]> git.proxmox.com Git - qemu.git/blame - exec.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dma: make dma access its own address space
[qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
7762c2c1 62#include "memory-internal.h"
67d95c15 63
fd6ce8f6 64//#define DEBUG_TB_INVALIDATE
66e85a21 65//#define DEBUG_FLUSH
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24 69//#define DEBUG_TB_CHECK
fd6ce8f6 70
1196be37 71//#define DEBUG_IOPORT
db7b5426 72//#define DEBUG_SUBPAGE
1196be37 73
99773bd4
PB		 74#if !defined(CONFIG_USER_ONLY)
75/* TB consistency checks only implemented for usermode emulation. */
76#undef DEBUG_TB_CHECK
77#endif
78
9fa3e853
FB		 79#define SMC_BITMAP_USE_THRESHOLD 10
80
bdaf78e0 81static TranslationBlock *tbs;
24ab68ac 82static int code_gen_max_blocks;
9fa3e853 83TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 84static int nb_tbs;
eb51d102 85/* any access to the tbs or the page table must use this lock */
c227f099 86spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 87
9b9c37c3 88#if defined(__arm__) || defined(__sparc__)
141ac468
BS		 89/* The prologue must be reachable with a direct jump. ARM and Sparc64
90 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 91 section close to code segment. */
92#define code_gen_section \
93 __attribute__((__section__(".gen_code"))) \
94 __attribute__((aligned (32)))
6840981d 95#elif defined(_WIN32) && !defined(_WIN64)
f8e2af11
SW		 96#define code_gen_section \
97 __attribute__((aligned (16)))
d03d860b
BS		 98#else
99#define code_gen_section \
100 __attribute__((aligned (32)))
101#endif
102
103uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 104static uint8_t *code_gen_buffer;
105static unsigned long code_gen_buffer_size;
26a5f13b 106/* threshold to flush the translated code buffer */
bdaf78e0 107static unsigned long code_gen_buffer_max_size;
24ab68ac 108static uint8_t *code_gen_ptr;
fd6ce8f6 109
e2eef170 110#if !defined(CONFIG_USER_ONLY)
9fa3e853 111int phys_ram_fd;
74576198 112static int in_migration;
94a6b54f 113
85d59fef 114RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 115
116static MemoryRegion *system_memory;
309cb471 117static MemoryRegion *system_io;
62152b8a 118
f6790af6
AK		 119AddressSpace address_space_io;
120AddressSpace address_space_memory;
2673a5da 121
0e0df1e2 122MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 123static MemoryRegion io_mem_subpage_ram;
0e0df1e2 124
e2eef170 125#endif
9fa3e853 126
9349b4f9 127CPUArchState *first_cpu;
6a00d601
FB		 128/* current CPU in the current thread. It is only valid inside
129 cpu_exec() */
9349b4f9 130DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 131/* 0 = Do not count executed instructions.
bf20dc07 132 1 = Precise instruction counting.
2e70f6ef
PB		 133 2 = Adaptive rate instruction counting. */
134int use_icount = 0;
6a00d601 135
54936004 136typedef struct PageDesc {
92e873b9 137 /* list of TBs intersecting this ram page */
fd6ce8f6 138 TranslationBlock *first_tb;
9fa3e853
FB		 139 /* in order to optimize self modifying code, we count the number
140 of lookups we do to a given page to use a bitmap */
141 unsigned int code_write_count;
142 uint8_t *code_bitmap;
143#if defined(CONFIG_USER_ONLY)
144 unsigned long flags;
145#endif
54936004
FB		 146} PageDesc;
147
41c1b1c9 148/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 149 while in user mode we want it to be based on virtual addresses. */
150#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 151#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
152# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
153#else
5cd2c5b6 154# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 155#endif
bedb69ea 156#else
5cd2c5b6 157# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 158#endif
54936004 159
5cd2c5b6
RH		 160/* Size of the L2 (and L3, etc) page tables. */
161#define L2_BITS 10
54936004
FB		 162#define L2_SIZE (1 << L2_BITS)
163
3eef53df
AK		 164#define P_L2_LEVELS \
165 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
166
5cd2c5b6 167/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 168#define V_L1_BITS_REM \
169 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
170
5cd2c5b6
RH		 171#if V_L1_BITS_REM < 4
172#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
173#else
174#define V_L1_BITS V_L1_BITS_REM
175#endif
176
5cd2c5b6
RH		 177#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
178
5cd2c5b6
RH		 179#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
180
c6d50674
SW		 181uintptr_t qemu_real_host_page_size;
182uintptr_t qemu_host_page_size;
183uintptr_t qemu_host_page_mask;
54936004 184
5cd2c5b6
RH		 185/* This is a multi-level map on the virtual address space.
186 The bottom level has pointers to PageDesc. */
187static void *l1_map[V_L1_SIZE];
54936004 188
e2eef170 189#if !defined(CONFIG_USER_ONLY)
4346ae3e 190
5312bd8b
AK		 191static MemoryRegionSection *phys_sections;
192static unsigned phys_sections_nb, phys_sections_nb_alloc;
193static uint16_t phys_section_unassigned;
aa102231
AK		 194static uint16_t phys_section_notdirty;
195static uint16_t phys_section_rom;
196static uint16_t phys_section_watch;
5312bd8b 197
d6f2ea22
AK		 198/* Simple allocator for PhysPageEntry nodes */
199static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
200static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
201
07f07b31 202#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 203
e2eef170 204static void io_mem_init(void);
62152b8a 205static void memory_map_init(void);
e2eef170 206
1ec9b909 207static MemoryRegion io_mem_watch;
6658ffb8 208#endif
33417e70 209
e3db7226 210/* statistics */
e3db7226
FB		 211static int tb_flush_count;
212static int tb_phys_invalidate_count;
213
7cb69cae
FB		 214#ifdef _WIN32
215static void map_exec(void *addr, long size)
216{
217 DWORD old_protect;
218 VirtualProtect(addr, size,
219 PAGE_EXECUTE_READWRITE, &old_protect);
220
221}
222#else
223static void map_exec(void *addr, long size)
224{
4369415f 225 unsigned long start, end, page_size;
7cb69cae 226
4369415f 227 page_size = getpagesize();
7cb69cae 228 start = (unsigned long)addr;
4369415f 229 start &= ~(page_size - 1);
7cb69cae
FB		 230
231 end = (unsigned long)addr + size;
4369415f
FB		 232 end += page_size - 1;
233 end &= ~(page_size - 1);
7cb69cae
FB		 234
235 mprotect((void *)start, end - start,
236 PROT_READ | PROT_WRITE | PROT_EXEC);
237}
238#endif
239
b346ff46 240static void page_init(void)
54936004 241{
83fb7adf 242 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 243 TARGET_PAGE_SIZE */
c2b48b69
AL		 244#ifdef _WIN32
245 {
246 SYSTEM_INFO system_info;
247
248 GetSystemInfo(&system_info);
249 qemu_real_host_page_size = system_info.dwPageSize;
250 }
251#else
252 qemu_real_host_page_size = getpagesize();
253#endif
83fb7adf
FB		 254 if (qemu_host_page_size == 0)
255 qemu_host_page_size = qemu_real_host_page_size;
256 if (qemu_host_page_size < TARGET_PAGE_SIZE)
257 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 258 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 259
2e9a5713 260#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 261 {
f01576f1
JL		 262#ifdef HAVE_KINFO_GETVMMAP
263 struct kinfo_vmentry *freep;
264 int i, cnt;
265
266 freep = kinfo_getvmmap(getpid(), &cnt);
267 if (freep) {
268 mmap_lock();
269 for (i = 0; i < cnt; i++) {
270 unsigned long startaddr, endaddr;
271
272 startaddr = freep[i].kve_start;
273 endaddr = freep[i].kve_end;
274 if (h2g_valid(startaddr)) {
275 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
276
277 if (h2g_valid(endaddr)) {
278 endaddr = h2g(endaddr);
fd436907 279 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 280 } else {
281#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
282 endaddr = ~0ul;
fd436907 283 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 284#endif
285 }
286 }
287 }
288 free(freep);
289 mmap_unlock();
290 }
291#else
50a9569b 292 FILE *f;
50a9569b 293
0776590d 294 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 295
fd436907 296 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 297 if (f) {
5cd2c5b6
RH		 298 mmap_lock();
299
50a9569b 300 do {
5cd2c5b6
RH		 301 unsigned long startaddr, endaddr;
302 int n;
303
304 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
305
306 if (n == 2 && h2g_valid(startaddr)) {
307 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
308
309 if (h2g_valid(endaddr)) {
310 endaddr = h2g(endaddr);
311 } else {
312 endaddr = ~0ul;
313 }
314 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 315 }
316 } while (!feof(f));
5cd2c5b6 317
50a9569b 318 fclose(f);
5cd2c5b6 319 mmap_unlock();
50a9569b 320 }
f01576f1 321#endif
50a9569b
AZ		 322 }
323#endif
54936004
FB		 324}
325
41c1b1c9 326static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 327{
41c1b1c9
PB		 328 PageDesc *pd;
329 void **lp;
330 int i;
331
5cd2c5b6 332#if defined(CONFIG_USER_ONLY)
7267c094 333 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 334# define ALLOC(P, SIZE) \
335 do { \
336 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
337 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 338 } while (0)
339#else
340# define ALLOC(P, SIZE) \
7267c094 341 do { P = g_malloc0(SIZE); } while (0)
17e2377a 342#endif
434929bf 343
5cd2c5b6
RH		 344 /* Level 1. Always allocated. */
345 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
346
347 /* Level 2..N-1. */
348 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
349 void **p = *lp;
350
351 if (p == NULL) {
352 if (!alloc) {
353 return NULL;
354 }
355 ALLOC(p, sizeof(void *) * L2_SIZE);
356 *lp = p;
17e2377a 357 }
5cd2c5b6
RH		 358
359 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
360 }
361
362 pd = *lp;
363 if (pd == NULL) {
364 if (!alloc) {
365 return NULL;
366 }
367 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
368 *lp = pd;
54936004 369 }
5cd2c5b6
RH		 370
371#undef ALLOC
5cd2c5b6
RH		 372
373 return pd + (index & (L2_SIZE - 1));
54936004
FB		 374}
375
41c1b1c9 376static inline PageDesc *page_find(tb_page_addr_t index)
54936004 377{
5cd2c5b6 378 return page_find_alloc(index, 0);
fd6ce8f6
FB		 379}
380
6d9a1304 381#if !defined(CONFIG_USER_ONLY)
d6f2ea22 382
f7bf5461 383static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 384{
f7bf5461 385 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 386 typedef PhysPageEntry Node[L2_SIZE];
387 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 388 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
389 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 390 phys_map_nodes = g_renew(Node, phys_map_nodes,
391 phys_map_nodes_nb_alloc);
392 }
f7bf5461
AK		 393}
394
395static uint16_t phys_map_node_alloc(void)
396{
397 unsigned i;
398 uint16_t ret;
399
400 ret = phys_map_nodes_nb++;
401 assert(ret != PHYS_MAP_NODE_NIL);
402 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 403 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 404 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 405 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 406 }
f7bf5461 407 return ret;
d6f2ea22
AK		 408}
409
410static void phys_map_nodes_reset(void)
411{
412 phys_map_nodes_nb = 0;
413}
414
92e873b9 415
2999097b
AK		 416static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
417 target_phys_addr_t *nb, uint16_t leaf,
418 int level)
f7bf5461
AK		 419{
420 PhysPageEntry *p;
421 int i;
07f07b31 422 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 423
07f07b31 424 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 425 lp->ptr = phys_map_node_alloc();
426 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 427 if (level == 0) {
428 for (i = 0; i < L2_SIZE; i++) {
07f07b31 429 p[i].is_leaf = 1;
c19e8800 430 p[i].ptr = phys_section_unassigned;
4346ae3e 431 }
67c4d23c 432 }
f7bf5461 433 } else {
c19e8800 434 p = phys_map_nodes[lp->ptr];
92e873b9 435 }
2999097b 436 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 437
2999097b 438 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 439 if ((*index & (step - 1)) == 0 && *nb >= step) {
440 lp->is_leaf = true;
c19e8800 441 lp->ptr = leaf;
07f07b31
AK		 442 *index += step;
443 *nb -= step;
2999097b
AK		 444 } else {
445 phys_page_set_level(lp, index, nb, leaf, level - 1);
446 }
447 ++lp;
f7bf5461
AK		 448 }
449}
450
ac1970fb
AK		 451static void phys_page_set(AddressSpaceDispatch *d,
452 target_phys_addr_t index, target_phys_addr_t nb,
2999097b 453 uint16_t leaf)
f7bf5461 454{
2999097b 455 /* Wildly overreserve - it doesn't matter much. */
07f07b31 456 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 457
ac1970fb 458 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 459}
460
ac1970fb 461MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, target_phys_addr_t index)
92e873b9 462{
ac1970fb 463 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 464 PhysPageEntry *p;
465 int i;
31ab2b4a 466 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 467
07f07b31 468 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 469 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 470 goto not_found;
471 }
c19e8800 472 p = phys_map_nodes[lp.ptr];
31ab2b4a 473 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 474 }
31ab2b4a 475
c19e8800 476 s_index = lp.ptr;
31ab2b4a 477not_found:
f3705d53
AK		 478 return &phys_sections[s_index];
479}
480
e5548617
BS		 481bool memory_region_is_unassigned(MemoryRegion *mr)
482{
483 return mr != &io_mem_ram && mr != &io_mem_rom
484 && mr != &io_mem_notdirty && !mr->rom_device
485 && mr != &io_mem_watch;
486}
487
c8a706fe
PB		 488#define mmap_lock() do { } while(0)
489#define mmap_unlock() do { } while(0)
9fa3e853 490#endif
fd6ce8f6 491
4369415f
FB		 492#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
493
494#if defined(CONFIG_USER_ONLY)
ccbb4d44 495/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 496 user mode. It will change when a dedicated libc will be used */
497#define USE_STATIC_CODE_GEN_BUFFER
498#endif
499
500#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 501static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
502 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 503#endif
504
8fcd3692 505static void code_gen_alloc(unsigned long tb_size)
26a5f13b 506{
4369415f
FB		 507#ifdef USE_STATIC_CODE_GEN_BUFFER
508 code_gen_buffer = static_code_gen_buffer;
509 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
510 map_exec(code_gen_buffer, code_gen_buffer_size);
511#else
26a5f13b
FB		 512 code_gen_buffer_size = tb_size;
513 if (code_gen_buffer_size == 0) {
4369415f 514#if defined(CONFIG_USER_ONLY)
4369415f
FB		 515 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
516#else
ccbb4d44 517 /* XXX: needs adjustments */
94a6b54f 518 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 519#endif
26a5f13b
FB		 520 }
521 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
522 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
523 /* The code gen buffer location may have constraints depending on
524 the host cpu and OS */
525#if defined(__linux__)
526 {
527 int flags;
141ac468
BS		 528 void *start = NULL;
529
26a5f13b
FB		 530 flags = MAP_PRIVATE | MAP_ANONYMOUS;
531#if defined(__x86_64__)
532 flags |= MAP_32BIT;
533 /* Cannot map more than that */
534 if (code_gen_buffer_size > (800 * 1024 * 1024))
535 code_gen_buffer_size = (800 * 1024 * 1024);
9b9c37c3 536#elif defined(__sparc__) && HOST_LONG_BITS == 64
141ac468 537 // Map the buffer below 2G, so we can use direct calls and branches
d5dd696f 538 start = (void *) 0x40000000UL;
141ac468
BS		 539 if (code_gen_buffer_size > (512 * 1024 * 1024))
540 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 541#elif defined(__arm__)
5c84bd90 542 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 543 if (code_gen_buffer_size > 16 * 1024 * 1024)
544 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 545#elif defined(__s390x__)
546 /* Map the buffer so that we can use direct calls and branches. */
547 /* We have a +- 4GB range on the branches; leave some slop. */
548 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
549 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
550 }
551 start = (void *)0x90000000UL;
26a5f13b 552#endif
141ac468
BS		 553 code_gen_buffer = mmap(start, code_gen_buffer_size,
554 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 555 flags, -1, 0);
556 if (code_gen_buffer == MAP_FAILED) {
557 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
558 exit(1);
559 }
560 }
cbb608a5 561#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 562 || defined(__DragonFly__) || defined(__OpenBSD__) \
563 || defined(__NetBSD__)
06e67a82
AL		 564 {
565 int flags;
566 void *addr = NULL;
567 flags = MAP_PRIVATE | MAP_ANONYMOUS;
568#if defined(__x86_64__)
569 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
570 * 0x40000000 is free */
571 flags |= MAP_FIXED;
572 addr = (void *)0x40000000;
573 /* Cannot map more than that */
574 if (code_gen_buffer_size > (800 * 1024 * 1024))
575 code_gen_buffer_size = (800 * 1024 * 1024);
9b9c37c3 576#elif defined(__sparc__) && HOST_LONG_BITS == 64
4cd31ad2 577 // Map the buffer below 2G, so we can use direct calls and branches
d5dd696f 578 addr = (void *) 0x40000000UL;
4cd31ad2
BS		 579 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
580 code_gen_buffer_size = (512 * 1024 * 1024);
581 }
06e67a82
AL		 582#endif
583 code_gen_buffer = mmap(addr, code_gen_buffer_size,
584 PROT_WRITE | PROT_READ | PROT_EXEC,
585 flags, -1, 0);
586 if (code_gen_buffer == MAP_FAILED) {
587 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
588 exit(1);
589 }
590 }
26a5f13b 591#else
7267c094 592 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 593 map_exec(code_gen_buffer, code_gen_buffer_size);
594#endif
4369415f 595#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 596 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 597 code_gen_buffer_max_size = code_gen_buffer_size -
598 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 599 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 600 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 601}
602
603/* Must be called before using the QEMU cpus. 'tb_size' is the size
604 (in bytes) allocated to the translation buffer. Zero means default
605 size. */
d5ab9713 606void tcg_exec_init(unsigned long tb_size)
26a5f13b 607{
26a5f13b
FB		 608 cpu_gen_init();
609 code_gen_alloc(tb_size);
610 code_gen_ptr = code_gen_buffer;
813da627 611 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 612 page_init();
9002ec79
RH		 613#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
614 /* There's no guest base to take into account, so go ahead and
615 initialize the prologue now. */
616 tcg_prologue_init(&tcg_ctx);
617#endif
26a5f13b
FB		 618}
619
d5ab9713
JK		 620bool tcg_enabled(void)
621{
622 return code_gen_buffer != NULL;
623}
624
625void cpu_exec_init_all(void)
626{
627#if !defined(CONFIG_USER_ONLY)
628 memory_map_init();
629 io_mem_init();
630#endif
631}
632
9656f324
PB		 633#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
634
e59fb374 635static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 636{
9349b4f9 637 CPUArchState *env = opaque;
9656f324 638
3098dba0
AJ		 639 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
640 version_id is increased. */
641 env->interrupt_request &= ~0x01;
9656f324
PB		 642 tlb_flush(env, 1);
643
644 return 0;
645}
e7f4eff7
JQ		 646
647static const VMStateDescription vmstate_cpu_common = {
648 .name = "cpu_common",
649 .version_id = 1,
650 .minimum_version_id = 1,
651 .minimum_version_id_old = 1,
e7f4eff7
JQ		 652 .post_load = cpu_common_post_load,
653 .fields = (VMStateField []) {
9349b4f9
AF		 654 VMSTATE_UINT32(halted, CPUArchState),
655 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 656 VMSTATE_END_OF_LIST()
657 }
658};
9656f324
PB		 659#endif
660
9349b4f9 661CPUArchState *qemu_get_cpu(int cpu)
950f1472 662{
9349b4f9 663 CPUArchState *env = first_cpu;
950f1472
GC		 664
665 while (env) {
666 if (env->cpu_index == cpu)
667 break;
668 env = env->next_cpu;
669 }
670
671 return env;
672}
673
9349b4f9 674void cpu_exec_init(CPUArchState *env)
fd6ce8f6 675{
9349b4f9 676 CPUArchState **penv;
6a00d601
FB		 677 int cpu_index;
678
c2764719
PB		 679#if defined(CONFIG_USER_ONLY)
680 cpu_list_lock();
681#endif
6a00d601
FB		 682 env->next_cpu = NULL;
683 penv = &first_cpu;
684 cpu_index = 0;
685 while (*penv != NULL) {
1e9fa730 686 penv = &(*penv)->next_cpu;
6a00d601
FB		 687 cpu_index++;
688 }
689 env->cpu_index = cpu_index;
268a362c 690 env->numa_node = 0;
72cf2d4f
BS		 691 QTAILQ_INIT(&env->breakpoints);
692 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 693#ifndef CONFIG_USER_ONLY
694 env->thread_id = qemu_get_thread_id();
695#endif
6a00d601 696 *penv = env;
c2764719
PB		 697#if defined(CONFIG_USER_ONLY)
698 cpu_list_unlock();
699#endif
b3c7724c 700#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 701 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
702 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 703 cpu_save, cpu_load, env);
704#endif
fd6ce8f6
FB		 705}
706
d1a1eb74
TG		 707/* Allocate a new translation block. Flush the translation buffer if
708 too many translation blocks or too much generated code. */
709static TranslationBlock *tb_alloc(target_ulong pc)
710{
711 TranslationBlock *tb;
712
713 if (nb_tbs >= code_gen_max_blocks ||
714 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
715 return NULL;
716 tb = &tbs[nb_tbs++];
717 tb->pc = pc;
718 tb->cflags = 0;
719 return tb;
720}
721
722void tb_free(TranslationBlock *tb)
723{
724 /* In practice this is mostly used for single use temporary TB
725 Ignore the hard cases and just back up if this TB happens to
726 be the last one generated. */
727 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
728 code_gen_ptr = tb->tc_ptr;
729 nb_tbs--;
730 }
731}
732
9fa3e853
FB		 733static inline void invalidate_page_bitmap(PageDesc *p)
734{
735 if (p->code_bitmap) {
7267c094 736 g_free(p->code_bitmap);
9fa3e853
FB		 737 p->code_bitmap = NULL;
738 }
739 p->code_write_count = 0;
740}
741
5cd2c5b6
RH		 742/* Set to NULL all the 'first_tb' fields in all PageDescs. */
743
744static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 745{
5cd2c5b6 746 int i;
fd6ce8f6 747
5cd2c5b6
RH		 748 if (*lp == NULL) {
749 return;
750 }
751 if (level == 0) {
752 PageDesc *pd = *lp;
7296abac 753 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 754 pd[i].first_tb = NULL;
755 invalidate_page_bitmap(pd + i);
fd6ce8f6 756 }
5cd2c5b6
RH		 757 } else {
758 void **pp = *lp;
7296abac 759 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 760 page_flush_tb_1 (level - 1, pp + i);
761 }
762 }
763}
764
765static void page_flush_tb(void)
766{
767 int i;
768 for (i = 0; i < V_L1_SIZE; i++) {
769 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 770 }
771}
772
773/* flush all the translation blocks */
d4e8164f 774/* XXX: tb_flush is currently not thread safe */
9349b4f9 775void tb_flush(CPUArchState *env1)
fd6ce8f6 776{
9349b4f9 777 CPUArchState *env;
0124311e 778#if defined(DEBUG_FLUSH)
ab3d1727
BS		 779 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
780 (unsigned long)(code_gen_ptr - code_gen_buffer),
781 nb_tbs, nb_tbs > 0 ?
782 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 783#endif
26a5f13b 784 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 785 cpu_abort(env1, "Internal error: code buffer overflow\n");
786
fd6ce8f6 787 nb_tbs = 0;
3b46e624 788
6a00d601
FB		 789 for(env = first_cpu; env != NULL; env = env->next_cpu) {
790 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
791 }
9fa3e853 792
8a8a608f 793 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 794 page_flush_tb();
9fa3e853 795
fd6ce8f6 796 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 797 /* XXX: flush processor icache at this point if cache flush is
798 expensive */
e3db7226 799 tb_flush_count++;
fd6ce8f6
FB		 800}
801
802#ifdef DEBUG_TB_CHECK
803
bc98a7ef 804static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 805{
806 TranslationBlock *tb;
807 int i;
808 address &= TARGET_PAGE_MASK;
99773bd4
PB		 809 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
810 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 811 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
812 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 813 printf("ERROR invalidate: address=" TARGET_FMT_lx
814 " PC=%08lx size=%04x\n",
99773bd4 815 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 816 }
817 }
818 }
819}
820
821/* verify that all the pages have correct rights for code */
822static void tb_page_check(void)
823{
824 TranslationBlock *tb;
825 int i, flags1, flags2;
3b46e624 826
99773bd4
PB		 827 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
828 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 829 flags1 = page_get_flags(tb->pc);
830 flags2 = page_get_flags(tb->pc + tb->size - 1);
831 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
832 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 833 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 834 }
835 }
836 }
837}
838
839#endif
840
841/* invalidate one TB */
842static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
843 int next_offset)
844{
845 TranslationBlock *tb1;
846 for(;;) {
847 tb1 = *ptb;
848 if (tb1 == tb) {
849 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
850 break;
851 }
852 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
853 }
854}
855
9fa3e853
FB		 856static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
857{
858 TranslationBlock *tb1;
859 unsigned int n1;
860
861 for(;;) {
862 tb1 = *ptb;
8efe0ca8
SW		 863 n1 = (uintptr_t)tb1 & 3;
864 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 865 if (tb1 == tb) {
866 *ptb = tb1->page_next[n1];
867 break;
868 }
869 ptb = &tb1->page_next[n1];
870 }
871}
872
d4e8164f
FB		 873static inline void tb_jmp_remove(TranslationBlock *tb, int n)
874{
875 TranslationBlock *tb1, **ptb;
876 unsigned int n1;
877
878 ptb = &tb->jmp_next[n];
879 tb1 = *ptb;
880 if (tb1) {
881 /* find tb(n) in circular list */
882 for(;;) {
883 tb1 = *ptb;
8efe0ca8
SW		 884 n1 = (uintptr_t)tb1 & 3;
885 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 886 if (n1 == n && tb1 == tb)
887 break;
888 if (n1 == 2) {
889 ptb = &tb1->jmp_first;
890 } else {
891 ptb = &tb1->jmp_next[n1];
892 }
893 }
894 /* now we can suppress tb(n) from the list */
895 *ptb = tb->jmp_next[n];
896
897 tb->jmp_next[n] = NULL;
898 }
899}
900
901/* reset the jump entry 'n' of a TB so that it is not chained to
902 another TB */
903static inline void tb_reset_jump(TranslationBlock *tb, int n)
904{
8efe0ca8 905 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 906}
907
41c1b1c9 908void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 909{
9349b4f9 910 CPUArchState *env;
8a40a180 911 PageDesc *p;
d4e8164f 912 unsigned int h, n1;
41c1b1c9 913 tb_page_addr_t phys_pc;
8a40a180 914 TranslationBlock *tb1, *tb2;
3b46e624 915
8a40a180
FB		 916 /* remove the TB from the hash list */
917 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
918 h = tb_phys_hash_func(phys_pc);
5fafdf24 919 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 920 offsetof(TranslationBlock, phys_hash_next));
921
922 /* remove the TB from the page list */
923 if (tb->page_addr[0] != page_addr) {
924 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
925 tb_page_remove(&p->first_tb, tb);
926 invalidate_page_bitmap(p);
927 }
928 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
929 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
930 tb_page_remove(&p->first_tb, tb);
931 invalidate_page_bitmap(p);
932 }
933
36bdbe54 934 tb_invalidated_flag = 1;
59817ccb 935
fd6ce8f6 936 /* remove the TB from the hash list */
8a40a180 937 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 938 for(env = first_cpu; env != NULL; env = env->next_cpu) {
939 if (env->tb_jmp_cache[h] == tb)
940 env->tb_jmp_cache[h] = NULL;
941 }
d4e8164f
FB		 942
943 /* suppress this TB from the two jump lists */
944 tb_jmp_remove(tb, 0);
945 tb_jmp_remove(tb, 1);
946
947 /* suppress any remaining jumps to this TB */
948 tb1 = tb->jmp_first;
949 for(;;) {
8efe0ca8 950 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 951 if (n1 == 2)
952 break;
8efe0ca8 953 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 954 tb2 = tb1->jmp_next[n1];
955 tb_reset_jump(tb1, n1);
956 tb1->jmp_next[n1] = NULL;
957 tb1 = tb2;
958 }
8efe0ca8 959 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 960
e3db7226 961 tb_phys_invalidate_count++;
9fa3e853
FB		 962}
963
964static inline void set_bits(uint8_t *tab, int start, int len)
965{
966 int end, mask, end1;
967
968 end = start + len;
969 tab += start >> 3;
970 mask = 0xff << (start & 7);
971 if ((start & ~7) == (end & ~7)) {
972 if (start < end) {
973 mask &= ~(0xff << (end & 7));
974 *tab |= mask;
975 }
976 } else {
977 *tab++ |= mask;
978 start = (start + 8) & ~7;
979 end1 = end & ~7;
980 while (start < end1) {
981 *tab++ = 0xff;
982 start += 8;
983 }
984 if (start < end) {
985 mask = ~(0xff << (end & 7));
986 *tab |= mask;
987 }
988 }
989}
990
991static void build_page_bitmap(PageDesc *p)
992{
993 int n, tb_start, tb_end;
994 TranslationBlock *tb;
3b46e624 995
7267c094 996 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 997
998 tb = p->first_tb;
999 while (tb != NULL) {
8efe0ca8
SW		 1000 n = (uintptr_t)tb & 3;
1001 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1002 /* NOTE: this is subtle as a TB may span two physical pages */
1003 if (n == 0) {
1004 /* NOTE: tb_end may be after the end of the page, but
1005 it is not a problem */
1006 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1007 tb_end = tb_start + tb->size;
1008 if (tb_end > TARGET_PAGE_SIZE)
1009 tb_end = TARGET_PAGE_SIZE;
1010 } else {
1011 tb_start = 0;
1012 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1013 }
1014 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1015 tb = tb->page_next[n];
1016 }
1017}
1018
9349b4f9 1019TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1020 target_ulong pc, target_ulong cs_base,
1021 int flags, int cflags)
d720b93d
FB		 1022{
1023 TranslationBlock *tb;
1024 uint8_t *tc_ptr;
41c1b1c9
PB		 1025 tb_page_addr_t phys_pc, phys_page2;
1026 target_ulong virt_page2;
d720b93d
FB		 1027 int code_gen_size;
1028
41c1b1c9 1029 phys_pc = get_page_addr_code(env, pc);
c27004ec 1030 tb = tb_alloc(pc);
d720b93d
FB		 1031 if (!tb) {
1032 /* flush must be done */
1033 tb_flush(env);
1034 /* cannot fail at this point */
c27004ec 1035 tb = tb_alloc(pc);
2e70f6ef
PB		 1036 /* Don't forget to invalidate previous TB info. */
1037 tb_invalidated_flag = 1;
d720b93d
FB		 1038 }
1039 tc_ptr = code_gen_ptr;
1040 tb->tc_ptr = tc_ptr;
1041 tb->cs_base = cs_base;
1042 tb->flags = flags;
1043 tb->cflags = cflags;
d07bde88 1044 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1045 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1046 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1047
d720b93d 1048 /* check next page if needed */
c27004ec 1049 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1050 phys_page2 = -1;
c27004ec 1051 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1052 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1053 }
41c1b1c9 1054 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1055 return tb;
d720b93d 1056}
3b46e624 1057
77a8f1a5 1058/*
8e0fdce3
JK		 1059 * Invalidate all TBs which intersect with the target physical address range
1060 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1061 * 'is_cpu_write_access' should be true if called from a real cpu write
1062 * access: the virtual CPU will exit the current TB if code is modified inside
1063 * this TB.
77a8f1a5
AG		 1064 */
1065void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1066 int is_cpu_write_access)
1067{
1068 while (start < end) {
1069 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1070 start &= TARGET_PAGE_MASK;
1071 start += TARGET_PAGE_SIZE;
1072 }
1073}
1074
8e0fdce3
JK		 1075/*
1076 * Invalidate all TBs which intersect with the target physical address range
1077 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1078 * 'is_cpu_write_access' should be true if called from a real cpu write
1079 * access: the virtual CPU will exit the current TB if code is modified inside
1080 * this TB.
1081 */
41c1b1c9 1082void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1083 int is_cpu_write_access)
1084{
6b917547 1085 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1086 CPUArchState *env = cpu_single_env;
41c1b1c9 1087 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1088 PageDesc *p;
1089 int n;
1090#ifdef TARGET_HAS_PRECISE_SMC
1091 int current_tb_not_found = is_cpu_write_access;
1092 TranslationBlock *current_tb = NULL;
1093 int current_tb_modified = 0;
1094 target_ulong current_pc = 0;
1095 target_ulong current_cs_base = 0;
1096 int current_flags = 0;
1097#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1098
1099 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1100 if (!p)
9fa3e853 1101 return;
5fafdf24 1102 if (!p->code_bitmap &&
d720b93d
FB		 1103 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1104 is_cpu_write_access) {
9fa3e853
FB		 1105 /* build code bitmap */
1106 build_page_bitmap(p);
1107 }
1108
1109 /* we remove all the TBs in the range [start, end[ */
1110 /* XXX: see if in some cases it could be faster to invalidate all the code */
1111 tb = p->first_tb;
1112 while (tb != NULL) {
8efe0ca8
SW		 1113 n = (uintptr_t)tb & 3;
1114 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1115 tb_next = tb->page_next[n];
1116 /* NOTE: this is subtle as a TB may span two physical pages */
1117 if (n == 0) {
1118 /* NOTE: tb_end may be after the end of the page, but
1119 it is not a problem */
1120 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1121 tb_end = tb_start + tb->size;
1122 } else {
1123 tb_start = tb->page_addr[1];
1124 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1125 }
1126 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1127#ifdef TARGET_HAS_PRECISE_SMC
1128 if (current_tb_not_found) {
1129 current_tb_not_found = 0;
1130 current_tb = NULL;
2e70f6ef 1131 if (env->mem_io_pc) {
d720b93d 1132 /* now we have a real cpu fault */
2e70f6ef 1133 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1134 }
1135 }
1136 if (current_tb == tb &&
2e70f6ef 1137 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1138 /* If we are modifying the current TB, we must stop
1139 its execution. We could be more precise by checking
1140 that the modification is after the current PC, but it
1141 would require a specialized function to partially
1142 restore the CPU state */
3b46e624 1143
d720b93d 1144 current_tb_modified = 1;
618ba8e6 1145 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1146 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1147 &current_flags);
d720b93d
FB		 1148 }
1149#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1150 /* we need to do that to handle the case where a signal
1151 occurs while doing tb_phys_invalidate() */
1152 saved_tb = NULL;
1153 if (env) {
1154 saved_tb = env->current_tb;
1155 env->current_tb = NULL;
1156 }
9fa3e853 1157 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1158 if (env) {
1159 env->current_tb = saved_tb;
1160 if (env->interrupt_request && env->current_tb)
1161 cpu_interrupt(env, env->interrupt_request);
1162 }
9fa3e853
FB		 1163 }
1164 tb = tb_next;
1165 }
1166#if !defined(CONFIG_USER_ONLY)
1167 /* if no code remaining, no need to continue to use slow writes */
1168 if (!p->first_tb) {
1169 invalidate_page_bitmap(p);
d720b93d 1170 if (is_cpu_write_access) {
2e70f6ef 1171 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1172 }
1173 }
1174#endif
1175#ifdef TARGET_HAS_PRECISE_SMC
1176 if (current_tb_modified) {
1177 /* we generate a block containing just the instruction
1178 modifying the memory. It will ensure that it cannot modify
1179 itself */
ea1c1802 1180 env->current_tb = NULL;
2e70f6ef 1181 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1182 cpu_resume_from_signal(env, NULL);
9fa3e853 1183 }
fd6ce8f6 1184#endif
9fa3e853 1185}
fd6ce8f6 1186
9fa3e853 1187/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1188static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1189{
1190 PageDesc *p;
1191 int offset, b;
59817ccb 1192#if 0
a4193c8a 1193 if (1) {
93fcfe39
AL		 1194 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1195 cpu_single_env->mem_io_vaddr, len,
1196 cpu_single_env->eip,
8efe0ca8
SW		 1197 cpu_single_env->eip +
1198 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1199 }
1200#endif
9fa3e853 1201 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1202 if (!p)
9fa3e853
FB		 1203 return;
1204 if (p->code_bitmap) {
1205 offset = start & ~TARGET_PAGE_MASK;
1206 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1207 if (b & ((1 << len) - 1))
1208 goto do_invalidate;
1209 } else {
1210 do_invalidate:
d720b93d 1211 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1212 }
1213}
1214
9fa3e853 1215#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1216static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1217 uintptr_t pc, void *puc)
9fa3e853 1218{
6b917547 1219 TranslationBlock *tb;
9fa3e853 1220 PageDesc *p;
6b917547 1221 int n;
d720b93d 1222#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1223 TranslationBlock *current_tb = NULL;
9349b4f9 1224 CPUArchState *env = cpu_single_env;
6b917547
AL		 1225 int current_tb_modified = 0;
1226 target_ulong current_pc = 0;
1227 target_ulong current_cs_base = 0;
1228 int current_flags = 0;
d720b93d 1229#endif
9fa3e853
FB		 1230
1231 addr &= TARGET_PAGE_MASK;
1232 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1233 if (!p)
9fa3e853
FB		 1234 return;
1235 tb = p->first_tb;
d720b93d
FB		 1236#ifdef TARGET_HAS_PRECISE_SMC
1237 if (tb && pc != 0) {
1238 current_tb = tb_find_pc(pc);
1239 }
1240#endif
9fa3e853 1241 while (tb != NULL) {
8efe0ca8
SW		 1242 n = (uintptr_t)tb & 3;
1243 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1244#ifdef TARGET_HAS_PRECISE_SMC
1245 if (current_tb == tb &&
2e70f6ef 1246 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1247 /* If we are modifying the current TB, we must stop
1248 its execution. We could be more precise by checking
1249 that the modification is after the current PC, but it
1250 would require a specialized function to partially
1251 restore the CPU state */
3b46e624 1252
d720b93d 1253 current_tb_modified = 1;
618ba8e6 1254 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1255 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1256 &current_flags);
d720b93d
FB		 1257 }
1258#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1259 tb_phys_invalidate(tb, addr);
1260 tb = tb->page_next[n];
1261 }
fd6ce8f6 1262 p->first_tb = NULL;
d720b93d
FB		 1263#ifdef TARGET_HAS_PRECISE_SMC
1264 if (current_tb_modified) {
1265 /* we generate a block containing just the instruction
1266 modifying the memory. It will ensure that it cannot modify
1267 itself */
ea1c1802 1268 env->current_tb = NULL;
2e70f6ef 1269 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1270 cpu_resume_from_signal(env, puc);
1271 }
1272#endif
fd6ce8f6 1273}
9fa3e853 1274#endif
fd6ce8f6
FB		 1275
1276/* add the tb in the target page and protect it if necessary */
5fafdf24 1277static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1278 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1279{
1280 PageDesc *p;
4429ab44
JQ		 1281#ifndef CONFIG_USER_ONLY
1282 bool page_already_protected;
1283#endif
9fa3e853
FB		 1284
1285 tb->page_addr[n] = page_addr;
5cd2c5b6 1286 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1287 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1288#ifndef CONFIG_USER_ONLY
1289 page_already_protected = p->first_tb != NULL;
1290#endif
8efe0ca8 1291 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1292 invalidate_page_bitmap(p);
fd6ce8f6 1293
107db443 1294#if defined(TARGET_HAS_SMC) || 1
d720b93d 1295
9fa3e853 1296#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1297 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1298 target_ulong addr;
1299 PageDesc *p2;
9fa3e853
FB		 1300 int prot;
1301
fd6ce8f6
FB		 1302 /* force the host page as non writable (writes will have a
1303 page fault + mprotect overhead) */
53a5960a 1304 page_addr &= qemu_host_page_mask;
fd6ce8f6 1305 prot = 0;
53a5960a
PB		 1306 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1307 addr += TARGET_PAGE_SIZE) {
1308
1309 p2 = page_find (addr >> TARGET_PAGE_BITS);
1310 if (!p2)
1311 continue;
1312 prot |= p2->flags;
1313 p2->flags &= ~PAGE_WRITE;
53a5960a 1314 }
5fafdf24 1315 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1316 (prot & PAGE_BITS) & ~PAGE_WRITE);
1317#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1318 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1319 page_addr);
fd6ce8f6 1320#endif
fd6ce8f6 1321 }
9fa3e853
FB		 1322#else
1323 /* if some code is already present, then the pages are already
1324 protected. So we handle the case where only the first TB is
1325 allocated in a physical page */
4429ab44 1326 if (!page_already_protected) {
6a00d601 1327 tlb_protect_code(page_addr);
9fa3e853
FB		 1328 }
1329#endif
d720b93d
FB		 1330
1331#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1332}
1333
9fa3e853
FB		 1334/* add a new TB and link it to the physical page tables. phys_page2 is
1335 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1336void tb_link_page(TranslationBlock *tb,
1337 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1338{
9fa3e853
FB		 1339 unsigned int h;
1340 TranslationBlock **ptb;
1341
c8a706fe
PB		 1342 /* Grab the mmap lock to stop another thread invalidating this TB
1343 before we are done. */
1344 mmap_lock();
9fa3e853
FB		 1345 /* add in the physical hash table */
1346 h = tb_phys_hash_func(phys_pc);
1347 ptb = &tb_phys_hash[h];
1348 tb->phys_hash_next = *ptb;
1349 *ptb = tb;
fd6ce8f6
FB		 1350
1351 /* add in the page list */
9fa3e853
FB		 1352 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1353 if (phys_page2 != -1)
1354 tb_alloc_page(tb, 1, phys_page2);
1355 else
1356 tb->page_addr[1] = -1;
9fa3e853 1357
8efe0ca8 1358 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1359 tb->jmp_next[0] = NULL;
1360 tb->jmp_next[1] = NULL;
1361
1362 /* init original jump addresses */
1363 if (tb->tb_next_offset[0] != 0xffff)
1364 tb_reset_jump(tb, 0);
1365 if (tb->tb_next_offset[1] != 0xffff)
1366 tb_reset_jump(tb, 1);
8a40a180
FB		 1367
1368#ifdef DEBUG_TB_CHECK
1369 tb_page_check();
1370#endif
c8a706fe 1371 mmap_unlock();
fd6ce8f6
FB		 1372}
1373
9fa3e853
FB		 1374/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1375 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1376TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1377{
9fa3e853 1378 int m_min, m_max, m;
8efe0ca8 1379 uintptr_t v;
9fa3e853 1380 TranslationBlock *tb;
a513fe19
FB		 1381
1382 if (nb_tbs <= 0)
1383 return NULL;
8efe0ca8
SW		 1384 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1385 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1386 return NULL;
8efe0ca8 1387 }
a513fe19
FB		 1388 /* binary search (cf Knuth) */
1389 m_min = 0;
1390 m_max = nb_tbs - 1;
1391 while (m_min <= m_max) {
1392 m = (m_min + m_max) >> 1;
1393 tb = &tbs[m];
8efe0ca8 1394 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1395 if (v == tc_ptr)
1396 return tb;
1397 else if (tc_ptr < v) {
1398 m_max = m - 1;
1399 } else {
1400 m_min = m + 1;
1401 }
5fafdf24 1402 }
a513fe19
FB		 1403 return &tbs[m_max];
1404}
7501267e 1405
ea041c0e
FB		 1406static void tb_reset_jump_recursive(TranslationBlock *tb);
1407
1408static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1409{
1410 TranslationBlock *tb1, *tb_next, **ptb;
1411 unsigned int n1;
1412
1413 tb1 = tb->jmp_next[n];
1414 if (tb1 != NULL) {
1415 /* find head of list */
1416 for(;;) {
8efe0ca8
SW		 1417 n1 = (uintptr_t)tb1 & 3;
1418 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1419 if (n1 == 2)
1420 break;
1421 tb1 = tb1->jmp_next[n1];
1422 }
1423 /* we are now sure now that tb jumps to tb1 */
1424 tb_next = tb1;
1425
1426 /* remove tb from the jmp_first list */
1427 ptb = &tb_next->jmp_first;
1428 for(;;) {
1429 tb1 = *ptb;
8efe0ca8
SW		 1430 n1 = (uintptr_t)tb1 & 3;
1431 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1432 if (n1 == n && tb1 == tb)
1433 break;
1434 ptb = &tb1->jmp_next[n1];
1435 }
1436 *ptb = tb->jmp_next[n];
1437 tb->jmp_next[n] = NULL;
3b46e624 1438
ea041c0e
FB		 1439 /* suppress the jump to next tb in generated code */
1440 tb_reset_jump(tb, n);
1441
0124311e 1442 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1443 tb_reset_jump_recursive(tb_next);
1444 }
1445}
1446
1447static void tb_reset_jump_recursive(TranslationBlock *tb)
1448{
1449 tb_reset_jump_recursive2(tb, 0);
1450 tb_reset_jump_recursive2(tb, 1);
1451}
1452
1fddef4b 1453#if defined(TARGET_HAS_ICE)
94df27fd 1454#if defined(CONFIG_USER_ONLY)
9349b4f9 1455static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1456{
1457 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1458}
1459#else
1e7855a5 1460void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1461{
c227f099 1462 ram_addr_t ram_addr;
f3705d53 1463 MemoryRegionSection *section;
d720b93d 1464
ac1970fb 1465 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1466 if (!(memory_region_is_ram(section->mr)
1467 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1468 return;
1469 }
f3705d53 1470 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1471 + memory_region_section_addr(section, addr);
706cd4b5 1472 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1473}
1e7855a5
MF		 1474
1475static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1476{
9d70c4b7
MF		 1477 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1478 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1479}
c27004ec 1480#endif
94df27fd 1481#endif /* TARGET_HAS_ICE */
d720b93d 1482
c527ee8f 1483#if defined(CONFIG_USER_ONLY)
9349b4f9 1484void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1485
1486{
1487}
1488
9349b4f9 1489int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1490 int flags, CPUWatchpoint **watchpoint)
1491{
1492 return -ENOSYS;
1493}
1494#else
6658ffb8 1495/* Add a watchpoint. */
9349b4f9 1496int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1497 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1498{
b4051334 1499 target_ulong len_mask = ~(len - 1);
c0ce998e 1500 CPUWatchpoint *wp;
6658ffb8 1501
b4051334 1502 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1503 if ((len & (len - 1)) || (addr & ~len_mask) ||
1504 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1505 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1506 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1507 return -EINVAL;
1508 }
7267c094 1509 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1510
1511 wp->vaddr = addr;
b4051334 1512 wp->len_mask = len_mask;
a1d1bb31
AL		 1513 wp->flags = flags;
1514
2dc9f411 1515 /* keep all GDB-injected watchpoints in front */
c0ce998e 1516 if (flags & BP_GDB)
72cf2d4f 1517 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1518 else
72cf2d4f 1519 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1520
6658ffb8 1521 tlb_flush_page(env, addr);
a1d1bb31
AL		 1522
1523 if (watchpoint)
1524 *watchpoint = wp;
1525 return 0;
6658ffb8
PB		 1526}
1527
a1d1bb31 1528/* Remove a specific watchpoint. */
9349b4f9 1529int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1530 int flags)
6658ffb8 1531{
b4051334 1532 target_ulong len_mask = ~(len - 1);
a1d1bb31 1533 CPUWatchpoint *wp;
6658ffb8 1534
72cf2d4f 1535 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1536 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1537 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1538 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1539 return 0;
1540 }
1541 }
a1d1bb31 1542 return -ENOENT;
6658ffb8
PB		 1543}
1544
a1d1bb31 1545/* Remove a specific watchpoint by reference. */
9349b4f9 1546void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1547{
72cf2d4f 1548 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1549
a1d1bb31
AL		 1550 tlb_flush_page(env, watchpoint->vaddr);
1551
7267c094 1552 g_free(watchpoint);
a1d1bb31
AL		 1553}
1554
1555/* Remove all matching watchpoints. */
9349b4f9 1556void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1557{
c0ce998e 1558 CPUWatchpoint *wp, *next;
a1d1bb31 1559
72cf2d4f 1560 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1561 if (wp->flags & mask)
1562 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1563 }
7d03f82f 1564}
c527ee8f 1565#endif
7d03f82f 1566
a1d1bb31 1567/* Add a breakpoint. */
9349b4f9 1568int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1569 CPUBreakpoint **breakpoint)
4c3a88a2 1570{
1fddef4b 1571#if defined(TARGET_HAS_ICE)
c0ce998e 1572 CPUBreakpoint *bp;
3b46e624 1573
7267c094 1574 bp = g_malloc(sizeof(*bp));
4c3a88a2 1575
a1d1bb31
AL		 1576 bp->pc = pc;
1577 bp->flags = flags;
1578
2dc9f411 1579 /* keep all GDB-injected breakpoints in front */
c0ce998e 1580 if (flags & BP_GDB)
72cf2d4f 1581 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1582 else
72cf2d4f 1583 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1584
d720b93d 1585 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1586
1587 if (breakpoint)
1588 *breakpoint = bp;
4c3a88a2
FB		 1589 return 0;
1590#else
a1d1bb31 1591 return -ENOSYS;
4c3a88a2
FB		 1592#endif
1593}
1594
a1d1bb31 1595/* Remove a specific breakpoint. */
9349b4f9 1596int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1597{
7d03f82f 1598#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1599 CPUBreakpoint *bp;
1600
72cf2d4f 1601 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1602 if (bp->pc == pc && bp->flags == flags) {
1603 cpu_breakpoint_remove_by_ref(env, bp);
1604 return 0;
1605 }
7d03f82f 1606 }
a1d1bb31
AL		 1607 return -ENOENT;
1608#else
1609 return -ENOSYS;
7d03f82f
EI		 1610#endif
1611}
1612
a1d1bb31 1613/* Remove a specific breakpoint by reference. */
9349b4f9 1614void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1615{
1fddef4b 1616#if defined(TARGET_HAS_ICE)
72cf2d4f 1617 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1618
a1d1bb31
AL		 1619 breakpoint_invalidate(env, breakpoint->pc);
1620
7267c094 1621 g_free(breakpoint);
a1d1bb31
AL		 1622#endif
1623}
1624
1625/* Remove all matching breakpoints. */
9349b4f9 1626void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1627{
1628#if defined(TARGET_HAS_ICE)
c0ce998e 1629 CPUBreakpoint *bp, *next;
a1d1bb31 1630
72cf2d4f 1631 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1632 if (bp->flags & mask)
1633 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1634 }
4c3a88a2
FB		 1635#endif
1636}
1637
c33a346e
FB		 1638/* enable or disable single step mode. EXCP_DEBUG is returned by the
1639 CPU loop after each instruction */
9349b4f9 1640void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1641{
1fddef4b 1642#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1643 if (env->singlestep_enabled != enabled) {
1644 env->singlestep_enabled = enabled;
e22a25c9
AL		 1645 if (kvm_enabled())
1646 kvm_update_guest_debug(env, 0);
1647 else {
ccbb4d44 1648 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1649 /* XXX: only flush what is necessary */
1650 tb_flush(env);
1651 }
c33a346e
FB		 1652 }
1653#endif
1654}
1655
9349b4f9 1656static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1657{
3098dba0
AJ		 1658 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1659 problem and hope the cpu will stop of its own accord. For userspace
1660 emulation this often isn't actually as bad as it sounds. Often
1661 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1662 TranslationBlock *tb;
c227f099 1663 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1664
cab1b4bd 1665 spin_lock(&interrupt_lock);
3098dba0
AJ		 1666 tb = env->current_tb;
1667 /* if the cpu is currently executing code, we must unlink it and
1668 all the potentially executing TB */
f76cfe56 1669 if (tb) {
3098dba0
AJ		 1670 env->current_tb = NULL;
1671 tb_reset_jump_recursive(tb);
be214e6c 1672 }
cab1b4bd 1673 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1674}
1675
97ffbd8d 1676#ifndef CONFIG_USER_ONLY
3098dba0 1677/* mask must never be zero, except for A20 change call */
9349b4f9 1678static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1679{
1680 int old_mask;
be214e6c 1681
2e70f6ef 1682 old_mask = env->interrupt_request;
68a79315 1683 env->interrupt_request |= mask;
3098dba0 1684
8edac960
AL		 1685 /*
1686 * If called from iothread context, wake the target cpu in
1687 * case its halted.
1688 */
b7680cb6 1689 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1690 qemu_cpu_kick(env);
1691 return;
1692 }
8edac960 1693
2e70f6ef 1694 if (use_icount) {
266910c4 1695 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1696 if (!can_do_io(env)
be214e6c 1697 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1698 cpu_abort(env, "Raised interrupt while not in I/O function");
1699 }
2e70f6ef 1700 } else {
3098dba0 1701 cpu_unlink_tb(env);
ea041c0e
FB		 1702 }
1703}
1704
ec6959d0
JK		 1705CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1706
97ffbd8d
JK		 1707#else /* CONFIG_USER_ONLY */
1708
9349b4f9 1709void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1710{
1711 env->interrupt_request |= mask;
1712 cpu_unlink_tb(env);
1713}
1714#endif /* CONFIG_USER_ONLY */
1715
9349b4f9 1716void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1717{
1718 env->interrupt_request &= ~mask;
1719}
1720
9349b4f9 1721void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1722{
1723 env->exit_request = 1;
1724 cpu_unlink_tb(env);
1725}
1726
9349b4f9 1727void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1728{
1729 va_list ap;
493ae1f0 1730 va_list ap2;
7501267e
FB		 1731
1732 va_start(ap, fmt);
493ae1f0 1733 va_copy(ap2, ap);
7501267e
FB		 1734 fprintf(stderr, "qemu: fatal: ");
1735 vfprintf(stderr, fmt, ap);
1736 fprintf(stderr, "\n");
6fd2a026 1737 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1738 if (qemu_log_enabled()) {
1739 qemu_log("qemu: fatal: ");
1740 qemu_log_vprintf(fmt, ap2);
1741 qemu_log("\n");
6fd2a026 1742 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1743 qemu_log_flush();
93fcfe39 1744 qemu_log_close();
924edcae 1745 }
493ae1f0 1746 va_end(ap2);
f9373291 1747 va_end(ap);
fd052bf6
RV		 1748#if defined(CONFIG_USER_ONLY)
1749 {
1750 struct sigaction act;
1751 sigfillset(&act.sa_mask);
1752 act.sa_handler = SIG_DFL;
1753 sigaction(SIGABRT, &act, NULL);
1754 }
1755#endif
7501267e
FB		 1756 abort();
1757}
1758
9349b4f9 1759CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1760{
9349b4f9
AF		 1761 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1762 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1763 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1764#if defined(TARGET_HAS_ICE)
1765 CPUBreakpoint *bp;
1766 CPUWatchpoint *wp;
1767#endif
1768
9349b4f9 1769 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1770
1771 /* Preserve chaining and index. */
c5be9f08
TS		 1772 new_env->next_cpu = next_cpu;
1773 new_env->cpu_index = cpu_index;
5a38f081
AL		 1774
1775 /* Clone all break/watchpoints.
1776 Note: Once we support ptrace with hw-debug register access, make sure
1777 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1778 QTAILQ_INIT(&env->breakpoints);
1779 QTAILQ_INIT(&env->watchpoints);
5a38f081 1780#if defined(TARGET_HAS_ICE)
72cf2d4f 1781 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1782 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1783 }
72cf2d4f 1784 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1785 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1786 wp->flags, NULL);
1787 }
1788#endif
1789
c5be9f08
TS		 1790 return new_env;
1791}
1792
0124311e 1793#if !defined(CONFIG_USER_ONLY)
0cac1b66 1794void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1795{
1796 unsigned int i;
1797
1798 /* Discard jump cache entries for any tb which might potentially
1799 overlap the flushed page. */
1800 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1801 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1802 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1803
1804 i = tb_jmp_cache_hash_page(addr);
1805 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1806 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1807}
1808
d24981d3
JQ		 1809static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1810 uintptr_t length)
1811{
1812 uintptr_t start1;
1813
1814 /* we modify the TLB cache so that the dirty bit will be set again
1815 when accessing the range */
1816 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1817 /* Check that we don't span multiple blocks - this breaks the
1818 address comparisons below. */
1819 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1820 != (end - 1) - start) {
1821 abort();
1822 }
1823 cpu_tlb_reset_dirty_all(start1, length);
1824
1825}
1826
5579c7f3 1827/* Note: start and end must be within the same ram block. */
c227f099 1828void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1829 int dirty_flags)
1ccde1cb 1830{
d24981d3 1831 uintptr_t length;
1ccde1cb
FB		 1832
1833 start &= TARGET_PAGE_MASK;
1834 end = TARGET_PAGE_ALIGN(end);
1835
1836 length = end - start;
1837 if (length == 0)
1838 return;
f7c11b53 1839 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1840
d24981d3
JQ		 1841 if (tcg_enabled()) {
1842 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1843 }
1ccde1cb
FB		 1844}
1845
74576198
AL		 1846int cpu_physical_memory_set_dirty_tracking(int enable)
1847{
f6f3fbca 1848 int ret = 0;
74576198 1849 in_migration = enable;
f6f3fbca 1850 return ret;
74576198
AL		 1851}
1852
e5548617
BS		 1853target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1854 MemoryRegionSection *section,
1855 target_ulong vaddr,
1856 target_phys_addr_t paddr,
1857 int prot,
1858 target_ulong *address)
1859{
1860 target_phys_addr_t iotlb;
1861 CPUWatchpoint *wp;
1862
cc5bea60 1863 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1864 /* Normal RAM. */
1865 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1866 + memory_region_section_addr(section, paddr);
e5548617
BS		 1867 if (!section->readonly) {
1868 iotlb |= phys_section_notdirty;
1869 } else {
1870 iotlb |= phys_section_rom;
1871 }
1872 } else {
1873 /* IO handlers are currently passed a physical address.
1874 It would be nice to pass an offset from the base address
1875 of that region. This would avoid having to special case RAM,
1876 and avoid full address decoding in every device.
1877 We can't use the high bits of pd for this because
1878 IO_MEM_ROMD uses these as a ram address. */
1879 iotlb = section - phys_sections;
cc5bea60 1880 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1881 }
1882
1883 /* Make accesses to pages with watchpoints go via the
1884 watchpoint trap routines. */
1885 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1886 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1887 /* Avoid trapping reads of pages with a write breakpoint. */
1888 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1889 iotlb = phys_section_watch + paddr;
1890 *address |= TLB_MMIO;
1891 break;
1892 }
1893 }
1894 }
1895
1896 return iotlb;
1897}
1898
0124311e 1899#else
edf8e2af
MW		 1900/*
1901 * Walks guest process memory "regions" one by one
1902 * and calls callback function 'fn' for each region.
1903 */
5cd2c5b6
RH		 1904
1905struct walk_memory_regions_data
1906{
1907 walk_memory_regions_fn fn;
1908 void *priv;
8efe0ca8 1909 uintptr_t start;
5cd2c5b6
RH		 1910 int prot;
1911};
1912
1913static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1914 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1915{
1916 if (data->start != -1ul) {
1917 int rc = data->fn(data->priv, data->start, end, data->prot);
1918 if (rc != 0) {
1919 return rc;
1920 }
1921 }
1922
1923 data->start = (new_prot ? end : -1ul);
1924 data->prot = new_prot;
1925
1926 return 0;
1927}
1928
1929static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1930 abi_ulong base, int level, void **lp)
5cd2c5b6 1931{
b480d9b7 1932 abi_ulong pa;
5cd2c5b6
RH		 1933 int i, rc;
1934
1935 if (*lp == NULL) {
1936 return walk_memory_regions_end(data, base, 0);
1937 }
1938
1939 if (level == 0) {
1940 PageDesc *pd = *lp;
7296abac 1941 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1942 int prot = pd[i].flags;
1943
1944 pa = base | (i << TARGET_PAGE_BITS);
1945 if (prot != data->prot) {
1946 rc = walk_memory_regions_end(data, pa, prot);
1947 if (rc != 0) {
1948 return rc;
9fa3e853 1949 }
9fa3e853 1950 }
5cd2c5b6
RH		 1951 }
1952 } else {
1953 void **pp = *lp;
7296abac 1954 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1955 pa = base | ((abi_ulong)i <<
1956 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1957 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1958 if (rc != 0) {
1959 return rc;
1960 }
1961 }
1962 }
1963
1964 return 0;
1965}
1966
1967int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1968{
1969 struct walk_memory_regions_data data;
8efe0ca8 1970 uintptr_t i;
5cd2c5b6
RH		 1971
1972 data.fn = fn;
1973 data.priv = priv;
1974 data.start = -1ul;
1975 data.prot = 0;
1976
1977 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1978 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1979 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1980 if (rc != 0) {
1981 return rc;
9fa3e853 1982 }
33417e70 1983 }
5cd2c5b6
RH		 1984
1985 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 1986}
1987
b480d9b7
PB		 1988static int dump_region(void *priv, abi_ulong start,
1989 abi_ulong end, unsigned long prot)
edf8e2af
MW		 1990{
1991 FILE *f = (FILE *)priv;
1992
b480d9b7
PB		 1993 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
1994 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 1995 start, end, end - start,
1996 ((prot & PAGE_READ) ? 'r' : '-'),
1997 ((prot & PAGE_WRITE) ? 'w' : '-'),
1998 ((prot & PAGE_EXEC) ? 'x' : '-'));
1999
2000 return (0);
2001}
2002
2003/* dump memory mappings */
2004void page_dump(FILE *f)
2005{
2006 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2007 "start", "end", "size", "prot");
2008 walk_memory_regions(f, dump_region);
33417e70
FB		 2009}
2010
53a5960a 2011int page_get_flags(target_ulong address)
33417e70 2012{
9fa3e853
FB		 2013 PageDesc *p;
2014
2015 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2016 if (!p)
9fa3e853
FB		 2017 return 0;
2018 return p->flags;
2019}
2020
376a7909
RH		 2021/* Modify the flags of a page and invalidate the code if necessary.
2022 The flag PAGE_WRITE_ORG is positioned automatically depending
2023 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2024void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2025{
376a7909
RH		 2026 target_ulong addr, len;
2027
2028 /* This function should never be called with addresses outside the
2029 guest address space. If this assert fires, it probably indicates
2030 a missing call to h2g_valid. */
b480d9b7
PB		 2031#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2032 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2033#endif
2034 assert(start < end);
9fa3e853
FB		 2035
2036 start = start & TARGET_PAGE_MASK;
2037 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2038
2039 if (flags & PAGE_WRITE) {
9fa3e853 2040 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2041 }
2042
2043 for (addr = start, len = end - start;
2044 len != 0;
2045 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2046 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2047
2048 /* If the write protection bit is set, then we invalidate
2049 the code inside. */
5fafdf24 2050 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2051 (flags & PAGE_WRITE) &&
2052 p->first_tb) {
d720b93d 2053 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2054 }
2055 p->flags = flags;
2056 }
33417e70
FB		 2057}
2058
3d97b40b
TS		 2059int page_check_range(target_ulong start, target_ulong len, int flags)
2060{
2061 PageDesc *p;
2062 target_ulong end;
2063 target_ulong addr;
2064
376a7909
RH		 2065 /* This function should never be called with addresses outside the
2066 guest address space. If this assert fires, it probably indicates
2067 a missing call to h2g_valid. */
338e9e6c
BS		 2068#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2069 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2070#endif
2071
3e0650a9
RH		 2072 if (len == 0) {
2073 return 0;
2074 }
376a7909
RH		 2075 if (start + len - 1 < start) {
2076 /* We've wrapped around. */
55f280c9 2077 return -1;
376a7909 2078 }
55f280c9 2079
3d97b40b
TS		 2080 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2081 start = start & TARGET_PAGE_MASK;
2082
376a7909
RH		 2083 for (addr = start, len = end - start;
2084 len != 0;
2085 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2086 p = page_find(addr >> TARGET_PAGE_BITS);
2087 if( !p )
2088 return -1;
2089 if( !(p->flags & PAGE_VALID) )
2090 return -1;
2091
dae3270c 2092 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2093 return -1;
dae3270c
FB		 2094 if (flags & PAGE_WRITE) {
2095 if (!(p->flags & PAGE_WRITE_ORG))
2096 return -1;
2097 /* unprotect the page if it was put read-only because it
2098 contains translated code */
2099 if (!(p->flags & PAGE_WRITE)) {
2100 if (!page_unprotect(addr, 0, NULL))
2101 return -1;
2102 }
2103 return 0;
2104 }
3d97b40b
TS		 2105 }
2106 return 0;
2107}
2108
9fa3e853 2109/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2110 page. Return TRUE if the fault was successfully handled. */
6375e09e 2111int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2112{
45d679d6
AJ		 2113 unsigned int prot;
2114 PageDesc *p;
53a5960a 2115 target_ulong host_start, host_end, addr;
9fa3e853 2116
c8a706fe
PB		 2117 /* Technically this isn't safe inside a signal handler. However we
2118 know this only ever happens in a synchronous SEGV handler, so in
2119 practice it seems to be ok. */
2120 mmap_lock();
2121
45d679d6
AJ		 2122 p = page_find(address >> TARGET_PAGE_BITS);
2123 if (!p) {
c8a706fe 2124 mmap_unlock();
9fa3e853 2125 return 0;
c8a706fe 2126 }
45d679d6 2127
9fa3e853
FB		 2128 /* if the page was really writable, then we change its
2129 protection back to writable */
45d679d6
AJ		 2130 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2131 host_start = address & qemu_host_page_mask;
2132 host_end = host_start + qemu_host_page_size;
2133
2134 prot = 0;
2135 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2136 p = page_find(addr >> TARGET_PAGE_BITS);
2137 p->flags |= PAGE_WRITE;
2138 prot |= p->flags;
2139
9fa3e853
FB		 2140 /* and since the content will be modified, we must invalidate
2141 the corresponding translated code. */
45d679d6 2142 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2143#ifdef DEBUG_TB_CHECK
45d679d6 2144 tb_invalidate_check(addr);
9fa3e853 2145#endif
9fa3e853 2146 }
45d679d6
AJ		 2147 mprotect((void *)g2h(host_start), qemu_host_page_size,
2148 prot & PAGE_BITS);
2149
2150 mmap_unlock();
2151 return 1;
9fa3e853 2152 }
c8a706fe 2153 mmap_unlock();
9fa3e853
FB		 2154 return 0;
2155}
9fa3e853
FB		 2156#endif /* defined(CONFIG_USER_ONLY) */
2157
e2eef170 2158#if !defined(CONFIG_USER_ONLY)
8da3ff18 2159
c04b2b78
PB		 2160#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2161typedef struct subpage_t {
70c68e44 2162 MemoryRegion iomem;
c04b2b78 2163 target_phys_addr_t base;
5312bd8b 2164 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2165} subpage_t;
2166
c227f099 2167static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2168 uint16_t section);
0f0cb164 2169static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2170static void destroy_page_desc(uint16_t section_index)
54688b1e 2171{
5312bd8b
AK		 2172 MemoryRegionSection *section = &phys_sections[section_index];
2173 MemoryRegion *mr = section->mr;
54688b1e
AK		 2174
2175 if (mr->subpage) {
2176 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2177 memory_region_destroy(&subpage->iomem);
2178 g_free(subpage);
2179 }
2180}
2181
4346ae3e 2182static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2183{
2184 unsigned i;
d6f2ea22 2185 PhysPageEntry *p;
54688b1e 2186
c19e8800 2187 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2188 return;
2189 }
2190
c19e8800 2191 p = phys_map_nodes[lp->ptr];
4346ae3e 2192 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2193 if (!p[i].is_leaf) {
54688b1e 2194 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2195 } else {
c19e8800 2196 destroy_page_desc(p[i].ptr);
54688b1e 2197 }
54688b1e 2198 }
07f07b31 2199 lp->is_leaf = 0;
c19e8800 2200 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2201}
2202
ac1970fb 2203static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 2204{
ac1970fb 2205 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 2206 phys_map_nodes_reset();
54688b1e
AK		 2207}
2208
5312bd8b
AK		 2209static uint16_t phys_section_add(MemoryRegionSection *section)
2210{
2211 if (phys_sections_nb == phys_sections_nb_alloc) {
2212 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2213 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2214 phys_sections_nb_alloc);
2215 }
2216 phys_sections[phys_sections_nb] = *section;
2217 return phys_sections_nb++;
2218}
2219
2220static void phys_sections_clear(void)
2221{
2222 phys_sections_nb = 0;
2223}
2224
ac1970fb 2225static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 2226{
2227 subpage_t *subpage;
2228 target_phys_addr_t base = section->offset_within_address_space
2229 & TARGET_PAGE_MASK;
ac1970fb 2230 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2231 MemoryRegionSection subsection = {
2232 .offset_within_address_space = base,
2233 .size = TARGET_PAGE_SIZE,
2234 };
0f0cb164
AK		 2235 target_phys_addr_t start, end;
2236
f3705d53 2237 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2238
f3705d53 2239 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2240 subpage = subpage_init(base);
2241 subsection.mr = &subpage->iomem;
ac1970fb 2242 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 2243 phys_section_add(&subsection));
0f0cb164 2244 } else {
f3705d53 2245 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2246 }
2247 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2248 end = start + section->size - 1;
0f0cb164
AK		 2249 subpage_register(subpage, start, end, phys_section_add(section));
2250}
2251
2252
ac1970fb 2253static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 2254{
dd81124b
AK		 2255 target_phys_addr_t start_addr = section->offset_within_address_space;
2256 ram_addr_t size = section->size;
2999097b 2257 target_phys_addr_t addr;
5312bd8b 2258 uint16_t section_index = phys_section_add(section);
dd81124b 2259
3b8e6a2d 2260 assert(size);
f6f3fbca 2261
3b8e6a2d 2262 addr = start_addr;
ac1970fb 2263 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 2264 section_index);
33417e70
FB		 2265}
2266
ac1970fb 2267static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 2268{
ac1970fb 2269 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
0f0cb164
AK		 2270 MemoryRegionSection now = *section, remain = *section;
2271
2272 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2273 || (now.size < TARGET_PAGE_SIZE)) {
2274 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2275 - now.offset_within_address_space,
2276 now.size);
ac1970fb 2277 register_subpage(d, &now);
0f0cb164
AK		 2278 remain.size -= now.size;
2279 remain.offset_within_address_space += now.size;
2280 remain.offset_within_region += now.size;
2281 }
69b67646
TH		 2282 while (remain.size >= TARGET_PAGE_SIZE) {
2283 now = remain;
2284 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2285 now.size = TARGET_PAGE_SIZE;
ac1970fb 2286 register_subpage(d, &now);
69b67646
TH		 2287 } else {
2288 now.size &= TARGET_PAGE_MASK;
ac1970fb 2289 register_multipage(d, &now);
69b67646 2290 }
0f0cb164
AK		 2291 remain.size -= now.size;
2292 remain.offset_within_address_space += now.size;
2293 remain.offset_within_region += now.size;
2294 }
2295 now = remain;
2296 if (now.size) {
ac1970fb 2297 register_subpage(d, &now);
0f0cb164
AK		 2298 }
2299}
2300
62a2744c
SY		 2301void qemu_flush_coalesced_mmio_buffer(void)
2302{
2303 if (kvm_enabled())
2304 kvm_flush_coalesced_mmio_buffer();
2305}
2306
c902760f
MT		 2307#if defined(__linux__) && !defined(TARGET_S390X)
2308
2309#include <sys/vfs.h>
2310
2311#define HUGETLBFS_MAGIC 0x958458f6
2312
2313static long gethugepagesize(const char *path)
2314{
2315 struct statfs fs;
2316 int ret;
2317
2318 do {
9742bf26 2319 ret = statfs(path, &fs);
c902760f
MT		 2320 } while (ret != 0 && errno == EINTR);
2321
2322 if (ret != 0) {
9742bf26
YT		 2323 perror(path);
2324 return 0;
c902760f
MT		 2325 }
2326
2327 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2328 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2329
2330 return fs.f_bsize;
2331}
2332
04b16653
AW		 2333static void *file_ram_alloc(RAMBlock *block,
2334 ram_addr_t memory,
2335 const char *path)
c902760f
MT		 2336{
2337 char *filename;
2338 void *area;
2339 int fd;
2340#ifdef MAP_POPULATE
2341 int flags;
2342#endif
2343 unsigned long hpagesize;
2344
2345 hpagesize = gethugepagesize(path);
2346 if (!hpagesize) {
9742bf26 2347 return NULL;
c902760f
MT		 2348 }
2349
2350 if (memory < hpagesize) {
2351 return NULL;
2352 }
2353
2354 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2355 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2356 return NULL;
2357 }
2358
2359 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2360 return NULL;
c902760f
MT		 2361 }
2362
2363 fd = mkstemp(filename);
2364 if (fd < 0) {
9742bf26
YT		 2365 perror("unable to create backing store for hugepages");
2366 free(filename);
2367 return NULL;
c902760f
MT		 2368 }
2369 unlink(filename);
2370 free(filename);
2371
2372 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2373
2374 /*
2375 * ftruncate is not supported by hugetlbfs in older
2376 * hosts, so don't bother bailing out on errors.
2377 * If anything goes wrong with it under other filesystems,
2378 * mmap will fail.
2379 */
2380 if (ftruncate(fd, memory))
9742bf26 2381 perror("ftruncate");
c902760f
MT		 2382
2383#ifdef MAP_POPULATE
2384 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2385 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2386 * to sidestep this quirk.
2387 */
2388 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2389 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2390#else
2391 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2392#endif
2393 if (area == MAP_FAILED) {
9742bf26
YT		 2394 perror("file_ram_alloc: can't mmap RAM pages");
2395 close(fd);
2396 return (NULL);
c902760f 2397 }
04b16653 2398 block->fd = fd;
c902760f
MT		 2399 return area;
2400}
2401#endif
2402
d17b5288 2403static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2404{
2405 RAMBlock *block, *next_block;
3e837b2c 2406 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2407
2408 if (QLIST_EMPTY(&ram_list.blocks))
2409 return 0;
2410
2411 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2412 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2413
2414 end = block->offset + block->length;
2415
2416 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2417 if (next_block->offset >= end) {
2418 next = MIN(next, next_block->offset);
2419 }
2420 }
2421 if (next - end >= size && next - end < mingap) {
3e837b2c 2422 offset = end;
04b16653
AW		 2423 mingap = next - end;
2424 }
2425 }
3e837b2c
AW		 2426
2427 if (offset == RAM_ADDR_MAX) {
2428 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2429 (uint64_t)size);
2430 abort();
2431 }
2432
04b16653
AW		 2433 return offset;
2434}
2435
2436static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2437{
2438 RAMBlock *block;
2439 ram_addr_t last = 0;
2440
2441 QLIST_FOREACH(block, &ram_list.blocks, next)
2442 last = MAX(last, block->offset + block->length);
2443
2444 return last;
2445}
2446
ddb97f1d
JB		 2447static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2448{
2449 int ret;
2450 QemuOpts *machine_opts;
2451
2452 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2453 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2454 if (machine_opts &&
2455 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2456 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2457 if (ret) {
2458 perror("qemu_madvise");
2459 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2460 "but dump_guest_core=off specified\n");
2461 }
2462 }
2463}
2464
c5705a77 2465void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2466{
2467 RAMBlock *new_block, *block;
2468
c5705a77
AK		 2469 new_block = NULL;
2470 QLIST_FOREACH(block, &ram_list.blocks, next) {
2471 if (block->offset == addr) {
2472 new_block = block;
2473 break;
2474 }
2475 }
2476 assert(new_block);
2477 assert(!new_block->idstr[0]);
84b89d78 2478
09e5ab63
AL		 2479 if (dev) {
2480 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2481 if (id) {
2482 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2483 g_free(id);
84b89d78
CM		 2484 }
2485 }
2486 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2487
2488 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2489 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2490 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2491 new_block->idstr);
2492 abort();
2493 }
2494 }
c5705a77
AK		 2495}
2496
8490fc78
LC		 2497static int memory_try_enable_merging(void *addr, size_t len)
2498{
2499 QemuOpts *opts;
2500
2501 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2502 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2503 /* disabled by the user */
2504 return 0;
2505 }
2506
2507 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2508}
2509
c5705a77
AK		 2510ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2511 MemoryRegion *mr)
2512{
2513 RAMBlock *new_block;
2514
2515 size = TARGET_PAGE_ALIGN(size);
2516 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2517
7c637366 2518 new_block->mr = mr;
432d268c 2519 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2520 if (host) {
2521 new_block->host = host;
cd19cfa2 2522 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2523 } else {
2524 if (mem_path) {
c902760f 2525#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2526 new_block->host = file_ram_alloc(new_block, size, mem_path);
2527 if (!new_block->host) {
2528 new_block->host = qemu_vmalloc(size);
8490fc78 2529 memory_try_enable_merging(new_block->host, size);
6977dfe6 2530 }
c902760f 2531#else
6977dfe6
YT		 2532 fprintf(stderr, "-mem-path option unsupported\n");
2533 exit(1);
c902760f 2534#endif
6977dfe6 2535 } else {
868bb33f 2536 if (xen_enabled()) {
fce537d4 2537 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2538 } else if (kvm_enabled()) {
2539 /* some s390/kvm configurations have special constraints */
2540 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2541 } else {
2542 new_block->host = qemu_vmalloc(size);
2543 }
8490fc78 2544 memory_try_enable_merging(new_block->host, size);
6977dfe6 2545 }
c902760f 2546 }
94a6b54f
PB		 2547 new_block->length = size;
2548
f471a17e 2549 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2550
7267c094 2551 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2552 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2553 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2554 0, size >> TARGET_PAGE_BITS);
1720aeee 2555 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2556
ddb97f1d
JB		 2557 qemu_ram_setup_dump(new_block->host, size);
2558
6f0437e8
JK		 2559 if (kvm_enabled())
2560 kvm_setup_guest_memory(new_block->host, size);
2561
94a6b54f
PB		 2562 return new_block->offset;
2563}
e9a1ab19 2564
c5705a77 2565ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2566{
c5705a77 2567 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2568}
2569
1f2e98b6
AW		 2570void qemu_ram_free_from_ptr(ram_addr_t addr)
2571{
2572 RAMBlock *block;
2573
2574 QLIST_FOREACH(block, &ram_list.blocks, next) {
2575 if (addr == block->offset) {
2576 QLIST_REMOVE(block, next);
7267c094 2577 g_free(block);
1f2e98b6
AW		 2578 return;
2579 }
2580 }
2581}
2582
c227f099 2583void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2584{
04b16653
AW		 2585 RAMBlock *block;
2586
2587 QLIST_FOREACH(block, &ram_list.blocks, next) {
2588 if (addr == block->offset) {
2589 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2590 if (block->flags & RAM_PREALLOC_MASK) {
2591 ;
2592 } else if (mem_path) {
04b16653
AW		 2593#if defined (__linux__) && !defined(TARGET_S390X)
2594 if (block->fd) {
2595 munmap(block->host, block->length);
2596 close(block->fd);
2597 } else {
2598 qemu_vfree(block->host);
2599 }
fd28aa13
JK		 2600#else
2601 abort();
04b16653
AW		 2602#endif
2603 } else {
2604#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2605 munmap(block->host, block->length);
2606#else
868bb33f 2607 if (xen_enabled()) {
e41d7c69 2608 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2609 } else {
2610 qemu_vfree(block->host);
2611 }
04b16653
AW		 2612#endif
2613 }
7267c094 2614 g_free(block);
04b16653
AW		 2615 return;
2616 }
2617 }
2618
e9a1ab19
FB		 2619}
2620
cd19cfa2
HY		 2621#ifndef _WIN32
2622void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2623{
2624 RAMBlock *block;
2625 ram_addr_t offset;
2626 int flags;
2627 void *area, *vaddr;
2628
2629 QLIST_FOREACH(block, &ram_list.blocks, next) {
2630 offset = addr - block->offset;
2631 if (offset < block->length) {
2632 vaddr = block->host + offset;
2633 if (block->flags & RAM_PREALLOC_MASK) {
2634 ;
2635 } else {
2636 flags = MAP_FIXED;
2637 munmap(vaddr, length);
2638 if (mem_path) {
2639#if defined(__linux__) && !defined(TARGET_S390X)
2640 if (block->fd) {
2641#ifdef MAP_POPULATE
2642 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2643 MAP_PRIVATE;
2644#else
2645 flags |= MAP_PRIVATE;
2646#endif
2647 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2648 flags, block->fd, offset);
2649 } else {
2650 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2651 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2652 flags, -1, 0);
2653 }
fd28aa13
JK		 2654#else
2655 abort();
cd19cfa2
HY		 2656#endif
2657 } else {
2658#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2659 flags |= MAP_SHARED | MAP_ANONYMOUS;
2660 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2661 flags, -1, 0);
2662#else
2663 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2664 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2665 flags, -1, 0);
2666#endif
2667 }
2668 if (area != vaddr) {
f15fbc4b
AP		 2669 fprintf(stderr, "Could not remap addr: "
2670 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2671 length, addr);
2672 exit(1);
2673 }
8490fc78 2674 memory_try_enable_merging(vaddr, length);
ddb97f1d 2675 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2676 }
2677 return;
2678 }
2679 }
2680}
2681#endif /* !_WIN32 */
2682
dc828ca1 2683/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2684 With the exception of the softmmu code in this file, this should
2685 only be used for local memory (e.g. video ram) that the device owns,
2686 and knows it isn't going to access beyond the end of the block.
2687
2688 It should not be used for general purpose DMA.
2689 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2690 */
c227f099 2691void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2692{
94a6b54f
PB		 2693 RAMBlock *block;
2694
f471a17e
AW		 2695 QLIST_FOREACH(block, &ram_list.blocks, next) {
2696 if (addr - block->offset < block->length) {
7d82af38
VP		 2697 /* Move this entry to to start of the list. */
2698 if (block != QLIST_FIRST(&ram_list.blocks)) {
2699 QLIST_REMOVE(block, next);
2700 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2701 }
868bb33f 2702 if (xen_enabled()) {
432d268c
JN		 2703 /* We need to check if the requested address is in the RAM
2704 * because we don't want to map the entire memory in QEMU.
712c2b41 2705 * In that case just map until the end of the page.
432d268c
JN		 2706 */
2707 if (block->offset == 0) {
e41d7c69 2708 return xen_map_cache(addr, 0, 0);
432d268c 2709 } else if (block->host == NULL) {
e41d7c69
JK		 2710 block->host =
2711 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2712 }
2713 }
f471a17e
AW		 2714 return block->host + (addr - block->offset);
2715 }
94a6b54f 2716 }
f471a17e
AW		 2717
2718 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2719 abort();
2720
2721 return NULL;
dc828ca1
PB		 2722}
2723
b2e0a138
MT		 2724/* Return a host pointer to ram allocated with qemu_ram_alloc.
2725 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2726 */
2727void *qemu_safe_ram_ptr(ram_addr_t addr)
2728{
2729 RAMBlock *block;
2730
2731 QLIST_FOREACH(block, &ram_list.blocks, next) {
2732 if (addr - block->offset < block->length) {
868bb33f 2733 if (xen_enabled()) {
432d268c
JN		 2734 /* We need to check if the requested address is in the RAM
2735 * because we don't want to map the entire memory in QEMU.
712c2b41 2736 * In that case just map until the end of the page.
432d268c
JN		 2737 */
2738 if (block->offset == 0) {
e41d7c69 2739 return xen_map_cache(addr, 0, 0);
432d268c 2740 } else if (block->host == NULL) {
e41d7c69
JK		 2741 block->host =
2742 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2743 }
2744 }
b2e0a138
MT		 2745 return block->host + (addr - block->offset);
2746 }
2747 }
2748
2749 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2750 abort();
2751
2752 return NULL;
2753}
2754
38bee5dc
SS		 2755/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2756 * but takes a size argument */
8ab934f9 2757void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2758{
8ab934f9
SS		 2759 if (*size == 0) {
2760 return NULL;
2761 }
868bb33f 2762 if (xen_enabled()) {
e41d7c69 2763 return xen_map_cache(addr, *size, 1);
868bb33f 2764 } else {
38bee5dc
SS		 2765 RAMBlock *block;
2766
2767 QLIST_FOREACH(block, &ram_list.blocks, next) {
2768 if (addr - block->offset < block->length) {
2769 if (addr - block->offset + *size > block->length)
2770 *size = block->length - addr + block->offset;
2771 return block->host + (addr - block->offset);
2772 }
2773 }
2774
2775 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2776 abort();
38bee5dc
SS		 2777 }
2778}
2779
050a0ddf
AP		 2780void qemu_put_ram_ptr(void *addr)
2781{
2782 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2783}
2784
e890261f 2785int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2786{
94a6b54f
PB		 2787 RAMBlock *block;
2788 uint8_t *host = ptr;
2789
868bb33f 2790 if (xen_enabled()) {
e41d7c69 2791 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2792 return 0;
2793 }
2794
f471a17e 2795 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2796 /* This case append when the block is not mapped. */
2797 if (block->host == NULL) {
2798 continue;
2799 }
f471a17e 2800 if (host - block->host < block->length) {
e890261f
MT		 2801 *ram_addr = block->offset + (host - block->host);
2802 return 0;
f471a17e 2803 }
94a6b54f 2804 }
432d268c 2805
e890261f
MT		 2806 return -1;
2807}
f471a17e 2808
e890261f
MT		 2809/* Some of the softmmu routines need to translate from a host pointer
2810 (typically a TLB entry) back to a ram offset. */
2811ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2812{
2813 ram_addr_t ram_addr;
f471a17e 2814
e890261f
MT		 2815 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2816 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2817 abort();
2818 }
2819 return ram_addr;
5579c7f3
PB		 2820}
2821
0e0df1e2
AK		 2822static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2823 unsigned size)
e18231a3
BS		 2824{
2825#ifdef DEBUG_UNASSIGNED
2826 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2827#endif
5b450407 2828#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2829 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2830#endif
2831 return 0;
2832}
2833
0e0df1e2
AK		 2834static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2835 uint64_t val, unsigned size)
e18231a3
BS		 2836{
2837#ifdef DEBUG_UNASSIGNED
0e0df1e2 2838 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2839#endif
5b450407 2840#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2841 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2842#endif
33417e70
FB		 2843}
2844
0e0df1e2
AK		 2845static const MemoryRegionOps unassigned_mem_ops = {
2846 .read = unassigned_mem_read,
2847 .write = unassigned_mem_write,
2848 .endianness = DEVICE_NATIVE_ENDIAN,
2849};
e18231a3 2850
0e0df1e2
AK		 2851static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2852 unsigned size)
e18231a3 2853{
0e0df1e2 2854 abort();
e18231a3
BS		 2855}
2856
0e0df1e2
AK		 2857static void error_mem_write(void *opaque, target_phys_addr_t addr,
2858 uint64_t value, unsigned size)
e18231a3 2859{
0e0df1e2 2860 abort();
33417e70
FB		 2861}
2862
0e0df1e2
AK		 2863static const MemoryRegionOps error_mem_ops = {
2864 .read = error_mem_read,
2865 .write = error_mem_write,
2866 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2867};
2868
0e0df1e2
AK		 2869static const MemoryRegionOps rom_mem_ops = {
2870 .read = error_mem_read,
2871 .write = unassigned_mem_write,
2872 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2873};
2874
0e0df1e2
AK		 2875static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2876 uint64_t val, unsigned size)
9fa3e853 2877{
3a7d929e 2878 int dirty_flags;
f7c11b53 2879 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2880 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2881#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2882 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2883 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2884#endif
3a7d929e 2885 }
0e0df1e2
AK		 2886 switch (size) {
2887 case 1:
2888 stb_p(qemu_get_ram_ptr(ram_addr), val);
2889 break;
2890 case 2:
2891 stw_p(qemu_get_ram_ptr(ram_addr), val);
2892 break;
2893 case 4:
2894 stl_p(qemu_get_ram_ptr(ram_addr), val);
2895 break;
2896 default:
2897 abort();
3a7d929e 2898 }
f23db169 2899 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2900 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2901 /* we remove the notdirty callback only if the code has been
2902 flushed */
2903 if (dirty_flags == 0xff)
2e70f6ef 2904 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2905}
2906
0e0df1e2
AK		 2907static const MemoryRegionOps notdirty_mem_ops = {
2908 .read = error_mem_read,
2909 .write = notdirty_mem_write,
2910 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2911};
2912
0f459d16 2913/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2914static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2915{
9349b4f9 2916 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2917 target_ulong pc, cs_base;
2918 TranslationBlock *tb;
0f459d16 2919 target_ulong vaddr;
a1d1bb31 2920 CPUWatchpoint *wp;
06d55cc1 2921 int cpu_flags;
0f459d16 2922
06d55cc1
AL		 2923 if (env->watchpoint_hit) {
2924 /* We re-entered the check after replacing the TB. Now raise
2925 * the debug interrupt so that is will trigger after the
2926 * current instruction. */
2927 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2928 return;
2929 }
2e70f6ef 2930 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2931 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2932 if ((vaddr == (wp->vaddr & len_mask) ||
2933 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2934 wp->flags |= BP_WATCHPOINT_HIT;
2935 if (!env->watchpoint_hit) {
2936 env->watchpoint_hit = wp;
2937 tb = tb_find_pc(env->mem_io_pc);
2938 if (!tb) {
2939 cpu_abort(env, "check_watchpoint: could not find TB for "
2940 "pc=%p", (void *)env->mem_io_pc);
2941 }
618ba8e6 2942 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2943 tb_phys_invalidate(tb, -1);
2944 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2945 env->exception_index = EXCP_DEBUG;
488d6577 2946 cpu_loop_exit(env);
6e140f28
AL		 2947 } else {
2948 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2949 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2950 cpu_resume_from_signal(env, NULL);
6e140f28 2951 }
06d55cc1 2952 }
6e140f28
AL		 2953 } else {
2954 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2955 }
2956 }
2957}
2958
6658ffb8
PB		 2959/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2960 so these check for a hit then pass through to the normal out-of-line
2961 phys routines. */
1ec9b909
AK		 2962static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
2963 unsigned size)
6658ffb8 2964{
1ec9b909
AK		 2965 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2966 switch (size) {
2967 case 1: return ldub_phys(addr);
2968 case 2: return lduw_phys(addr);
2969 case 4: return ldl_phys(addr);
2970 default: abort();
2971 }
6658ffb8
PB		 2972}
2973
1ec9b909
AK		 2974static void watch_mem_write(void *opaque, target_phys_addr_t addr,
2975 uint64_t val, unsigned size)
6658ffb8 2976{
1ec9b909
AK		 2977 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
2978 switch (size) {
67364150
MF		 2979 case 1:
2980 stb_phys(addr, val);
2981 break;
2982 case 2:
2983 stw_phys(addr, val);
2984 break;
2985 case 4:
2986 stl_phys(addr, val);
2987 break;
1ec9b909
AK		 2988 default: abort();
2989 }
6658ffb8
PB		 2990}
2991
1ec9b909
AK		 2992static const MemoryRegionOps watch_mem_ops = {
2993 .read = watch_mem_read,
2994 .write = watch_mem_write,
2995 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2996};
6658ffb8 2997
70c68e44
AK		 2998static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
2999 unsigned len)
db7b5426 3000{
70c68e44 3001 subpage_t *mmio = opaque;
f6405247 3002 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3003 MemoryRegionSection *section;
db7b5426
BS		 3004#if defined(DEBUG_SUBPAGE)
3005 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3006 mmio, len, addr, idx);
3007#endif
db7b5426 3008
5312bd8b
AK		 3009 section = &phys_sections[mmio->sub_section[idx]];
3010 addr += mmio->base;
3011 addr -= section->offset_within_address_space;
3012 addr += section->offset_within_region;
37ec01d4 3013 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3014}
3015
70c68e44
AK		 3016static void subpage_write(void *opaque, target_phys_addr_t addr,
3017 uint64_t value, unsigned len)
db7b5426 3018{
70c68e44 3019 subpage_t *mmio = opaque;
f6405247 3020 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3021 MemoryRegionSection *section;
db7b5426 3022#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3023 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3024 " idx %d value %"PRIx64"\n",
f6405247 3025 __func__, mmio, len, addr, idx, value);
db7b5426 3026#endif
f6405247 3027
5312bd8b
AK		 3028 section = &phys_sections[mmio->sub_section[idx]];
3029 addr += mmio->base;
3030 addr -= section->offset_within_address_space;
3031 addr += section->offset_within_region;
37ec01d4 3032 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3033}
3034
70c68e44
AK		 3035static const MemoryRegionOps subpage_ops = {
3036 .read = subpage_read,
3037 .write = subpage_write,
3038 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3039};
3040
de712f94
AK		 3041static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3042 unsigned size)
56384e8b
AF		 3043{
3044 ram_addr_t raddr = addr;
3045 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3046 switch (size) {
3047 case 1: return ldub_p(ptr);
3048 case 2: return lduw_p(ptr);
3049 case 4: return ldl_p(ptr);
3050 default: abort();
3051 }
56384e8b
AF		 3052}
3053
de712f94
AK		 3054static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3055 uint64_t value, unsigned size)
56384e8b
AF		 3056{
3057 ram_addr_t raddr = addr;
3058 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3059 switch (size) {
3060 case 1: return stb_p(ptr, value);
3061 case 2: return stw_p(ptr, value);
3062 case 4: return stl_p(ptr, value);
3063 default: abort();
3064 }
56384e8b
AF		 3065}
3066
de712f94
AK		 3067static const MemoryRegionOps subpage_ram_ops = {
3068 .read = subpage_ram_read,
3069 .write = subpage_ram_write,
3070 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3071};
3072
c227f099 3073static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3074 uint16_t section)
db7b5426
BS		 3075{
3076 int idx, eidx;
3077
3078 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3079 return -1;
3080 idx = SUBPAGE_IDX(start);
3081 eidx = SUBPAGE_IDX(end);
3082#if defined(DEBUG_SUBPAGE)
0bf9e31a 3083 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3084 mmio, start, end, idx, eidx, memory);
3085#endif
5312bd8b
AK		 3086 if (memory_region_is_ram(phys_sections[section].mr)) {
3087 MemoryRegionSection new_section = phys_sections[section];
3088 new_section.mr = &io_mem_subpage_ram;
3089 section = phys_section_add(&new_section);
56384e8b 3090 }
db7b5426 3091 for (; idx <= eidx; idx++) {
5312bd8b 3092 mmio->sub_section[idx] = section;
db7b5426
BS		 3093 }
3094
3095 return 0;
3096}
3097
0f0cb164 3098static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3099{
c227f099 3100 subpage_t *mmio;
db7b5426 3101
7267c094 3102 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3103
3104 mmio->base = base;
70c68e44
AK		 3105 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3106 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3107 mmio->iomem.subpage = true;
db7b5426 3108#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3109 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3110 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3111#endif
0f0cb164 3112 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3113
3114 return mmio;
3115}
3116
5312bd8b
AK		 3117static uint16_t dummy_section(MemoryRegion *mr)
3118{
3119 MemoryRegionSection section = {
3120 .mr = mr,
3121 .offset_within_address_space = 0,
3122 .offset_within_region = 0,
3123 .size = UINT64_MAX,
3124 };
3125
3126 return phys_section_add(&section);
3127}
3128
37ec01d4 3129MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3130{
37ec01d4 3131 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3132}
3133
e9179ce1
AK		 3134static void io_mem_init(void)
3135{
0e0df1e2 3136 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3137 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3138 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3139 "unassigned", UINT64_MAX);
3140 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3141 "notdirty", UINT64_MAX);
de712f94
AK		 3142 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3143 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3144 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3145 "watch", UINT64_MAX);
e9179ce1
AK		 3146}
3147
ac1970fb
AK		 3148static void mem_begin(MemoryListener *listener)
3149{
3150 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3151
3152 destroy_all_mappings(d);
3153 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3154}
3155
50c1e149
AK		 3156static void core_begin(MemoryListener *listener)
3157{
5312bd8b
AK		 3158 phys_sections_clear();
3159 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3160 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3161 phys_section_rom = dummy_section(&io_mem_rom);
3162 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3163}
3164
1d71148e 3165static void tcg_commit(MemoryListener *listener)
50c1e149 3166{
9349b4f9 3167 CPUArchState *env;
117712c3
AK		 3168
3169 /* since each CPU stores ram addresses in its TLB cache, we must
3170 reset the modified entries */
3171 /* XXX: slow ! */
3172 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3173 tlb_flush(env, 1);
3174 }
50c1e149
AK		 3175}
3176
93632747
AK		 3177static void core_log_global_start(MemoryListener *listener)
3178{
3179 cpu_physical_memory_set_dirty_tracking(1);
3180}
3181
3182static void core_log_global_stop(MemoryListener *listener)
3183{
3184 cpu_physical_memory_set_dirty_tracking(0);
3185}
3186
4855d41a
AK		 3187static void io_region_add(MemoryListener *listener,
3188 MemoryRegionSection *section)
3189{
a2d33521
AK		 3190 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3191
3192 mrio->mr = section->mr;
3193 mrio->offset = section->offset_within_region;
3194 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3195 section->offset_within_address_space, section->size);
a2d33521 3196 ioport_register(&mrio->iorange);
4855d41a
AK		 3197}
3198
3199static void io_region_del(MemoryListener *listener,
3200 MemoryRegionSection *section)
3201{
3202 isa_unassign_ioport(section->offset_within_address_space, section->size);
3203}
3204
93632747 3205static MemoryListener core_memory_listener = {
50c1e149 3206 .begin = core_begin,
93632747
AK		 3207 .log_global_start = core_log_global_start,
3208 .log_global_stop = core_log_global_stop,
ac1970fb 3209 .priority = 1,
93632747
AK		 3210};
3211
4855d41a
AK		 3212static MemoryListener io_memory_listener = {
3213 .region_add = io_region_add,
3214 .region_del = io_region_del,
4855d41a
AK		 3215 .priority = 0,
3216};
3217
1d71148e
AK		 3218static MemoryListener tcg_memory_listener = {
3219 .commit = tcg_commit,
3220};
3221
ac1970fb
AK		 3222void address_space_init_dispatch(AddressSpace *as)
3223{
3224 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3225
3226 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3227 d->listener = (MemoryListener) {
3228 .begin = mem_begin,
3229 .region_add = mem_add,
3230 .region_nop = mem_add,
3231 .priority = 0,
3232 };
3233 as->dispatch = d;
3234 memory_listener_register(&d->listener, as);
3235}
3236
62152b8a
AK		 3237static void memory_map_init(void)
3238{
7267c094 3239 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3240 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 3241 address_space_init(&address_space_memory, system_memory);
3242 address_space_memory.name = "memory";
309cb471 3243
7267c094 3244 system_io = g_malloc(sizeof(*system_io));
309cb471 3245 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 3246 address_space_init(&address_space_io, system_io);
3247 address_space_io.name = "I/O";
93632747 3248
f6790af6
AK		 3249 memory_listener_register(&core_memory_listener, &address_space_memory);
3250 memory_listener_register(&io_memory_listener, &address_space_io);
3251 memory_listener_register(&tcg_memory_listener, &address_space_memory);
62152b8a
AK		 3252}
3253
3254MemoryRegion *get_system_memory(void)
3255{
3256 return system_memory;
3257}
3258
309cb471
AK		 3259MemoryRegion *get_system_io(void)
3260{
3261 return system_io;
3262}
3263
e2eef170
PB		 3264#endif /* !defined(CONFIG_USER_ONLY) */
3265
13eb76e0
FB		 3266/* physical memory access (slow version, mainly for debug) */
3267#if defined(CONFIG_USER_ONLY)
9349b4f9 3268int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3269 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3270{
3271 int l, flags;
3272 target_ulong page;
53a5960a 3273 void * p;
13eb76e0
FB		 3274
3275 while (len > 0) {
3276 page = addr & TARGET_PAGE_MASK;
3277 l = (page + TARGET_PAGE_SIZE) - addr;
3278 if (l > len)
3279 l = len;
3280 flags = page_get_flags(page);
3281 if (!(flags & PAGE_VALID))
a68fe89c 3282 return -1;
13eb76e0
FB		 3283 if (is_write) {
3284 if (!(flags & PAGE_WRITE))
a68fe89c 3285 return -1;
579a97f7 3286 /* XXX: this code should not depend on lock_user */
72fb7daa 3287 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3288 return -1;
72fb7daa
AJ		 3289 memcpy(p, buf, l);
3290 unlock_user(p, addr, l);
13eb76e0
FB		 3291 } else {
3292 if (!(flags & PAGE_READ))
a68fe89c 3293 return -1;
579a97f7 3294 /* XXX: this code should not depend on lock_user */
72fb7daa 3295 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3296 return -1;
72fb7daa 3297 memcpy(buf, p, l);
5b257578 3298 unlock_user(p, addr, 0);
13eb76e0
FB		 3299 }
3300 len -= l;
3301 buf += l;
3302 addr += l;
3303 }
a68fe89c 3304 return 0;
13eb76e0 3305}
8df1cd07 3306
13eb76e0 3307#else
51d7a9eb
AP		 3308
3309static void invalidate_and_set_dirty(target_phys_addr_t addr,
3310 target_phys_addr_t length)
3311{
3312 if (!cpu_physical_memory_is_dirty(addr)) {
3313 /* invalidate code */
3314 tb_invalidate_phys_page_range(addr, addr + length, 0);
3315 /* set dirty bit */
3316 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3317 }
e226939d 3318 xen_modified_memory(addr, length);
51d7a9eb
AP		 3319}
3320
ac1970fb
AK		 3321void address_space_rw(AddressSpace *as, target_phys_addr_t addr, uint8_t *buf,
3322 int len, bool is_write)
13eb76e0 3323{
ac1970fb 3324 AddressSpaceDispatch *d = as->dispatch;
37ec01d4 3325 int l;
13eb76e0
FB		 3326 uint8_t *ptr;
3327 uint32_t val;
c227f099 3328 target_phys_addr_t page;
f3705d53 3329 MemoryRegionSection *section;
3b46e624 3330
13eb76e0
FB		 3331 while (len > 0) {
3332 page = addr & TARGET_PAGE_MASK;
3333 l = (page + TARGET_PAGE_SIZE) - addr;
3334 if (l > len)
3335 l = len;
ac1970fb 3336 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3337
13eb76e0 3338 if (is_write) {
f3705d53 3339 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3340 target_phys_addr_t addr1;
cc5bea60 3341 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3342 /* XXX: could force cpu_single_env to NULL to avoid
3343 potential bugs */
6c2934db 3344 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3345 /* 32 bit write access */
c27004ec 3346 val = ldl_p(buf);
37ec01d4 3347 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3348 l = 4;
6c2934db 3349 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3350 /* 16 bit write access */
c27004ec 3351 val = lduw_p(buf);
37ec01d4 3352 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3353 l = 2;
3354 } else {
1c213d19 3355 /* 8 bit write access */
c27004ec 3356 val = ldub_p(buf);
37ec01d4 3357 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3358 l = 1;
3359 }
f3705d53 3360 } else if (!section->readonly) {
8ca5692d 3361 ram_addr_t addr1;
f3705d53 3362 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3363 + memory_region_section_addr(section, addr);
13eb76e0 3364 /* RAM case */
5579c7f3 3365 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3366 memcpy(ptr, buf, l);
51d7a9eb 3367 invalidate_and_set_dirty(addr1, l);
050a0ddf 3368 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3369 }
3370 } else {
cc5bea60
BS		 3371 if (!(memory_region_is_ram(section->mr) ||
3372 memory_region_is_romd(section->mr))) {
f1f6e3b8 3373 target_phys_addr_t addr1;
13eb76e0 3374 /* I/O case */
cc5bea60 3375 addr1 = memory_region_section_addr(section, addr);
6c2934db 3376 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3377 /* 32 bit read access */
37ec01d4 3378 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3379 stl_p(buf, val);
13eb76e0 3380 l = 4;
6c2934db 3381 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3382 /* 16 bit read access */
37ec01d4 3383 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3384 stw_p(buf, val);
13eb76e0
FB		 3385 l = 2;
3386 } else {
1c213d19 3387 /* 8 bit read access */
37ec01d4 3388 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3389 stb_p(buf, val);
13eb76e0
FB		 3390 l = 1;
3391 }
3392 } else {
3393 /* RAM case */
0a1b357f 3394 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3395 + memory_region_section_addr(section,
3396 addr));
f3705d53 3397 memcpy(buf, ptr, l);
050a0ddf 3398 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3399 }
3400 }
3401 len -= l;
3402 buf += l;
3403 addr += l;
3404 }
3405}
8df1cd07 3406
ac1970fb
AK		 3407void address_space_write(AddressSpace *as, target_phys_addr_t addr,
3408 const uint8_t *buf, int len)
3409{
3410 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3411}
3412
3413/**
3414 * address_space_read: read from an address space.
3415 *
3416 * @as: #AddressSpace to be accessed
3417 * @addr: address within that address space
3418 * @buf: buffer with the data transferred
3419 */
3420void address_space_read(AddressSpace *as, target_phys_addr_t addr, uint8_t *buf, int len)
3421{
3422 address_space_rw(as, addr, buf, len, false);
3423}
3424
3425
3426void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3427 int len, int is_write)
3428{
3429 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3430}
3431
d0ecd2aa 3432/* used for ROM loading : can write in RAM and ROM */
c227f099 3433void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3434 const uint8_t *buf, int len)
3435{
ac1970fb 3436 AddressSpaceDispatch *d = address_space_memory.dispatch;
d0ecd2aa
FB		 3437 int l;
3438 uint8_t *ptr;
c227f099 3439 target_phys_addr_t page;
f3705d53 3440 MemoryRegionSection *section;
3b46e624 3441
d0ecd2aa
FB		 3442 while (len > 0) {
3443 page = addr & TARGET_PAGE_MASK;
3444 l = (page + TARGET_PAGE_SIZE) - addr;
3445 if (l > len)
3446 l = len;
ac1970fb 3447 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3448
cc5bea60
BS		 3449 if (!(memory_region_is_ram(section->mr) ||
3450 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3451 /* do nothing */
3452 } else {
3453 unsigned long addr1;
f3705d53 3454 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3455 + memory_region_section_addr(section, addr);
d0ecd2aa 3456 /* ROM/RAM case */
5579c7f3 3457 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3458 memcpy(ptr, buf, l);
51d7a9eb 3459 invalidate_and_set_dirty(addr1, l);
050a0ddf 3460 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3461 }
3462 len -= l;
3463 buf += l;
3464 addr += l;
3465 }
3466}
3467
6d16c2f8
AL		 3468typedef struct {
3469 void *buffer;
c227f099
AL		 3470 target_phys_addr_t addr;
3471 target_phys_addr_t len;
6d16c2f8
AL		 3472} BounceBuffer;
3473
3474static BounceBuffer bounce;
3475
ba223c29
AL		 3476typedef struct MapClient {
3477 void *opaque;
3478 void (*callback)(void *opaque);
72cf2d4f 3479 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3480} MapClient;
3481
72cf2d4f
BS		 3482static QLIST_HEAD(map_client_list, MapClient) map_client_list
3483 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3484
3485void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3486{
7267c094 3487 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3488
3489 client->opaque = opaque;
3490 client->callback = callback;
72cf2d4f 3491 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3492 return client;
3493}
3494
3495void cpu_unregister_map_client(void *_client)
3496{
3497 MapClient *client = (MapClient *)_client;
3498
72cf2d4f 3499 QLIST_REMOVE(client, link);
7267c094 3500 g_free(client);
ba223c29
AL		 3501}
3502
3503static void cpu_notify_map_clients(void)
3504{
3505 MapClient *client;
3506
72cf2d4f
BS		 3507 while (!QLIST_EMPTY(&map_client_list)) {
3508 client = QLIST_FIRST(&map_client_list);
ba223c29 3509 client->callback(client->opaque);
34d5e948 3510 cpu_unregister_map_client(client);
ba223c29
AL		 3511 }
3512}
3513
6d16c2f8
AL		 3514/* Map a physical memory region into a host virtual address.
3515 * May map a subset of the requested range, given by and returned in *plen.
3516 * May return NULL if resources needed to perform the mapping are exhausted.
3517 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3518 * Use cpu_register_map_client() to know when retrying the map operation is
3519 * likely to succeed.
6d16c2f8 3520 */
ac1970fb
AK		 3521void *address_space_map(AddressSpace *as,
3522 target_phys_addr_t addr,
3523 target_phys_addr_t *plen,
3524 bool is_write)
6d16c2f8 3525{
ac1970fb 3526 AddressSpaceDispatch *d = as->dispatch;
c227f099 3527 target_phys_addr_t len = *plen;
38bee5dc 3528 target_phys_addr_t todo = 0;
6d16c2f8 3529 int l;
c227f099 3530 target_phys_addr_t page;
f3705d53 3531 MemoryRegionSection *section;
f15fbc4b 3532 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3533 ram_addr_t rlen;
3534 void *ret;
6d16c2f8
AL		 3535
3536 while (len > 0) {
3537 page = addr & TARGET_PAGE_MASK;
3538 l = (page + TARGET_PAGE_SIZE) - addr;
3539 if (l > len)
3540 l = len;
ac1970fb 3541 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
6d16c2f8 3542
f3705d53 3543 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3544 if (todo || bounce.buffer) {
6d16c2f8
AL		 3545 break;
3546 }
3547 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3548 bounce.addr = addr;
3549 bounce.len = l;
3550 if (!is_write) {
ac1970fb 3551 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 3552 }
38bee5dc
SS		 3553
3554 *plen = l;
3555 return bounce.buffer;
6d16c2f8 3556 }
8ab934f9 3557 if (!todo) {
f3705d53 3558 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3559 + memory_region_section_addr(section, addr);
8ab934f9 3560 }
6d16c2f8
AL		 3561
3562 len -= l;
3563 addr += l;
38bee5dc 3564 todo += l;
6d16c2f8 3565 }
8ab934f9
SS		 3566 rlen = todo;
3567 ret = qemu_ram_ptr_length(raddr, &rlen);
3568 *plen = rlen;
3569 return ret;
6d16c2f8
AL		 3570}
3571
ac1970fb 3572/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3573 * Will also mark the memory as dirty if is_write == 1. access_len gives
3574 * the amount of memory that was actually read or written by the caller.
3575 */
ac1970fb
AK		 3576void address_space_unmap(AddressSpace *as, void *buffer, target_phys_addr_t len,
3577 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3578{
3579 if (buffer != bounce.buffer) {
3580 if (is_write) {
e890261f 3581 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3582 while (access_len) {
3583 unsigned l;
3584 l = TARGET_PAGE_SIZE;
3585 if (l > access_len)
3586 l = access_len;
51d7a9eb 3587 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3588 addr1 += l;
3589 access_len -= l;
3590 }
3591 }
868bb33f 3592 if (xen_enabled()) {
e41d7c69 3593 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3594 }
6d16c2f8
AL		 3595 return;
3596 }
3597 if (is_write) {
ac1970fb 3598 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 3599 }
f8a83245 3600 qemu_vfree(bounce.buffer);
6d16c2f8 3601 bounce.buffer = NULL;
ba223c29 3602 cpu_notify_map_clients();
6d16c2f8 3603}
d0ecd2aa 3604
ac1970fb
AK		 3605void *cpu_physical_memory_map(target_phys_addr_t addr,
3606 target_phys_addr_t *plen,
3607 int is_write)
3608{
3609 return address_space_map(&address_space_memory, addr, plen, is_write);
3610}
3611
3612void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3613 int is_write, target_phys_addr_t access_len)
3614{
3615 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3616}
3617
8df1cd07 3618/* warning: addr must be aligned */
1e78bcc1
AG		 3619static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3620 enum device_endian endian)
8df1cd07 3621{
8df1cd07
FB		 3622 uint8_t *ptr;
3623 uint32_t val;
f3705d53 3624 MemoryRegionSection *section;
8df1cd07 3625
ac1970fb 3626 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3627
cc5bea60
BS		 3628 if (!(memory_region_is_ram(section->mr) ||
3629 memory_region_is_romd(section->mr))) {
8df1cd07 3630 /* I/O case */
cc5bea60 3631 addr = memory_region_section_addr(section, addr);
37ec01d4 3632 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3633#if defined(TARGET_WORDS_BIGENDIAN)
3634 if (endian == DEVICE_LITTLE_ENDIAN) {
3635 val = bswap32(val);
3636 }
3637#else
3638 if (endian == DEVICE_BIG_ENDIAN) {
3639 val = bswap32(val);
3640 }
3641#endif
8df1cd07
FB		 3642 } else {
3643 /* RAM case */
f3705d53 3644 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3645 & TARGET_PAGE_MASK)
cc5bea60 3646 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3647 switch (endian) {
3648 case DEVICE_LITTLE_ENDIAN:
3649 val = ldl_le_p(ptr);
3650 break;
3651 case DEVICE_BIG_ENDIAN:
3652 val = ldl_be_p(ptr);
3653 break;
3654 default:
3655 val = ldl_p(ptr);
3656 break;
3657 }
8df1cd07
FB		 3658 }
3659 return val;
3660}
3661
1e78bcc1
AG		 3662uint32_t ldl_phys(target_phys_addr_t addr)
3663{
3664 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3665}
3666
3667uint32_t ldl_le_phys(target_phys_addr_t addr)
3668{
3669 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3670}
3671
3672uint32_t ldl_be_phys(target_phys_addr_t addr)
3673{
3674 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3675}
3676
84b7b8e7 3677/* warning: addr must be aligned */
1e78bcc1
AG		 3678static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3679 enum device_endian endian)
84b7b8e7 3680{
84b7b8e7
FB		 3681 uint8_t *ptr;
3682 uint64_t val;
f3705d53 3683 MemoryRegionSection *section;
84b7b8e7 3684
ac1970fb 3685 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3686
cc5bea60
BS		 3687 if (!(memory_region_is_ram(section->mr) ||
3688 memory_region_is_romd(section->mr))) {
84b7b8e7 3689 /* I/O case */
cc5bea60 3690 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3691
3692 /* XXX This is broken when device endian != cpu endian.
3693 Fix and add "endian" variable check */
84b7b8e7 3694#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3695 val = io_mem_read(section->mr, addr, 4) << 32;
3696 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3697#else
37ec01d4
AK		 3698 val = io_mem_read(section->mr, addr, 4);
3699 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3700#endif
3701 } else {
3702 /* RAM case */
f3705d53 3703 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3704 & TARGET_PAGE_MASK)
cc5bea60 3705 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3706 switch (endian) {
3707 case DEVICE_LITTLE_ENDIAN:
3708 val = ldq_le_p(ptr);
3709 break;
3710 case DEVICE_BIG_ENDIAN:
3711 val = ldq_be_p(ptr);
3712 break;
3713 default:
3714 val = ldq_p(ptr);
3715 break;
3716 }
84b7b8e7
FB		 3717 }
3718 return val;
3719}
3720
1e78bcc1
AG		 3721uint64_t ldq_phys(target_phys_addr_t addr)
3722{
3723 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3724}
3725
3726uint64_t ldq_le_phys(target_phys_addr_t addr)
3727{
3728 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3729}
3730
3731uint64_t ldq_be_phys(target_phys_addr_t addr)
3732{
3733 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3734}
3735
aab33094 3736/* XXX: optimize */
c227f099 3737uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3738{
3739 uint8_t val;
3740 cpu_physical_memory_read(addr, &val, 1);
3741 return val;
3742}
3743
733f0b02 3744/* warning: addr must be aligned */
1e78bcc1
AG		 3745static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3746 enum device_endian endian)
aab33094 3747{
733f0b02
MT		 3748 uint8_t *ptr;
3749 uint64_t val;
f3705d53 3750 MemoryRegionSection *section;
733f0b02 3751
ac1970fb 3752 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3753
cc5bea60
BS		 3754 if (!(memory_region_is_ram(section->mr) ||
3755 memory_region_is_romd(section->mr))) {
733f0b02 3756 /* I/O case */
cc5bea60 3757 addr = memory_region_section_addr(section, addr);
37ec01d4 3758 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3759#if defined(TARGET_WORDS_BIGENDIAN)
3760 if (endian == DEVICE_LITTLE_ENDIAN) {
3761 val = bswap16(val);
3762 }
3763#else
3764 if (endian == DEVICE_BIG_ENDIAN) {
3765 val = bswap16(val);
3766 }
3767#endif
733f0b02
MT		 3768 } else {
3769 /* RAM case */
f3705d53 3770 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3771 & TARGET_PAGE_MASK)
cc5bea60 3772 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3773 switch (endian) {
3774 case DEVICE_LITTLE_ENDIAN:
3775 val = lduw_le_p(ptr);
3776 break;
3777 case DEVICE_BIG_ENDIAN:
3778 val = lduw_be_p(ptr);
3779 break;
3780 default:
3781 val = lduw_p(ptr);
3782 break;
3783 }
733f0b02
MT		 3784 }
3785 return val;
aab33094
FB		 3786}
3787
1e78bcc1
AG		 3788uint32_t lduw_phys(target_phys_addr_t addr)
3789{
3790 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3791}
3792
3793uint32_t lduw_le_phys(target_phys_addr_t addr)
3794{
3795 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3796}
3797
3798uint32_t lduw_be_phys(target_phys_addr_t addr)
3799{
3800 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3801}
3802
8df1cd07
FB		 3803/* warning: addr must be aligned. The ram page is not masked as dirty
3804 and the code inside is not invalidated. It is useful if the dirty
3805 bits are used to track modified PTEs */
c227f099 3806void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3807{
8df1cd07 3808 uint8_t *ptr;
f3705d53 3809 MemoryRegionSection *section;
8df1cd07 3810
ac1970fb 3811 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3812
f3705d53 3813 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3814 addr = memory_region_section_addr(section, addr);
f3705d53 3815 if (memory_region_is_ram(section->mr)) {
37ec01d4 3816 section = &phys_sections[phys_section_rom];
06ef3525 3817 }
37ec01d4 3818 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3819 } else {
f3705d53 3820 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3821 & TARGET_PAGE_MASK)
cc5bea60 3822 + memory_region_section_addr(section, addr);
5579c7f3 3823 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3824 stl_p(ptr, val);
74576198
AL		 3825
3826 if (unlikely(in_migration)) {
3827 if (!cpu_physical_memory_is_dirty(addr1)) {
3828 /* invalidate code */
3829 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3830 /* set dirty bit */
f7c11b53
YT		 3831 cpu_physical_memory_set_dirty_flags(
3832 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3833 }
3834 }
8df1cd07
FB		 3835 }
3836}
3837
c227f099 3838void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3839{
bc98a7ef 3840 uint8_t *ptr;
f3705d53 3841 MemoryRegionSection *section;
bc98a7ef 3842
ac1970fb 3843 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3844
f3705d53 3845 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3846 addr = memory_region_section_addr(section, addr);
f3705d53 3847 if (memory_region_is_ram(section->mr)) {
37ec01d4 3848 section = &phys_sections[phys_section_rom];
06ef3525 3849 }
bc98a7ef 3850#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3851 io_mem_write(section->mr, addr, val >> 32, 4);
3852 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3853#else
37ec01d4
AK		 3854 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3855 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3856#endif
3857 } else {
f3705d53 3858 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3859 & TARGET_PAGE_MASK)
cc5bea60 3860 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3861 stq_p(ptr, val);
3862 }
3863}
3864
8df1cd07 3865/* warning: addr must be aligned */
1e78bcc1
AG		 3866static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3867 enum device_endian endian)
8df1cd07 3868{
8df1cd07 3869 uint8_t *ptr;
f3705d53 3870 MemoryRegionSection *section;
8df1cd07 3871
ac1970fb 3872 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3873
f3705d53 3874 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3875 addr = memory_region_section_addr(section, addr);
f3705d53 3876 if (memory_region_is_ram(section->mr)) {
37ec01d4 3877 section = &phys_sections[phys_section_rom];
06ef3525 3878 }
1e78bcc1
AG		 3879#if defined(TARGET_WORDS_BIGENDIAN)
3880 if (endian == DEVICE_LITTLE_ENDIAN) {
3881 val = bswap32(val);
3882 }
3883#else
3884 if (endian == DEVICE_BIG_ENDIAN) {
3885 val = bswap32(val);
3886 }
3887#endif
37ec01d4 3888 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3889 } else {
3890 unsigned long addr1;
f3705d53 3891 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3892 + memory_region_section_addr(section, addr);
8df1cd07 3893 /* RAM case */
5579c7f3 3894 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3895 switch (endian) {
3896 case DEVICE_LITTLE_ENDIAN:
3897 stl_le_p(ptr, val);
3898 break;
3899 case DEVICE_BIG_ENDIAN:
3900 stl_be_p(ptr, val);
3901 break;
3902 default:
3903 stl_p(ptr, val);
3904 break;
3905 }
51d7a9eb 3906 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3907 }
3908}
3909
1e78bcc1
AG		 3910void stl_phys(target_phys_addr_t addr, uint32_t val)
3911{
3912 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3913}
3914
3915void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3916{
3917 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3918}
3919
3920void stl_be_phys(target_phys_addr_t addr, uint32_t val)
3921{
3922 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3923}
3924
aab33094 3925/* XXX: optimize */
c227f099 3926void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 3927{
3928 uint8_t v = val;
3929 cpu_physical_memory_write(addr, &v, 1);
3930}
3931
733f0b02 3932/* warning: addr must be aligned */
1e78bcc1
AG		 3933static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
3934 enum device_endian endian)
aab33094 3935{
733f0b02 3936 uint8_t *ptr;
f3705d53 3937 MemoryRegionSection *section;
733f0b02 3938
ac1970fb 3939 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3940
f3705d53 3941 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3942 addr = memory_region_section_addr(section, addr);
f3705d53 3943 if (memory_region_is_ram(section->mr)) {
37ec01d4 3944 section = &phys_sections[phys_section_rom];
06ef3525 3945 }
1e78bcc1
AG		 3946#if defined(TARGET_WORDS_BIGENDIAN)
3947 if (endian == DEVICE_LITTLE_ENDIAN) {
3948 val = bswap16(val);
3949 }
3950#else
3951 if (endian == DEVICE_BIG_ENDIAN) {
3952 val = bswap16(val);
3953 }
3954#endif
37ec01d4 3955 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 3956 } else {
3957 unsigned long addr1;
f3705d53 3958 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3959 + memory_region_section_addr(section, addr);
733f0b02
MT		 3960 /* RAM case */
3961 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3962 switch (endian) {
3963 case DEVICE_LITTLE_ENDIAN:
3964 stw_le_p(ptr, val);
3965 break;
3966 case DEVICE_BIG_ENDIAN:
3967 stw_be_p(ptr, val);
3968 break;
3969 default:
3970 stw_p(ptr, val);
3971 break;
3972 }
51d7a9eb 3973 invalidate_and_set_dirty(addr1, 2);
733f0b02 3974 }
aab33094
FB		 3975}
3976
1e78bcc1
AG		 3977void stw_phys(target_phys_addr_t addr, uint32_t val)
3978{
3979 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3980}
3981
3982void stw_le_phys(target_phys_addr_t addr, uint32_t val)
3983{
3984 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3985}
3986
3987void stw_be_phys(target_phys_addr_t addr, uint32_t val)
3988{
3989 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3990}
3991
aab33094 3992/* XXX: optimize */
c227f099 3993void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 3994{
3995 val = tswap64(val);
71d2b725 3996 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 3997}
3998
1e78bcc1
AG		 3999void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4000{
4001 val = cpu_to_le64(val);
4002 cpu_physical_memory_write(addr, &val, 8);
4003}
4004
4005void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4006{
4007 val = cpu_to_be64(val);
4008 cpu_physical_memory_write(addr, &val, 8);
4009}
4010
5e2972fd 4011/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4012int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4013 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4014{
4015 int l;
c227f099 4016 target_phys_addr_t phys_addr;
9b3c35e0 4017 target_ulong page;
13eb76e0
FB		 4018
4019 while (len > 0) {
4020 page = addr & TARGET_PAGE_MASK;
4021 phys_addr = cpu_get_phys_page_debug(env, page);
4022 /* if no physical page mapped, return an error */
4023 if (phys_addr == -1)
4024 return -1;
4025 l = (page + TARGET_PAGE_SIZE) - addr;
4026 if (l > len)
4027 l = len;
5e2972fd 4028 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4029 if (is_write)
4030 cpu_physical_memory_write_rom(phys_addr, buf, l);
4031 else
5e2972fd 4032 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4033 len -= l;
4034 buf += l;
4035 addr += l;
4036 }
4037 return 0;
4038}
a68fe89c 4039#endif
13eb76e0 4040
2e70f6ef
PB		 4041/* in deterministic execution mode, instructions doing device I/Os
4042 must be at the end of the TB */
20503968 4043void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4044{
4045 TranslationBlock *tb;
4046 uint32_t n, cflags;
4047 target_ulong pc, cs_base;
4048 uint64_t flags;
4049
20503968 4050 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4051 if (!tb) {
4052 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4053 (void *)retaddr);
2e70f6ef
PB		 4054 }
4055 n = env->icount_decr.u16.low + tb->icount;
20503968 4056 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4057 /* Calculate how many instructions had been executed before the fault
bf20dc07 4058 occurred. */
2e70f6ef
PB		 4059 n = n - env->icount_decr.u16.low;
4060 /* Generate a new TB ending on the I/O insn. */
4061 n++;
4062 /* On MIPS and SH, delay slot instructions can only be restarted if
4063 they were already the first instruction in the TB. If this is not
bf20dc07 4064 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4065 branch. */
4066#if defined(TARGET_MIPS)
4067 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4068 env->active_tc.PC -= 4;
4069 env->icount_decr.u16.low++;
4070 env->hflags &= ~MIPS_HFLAG_BMASK;
4071 }
4072#elif defined(TARGET_SH4)
4073 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4074 && n > 1) {
4075 env->pc -= 2;
4076 env->icount_decr.u16.low++;
4077 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4078 }
4079#endif
4080 /* This should never happen. */
4081 if (n > CF_COUNT_MASK)
4082 cpu_abort(env, "TB too big during recompile");
4083
4084 cflags = n | CF_LAST_IO;
4085 pc = tb->pc;
4086 cs_base = tb->cs_base;
4087 flags = tb->flags;
4088 tb_phys_invalidate(tb, -1);
4089 /* FIXME: In theory this could raise an exception. In practice
4090 we have already translated the block once so it's probably ok. */
4091 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4092 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4093 the first in the TB) then we end up generating a whole new TB and
4094 repeating the fault, which is horribly inefficient.
4095 Better would be to execute just this insn uncached, or generate a
4096 second new TB. */
4097 cpu_resume_from_signal(env, NULL);
4098}
4099
b3755a91
PB		 4100#if !defined(CONFIG_USER_ONLY)
4101
055403b2 4102void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4103{
4104 int i, target_code_size, max_target_code_size;
4105 int direct_jmp_count, direct_jmp2_count, cross_page;
4106 TranslationBlock *tb;
3b46e624 4107
e3db7226
FB		 4108 target_code_size = 0;
4109 max_target_code_size = 0;
4110 cross_page = 0;
4111 direct_jmp_count = 0;
4112 direct_jmp2_count = 0;
4113 for(i = 0; i < nb_tbs; i++) {
4114 tb = &tbs[i];
4115 target_code_size += tb->size;
4116 if (tb->size > max_target_code_size)
4117 max_target_code_size = tb->size;
4118 if (tb->page_addr[1] != -1)
4119 cross_page++;
4120 if (tb->tb_next_offset[0] != 0xffff) {
4121 direct_jmp_count++;
4122 if (tb->tb_next_offset[1] != 0xffff) {
4123 direct_jmp2_count++;
4124 }
4125 }
4126 }
4127 /* XXX: avoid using doubles ? */
57fec1fe 4128 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4129 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4130 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4131 cpu_fprintf(f, "TB count %d/%d\n",
4132 nb_tbs, code_gen_max_blocks);
5fafdf24 4133 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4134 nb_tbs ? target_code_size / nb_tbs : 0,
4135 max_target_code_size);
055403b2 4136 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4137 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4138 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4139 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4140 cross_page,
e3db7226
FB		 4141 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4142 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4143 direct_jmp_count,
e3db7226
FB		 4144 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4145 direct_jmp2_count,
4146 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4147 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4148 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4149 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4150 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4151 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4152}
4153
82afa586
BH		 4154/*
4155 * A helper function for the _utterly broken_ virtio device model to find out if
4156 * it's running on a big endian machine. Don't do this at home kids!
4157 */
4158bool virtio_is_big_endian(void);
4159bool virtio_is_big_endian(void)
4160{
4161#if defined(TARGET_WORDS_BIGENDIAN)
4162 return true;
4163#else
4164 return false;
4165#endif
4166}
4167
61382a50 4168#endif
76f35538
WC		 4169
4170#ifndef CONFIG_USER_ONLY
4171bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4172{
4173 MemoryRegionSection *section;
4174
ac1970fb
AK		 4175 section = phys_page_find(address_space_memory.dispatch,
4176 phys_addr >> TARGET_PAGE_BITS);
76f35538
WC		 4177
4178 return !(memory_region_is_ram(section->mr) ||
4179 memory_region_is_romd(section->mr));
4180}
4181#endif
Qemu copy for testing