd;
c902760f 1301 return area;
f9a49dfa
MT		 1302
1303error:
056b68af
IM		 1304 if (area != MAP_FAILED) {
1305 qemu_ram_munmap(area, memory);
1306 }
fd97fd44
MA		 1307 if (unlink_on_error) {
1308 unlink(path);
1309 }
5c3ece79
PB		 1310 if (fd != -1) {
1311 close(fd);
1312 }
f9a49dfa 1313 return NULL;
c902760f
MT		 1314}
1315#endif
1316
0dc3f44a 1317/* Called with the ramlist lock held. */
d17b5288 1318static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1319{
1320 RAMBlock *block, *next_block;
3e837b2c 1321 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1322
49cd9ac6
SH		 1323 assert(size != 0); /* it would hand out same offset multiple times */
1324
0dc3f44a 1325 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1326 return 0;
0d53d9fe 1327 }
04b16653 1328
0dc3f44a 1329 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1330 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1331
62be4e3a 1332 end = block->offset + block->max_length;
04b16653 1333
0dc3f44a 1334 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1335 if (next_block->offset >= end) {
1336 next = MIN(next, next_block->offset);
1337 }
1338 }
1339 if (next - end >= size && next - end < mingap) {
3e837b2c 1340 offset = end;
04b16653
AW		 1341 mingap = next - end;
1342 }
1343 }
3e837b2c
AW		 1344
1345 if (offset == RAM_ADDR_MAX) {
1346 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1347 (uint64_t)size);
1348 abort();
1349 }
1350
04b16653
AW		 1351 return offset;
1352}
1353
652d7ec2 1354ram_addr_t last_ram_offset(void)
d17b5288
AW		 1355{
1356 RAMBlock *block;
1357 ram_addr_t last = 0;
1358
0dc3f44a
MD		 1359 rcu_read_lock();
1360 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1361 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1362 }
0dc3f44a 1363 rcu_read_unlock();
d17b5288
AW		 1364 return last;
1365}
1366
ddb97f1d
JB		 1367static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1368{
1369 int ret;
ddb97f1d
JB		 1370
1371 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1372 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1373 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1374 if (ret) {
1375 perror("qemu_madvise");
1376 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1377 "but dump_guest_core=off specified\n");
1378 }
1379 }
1380}
1381
422148d3
DDAG		 1382const char *qemu_ram_get_idstr(RAMBlock *rb)
1383{
1384 return rb->idstr;
1385}
1386
ae3a7047 1387/* Called with iothread lock held. */
fa53a0e5 1388void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1389{
fa53a0e5 1390 RAMBlock *block;
20cfe881 1391
c5705a77
AK		 1392 assert(new_block);
1393 assert(!new_block->idstr[0]);
84b89d78 1394
09e5ab63
AL		 1395 if (dev) {
1396 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1397 if (id) {
1398 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1399 g_free(id);
84b89d78
CM		 1400 }
1401 }
1402 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1403
ab0a9956 1404 rcu_read_lock();
0dc3f44a 1405 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1406 if (block != new_block &&
1407 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1408 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1409 new_block->idstr);
1410 abort();
1411 }
1412 }
0dc3f44a 1413 rcu_read_unlock();
c5705a77
AK		 1414}
1415
ae3a7047 1416/* Called with iothread lock held. */
fa53a0e5 1417void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1418{
ae3a7047
MD		 1419 /* FIXME: arch_init.c assumes that this is not called throughout
1420 * migration. Ignore the problem since hot-unplug during migration
1421 * does not work anyway.
1422 */
20cfe881
HT		 1423 if (block) {
1424 memset(block->idstr, 0, sizeof(block->idstr));
1425 }
1426}
1427
863e9621
DDAG		 1428size_t qemu_ram_pagesize(RAMBlock *rb)
1429{
1430 return rb->page_size;
1431}
1432
8490fc78
LC		 1433static int memory_try_enable_merging(void *addr, size_t len)
1434{
75cc7f01 1435 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1436 /* disabled by the user */
1437 return 0;
1438 }
1439
1440 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1441}
1442
62be4e3a
MT		 1443/* Only legal before guest might have detected the memory size: e.g. on
1444 * incoming migration, or right after reset.
1445 *
1446 * As memory core doesn't know how is memory accessed, it is up to
1447 * resize callback to update device state and/or add assertions to detect
1448 * misuse, if necessary.
1449 */
fa53a0e5 1450int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1451{
62be4e3a
MT		 1452 assert(block);
1453
4ed023ce 1454 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1455
62be4e3a
MT		 1456 if (block->used_length == newsize) {
1457 return 0;
1458 }
1459
1460 if (!(block->flags & RAM_RESIZEABLE)) {
1461 error_setg_errno(errp, EINVAL,
1462 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1463 " in != 0x" RAM_ADDR_FMT, block->idstr,
1464 newsize, block->used_length);
1465 return -EINVAL;
1466 }
1467
1468 if (block->max_length < newsize) {
1469 error_setg_errno(errp, EINVAL,
1470 "Length too large: %s: 0x" RAM_ADDR_FMT
1471 " > 0x" RAM_ADDR_FMT, block->idstr,
1472 newsize, block->max_length);
1473 return -EINVAL;
1474 }
1475
1476 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1477 block->used_length = newsize;
58d2707e
PB		 1478 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1479 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1480 memory_region_set_size(block->mr, newsize);
1481 if (block->resized) {
1482 block->resized(block->idstr, newsize, block->host);
1483 }
1484 return 0;
1485}
1486
5b82b703
SH		 1487/* Called with ram_list.mutex held */
1488static void dirty_memory_extend(ram_addr_t old_ram_size,
1489 ram_addr_t new_ram_size)
1490{
1491 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1492 DIRTY_MEMORY_BLOCK_SIZE);
1493 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1494 DIRTY_MEMORY_BLOCK_SIZE);
1495 int i;
1496
1497 /* Only need to extend if block count increased */
1498 if (new_num_blocks <= old_num_blocks) {
1499 return;
1500 }
1501
1502 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1503 DirtyMemoryBlocks *old_blocks;
1504 DirtyMemoryBlocks *new_blocks;
1505 int j;
1506
1507 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1508 new_blocks = g_malloc(sizeof(*new_blocks) +
1509 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1510
1511 if (old_num_blocks) {
1512 memcpy(new_blocks->blocks, old_blocks->blocks,
1513 old_num_blocks * sizeof(old_blocks->blocks[0]));
1514 }
1515
1516 for (j = old_num_blocks; j < new_num_blocks; j++) {
1517 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1518 }
1519
1520 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1521
1522 if (old_blocks) {
1523 g_free_rcu(old_blocks, rcu);
1524 }
1525 }
1526}
1527
528f46af 1528static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1529{
e1c57ab8 1530 RAMBlock *block;
0d53d9fe 1531 RAMBlock *last_block = NULL;
2152f5ca 1532 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1533 Error *err = NULL;
2152f5ca
JQ		 1534
1535 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1536
b2a8658e 1537 qemu_mutex_lock_ramlist();
9b8424d5 1538 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1539
1540 if (!new_block->host) {
1541 if (xen_enabled()) {
9b8424d5 1542 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1543 new_block->mr, &err);
1544 if (err) {
1545 error_propagate(errp, err);
1546 qemu_mutex_unlock_ramlist();
39c350ee 1547 return;
37aa7a0e 1548 }
e1c57ab8 1549 } else {
9b8424d5 1550 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1551 &new_block->mr->align);
39228250 1552 if (!new_block->host) {
ef701d7b
HT		 1553 error_setg_errno(errp, errno,
1554 "cannot set up guest memory '%s'",
1555 memory_region_name(new_block->mr));
1556 qemu_mutex_unlock_ramlist();
39c350ee 1557 return;
39228250 1558 }
9b8424d5 1559 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1560 }
c902760f 1561 }
94a6b54f 1562
dd631697
LZ		 1563 new_ram_size = MAX(old_ram_size,
1564 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1565 if (new_ram_size > old_ram_size) {
1566 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1567 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1568 }
0d53d9fe
MD		 1569 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1570 * QLIST (which has an RCU-friendly variant) does not have insertion at
1571 * tail, so save the last element in last_block.
1572 */
0dc3f44a 1573 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1574 last_block = block;
9b8424d5 1575 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1576 break;
1577 }
1578 }
1579 if (block) {
0dc3f44a 1580 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1581 } else if (last_block) {
0dc3f44a 1582 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1583 } else { /* list is empty */
0dc3f44a 1584 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1585 }
0d6d3c87 1586 ram_list.mru_block = NULL;
94a6b54f 1587
0dc3f44a
MD		 1588 /* Write list before version */
1589 smp_wmb();
f798b07f 1590 ram_list.version++;
b2a8658e 1591 qemu_mutex_unlock_ramlist();
f798b07f 1592
9b8424d5 1593 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1594 new_block->used_length,
1595 DIRTY_CLIENTS_ALL);
94a6b54f 1596
a904c911
PB		 1597 if (new_block->host) {
1598 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1599 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1600 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1601 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1602 }
94a6b54f 1603}
e9a1ab19 1604
0b183fc8 1605#ifdef __linux__
528f46af
FZ		 1606RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1607 bool share, const char *mem_path,
1608 Error **errp)
e1c57ab8
PB		 1609{
1610 RAMBlock *new_block;
ef701d7b 1611 Error *local_err = NULL;
e1c57ab8
PB		 1612
1613 if (xen_enabled()) {
7f56e740 1614 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1615 return NULL;
e1c57ab8
PB		 1616 }
1617
1618 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1619 /*
1620 * file_ram_alloc() needs to allocate just like
1621 * phys_mem_alloc, but we haven't bothered to provide
1622 * a hook there.
1623 */
7f56e740
PB		 1624 error_setg(errp,
1625 "-mem-path not supported with this accelerator");
528f46af 1626 return NULL;
e1c57ab8
PB		 1627 }
1628
4ed023ce 1629 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1630 new_block = g_malloc0(sizeof(*new_block));
1631 new_block->mr = mr;
9b8424d5
MT		 1632 new_block->used_length = size;
1633 new_block->max_length = size;
dbcb8981 1634 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1635 new_block->host = file_ram_alloc(new_block, size,
1636 mem_path, errp);
1637 if (!new_block->host) {
1638 g_free(new_block);
528f46af 1639 return NULL;
7f56e740
PB		 1640 }
1641
528f46af 1642 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1643 if (local_err) {
1644 g_free(new_block);
1645 error_propagate(errp, local_err);
528f46af 1646 return NULL;
ef701d7b 1647 }
528f46af 1648 return new_block;
e1c57ab8 1649}
0b183fc8 1650#endif
e1c57ab8 1651
62be4e3a 1652static
528f46af
FZ		 1653RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1654 void (*resized)(const char*,
1655 uint64_t length,
1656 void *host),
1657 void *host, bool resizeable,
1658 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1659{
1660 RAMBlock *new_block;
ef701d7b 1661 Error *local_err = NULL;
e1c57ab8 1662
4ed023ce
DDAG		 1663 size = HOST_PAGE_ALIGN(size);
1664 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1665 new_block = g_malloc0(sizeof(*new_block));
1666 new_block->mr = mr;
62be4e3a 1667 new_block->resized = resized;
9b8424d5
MT		 1668 new_block->used_length = size;
1669 new_block->max_length = max_size;
62be4e3a 1670 assert(max_size >= size);
e1c57ab8 1671 new_block->fd = -1;
863e9621 1672 new_block->page_size = getpagesize();
e1c57ab8
PB		 1673 new_block->host = host;
1674 if (host) {
7bd4f430 1675 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1676 }
62be4e3a
MT		 1677 if (resizeable) {
1678 new_block->flags |= RAM_RESIZEABLE;
1679 }
528f46af 1680 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1681 if (local_err) {
1682 g_free(new_block);
1683 error_propagate(errp, local_err);
528f46af 1684 return NULL;
ef701d7b 1685 }
528f46af 1686 return new_block;
e1c57ab8
PB		 1687}
1688
528f46af 1689RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1690 MemoryRegion *mr, Error **errp)
1691{
1692 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1693}
1694
528f46af 1695RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1696{
62be4e3a
MT		 1697 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1698}
1699
528f46af 1700RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1701 void (*resized)(const char*,
1702 uint64_t length,
1703 void *host),
1704 MemoryRegion *mr, Error **errp)
1705{
1706 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1707}
1708
43771539
PB		 1709static void reclaim_ramblock(RAMBlock *block)
1710{
1711 if (block->flags & RAM_PREALLOC) {
1712 ;
1713 } else if (xen_enabled()) {
1714 xen_invalidate_map_cache_entry(block->host);
1715#ifndef _WIN32
1716 } else if (block->fd >= 0) {
2f3a2bb1 1717 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1718 close(block->fd);
1719#endif
1720 } else {
1721 qemu_anon_ram_free(block->host, block->max_length);
1722 }
1723 g_free(block);
1724}
1725
f1060c55 1726void qemu_ram_free(RAMBlock *block)
e9a1ab19 1727{
85bc2a15
MAL		 1728 if (!block) {
1729 return;
1730 }
1731
b2a8658e 1732 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1733 QLIST_REMOVE_RCU(block, next);
1734 ram_list.mru_block = NULL;
1735 /* Write list before version */
1736 smp_wmb();
1737 ram_list.version++;
1738 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1739 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1740}
1741
cd19cfa2
HY		 1742#ifndef _WIN32
1743void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1744{
1745 RAMBlock *block;
1746 ram_addr_t offset;
1747 int flags;
1748 void *area, *vaddr;
1749
0dc3f44a 1750 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1751 offset = addr - block->offset;
9b8424d5 1752 if (offset < block->max_length) {
1240be24 1753 vaddr = ramblock_ptr(block, offset);
7bd4f430 1754 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1755 ;
dfeaf2ab
MA		 1756 } else if (xen_enabled()) {
1757 abort();
cd19cfa2
HY		 1758 } else {
1759 flags = MAP_FIXED;
3435f395 1760 if (block->fd >= 0) {
dbcb8981
PB		 1761 flags |= (block->flags & RAM_SHARED ?
1762 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1763 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1764 flags, block->fd, offset);
cd19cfa2 1765 } else {
2eb9fbaa
MA		 1766 /*
1767 * Remap needs to match alloc. Accelerators that
1768 * set phys_mem_alloc never remap. If they did,
1769 * we'd need a remap hook here.
1770 */
1771 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1772
cd19cfa2
HY		 1773 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1774 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1775 flags, -1, 0);
cd19cfa2
HY		 1776 }
1777 if (area != vaddr) {
f15fbc4b
AP		 1778 fprintf(stderr, "Could not remap addr: "
1779 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1780 length, addr);
1781 exit(1);
1782 }
8490fc78 1783 memory_try_enable_merging(vaddr, length);
ddb97f1d 1784 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1785 }
cd19cfa2
HY		 1786 }
1787 }
1788}
1789#endif /* !_WIN32 */
1790
1b5ec234 1791/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1792 * This should not be used for general purpose DMA. Use address_space_map
1793 * or address_space_rw instead. For local memory (e.g. video ram) that the
1794 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1795 *
49b24afc 1796 * Called within RCU critical section.
1b5ec234 1797 */
0878d0e1 1798void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1799{
3655cb9c
GA		 1800 RAMBlock *block = ram_block;
1801
1802 if (block == NULL) {
1803 block = qemu_get_ram_block(addr);
0878d0e1 1804 addr -= block->offset;
3655cb9c 1805 }
ae3a7047
MD		 1806
1807 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1808 /* We need to check if the requested address is in the RAM
1809 * because we don't want to map the entire memory in QEMU.
1810 * In that case just map until the end of the page.
1811 */
1812 if (block->offset == 0) {
49b24afc 1813 return xen_map_cache(addr, 0, 0);
0d6d3c87 1814 }
ae3a7047
MD		 1815
1816 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1817 }
0878d0e1 1818 return ramblock_ptr(block, addr);
dc828ca1
PB		 1819}
1820
0878d0e1 1821/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1822 * but takes a size argument.
0dc3f44a 1823 *
e81bcda5 1824 * Called within RCU critical section.
ae3a7047 1825 */
3655cb9c
GA		 1826static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1827 hwaddr *size)
38bee5dc 1828{
3655cb9c 1829 RAMBlock *block = ram_block;
8ab934f9
SS		 1830 if (*size == 0) {
1831 return NULL;
1832 }
e81bcda5 1833
3655cb9c
GA		 1834 if (block == NULL) {
1835 block = qemu_get_ram_block(addr);
0878d0e1 1836 addr -= block->offset;
3655cb9c 1837 }
0878d0e1 1838 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1839
1840 if (xen_enabled() && block->host == NULL) {
1841 /* We need to check if the requested address is in the RAM
1842 * because we don't want to map the entire memory in QEMU.
1843 * In that case just map the requested area.
1844 */
1845 if (block->offset == 0) {
1846 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1847 }
1848
e81bcda5 1849 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1850 }
e81bcda5 1851
0878d0e1 1852 return ramblock_ptr(block, addr);
38bee5dc
SS		 1853}
1854
422148d3
DDAG		 1855/*
1856 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1857 * in that RAMBlock.
1858 *
1859 * ptr: Host pointer to look up
1860 * round_offset: If true round the result offset down to a page boundary
1861 * *ram_addr: set to result ram_addr
1862 * *offset: set to result offset within the RAMBlock
1863 *
1864 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1865 *
1866 * By the time this function returns, the returned pointer is not protected
1867 * by RCU anymore. If the caller is not within an RCU critical section and
1868 * does not hold the iothread lock, it must have other means of protecting the
1869 * pointer, such as a reference to the region that includes the incoming
1870 * ram_addr_t.
1871 */
422148d3 1872RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1873 ram_addr_t *offset)
5579c7f3 1874{
94a6b54f
PB		 1875 RAMBlock *block;
1876 uint8_t *host = ptr;
1877
868bb33f 1878 if (xen_enabled()) {
f615f396 1879 ram_addr_t ram_addr;
0dc3f44a 1880 rcu_read_lock();
f615f396
PB		 1881 ram_addr = xen_ram_addr_from_mapcache(ptr);
1882 block = qemu_get_ram_block(ram_addr);
422148d3 1883 if (block) {
d6b6aec4 1884 *offset = ram_addr - block->offset;
422148d3 1885 }
0dc3f44a 1886 rcu_read_unlock();
422148d3 1887 return block;
712c2b41
SS		 1888 }
1889
0dc3f44a
MD		 1890 rcu_read_lock();
1891 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1892 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1893 goto found;
1894 }
1895
0dc3f44a 1896 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1897 /* This case append when the block is not mapped. */
1898 if (block->host == NULL) {
1899 continue;
1900 }
9b8424d5 1901 if (host - block->host < block->max_length) {
23887b79 1902 goto found;
f471a17e 1903 }
94a6b54f 1904 }
432d268c 1905
0dc3f44a 1906 rcu_read_unlock();
1b5ec234 1907 return NULL;
23887b79
PB		 1908
1909found:
422148d3
DDAG		 1910 *offset = (host - block->host);
1911 if (round_offset) {
1912 *offset &= TARGET_PAGE_MASK;
1913 }
0dc3f44a 1914 rcu_read_unlock();
422148d3
DDAG		 1915 return block;
1916}
1917
e3dd7493
DDAG		 1918/*
1919 * Finds the named RAMBlock
1920 *
1921 * name: The name of RAMBlock to find
1922 *
1923 * Returns: RAMBlock (or NULL if not found)
1924 */
1925RAMBlock *qemu_ram_block_by_name(const char *name)
1926{
1927 RAMBlock *block;
1928
1929 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1930 if (!strcmp(name, block->idstr)) {
1931 return block;
1932 }
1933 }
1934
1935 return NULL;
1936}
1937
422148d3
DDAG		 1938/* Some of the softmmu routines need to translate from a host pointer
1939 (typically a TLB entry) back to a ram offset. */
07bdaa41 1940ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1941{
1942 RAMBlock *block;
f615f396 1943 ram_addr_t offset;
422148d3 1944
f615f396 1945 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1946 if (!block) {
07bdaa41 1947 return RAM_ADDR_INVALID;
422148d3
DDAG		 1948 }
1949
07bdaa41 1950 return block->offset + offset;
e890261f 1951}
f471a17e 1952
49b24afc 1953/* Called within RCU critical section. */
a8170e5e 1954static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1955 uint64_t val, unsigned size)
9fa3e853 1956{
52159192 1957 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1958 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1959 }
0e0df1e2
AK		 1960 switch (size) {
1961 case 1:
0878d0e1 1962 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1963 break;
1964 case 2:
0878d0e1 1965 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1966 break;
1967 case 4:
0878d0e1 1968 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1969 break;
1970 default:
1971 abort();
3a7d929e 1972 }
58d2707e
PB		 1973 /* Set both VGA and migration bits for simplicity and to remove
1974 * the notdirty callback faster.
1975 */
1976 cpu_physical_memory_set_dirty_range(ram_addr, size,
1977 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1978 /* we remove the notdirty callback only if the code has been
1979 flushed */
a2cd8c85 1980 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 1981 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 1982 }
9fa3e853
FB		 1983}
1984
b018ddf6
PB		 1985static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1986 unsigned size, bool is_write)
1987{
1988 return is_write;
1989}
1990
0e0df1e2 1991static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 1992 .write = notdirty_mem_write,
b018ddf6 1993 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 1994 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 1995};
1996
0f459d16 1997/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 1998static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 1999{
93afeade 2000 CPUState *cpu = current_cpu;
568496c0 2001 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2002 CPUArchState *env = cpu->env_ptr;
06d55cc1 2003 target_ulong pc, cs_base;
0f459d16 2004 target_ulong vaddr;
a1d1bb31 2005 CPUWatchpoint *wp;
89fee74a 2006 uint32_t cpu_flags;
0f459d16 2007
ff4700b0 2008 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2009 /* We re-entered the check after replacing the TB. Now raise
2010 * the debug interrupt so that is will trigger after the
2011 * current instruction. */
93afeade 2012 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2013 return;
2014 }
93afeade 2015 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2016 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2017 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2018 && (wp->flags & flags)) {
08225676
PM		 2019 if (flags == BP_MEM_READ) {
2020 wp->flags |= BP_WATCHPOINT_HIT_READ;
2021 } else {
2022 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2023 }
2024 wp->hitaddr = vaddr;
66b9b43c 2025 wp->hitattrs = attrs;
ff4700b0 2026 if (!cpu->watchpoint_hit) {
568496c0
SF		 2027 if (wp->flags & BP_CPU &&
2028 !cc->debug_check_watchpoint(cpu, wp)) {
2029 wp->flags &= ~BP_WATCHPOINT_HIT;
2030 continue;
2031 }
ff4700b0 2032 cpu->watchpoint_hit = wp;
239c51a5 2033 tb_check_watchpoint(cpu);
6e140f28 2034 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2035 cpu->exception_index = EXCP_DEBUG;
5638d180 2036 cpu_loop_exit(cpu);
6e140f28
AL		 2037 } else {
2038 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2039 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2040 cpu_loop_exit_noexc(cpu);
6e140f28 2041 }
06d55cc1 2042 }
6e140f28
AL		 2043 } else {
2044 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2045 }
2046 }
2047}
2048
6658ffb8
PB		 2049/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2050 so these check for a hit then pass through to the normal out-of-line
2051 phys routines. */
66b9b43c
PM		 2052static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2053 unsigned size, MemTxAttrs attrs)
6658ffb8 2054{
66b9b43c
PM		 2055 MemTxResult res;
2056 uint64_t data;
79ed0416
PM		 2057 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2058 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2059
2060 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2061 switch (size) {
66b9b43c 2062 case 1:
79ed0416 2063 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2064 break;
2065 case 2:
79ed0416 2066 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2067 break;
2068 case 4:
79ed0416 2069 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2070 break;
1ec9b909
AK		 2071 default: abort();
2072 }
66b9b43c
PM		 2073 *pdata = data;
2074 return res;
6658ffb8
PB		 2075}
2076
66b9b43c
PM		 2077static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2078 uint64_t val, unsigned size,
2079 MemTxAttrs attrs)
6658ffb8 2080{
66b9b43c 2081 MemTxResult res;
79ed0416
PM		 2082 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2083 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2084
2085 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2086 switch (size) {
67364150 2087 case 1:
79ed0416 2088 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2089 break;
2090 case 2:
79ed0416 2091 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2092 break;
2093 case 4:
79ed0416 2094 address_space_stl(as, addr, val, attrs, &res);
67364150 2095 break;
1ec9b909
AK		 2096 default: abort();
2097 }
66b9b43c 2098 return res;
6658ffb8
PB		 2099}
2100
1ec9b909 2101static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2102 .read_with_attrs = watch_mem_read,
2103 .write_with_attrs = watch_mem_write,
1ec9b909 2104 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2105};
6658ffb8 2106
f25a49e0
PM		 2107static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2108 unsigned len, MemTxAttrs attrs)
db7b5426 2109{
acc9d80b 2110 subpage_t *subpage = opaque;
ff6cff75 2111 uint8_t buf[8];
5c9eb028 2112 MemTxResult res;
791af8c8 2113
db7b5426 2114#if defined(DEBUG_SUBPAGE)
016e9d62 2115 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2116 subpage, len, addr);
db7b5426 2117#endif
5c9eb028
PM		 2118 res = address_space_read(subpage->as, addr + subpage->base,
2119 attrs, buf, len);
2120 if (res) {
2121 return res;
f25a49e0 2122 }
acc9d80b
JK		 2123 switch (len) {
2124 case 1:
f25a49e0
PM		 2125 *data = ldub_p(buf);
2126 return MEMTX_OK;
acc9d80b 2127 case 2:
f25a49e0
PM		 2128 *data = lduw_p(buf);
2129 return MEMTX_OK;
acc9d80b 2130 case 4:
f25a49e0
PM		 2131 *data = ldl_p(buf);
2132 return MEMTX_OK;
ff6cff75 2133 case 8:
f25a49e0
PM		 2134 *data = ldq_p(buf);
2135 return MEMTX_OK;
acc9d80b
JK		 2136 default:
2137 abort();
2138 }
db7b5426
BS		 2139}
2140
f25a49e0
PM		 2141static MemTxResult subpage_write(void *opaque, hwaddr addr,
2142 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2143{
acc9d80b 2144 subpage_t *subpage = opaque;
ff6cff75 2145 uint8_t buf[8];
acc9d80b 2146
db7b5426 2147#if defined(DEBUG_SUBPAGE)
016e9d62 2148 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2149 " value %"PRIx64"\n",
2150 __func__, subpage, len, addr, value);
db7b5426 2151#endif
acc9d80b
JK		 2152 switch (len) {
2153 case 1:
2154 stb_p(buf, value);
2155 break;
2156 case 2:
2157 stw_p(buf, value);
2158 break;
2159 case 4:
2160 stl_p(buf, value);
2161 break;
ff6cff75
PB		 2162 case 8:
2163 stq_p(buf, value);
2164 break;
acc9d80b
JK		 2165 default:
2166 abort();
2167 }
5c9eb028
PM		 2168 return address_space_write(subpage->as, addr + subpage->base,
2169 attrs, buf, len);
db7b5426
BS		 2170}
2171
c353e4cc 2172static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2173 unsigned len, bool is_write)
c353e4cc 2174{
acc9d80b 2175 subpage_t *subpage = opaque;
c353e4cc 2176#if defined(DEBUG_SUBPAGE)
016e9d62 2177 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2178 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2179#endif
2180
acc9d80b 2181 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2182 len, is_write);
c353e4cc
PB		 2183}
2184
70c68e44 2185static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2186 .read_with_attrs = subpage_read,
2187 .write_with_attrs = subpage_write,
ff6cff75
PB		 2188 .impl.min_access_size = 1,
2189 .impl.max_access_size = 8,
2190 .valid.min_access_size = 1,
2191 .valid.max_access_size = 8,
c353e4cc 2192 .valid.accepts = subpage_accepts,
70c68e44 2193 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2194};
2195
c227f099 2196static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2197 uint16_t section)
db7b5426
BS		 2198{
2199 int idx, eidx;
2200
2201 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2202 return -1;
2203 idx = SUBPAGE_IDX(start);
2204 eidx = SUBPAGE_IDX(end);
2205#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2206 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2207 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2208#endif
db7b5426 2209 for (; idx <= eidx; idx++) {
5312bd8b 2210 mmio->sub_section[idx] = section;
db7b5426
BS		 2211 }
2212
2213 return 0;
2214}
2215
acc9d80b 2216static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2217{
c227f099 2218 subpage_t *mmio;
db7b5426 2219
7267c094 2220 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2221
acc9d80b 2222 mmio->as = as;
1eec614b 2223 mmio->base = base;
2c9b15ca 2224 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2225 NULL, TARGET_PAGE_SIZE);
b3b00c78 2226 mmio->iomem.subpage = true;
db7b5426 2227#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2228 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2229 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2230#endif
b41aac4f 2231 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2232
2233 return mmio;
2234}
2235
a656e22f
PC		 2236static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2237 MemoryRegion *mr)
5312bd8b 2238{
a656e22f 2239 assert(as);
5312bd8b 2240 MemoryRegionSection section = {
a656e22f 2241 .address_space = as,
5312bd8b
AK		 2242 .mr = mr,
2243 .offset_within_address_space = 0,
2244 .offset_within_region = 0,
052e87b0 2245 .size = int128_2_64(),
5312bd8b
AK		 2246 };
2247
53cb28cb 2248 return phys_section_add(map, &section);
5312bd8b
AK		 2249}
2250
a54c87b6 2251MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2252{
a54c87b6
PM		 2253 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2254 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2255 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2256 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2257
2258 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2259}
2260
e9179ce1
AK		 2261static void io_mem_init(void)
2262{
1f6245e5 2263 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2264 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2265 NULL, UINT64_MAX);
2c9b15ca 2266 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2267 NULL, UINT64_MAX);
2c9b15ca 2268 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2269 NULL, UINT64_MAX);
e9179ce1
AK		 2270}
2271
ac1970fb 2272static void mem_begin(MemoryListener *listener)
00752703
PB		 2273{
2274 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2275 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2276 uint16_t n;
2277
a656e22f 2278 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2279 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2280 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2281 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2282 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2283 assert(n == PHYS_SECTION_ROM);
a656e22f 2284 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2285 assert(n == PHYS_SECTION_WATCH);
00752703 2286
9736e55b 2287 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2288 d->as = as;
2289 as->next_dispatch = d;
2290}
2291
79e2b9ae
PB		 2292static void address_space_dispatch_free(AddressSpaceDispatch *d)
2293{
2294 phys_sections_free(&d->map);
2295 g_free(d);
2296}
2297
00752703 2298static void mem_commit(MemoryListener *listener)
ac1970fb 2299{
89ae337a 2300 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2301 AddressSpaceDispatch *cur = as->dispatch;
2302 AddressSpaceDispatch *next = as->next_dispatch;
2303
53cb28cb 2304 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2305
79e2b9ae 2306 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2307 if (cur) {
79e2b9ae 2308 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2309 }
9affd6fc
PB		 2310}
2311
1d71148e 2312static void tcg_commit(MemoryListener *listener)
50c1e149 2313{
32857f4d
PM		 2314 CPUAddressSpace *cpuas;
2315 AddressSpaceDispatch *d;
117712c3
AK		 2316
2317 /* since each CPU stores ram addresses in its TLB cache, we must
2318 reset the modified entries */
32857f4d
PM		 2319 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2320 cpu_reloading_memory_map();
2321 /* The CPU and TLB are protected by the iothread lock.
2322 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2323 * may have split the RCU critical section.
2324 */
2325 d = atomic_rcu_read(&cpuas->as->dispatch);
2326 cpuas->memory_dispatch = d;
2327 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2328}
2329
ac1970fb
AK		 2330void address_space_init_dispatch(AddressSpace *as)
2331{
00752703 2332 as->dispatch = NULL;
89ae337a 2333 as->dispatch_listener = (MemoryListener) {
ac1970fb 2334 .begin = mem_begin,
00752703 2335 .commit = mem_commit,
ac1970fb
AK		 2336 .region_add = mem_add,
2337 .region_nop = mem_add,
2338 .priority = 0,
2339 };
89ae337a 2340 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2341}
2342
6e48e8f9
PB		 2343void address_space_unregister(AddressSpace *as)
2344{
2345 memory_listener_unregister(&as->dispatch_listener);
2346}
2347
83f3c251
AK		 2348void address_space_destroy_dispatch(AddressSpace *as)
2349{
2350 AddressSpaceDispatch *d = as->dispatch;
2351
79e2b9ae
PB		 2352 atomic_rcu_set(&as->dispatch, NULL);
2353 if (d) {
2354 call_rcu(d, address_space_dispatch_free, rcu);
2355 }
83f3c251
AK		 2356}
2357
62152b8a
AK		 2358static void memory_map_init(void)
2359{
7267c094 2360 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2361
57271d63 2362 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2363 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2364
7267c094 2365 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2366 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2367 65536);
7dca8043 2368 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2369}
2370
2371MemoryRegion *get_system_memory(void)
2372{
2373 return system_memory;
2374}
2375
309cb471
AK		 2376MemoryRegion *get_system_io(void)
2377{
2378 return system_io;
2379}
2380
e2eef170
PB		 2381#endif /* !defined(CONFIG_USER_ONLY) */
2382
13eb76e0
FB		 2383/* physical memory access (slow version, mainly for debug) */
2384#if defined(CONFIG_USER_ONLY)
f17ec444 2385int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2386 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2387{
2388 int l, flags;
2389 target_ulong page;
53a5960a 2390 void * p;
13eb76e0
FB		 2391
2392 while (len > 0) {
2393 page = addr & TARGET_PAGE_MASK;
2394 l = (page + TARGET_PAGE_SIZE) - addr;
2395 if (l > len)
2396 l = len;
2397 flags = page_get_flags(page);
2398 if (!(flags & PAGE_VALID))
a68fe89c 2399 return -1;
13eb76e0
FB		 2400 if (is_write) {
2401 if (!(flags & PAGE_WRITE))
a68fe89c 2402 return -1;
579a97f7 2403 /* XXX: this code should not depend on lock_user */
72fb7daa 2404 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2405 return -1;
72fb7daa
AJ		 2406 memcpy(p, buf, l);
2407 unlock_user(p, addr, l);
13eb76e0
FB		 2408 } else {
2409 if (!(flags & PAGE_READ))
a68fe89c 2410 return -1;
579a97f7 2411 /* XXX: this code should not depend on lock_user */
72fb7daa 2412 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2413 return -1;
72fb7daa 2414 memcpy(buf, p, l);
5b257578 2415 unlock_user(p, addr, 0);
13eb76e0
FB		 2416 }
2417 len -= l;
2418 buf += l;
2419 addr += l;
2420 }
a68fe89c 2421 return 0;
13eb76e0 2422}
8df1cd07 2423
13eb76e0 2424#else
51d7a9eb 2425
845b6214 2426static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2427 hwaddr length)
51d7a9eb 2428{
e87f7778 2429 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2430 addr += memory_region_get_ram_addr(mr);
2431
e87f7778
PB		 2432 /* No early return if dirty_log_mask is or becomes 0, because
2433 * cpu_physical_memory_set_dirty_range will still call
2434 * xen_modified_memory.
2435 */
2436 if (dirty_log_mask) {
2437 dirty_log_mask =
2438 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2439 }
2440 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2441 tb_invalidate_phys_range(addr, addr + length);
2442 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2443 }
e87f7778 2444 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2445}
2446
23326164 2447static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2448{
e1622f4b 2449 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2450
2451 /* Regions are assumed to support 1-4 byte accesses unless
2452 otherwise specified. */
23326164
RH		 2453 if (access_size_max == 0) {
2454 access_size_max = 4;
2455 }
2456
2457 /* Bound the maximum access by the alignment of the address. */
2458 if (!mr->ops->impl.unaligned) {
2459 unsigned align_size_max = addr & -addr;
2460 if (align_size_max != 0 && align_size_max < access_size_max) {
2461 access_size_max = align_size_max;
2462 }
82f2563f 2463 }
23326164
RH		 2464
2465 /* Don't attempt accesses larger than the maximum. */
2466 if (l > access_size_max) {
2467 l = access_size_max;
82f2563f 2468 }
6554f5c0 2469 l = pow2floor(l);
23326164
RH		 2470
2471 return l;
82f2563f
PB		 2472}
2473
4840f10e 2474static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2475{
4840f10e
JK		 2476 bool unlocked = !qemu_mutex_iothread_locked();
2477 bool release_lock = false;
2478
2479 if (unlocked && mr->global_locking) {
2480 qemu_mutex_lock_iothread();
2481 unlocked = false;
2482 release_lock = true;
2483 }
125b3806 2484 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2485 if (unlocked) {
2486 qemu_mutex_lock_iothread();
2487 }
125b3806 2488 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2489 if (unlocked) {
2490 qemu_mutex_unlock_iothread();
2491 }
125b3806 2492 }
4840f10e
JK		 2493
2494 return release_lock;
125b3806
PB		 2495}
2496
a203ac70
PB		 2497/* Called within RCU critical section. */
2498static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2499 MemTxAttrs attrs,
2500 const uint8_t *buf,
2501 int len, hwaddr addr1,
2502 hwaddr l, MemoryRegion *mr)
13eb76e0 2503{
13eb76e0 2504 uint8_t *ptr;
791af8c8 2505 uint64_t val;
3b643495 2506 MemTxResult result = MEMTX_OK;
4840f10e 2507 bool release_lock = false;
3b46e624 2508
a203ac70 2509 for (;;) {
eb7eeb88
PB		 2510 if (!memory_access_is_direct(mr, true)) {
2511 release_lock |= prepare_mmio_access(mr);
2512 l = memory_access_size(mr, l, addr1);
2513 /* XXX: could force current_cpu to NULL to avoid
2514 potential bugs */
2515 switch (l) {
2516 case 8:
2517 /* 64 bit write access */
2518 val = ldq_p(buf);
2519 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2520 attrs);
2521 break;
2522 case 4:
2523 /* 32 bit write access */
2524 val = ldl_p(buf);
2525 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2526 attrs);
2527 break;
2528 case 2:
2529 /* 16 bit write access */
2530 val = lduw_p(buf);
2531 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2532 attrs);
2533 break;
2534 case 1:
2535 /* 8 bit write access */
2536 val = ldub_p(buf);
2537 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2538 attrs);
2539 break;
2540 default:
2541 abort();
13eb76e0
FB		 2542 }
2543 } else {
eb7eeb88 2544 /* RAM case */
0878d0e1 2545 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2546 memcpy(ptr, buf, l);
2547 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2548 }
4840f10e
JK		 2549
2550 if (release_lock) {
2551 qemu_mutex_unlock_iothread();
2552 release_lock = false;
2553 }
2554
13eb76e0
FB		 2555 len -= l;
2556 buf += l;
2557 addr += l;
a203ac70
PB		 2558
2559 if (!len) {
2560 break;
2561 }
2562
2563 l = len;
2564 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2565 }
fd8aaa76 2566
3b643495 2567 return result;
13eb76e0 2568}
8df1cd07 2569
a203ac70
PB		 2570MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2571 const uint8_t *buf, int len)
ac1970fb 2572{
eb7eeb88 2573 hwaddr l;
eb7eeb88
PB		 2574 hwaddr addr1;
2575 MemoryRegion *mr;
2576 MemTxResult result = MEMTX_OK;
eb7eeb88 2577
a203ac70
PB		 2578 if (len > 0) {
2579 rcu_read_lock();
eb7eeb88 2580 l = len;
a203ac70
PB		 2581 mr = address_space_translate(as, addr, &addr1, &l, true);
2582 result = address_space_write_continue(as, addr, attrs, buf, len,
2583 addr1, l, mr);
2584 rcu_read_unlock();
2585 }
2586
2587 return result;
2588}
2589
2590/* Called within RCU critical section. */
2591MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2592 MemTxAttrs attrs, uint8_t *buf,
2593 int len, hwaddr addr1, hwaddr l,
2594 MemoryRegion *mr)
2595{
2596 uint8_t *ptr;
2597 uint64_t val;
2598 MemTxResult result = MEMTX_OK;
2599 bool release_lock = false;
eb7eeb88 2600
a203ac70 2601 for (;;) {
eb7eeb88
PB		 2602 if (!memory_access_is_direct(mr, false)) {
2603 /* I/O case */
2604 release_lock |= prepare_mmio_access(mr);
2605 l = memory_access_size(mr, l, addr1);
2606 switch (l) {
2607 case 8:
2608 /* 64 bit read access */
2609 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2610 attrs);
2611 stq_p(buf, val);
2612 break;
2613 case 4:
2614 /* 32 bit read access */
2615 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2616 attrs);
2617 stl_p(buf, val);
2618 break;
2619 case 2:
2620 /* 16 bit read access */
2621 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2622 attrs);
2623 stw_p(buf, val);
2624 break;
2625 case 1:
2626 /* 8 bit read access */
2627 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2628 attrs);
2629 stb_p(buf, val);
2630 break;
2631 default:
2632 abort();
2633 }
2634 } else {
2635 /* RAM case */
0878d0e1 2636 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2637 memcpy(buf, ptr, l);
2638 }
2639
2640 if (release_lock) {
2641 qemu_mutex_unlock_iothread();
2642 release_lock = false;
2643 }
2644
2645 len -= l;
2646 buf += l;
2647 addr += l;
a203ac70
PB		 2648
2649 if (!len) {
2650 break;
2651 }
2652
2653 l = len;
2654 mr = address_space_translate(as, addr, &addr1, &l, false);
2655 }
2656
2657 return result;
2658}
2659
3cc8f884
PB		 2660MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2661 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2662{
2663 hwaddr l;
2664 hwaddr addr1;
2665 MemoryRegion *mr;
2666 MemTxResult result = MEMTX_OK;
2667
2668 if (len > 0) {
2669 rcu_read_lock();
2670 l = len;
2671 mr = address_space_translate(as, addr, &addr1, &l, false);
2672 result = address_space_read_continue(as, addr, attrs, buf, len,
2673 addr1, l, mr);
2674 rcu_read_unlock();
eb7eeb88 2675 }
eb7eeb88
PB		 2676
2677 return result;
ac1970fb
AK		 2678}
2679
eb7eeb88
PB		 2680MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2681 uint8_t *buf, int len, bool is_write)
2682{
2683 if (is_write) {
2684 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2685 } else {
2686 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2687 }
2688}
ac1970fb 2689
a8170e5e 2690void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2691 int len, int is_write)
2692{
5c9eb028
PM		 2693 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2694 buf, len, is_write);
ac1970fb
AK		 2695}
2696
582b55a9
AG		 2697enum write_rom_type {
2698 WRITE_DATA,
2699 FLUSH_CACHE,
2700};
2701
2a221651 2702static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2703 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2704{
149f54b5 2705 hwaddr l;
d0ecd2aa 2706 uint8_t *ptr;
149f54b5 2707 hwaddr addr1;
5c8a00ce 2708 MemoryRegion *mr;
3b46e624 2709
41063e1e 2710 rcu_read_lock();
d0ecd2aa 2711 while (len > 0) {
149f54b5 2712 l = len;
2a221651 2713 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2714
5c8a00ce
PB		 2715 if (!(memory_region_is_ram(mr) ||
2716 memory_region_is_romd(mr))) {
b242e0e0 2717 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2718 } else {
d0ecd2aa 2719 /* ROM/RAM case */
0878d0e1 2720 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2721 switch (type) {
2722 case WRITE_DATA:
2723 memcpy(ptr, buf, l);
845b6214 2724 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2725 break;
2726 case FLUSH_CACHE:
2727 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2728 break;
2729 }
d0ecd2aa
FB		 2730 }
2731 len -= l;
2732 buf += l;
2733 addr += l;
2734 }
41063e1e 2735 rcu_read_unlock();
d0ecd2aa
FB		 2736}
2737
582b55a9 2738/* used for ROM loading : can write in RAM and ROM */
2a221651 2739void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2740 const uint8_t *buf, int len)
2741{
2a221651 2742 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2743}
2744
2745void cpu_flush_icache_range(hwaddr start, int len)
2746{
2747 /*
2748 * This function should do the same thing as an icache flush that was
2749 * triggered from within the guest. For TCG we are always cache coherent,
2750 * so there is no need to flush anything. For KVM / Xen we need to flush
2751 * the host's instruction cache at least.
2752 */
2753 if (tcg_enabled()) {
2754 return;
2755 }
2756
2a221651
EI		 2757 cpu_physical_memory_write_rom_internal(&address_space_memory,
2758 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2759}
2760
6d16c2f8 2761typedef struct {
d3e71559 2762 MemoryRegion *mr;
6d16c2f8 2763 void *buffer;
a8170e5e
AK		 2764 hwaddr addr;
2765 hwaddr len;
c2cba0ff 2766 bool in_use;
6d16c2f8
AL		 2767} BounceBuffer;
2768
2769static BounceBuffer bounce;
2770
ba223c29 2771typedef struct MapClient {
e95205e1 2772 QEMUBH *bh;
72cf2d4f 2773 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2774} MapClient;
2775
38e047b5 2776QemuMutex map_client_list_lock;
72cf2d4f
BS		 2777static QLIST_HEAD(map_client_list, MapClient) map_client_list
2778 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2779
e95205e1
FZ		 2780static void cpu_unregister_map_client_do(MapClient *client)
2781{
2782 QLIST_REMOVE(client, link);
2783 g_free(client);
2784}
2785
33b6c2ed
FZ		 2786static void cpu_notify_map_clients_locked(void)
2787{
2788 MapClient *client;
2789
2790 while (!QLIST_EMPTY(&map_client_list)) {
2791 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2792 qemu_bh_schedule(client->bh);
2793 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2794 }
2795}
2796
e95205e1 2797void cpu_register_map_client(QEMUBH *bh)
ba223c29 2798{
7267c094 2799 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2800
38e047b5 2801 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2802 client->bh = bh;
72cf2d4f 2803 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2804 if (!atomic_read(&bounce.in_use)) {
2805 cpu_notify_map_clients_locked();
2806 }
38e047b5 2807 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2808}
2809
38e047b5 2810void cpu_exec_init_all(void)
ba223c29 2811{
38e047b5 2812 qemu_mutex_init(&ram_list.mutex);
38e047b5 2813 io_mem_init();
680a4783 2814 memory_map_init();
38e047b5 2815 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2816}
2817
e95205e1 2818void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2819{
2820 MapClient *client;
2821
e95205e1
FZ		 2822 qemu_mutex_lock(&map_client_list_lock);
2823 QLIST_FOREACH(client, &map_client_list, link) {
2824 if (client->bh == bh) {
2825 cpu_unregister_map_client_do(client);
2826 break;
2827 }
ba223c29 2828 }
e95205e1 2829 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2830}
2831
2832static void cpu_notify_map_clients(void)
2833{
38e047b5 2834 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2835 cpu_notify_map_clients_locked();
38e047b5 2836 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2837}
2838
51644ab7
PB		 2839bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2840{
5c8a00ce 2841 MemoryRegion *mr;
51644ab7
PB		 2842 hwaddr l, xlat;
2843
41063e1e 2844 rcu_read_lock();
51644ab7
PB		 2845 while (len > 0) {
2846 l = len;
5c8a00ce
PB		 2847 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2848 if (!memory_access_is_direct(mr, is_write)) {
2849 l = memory_access_size(mr, l, addr);
2850 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2851 return false;
2852 }
2853 }
2854
2855 len -= l;
2856 addr += l;
2857 }
41063e1e 2858 rcu_read_unlock();
51644ab7
PB		 2859 return true;
2860}
2861
6d16c2f8
AL		 2862/* Map a physical memory region into a host virtual address.
2863 * May map a subset of the requested range, given by and returned in *plen.
2864 * May return NULL if resources needed to perform the mapping are exhausted.
2865 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2866 * Use cpu_register_map_client() to know when retrying the map operation is
2867 * likely to succeed.
6d16c2f8 2868 */
ac1970fb 2869void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2870 hwaddr addr,
2871 hwaddr *plen,
ac1970fb 2872 bool is_write)
6d16c2f8 2873{
a8170e5e 2874 hwaddr len = *plen;
e3127ae0
PB		 2875 hwaddr done = 0;
2876 hwaddr l, xlat, base;
2877 MemoryRegion *mr, *this_mr;
e81bcda5 2878 void *ptr;
6d16c2f8 2879
e3127ae0
PB		 2880 if (len == 0) {
2881 return NULL;
2882 }
38bee5dc 2883
e3127ae0 2884 l = len;
41063e1e 2885 rcu_read_lock();
e3127ae0 2886 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2887
e3127ae0 2888 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2889 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2890 rcu_read_unlock();
e3127ae0 2891 return NULL;
6d16c2f8 2892 }
e85d9db5
KW		 2893 /* Avoid unbounded allocations */
2894 l = MIN(l, TARGET_PAGE_SIZE);
2895 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2896 bounce.addr = addr;
2897 bounce.len = l;
d3e71559
PB		 2898
2899 memory_region_ref(mr);
2900 bounce.mr = mr;
e3127ae0 2901 if (!is_write) {
5c9eb028
PM		 2902 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2903 bounce.buffer, l);
8ab934f9 2904 }
6d16c2f8 2905
41063e1e 2906 rcu_read_unlock();
e3127ae0
PB		 2907 *plen = l;
2908 return bounce.buffer;
2909 }
2910
2911 base = xlat;
e3127ae0
PB		 2912
2913 for (;;) {
6d16c2f8
AL		 2914 len -= l;
2915 addr += l;
e3127ae0
PB		 2916 done += l;
2917 if (len == 0) {
2918 break;
2919 }
2920
2921 l = len;
2922 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2923 if (this_mr != mr || xlat != base + done) {
2924 break;
2925 }
6d16c2f8 2926 }
e3127ae0 2927
d3e71559 2928 memory_region_ref(mr);
e3127ae0 2929 *plen = done;
0878d0e1 2930 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2931 rcu_read_unlock();
2932
2933 return ptr;
6d16c2f8
AL		 2934}
2935
ac1970fb 2936/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2937 * Will also mark the memory as dirty if is_write == 1. access_len gives
2938 * the amount of memory that was actually read or written by the caller.
2939 */
a8170e5e
AK		 2940void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2941 int is_write, hwaddr access_len)
6d16c2f8
AL		 2942{
2943 if (buffer != bounce.buffer) {
d3e71559
PB		 2944 MemoryRegion *mr;
2945 ram_addr_t addr1;
2946
07bdaa41 2947 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2948 assert(mr != NULL);
6d16c2f8 2949 if (is_write) {
845b6214 2950 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2951 }
868bb33f 2952 if (xen_enabled()) {
e41d7c69 2953 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2954 }
d3e71559 2955 memory_region_unref(mr);
6d16c2f8
AL		 2956 return;
2957 }
2958 if (is_write) {
5c9eb028
PM		 2959 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2960 bounce.buffer, access_len);
6d16c2f8 2961 }
f8a83245 2962 qemu_vfree(bounce.buffer);
6d16c2f8 2963 bounce.buffer = NULL;
d3e71559 2964 memory_region_unref(bounce.mr);
c2cba0ff 2965 atomic_mb_set(&bounce.in_use, false);
ba223c29 2966 cpu_notify_map_clients();
6d16c2f8 2967}
d0ecd2aa 2968
a8170e5e
AK		 2969void *cpu_physical_memory_map(hwaddr addr,
2970 hwaddr *plen,
ac1970fb
AK		 2971 int is_write)
2972{
2973 return address_space_map(&address_space_memory, addr, plen, is_write);
2974}
2975
a8170e5e
AK		 2976void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2977 int is_write, hwaddr access_len)
ac1970fb
AK		 2978{
2979 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2980}
2981
8df1cd07 2982/* warning: addr must be aligned */
50013115
PM		 2983static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs,
2985 MemTxResult *result,
2986 enum device_endian endian)
8df1cd07 2987{
8df1cd07 2988 uint8_t *ptr;
791af8c8 2989 uint64_t val;
5c8a00ce 2990 MemoryRegion *mr;
149f54b5
PB		 2991 hwaddr l = 4;
2992 hwaddr addr1;
50013115 2993 MemTxResult r;
4840f10e 2994 bool release_lock = false;
8df1cd07 2995
41063e1e 2996 rcu_read_lock();
fdfba1a2 2997 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 2998 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 2999 release_lock |= prepare_mmio_access(mr);
125b3806 3000
8df1cd07 3001 /* I/O case */
50013115 3002 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3003#if defined(TARGET_WORDS_BIGENDIAN)
3004 if (endian == DEVICE_LITTLE_ENDIAN) {
3005 val = bswap32(val);
3006 }
3007#else
3008 if (endian == DEVICE_BIG_ENDIAN) {
3009 val = bswap32(val);
3010 }
3011#endif
8df1cd07
FB		 3012 } else {
3013 /* RAM case */
0878d0e1 3014 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3015 switch (endian) {
3016 case DEVICE_LITTLE_ENDIAN:
3017 val = ldl_le_p(ptr);
3018 break;
3019 case DEVICE_BIG_ENDIAN:
3020 val = ldl_be_p(ptr);
3021 break;
3022 default:
3023 val = ldl_p(ptr);
3024 break;
3025 }
50013115
PM		 3026 r = MEMTX_OK;
3027 }
3028 if (result) {
3029 *result = r;
8df1cd07 3030 }
4840f10e
JK		 3031 if (release_lock) {
3032 qemu_mutex_unlock_iothread();
3033 }
41063e1e 3034 rcu_read_unlock();
8df1cd07
FB		 3035 return val;
3036}
3037
50013115
PM		 3038uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3039 MemTxAttrs attrs, MemTxResult *result)
3040{
3041 return address_space_ldl_internal(as, addr, attrs, result,
3042 DEVICE_NATIVE_ENDIAN);
3043}
3044
3045uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3046 MemTxAttrs attrs, MemTxResult *result)
3047{
3048 return address_space_ldl_internal(as, addr, attrs, result,
3049 DEVICE_LITTLE_ENDIAN);
3050}
3051
3052uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3053 MemTxAttrs attrs, MemTxResult *result)
3054{
3055 return address_space_ldl_internal(as, addr, attrs, result,
3056 DEVICE_BIG_ENDIAN);
3057}
3058
fdfba1a2 3059uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3060{
50013115 3061 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3062}
3063
fdfba1a2 3064uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3065{
50013115 3066 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3067}
3068
fdfba1a2 3069uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3070{
50013115 3071 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3072}
3073
84b7b8e7 3074/* warning: addr must be aligned */
50013115
PM		 3075static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3076 MemTxAttrs attrs,
3077 MemTxResult *result,
3078 enum device_endian endian)
84b7b8e7 3079{
84b7b8e7
FB		 3080 uint8_t *ptr;
3081 uint64_t val;
5c8a00ce 3082 MemoryRegion *mr;
149f54b5
PB		 3083 hwaddr l = 8;
3084 hwaddr addr1;
50013115 3085 MemTxResult r;
4840f10e 3086 bool release_lock = false;
84b7b8e7 3087
41063e1e 3088 rcu_read_lock();
2c17449b 3089 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3090 false);
3091 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3092 release_lock |= prepare_mmio_access(mr);
125b3806 3093
84b7b8e7 3094 /* I/O case */
50013115 3095 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3096#if defined(TARGET_WORDS_BIGENDIAN)
3097 if (endian == DEVICE_LITTLE_ENDIAN) {
3098 val = bswap64(val);
3099 }
3100#else
3101 if (endian == DEVICE_BIG_ENDIAN) {
3102 val = bswap64(val);
3103 }
84b7b8e7
FB		 3104#endif
3105 } else {
3106 /* RAM case */
0878d0e1 3107 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3108 switch (endian) {
3109 case DEVICE_LITTLE_ENDIAN:
3110 val = ldq_le_p(ptr);
3111 break;
3112 case DEVICE_BIG_ENDIAN:
3113 val = ldq_be_p(ptr);
3114 break;
3115 default:
3116 val = ldq_p(ptr);
3117 break;
3118 }
50013115
PM		 3119 r = MEMTX_OK;
3120 }
3121 if (result) {
3122 *result = r;
84b7b8e7 3123 }
4840f10e
JK		 3124 if (release_lock) {
3125 qemu_mutex_unlock_iothread();
3126 }
41063e1e 3127 rcu_read_unlock();
84b7b8e7
FB		 3128 return val;
3129}
3130
50013115
PM		 3131uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3132 MemTxAttrs attrs, MemTxResult *result)
3133{
3134 return address_space_ldq_internal(as, addr, attrs, result,
3135 DEVICE_NATIVE_ENDIAN);
3136}
3137
3138uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3139 MemTxAttrs attrs, MemTxResult *result)
3140{
3141 return address_space_ldq_internal(as, addr, attrs, result,
3142 DEVICE_LITTLE_ENDIAN);
3143}
3144
3145uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs, MemTxResult *result)
3147{
3148 return address_space_ldq_internal(as, addr, attrs, result,
3149 DEVICE_BIG_ENDIAN);
3150}
3151
2c17449b 3152uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3153{
50013115 3154 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3155}
3156
2c17449b 3157uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3158{
50013115 3159 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3160}
3161
2c17449b 3162uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3163{
50013115 3164 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3165}
3166
aab33094 3167/* XXX: optimize */
50013115
PM		 3168uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3169 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3170{
3171 uint8_t val;
50013115
PM		 3172 MemTxResult r;
3173
3174 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3175 if (result) {
3176 *result = r;
3177 }
aab33094
FB		 3178 return val;
3179}
3180
50013115
PM		 3181uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3182{
3183 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3184}
3185
733f0b02 3186/* warning: addr must be aligned */
50013115
PM		 3187static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3188 hwaddr addr,
3189 MemTxAttrs attrs,
3190 MemTxResult *result,
3191 enum device_endian endian)
aab33094 3192{
733f0b02
MT		 3193 uint8_t *ptr;
3194 uint64_t val;
5c8a00ce 3195 MemoryRegion *mr;
149f54b5
PB		 3196 hwaddr l = 2;
3197 hwaddr addr1;
50013115 3198 MemTxResult r;
4840f10e 3199 bool release_lock = false;
733f0b02 3200
41063e1e 3201 rcu_read_lock();
41701aa4 3202 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3203 false);
3204 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3205 release_lock |= prepare_mmio_access(mr);
125b3806 3206
733f0b02 3207 /* I/O case */
50013115 3208 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3209#if defined(TARGET_WORDS_BIGENDIAN)
3210 if (endian == DEVICE_LITTLE_ENDIAN) {
3211 val = bswap16(val);
3212 }
3213#else
3214 if (endian == DEVICE_BIG_ENDIAN) {
3215 val = bswap16(val);
3216 }
3217#endif
733f0b02
MT		 3218 } else {
3219 /* RAM case */
0878d0e1 3220 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3221 switch (endian) {
3222 case DEVICE_LITTLE_ENDIAN:
3223 val = lduw_le_p(ptr);
3224 break;
3225 case DEVICE_BIG_ENDIAN:
3226 val = lduw_be_p(ptr);
3227 break;
3228 default:
3229 val = lduw_p(ptr);
3230 break;
3231 }
50013115
PM		 3232 r = MEMTX_OK;
3233 }
3234 if (result) {
3235 *result = r;
733f0b02 3236 }
4840f10e
JK		 3237 if (release_lock) {
3238 qemu_mutex_unlock_iothread();
3239 }
41063e1e 3240 rcu_read_unlock();
733f0b02 3241 return val;
aab33094
FB		 3242}
3243
50013115
PM		 3244uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3245 MemTxAttrs attrs, MemTxResult *result)
3246{
3247 return address_space_lduw_internal(as, addr, attrs, result,
3248 DEVICE_NATIVE_ENDIAN);
3249}
3250
3251uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3252 MemTxAttrs attrs, MemTxResult *result)
3253{
3254 return address_space_lduw_internal(as, addr, attrs, result,
3255 DEVICE_LITTLE_ENDIAN);
3256}
3257
3258uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3259 MemTxAttrs attrs, MemTxResult *result)
3260{
3261 return address_space_lduw_internal(as, addr, attrs, result,
3262 DEVICE_BIG_ENDIAN);
3263}
3264
41701aa4 3265uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3266{
50013115 3267 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3268}
3269
41701aa4 3270uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3271{
50013115 3272 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3273}
3274
41701aa4 3275uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3276{
50013115 3277 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3278}
3279
8df1cd07
FB		 3280/* warning: addr must be aligned. The ram page is not masked as dirty
3281 and the code inside is not invalidated. It is useful if the dirty
3282 bits are used to track modified PTEs */
50013115
PM		 3283void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3284 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3285{
8df1cd07 3286 uint8_t *ptr;
5c8a00ce 3287 MemoryRegion *mr;
149f54b5
PB		 3288 hwaddr l = 4;
3289 hwaddr addr1;
50013115 3290 MemTxResult r;
845b6214 3291 uint8_t dirty_log_mask;
4840f10e 3292 bool release_lock = false;
8df1cd07 3293
41063e1e 3294 rcu_read_lock();
2198a121 3295 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3296 true);
3297 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3298 release_lock |= prepare_mmio_access(mr);
125b3806 3299
50013115 3300 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3301 } else {
0878d0e1 3302 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3303 stl_p(ptr, val);
74576198 3304
845b6214
PB		 3305 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3306 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3307 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3308 4, dirty_log_mask);
50013115
PM		 3309 r = MEMTX_OK;
3310 }
3311 if (result) {
3312 *result = r;
8df1cd07 3313 }
4840f10e
JK		 3314 if (release_lock) {
3315 qemu_mutex_unlock_iothread();
3316 }
41063e1e 3317 rcu_read_unlock();
8df1cd07
FB		 3318}
3319
50013115
PM		 3320void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3321{
3322 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3323}
3324
8df1cd07 3325/* warning: addr must be aligned */
50013115
PM		 3326static inline void address_space_stl_internal(AddressSpace *as,
3327 hwaddr addr, uint32_t val,
3328 MemTxAttrs attrs,
3329 MemTxResult *result,
3330 enum device_endian endian)
8df1cd07 3331{
8df1cd07 3332 uint8_t *ptr;
5c8a00ce 3333 MemoryRegion *mr;
149f54b5
PB		 3334 hwaddr l = 4;
3335 hwaddr addr1;
50013115 3336 MemTxResult r;
4840f10e 3337 bool release_lock = false;
8df1cd07 3338
41063e1e 3339 rcu_read_lock();
ab1da857 3340 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3341 true);
3342 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3343 release_lock |= prepare_mmio_access(mr);
125b3806 3344
1e78bcc1
AG		 3345#if defined(TARGET_WORDS_BIGENDIAN)
3346 if (endian == DEVICE_LITTLE_ENDIAN) {
3347 val = bswap32(val);
3348 }
3349#else
3350 if (endian == DEVICE_BIG_ENDIAN) {
3351 val = bswap32(val);
3352 }
3353#endif
50013115 3354 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3355 } else {
8df1cd07 3356 /* RAM case */
0878d0e1 3357 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3358 switch (endian) {
3359 case DEVICE_LITTLE_ENDIAN:
3360 stl_le_p(ptr, val);
3361 break;
3362 case DEVICE_BIG_ENDIAN:
3363 stl_be_p(ptr, val);
3364 break;
3365 default:
3366 stl_p(ptr, val);
3367 break;
3368 }
845b6214 3369 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3370 r = MEMTX_OK;
3371 }
3372 if (result) {
3373 *result = r;
8df1cd07 3374 }
4840f10e
JK		 3375 if (release_lock) {
3376 qemu_mutex_unlock_iothread();
3377 }
41063e1e 3378 rcu_read_unlock();
8df1cd07
FB		 3379}
3380
50013115
PM		 3381void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3382 MemTxAttrs attrs, MemTxResult *result)
3383{
3384 address_space_stl_internal(as, addr, val, attrs, result,
3385 DEVICE_NATIVE_ENDIAN);
3386}
3387
3388void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3389 MemTxAttrs attrs, MemTxResult *result)
3390{
3391 address_space_stl_internal(as, addr, val, attrs, result,
3392 DEVICE_LITTLE_ENDIAN);
3393}
3394
3395void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3397{
3398 address_space_stl_internal(as, addr, val, attrs, result,
3399 DEVICE_BIG_ENDIAN);
3400}
3401
ab1da857 3402void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3403{
50013115 3404 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3405}
3406
ab1da857 3407void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3408{
50013115 3409 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3410}
3411
ab1da857 3412void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3413{
50013115 3414 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3415}
3416
aab33094 3417/* XXX: optimize */
50013115
PM		 3418void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3419 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3420{
3421 uint8_t v = val;
50013115
PM		 3422 MemTxResult r;
3423
3424 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3425 if (result) {
3426 *result = r;
3427 }
3428}
3429
3430void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3431{
3432 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3433}
3434
733f0b02 3435/* warning: addr must be aligned */
50013115
PM		 3436static inline void address_space_stw_internal(AddressSpace *as,
3437 hwaddr addr, uint32_t val,
3438 MemTxAttrs attrs,
3439 MemTxResult *result,
3440 enum device_endian endian)
aab33094 3441{
733f0b02 3442 uint8_t *ptr;
5c8a00ce 3443 MemoryRegion *mr;
149f54b5
PB		 3444 hwaddr l = 2;
3445 hwaddr addr1;
50013115 3446 MemTxResult r;
4840f10e 3447 bool release_lock = false;
733f0b02 3448
41063e1e 3449 rcu_read_lock();
5ce5944d 3450 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3451 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3452 release_lock |= prepare_mmio_access(mr);
125b3806 3453
1e78bcc1
AG		 3454#if defined(TARGET_WORDS_BIGENDIAN)
3455 if (endian == DEVICE_LITTLE_ENDIAN) {
3456 val = bswap16(val);
3457 }
3458#else
3459 if (endian == DEVICE_BIG_ENDIAN) {
3460 val = bswap16(val);
3461 }
3462#endif
50013115 3463 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3464 } else {
733f0b02 3465 /* RAM case */
0878d0e1 3466 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3467 switch (endian) {
3468 case DEVICE_LITTLE_ENDIAN:
3469 stw_le_p(ptr, val);
3470 break;
3471 case DEVICE_BIG_ENDIAN:
3472 stw_be_p(ptr, val);
3473 break;
3474 default:
3475 stw_p(ptr, val);
3476 break;
3477 }
845b6214 3478 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3479 r = MEMTX_OK;
3480 }
3481 if (result) {
3482 *result = r;
733f0b02 3483 }
4840f10e
JK		 3484 if (release_lock) {
3485 qemu_mutex_unlock_iothread();
3486 }
41063e1e 3487 rcu_read_unlock();
aab33094
FB		 3488}
3489
50013115
PM		 3490void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3491 MemTxAttrs attrs, MemTxResult *result)
3492{
3493 address_space_stw_internal(as, addr, val, attrs, result,
3494 DEVICE_NATIVE_ENDIAN);
3495}
3496
3497void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3498 MemTxAttrs attrs, MemTxResult *result)
3499{
3500 address_space_stw_internal(as, addr, val, attrs, result,
3501 DEVICE_LITTLE_ENDIAN);
3502}
3503
3504void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3505 MemTxAttrs attrs, MemTxResult *result)
3506{
3507 address_space_stw_internal(as, addr, val, attrs, result,
3508 DEVICE_BIG_ENDIAN);
3509}
3510
5ce5944d 3511void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3512{
50013115 3513 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3514}
3515
5ce5944d 3516void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3517{
50013115 3518 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3519}
3520
5ce5944d 3521void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3522{
50013115 3523 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3524}
3525
aab33094 3526/* XXX: optimize */
50013115
PM		 3527void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3528 MemTxAttrs attrs, MemTxResult *result)
aab33094 3529{
50013115 3530 MemTxResult r;
aab33094 3531 val = tswap64(val);
50013115
PM		 3532 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3533 if (result) {
3534 *result = r;
3535 }
aab33094
FB		 3536}
3537
50013115
PM		 3538void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3539 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3540{
50013115 3541 MemTxResult r;
1e78bcc1 3542 val = cpu_to_le64(val);
50013115
PM		 3543 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3544 if (result) {
3545 *result = r;
3546 }
3547}
3548void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3549 MemTxAttrs attrs, MemTxResult *result)
3550{
3551 MemTxResult r;
3552 val = cpu_to_be64(val);
3553 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3554 if (result) {
3555 *result = r;
3556 }
3557}
3558
3559void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3560{
3561 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3562}
3563
3564void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3565{
3566 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3567}
3568
f606604f 3569void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3570{
50013115 3571 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3572}
3573
5e2972fd 3574/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3575int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3576 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3577{
3578 int l;
a8170e5e 3579 hwaddr phys_addr;
9b3c35e0 3580 target_ulong page;
13eb76e0
FB		 3581
3582 while (len > 0) {
5232e4c7
PM		 3583 int asidx;
3584 MemTxAttrs attrs;
3585
13eb76e0 3586 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3587 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3588 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3589 /* if no physical page mapped, return an error */
3590 if (phys_addr == -1)
3591 return -1;
3592 l = (page + TARGET_PAGE_SIZE) - addr;
3593 if (l > len)
3594 l = len;
5e2972fd 3595 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3596 if (is_write) {
5232e4c7
PM		 3597 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3598 phys_addr, buf, l);
2e38847b 3599 } else {
5232e4c7
PM		 3600 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3601 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3602 buf, l, 0);
2e38847b 3603 }
13eb76e0
FB		 3604 len -= l;
3605 buf += l;
3606 addr += l;
3607 }
3608 return 0;
3609}
038629a6
DDAG		 3610
3611/*
3612 * Allows code that needs to deal with migration bitmaps etc to still be built
3613 * target independent.
3614 */
3615size_t qemu_target_page_bits(void)
3616{
3617 return TARGET_PAGE_BITS;
3618}
3619
a68fe89c 3620#endif
13eb76e0 3621
8e4a424b
BS		 3622/*
3623 * A helper function for the _utterly broken_ virtio device model to find out if
3624 * it's running on a big endian machine. Don't do this at home kids!
3625 */
98ed8ecf
GK		 3626bool target_words_bigendian(void);
3627bool target_words_bigendian(void)
8e4a424b
BS		 3628{
3629#if defined(TARGET_WORDS_BIGENDIAN)
3630 return true;
3631#else
3632 return false;
3633#endif
3634}
3635
76f35538 3636#ifndef CONFIG_USER_ONLY
a8170e5e 3637bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3638{
5c8a00ce 3639 MemoryRegion*mr;
149f54b5 3640 hwaddr l = 1;
41063e1e 3641 bool res;
76f35538 3642
41063e1e 3643 rcu_read_lock();
5c8a00ce
PB		 3644 mr = address_space_translate(&address_space_memory,
3645 phys_addr, &phys_addr, &l, false);
76f35538 3646
41063e1e
PB		 3647 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3648 rcu_read_unlock();
3649 return res;
76f35538 3650}
bd2fa51f 3651
e3807054 3652int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3653{
3654 RAMBlock *block;
e3807054 3655 int ret = 0;
bd2fa51f 3656
0dc3f44a
MD		 3657 rcu_read_lock();
3658 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3659 ret = func(block->idstr, block->host, block->offset,
3660 block->used_length, opaque);
3661 if (ret) {
3662 break;
3663 }
bd2fa51f 3664 }
0dc3f44a 3665 rcu_read_unlock();
e3807054 3666 return ret;
bd2fa51f 3667}
ec3f8c99 3668#endif
QEMU mirror