]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: add early bail out from cpu_physical_memory_set_dirty_range
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
777872e5 20#ifndef _WIN32
d5a8f07c
FB		 21#include <sys/mman.h>
22#endif
54936004 23
055403b2 24#include "qemu-common.h"
6180a181 25#include "cpu.h"
b67d9a52 26#include "tcg.h"
b3c7724c 27#include "hw/hw.h"
4485bd26 28#if !defined(CONFIG_USER_ONLY)
47c8ca53 29#include "hw/boards.h"
4485bd26 30#endif
cc9e98cb 31#include "hw/qdev.h"
9c17d615 32#include "sysemu/kvm.h"
2ff3de68 33#include "sysemu/sysemu.h"
0d09e41a 34#include "hw/xen/xen.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
022c62cb 38#include "exec/memory.h"
9c17d615 39#include "sysemu/dma.h"
022c62cb 40#include "exec/address-spaces.h"
53a5960a
PB		 41#if defined(CONFIG_USER_ONLY)
42#include <qemu.h>
432d268c 43#else /* !CONFIG_USER_ONLY */
9c17d615 44#include "sysemu/xen-mapcache.h"
6506e4f9 45#include "trace.h"
53a5960a 46#endif
0d6d3c87 47#include "exec/cpu-all.h"
0dc3f44a 48#include "qemu/rcu_queue.h"
4840f10e 49#include "qemu/main-loop.h"
5b6dd868 50#include "translate-all.h"
7615936e 51#include "sysemu/replay.h"
0cac1b66 52
022c62cb 53#include "exec/memory-internal.h"
220c3ebd 54#include "exec/ram_addr.h"
508127e2 55#include "exec/log.h"
67d95c15 56
b35ba30f 57#include "qemu/range.h"
794e8f30
MT		 58#ifndef _WIN32
59#include "qemu/mmap-alloc.h"
60#endif
b35ba30f 61
db7b5426 62//#define DEBUG_SUBPAGE
1196be37 63
e2eef170 64#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 65/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
0d53d9fe 68RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 69
70static MemoryRegion *system_memory;
309cb471 71static MemoryRegion *system_io;
62152b8a 72
f6790af6
AK		 73AddressSpace address_space_io;
74AddressSpace address_space_memory;
2673a5da 75
0844e007 76MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 77static MemoryRegion io_mem_unassigned;
0e0df1e2 78
7bd4f430
PB		 79/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80#define RAM_PREALLOC (1 << 0)
81
dbcb8981
PB		 82/* RAM is mmap-ed with MAP_SHARED */
83#define RAM_SHARED (1 << 1)
84
62be4e3a
MT		 85/* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88#define RAM_RESIZEABLE (1 << 2)
89
e2eef170 90#endif
9fa3e853 91
bdc44640 92struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 93/* current CPU in the current thread. It is only valid inside
94 cpu_exec() */
f240eb6f 95__thread CPUState *current_cpu;
2e70f6ef 96/* 0 = Do not count executed instructions.
bf20dc07 97 1 = Precise instruction counting.
2e70f6ef 98 2 = Adaptive rate instruction counting. */
5708fc66 99int use_icount;
6a00d601 100
e2eef170 101#if !defined(CONFIG_USER_ONLY)
4346ae3e 102
1db8abb1
PB		 103typedef struct PhysPageEntry PhysPageEntry;
104
105struct PhysPageEntry {
9736e55b 106 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 107 uint32_t skip : 6;
9736e55b 108 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 109 uint32_t ptr : 26;
1db8abb1
PB		 110};
111
8b795765
MT		 112#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
113
03f49957 114/* Size of the L2 (and L3, etc) page tables. */
57271d63 115#define ADDR_SPACE_BITS 64
03f49957 116
026736ce 117#define P_L2_BITS 9
03f49957
PB		 118#define P_L2_SIZE (1 << P_L2_BITS)
119
120#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
121
122typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 123
53cb28cb 124typedef struct PhysPageMap {
79e2b9ae
PB		 125 struct rcu_head rcu;
126
53cb28cb
MA		 127 unsigned sections_nb;
128 unsigned sections_nb_alloc;
129 unsigned nodes_nb;
130 unsigned nodes_nb_alloc;
131 Node *nodes;
132 MemoryRegionSection *sections;
133} PhysPageMap;
134
1db8abb1 135struct AddressSpaceDispatch {
79e2b9ae
PB		 136 struct rcu_head rcu;
137
1db8abb1
PB		 138 /* This is a multi-level map on the physical address space.
139 * The bottom level has pointers to MemoryRegionSections.
140 */
141 PhysPageEntry phys_map;
53cb28cb 142 PhysPageMap map;
acc9d80b 143 AddressSpace *as;
1db8abb1
PB		 144};
145
90260c6c
JK		 146#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
147typedef struct subpage_t {
148 MemoryRegion iomem;
acc9d80b 149 AddressSpace *as;
90260c6c
JK		 150 hwaddr base;
151 uint16_t sub_section[TARGET_PAGE_SIZE];
152} subpage_t;
153
b41aac4f
LPF		 154#define PHYS_SECTION_UNASSIGNED 0
155#define PHYS_SECTION_NOTDIRTY 1
156#define PHYS_SECTION_ROM 2
157#define PHYS_SECTION_WATCH 3
5312bd8b 158
e2eef170 159static void io_mem_init(void);
62152b8a 160static void memory_map_init(void);
09daed84 161static void tcg_commit(MemoryListener *listener);
e2eef170 162
1ec9b909 163static MemoryRegion io_mem_watch;
32857f4d
PM		 164
165/**
166 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
167 * @cpu: the CPU whose AddressSpace this is
168 * @as: the AddressSpace itself
169 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
170 * @tcg_as_listener: listener for tracking changes to the AddressSpace
171 */
172struct CPUAddressSpace {
173 CPUState *cpu;
174 AddressSpace *as;
175 struct AddressSpaceDispatch *memory_dispatch;
176 MemoryListener tcg_as_listener;
177};
178
6658ffb8 179#endif
fd6ce8f6 180
6d9a1304 181#if !defined(CONFIG_USER_ONLY)
d6f2ea22 182
53cb28cb 183static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 184{
53cb28cb
MA		 185 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
186 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
188 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 189 }
f7bf5461
AK		 190}
191
db94604b 192static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 193{
194 unsigned i;
8b795765 195 uint32_t ret;
db94604b
PB		 196 PhysPageEntry e;
197 PhysPageEntry *p;
f7bf5461 198
53cb28cb 199 ret = map->nodes_nb++;
db94604b 200 p = map->nodes[ret];
f7bf5461 201 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 202 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 203
204 e.skip = leaf ? 0 : 1;
205 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 206 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 207 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 208 }
f7bf5461 209 return ret;
d6f2ea22
AK		 210}
211
53cb28cb
MA		 212static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
213 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 214 int level)
f7bf5461
AK		 215{
216 PhysPageEntry *p;
03f49957 217 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 218
9736e55b 219 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 220 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 221 }
db94604b 222 p = map->nodes[lp->ptr];
03f49957 223 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 224
03f49957 225 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 226 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 227 lp->skip = 0;
c19e8800 228 lp->ptr = leaf;
07f07b31
AK		 229 *index += step;
230 *nb -= step;
2999097b 231 } else {
53cb28cb 232 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 233 }
234 ++lp;
f7bf5461
AK		 235 }
236}
237
ac1970fb 238static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 239 hwaddr index, hwaddr nb,
2999097b 240 uint16_t leaf)
f7bf5461 241{
2999097b 242 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 243 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 244
53cb28cb 245 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 246}
247
b35ba30f
MT		 248/* Compact a non leaf page entry. Simply detect that the entry has a single child,
249 * and update our entry so we can skip it and go directly to the destination.
250 */
251static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
252{
253 unsigned valid_ptr = P_L2_SIZE;
254 int valid = 0;
255 PhysPageEntry *p;
256 int i;
257
258 if (lp->ptr == PHYS_MAP_NODE_NIL) {
259 return;
260 }
261
262 p = nodes[lp->ptr];
263 for (i = 0; i < P_L2_SIZE; i++) {
264 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
265 continue;
266 }
267
268 valid_ptr = i;
269 valid++;
270 if (p[i].skip) {
271 phys_page_compact(&p[i], nodes, compacted);
272 }
273 }
274
275 /* We can only compress if there's only one child. */
276 if (valid != 1) {
277 return;
278 }
279
280 assert(valid_ptr < P_L2_SIZE);
281
282 /* Don't compress if it won't fit in the # of bits we have. */
283 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
284 return;
285 }
286
287 lp->ptr = p[valid_ptr].ptr;
288 if (!p[valid_ptr].skip) {
289 /* If our only child is a leaf, make this a leaf. */
290 /* By design, we should have made this node a leaf to begin with so we
291 * should never reach here.
292 * But since it's so simple to handle this, let's do it just in case we
293 * change this rule.
294 */
295 lp->skip = 0;
296 } else {
297 lp->skip += p[valid_ptr].skip;
298 }
299}
300
301static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
302{
303 DECLARE_BITMAP(compacted, nodes_nb);
304
305 if (d->phys_map.skip) {
53cb28cb 306 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 307 }
308}
309
97115a8d 310static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 311 Node *nodes, MemoryRegionSection *sections)
92e873b9 312{
31ab2b4a 313 PhysPageEntry *p;
97115a8d 314 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 315 int i;
f1f6e3b8 316
9736e55b 317 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 318 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 319 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 320 }
9affd6fc 321 p = nodes[lp.ptr];
03f49957 322 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 323 }
b35ba30f
MT		 324
325 if (sections[lp.ptr].size.hi ||
326 range_covers_byte(sections[lp.ptr].offset_within_address_space,
327 sections[lp.ptr].size.lo, addr)) {
328 return &sections[lp.ptr];
329 } else {
330 return &sections[PHYS_SECTION_UNASSIGNED];
331 }
f3705d53
AK		 332}
333
e5548617
BS		 334bool memory_region_is_unassigned(MemoryRegion *mr)
335{
2a8e7499 336 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 337 && mr != &io_mem_watch;
fd6ce8f6 338}
149f54b5 339
79e2b9ae 340/* Called from RCU critical section */
c7086b4a 341static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 342 hwaddr addr,
343 bool resolve_subpage)
9f029603 344{
90260c6c
JK		 345 MemoryRegionSection *section;
346 subpage_t *subpage;
347
53cb28cb 348 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
90260c6c
JK		 349 if (resolve_subpage && section->mr->subpage) {
350 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 351 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c
JK		 352 }
353 return section;
9f029603
JK		 354}
355
79e2b9ae 356/* Called from RCU critical section */
90260c6c 357static MemoryRegionSection *
c7086b4a 358address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 359 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 360{
361 MemoryRegionSection *section;
965eb2fc 362 MemoryRegion *mr;
a87f3954 363 Int128 diff;
149f54b5 364
c7086b4a 365 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 366 /* Compute offset within MemoryRegionSection */
367 addr -= section->offset_within_address_space;
368
369 /* Compute offset within MemoryRegion */
370 *xlat = addr + section->offset_within_region;
371
965eb2fc 372 mr = section->mr;
b242e0e0
PB		 373
374 /* MMIO registers can be expected to perform full-width accesses based only
375 * on their address, without considering adjacent registers that could
376 * decode to completely different MemoryRegions. When such registers
377 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
378 * regions overlap wildly. For this reason we cannot clamp the accesses
379 * here.
380 *
381 * If the length is small (as is the case for address_space_ldl/stl),
382 * everything works fine. If the incoming length is large, however,
383 * the caller really has to do the clamping through memory_access_size.
384 */
965eb2fc 385 if (memory_region_is_ram(mr)) {
e4a511f8 386 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 387 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
388 }
149f54b5
PB		 389 return section;
390}
90260c6c 391
41063e1e 392/* Called from RCU critical section */
5c8a00ce
PB		 393MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
394 hwaddr *xlat, hwaddr *plen,
395 bool is_write)
90260c6c 396{
30951157
AK		 397 IOMMUTLBEntry iotlb;
398 MemoryRegionSection *section;
399 MemoryRegion *mr;
30951157
AK		 400
401 for (;;) {
79e2b9ae
PB		 402 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
403 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 404 mr = section->mr;
405
406 if (!mr->iommu_ops) {
407 break;
408 }
409
8d7b8cb9 410 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 411 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
412 | (addr & iotlb.addr_mask));
23820dbf 413 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 414 if (!(iotlb.perm & (1 << is_write))) {
415 mr = &io_mem_unassigned;
416 break;
417 }
418
419 as = iotlb.target_as;
420 }
421
fe680d0d 422 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 423 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 424 *plen = MIN(page, *plen);
a87f3954
PB		 425 }
426
30951157
AK		 427 *xlat = addr;
428 return mr;
90260c6c
JK		 429}
430
79e2b9ae 431/* Called from RCU critical section */
90260c6c 432MemoryRegionSection *
d7898cda 433address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 434 hwaddr *xlat, hwaddr *plen)
90260c6c 435{
30951157 436 MemoryRegionSection *section;
d7898cda
PM		 437 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
438
439 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 440
441 assert(!section->mr->iommu_ops);
442 return section;
90260c6c 443}
5b6dd868 444#endif
fd6ce8f6 445
b170fce3 446#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 447
448static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 449{
259186a7 450 CPUState *cpu = opaque;
a513fe19 451
5b6dd868
BS		 452 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
453 version_id is increased. */
259186a7 454 cpu->interrupt_request &= ~0x01;
c01a71c1 455 tlb_flush(cpu, 1);
5b6dd868
BS		 456
457 return 0;
a513fe19 458}
7501267e 459
6c3bff0e
PD		 460static int cpu_common_pre_load(void *opaque)
461{
462 CPUState *cpu = opaque;
463
adee6424 464 cpu->exception_index = -1;
6c3bff0e
PD		 465
466 return 0;
467}
468
469static bool cpu_common_exception_index_needed(void *opaque)
470{
471 CPUState *cpu = opaque;
472
adee6424 473 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 474}
475
476static const VMStateDescription vmstate_cpu_common_exception_index = {
477 .name = "cpu_common/exception_index",
478 .version_id = 1,
479 .minimum_version_id = 1,
5cd8cada 480 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 481 .fields = (VMStateField[]) {
482 VMSTATE_INT32(exception_index, CPUState),
483 VMSTATE_END_OF_LIST()
484 }
485};
486
bac05aa9
AS		 487static bool cpu_common_crash_occurred_needed(void *opaque)
488{
489 CPUState *cpu = opaque;
490
491 return cpu->crash_occurred;
492}
493
494static const VMStateDescription vmstate_cpu_common_crash_occurred = {
495 .name = "cpu_common/crash_occurred",
496 .version_id = 1,
497 .minimum_version_id = 1,
498 .needed = cpu_common_crash_occurred_needed,
499 .fields = (VMStateField[]) {
500 VMSTATE_BOOL(crash_occurred, CPUState),
501 VMSTATE_END_OF_LIST()
502 }
503};
504
1a1562f5 505const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 506 .name = "cpu_common",
507 .version_id = 1,
508 .minimum_version_id = 1,
6c3bff0e 509 .pre_load = cpu_common_pre_load,
5b6dd868 510 .post_load = cpu_common_post_load,
35d08458 511 .fields = (VMStateField[]) {
259186a7
AF		 512 VMSTATE_UINT32(halted, CPUState),
513 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 514 VMSTATE_END_OF_LIST()
6c3bff0e 515 },
5cd8cada
JQ		 516 .subsections = (const VMStateDescription*[]) {
517 &vmstate_cpu_common_exception_index,
bac05aa9 518 &vmstate_cpu_common_crash_occurred,
5cd8cada 519 NULL
5b6dd868
BS		 520 }
521};
1a1562f5 522
5b6dd868 523#endif
ea041c0e 524
38d8f5c8 525CPUState *qemu_get_cpu(int index)
ea041c0e 526{
bdc44640 527 CPUState *cpu;
ea041c0e 528
bdc44640 529 CPU_FOREACH(cpu) {
55e5c285 530 if (cpu->cpu_index == index) {
bdc44640 531 return cpu;
55e5c285 532 }
ea041c0e 533 }
5b6dd868 534
bdc44640 535 return NULL;
ea041c0e
FB		 536}
537
09daed84 538#if !defined(CONFIG_USER_ONLY)
56943e8c 539void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 540{
12ebc9a7
PM		 541 CPUAddressSpace *newas;
542
543 /* Target code should have set num_ases before calling us */
544 assert(asidx < cpu->num_ases);
545
56943e8c
PM		 546 if (asidx == 0) {
547 /* address space 0 gets the convenience alias */
548 cpu->as = as;
549 }
550
12ebc9a7
PM		 551 /* KVM cannot currently support multiple address spaces. */
552 assert(asidx == 0 || !kvm_enabled());
09daed84 553
12ebc9a7
PM		 554 if (!cpu->cpu_ases) {
555 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 556 }
32857f4d 557
12ebc9a7
PM		 558 newas = &cpu->cpu_ases[asidx];
559 newas->cpu = cpu;
560 newas->as = as;
56943e8c 561 if (tcg_enabled()) {
12ebc9a7
PM		 562 newas->tcg_as_listener.commit = tcg_commit;
563 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 564 }
09daed84 565}
651a5bc0
PM		 566
567AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
568{
569 /* Return the AddressSpace corresponding to the specified index */
570 return cpu->cpu_ases[asidx].as;
571}
09daed84
EI		 572#endif
573
b7bca733
BR		 574#ifndef CONFIG_USER_ONLY
575static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
576
577static int cpu_get_free_index(Error **errp)
578{
579 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
580
581 if (cpu >= MAX_CPUMASK_BITS) {
582 error_setg(errp, "Trying to use more CPUs than max of %d",
583 MAX_CPUMASK_BITS);
584 return -1;
585 }
586
587 bitmap_set(cpu_index_map, cpu, 1);
588 return cpu;
589}
590
591void cpu_exec_exit(CPUState *cpu)
592{
593 if (cpu->cpu_index == -1) {
594 /* cpu_index was never allocated by this @cpu or was already freed. */
595 return;
596 }
597
598 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
599 cpu->cpu_index = -1;
600}
601#else
602
603static int cpu_get_free_index(Error **errp)
604{
605 CPUState *some_cpu;
606 int cpu_index = 0;
607
608 CPU_FOREACH(some_cpu) {
609 cpu_index++;
610 }
611 return cpu_index;
612}
613
614void cpu_exec_exit(CPUState *cpu)
615{
616}
617#endif
618
4bad9e39 619void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 620{
b170fce3 621 CPUClass *cc = CPU_GET_CLASS(cpu);
5b6dd868 622 int cpu_index;
b7bca733 623 Error *local_err = NULL;
5b6dd868 624
56943e8c 625 cpu->as = NULL;
12ebc9a7 626 cpu->num_ases = 0;
56943e8c 627
291135b5 628#ifndef CONFIG_USER_ONLY
291135b5 629 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 630
631 /* This is a softmmu CPU object, so create a property for it
632 * so users can wire up its memory. (This can't go in qom/cpu.c
633 * because that file is compiled only once for both user-mode
634 * and system builds.) The default if no link is set up is to use
635 * the system address space.
636 */
637 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
638 (Object **)&cpu->memory,
639 qdev_prop_allow_set_link_before_realize,
640 OBJ_PROP_LINK_UNREF_ON_RELEASE,
641 &error_abort);
642 cpu->memory = system_memory;
643 object_ref(OBJECT(cpu->memory));
291135b5
EH		 644#endif
645
5b6dd868
BS		 646#if defined(CONFIG_USER_ONLY)
647 cpu_list_lock();
648#endif
b7bca733
BR		 649 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
650 if (local_err) {
651 error_propagate(errp, local_err);
652#if defined(CONFIG_USER_ONLY)
653 cpu_list_unlock();
654#endif
655 return;
5b6dd868 656 }
bdc44640 657 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868
BS		 658#if defined(CONFIG_USER_ONLY)
659 cpu_list_unlock();
660#endif
e0d47944
AF		 661 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
662 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
663 }
5b6dd868 664#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
5b6dd868 665 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
4bad9e39 666 cpu_save, cpu_load, cpu->env_ptr);
b170fce3 667 assert(cc->vmsd == NULL);
e0d47944 668 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
5b6dd868 669#endif
b170fce3
AF		 670 if (cc->vmsd != NULL) {
671 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
672 }
ea041c0e
FB		 673}
674
94df27fd 675#if defined(CONFIG_USER_ONLY)
00b941e5 676static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 677{
678 tb_invalidate_phys_page_range(pc, pc + 1, 0);
679}
680#else
00b941e5 681static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 682{
5232e4c7
PM		 683 MemTxAttrs attrs;
684 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
685 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 686 if (phys != -1) {
5232e4c7 687 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 688 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 689 }
1e7855a5 690}
c27004ec 691#endif
d720b93d 692
c527ee8f 693#if defined(CONFIG_USER_ONLY)
75a34036 694void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 695
696{
697}
698
3ee887e8
PM		 699int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
700 int flags)
701{
702 return -ENOSYS;
703}
704
705void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
706{
707}
708
75a34036 709int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 710 int flags, CPUWatchpoint **watchpoint)
711{
712 return -ENOSYS;
713}
714#else
6658ffb8 715/* Add a watchpoint. */
75a34036 716int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 717 int flags, CPUWatchpoint **watchpoint)
6658ffb8 718{
c0ce998e 719 CPUWatchpoint *wp;
6658ffb8 720
05068c0d 721 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 722 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 723 error_report("tried to set invalid watchpoint at %"
724 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 725 return -EINVAL;
726 }
7267c094 727 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 728
729 wp->vaddr = addr;
05068c0d 730 wp->len = len;
a1d1bb31
AL		 731 wp->flags = flags;
732
2dc9f411 733 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 734 if (flags & BP_GDB) {
735 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
736 } else {
737 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
738 }
6658ffb8 739
31b030d4 740 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 741
742 if (watchpoint)
743 *watchpoint = wp;
744 return 0;
6658ffb8
PB		 745}
746
a1d1bb31 747/* Remove a specific watchpoint. */
75a34036 748int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 749 int flags)
6658ffb8 750{
a1d1bb31 751 CPUWatchpoint *wp;
6658ffb8 752
ff4700b0 753 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 754 if (addr == wp->vaddr && len == wp->len
6e140f28 755 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 756 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 757 return 0;
758 }
759 }
a1d1bb31 760 return -ENOENT;
6658ffb8
PB		 761}
762
a1d1bb31 763/* Remove a specific watchpoint by reference. */
75a34036 764void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 765{
ff4700b0 766 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 767
31b030d4 768 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 769
7267c094 770 g_free(watchpoint);
a1d1bb31
AL		 771}
772
773/* Remove all matching watchpoints. */
75a34036 774void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 775{
c0ce998e 776 CPUWatchpoint *wp, *next;
a1d1bb31 777
ff4700b0 778 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 779 if (wp->flags & mask) {
780 cpu_watchpoint_remove_by_ref(cpu, wp);
781 }
c0ce998e 782 }
7d03f82f 783}
05068c0d
PM		 784
785/* Return true if this watchpoint address matches the specified
786 * access (ie the address range covered by the watchpoint overlaps
787 * partially or completely with the address range covered by the
788 * access).
789 */
790static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
791 vaddr addr,
792 vaddr len)
793{
794 /* We know the lengths are non-zero, but a little caution is
795 * required to avoid errors in the case where the range ends
796 * exactly at the top of the address space and so addr + len
797 * wraps round to zero.
798 */
799 vaddr wpend = wp->vaddr + wp->len - 1;
800 vaddr addrend = addr + len - 1;
801
802 return !(addr > wpend || wp->vaddr > addrend);
803}
804
c527ee8f 805#endif
7d03f82f 806
a1d1bb31 807/* Add a breakpoint. */
b3310ab3 808int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 809 CPUBreakpoint **breakpoint)
4c3a88a2 810{
c0ce998e 811 CPUBreakpoint *bp;
3b46e624 812
7267c094 813 bp = g_malloc(sizeof(*bp));
4c3a88a2 814
a1d1bb31
AL		 815 bp->pc = pc;
816 bp->flags = flags;
817
2dc9f411 818 /* keep all GDB-injected breakpoints in front */
00b941e5 819 if (flags & BP_GDB) {
f0c3c505 820 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 821 } else {
f0c3c505 822 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 823 }
3b46e624 824
f0c3c505 825 breakpoint_invalidate(cpu, pc);
a1d1bb31 826
00b941e5 827 if (breakpoint) {
a1d1bb31 828 *breakpoint = bp;
00b941e5 829 }
4c3a88a2 830 return 0;
4c3a88a2
FB		 831}
832
a1d1bb31 833/* Remove a specific breakpoint. */
b3310ab3 834int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 835{
a1d1bb31
AL		 836 CPUBreakpoint *bp;
837
f0c3c505 838 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 839 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 840 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 841 return 0;
842 }
7d03f82f 843 }
a1d1bb31 844 return -ENOENT;
7d03f82f
EI		 845}
846
a1d1bb31 847/* Remove a specific breakpoint by reference. */
b3310ab3 848void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 849{
f0c3c505
AF		 850 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
851
852 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 853
7267c094 854 g_free(breakpoint);
a1d1bb31
AL		 855}
856
857/* Remove all matching breakpoints. */
b3310ab3 858void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 859{
c0ce998e 860 CPUBreakpoint *bp, *next;
a1d1bb31 861
f0c3c505 862 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 863 if (bp->flags & mask) {
864 cpu_breakpoint_remove_by_ref(cpu, bp);
865 }
c0ce998e 866 }
4c3a88a2
FB		 867}
868
c33a346e
FB		 869/* enable or disable single step mode. EXCP_DEBUG is returned by the
870 CPU loop after each instruction */
3825b28f 871void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 872{
ed2803da
AF		 873 if (cpu->singlestep_enabled != enabled) {
874 cpu->singlestep_enabled = enabled;
875 if (kvm_enabled()) {
38e478ec 876 kvm_update_guest_debug(cpu, 0);
ed2803da 877 } else {
ccbb4d44 878 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 879 /* XXX: only flush what is necessary */
bbd77c18 880 tb_flush(cpu);
e22a25c9 881 }
c33a346e 882 }
c33a346e
FB		 883}
884
a47dddd7 885void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 886{
887 va_list ap;
493ae1f0 888 va_list ap2;
7501267e
FB		 889
890 va_start(ap, fmt);
493ae1f0 891 va_copy(ap2, ap);
7501267e
FB		 892 fprintf(stderr, "qemu: fatal: ");
893 vfprintf(stderr, fmt, ap);
894 fprintf(stderr, "\n");
878096ee 895 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 896 if (qemu_log_separate()) {
93fcfe39
AL		 897 qemu_log("qemu: fatal: ");
898 qemu_log_vprintf(fmt, ap2);
899 qemu_log("\n");
a0762859 900 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 901 qemu_log_flush();
93fcfe39 902 qemu_log_close();
924edcae 903 }
493ae1f0 904 va_end(ap2);
f9373291 905 va_end(ap);
7615936e 906 replay_finish();
fd052bf6
RV		 907#if defined(CONFIG_USER_ONLY)
908 {
909 struct sigaction act;
910 sigfillset(&act.sa_mask);
911 act.sa_handler = SIG_DFL;
912 sigaction(SIGABRT, &act, NULL);
913 }
914#endif
7501267e
FB		 915 abort();
916}
917
0124311e 918#if !defined(CONFIG_USER_ONLY)
0dc3f44a 919/* Called from RCU critical section */
041603fe
PB		 920static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
921{
922 RAMBlock *block;
923
43771539 924 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 925 if (block && addr - block->offset < block->max_length) {
68851b98 926 return block;
041603fe 927 }
0dc3f44a 928 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 929 if (addr - block->offset < block->max_length) {
041603fe
PB		 930 goto found;
931 }
932 }
933
934 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
935 abort();
936
937found:
43771539
PB		 938 /* It is safe to write mru_block outside the iothread lock. This
939 * is what happens:
940 *
941 * mru_block = xxx
942 * rcu_read_unlock()
943 * xxx removed from list
944 * rcu_read_lock()
945 * read mru_block
946 * mru_block = NULL;
947 * call_rcu(reclaim_ramblock, xxx);
948 * rcu_read_unlock()
949 *
950 * atomic_rcu_set is not needed here. The block was already published
951 * when it was placed into the list. Here we're just making an extra
952 * copy of the pointer.
953 */
041603fe
PB		 954 ram_list.mru_block = block;
955 return block;
956}
957
a2f4d5be 958static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 959{
9a13565d 960 CPUState *cpu;
041603fe 961 ram_addr_t start1;
a2f4d5be
JQ		 962 RAMBlock *block;
963 ram_addr_t end;
964
965 end = TARGET_PAGE_ALIGN(start + length);
966 start &= TARGET_PAGE_MASK;
d24981d3 967
0dc3f44a 968 rcu_read_lock();
041603fe
PB		 969 block = qemu_get_ram_block(start);
970 assert(block == qemu_get_ram_block(end - 1));
1240be24 971 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 972 CPU_FOREACH(cpu) {
973 tlb_reset_dirty(cpu, start1, length);
974 }
0dc3f44a 975 rcu_read_unlock();
d24981d3
JQ		 976}
977
5579c7f3 978/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 979bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
980 ram_addr_t length,
981 unsigned client)
1ccde1cb 982{
03eebc9e
SH		 983 unsigned long end, page;
984 bool dirty;
985
986 if (length == 0) {
987 return false;
988 }
f23db169 989
03eebc9e
SH		 990 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
991 page = start >> TARGET_PAGE_BITS;
992 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
993 page, end - page);
994
995 if (dirty && tcg_enabled()) {
a2f4d5be 996 tlb_reset_dirty_range_all(start, length);
5579c7f3 997 }
03eebc9e
SH		 998
999 return dirty;
1ccde1cb
FB		 1000}
1001
79e2b9ae 1002/* Called from RCU critical section */
bb0e627a 1003hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1004 MemoryRegionSection *section,
1005 target_ulong vaddr,
1006 hwaddr paddr, hwaddr xlat,
1007 int prot,
1008 target_ulong *address)
e5548617 1009{
a8170e5e 1010 hwaddr iotlb;
e5548617
BS		 1011 CPUWatchpoint *wp;
1012
cc5bea60 1013 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1014 /* Normal RAM. */
1015 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1016 + xlat;
e5548617 1017 if (!section->readonly) {
b41aac4f 1018 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1019 } else {
b41aac4f 1020 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1021 }
1022 } else {
0b8e2c10
PM		 1023 AddressSpaceDispatch *d;
1024
1025 d = atomic_rcu_read(&section->address_space->dispatch);
1026 iotlb = section - d->map.sections;
149f54b5 1027 iotlb += xlat;
e5548617
BS		 1028 }
1029
1030 /* Make accesses to pages with watchpoints go via the
1031 watchpoint trap routines. */
ff4700b0 1032 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1033 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1034 /* Avoid trapping reads of pages with a write breakpoint. */
1035 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1036 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1037 *address |= TLB_MMIO;
1038 break;
1039 }
1040 }
1041 }
1042
1043 return iotlb;
1044}
9fa3e853
FB		 1045#endif /* defined(CONFIG_USER_ONLY) */
1046
e2eef170 1047#if !defined(CONFIG_USER_ONLY)
8da3ff18 1048
c227f099 1049static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1050 uint16_t section);
acc9d80b 1051static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1052
a2b257d6
IM		 1053static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1054 qemu_anon_ram_alloc;
91138037
MA		 1055
1056/*
1057 * Set a custom physical guest memory alloator.
1058 * Accelerators with unusual needs may need this. Hopefully, we can
1059 * get rid of it eventually.
1060 */
a2b257d6 1061void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1062{
1063 phys_mem_alloc = alloc;
1064}
1065
53cb28cb
MA		 1066static uint16_t phys_section_add(PhysPageMap *map,
1067 MemoryRegionSection *section)
5312bd8b 1068{
68f3f65b
PB		 1069 /* The physical section number is ORed with a page-aligned
1070 * pointer to produce the iotlb entries. Thus it should
1071 * never overflow into the page-aligned value.
1072 */
53cb28cb 1073 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1074
53cb28cb
MA		 1075 if (map->sections_nb == map->sections_nb_alloc) {
1076 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1077 map->sections = g_renew(MemoryRegionSection, map->sections,
1078 map->sections_nb_alloc);
5312bd8b 1079 }
53cb28cb 1080 map->sections[map->sections_nb] = *section;
dfde4e6e 1081 memory_region_ref(section->mr);
53cb28cb 1082 return map->sections_nb++;
5312bd8b
AK		 1083}
1084
058bc4b5
PB		 1085static void phys_section_destroy(MemoryRegion *mr)
1086{
55b4e80b
DS		 1087 bool have_sub_page = mr->subpage;
1088
dfde4e6e
PB		 1089 memory_region_unref(mr);
1090
55b4e80b 1091 if (have_sub_page) {
058bc4b5 1092 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1093 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1094 g_free(subpage);
1095 }
1096}
1097
6092666e 1098static void phys_sections_free(PhysPageMap *map)
5312bd8b 1099{
9affd6fc
PB		 1100 while (map->sections_nb > 0) {
1101 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1102 phys_section_destroy(section->mr);
1103 }
9affd6fc
PB		 1104 g_free(map->sections);
1105 g_free(map->nodes);
5312bd8b
AK		 1106}
1107
ac1970fb 1108static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1109{
1110 subpage_t *subpage;
a8170e5e 1111 hwaddr base = section->offset_within_address_space
0f0cb164 1112 & TARGET_PAGE_MASK;
97115a8d 1113 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1114 d->map.nodes, d->map.sections);
0f0cb164
AK		 1115 MemoryRegionSection subsection = {
1116 .offset_within_address_space = base,
052e87b0 1117 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1118 };
a8170e5e 1119 hwaddr start, end;
0f0cb164 1120
f3705d53 1121 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1122
f3705d53 1123 if (!(existing->mr->subpage)) {
acc9d80b 1124 subpage = subpage_init(d->as, base);
3be91e86 1125 subsection.address_space = d->as;
0f0cb164 1126 subsection.mr = &subpage->iomem;
ac1970fb 1127 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1128 phys_section_add(&d->map, &subsection));
0f0cb164 1129 } else {
f3705d53 1130 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1131 }
1132 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1133 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1134 subpage_register(subpage, start, end,
1135 phys_section_add(&d->map, section));
0f0cb164
AK		 1136}
1137
1138
052e87b0
PB		 1139static void register_multipage(AddressSpaceDispatch *d,
1140 MemoryRegionSection *section)
33417e70 1141{
a8170e5e 1142 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1143 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1144 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1145 TARGET_PAGE_BITS));
dd81124b 1146
733d5ef5
PB		 1147 assert(num_pages);
1148 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1149}
1150
ac1970fb 1151static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1152{
89ae337a 1153 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1154 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1155 MemoryRegionSection now = *section, remain = *section;
052e87b0 1156 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1157
733d5ef5
PB		 1158 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1159 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1160 - now.offset_within_address_space;
1161
052e87b0 1162 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1163 register_subpage(d, &now);
733d5ef5 1164 } else {
052e87b0 1165 now.size = int128_zero();
733d5ef5 1166 }
052e87b0
PB		 1167 while (int128_ne(remain.size, now.size)) {
1168 remain.size = int128_sub(remain.size, now.size);
1169 remain.offset_within_address_space += int128_get64(now.size);
1170 remain.offset_within_region += int128_get64(now.size);
69b67646 1171 now = remain;
052e87b0 1172 if (int128_lt(remain.size, page_size)) {
733d5ef5 1173 register_subpage(d, &now);
88266249 1174 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1175 now.size = page_size;
ac1970fb 1176 register_subpage(d, &now);
69b67646 1177 } else {
052e87b0 1178 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1179 register_multipage(d, &now);
69b67646 1180 }
0f0cb164
AK		 1181 }
1182}
1183
62a2744c
SY		 1184void qemu_flush_coalesced_mmio_buffer(void)
1185{
1186 if (kvm_enabled())
1187 kvm_flush_coalesced_mmio_buffer();
1188}
1189
b2a8658e
UD		 1190void qemu_mutex_lock_ramlist(void)
1191{
1192 qemu_mutex_lock(&ram_list.mutex);
1193}
1194
1195void qemu_mutex_unlock_ramlist(void)
1196{
1197 qemu_mutex_unlock(&ram_list.mutex);
1198}
1199
e1e84ba0 1200#ifdef __linux__
c902760f
MT		 1201
1202#include <sys/vfs.h>
1203
1204#define HUGETLBFS_MAGIC 0x958458f6
1205
fc7a5800 1206static long gethugepagesize(const char *path, Error **errp)
c902760f
MT		 1207{
1208 struct statfs fs;
1209 int ret;
1210
1211 do {
9742bf26 1212 ret = statfs(path, &fs);
c902760f
MT		 1213 } while (ret != 0 && errno == EINTR);
1214
1215 if (ret != 0) {
fc7a5800
HT		 1216 error_setg_errno(errp, errno, "failed to get page size of file %s",
1217 path);
9742bf26 1218 return 0;
c902760f
MT		 1219 }
1220
c902760f
MT		 1221 return fs.f_bsize;
1222}
1223
04b16653
AW		 1224static void *file_ram_alloc(RAMBlock *block,
1225 ram_addr_t memory,
7f56e740
PB		 1226 const char *path,
1227 Error **errp)
c902760f 1228{
8d31d6b6 1229 struct stat st;
c902760f 1230 char *filename;
8ca761f6
PF		 1231 char *sanitized_name;
1232 char *c;
794e8f30 1233 void *area;
c902760f 1234 int fd;
557529dd 1235 uint64_t hpagesize;
fc7a5800 1236 Error *local_err = NULL;
c902760f 1237
fc7a5800
HT		 1238 hpagesize = gethugepagesize(path, &local_err);
1239 if (local_err) {
1240 error_propagate(errp, local_err);
f9a49dfa 1241 goto error;
c902760f 1242 }
a2b257d6 1243 block->mr->align = hpagesize;
c902760f
MT		 1244
1245 if (memory < hpagesize) {
557529dd
HT		 1246 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1247 "or larger than huge page size 0x%" PRIx64,
1248 memory, hpagesize);
1249 goto error;
c902760f
MT		 1250 }
1251
1252 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1253 error_setg(errp,
1254 "host lacks kvm mmu notifiers, -mem-path unsupported");
f9a49dfa 1255 goto error;
c902760f
MT		 1256 }
1257
8d31d6b6
PF		 1258 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1259 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1260 sanitized_name = g_strdup(memory_region_name(block->mr));
1261 for (c = sanitized_name; *c != '\0'; c++) {
1262 if (*c == '/') {
1263 *c = '_';
1264 }
1265 }
8ca761f6 1266
8d31d6b6
PF		 1267 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1268 sanitized_name);
1269 g_free(sanitized_name);
1270
1271 fd = mkstemp(filename);
1272 if (fd >= 0) {
1273 unlink(filename);
1274 }
1275 g_free(filename);
1276 } else {
1277 fd = open(path, O_RDWR | O_CREAT, 0644);
1278 }
c902760f 1279
c902760f 1280 if (fd < 0) {
7f56e740
PB		 1281 error_setg_errno(errp, errno,
1282 "unable to create backing store for hugepages");
f9a49dfa 1283 goto error;
c902760f 1284 }
c902760f 1285
9284f319 1286 memory = ROUND_UP(memory, hpagesize);
c902760f
MT		 1287
1288 /*
1289 * ftruncate is not supported by hugetlbfs in older
1290 * hosts, so don't bother bailing out on errors.
1291 * If anything goes wrong with it under other filesystems,
1292 * mmap will fail.
1293 */
7f56e740 1294 if (ftruncate(fd, memory)) {
9742bf26 1295 perror("ftruncate");
7f56e740 1296 }
c902760f 1297
794e8f30 1298 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
c902760f 1299 if (area == MAP_FAILED) {
7f56e740
PB		 1300 error_setg_errno(errp, errno,
1301 "unable to map backing store for hugepages");
9742bf26 1302 close(fd);
f9a49dfa 1303 goto error;
c902760f 1304 }
ef36fa14
MT		 1305
1306 if (mem_prealloc) {
38183310 1307 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1308 }
1309
04b16653 1310 block->fd = fd;
c902760f 1311 return area;
f9a49dfa
MT		 1312
1313error:
f9a49dfa 1314 return NULL;
c902760f
MT		 1315}
1316#endif
1317
0dc3f44a 1318/* Called with the ramlist lock held. */
d17b5288 1319static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1320{
1321 RAMBlock *block, *next_block;
3e837b2c 1322 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1323
49cd9ac6
SH		 1324 assert(size != 0); /* it would hand out same offset multiple times */
1325
0dc3f44a 1326 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1327 return 0;
0d53d9fe 1328 }
04b16653 1329
0dc3f44a 1330 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1331 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1332
62be4e3a 1333 end = block->offset + block->max_length;
04b16653 1334
0dc3f44a 1335 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1336 if (next_block->offset >= end) {
1337 next = MIN(next, next_block->offset);
1338 }
1339 }
1340 if (next - end >= size && next - end < mingap) {
3e837b2c 1341 offset = end;
04b16653
AW		 1342 mingap = next - end;
1343 }
1344 }
3e837b2c
AW		 1345
1346 if (offset == RAM_ADDR_MAX) {
1347 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1348 (uint64_t)size);
1349 abort();
1350 }
1351
04b16653
AW		 1352 return offset;
1353}
1354
652d7ec2 1355ram_addr_t last_ram_offset(void)
d17b5288
AW		 1356{
1357 RAMBlock *block;
1358 ram_addr_t last = 0;
1359
0dc3f44a
MD		 1360 rcu_read_lock();
1361 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1362 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1363 }
0dc3f44a 1364 rcu_read_unlock();
d17b5288
AW		 1365 return last;
1366}
1367
ddb97f1d
JB		 1368static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1369{
1370 int ret;
ddb97f1d
JB		 1371
1372 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1373 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1374 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1375 if (ret) {
1376 perror("qemu_madvise");
1377 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1378 "but dump_guest_core=off specified\n");
1379 }
1380 }
1381}
1382
0dc3f44a
MD		 1383/* Called within an RCU critical section, or while the ramlist lock
1384 * is held.
1385 */
20cfe881 1386static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1387{
20cfe881 1388 RAMBlock *block;
84b89d78 1389
0dc3f44a 1390 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1391 if (block->offset == addr) {
20cfe881 1392 return block;
c5705a77
AK		 1393 }
1394 }
20cfe881
HT		 1395
1396 return NULL;
1397}
1398
422148d3
DDAG		 1399const char *qemu_ram_get_idstr(RAMBlock *rb)
1400{
1401 return rb->idstr;
1402}
1403
ae3a7047 1404/* Called with iothread lock held. */
20cfe881
HT		 1405void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1406{
ae3a7047 1407 RAMBlock *new_block, *block;
20cfe881 1408
0dc3f44a 1409 rcu_read_lock();
ae3a7047 1410 new_block = find_ram_block(addr);
c5705a77
AK		 1411 assert(new_block);
1412 assert(!new_block->idstr[0]);
84b89d78 1413
09e5ab63
AL		 1414 if (dev) {
1415 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1416 if (id) {
1417 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1418 g_free(id);
84b89d78
CM		 1419 }
1420 }
1421 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1422
0dc3f44a 1423 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1424 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1425 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1426 new_block->idstr);
1427 abort();
1428 }
1429 }
0dc3f44a 1430 rcu_read_unlock();
c5705a77
AK		 1431}
1432
ae3a7047 1433/* Called with iothread lock held. */
20cfe881
HT		 1434void qemu_ram_unset_idstr(ram_addr_t addr)
1435{
ae3a7047 1436 RAMBlock *block;
20cfe881 1437
ae3a7047
MD		 1438 /* FIXME: arch_init.c assumes that this is not called throughout
1439 * migration. Ignore the problem since hot-unplug during migration
1440 * does not work anyway.
1441 */
1442
0dc3f44a 1443 rcu_read_lock();
ae3a7047 1444 block = find_ram_block(addr);
20cfe881
HT		 1445 if (block) {
1446 memset(block->idstr, 0, sizeof(block->idstr));
1447 }
0dc3f44a 1448 rcu_read_unlock();
20cfe881
HT		 1449}
1450
8490fc78
LC		 1451static int memory_try_enable_merging(void *addr, size_t len)
1452{
75cc7f01 1453 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1454 /* disabled by the user */
1455 return 0;
1456 }
1457
1458 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1459}
1460
62be4e3a
MT		 1461/* Only legal before guest might have detected the memory size: e.g. on
1462 * incoming migration, or right after reset.
1463 *
1464 * As memory core doesn't know how is memory accessed, it is up to
1465 * resize callback to update device state and/or add assertions to detect
1466 * misuse, if necessary.
1467 */
1468int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1469{
1470 RAMBlock *block = find_ram_block(base);
1471
1472 assert(block);
1473
4ed023ce 1474 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1475
62be4e3a
MT		 1476 if (block->used_length == newsize) {
1477 return 0;
1478 }
1479
1480 if (!(block->flags & RAM_RESIZEABLE)) {
1481 error_setg_errno(errp, EINVAL,
1482 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1483 " in != 0x" RAM_ADDR_FMT, block->idstr,
1484 newsize, block->used_length);
1485 return -EINVAL;
1486 }
1487
1488 if (block->max_length < newsize) {
1489 error_setg_errno(errp, EINVAL,
1490 "Length too large: %s: 0x" RAM_ADDR_FMT
1491 " > 0x" RAM_ADDR_FMT, block->idstr,
1492 newsize, block->max_length);
1493 return -EINVAL;
1494 }
1495
1496 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1497 block->used_length = newsize;
58d2707e
PB		 1498 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1499 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1500 memory_region_set_size(block->mr, newsize);
1501 if (block->resized) {
1502 block->resized(block->idstr, newsize, block->host);
1503 }
1504 return 0;
1505}
1506
ef701d7b 1507static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1508{
e1c57ab8 1509 RAMBlock *block;
0d53d9fe 1510 RAMBlock *last_block = NULL;
2152f5ca 1511 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1512 Error *err = NULL;
2152f5ca
JQ		 1513
1514 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1515
b2a8658e 1516 qemu_mutex_lock_ramlist();
9b8424d5 1517 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1518
1519 if (!new_block->host) {
1520 if (xen_enabled()) {
9b8424d5 1521 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1522 new_block->mr, &err);
1523 if (err) {
1524 error_propagate(errp, err);
1525 qemu_mutex_unlock_ramlist();
1526 return -1;
1527 }
e1c57ab8 1528 } else {
9b8424d5 1529 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1530 &new_block->mr->align);
39228250 1531 if (!new_block->host) {
ef701d7b
HT		 1532 error_setg_errno(errp, errno,
1533 "cannot set up guest memory '%s'",
1534 memory_region_name(new_block->mr));
1535 qemu_mutex_unlock_ramlist();
1536 return -1;
39228250 1537 }
9b8424d5 1538 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1539 }
c902760f 1540 }
94a6b54f 1541
dd631697
LZ		 1542 new_ram_size = MAX(old_ram_size,
1543 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1544 if (new_ram_size > old_ram_size) {
1545 migration_bitmap_extend(old_ram_size, new_ram_size);
1546 }
0d53d9fe
MD		 1547 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1548 * QLIST (which has an RCU-friendly variant) does not have insertion at
1549 * tail, so save the last element in last_block.
1550 */
0dc3f44a 1551 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1552 last_block = block;
9b8424d5 1553 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1554 break;
1555 }
1556 }
1557 if (block) {
0dc3f44a 1558 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1559 } else if (last_block) {
0dc3f44a 1560 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1561 } else { /* list is empty */
0dc3f44a 1562 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1563 }
0d6d3c87 1564 ram_list.mru_block = NULL;
94a6b54f 1565
0dc3f44a
MD		 1566 /* Write list before version */
1567 smp_wmb();
f798b07f 1568 ram_list.version++;
b2a8658e 1569 qemu_mutex_unlock_ramlist();
f798b07f 1570
2152f5ca
JQ		 1571 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1572
1573 if (new_ram_size > old_ram_size) {
1ab4c8ce 1574 int i;
ae3a7047
MD		 1575
1576 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1ab4c8ce
JQ		 1577 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1578 ram_list.dirty_memory[i] =
1579 bitmap_zero_extend(ram_list.dirty_memory[i],
1580 old_ram_size, new_ram_size);
1581 }
2152f5ca 1582 }
9b8424d5 1583 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1584 new_block->used_length,
1585 DIRTY_CLIENTS_ALL);
94a6b54f 1586
a904c911
PB		 1587 if (new_block->host) {
1588 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1589 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1590 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1591 if (kvm_enabled()) {
1592 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1593 }
e1c57ab8 1594 }
6f0437e8 1595
94a6b54f
PB		 1596 return new_block->offset;
1597}
e9a1ab19 1598
0b183fc8 1599#ifdef __linux__
e1c57ab8 1600ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
dbcb8981 1601 bool share, const char *mem_path,
7f56e740 1602 Error **errp)
e1c57ab8
PB		 1603{
1604 RAMBlock *new_block;
ef701d7b
HT		 1605 ram_addr_t addr;
1606 Error *local_err = NULL;
e1c57ab8
PB		 1607
1608 if (xen_enabled()) {
7f56e740
PB		 1609 error_setg(errp, "-mem-path not supported with Xen");
1610 return -1;
e1c57ab8
PB		 1611 }
1612
1613 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1614 /*
1615 * file_ram_alloc() needs to allocate just like
1616 * phys_mem_alloc, but we haven't bothered to provide
1617 * a hook there.
1618 */
7f56e740
PB		 1619 error_setg(errp,
1620 "-mem-path not supported with this accelerator");
1621 return -1;
e1c57ab8
PB		 1622 }
1623
4ed023ce 1624 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1625 new_block = g_malloc0(sizeof(*new_block));
1626 new_block->mr = mr;
9b8424d5
MT		 1627 new_block->used_length = size;
1628 new_block->max_length = size;
dbcb8981 1629 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1630 new_block->host = file_ram_alloc(new_block, size,
1631 mem_path, errp);
1632 if (!new_block->host) {
1633 g_free(new_block);
1634 return -1;
1635 }
1636
ef701d7b
HT		 1637 addr = ram_block_add(new_block, &local_err);
1638 if (local_err) {
1639 g_free(new_block);
1640 error_propagate(errp, local_err);
1641 return -1;
1642 }
1643 return addr;
e1c57ab8 1644}
0b183fc8 1645#endif
e1c57ab8 1646
62be4e3a
MT		 1647static
1648ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1649 void (*resized)(const char*,
1650 uint64_t length,
1651 void *host),
1652 void *host, bool resizeable,
ef701d7b 1653 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1654{
1655 RAMBlock *new_block;
ef701d7b
HT		 1656 ram_addr_t addr;
1657 Error *local_err = NULL;
e1c57ab8 1658
4ed023ce
DDAG		 1659 size = HOST_PAGE_ALIGN(size);
1660 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1661 new_block = g_malloc0(sizeof(*new_block));
1662 new_block->mr = mr;
62be4e3a 1663 new_block->resized = resized;
9b8424d5
MT		 1664 new_block->used_length = size;
1665 new_block->max_length = max_size;
62be4e3a 1666 assert(max_size >= size);
e1c57ab8
PB		 1667 new_block->fd = -1;
1668 new_block->host = host;
1669 if (host) {
7bd4f430 1670 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1671 }
62be4e3a
MT		 1672 if (resizeable) {
1673 new_block->flags |= RAM_RESIZEABLE;
1674 }
ef701d7b
HT		 1675 addr = ram_block_add(new_block, &local_err);
1676 if (local_err) {
1677 g_free(new_block);
1678 error_propagate(errp, local_err);
1679 return -1;
1680 }
1681 return addr;
e1c57ab8
PB		 1682}
1683
62be4e3a
MT		 1684ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1685 MemoryRegion *mr, Error **errp)
1686{
1687 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1688}
1689
ef701d7b 1690ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1691{
62be4e3a
MT		 1692 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1693}
1694
1695ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1696 void (*resized)(const char*,
1697 uint64_t length,
1698 void *host),
1699 MemoryRegion *mr, Error **errp)
1700{
1701 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1702}
1703
43771539
PB		 1704static void reclaim_ramblock(RAMBlock *block)
1705{
1706 if (block->flags & RAM_PREALLOC) {
1707 ;
1708 } else if (xen_enabled()) {
1709 xen_invalidate_map_cache_entry(block->host);
1710#ifndef _WIN32
1711 } else if (block->fd >= 0) {
2f3a2bb1 1712 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1713 close(block->fd);
1714#endif
1715 } else {
1716 qemu_anon_ram_free(block->host, block->max_length);
1717 }
1718 g_free(block);
1719}
1720
c227f099 1721void qemu_ram_free(ram_addr_t addr)
e9a1ab19 1722{
04b16653
AW		 1723 RAMBlock *block;
1724
b2a8658e 1725 qemu_mutex_lock_ramlist();
0dc3f44a 1726 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
04b16653 1727 if (addr == block->offset) {
0dc3f44a 1728 QLIST_REMOVE_RCU(block, next);
0d6d3c87 1729 ram_list.mru_block = NULL;
0dc3f44a
MD		 1730 /* Write list before version */
1731 smp_wmb();
f798b07f 1732 ram_list.version++;
43771539 1733 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1734 break;
04b16653
AW		 1735 }
1736 }
b2a8658e 1737 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1738}
1739
cd19cfa2
HY		 1740#ifndef _WIN32
1741void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1742{
1743 RAMBlock *block;
1744 ram_addr_t offset;
1745 int flags;
1746 void *area, *vaddr;
1747
0dc3f44a 1748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1749 offset = addr - block->offset;
9b8424d5 1750 if (offset < block->max_length) {
1240be24 1751 vaddr = ramblock_ptr(block, offset);
7bd4f430 1752 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1753 ;
dfeaf2ab
MA		 1754 } else if (xen_enabled()) {
1755 abort();
cd19cfa2
HY		 1756 } else {
1757 flags = MAP_FIXED;
3435f395 1758 if (block->fd >= 0) {
dbcb8981
PB		 1759 flags |= (block->flags & RAM_SHARED ?
1760 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1761 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1762 flags, block->fd, offset);
cd19cfa2 1763 } else {
2eb9fbaa
MA		 1764 /*
1765 * Remap needs to match alloc. Accelerators that
1766 * set phys_mem_alloc never remap. If they did,
1767 * we'd need a remap hook here.
1768 */
1769 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1770
cd19cfa2
HY		 1771 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1772 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1773 flags, -1, 0);
cd19cfa2
HY		 1774 }
1775 if (area != vaddr) {
f15fbc4b
AP		 1776 fprintf(stderr, "Could not remap addr: "
1777 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1778 length, addr);
1779 exit(1);
1780 }
8490fc78 1781 memory_try_enable_merging(vaddr, length);
ddb97f1d 1782 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1783 }
cd19cfa2
HY		 1784 }
1785 }
1786}
1787#endif /* !_WIN32 */
1788
a35ba7be
PB		 1789int qemu_get_ram_fd(ram_addr_t addr)
1790{
ae3a7047
MD		 1791 RAMBlock *block;
1792 int fd;
a35ba7be 1793
0dc3f44a 1794 rcu_read_lock();
ae3a7047
MD		 1795 block = qemu_get_ram_block(addr);
1796 fd = block->fd;
0dc3f44a 1797 rcu_read_unlock();
ae3a7047 1798 return fd;
a35ba7be
PB		 1799}
1800
56a571d9
TM		 1801void qemu_set_ram_fd(ram_addr_t addr, int fd)
1802{
1803 RAMBlock *block;
1804
1805 rcu_read_lock();
1806 block = qemu_get_ram_block(addr);
1807 block->fd = fd;
1808 rcu_read_unlock();
1809}
1810
3fd74b84
DM		 1811void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1812{
ae3a7047
MD		 1813 RAMBlock *block;
1814 void *ptr;
3fd74b84 1815
0dc3f44a 1816 rcu_read_lock();
ae3a7047
MD		 1817 block = qemu_get_ram_block(addr);
1818 ptr = ramblock_ptr(block, 0);
0dc3f44a 1819 rcu_read_unlock();
ae3a7047 1820 return ptr;
3fd74b84
DM		 1821}
1822
1b5ec234 1823/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1824 * This should not be used for general purpose DMA. Use address_space_map
1825 * or address_space_rw instead. For local memory (e.g. video ram) that the
1826 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1827 *
49b24afc 1828 * Called within RCU critical section.
1b5ec234
PB		 1829 */
1830void *qemu_get_ram_ptr(ram_addr_t addr)
1831{
49b24afc 1832 RAMBlock *block = qemu_get_ram_block(addr);
ae3a7047
MD		 1833
1834 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1835 /* We need to check if the requested address is in the RAM
1836 * because we don't want to map the entire memory in QEMU.
1837 * In that case just map until the end of the page.
1838 */
1839 if (block->offset == 0) {
49b24afc 1840 return xen_map_cache(addr, 0, 0);
0d6d3c87 1841 }
ae3a7047
MD		 1842
1843 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1844 }
49b24afc 1845 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1846}
1847
38bee5dc 1848/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1849 * but takes a size argument.
0dc3f44a 1850 *
e81bcda5 1851 * Called within RCU critical section.
ae3a7047 1852 */
cb85f7ab 1853static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
38bee5dc 1854{
e81bcda5
PB		 1855 RAMBlock *block;
1856 ram_addr_t offset_inside_block;
8ab934f9
SS		 1857 if (*size == 0) {
1858 return NULL;
1859 }
e81bcda5
PB		 1860
1861 block = qemu_get_ram_block(addr);
1862 offset_inside_block = addr - block->offset;
1863 *size = MIN(*size, block->max_length - offset_inside_block);
1864
1865 if (xen_enabled() && block->host == NULL) {
1866 /* We need to check if the requested address is in the RAM
1867 * because we don't want to map the entire memory in QEMU.
1868 * In that case just map the requested area.
1869 */
1870 if (block->offset == 0) {
1871 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1872 }
1873
e81bcda5 1874 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1875 }
e81bcda5
PB		 1876
1877 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1878}
1879
422148d3
DDAG		 1880/*
1881 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1882 * in that RAMBlock.
1883 *
1884 * ptr: Host pointer to look up
1885 * round_offset: If true round the result offset down to a page boundary
1886 * *ram_addr: set to result ram_addr
1887 * *offset: set to result offset within the RAMBlock
1888 *
1889 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1890 *
1891 * By the time this function returns, the returned pointer is not protected
1892 * by RCU anymore. If the caller is not within an RCU critical section and
1893 * does not hold the iothread lock, it must have other means of protecting the
1894 * pointer, such as a reference to the region that includes the incoming
1895 * ram_addr_t.
1896 */
422148d3
DDAG		 1897RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1898 ram_addr_t *ram_addr,
1899 ram_addr_t *offset)
5579c7f3 1900{
94a6b54f
PB		 1901 RAMBlock *block;
1902 uint8_t *host = ptr;
1903
868bb33f 1904 if (xen_enabled()) {
0dc3f44a 1905 rcu_read_lock();
e41d7c69 1906 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1907 block = qemu_get_ram_block(*ram_addr);
1908 if (block) {
1909 *offset = (host - block->host);
1910 }
0dc3f44a 1911 rcu_read_unlock();
422148d3 1912 return block;
712c2b41
SS		 1913 }
1914
0dc3f44a
MD		 1915 rcu_read_lock();
1916 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1917 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1918 goto found;
1919 }
1920
0dc3f44a 1921 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1922 /* This case append when the block is not mapped. */
1923 if (block->host == NULL) {
1924 continue;
1925 }
9b8424d5 1926 if (host - block->host < block->max_length) {
23887b79 1927 goto found;
f471a17e 1928 }
94a6b54f 1929 }
432d268c 1930
0dc3f44a 1931 rcu_read_unlock();
1b5ec234 1932 return NULL;
23887b79
PB		 1933
1934found:
422148d3
DDAG		 1935 *offset = (host - block->host);
1936 if (round_offset) {
1937 *offset &= TARGET_PAGE_MASK;
1938 }
1939 *ram_addr = block->offset + *offset;
0dc3f44a 1940 rcu_read_unlock();
422148d3
DDAG		 1941 return block;
1942}
1943
e3dd7493
DDAG		 1944/*
1945 * Finds the named RAMBlock
1946 *
1947 * name: The name of RAMBlock to find
1948 *
1949 * Returns: RAMBlock (or NULL if not found)
1950 */
1951RAMBlock *qemu_ram_block_by_name(const char *name)
1952{
1953 RAMBlock *block;
1954
1955 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1956 if (!strcmp(name, block->idstr)) {
1957 return block;
1958 }
1959 }
1960
1961 return NULL;
1962}
1963
422148d3
DDAG		 1964/* Some of the softmmu routines need to translate from a host pointer
1965 (typically a TLB entry) back to a ram offset. */
1966MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1967{
1968 RAMBlock *block;
1969 ram_addr_t offset; /* Not used */
1970
1971 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1972
1973 if (!block) {
1974 return NULL;
1975 }
1976
1977 return block->mr;
e890261f 1978}
f471a17e 1979
49b24afc 1980/* Called within RCU critical section. */
a8170e5e 1981static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1982 uint64_t val, unsigned size)
9fa3e853 1983{
52159192 1984 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1985 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1986 }
0e0df1e2
AK		 1987 switch (size) {
1988 case 1:
1989 stb_p(qemu_get_ram_ptr(ram_addr), val);
1990 break;
1991 case 2:
1992 stw_p(qemu_get_ram_ptr(ram_addr), val);
1993 break;
1994 case 4:
1995 stl_p(qemu_get_ram_ptr(ram_addr), val);
1996 break;
1997 default:
1998 abort();
3a7d929e 1999 }
58d2707e
PB		 2000 /* Set both VGA and migration bits for simplicity and to remove
2001 * the notdirty callback faster.
2002 */
2003 cpu_physical_memory_set_dirty_range(ram_addr, size,
2004 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2005 /* we remove the notdirty callback only if the code has been
2006 flushed */
a2cd8c85 2007 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2008 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2009 }
9fa3e853
FB		 2010}
2011
b018ddf6
PB		 2012static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2013 unsigned size, bool is_write)
2014{
2015 return is_write;
2016}
2017
0e0df1e2 2018static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2019 .write = notdirty_mem_write,
b018ddf6 2020 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2021 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2022};
2023
0f459d16 2024/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2025static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2026{
93afeade
AF		 2027 CPUState *cpu = current_cpu;
2028 CPUArchState *env = cpu->env_ptr;
06d55cc1 2029 target_ulong pc, cs_base;
0f459d16 2030 target_ulong vaddr;
a1d1bb31 2031 CPUWatchpoint *wp;
06d55cc1 2032 int cpu_flags;
0f459d16 2033
ff4700b0 2034 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2035 /* We re-entered the check after replacing the TB. Now raise
2036 * the debug interrupt so that is will trigger after the
2037 * current instruction. */
93afeade 2038 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2039 return;
2040 }
93afeade 2041 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2042 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2043 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2044 && (wp->flags & flags)) {
08225676
PM		 2045 if (flags == BP_MEM_READ) {
2046 wp->flags |= BP_WATCHPOINT_HIT_READ;
2047 } else {
2048 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2049 }
2050 wp->hitaddr = vaddr;
66b9b43c 2051 wp->hitattrs = attrs;
ff4700b0
AF		 2052 if (!cpu->watchpoint_hit) {
2053 cpu->watchpoint_hit = wp;
239c51a5 2054 tb_check_watchpoint(cpu);
6e140f28 2055 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2056 cpu->exception_index = EXCP_DEBUG;
5638d180 2057 cpu_loop_exit(cpu);
6e140f28
AL		 2058 } else {
2059 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2060 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2061 cpu_resume_from_signal(cpu, NULL);
6e140f28 2062 }
06d55cc1 2063 }
6e140f28
AL		 2064 } else {
2065 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2066 }
2067 }
2068}
2069
6658ffb8
PB		 2070/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2071 so these check for a hit then pass through to the normal out-of-line
2072 phys routines. */
66b9b43c
PM		 2073static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2074 unsigned size, MemTxAttrs attrs)
6658ffb8 2075{
66b9b43c
PM		 2076 MemTxResult res;
2077 uint64_t data;
79ed0416
PM		 2078 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2079 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2080
2081 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2082 switch (size) {
66b9b43c 2083 case 1:
79ed0416 2084 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2085 break;
2086 case 2:
79ed0416 2087 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2088 break;
2089 case 4:
79ed0416 2090 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2091 break;
1ec9b909
AK		 2092 default: abort();
2093 }
66b9b43c
PM		 2094 *pdata = data;
2095 return res;
6658ffb8
PB		 2096}
2097
66b9b43c
PM		 2098static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2099 uint64_t val, unsigned size,
2100 MemTxAttrs attrs)
6658ffb8 2101{
66b9b43c 2102 MemTxResult res;
79ed0416
PM		 2103 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2104 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2105
2106 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2107 switch (size) {
67364150 2108 case 1:
79ed0416 2109 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2110 break;
2111 case 2:
79ed0416 2112 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2113 break;
2114 case 4:
79ed0416 2115 address_space_stl(as, addr, val, attrs, &res);
67364150 2116 break;
1ec9b909
AK		 2117 default: abort();
2118 }
66b9b43c 2119 return res;
6658ffb8
PB		 2120}
2121
1ec9b909 2122static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2123 .read_with_attrs = watch_mem_read,
2124 .write_with_attrs = watch_mem_write,
1ec9b909 2125 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2126};
6658ffb8 2127
f25a49e0
PM		 2128static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2129 unsigned len, MemTxAttrs attrs)
db7b5426 2130{
acc9d80b 2131 subpage_t *subpage = opaque;
ff6cff75 2132 uint8_t buf[8];
5c9eb028 2133 MemTxResult res;
791af8c8 2134
db7b5426 2135#if defined(DEBUG_SUBPAGE)
016e9d62 2136 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2137 subpage, len, addr);
db7b5426 2138#endif
5c9eb028
PM		 2139 res = address_space_read(subpage->as, addr + subpage->base,
2140 attrs, buf, len);
2141 if (res) {
2142 return res;
f25a49e0 2143 }
acc9d80b
JK		 2144 switch (len) {
2145 case 1:
f25a49e0
PM		 2146 *data = ldub_p(buf);
2147 return MEMTX_OK;
acc9d80b 2148 case 2:
f25a49e0
PM		 2149 *data = lduw_p(buf);
2150 return MEMTX_OK;
acc9d80b 2151 case 4:
f25a49e0
PM		 2152 *data = ldl_p(buf);
2153 return MEMTX_OK;
ff6cff75 2154 case 8:
f25a49e0
PM		 2155 *data = ldq_p(buf);
2156 return MEMTX_OK;
acc9d80b
JK		 2157 default:
2158 abort();
2159 }
db7b5426
BS		 2160}
2161
f25a49e0
PM		 2162static MemTxResult subpage_write(void *opaque, hwaddr addr,
2163 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2164{
acc9d80b 2165 subpage_t *subpage = opaque;
ff6cff75 2166 uint8_t buf[8];
acc9d80b 2167
db7b5426 2168#if defined(DEBUG_SUBPAGE)
016e9d62 2169 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2170 " value %"PRIx64"\n",
2171 __func__, subpage, len, addr, value);
db7b5426 2172#endif
acc9d80b
JK		 2173 switch (len) {
2174 case 1:
2175 stb_p(buf, value);
2176 break;
2177 case 2:
2178 stw_p(buf, value);
2179 break;
2180 case 4:
2181 stl_p(buf, value);
2182 break;
ff6cff75
PB		 2183 case 8:
2184 stq_p(buf, value);
2185 break;
acc9d80b
JK		 2186 default:
2187 abort();
2188 }
5c9eb028
PM		 2189 return address_space_write(subpage->as, addr + subpage->base,
2190 attrs, buf, len);
db7b5426
BS		 2191}
2192
c353e4cc 2193static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2194 unsigned len, bool is_write)
c353e4cc 2195{
acc9d80b 2196 subpage_t *subpage = opaque;
c353e4cc 2197#if defined(DEBUG_SUBPAGE)
016e9d62 2198 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2199 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2200#endif
2201
acc9d80b 2202 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2203 len, is_write);
c353e4cc
PB		 2204}
2205
70c68e44 2206static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2207 .read_with_attrs = subpage_read,
2208 .write_with_attrs = subpage_write,
ff6cff75
PB		 2209 .impl.min_access_size = 1,
2210 .impl.max_access_size = 8,
2211 .valid.min_access_size = 1,
2212 .valid.max_access_size = 8,
c353e4cc 2213 .valid.accepts = subpage_accepts,
70c68e44 2214 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2215};
2216
c227f099 2217static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2218 uint16_t section)
db7b5426
BS		 2219{
2220 int idx, eidx;
2221
2222 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2223 return -1;
2224 idx = SUBPAGE_IDX(start);
2225 eidx = SUBPAGE_IDX(end);
2226#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2227 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2228 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2229#endif
db7b5426 2230 for (; idx <= eidx; idx++) {
5312bd8b 2231 mmio->sub_section[idx] = section;
db7b5426
BS		 2232 }
2233
2234 return 0;
2235}
2236
acc9d80b 2237static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2238{
c227f099 2239 subpage_t *mmio;
db7b5426 2240
7267c094 2241 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2242
acc9d80b 2243 mmio->as = as;
1eec614b 2244 mmio->base = base;
2c9b15ca 2245 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2246 NULL, TARGET_PAGE_SIZE);
b3b00c78 2247 mmio->iomem.subpage = true;
db7b5426 2248#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2249 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2250 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2251#endif
b41aac4f 2252 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2253
2254 return mmio;
2255}
2256
a656e22f
PC		 2257static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2258 MemoryRegion *mr)
5312bd8b 2259{
a656e22f 2260 assert(as);
5312bd8b 2261 MemoryRegionSection section = {
a656e22f 2262 .address_space = as,
5312bd8b
AK		 2263 .mr = mr,
2264 .offset_within_address_space = 0,
2265 .offset_within_region = 0,
052e87b0 2266 .size = int128_2_64(),
5312bd8b
AK		 2267 };
2268
53cb28cb 2269 return phys_section_add(map, &section);
5312bd8b
AK		 2270}
2271
a54c87b6 2272MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2273{
a54c87b6
PM		 2274 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2275 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2276 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2277 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2278
2279 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2280}
2281
e9179ce1
AK		 2282static void io_mem_init(void)
2283{
1f6245e5 2284 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2285 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2286 NULL, UINT64_MAX);
2c9b15ca 2287 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2288 NULL, UINT64_MAX);
2c9b15ca 2289 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2290 NULL, UINT64_MAX);
e9179ce1
AK		 2291}
2292
ac1970fb 2293static void mem_begin(MemoryListener *listener)
00752703
PB		 2294{
2295 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2296 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2297 uint16_t n;
2298
a656e22f 2299 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2300 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2301 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2302 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2303 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2304 assert(n == PHYS_SECTION_ROM);
a656e22f 2305 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2306 assert(n == PHYS_SECTION_WATCH);
00752703 2307
9736e55b 2308 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2309 d->as = as;
2310 as->next_dispatch = d;
2311}
2312
79e2b9ae
PB		 2313static void address_space_dispatch_free(AddressSpaceDispatch *d)
2314{
2315 phys_sections_free(&d->map);
2316 g_free(d);
2317}
2318
00752703 2319static void mem_commit(MemoryListener *listener)
ac1970fb 2320{
89ae337a 2321 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2322 AddressSpaceDispatch *cur = as->dispatch;
2323 AddressSpaceDispatch *next = as->next_dispatch;
2324
53cb28cb 2325 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2326
79e2b9ae 2327 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2328 if (cur) {
79e2b9ae 2329 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2330 }
9affd6fc
PB		 2331}
2332
1d71148e 2333static void tcg_commit(MemoryListener *listener)
50c1e149 2334{
32857f4d
PM		 2335 CPUAddressSpace *cpuas;
2336 AddressSpaceDispatch *d;
117712c3
AK		 2337
2338 /* since each CPU stores ram addresses in its TLB cache, we must
2339 reset the modified entries */
32857f4d
PM		 2340 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2341 cpu_reloading_memory_map();
2342 /* The CPU and TLB are protected by the iothread lock.
2343 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2344 * may have split the RCU critical section.
2345 */
2346 d = atomic_rcu_read(&cpuas->as->dispatch);
2347 cpuas->memory_dispatch = d;
2348 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2349}
2350
ac1970fb
AK		 2351void address_space_init_dispatch(AddressSpace *as)
2352{
00752703 2353 as->dispatch = NULL;
89ae337a 2354 as->dispatch_listener = (MemoryListener) {
ac1970fb 2355 .begin = mem_begin,
00752703 2356 .commit = mem_commit,
ac1970fb
AK		 2357 .region_add = mem_add,
2358 .region_nop = mem_add,
2359 .priority = 0,
2360 };
89ae337a 2361 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2362}
2363
6e48e8f9
PB		 2364void address_space_unregister(AddressSpace *as)
2365{
2366 memory_listener_unregister(&as->dispatch_listener);
2367}
2368
83f3c251
AK		 2369void address_space_destroy_dispatch(AddressSpace *as)
2370{
2371 AddressSpaceDispatch *d = as->dispatch;
2372
79e2b9ae
PB		 2373 atomic_rcu_set(&as->dispatch, NULL);
2374 if (d) {
2375 call_rcu(d, address_space_dispatch_free, rcu);
2376 }
83f3c251
AK		 2377}
2378
62152b8a
AK		 2379static void memory_map_init(void)
2380{
7267c094 2381 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2382
57271d63 2383 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2384 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2385
7267c094 2386 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2387 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2388 65536);
7dca8043 2389 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2390}
2391
2392MemoryRegion *get_system_memory(void)
2393{
2394 return system_memory;
2395}
2396
309cb471
AK		 2397MemoryRegion *get_system_io(void)
2398{
2399 return system_io;
2400}
2401
e2eef170
PB		 2402#endif /* !defined(CONFIG_USER_ONLY) */
2403
13eb76e0
FB		 2404/* physical memory access (slow version, mainly for debug) */
2405#if defined(CONFIG_USER_ONLY)
f17ec444 2406int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2407 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2408{
2409 int l, flags;
2410 target_ulong page;
53a5960a 2411 void * p;
13eb76e0
FB		 2412
2413 while (len > 0) {
2414 page = addr & TARGET_PAGE_MASK;
2415 l = (page + TARGET_PAGE_SIZE) - addr;
2416 if (l > len)
2417 l = len;
2418 flags = page_get_flags(page);
2419 if (!(flags & PAGE_VALID))
a68fe89c 2420 return -1;
13eb76e0
FB		 2421 if (is_write) {
2422 if (!(flags & PAGE_WRITE))
a68fe89c 2423 return -1;
579a97f7 2424 /* XXX: this code should not depend on lock_user */
72fb7daa 2425 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2426 return -1;
72fb7daa
AJ		 2427 memcpy(p, buf, l);
2428 unlock_user(p, addr, l);
13eb76e0
FB		 2429 } else {
2430 if (!(flags & PAGE_READ))
a68fe89c 2431 return -1;
579a97f7 2432 /* XXX: this code should not depend on lock_user */
72fb7daa 2433 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2434 return -1;
72fb7daa 2435 memcpy(buf, p, l);
5b257578 2436 unlock_user(p, addr, 0);
13eb76e0
FB		 2437 }
2438 len -= l;
2439 buf += l;
2440 addr += l;
2441 }
a68fe89c 2442 return 0;
13eb76e0 2443}
8df1cd07 2444
13eb76e0 2445#else
51d7a9eb 2446
845b6214 2447static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2448 hwaddr length)
51d7a9eb 2449{
e87f7778
PB		 2450 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2451 /* No early return if dirty_log_mask is or becomes 0, because
2452 * cpu_physical_memory_set_dirty_range will still call
2453 * xen_modified_memory.
2454 */
2455 if (dirty_log_mask) {
2456 dirty_log_mask =
2457 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2458 }
2459 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2460 tb_invalidate_phys_range(addr, addr + length);
2461 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2462 }
e87f7778 2463 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2464}
2465
23326164 2466static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2467{
e1622f4b 2468 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2469
2470 /* Regions are assumed to support 1-4 byte accesses unless
2471 otherwise specified. */
23326164
RH		 2472 if (access_size_max == 0) {
2473 access_size_max = 4;
2474 }
2475
2476 /* Bound the maximum access by the alignment of the address. */
2477 if (!mr->ops->impl.unaligned) {
2478 unsigned align_size_max = addr & -addr;
2479 if (align_size_max != 0 && align_size_max < access_size_max) {
2480 access_size_max = align_size_max;
2481 }
82f2563f 2482 }
23326164
RH		 2483
2484 /* Don't attempt accesses larger than the maximum. */
2485 if (l > access_size_max) {
2486 l = access_size_max;
82f2563f 2487 }
6554f5c0 2488 l = pow2floor(l);
23326164
RH		 2489
2490 return l;
82f2563f
PB		 2491}
2492
4840f10e 2493static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2494{
4840f10e
JK		 2495 bool unlocked = !qemu_mutex_iothread_locked();
2496 bool release_lock = false;
2497
2498 if (unlocked && mr->global_locking) {
2499 qemu_mutex_lock_iothread();
2500 unlocked = false;
2501 release_lock = true;
2502 }
125b3806 2503 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2504 if (unlocked) {
2505 qemu_mutex_lock_iothread();
2506 }
125b3806 2507 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2508 if (unlocked) {
2509 qemu_mutex_unlock_iothread();
2510 }
125b3806 2511 }
4840f10e
JK		 2512
2513 return release_lock;
125b3806
PB		 2514}
2515
a203ac70
PB		 2516/* Called within RCU critical section. */
2517static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2518 MemTxAttrs attrs,
2519 const uint8_t *buf,
2520 int len, hwaddr addr1,
2521 hwaddr l, MemoryRegion *mr)
13eb76e0 2522{
13eb76e0 2523 uint8_t *ptr;
791af8c8 2524 uint64_t val;
3b643495 2525 MemTxResult result = MEMTX_OK;
4840f10e 2526 bool release_lock = false;
3b46e624 2527
a203ac70 2528 for (;;) {
eb7eeb88
PB		 2529 if (!memory_access_is_direct(mr, true)) {
2530 release_lock |= prepare_mmio_access(mr);
2531 l = memory_access_size(mr, l, addr1);
2532 /* XXX: could force current_cpu to NULL to avoid
2533 potential bugs */
2534 switch (l) {
2535 case 8:
2536 /* 64 bit write access */
2537 val = ldq_p(buf);
2538 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2539 attrs);
2540 break;
2541 case 4:
2542 /* 32 bit write access */
2543 val = ldl_p(buf);
2544 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2545 attrs);
2546 break;
2547 case 2:
2548 /* 16 bit write access */
2549 val = lduw_p(buf);
2550 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2551 attrs);
2552 break;
2553 case 1:
2554 /* 8 bit write access */
2555 val = ldub_p(buf);
2556 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2557 attrs);
2558 break;
2559 default:
2560 abort();
13eb76e0
FB		 2561 }
2562 } else {
eb7eeb88
PB		 2563 addr1 += memory_region_get_ram_addr(mr);
2564 /* RAM case */
2565 ptr = qemu_get_ram_ptr(addr1);
2566 memcpy(ptr, buf, l);
2567 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2568 }
4840f10e
JK		 2569
2570 if (release_lock) {
2571 qemu_mutex_unlock_iothread();
2572 release_lock = false;
2573 }
2574
13eb76e0
FB		 2575 len -= l;
2576 buf += l;
2577 addr += l;
a203ac70
PB		 2578
2579 if (!len) {
2580 break;
2581 }
2582
2583 l = len;
2584 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2585 }
fd8aaa76 2586
3b643495 2587 return result;
13eb76e0 2588}
8df1cd07 2589
a203ac70
PB		 2590MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2591 const uint8_t *buf, int len)
ac1970fb 2592{
eb7eeb88 2593 hwaddr l;
eb7eeb88
PB		 2594 hwaddr addr1;
2595 MemoryRegion *mr;
2596 MemTxResult result = MEMTX_OK;
eb7eeb88 2597
a203ac70
PB		 2598 if (len > 0) {
2599 rcu_read_lock();
eb7eeb88 2600 l = len;
a203ac70
PB		 2601 mr = address_space_translate(as, addr, &addr1, &l, true);
2602 result = address_space_write_continue(as, addr, attrs, buf, len,
2603 addr1, l, mr);
2604 rcu_read_unlock();
2605 }
2606
2607 return result;
2608}
2609
2610/* Called within RCU critical section. */
2611MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2612 MemTxAttrs attrs, uint8_t *buf,
2613 int len, hwaddr addr1, hwaddr l,
2614 MemoryRegion *mr)
2615{
2616 uint8_t *ptr;
2617 uint64_t val;
2618 MemTxResult result = MEMTX_OK;
2619 bool release_lock = false;
eb7eeb88 2620
a203ac70 2621 for (;;) {
eb7eeb88
PB		 2622 if (!memory_access_is_direct(mr, false)) {
2623 /* I/O case */
2624 release_lock |= prepare_mmio_access(mr);
2625 l = memory_access_size(mr, l, addr1);
2626 switch (l) {
2627 case 8:
2628 /* 64 bit read access */
2629 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2630 attrs);
2631 stq_p(buf, val);
2632 break;
2633 case 4:
2634 /* 32 bit read access */
2635 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2636 attrs);
2637 stl_p(buf, val);
2638 break;
2639 case 2:
2640 /* 16 bit read access */
2641 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2642 attrs);
2643 stw_p(buf, val);
2644 break;
2645 case 1:
2646 /* 8 bit read access */
2647 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2648 attrs);
2649 stb_p(buf, val);
2650 break;
2651 default:
2652 abort();
2653 }
2654 } else {
2655 /* RAM case */
2656 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2657 memcpy(buf, ptr, l);
2658 }
2659
2660 if (release_lock) {
2661 qemu_mutex_unlock_iothread();
2662 release_lock = false;
2663 }
2664
2665 len -= l;
2666 buf += l;
2667 addr += l;
a203ac70
PB		 2668
2669 if (!len) {
2670 break;
2671 }
2672
2673 l = len;
2674 mr = address_space_translate(as, addr, &addr1, &l, false);
2675 }
2676
2677 return result;
2678}
2679
3cc8f884
PB		 2680MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2681 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2682{
2683 hwaddr l;
2684 hwaddr addr1;
2685 MemoryRegion *mr;
2686 MemTxResult result = MEMTX_OK;
2687
2688 if (len > 0) {
2689 rcu_read_lock();
2690 l = len;
2691 mr = address_space_translate(as, addr, &addr1, &l, false);
2692 result = address_space_read_continue(as, addr, attrs, buf, len,
2693 addr1, l, mr);
2694 rcu_read_unlock();
eb7eeb88 2695 }
eb7eeb88
PB		 2696
2697 return result;
ac1970fb
AK		 2698}
2699
eb7eeb88
PB		 2700MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2701 uint8_t *buf, int len, bool is_write)
2702{
2703 if (is_write) {
2704 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2705 } else {
2706 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2707 }
2708}
ac1970fb 2709
a8170e5e 2710void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2711 int len, int is_write)
2712{
5c9eb028
PM		 2713 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2714 buf, len, is_write);
ac1970fb
AK		 2715}
2716
582b55a9
AG		 2717enum write_rom_type {
2718 WRITE_DATA,
2719 FLUSH_CACHE,
2720};
2721
2a221651 2722static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2723 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2724{
149f54b5 2725 hwaddr l;
d0ecd2aa 2726 uint8_t *ptr;
149f54b5 2727 hwaddr addr1;
5c8a00ce 2728 MemoryRegion *mr;
3b46e624 2729
41063e1e 2730 rcu_read_lock();
d0ecd2aa 2731 while (len > 0) {
149f54b5 2732 l = len;
2a221651 2733 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2734
5c8a00ce
PB		 2735 if (!(memory_region_is_ram(mr) ||
2736 memory_region_is_romd(mr))) {
b242e0e0 2737 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2738 } else {
5c8a00ce 2739 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2740 /* ROM/RAM case */
5579c7f3 2741 ptr = qemu_get_ram_ptr(addr1);
582b55a9
AG		 2742 switch (type) {
2743 case WRITE_DATA:
2744 memcpy(ptr, buf, l);
845b6214 2745 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2746 break;
2747 case FLUSH_CACHE:
2748 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2749 break;
2750 }
d0ecd2aa
FB		 2751 }
2752 len -= l;
2753 buf += l;
2754 addr += l;
2755 }
41063e1e 2756 rcu_read_unlock();
d0ecd2aa
FB		 2757}
2758
582b55a9 2759/* used for ROM loading : can write in RAM and ROM */
2a221651 2760void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2761 const uint8_t *buf, int len)
2762{
2a221651 2763 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2764}
2765
2766void cpu_flush_icache_range(hwaddr start, int len)
2767{
2768 /*
2769 * This function should do the same thing as an icache flush that was
2770 * triggered from within the guest. For TCG we are always cache coherent,
2771 * so there is no need to flush anything. For KVM / Xen we need to flush
2772 * the host's instruction cache at least.
2773 */
2774 if (tcg_enabled()) {
2775 return;
2776 }
2777
2a221651
EI		 2778 cpu_physical_memory_write_rom_internal(&address_space_memory,
2779 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2780}
2781
6d16c2f8 2782typedef struct {
d3e71559 2783 MemoryRegion *mr;
6d16c2f8 2784 void *buffer;
a8170e5e
AK		 2785 hwaddr addr;
2786 hwaddr len;
c2cba0ff 2787 bool in_use;
6d16c2f8
AL		 2788} BounceBuffer;
2789
2790static BounceBuffer bounce;
2791
ba223c29 2792typedef struct MapClient {
e95205e1 2793 QEMUBH *bh;
72cf2d4f 2794 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2795} MapClient;
2796
38e047b5 2797QemuMutex map_client_list_lock;
72cf2d4f
BS		 2798static QLIST_HEAD(map_client_list, MapClient) map_client_list
2799 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2800
e95205e1
FZ		 2801static void cpu_unregister_map_client_do(MapClient *client)
2802{
2803 QLIST_REMOVE(client, link);
2804 g_free(client);
2805}
2806
33b6c2ed
FZ		 2807static void cpu_notify_map_clients_locked(void)
2808{
2809 MapClient *client;
2810
2811 while (!QLIST_EMPTY(&map_client_list)) {
2812 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2813 qemu_bh_schedule(client->bh);
2814 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2815 }
2816}
2817
e95205e1 2818void cpu_register_map_client(QEMUBH *bh)
ba223c29 2819{
7267c094 2820 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2821
38e047b5 2822 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2823 client->bh = bh;
72cf2d4f 2824 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2825 if (!atomic_read(&bounce.in_use)) {
2826 cpu_notify_map_clients_locked();
2827 }
38e047b5 2828 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2829}
2830
38e047b5 2831void cpu_exec_init_all(void)
ba223c29 2832{
38e047b5 2833 qemu_mutex_init(&ram_list.mutex);
38e047b5 2834 io_mem_init();
680a4783 2835 memory_map_init();
38e047b5 2836 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2837}
2838
e95205e1 2839void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2840{
2841 MapClient *client;
2842
e95205e1
FZ		 2843 qemu_mutex_lock(&map_client_list_lock);
2844 QLIST_FOREACH(client, &map_client_list, link) {
2845 if (client->bh == bh) {
2846 cpu_unregister_map_client_do(client);
2847 break;
2848 }
ba223c29 2849 }
e95205e1 2850 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2851}
2852
2853static void cpu_notify_map_clients(void)
2854{
38e047b5 2855 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2856 cpu_notify_map_clients_locked();
38e047b5 2857 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2858}
2859
51644ab7
PB		 2860bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2861{
5c8a00ce 2862 MemoryRegion *mr;
51644ab7
PB		 2863 hwaddr l, xlat;
2864
41063e1e 2865 rcu_read_lock();
51644ab7
PB		 2866 while (len > 0) {
2867 l = len;
5c8a00ce
PB		 2868 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2869 if (!memory_access_is_direct(mr, is_write)) {
2870 l = memory_access_size(mr, l, addr);
2871 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2872 return false;
2873 }
2874 }
2875
2876 len -= l;
2877 addr += l;
2878 }
41063e1e 2879 rcu_read_unlock();
51644ab7
PB		 2880 return true;
2881}
2882
6d16c2f8
AL		 2883/* Map a physical memory region into a host virtual address.
2884 * May map a subset of the requested range, given by and returned in *plen.
2885 * May return NULL if resources needed to perform the mapping are exhausted.
2886 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2887 * Use cpu_register_map_client() to know when retrying the map operation is
2888 * likely to succeed.
6d16c2f8 2889 */
ac1970fb 2890void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2891 hwaddr addr,
2892 hwaddr *plen,
ac1970fb 2893 bool is_write)
6d16c2f8 2894{
a8170e5e 2895 hwaddr len = *plen;
e3127ae0
PB		 2896 hwaddr done = 0;
2897 hwaddr l, xlat, base;
2898 MemoryRegion *mr, *this_mr;
2899 ram_addr_t raddr;
e81bcda5 2900 void *ptr;
6d16c2f8 2901
e3127ae0
PB		 2902 if (len == 0) {
2903 return NULL;
2904 }
38bee5dc 2905
e3127ae0 2906 l = len;
41063e1e 2907 rcu_read_lock();
e3127ae0 2908 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2909
e3127ae0 2910 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2911 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2912 rcu_read_unlock();
e3127ae0 2913 return NULL;
6d16c2f8 2914 }
e85d9db5
KW		 2915 /* Avoid unbounded allocations */
2916 l = MIN(l, TARGET_PAGE_SIZE);
2917 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2918 bounce.addr = addr;
2919 bounce.len = l;
d3e71559
PB		 2920
2921 memory_region_ref(mr);
2922 bounce.mr = mr;
e3127ae0 2923 if (!is_write) {
5c9eb028
PM		 2924 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2925 bounce.buffer, l);
8ab934f9 2926 }
6d16c2f8 2927
41063e1e 2928 rcu_read_unlock();
e3127ae0
PB		 2929 *plen = l;
2930 return bounce.buffer;
2931 }
2932
2933 base = xlat;
2934 raddr = memory_region_get_ram_addr(mr);
2935
2936 for (;;) {
6d16c2f8
AL		 2937 len -= l;
2938 addr += l;
e3127ae0
PB		 2939 done += l;
2940 if (len == 0) {
2941 break;
2942 }
2943
2944 l = len;
2945 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2946 if (this_mr != mr || xlat != base + done) {
2947 break;
2948 }
6d16c2f8 2949 }
e3127ae0 2950
d3e71559 2951 memory_region_ref(mr);
e3127ae0 2952 *plen = done;
e81bcda5
PB		 2953 ptr = qemu_ram_ptr_length(raddr + base, plen);
2954 rcu_read_unlock();
2955
2956 return ptr;
6d16c2f8
AL		 2957}
2958
ac1970fb 2959/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2960 * Will also mark the memory as dirty if is_write == 1. access_len gives
2961 * the amount of memory that was actually read or written by the caller.
2962 */
a8170e5e
AK		 2963void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2964 int is_write, hwaddr access_len)
6d16c2f8
AL		 2965{
2966 if (buffer != bounce.buffer) {
d3e71559
PB		 2967 MemoryRegion *mr;
2968 ram_addr_t addr1;
2969
2970 mr = qemu_ram_addr_from_host(buffer, &addr1);
2971 assert(mr != NULL);
6d16c2f8 2972 if (is_write) {
845b6214 2973 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2974 }
868bb33f 2975 if (xen_enabled()) {
e41d7c69 2976 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2977 }
d3e71559 2978 memory_region_unref(mr);
6d16c2f8
AL		 2979 return;
2980 }
2981 if (is_write) {
5c9eb028
PM		 2982 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2983 bounce.buffer, access_len);
6d16c2f8 2984 }
f8a83245 2985 qemu_vfree(bounce.buffer);
6d16c2f8 2986 bounce.buffer = NULL;
d3e71559 2987 memory_region_unref(bounce.mr);
c2cba0ff 2988 atomic_mb_set(&bounce.in_use, false);
ba223c29 2989 cpu_notify_map_clients();
6d16c2f8 2990}
d0ecd2aa 2991
a8170e5e
AK		 2992void *cpu_physical_memory_map(hwaddr addr,
2993 hwaddr *plen,
ac1970fb
AK		 2994 int is_write)
2995{
2996 return address_space_map(&address_space_memory, addr, plen, is_write);
2997}
2998
a8170e5e
AK		 2999void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3000 int is_write, hwaddr access_len)
ac1970fb
AK		 3001{
3002 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3003}
3004
8df1cd07 3005/* warning: addr must be aligned */
50013115
PM		 3006static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3007 MemTxAttrs attrs,
3008 MemTxResult *result,
3009 enum device_endian endian)
8df1cd07 3010{
8df1cd07 3011 uint8_t *ptr;
791af8c8 3012 uint64_t val;
5c8a00ce 3013 MemoryRegion *mr;
149f54b5
PB		 3014 hwaddr l = 4;
3015 hwaddr addr1;
50013115 3016 MemTxResult r;
4840f10e 3017 bool release_lock = false;
8df1cd07 3018
41063e1e 3019 rcu_read_lock();
fdfba1a2 3020 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3021 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3022 release_lock |= prepare_mmio_access(mr);
125b3806 3023
8df1cd07 3024 /* I/O case */
50013115 3025 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3026#if defined(TARGET_WORDS_BIGENDIAN)
3027 if (endian == DEVICE_LITTLE_ENDIAN) {
3028 val = bswap32(val);
3029 }
3030#else
3031 if (endian == DEVICE_BIG_ENDIAN) {
3032 val = bswap32(val);
3033 }
3034#endif
8df1cd07
FB		 3035 } else {
3036 /* RAM case */
5c8a00ce 3037 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3038 & TARGET_PAGE_MASK)
149f54b5 3039 + addr1);
1e78bcc1
AG		 3040 switch (endian) {
3041 case DEVICE_LITTLE_ENDIAN:
3042 val = ldl_le_p(ptr);
3043 break;
3044 case DEVICE_BIG_ENDIAN:
3045 val = ldl_be_p(ptr);
3046 break;
3047 default:
3048 val = ldl_p(ptr);
3049 break;
3050 }
50013115
PM		 3051 r = MEMTX_OK;
3052 }
3053 if (result) {
3054 *result = r;
8df1cd07 3055 }
4840f10e
JK		 3056 if (release_lock) {
3057 qemu_mutex_unlock_iothread();
3058 }
41063e1e 3059 rcu_read_unlock();
8df1cd07
FB		 3060 return val;
3061}
3062
50013115
PM		 3063uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3064 MemTxAttrs attrs, MemTxResult *result)
3065{
3066 return address_space_ldl_internal(as, addr, attrs, result,
3067 DEVICE_NATIVE_ENDIAN);
3068}
3069
3070uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3071 MemTxAttrs attrs, MemTxResult *result)
3072{
3073 return address_space_ldl_internal(as, addr, attrs, result,
3074 DEVICE_LITTLE_ENDIAN);
3075}
3076
3077uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3078 MemTxAttrs attrs, MemTxResult *result)
3079{
3080 return address_space_ldl_internal(as, addr, attrs, result,
3081 DEVICE_BIG_ENDIAN);
3082}
3083
fdfba1a2 3084uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3085{
50013115 3086 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3087}
3088
fdfba1a2 3089uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3090{
50013115 3091 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3092}
3093
fdfba1a2 3094uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3095{
50013115 3096 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3097}
3098
84b7b8e7 3099/* warning: addr must be aligned */
50013115
PM		 3100static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3101 MemTxAttrs attrs,
3102 MemTxResult *result,
3103 enum device_endian endian)
84b7b8e7 3104{
84b7b8e7
FB		 3105 uint8_t *ptr;
3106 uint64_t val;
5c8a00ce 3107 MemoryRegion *mr;
149f54b5
PB		 3108 hwaddr l = 8;
3109 hwaddr addr1;
50013115 3110 MemTxResult r;
4840f10e 3111 bool release_lock = false;
84b7b8e7 3112
41063e1e 3113 rcu_read_lock();
2c17449b 3114 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3115 false);
3116 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3117 release_lock |= prepare_mmio_access(mr);
125b3806 3118
84b7b8e7 3119 /* I/O case */
50013115 3120 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3121#if defined(TARGET_WORDS_BIGENDIAN)
3122 if (endian == DEVICE_LITTLE_ENDIAN) {
3123 val = bswap64(val);
3124 }
3125#else
3126 if (endian == DEVICE_BIG_ENDIAN) {
3127 val = bswap64(val);
3128 }
84b7b8e7
FB		 3129#endif
3130 } else {
3131 /* RAM case */
5c8a00ce 3132 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3133 & TARGET_PAGE_MASK)
149f54b5 3134 + addr1);
1e78bcc1
AG		 3135 switch (endian) {
3136 case DEVICE_LITTLE_ENDIAN:
3137 val = ldq_le_p(ptr);
3138 break;
3139 case DEVICE_BIG_ENDIAN:
3140 val = ldq_be_p(ptr);
3141 break;
3142 default:
3143 val = ldq_p(ptr);
3144 break;
3145 }
50013115
PM		 3146 r = MEMTX_OK;
3147 }
3148 if (result) {
3149 *result = r;
84b7b8e7 3150 }
4840f10e
JK		 3151 if (release_lock) {
3152 qemu_mutex_unlock_iothread();
3153 }
41063e1e 3154 rcu_read_unlock();
84b7b8e7
FB		 3155 return val;
3156}
3157
50013115
PM		 3158uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3159 MemTxAttrs attrs, MemTxResult *result)
3160{
3161 return address_space_ldq_internal(as, addr, attrs, result,
3162 DEVICE_NATIVE_ENDIAN);
3163}
3164
3165uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3166 MemTxAttrs attrs, MemTxResult *result)
3167{
3168 return address_space_ldq_internal(as, addr, attrs, result,
3169 DEVICE_LITTLE_ENDIAN);
3170}
3171
3172uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3173 MemTxAttrs attrs, MemTxResult *result)
3174{
3175 return address_space_ldq_internal(as, addr, attrs, result,
3176 DEVICE_BIG_ENDIAN);
3177}
3178
2c17449b 3179uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3180{
50013115 3181 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3182}
3183
2c17449b 3184uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3185{
50013115 3186 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3187}
3188
2c17449b 3189uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3190{
50013115 3191 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3192}
3193
aab33094 3194/* XXX: optimize */
50013115
PM		 3195uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3196 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3197{
3198 uint8_t val;
50013115
PM		 3199 MemTxResult r;
3200
3201 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3202 if (result) {
3203 *result = r;
3204 }
aab33094
FB		 3205 return val;
3206}
3207
50013115
PM		 3208uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3209{
3210 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3211}
3212
733f0b02 3213/* warning: addr must be aligned */
50013115
PM		 3214static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3215 hwaddr addr,
3216 MemTxAttrs attrs,
3217 MemTxResult *result,
3218 enum device_endian endian)
aab33094 3219{
733f0b02
MT		 3220 uint8_t *ptr;
3221 uint64_t val;
5c8a00ce 3222 MemoryRegion *mr;
149f54b5
PB		 3223 hwaddr l = 2;
3224 hwaddr addr1;
50013115 3225 MemTxResult r;
4840f10e 3226 bool release_lock = false;
733f0b02 3227
41063e1e 3228 rcu_read_lock();
41701aa4 3229 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3230 false);
3231 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3232 release_lock |= prepare_mmio_access(mr);
125b3806 3233
733f0b02 3234 /* I/O case */
50013115 3235 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3236#if defined(TARGET_WORDS_BIGENDIAN)
3237 if (endian == DEVICE_LITTLE_ENDIAN) {
3238 val = bswap16(val);
3239 }
3240#else
3241 if (endian == DEVICE_BIG_ENDIAN) {
3242 val = bswap16(val);
3243 }
3244#endif
733f0b02
MT		 3245 } else {
3246 /* RAM case */
5c8a00ce 3247 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
06ef3525 3248 & TARGET_PAGE_MASK)
149f54b5 3249 + addr1);
1e78bcc1
AG		 3250 switch (endian) {
3251 case DEVICE_LITTLE_ENDIAN:
3252 val = lduw_le_p(ptr);
3253 break;
3254 case DEVICE_BIG_ENDIAN:
3255 val = lduw_be_p(ptr);
3256 break;
3257 default:
3258 val = lduw_p(ptr);
3259 break;
3260 }
50013115
PM		 3261 r = MEMTX_OK;
3262 }
3263 if (result) {
3264 *result = r;
733f0b02 3265 }
4840f10e
JK		 3266 if (release_lock) {
3267 qemu_mutex_unlock_iothread();
3268 }
41063e1e 3269 rcu_read_unlock();
733f0b02 3270 return val;
aab33094
FB		 3271}
3272
50013115
PM		 3273uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3274 MemTxAttrs attrs, MemTxResult *result)
3275{
3276 return address_space_lduw_internal(as, addr, attrs, result,
3277 DEVICE_NATIVE_ENDIAN);
3278}
3279
3280uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3281 MemTxAttrs attrs, MemTxResult *result)
3282{
3283 return address_space_lduw_internal(as, addr, attrs, result,
3284 DEVICE_LITTLE_ENDIAN);
3285}
3286
3287uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3288 MemTxAttrs attrs, MemTxResult *result)
3289{
3290 return address_space_lduw_internal(as, addr, attrs, result,
3291 DEVICE_BIG_ENDIAN);
3292}
3293
41701aa4 3294uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3295{
50013115 3296 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3297}
3298
41701aa4 3299uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3300{
50013115 3301 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3302}
3303
41701aa4 3304uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3305{
50013115 3306 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3307}
3308
8df1cd07
FB		 3309/* warning: addr must be aligned. The ram page is not masked as dirty
3310 and the code inside is not invalidated. It is useful if the dirty
3311 bits are used to track modified PTEs */
50013115
PM		 3312void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3313 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3314{
8df1cd07 3315 uint8_t *ptr;
5c8a00ce 3316 MemoryRegion *mr;
149f54b5
PB		 3317 hwaddr l = 4;
3318 hwaddr addr1;
50013115 3319 MemTxResult r;
845b6214 3320 uint8_t dirty_log_mask;
4840f10e 3321 bool release_lock = false;
8df1cd07 3322
41063e1e 3323 rcu_read_lock();
2198a121 3324 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3325 true);
3326 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3327 release_lock |= prepare_mmio_access(mr);
125b3806 3328
50013115 3329 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3330 } else {
5c8a00ce 3331 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3332 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3333 stl_p(ptr, val);
74576198 3334
845b6214
PB		 3335 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3336 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3337 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3338 r = MEMTX_OK;
3339 }
3340 if (result) {
3341 *result = r;
8df1cd07 3342 }
4840f10e
JK		 3343 if (release_lock) {
3344 qemu_mutex_unlock_iothread();
3345 }
41063e1e 3346 rcu_read_unlock();
8df1cd07
FB		 3347}
3348
50013115
PM		 3349void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3350{
3351 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3352}
3353
8df1cd07 3354/* warning: addr must be aligned */
50013115
PM		 3355static inline void address_space_stl_internal(AddressSpace *as,
3356 hwaddr addr, uint32_t val,
3357 MemTxAttrs attrs,
3358 MemTxResult *result,
3359 enum device_endian endian)
8df1cd07 3360{
8df1cd07 3361 uint8_t *ptr;
5c8a00ce 3362 MemoryRegion *mr;
149f54b5
PB		 3363 hwaddr l = 4;
3364 hwaddr addr1;
50013115 3365 MemTxResult r;
4840f10e 3366 bool release_lock = false;
8df1cd07 3367
41063e1e 3368 rcu_read_lock();
ab1da857 3369 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3370 true);
3371 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3372 release_lock |= prepare_mmio_access(mr);
125b3806 3373
1e78bcc1
AG		 3374#if defined(TARGET_WORDS_BIGENDIAN)
3375 if (endian == DEVICE_LITTLE_ENDIAN) {
3376 val = bswap32(val);
3377 }
3378#else
3379 if (endian == DEVICE_BIG_ENDIAN) {
3380 val = bswap32(val);
3381 }
3382#endif
50013115 3383 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3384 } else {
8df1cd07 3385 /* RAM case */
5c8a00ce 3386 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
5579c7f3 3387 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3388 switch (endian) {
3389 case DEVICE_LITTLE_ENDIAN:
3390 stl_le_p(ptr, val);
3391 break;
3392 case DEVICE_BIG_ENDIAN:
3393 stl_be_p(ptr, val);
3394 break;
3395 default:
3396 stl_p(ptr, val);
3397 break;
3398 }
845b6214 3399 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3400 r = MEMTX_OK;
3401 }
3402 if (result) {
3403 *result = r;
8df1cd07 3404 }
4840f10e
JK		 3405 if (release_lock) {
3406 qemu_mutex_unlock_iothread();
3407 }
41063e1e 3408 rcu_read_unlock();
8df1cd07
FB		 3409}
3410
50013115
PM		 3411void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3412 MemTxAttrs attrs, MemTxResult *result)
3413{
3414 address_space_stl_internal(as, addr, val, attrs, result,
3415 DEVICE_NATIVE_ENDIAN);
3416}
3417
3418void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3419 MemTxAttrs attrs, MemTxResult *result)
3420{
3421 address_space_stl_internal(as, addr, val, attrs, result,
3422 DEVICE_LITTLE_ENDIAN);
3423}
3424
3425void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3426 MemTxAttrs attrs, MemTxResult *result)
3427{
3428 address_space_stl_internal(as, addr, val, attrs, result,
3429 DEVICE_BIG_ENDIAN);
3430}
3431
ab1da857 3432void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3433{
50013115 3434 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3435}
3436
ab1da857 3437void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3438{
50013115 3439 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3440}
3441
ab1da857 3442void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3443{
50013115 3444 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3445}
3446
aab33094 3447/* XXX: optimize */
50013115
PM		 3448void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3449 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3450{
3451 uint8_t v = val;
50013115
PM		 3452 MemTxResult r;
3453
3454 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3455 if (result) {
3456 *result = r;
3457 }
3458}
3459
3460void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3461{
3462 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3463}
3464
733f0b02 3465/* warning: addr must be aligned */
50013115
PM		 3466static inline void address_space_stw_internal(AddressSpace *as,
3467 hwaddr addr, uint32_t val,
3468 MemTxAttrs attrs,
3469 MemTxResult *result,
3470 enum device_endian endian)
aab33094 3471{
733f0b02 3472 uint8_t *ptr;
5c8a00ce 3473 MemoryRegion *mr;
149f54b5
PB		 3474 hwaddr l = 2;
3475 hwaddr addr1;
50013115 3476 MemTxResult r;
4840f10e 3477 bool release_lock = false;
733f0b02 3478
41063e1e 3479 rcu_read_lock();
5ce5944d 3480 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3481 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3482 release_lock |= prepare_mmio_access(mr);
125b3806 3483
1e78bcc1
AG		 3484#if defined(TARGET_WORDS_BIGENDIAN)
3485 if (endian == DEVICE_LITTLE_ENDIAN) {
3486 val = bswap16(val);
3487 }
3488#else
3489 if (endian == DEVICE_BIG_ENDIAN) {
3490 val = bswap16(val);
3491 }
3492#endif
50013115 3493 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3494 } else {
733f0b02 3495 /* RAM case */
5c8a00ce 3496 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
733f0b02 3497 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3498 switch (endian) {
3499 case DEVICE_LITTLE_ENDIAN:
3500 stw_le_p(ptr, val);
3501 break;
3502 case DEVICE_BIG_ENDIAN:
3503 stw_be_p(ptr, val);
3504 break;
3505 default:
3506 stw_p(ptr, val);
3507 break;
3508 }
845b6214 3509 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3510 r = MEMTX_OK;
3511 }
3512 if (result) {
3513 *result = r;
733f0b02 3514 }
4840f10e
JK		 3515 if (release_lock) {
3516 qemu_mutex_unlock_iothread();
3517 }
41063e1e 3518 rcu_read_unlock();
aab33094
FB		 3519}
3520
50013115
PM		 3521void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3522 MemTxAttrs attrs, MemTxResult *result)
3523{
3524 address_space_stw_internal(as, addr, val, attrs, result,
3525 DEVICE_NATIVE_ENDIAN);
3526}
3527
3528void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3529 MemTxAttrs attrs, MemTxResult *result)
3530{
3531 address_space_stw_internal(as, addr, val, attrs, result,
3532 DEVICE_LITTLE_ENDIAN);
3533}
3534
3535void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3536 MemTxAttrs attrs, MemTxResult *result)
3537{
3538 address_space_stw_internal(as, addr, val, attrs, result,
3539 DEVICE_BIG_ENDIAN);
3540}
3541
5ce5944d 3542void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3543{
50013115 3544 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3545}
3546
5ce5944d 3547void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3548{
50013115 3549 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3550}
3551
5ce5944d 3552void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3553{
50013115 3554 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3555}
3556
aab33094 3557/* XXX: optimize */
50013115
PM		 3558void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3559 MemTxAttrs attrs, MemTxResult *result)
aab33094 3560{
50013115 3561 MemTxResult r;
aab33094 3562 val = tswap64(val);
50013115
PM		 3563 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3564 if (result) {
3565 *result = r;
3566 }
aab33094
FB		 3567}
3568
50013115
PM		 3569void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3570 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3571{
50013115 3572 MemTxResult r;
1e78bcc1 3573 val = cpu_to_le64(val);
50013115
PM		 3574 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3575 if (result) {
3576 *result = r;
3577 }
3578}
3579void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3580 MemTxAttrs attrs, MemTxResult *result)
3581{
3582 MemTxResult r;
3583 val = cpu_to_be64(val);
3584 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3585 if (result) {
3586 *result = r;
3587 }
3588}
3589
3590void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3591{
3592 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3593}
3594
3595void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3596{
3597 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3598}
3599
f606604f 3600void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3601{
50013115 3602 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3603}
3604
5e2972fd 3605/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3606int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3607 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3608{
3609 int l;
a8170e5e 3610 hwaddr phys_addr;
9b3c35e0 3611 target_ulong page;
13eb76e0
FB		 3612
3613 while (len > 0) {
5232e4c7
PM		 3614 int asidx;
3615 MemTxAttrs attrs;
3616
13eb76e0 3617 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3618 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3619 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3620 /* if no physical page mapped, return an error */
3621 if (phys_addr == -1)
3622 return -1;
3623 l = (page + TARGET_PAGE_SIZE) - addr;
3624 if (l > len)
3625 l = len;
5e2972fd 3626 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3627 if (is_write) {
5232e4c7
PM		 3628 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3629 phys_addr, buf, l);
2e38847b 3630 } else {
5232e4c7
PM		 3631 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3632 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3633 buf, l, 0);
2e38847b 3634 }
13eb76e0
FB		 3635 len -= l;
3636 buf += l;
3637 addr += l;
3638 }
3639 return 0;
3640}
038629a6
DDAG		 3641
3642/*
3643 * Allows code that needs to deal with migration bitmaps etc to still be built
3644 * target independent.
3645 */
3646size_t qemu_target_page_bits(void)
3647{
3648 return TARGET_PAGE_BITS;
3649}
3650
a68fe89c 3651#endif
13eb76e0 3652
8e4a424b
BS		 3653/*
3654 * A helper function for the _utterly broken_ virtio device model to find out if
3655 * it's running on a big endian machine. Don't do this at home kids!
3656 */
98ed8ecf
GK		 3657bool target_words_bigendian(void);
3658bool target_words_bigendian(void)
8e4a424b
BS		 3659{
3660#if defined(TARGET_WORDS_BIGENDIAN)
3661 return true;
3662#else
3663 return false;
3664#endif
3665}
3666
76f35538 3667#ifndef CONFIG_USER_ONLY
a8170e5e 3668bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3669{
5c8a00ce 3670 MemoryRegion*mr;
149f54b5 3671 hwaddr l = 1;
41063e1e 3672 bool res;
76f35538 3673
41063e1e 3674 rcu_read_lock();
5c8a00ce
PB		 3675 mr = address_space_translate(&address_space_memory,
3676 phys_addr, &phys_addr, &l, false);
76f35538 3677
41063e1e
PB		 3678 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3679 rcu_read_unlock();
3680 return res;
76f35538 3681}
bd2fa51f 3682
e3807054 3683int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3684{
3685 RAMBlock *block;
e3807054 3686 int ret = 0;
bd2fa51f 3687
0dc3f44a
MD		 3688 rcu_read_lock();
3689 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3690 ret = func(block->idstr, block->host, block->offset,
3691 block->used_length, opaque);
3692 if (ret) {
3693 break;
3694 }
bd2fa51f 3695 }
0dc3f44a 3696 rcu_read_unlock();
e3807054 3697 return ret;
bd2fa51f 3698}
ec3f8c99 3699#endif
QEMU mirror