]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
20bccb82
PM		 96#ifdef TARGET_PAGE_BITS_VARY
97int target_page_bits;
98bool target_page_bits_decided;
99#endif
100
bdc44640 101struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 102/* current CPU in the current thread. It is only valid inside
103 cpu_exec() */
f240eb6f 104__thread CPUState *current_cpu;
2e70f6ef 105/* 0 = Do not count executed instructions.
bf20dc07 106 1 = Precise instruction counting.
2e70f6ef 107 2 = Adaptive rate instruction counting. */
5708fc66 108int use_icount;
6a00d601 109
20bccb82
PM		 110bool set_preferred_target_page_bits(int bits)
111{
112 /* The target page size is the lowest common denominator for all
113 * the CPUs in the system, so we can only make it smaller, never
114 * larger. And we can't make it smaller once we've committed to
115 * a particular size.
116 */
117#ifdef TARGET_PAGE_BITS_VARY
118 assert(bits >= TARGET_PAGE_BITS_MIN);
119 if (target_page_bits == 0 || target_page_bits > bits) {
120 if (target_page_bits_decided) {
121 return false;
122 }
123 target_page_bits = bits;
124 }
125#endif
126 return true;
127}
128
e2eef170 129#if !defined(CONFIG_USER_ONLY)
4346ae3e 130
20bccb82
PM		 131static void finalize_target_page_bits(void)
132{
133#ifdef TARGET_PAGE_BITS_VARY
134 if (target_page_bits == 0) {
135 target_page_bits = TARGET_PAGE_BITS_MIN;
136 }
137 target_page_bits_decided = true;
138#endif
139}
140
1db8abb1
PB		 141typedef struct PhysPageEntry PhysPageEntry;
142
143struct PhysPageEntry {
9736e55b 144 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 145 uint32_t skip : 6;
9736e55b 146 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 147 uint32_t ptr : 26;
1db8abb1
PB		 148};
149
8b795765
MT		 150#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
151
03f49957 152/* Size of the L2 (and L3, etc) page tables. */
57271d63 153#define ADDR_SPACE_BITS 64
03f49957 154
026736ce 155#define P_L2_BITS 9
03f49957
PB		 156#define P_L2_SIZE (1 << P_L2_BITS)
157
158#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
159
160typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 161
53cb28cb 162typedef struct PhysPageMap {
79e2b9ae
PB		 163 struct rcu_head rcu;
164
53cb28cb
MA		 165 unsigned sections_nb;
166 unsigned sections_nb_alloc;
167 unsigned nodes_nb;
168 unsigned nodes_nb_alloc;
169 Node *nodes;
170 MemoryRegionSection *sections;
171} PhysPageMap;
172
1db8abb1 173struct AddressSpaceDispatch {
79e2b9ae
PB		 174 struct rcu_head rcu;
175
729633c2 176 MemoryRegionSection *mru_section;
1db8abb1
PB		 177 /* This is a multi-level map on the physical address space.
178 * The bottom level has pointers to MemoryRegionSections.
179 */
180 PhysPageEntry phys_map;
53cb28cb 181 PhysPageMap map;
acc9d80b 182 AddressSpace *as;
1db8abb1
PB		 183};
184
90260c6c
JK		 185#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
186typedef struct subpage_t {
187 MemoryRegion iomem;
acc9d80b 188 AddressSpace *as;
90260c6c 189 hwaddr base;
2615fabd 190 uint16_t sub_section[];
90260c6c
JK		 191} subpage_t;
192
b41aac4f
LPF		 193#define PHYS_SECTION_UNASSIGNED 0
194#define PHYS_SECTION_NOTDIRTY 1
195#define PHYS_SECTION_ROM 2
196#define PHYS_SECTION_WATCH 3
5312bd8b 197
e2eef170 198static void io_mem_init(void);
62152b8a 199static void memory_map_init(void);
09daed84 200static void tcg_commit(MemoryListener *listener);
e2eef170 201
1ec9b909 202static MemoryRegion io_mem_watch;
32857f4d
PM		 203
204/**
205 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
206 * @cpu: the CPU whose AddressSpace this is
207 * @as: the AddressSpace itself
208 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
209 * @tcg_as_listener: listener for tracking changes to the AddressSpace
210 */
211struct CPUAddressSpace {
212 CPUState *cpu;
213 AddressSpace *as;
214 struct AddressSpaceDispatch *memory_dispatch;
215 MemoryListener tcg_as_listener;
216};
217
6658ffb8 218#endif
fd6ce8f6 219
6d9a1304 220#if !defined(CONFIG_USER_ONLY)
d6f2ea22 221
53cb28cb 222static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 223{
101420b8 224 static unsigned alloc_hint = 16;
53cb28cb 225 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 226 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 227 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
228 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 229 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 230 }
f7bf5461
AK		 231}
232
db94604b 233static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 234{
235 unsigned i;
8b795765 236 uint32_t ret;
db94604b
PB		 237 PhysPageEntry e;
238 PhysPageEntry *p;
f7bf5461 239
53cb28cb 240 ret = map->nodes_nb++;
db94604b 241 p = map->nodes[ret];
f7bf5461 242 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 243 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 244
245 e.skip = leaf ? 0 : 1;
246 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 247 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 248 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 249 }
f7bf5461 250 return ret;
d6f2ea22
AK		 251}
252
53cb28cb
MA		 253static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
254 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 255 int level)
f7bf5461
AK		 256{
257 PhysPageEntry *p;
03f49957 258 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 259
9736e55b 260 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 261 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 262 }
db94604b 263 p = map->nodes[lp->ptr];
03f49957 264 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 265
03f49957 266 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 267 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 268 lp->skip = 0;
c19e8800 269 lp->ptr = leaf;
07f07b31
AK		 270 *index += step;
271 *nb -= step;
2999097b 272 } else {
53cb28cb 273 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 274 }
275 ++lp;
f7bf5461
AK		 276 }
277}
278
ac1970fb 279static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 280 hwaddr index, hwaddr nb,
2999097b 281 uint16_t leaf)
f7bf5461 282{
2999097b 283 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 284 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 285
53cb28cb 286 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 287}
288
b35ba30f
MT		 289/* Compact a non leaf page entry. Simply detect that the entry has a single child,
290 * and update our entry so we can skip it and go directly to the destination.
291 */
efee678d 292static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
b35ba30f
MT		 293{
294 unsigned valid_ptr = P_L2_SIZE;
295 int valid = 0;
296 PhysPageEntry *p;
297 int i;
298
299 if (lp->ptr == PHYS_MAP_NODE_NIL) {
300 return;
301 }
302
303 p = nodes[lp->ptr];
304 for (i = 0; i < P_L2_SIZE; i++) {
305 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
306 continue;
307 }
308
309 valid_ptr = i;
310 valid++;
311 if (p[i].skip) {
efee678d 312 phys_page_compact(&p[i], nodes);
b35ba30f
MT		 313 }
314 }
315
316 /* We can only compress if there's only one child. */
317 if (valid != 1) {
318 return;
319 }
320
321 assert(valid_ptr < P_L2_SIZE);
322
323 /* Don't compress if it won't fit in the # of bits we have. */
324 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
325 return;
326 }
327
328 lp->ptr = p[valid_ptr].ptr;
329 if (!p[valid_ptr].skip) {
330 /* If our only child is a leaf, make this a leaf. */
331 /* By design, we should have made this node a leaf to begin with so we
332 * should never reach here.
333 * But since it's so simple to handle this, let's do it just in case we
334 * change this rule.
335 */
336 lp->skip = 0;
337 } else {
338 lp->skip += p[valid_ptr].skip;
339 }
340}
341
342static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
343{
b35ba30f 344 if (d->phys_map.skip) {
efee678d 345 phys_page_compact(&d->phys_map, d->map.nodes);
b35ba30f
MT		 346 }
347}
348
29cb533d
FZ		 349static inline bool section_covers_addr(const MemoryRegionSection *section,
350 hwaddr addr)
351{
352 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
353 * the section must cover the entire address space.
354 */
258dfaaa 355 return int128_gethi(section->size) ||
29cb533d 356 range_covers_byte(section->offset_within_address_space,
258dfaaa 357 int128_getlo(section->size), addr);
29cb533d
FZ		 358}
359
97115a8d 360static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 361 Node *nodes, MemoryRegionSection *sections)
92e873b9 362{
31ab2b4a 363 PhysPageEntry *p;
97115a8d 364 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 365 int i;
f1f6e3b8 366
9736e55b 367 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 368 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 369 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 370 }
9affd6fc 371 p = nodes[lp.ptr];
03f49957 372 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 373 }
b35ba30f 374
29cb533d 375 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 376 return &sections[lp.ptr];
377 } else {
378 return &sections[PHYS_SECTION_UNASSIGNED];
379 }
f3705d53
AK		 380}
381
e5548617
BS		 382bool memory_region_is_unassigned(MemoryRegion *mr)
383{
2a8e7499 384 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 385 && mr != &io_mem_watch;
fd6ce8f6 386}
149f54b5 387
79e2b9ae 388/* Called from RCU critical section */
c7086b4a 389static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 390 hwaddr addr,
391 bool resolve_subpage)
9f029603 392{
729633c2 393 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 394 subpage_t *subpage;
729633c2 395 bool update;
90260c6c 396
729633c2
FZ		 397 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
398 section_covers_addr(section, addr)) {
399 update = false;
400 } else {
401 section = phys_page_find(d->phys_map, addr, d->map.nodes,
402 d->map.sections);
403 update = true;
404 }
90260c6c
JK		 405 if (resolve_subpage && section->mr->subpage) {
406 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 407 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 408 }
729633c2
FZ		 409 if (update) {
410 atomic_set(&d->mru_section, section);
411 }
90260c6c 412 return section;
9f029603
JK		 413}
414
79e2b9ae 415/* Called from RCU critical section */
90260c6c 416static MemoryRegionSection *
c7086b4a 417address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 418 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 419{
420 MemoryRegionSection *section;
965eb2fc 421 MemoryRegion *mr;
a87f3954 422 Int128 diff;
149f54b5 423
c7086b4a 424 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 425 /* Compute offset within MemoryRegionSection */
426 addr -= section->offset_within_address_space;
427
428 /* Compute offset within MemoryRegion */
429 *xlat = addr + section->offset_within_region;
430
965eb2fc 431 mr = section->mr;
b242e0e0
PB		 432
433 /* MMIO registers can be expected to perform full-width accesses based only
434 * on their address, without considering adjacent registers that could
435 * decode to completely different MemoryRegions. When such registers
436 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
437 * regions overlap wildly. For this reason we cannot clamp the accesses
438 * here.
439 *
440 * If the length is small (as is the case for address_space_ldl/stl),
441 * everything works fine. If the incoming length is large, however,
442 * the caller really has to do the clamping through memory_access_size.
443 */
965eb2fc 444 if (memory_region_is_ram(mr)) {
e4a511f8 445 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 446 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
447 }
149f54b5
PB		 448 return section;
449}
90260c6c 450
41063e1e 451/* Called from RCU critical section */
5c8a00ce
PB		 452MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
453 hwaddr *xlat, hwaddr *plen,
454 bool is_write)
90260c6c 455{
30951157
AK		 456 IOMMUTLBEntry iotlb;
457 MemoryRegionSection *section;
458 MemoryRegion *mr;
30951157
AK		 459
460 for (;;) {
79e2b9ae
PB		 461 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
462 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 463 mr = section->mr;
464
465 if (!mr->iommu_ops) {
466 break;
467 }
468
8d7b8cb9 469 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 470 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
471 | (addr & iotlb.addr_mask));
23820dbf 472 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 473 if (!(iotlb.perm & (1 << is_write))) {
474 mr = &io_mem_unassigned;
475 break;
476 }
477
478 as = iotlb.target_as;
479 }
480
fe680d0d 481 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 482 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 483 *plen = MIN(page, *plen);
a87f3954
PB		 484 }
485
30951157
AK		 486 *xlat = addr;
487 return mr;
90260c6c
JK		 488}
489
79e2b9ae 490/* Called from RCU critical section */
90260c6c 491MemoryRegionSection *
d7898cda 492address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 493 hwaddr *xlat, hwaddr *plen)
90260c6c 494{
30951157 495 MemoryRegionSection *section;
d7898cda
PM		 496 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
497
498 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 499
500 assert(!section->mr->iommu_ops);
501 return section;
90260c6c 502}
5b6dd868 503#endif
fd6ce8f6 504
b170fce3 505#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 506
507static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 508{
259186a7 509 CPUState *cpu = opaque;
a513fe19 510
5b6dd868
BS		 511 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
512 version_id is increased. */
259186a7 513 cpu->interrupt_request &= ~0x01;
c01a71c1 514 tlb_flush(cpu, 1);
5b6dd868
BS		 515
516 return 0;
a513fe19 517}
7501267e 518
6c3bff0e
PD		 519static int cpu_common_pre_load(void *opaque)
520{
521 CPUState *cpu = opaque;
522
adee6424 523 cpu->exception_index = -1;
6c3bff0e
PD		 524
525 return 0;
526}
527
528static bool cpu_common_exception_index_needed(void *opaque)
529{
530 CPUState *cpu = opaque;
531
adee6424 532 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 533}
534
535static const VMStateDescription vmstate_cpu_common_exception_index = {
536 .name = "cpu_common/exception_index",
537 .version_id = 1,
538 .minimum_version_id = 1,
5cd8cada 539 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 540 .fields = (VMStateField[]) {
541 VMSTATE_INT32(exception_index, CPUState),
542 VMSTATE_END_OF_LIST()
543 }
544};
545
bac05aa9
AS		 546static bool cpu_common_crash_occurred_needed(void *opaque)
547{
548 CPUState *cpu = opaque;
549
550 return cpu->crash_occurred;
551}
552
553static const VMStateDescription vmstate_cpu_common_crash_occurred = {
554 .name = "cpu_common/crash_occurred",
555 .version_id = 1,
556 .minimum_version_id = 1,
557 .needed = cpu_common_crash_occurred_needed,
558 .fields = (VMStateField[]) {
559 VMSTATE_BOOL(crash_occurred, CPUState),
560 VMSTATE_END_OF_LIST()
561 }
562};
563
1a1562f5 564const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 565 .name = "cpu_common",
566 .version_id = 1,
567 .minimum_version_id = 1,
6c3bff0e 568 .pre_load = cpu_common_pre_load,
5b6dd868 569 .post_load = cpu_common_post_load,
35d08458 570 .fields = (VMStateField[]) {
259186a7
AF		 571 VMSTATE_UINT32(halted, CPUState),
572 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 573 VMSTATE_END_OF_LIST()
6c3bff0e 574 },
5cd8cada
JQ		 575 .subsections = (const VMStateDescription*[]) {
576 &vmstate_cpu_common_exception_index,
bac05aa9 577 &vmstate_cpu_common_crash_occurred,
5cd8cada 578 NULL
5b6dd868
BS		 579 }
580};
1a1562f5 581
5b6dd868 582#endif
ea041c0e 583
38d8f5c8 584CPUState *qemu_get_cpu(int index)
ea041c0e 585{
bdc44640 586 CPUState *cpu;
ea041c0e 587
bdc44640 588 CPU_FOREACH(cpu) {
55e5c285 589 if (cpu->cpu_index == index) {
bdc44640 590 return cpu;
55e5c285 591 }
ea041c0e 592 }
5b6dd868 593
bdc44640 594 return NULL;
ea041c0e
FB		 595}
596
09daed84 597#if !defined(CONFIG_USER_ONLY)
56943e8c 598void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 599{
12ebc9a7
PM		 600 CPUAddressSpace *newas;
601
602 /* Target code should have set num_ases before calling us */
603 assert(asidx < cpu->num_ases);
604
56943e8c
PM		 605 if (asidx == 0) {
606 /* address space 0 gets the convenience alias */
607 cpu->as = as;
608 }
609
12ebc9a7
PM		 610 /* KVM cannot currently support multiple address spaces. */
611 assert(asidx == 0 || !kvm_enabled());
09daed84 612
12ebc9a7
PM		 613 if (!cpu->cpu_ases) {
614 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 615 }
32857f4d 616
12ebc9a7
PM		 617 newas = &cpu->cpu_ases[asidx];
618 newas->cpu = cpu;
619 newas->as = as;
56943e8c 620 if (tcg_enabled()) {
12ebc9a7
PM		 621 newas->tcg_as_listener.commit = tcg_commit;
622 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 623 }
09daed84 624}
651a5bc0
PM		 625
626AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
627{
628 /* Return the AddressSpace corresponding to the specified index */
629 return cpu->cpu_ases[asidx].as;
630}
09daed84
EI		 631#endif
632
7bbc124e 633void cpu_exec_unrealizefn(CPUState *cpu)
1c59eb39 634{
9dfeca7c
BR		 635 CPUClass *cc = CPU_GET_CLASS(cpu);
636
267f685b 637 cpu_list_remove(cpu);
9dfeca7c
BR		 638
639 if (cc->vmsd != NULL) {
640 vmstate_unregister(NULL, cc->vmsd, cpu);
641 }
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
644 }
1c59eb39
BR		 645}
646
39e329e3 647void cpu_exec_initfn(CPUState *cpu)
ea041c0e 648{
56943e8c 649 cpu->as = NULL;
12ebc9a7 650 cpu->num_ases = 0;
56943e8c 651
291135b5 652#ifndef CONFIG_USER_ONLY
291135b5 653 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 654
655 /* This is a softmmu CPU object, so create a property for it
656 * so users can wire up its memory. (This can't go in qom/cpu.c
657 * because that file is compiled only once for both user-mode
658 * and system builds.) The default if no link is set up is to use
659 * the system address space.
660 */
661 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
662 (Object **)&cpu->memory,
663 qdev_prop_allow_set_link_before_realize,
664 OBJ_PROP_LINK_UNREF_ON_RELEASE,
665 &error_abort);
666 cpu->memory = system_memory;
667 object_ref(OBJECT(cpu->memory));
291135b5 668#endif
39e329e3
LV		 669}
670
ce5b1bbf 671void cpu_exec_realizefn(CPUState *cpu, Error **errp)
39e329e3
LV		 672{
673 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
291135b5 674
267f685b 675 cpu_list_add(cpu);
1bc7e522
IM		 676
677#ifndef CONFIG_USER_ONLY
e0d47944 678 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 679 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 680 }
b170fce3 681 if (cc->vmsd != NULL) {
741da0d3 682 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 683 }
741da0d3 684#endif
ea041c0e
FB		 685}
686
94df27fd 687#if defined(CONFIG_USER_ONLY)
00b941e5 688static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd 689{
ba051fb5
AB		 690 mmap_lock();
691 tb_lock();
94df27fd 692 tb_invalidate_phys_page_range(pc, pc + 1, 0);
ba051fb5
AB		 693 tb_unlock();
694 mmap_unlock();
94df27fd
PB		 695}
696#else
00b941e5 697static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 698{
5232e4c7
PM		 699 MemTxAttrs attrs;
700 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
701 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 702 if (phys != -1) {
ba051fb5 703 /* Locks grabbed by tb_invalidate_phys_addr */
5232e4c7 704 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 705 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 706 }
1e7855a5 707}
c27004ec 708#endif
d720b93d 709
c527ee8f 710#if defined(CONFIG_USER_ONLY)
75a34036 711void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 712
713{
714}
715
3ee887e8
PM		 716int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
717 int flags)
718{
719 return -ENOSYS;
720}
721
722void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
723{
724}
725
75a34036 726int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 727 int flags, CPUWatchpoint **watchpoint)
728{
729 return -ENOSYS;
730}
731#else
6658ffb8 732/* Add a watchpoint. */
75a34036 733int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 734 int flags, CPUWatchpoint **watchpoint)
6658ffb8 735{
c0ce998e 736 CPUWatchpoint *wp;
6658ffb8 737
05068c0d 738 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 739 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 740 error_report("tried to set invalid watchpoint at %"
741 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 742 return -EINVAL;
743 }
7267c094 744 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 745
746 wp->vaddr = addr;
05068c0d 747 wp->len = len;
a1d1bb31
AL		 748 wp->flags = flags;
749
2dc9f411 750 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 751 if (flags & BP_GDB) {
752 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
753 } else {
754 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
755 }
6658ffb8 756
31b030d4 757 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 758
759 if (watchpoint)
760 *watchpoint = wp;
761 return 0;
6658ffb8
PB		 762}
763
a1d1bb31 764/* Remove a specific watchpoint. */
75a34036 765int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 766 int flags)
6658ffb8 767{
a1d1bb31 768 CPUWatchpoint *wp;
6658ffb8 769
ff4700b0 770 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 771 if (addr == wp->vaddr && len == wp->len
6e140f28 772 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 773 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 774 return 0;
775 }
776 }
a1d1bb31 777 return -ENOENT;
6658ffb8
PB		 778}
779
a1d1bb31 780/* Remove a specific watchpoint by reference. */
75a34036 781void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 782{
ff4700b0 783 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 784
31b030d4 785 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 786
7267c094 787 g_free(watchpoint);
a1d1bb31
AL		 788}
789
790/* Remove all matching watchpoints. */
75a34036 791void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 792{
c0ce998e 793 CPUWatchpoint *wp, *next;
a1d1bb31 794
ff4700b0 795 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 796 if (wp->flags & mask) {
797 cpu_watchpoint_remove_by_ref(cpu, wp);
798 }
c0ce998e 799 }
7d03f82f 800}
05068c0d
PM		 801
802/* Return true if this watchpoint address matches the specified
803 * access (ie the address range covered by the watchpoint overlaps
804 * partially or completely with the address range covered by the
805 * access).
806 */
807static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
808 vaddr addr,
809 vaddr len)
810{
811 /* We know the lengths are non-zero, but a little caution is
812 * required to avoid errors in the case where the range ends
813 * exactly at the top of the address space and so addr + len
814 * wraps round to zero.
815 */
816 vaddr wpend = wp->vaddr + wp->len - 1;
817 vaddr addrend = addr + len - 1;
818
819 return !(addr > wpend || wp->vaddr > addrend);
820}
821
c527ee8f 822#endif
7d03f82f 823
a1d1bb31 824/* Add a breakpoint. */
b3310ab3 825int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 826 CPUBreakpoint **breakpoint)
4c3a88a2 827{
c0ce998e 828 CPUBreakpoint *bp;
3b46e624 829
7267c094 830 bp = g_malloc(sizeof(*bp));
4c3a88a2 831
a1d1bb31
AL		 832 bp->pc = pc;
833 bp->flags = flags;
834
2dc9f411 835 /* keep all GDB-injected breakpoints in front */
00b941e5 836 if (flags & BP_GDB) {
f0c3c505 837 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 838 } else {
f0c3c505 839 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 840 }
3b46e624 841
f0c3c505 842 breakpoint_invalidate(cpu, pc);
a1d1bb31 843
00b941e5 844 if (breakpoint) {
a1d1bb31 845 *breakpoint = bp;
00b941e5 846 }
4c3a88a2 847 return 0;
4c3a88a2
FB		 848}
849
a1d1bb31 850/* Remove a specific breakpoint. */
b3310ab3 851int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 852{
a1d1bb31
AL		 853 CPUBreakpoint *bp;
854
f0c3c505 855 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 856 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 857 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 858 return 0;
859 }
7d03f82f 860 }
a1d1bb31 861 return -ENOENT;
7d03f82f
EI		 862}
863
a1d1bb31 864/* Remove a specific breakpoint by reference. */
b3310ab3 865void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 866{
f0c3c505
AF		 867 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
868
869 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 870
7267c094 871 g_free(breakpoint);
a1d1bb31
AL		 872}
873
874/* Remove all matching breakpoints. */
b3310ab3 875void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 876{
c0ce998e 877 CPUBreakpoint *bp, *next;
a1d1bb31 878
f0c3c505 879 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 880 if (bp->flags & mask) {
881 cpu_breakpoint_remove_by_ref(cpu, bp);
882 }
c0ce998e 883 }
4c3a88a2
FB		 884}
885
c33a346e
FB		 886/* enable or disable single step mode. EXCP_DEBUG is returned by the
887 CPU loop after each instruction */
3825b28f 888void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 889{
ed2803da
AF		 890 if (cpu->singlestep_enabled != enabled) {
891 cpu->singlestep_enabled = enabled;
892 if (kvm_enabled()) {
38e478ec 893 kvm_update_guest_debug(cpu, 0);
ed2803da 894 } else {
ccbb4d44 895 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 896 /* XXX: only flush what is necessary */
bbd77c18 897 tb_flush(cpu);
e22a25c9 898 }
c33a346e 899 }
c33a346e
FB		 900}
901
a47dddd7 902void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 903{
904 va_list ap;
493ae1f0 905 va_list ap2;
7501267e
FB		 906
907 va_start(ap, fmt);
493ae1f0 908 va_copy(ap2, ap);
7501267e
FB		 909 fprintf(stderr, "qemu: fatal: ");
910 vfprintf(stderr, fmt, ap);
911 fprintf(stderr, "\n");
878096ee 912 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 913 if (qemu_log_separate()) {
1ee73216 914 qemu_log_lock();
93fcfe39
AL		 915 qemu_log("qemu: fatal: ");
916 qemu_log_vprintf(fmt, ap2);
917 qemu_log("\n");
a0762859 918 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 919 qemu_log_flush();
1ee73216 920 qemu_log_unlock();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617 1048 /* Normal RAM. */
e4e69794 1049 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1050 if (!section->readonly) {
b41aac4f 1051 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1052 } else {
b41aac4f 1053 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1054 }
1055 } else {
0b8e2c10
PM		 1056 AddressSpaceDispatch *d;
1057
1058 d = atomic_rcu_read(&section->address_space->dispatch);
1059 iotlb = section - d->map.sections;
149f54b5 1060 iotlb += xlat;
e5548617
BS		 1061 }
1062
1063 /* Make accesses to pages with watchpoints go via the
1064 watchpoint trap routines. */
ff4700b0 1065 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1066 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1067 /* Avoid trapping reads of pages with a write breakpoint. */
1068 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1069 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1070 *address |= TLB_MMIO;
1071 break;
1072 }
1073 }
1074 }
1075
1076 return iotlb;
1077}
9fa3e853
FB		 1078#endif /* defined(CONFIG_USER_ONLY) */
1079
e2eef170 1080#if !defined(CONFIG_USER_ONLY)
8da3ff18 1081
c227f099 1082static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1083 uint16_t section);
acc9d80b 1084static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1085
a2b257d6
IM		 1086static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1087 qemu_anon_ram_alloc;
91138037
MA		 1088
1089/*
1090 * Set a custom physical guest memory alloator.
1091 * Accelerators with unusual needs may need this. Hopefully, we can
1092 * get rid of it eventually.
1093 */
a2b257d6 1094void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1095{
1096 phys_mem_alloc = alloc;
1097}
1098
53cb28cb
MA		 1099static uint16_t phys_section_add(PhysPageMap *map,
1100 MemoryRegionSection *section)
5312bd8b 1101{
68f3f65b
PB		 1102 /* The physical section number is ORed with a page-aligned
1103 * pointer to produce the iotlb entries. Thus it should
1104 * never overflow into the page-aligned value.
1105 */
53cb28cb 1106 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1107
53cb28cb
MA		 1108 if (map->sections_nb == map->sections_nb_alloc) {
1109 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1110 map->sections = g_renew(MemoryRegionSection, map->sections,
1111 map->sections_nb_alloc);
5312bd8b 1112 }
53cb28cb 1113 map->sections[map->sections_nb] = *section;
dfde4e6e 1114 memory_region_ref(section->mr);
53cb28cb 1115 return map->sections_nb++;
5312bd8b
AK		 1116}
1117
058bc4b5
PB		 1118static void phys_section_destroy(MemoryRegion *mr)
1119{
55b4e80b
DS		 1120 bool have_sub_page = mr->subpage;
1121
dfde4e6e
PB		 1122 memory_region_unref(mr);
1123
55b4e80b 1124 if (have_sub_page) {
058bc4b5 1125 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1126 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1127 g_free(subpage);
1128 }
1129}
1130
6092666e 1131static void phys_sections_free(PhysPageMap *map)
5312bd8b 1132{
9affd6fc
PB		 1133 while (map->sections_nb > 0) {
1134 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1135 phys_section_destroy(section->mr);
1136 }
9affd6fc
PB		 1137 g_free(map->sections);
1138 g_free(map->nodes);
5312bd8b
AK		 1139}
1140
ac1970fb 1141static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1142{
1143 subpage_t *subpage;
a8170e5e 1144 hwaddr base = section->offset_within_address_space
0f0cb164 1145 & TARGET_PAGE_MASK;
97115a8d 1146 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1147 d->map.nodes, d->map.sections);
0f0cb164
AK		 1148 MemoryRegionSection subsection = {
1149 .offset_within_address_space = base,
052e87b0 1150 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1151 };
a8170e5e 1152 hwaddr start, end;
0f0cb164 1153
f3705d53 1154 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1155
f3705d53 1156 if (!(existing->mr->subpage)) {
acc9d80b 1157 subpage = subpage_init(d->as, base);
3be91e86 1158 subsection.address_space = d->as;
0f0cb164 1159 subsection.mr = &subpage->iomem;
ac1970fb 1160 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1161 phys_section_add(&d->map, &subsection));
0f0cb164 1162 } else {
f3705d53 1163 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1164 }
1165 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1166 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1167 subpage_register(subpage, start, end,
1168 phys_section_add(&d->map, section));
0f0cb164
AK		 1169}
1170
1171
052e87b0
PB		 1172static void register_multipage(AddressSpaceDispatch *d,
1173 MemoryRegionSection *section)
33417e70 1174{
a8170e5e 1175 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1176 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1177 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1178 TARGET_PAGE_BITS));
dd81124b 1179
733d5ef5
PB		 1180 assert(num_pages);
1181 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1182}
1183
ac1970fb 1184static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1185{
89ae337a 1186 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1187 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1188 MemoryRegionSection now = *section, remain = *section;
052e87b0 1189 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1190
733d5ef5
PB		 1191 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1192 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1193 - now.offset_within_address_space;
1194
052e87b0 1195 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1196 register_subpage(d, &now);
733d5ef5 1197 } else {
052e87b0 1198 now.size = int128_zero();
733d5ef5 1199 }
052e87b0
PB		 1200 while (int128_ne(remain.size, now.size)) {
1201 remain.size = int128_sub(remain.size, now.size);
1202 remain.offset_within_address_space += int128_get64(now.size);
1203 remain.offset_within_region += int128_get64(now.size);
69b67646 1204 now = remain;
052e87b0 1205 if (int128_lt(remain.size, page_size)) {
733d5ef5 1206 register_subpage(d, &now);
88266249 1207 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1208 now.size = page_size;
ac1970fb 1209 register_subpage(d, &now);
69b67646 1210 } else {
052e87b0 1211 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1212 register_multipage(d, &now);
69b67646 1213 }
0f0cb164
AK		 1214 }
1215}
1216
62a2744c
SY		 1217void qemu_flush_coalesced_mmio_buffer(void)
1218{
1219 if (kvm_enabled())
1220 kvm_flush_coalesced_mmio_buffer();
1221}
1222
b2a8658e
UD		 1223void qemu_mutex_lock_ramlist(void)
1224{
1225 qemu_mutex_lock(&ram_list.mutex);
1226}
1227
1228void qemu_mutex_unlock_ramlist(void)
1229{
1230 qemu_mutex_unlock(&ram_list.mutex);
1231}
1232
e1e84ba0 1233#ifdef __linux__
04b16653
AW		 1234static void *file_ram_alloc(RAMBlock *block,
1235 ram_addr_t memory,
7f56e740
PB		 1236 const char *path,
1237 Error **errp)
c902760f 1238{
fd97fd44 1239 bool unlink_on_error = false;
c902760f 1240 char *filename;
8ca761f6
PF		 1241 char *sanitized_name;
1242 char *c;
056b68af 1243 void *area = MAP_FAILED;
5c3ece79 1244 int fd = -1;
c902760f
MT		 1245
1246 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1247 error_setg(errp,
1248 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1249 return NULL;
c902760f
MT		 1250 }
1251
fd97fd44
MA		 1252 for (;;) {
1253 fd = open(path, O_RDWR);
1254 if (fd >= 0) {
1255 /* @path names an existing file, use it */
1256 break;
8d31d6b6 1257 }
fd97fd44
MA		 1258 if (errno == ENOENT) {
1259 /* @path names a file that doesn't exist, create it */
1260 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1261 if (fd >= 0) {
1262 unlink_on_error = true;
1263 break;
1264 }
1265 } else if (errno == EISDIR) {
1266 /* @path names a directory, create a file there */
1267 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1268 sanitized_name = g_strdup(memory_region_name(block->mr));
1269 for (c = sanitized_name; *c != '\0'; c++) {
1270 if (*c == '/') {
1271 *c = '_';
1272 }
1273 }
8ca761f6 1274
fd97fd44
MA		 1275 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1276 sanitized_name);
1277 g_free(sanitized_name);
8d31d6b6 1278
fd97fd44
MA		 1279 fd = mkstemp(filename);
1280 if (fd >= 0) {
1281 unlink(filename);
1282 g_free(filename);
1283 break;
1284 }
1285 g_free(filename);
8d31d6b6 1286 }
fd97fd44
MA		 1287 if (errno != EEXIST && errno != EINTR) {
1288 error_setg_errno(errp, errno,
1289 "can't open backing store %s for guest RAM",
1290 path);
1291 goto error;
1292 }
1293 /*
1294 * Try again on EINTR and EEXIST. The latter happens when
1295 * something else creates the file between our two open().
1296 */
8d31d6b6 1297 }
c902760f 1298
863e9621 1299 block->page_size = qemu_fd_getpagesize(fd);
8360668e
HZ		 1300 block->mr->align = block->page_size;
1301#if defined(__s390x__)
1302 if (kvm_enabled()) {
1303 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1304 }
1305#endif
fd97fd44 1306
863e9621 1307 if (memory < block->page_size) {
fd97fd44 1308 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
863e9621
DDAG		 1309 "or larger than page size 0x%zx",
1310 memory, block->page_size);
f9a49dfa 1311 goto error;
c902760f 1312 }
c902760f 1313
863e9621 1314 memory = ROUND_UP(memory, block->page_size);
c902760f
MT		 1315
1316 /*
1317 * ftruncate is not supported by hugetlbfs in older
1318 * hosts, so don't bother bailing out on errors.
1319 * If anything goes wrong with it under other filesystems,
1320 * mmap will fail.
1321 */
7f56e740 1322 if (ftruncate(fd, memory)) {
9742bf26 1323 perror("ftruncate");
7f56e740 1324 }
c902760f 1325
d2f39add
DD		 1326 area = qemu_ram_mmap(fd, memory, block->mr->align,
1327 block->flags & RAM_SHARED);
c902760f 1328 if (area == MAP_FAILED) {
7f56e740 1329 error_setg_errno(errp, errno,
fd97fd44 1330 "unable to map backing store for guest RAM");
f9a49dfa 1331 goto error;
c902760f 1332 }
ef36fa14
MT		 1333
1334 if (mem_prealloc) {
056b68af
IM		 1335 os_mem_prealloc(fd, area, memory, errp);
1336 if (errp && *errp) {
1337 goto error;
1338 }
ef36fa14
MT		 1339 }
1340
04b16653 1341 block->fd = fd;
c902760f 1342 return area;
f9a49dfa
MT		 1343
1344error:
056b68af
IM		 1345 if (area != MAP_FAILED) {
1346 qemu_ram_munmap(area, memory);
1347 }
fd97fd44
MA		 1348 if (unlink_on_error) {
1349 unlink(path);
1350 }
5c3ece79
PB		 1351 if (fd != -1) {
1352 close(fd);
1353 }
f9a49dfa 1354 return NULL;
c902760f
MT		 1355}
1356#endif
1357
0dc3f44a 1358/* Called with the ramlist lock held. */
d17b5288 1359static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1360{
1361 RAMBlock *block, *next_block;
3e837b2c 1362 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1363
49cd9ac6
SH		 1364 assert(size != 0); /* it would hand out same offset multiple times */
1365
0dc3f44a 1366 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1367 return 0;
0d53d9fe 1368 }
04b16653 1369
0dc3f44a 1370 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1371 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1372
62be4e3a 1373 end = block->offset + block->max_length;
04b16653 1374
0dc3f44a 1375 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1376 if (next_block->offset >= end) {
1377 next = MIN(next, next_block->offset);
1378 }
1379 }
1380 if (next - end >= size && next - end < mingap) {
3e837b2c 1381 offset = end;
04b16653
AW		 1382 mingap = next - end;
1383 }
1384 }
3e837b2c
AW		 1385
1386 if (offset == RAM_ADDR_MAX) {
1387 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1388 (uint64_t)size);
1389 abort();
1390 }
1391
04b16653
AW		 1392 return offset;
1393}
1394
652d7ec2 1395ram_addr_t last_ram_offset(void)
d17b5288
AW		 1396{
1397 RAMBlock *block;
1398 ram_addr_t last = 0;
1399
0dc3f44a
MD		 1400 rcu_read_lock();
1401 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1402 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1403 }
0dc3f44a 1404 rcu_read_unlock();
d17b5288
AW		 1405 return last;
1406}
1407
ddb97f1d
JB		 1408static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1409{
1410 int ret;
ddb97f1d
JB		 1411
1412 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1413 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1414 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1415 if (ret) {
1416 perror("qemu_madvise");
1417 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1418 "but dump_guest_core=off specified\n");
1419 }
1420 }
1421}
1422
422148d3
DDAG		 1423const char *qemu_ram_get_idstr(RAMBlock *rb)
1424{
1425 return rb->idstr;
1426}
1427
ae3a7047 1428/* Called with iothread lock held. */
fa53a0e5 1429void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1430{
fa53a0e5 1431 RAMBlock *block;
20cfe881 1432
c5705a77
AK		 1433 assert(new_block);
1434 assert(!new_block->idstr[0]);
84b89d78 1435
09e5ab63
AL		 1436 if (dev) {
1437 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1438 if (id) {
1439 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1440 g_free(id);
84b89d78
CM		 1441 }
1442 }
1443 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1444
ab0a9956 1445 rcu_read_lock();
0dc3f44a 1446 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1447 if (block != new_block &&
1448 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1449 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1450 new_block->idstr);
1451 abort();
1452 }
1453 }
0dc3f44a 1454 rcu_read_unlock();
c5705a77
AK		 1455}
1456
ae3a7047 1457/* Called with iothread lock held. */
fa53a0e5 1458void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1459{
ae3a7047
MD		 1460 /* FIXME: arch_init.c assumes that this is not called throughout
1461 * migration. Ignore the problem since hot-unplug during migration
1462 * does not work anyway.
1463 */
20cfe881
HT		 1464 if (block) {
1465 memset(block->idstr, 0, sizeof(block->idstr));
1466 }
1467}
1468
863e9621
DDAG		 1469size_t qemu_ram_pagesize(RAMBlock *rb)
1470{
1471 return rb->page_size;
1472}
1473
8490fc78
LC		 1474static int memory_try_enable_merging(void *addr, size_t len)
1475{
75cc7f01 1476 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1477 /* disabled by the user */
1478 return 0;
1479 }
1480
1481 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1482}
1483
62be4e3a
MT		 1484/* Only legal before guest might have detected the memory size: e.g. on
1485 * incoming migration, or right after reset.
1486 *
1487 * As memory core doesn't know how is memory accessed, it is up to
1488 * resize callback to update device state and/or add assertions to detect
1489 * misuse, if necessary.
1490 */
fa53a0e5 1491int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1492{
62be4e3a
MT		 1493 assert(block);
1494
4ed023ce 1495 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1496
62be4e3a
MT		 1497 if (block->used_length == newsize) {
1498 return 0;
1499 }
1500
1501 if (!(block->flags & RAM_RESIZEABLE)) {
1502 error_setg_errno(errp, EINVAL,
1503 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1504 " in != 0x" RAM_ADDR_FMT, block->idstr,
1505 newsize, block->used_length);
1506 return -EINVAL;
1507 }
1508
1509 if (block->max_length < newsize) {
1510 error_setg_errno(errp, EINVAL,
1511 "Length too large: %s: 0x" RAM_ADDR_FMT
1512 " > 0x" RAM_ADDR_FMT, block->idstr,
1513 newsize, block->max_length);
1514 return -EINVAL;
1515 }
1516
1517 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1518 block->used_length = newsize;
58d2707e
PB		 1519 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1520 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1521 memory_region_set_size(block->mr, newsize);
1522 if (block->resized) {
1523 block->resized(block->idstr, newsize, block->host);
1524 }
1525 return 0;
1526}
1527
5b82b703
SH		 1528/* Called with ram_list.mutex held */
1529static void dirty_memory_extend(ram_addr_t old_ram_size,
1530 ram_addr_t new_ram_size)
1531{
1532 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1533 DIRTY_MEMORY_BLOCK_SIZE);
1534 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1535 DIRTY_MEMORY_BLOCK_SIZE);
1536 int i;
1537
1538 /* Only need to extend if block count increased */
1539 if (new_num_blocks <= old_num_blocks) {
1540 return;
1541 }
1542
1543 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1544 DirtyMemoryBlocks *old_blocks;
1545 DirtyMemoryBlocks *new_blocks;
1546 int j;
1547
1548 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1549 new_blocks = g_malloc(sizeof(*new_blocks) +
1550 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1551
1552 if (old_num_blocks) {
1553 memcpy(new_blocks->blocks, old_blocks->blocks,
1554 old_num_blocks * sizeof(old_blocks->blocks[0]));
1555 }
1556
1557 for (j = old_num_blocks; j < new_num_blocks; j++) {
1558 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1559 }
1560
1561 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1562
1563 if (old_blocks) {
1564 g_free_rcu(old_blocks, rcu);
1565 }
1566 }
1567}
1568
528f46af 1569static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1570{
e1c57ab8 1571 RAMBlock *block;
0d53d9fe 1572 RAMBlock *last_block = NULL;
2152f5ca 1573 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1574 Error *err = NULL;
2152f5ca
JQ		 1575
1576 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1577
b2a8658e 1578 qemu_mutex_lock_ramlist();
9b8424d5 1579 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1580
1581 if (!new_block->host) {
1582 if (xen_enabled()) {
9b8424d5 1583 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1584 new_block->mr, &err);
1585 if (err) {
1586 error_propagate(errp, err);
1587 qemu_mutex_unlock_ramlist();
39c350ee 1588 return;
37aa7a0e 1589 }
e1c57ab8 1590 } else {
9b8424d5 1591 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1592 &new_block->mr->align);
39228250 1593 if (!new_block->host) {
ef701d7b
HT		 1594 error_setg_errno(errp, errno,
1595 "cannot set up guest memory '%s'",
1596 memory_region_name(new_block->mr));
1597 qemu_mutex_unlock_ramlist();
39c350ee 1598 return;
39228250 1599 }
9b8424d5 1600 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1601 }
c902760f 1602 }
94a6b54f 1603
dd631697
LZ		 1604 new_ram_size = MAX(old_ram_size,
1605 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1606 if (new_ram_size > old_ram_size) {
1607 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1608 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1609 }
0d53d9fe
MD		 1610 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1611 * QLIST (which has an RCU-friendly variant) does not have insertion at
1612 * tail, so save the last element in last_block.
1613 */
0dc3f44a 1614 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1615 last_block = block;
9b8424d5 1616 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1617 break;
1618 }
1619 }
1620 if (block) {
0dc3f44a 1621 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1622 } else if (last_block) {
0dc3f44a 1623 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1624 } else { /* list is empty */
0dc3f44a 1625 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1626 }
0d6d3c87 1627 ram_list.mru_block = NULL;
94a6b54f 1628
0dc3f44a
MD		 1629 /* Write list before version */
1630 smp_wmb();
f798b07f 1631 ram_list.version++;
b2a8658e 1632 qemu_mutex_unlock_ramlist();
f798b07f 1633
9b8424d5 1634 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1635 new_block->used_length,
1636 DIRTY_CLIENTS_ALL);
94a6b54f 1637
a904c911
PB		 1638 if (new_block->host) {
1639 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1640 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
c2cd627d 1641 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
a904c911 1642 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
e1c57ab8 1643 }
94a6b54f 1644}
e9a1ab19 1645
0b183fc8 1646#ifdef __linux__
528f46af
FZ		 1647RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1648 bool share, const char *mem_path,
1649 Error **errp)
e1c57ab8
PB		 1650{
1651 RAMBlock *new_block;
ef701d7b 1652 Error *local_err = NULL;
e1c57ab8
PB		 1653
1654 if (xen_enabled()) {
7f56e740 1655 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1656 return NULL;
e1c57ab8
PB		 1657 }
1658
1659 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1660 /*
1661 * file_ram_alloc() needs to allocate just like
1662 * phys_mem_alloc, but we haven't bothered to provide
1663 * a hook there.
1664 */
7f56e740
PB		 1665 error_setg(errp,
1666 "-mem-path not supported with this accelerator");
528f46af 1667 return NULL;
e1c57ab8
PB		 1668 }
1669
4ed023ce 1670 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1671 new_block = g_malloc0(sizeof(*new_block));
1672 new_block->mr = mr;
9b8424d5
MT		 1673 new_block->used_length = size;
1674 new_block->max_length = size;
dbcb8981 1675 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1676 new_block->host = file_ram_alloc(new_block, size,
1677 mem_path, errp);
1678 if (!new_block->host) {
1679 g_free(new_block);
528f46af 1680 return NULL;
7f56e740
PB		 1681 }
1682
528f46af 1683 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1684 if (local_err) {
1685 g_free(new_block);
1686 error_propagate(errp, local_err);
528f46af 1687 return NULL;
ef701d7b 1688 }
528f46af 1689 return new_block;
e1c57ab8 1690}
0b183fc8 1691#endif
e1c57ab8 1692
62be4e3a 1693static
528f46af
FZ		 1694RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1695 void (*resized)(const char*,
1696 uint64_t length,
1697 void *host),
1698 void *host, bool resizeable,
1699 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1700{
1701 RAMBlock *new_block;
ef701d7b 1702 Error *local_err = NULL;
e1c57ab8 1703
4ed023ce
DDAG		 1704 size = HOST_PAGE_ALIGN(size);
1705 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1706 new_block = g_malloc0(sizeof(*new_block));
1707 new_block->mr = mr;
62be4e3a 1708 new_block->resized = resized;
9b8424d5
MT		 1709 new_block->used_length = size;
1710 new_block->max_length = max_size;
62be4e3a 1711 assert(max_size >= size);
e1c57ab8 1712 new_block->fd = -1;
863e9621 1713 new_block->page_size = getpagesize();
e1c57ab8
PB		 1714 new_block->host = host;
1715 if (host) {
7bd4f430 1716 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1717 }
62be4e3a
MT		 1718 if (resizeable) {
1719 new_block->flags |= RAM_RESIZEABLE;
1720 }
528f46af 1721 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1722 if (local_err) {
1723 g_free(new_block);
1724 error_propagate(errp, local_err);
528f46af 1725 return NULL;
ef701d7b 1726 }
528f46af 1727 return new_block;
e1c57ab8
PB		 1728}
1729
528f46af 1730RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1731 MemoryRegion *mr, Error **errp)
1732{
1733 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1734}
1735
528f46af 1736RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1737{
62be4e3a
MT		 1738 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1739}
1740
528f46af 1741RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1742 void (*resized)(const char*,
1743 uint64_t length,
1744 void *host),
1745 MemoryRegion *mr, Error **errp)
1746{
1747 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1748}
1749
43771539
PB		 1750static void reclaim_ramblock(RAMBlock *block)
1751{
1752 if (block->flags & RAM_PREALLOC) {
1753 ;
1754 } else if (xen_enabled()) {
1755 xen_invalidate_map_cache_entry(block->host);
1756#ifndef _WIN32
1757 } else if (block->fd >= 0) {
2f3a2bb1 1758 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1759 close(block->fd);
1760#endif
1761 } else {
1762 qemu_anon_ram_free(block->host, block->max_length);
1763 }
1764 g_free(block);
1765}
1766
f1060c55 1767void qemu_ram_free(RAMBlock *block)
e9a1ab19 1768{
85bc2a15
MAL		 1769 if (!block) {
1770 return;
1771 }
1772
b2a8658e 1773 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1774 QLIST_REMOVE_RCU(block, next);
1775 ram_list.mru_block = NULL;
1776 /* Write list before version */
1777 smp_wmb();
1778 ram_list.version++;
1779 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1780 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1781}
1782
cd19cfa2
HY		 1783#ifndef _WIN32
1784void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1785{
1786 RAMBlock *block;
1787 ram_addr_t offset;
1788 int flags;
1789 void *area, *vaddr;
1790
0dc3f44a 1791 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1792 offset = addr - block->offset;
9b8424d5 1793 if (offset < block->max_length) {
1240be24 1794 vaddr = ramblock_ptr(block, offset);
7bd4f430 1795 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1796 ;
dfeaf2ab
MA		 1797 } else if (xen_enabled()) {
1798 abort();
cd19cfa2
HY		 1799 } else {
1800 flags = MAP_FIXED;
3435f395 1801 if (block->fd >= 0) {
dbcb8981
PB		 1802 flags |= (block->flags & RAM_SHARED ?
1803 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1804 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1805 flags, block->fd, offset);
cd19cfa2 1806 } else {
2eb9fbaa
MA		 1807 /*
1808 * Remap needs to match alloc. Accelerators that
1809 * set phys_mem_alloc never remap. If they did,
1810 * we'd need a remap hook here.
1811 */
1812 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1813
cd19cfa2
HY		 1814 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1815 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1816 flags, -1, 0);
cd19cfa2
HY		 1817 }
1818 if (area != vaddr) {
f15fbc4b
AP		 1819 fprintf(stderr, "Could not remap addr: "
1820 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1821 length, addr);
1822 exit(1);
1823 }
8490fc78 1824 memory_try_enable_merging(vaddr, length);
ddb97f1d 1825 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1826 }
cd19cfa2
HY		 1827 }
1828 }
1829}
1830#endif /* !_WIN32 */
1831
1b5ec234 1832/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1833 * This should not be used for general purpose DMA. Use address_space_map
1834 * or address_space_rw instead. For local memory (e.g. video ram) that the
1835 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1836 *
49b24afc 1837 * Called within RCU critical section.
1b5ec234 1838 */
0878d0e1 1839void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1840{
3655cb9c
GA		 1841 RAMBlock *block = ram_block;
1842
1843 if (block == NULL) {
1844 block = qemu_get_ram_block(addr);
0878d0e1 1845 addr -= block->offset;
3655cb9c 1846 }
ae3a7047
MD		 1847
1848 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1849 /* We need to check if the requested address is in the RAM
1850 * because we don't want to map the entire memory in QEMU.
1851 * In that case just map until the end of the page.
1852 */
1853 if (block->offset == 0) {
49b24afc 1854 return xen_map_cache(addr, 0, 0);
0d6d3c87 1855 }
ae3a7047
MD		 1856
1857 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1858 }
0878d0e1 1859 return ramblock_ptr(block, addr);
dc828ca1
PB		 1860}
1861
0878d0e1 1862/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1863 * but takes a size argument.
0dc3f44a 1864 *
e81bcda5 1865 * Called within RCU critical section.
ae3a7047 1866 */
3655cb9c
GA		 1867static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1868 hwaddr *size)
38bee5dc 1869{
3655cb9c 1870 RAMBlock *block = ram_block;
8ab934f9
SS		 1871 if (*size == 0) {
1872 return NULL;
1873 }
e81bcda5 1874
3655cb9c
GA		 1875 if (block == NULL) {
1876 block = qemu_get_ram_block(addr);
0878d0e1 1877 addr -= block->offset;
3655cb9c 1878 }
0878d0e1 1879 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1880
1881 if (xen_enabled() && block->host == NULL) {
1882 /* We need to check if the requested address is in the RAM
1883 * because we don't want to map the entire memory in QEMU.
1884 * In that case just map the requested area.
1885 */
1886 if (block->offset == 0) {
1887 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1888 }
1889
e81bcda5 1890 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1891 }
e81bcda5 1892
0878d0e1 1893 return ramblock_ptr(block, addr);
38bee5dc
SS		 1894}
1895
422148d3
DDAG		 1896/*
1897 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1898 * in that RAMBlock.
1899 *
1900 * ptr: Host pointer to look up
1901 * round_offset: If true round the result offset down to a page boundary
1902 * *ram_addr: set to result ram_addr
1903 * *offset: set to result offset within the RAMBlock
1904 *
1905 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1906 *
1907 * By the time this function returns, the returned pointer is not protected
1908 * by RCU anymore. If the caller is not within an RCU critical section and
1909 * does not hold the iothread lock, it must have other means of protecting the
1910 * pointer, such as a reference to the region that includes the incoming
1911 * ram_addr_t.
1912 */
422148d3 1913RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1914 ram_addr_t *offset)
5579c7f3 1915{
94a6b54f
PB		 1916 RAMBlock *block;
1917 uint8_t *host = ptr;
1918
868bb33f 1919 if (xen_enabled()) {
f615f396 1920 ram_addr_t ram_addr;
0dc3f44a 1921 rcu_read_lock();
f615f396
PB		 1922 ram_addr = xen_ram_addr_from_mapcache(ptr);
1923 block = qemu_get_ram_block(ram_addr);
422148d3 1924 if (block) {
d6b6aec4 1925 *offset = ram_addr - block->offset;
422148d3 1926 }
0dc3f44a 1927 rcu_read_unlock();
422148d3 1928 return block;
712c2b41
SS		 1929 }
1930
0dc3f44a
MD		 1931 rcu_read_lock();
1932 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1933 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1934 goto found;
1935 }
1936
0dc3f44a 1937 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1938 /* This case append when the block is not mapped. */
1939 if (block->host == NULL) {
1940 continue;
1941 }
9b8424d5 1942 if (host - block->host < block->max_length) {
23887b79 1943 goto found;
f471a17e 1944 }
94a6b54f 1945 }
432d268c 1946
0dc3f44a 1947 rcu_read_unlock();
1b5ec234 1948 return NULL;
23887b79
PB		 1949
1950found:
422148d3
DDAG		 1951 *offset = (host - block->host);
1952 if (round_offset) {
1953 *offset &= TARGET_PAGE_MASK;
1954 }
0dc3f44a 1955 rcu_read_unlock();
422148d3
DDAG		 1956 return block;
1957}
1958
e3dd7493
DDAG		 1959/*
1960 * Finds the named RAMBlock
1961 *
1962 * name: The name of RAMBlock to find
1963 *
1964 * Returns: RAMBlock (or NULL if not found)
1965 */
1966RAMBlock *qemu_ram_block_by_name(const char *name)
1967{
1968 RAMBlock *block;
1969
1970 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1971 if (!strcmp(name, block->idstr)) {
1972 return block;
1973 }
1974 }
1975
1976 return NULL;
1977}
1978
422148d3
DDAG		 1979/* Some of the softmmu routines need to translate from a host pointer
1980 (typically a TLB entry) back to a ram offset. */
07bdaa41 1981ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1982{
1983 RAMBlock *block;
f615f396 1984 ram_addr_t offset;
422148d3 1985
f615f396 1986 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1987 if (!block) {
07bdaa41 1988 return RAM_ADDR_INVALID;
422148d3
DDAG		 1989 }
1990
07bdaa41 1991 return block->offset + offset;
e890261f 1992}
f471a17e 1993
49b24afc 1994/* Called within RCU critical section. */
a8170e5e 1995static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1996 uint64_t val, unsigned size)
9fa3e853 1997{
ba051fb5
AB		 1998 bool locked = false;
1999
52159192 2000 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
ba051fb5
AB		 2001 locked = true;
2002 tb_lock();
0e0df1e2 2003 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2004 }
0e0df1e2
AK		 2005 switch (size) {
2006 case 1:
0878d0e1 2007 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2008 break;
2009 case 2:
0878d0e1 2010 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2011 break;
2012 case 4:
0878d0e1 2013 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2014 break;
2015 default:
2016 abort();
3a7d929e 2017 }
ba051fb5
AB		 2018
2019 if (locked) {
2020 tb_unlock();
2021 }
2022
58d2707e
PB		 2023 /* Set both VGA and migration bits for simplicity and to remove
2024 * the notdirty callback faster.
2025 */
2026 cpu_physical_memory_set_dirty_range(ram_addr, size,
2027 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2028 /* we remove the notdirty callback only if the code has been
2029 flushed */
a2cd8c85 2030 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2031 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2032 }
9fa3e853
FB		 2033}
2034
b018ddf6
PB		 2035static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2036 unsigned size, bool is_write)
2037{
2038 return is_write;
2039}
2040
0e0df1e2 2041static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2042 .write = notdirty_mem_write,
b018ddf6 2043 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2044 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2045};
2046
0f459d16 2047/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2048static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2049{
93afeade 2050 CPUState *cpu = current_cpu;
568496c0 2051 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2052 CPUArchState *env = cpu->env_ptr;
06d55cc1 2053 target_ulong pc, cs_base;
0f459d16 2054 target_ulong vaddr;
a1d1bb31 2055 CPUWatchpoint *wp;
89fee74a 2056 uint32_t cpu_flags;
0f459d16 2057
ff4700b0 2058 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2059 /* We re-entered the check after replacing the TB. Now raise
2060 * the debug interrupt so that is will trigger after the
2061 * current instruction. */
93afeade 2062 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2063 return;
2064 }
93afeade 2065 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2066 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2067 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2068 && (wp->flags & flags)) {
08225676
PM		 2069 if (flags == BP_MEM_READ) {
2070 wp->flags |= BP_WATCHPOINT_HIT_READ;
2071 } else {
2072 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2073 }
2074 wp->hitaddr = vaddr;
66b9b43c 2075 wp->hitattrs = attrs;
ff4700b0 2076 if (!cpu->watchpoint_hit) {
568496c0
SF		 2077 if (wp->flags & BP_CPU &&
2078 !cc->debug_check_watchpoint(cpu, wp)) {
2079 wp->flags &= ~BP_WATCHPOINT_HIT;
2080 continue;
2081 }
ff4700b0 2082 cpu->watchpoint_hit = wp;
a5e99826
FK		 2083
2084 /* The tb_lock will be reset when cpu_loop_exit or
2085 * cpu_loop_exit_noexc longjmp back into the cpu_exec
2086 * main loop.
2087 */
2088 tb_lock();
239c51a5 2089 tb_check_watchpoint(cpu);
6e140f28 2090 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2091 cpu->exception_index = EXCP_DEBUG;
5638d180 2092 cpu_loop_exit(cpu);
6e140f28
AL		 2093 } else {
2094 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2095 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2096 cpu_loop_exit_noexc(cpu);
6e140f28 2097 }
06d55cc1 2098 }
6e140f28
AL		 2099 } else {
2100 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2101 }
2102 }
2103}
2104
6658ffb8
PB		 2105/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2106 so these check for a hit then pass through to the normal out-of-line
2107 phys routines. */
66b9b43c
PM		 2108static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2109 unsigned size, MemTxAttrs attrs)
6658ffb8 2110{
66b9b43c
PM		 2111 MemTxResult res;
2112 uint64_t data;
79ed0416
PM		 2113 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2114 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2115
2116 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2117 switch (size) {
66b9b43c 2118 case 1:
79ed0416 2119 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2120 break;
2121 case 2:
79ed0416 2122 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2123 break;
2124 case 4:
79ed0416 2125 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2126 break;
1ec9b909
AK		 2127 default: abort();
2128 }
66b9b43c
PM		 2129 *pdata = data;
2130 return res;
6658ffb8
PB		 2131}
2132
66b9b43c
PM		 2133static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2134 uint64_t val, unsigned size,
2135 MemTxAttrs attrs)
6658ffb8 2136{
66b9b43c 2137 MemTxResult res;
79ed0416
PM		 2138 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2139 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2140
2141 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2142 switch (size) {
67364150 2143 case 1:
79ed0416 2144 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2145 break;
2146 case 2:
79ed0416 2147 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2148 break;
2149 case 4:
79ed0416 2150 address_space_stl(as, addr, val, attrs, &res);
67364150 2151 break;
1ec9b909
AK		 2152 default: abort();
2153 }
66b9b43c 2154 return res;
6658ffb8
PB		 2155}
2156
1ec9b909 2157static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2158 .read_with_attrs = watch_mem_read,
2159 .write_with_attrs = watch_mem_write,
1ec9b909 2160 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2161};
6658ffb8 2162
f25a49e0
PM		 2163static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2164 unsigned len, MemTxAttrs attrs)
db7b5426 2165{
acc9d80b 2166 subpage_t *subpage = opaque;
ff6cff75 2167 uint8_t buf[8];
5c9eb028 2168 MemTxResult res;
791af8c8 2169
db7b5426 2170#if defined(DEBUG_SUBPAGE)
016e9d62 2171 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2172 subpage, len, addr);
db7b5426 2173#endif
5c9eb028
PM		 2174 res = address_space_read(subpage->as, addr + subpage->base,
2175 attrs, buf, len);
2176 if (res) {
2177 return res;
f25a49e0 2178 }
acc9d80b
JK		 2179 switch (len) {
2180 case 1:
f25a49e0
PM		 2181 *data = ldub_p(buf);
2182 return MEMTX_OK;
acc9d80b 2183 case 2:
f25a49e0
PM		 2184 *data = lduw_p(buf);
2185 return MEMTX_OK;
acc9d80b 2186 case 4:
f25a49e0
PM		 2187 *data = ldl_p(buf);
2188 return MEMTX_OK;
ff6cff75 2189 case 8:
f25a49e0
PM		 2190 *data = ldq_p(buf);
2191 return MEMTX_OK;
acc9d80b
JK		 2192 default:
2193 abort();
2194 }
db7b5426
BS		 2195}
2196
f25a49e0
PM		 2197static MemTxResult subpage_write(void *opaque, hwaddr addr,
2198 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2199{
acc9d80b 2200 subpage_t *subpage = opaque;
ff6cff75 2201 uint8_t buf[8];
acc9d80b 2202
db7b5426 2203#if defined(DEBUG_SUBPAGE)
016e9d62 2204 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2205 " value %"PRIx64"\n",
2206 __func__, subpage, len, addr, value);
db7b5426 2207#endif
acc9d80b
JK		 2208 switch (len) {
2209 case 1:
2210 stb_p(buf, value);
2211 break;
2212 case 2:
2213 stw_p(buf, value);
2214 break;
2215 case 4:
2216 stl_p(buf, value);
2217 break;
ff6cff75
PB		 2218 case 8:
2219 stq_p(buf, value);
2220 break;
acc9d80b
JK		 2221 default:
2222 abort();
2223 }
5c9eb028
PM		 2224 return address_space_write(subpage->as, addr + subpage->base,
2225 attrs, buf, len);
db7b5426
BS		 2226}
2227
c353e4cc 2228static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2229 unsigned len, bool is_write)
c353e4cc 2230{
acc9d80b 2231 subpage_t *subpage = opaque;
c353e4cc 2232#if defined(DEBUG_SUBPAGE)
016e9d62 2233 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2234 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2235#endif
2236
acc9d80b 2237 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2238 len, is_write);
c353e4cc
PB		 2239}
2240
70c68e44 2241static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2242 .read_with_attrs = subpage_read,
2243 .write_with_attrs = subpage_write,
ff6cff75
PB		 2244 .impl.min_access_size = 1,
2245 .impl.max_access_size = 8,
2246 .valid.min_access_size = 1,
2247 .valid.max_access_size = 8,
c353e4cc 2248 .valid.accepts = subpage_accepts,
70c68e44 2249 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2250};
2251
c227f099 2252static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2253 uint16_t section)
db7b5426
BS		 2254{
2255 int idx, eidx;
2256
2257 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2258 return -1;
2259 idx = SUBPAGE_IDX(start);
2260 eidx = SUBPAGE_IDX(end);
2261#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2262 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2263 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2264#endif
db7b5426 2265 for (; idx <= eidx; idx++) {
5312bd8b 2266 mmio->sub_section[idx] = section;
db7b5426
BS		 2267 }
2268
2269 return 0;
2270}
2271
acc9d80b 2272static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2273{
c227f099 2274 subpage_t *mmio;
db7b5426 2275
2615fabd 2276 mmio = g_malloc0(sizeof(subpage_t) + TARGET_PAGE_SIZE * sizeof(uint16_t));
acc9d80b 2277 mmio->as = as;
1eec614b 2278 mmio->base = base;
2c9b15ca 2279 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2280 NULL, TARGET_PAGE_SIZE);
b3b00c78 2281 mmio->iomem.subpage = true;
db7b5426 2282#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2283 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2284 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2285#endif
b41aac4f 2286 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2287
2288 return mmio;
2289}
2290
a656e22f
PC		 2291static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2292 MemoryRegion *mr)
5312bd8b 2293{
a656e22f 2294 assert(as);
5312bd8b 2295 MemoryRegionSection section = {
a656e22f 2296 .address_space = as,
5312bd8b
AK		 2297 .mr = mr,
2298 .offset_within_address_space = 0,
2299 .offset_within_region = 0,
052e87b0 2300 .size = int128_2_64(),
5312bd8b
AK		 2301 };
2302
53cb28cb 2303 return phys_section_add(map, &section);
5312bd8b
AK		 2304}
2305
a54c87b6 2306MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2307{
a54c87b6
PM		 2308 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2309 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2310 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2311 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2312
2313 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2314}
2315
e9179ce1
AK		 2316static void io_mem_init(void)
2317{
1f6245e5 2318 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2319 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2320 NULL, UINT64_MAX);
2c9b15ca 2321 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2322 NULL, UINT64_MAX);
2c9b15ca 2323 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2324 NULL, UINT64_MAX);
e9179ce1
AK		 2325}
2326
ac1970fb 2327static void mem_begin(MemoryListener *listener)
00752703
PB		 2328{
2329 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2330 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2331 uint16_t n;
2332
a656e22f 2333 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2334 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2335 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2336 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2337 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2338 assert(n == PHYS_SECTION_ROM);
a656e22f 2339 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2340 assert(n == PHYS_SECTION_WATCH);
00752703 2341
9736e55b 2342 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2343 d->as = as;
2344 as->next_dispatch = d;
2345}
2346
79e2b9ae
PB		 2347static void address_space_dispatch_free(AddressSpaceDispatch *d)
2348{
2349 phys_sections_free(&d->map);
2350 g_free(d);
2351}
2352
00752703 2353static void mem_commit(MemoryListener *listener)
ac1970fb 2354{
89ae337a 2355 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2356 AddressSpaceDispatch *cur = as->dispatch;
2357 AddressSpaceDispatch *next = as->next_dispatch;
2358
53cb28cb 2359 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2360
79e2b9ae 2361 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2362 if (cur) {
79e2b9ae 2363 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2364 }
9affd6fc
PB		 2365}
2366
1d71148e 2367static void tcg_commit(MemoryListener *listener)
50c1e149 2368{
32857f4d
PM		 2369 CPUAddressSpace *cpuas;
2370 AddressSpaceDispatch *d;
117712c3
AK		 2371
2372 /* since each CPU stores ram addresses in its TLB cache, we must
2373 reset the modified entries */
32857f4d
PM		 2374 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2375 cpu_reloading_memory_map();
2376 /* The CPU and TLB are protected by the iothread lock.
2377 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2378 * may have split the RCU critical section.
2379 */
2380 d = atomic_rcu_read(&cpuas->as->dispatch);
2381 cpuas->memory_dispatch = d;
2382 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2383}
2384
ac1970fb
AK		 2385void address_space_init_dispatch(AddressSpace *as)
2386{
00752703 2387 as->dispatch = NULL;
89ae337a 2388 as->dispatch_listener = (MemoryListener) {
ac1970fb 2389 .begin = mem_begin,
00752703 2390 .commit = mem_commit,
ac1970fb
AK		 2391 .region_add = mem_add,
2392 .region_nop = mem_add,
2393 .priority = 0,
2394 };
89ae337a 2395 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2396}
2397
6e48e8f9
PB		 2398void address_space_unregister(AddressSpace *as)
2399{
2400 memory_listener_unregister(&as->dispatch_listener);
2401}
2402
83f3c251
AK		 2403void address_space_destroy_dispatch(AddressSpace *as)
2404{
2405 AddressSpaceDispatch *d = as->dispatch;
2406
79e2b9ae
PB		 2407 atomic_rcu_set(&as->dispatch, NULL);
2408 if (d) {
2409 call_rcu(d, address_space_dispatch_free, rcu);
2410 }
83f3c251
AK		 2411}
2412
62152b8a
AK		 2413static void memory_map_init(void)
2414{
7267c094 2415 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2416
57271d63 2417 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2418 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2419
7267c094 2420 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2421 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2422 65536);
7dca8043 2423 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2424}
2425
2426MemoryRegion *get_system_memory(void)
2427{
2428 return system_memory;
2429}
2430
309cb471
AK		 2431MemoryRegion *get_system_io(void)
2432{
2433 return system_io;
2434}
2435
e2eef170
PB		 2436#endif /* !defined(CONFIG_USER_ONLY) */
2437
13eb76e0
FB		 2438/* physical memory access (slow version, mainly for debug) */
2439#if defined(CONFIG_USER_ONLY)
f17ec444 2440int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2441 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2442{
2443 int l, flags;
2444 target_ulong page;
53a5960a 2445 void * p;
13eb76e0
FB		 2446
2447 while (len > 0) {
2448 page = addr & TARGET_PAGE_MASK;
2449 l = (page + TARGET_PAGE_SIZE) - addr;
2450 if (l > len)
2451 l = len;
2452 flags = page_get_flags(page);
2453 if (!(flags & PAGE_VALID))
a68fe89c 2454 return -1;
13eb76e0
FB		 2455 if (is_write) {
2456 if (!(flags & PAGE_WRITE))
a68fe89c 2457 return -1;
579a97f7 2458 /* XXX: this code should not depend on lock_user */
72fb7daa 2459 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2460 return -1;
72fb7daa
AJ		 2461 memcpy(p, buf, l);
2462 unlock_user(p, addr, l);
13eb76e0
FB		 2463 } else {
2464 if (!(flags & PAGE_READ))
a68fe89c 2465 return -1;
579a97f7 2466 /* XXX: this code should not depend on lock_user */
72fb7daa 2467 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2468 return -1;
72fb7daa 2469 memcpy(buf, p, l);
5b257578 2470 unlock_user(p, addr, 0);
13eb76e0
FB		 2471 }
2472 len -= l;
2473 buf += l;
2474 addr += l;
2475 }
a68fe89c 2476 return 0;
13eb76e0 2477}
8df1cd07 2478
13eb76e0 2479#else
51d7a9eb 2480
845b6214 2481static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2482 hwaddr length)
51d7a9eb 2483{
e87f7778 2484 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2485 addr += memory_region_get_ram_addr(mr);
2486
e87f7778
PB		 2487 /* No early return if dirty_log_mask is or becomes 0, because
2488 * cpu_physical_memory_set_dirty_range will still call
2489 * xen_modified_memory.
2490 */
2491 if (dirty_log_mask) {
2492 dirty_log_mask =
2493 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2494 }
2495 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
ba051fb5 2496 tb_lock();
e87f7778 2497 tb_invalidate_phys_range(addr, addr + length);
ba051fb5 2498 tb_unlock();
e87f7778 2499 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2500 }
e87f7778 2501 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2502}
2503
23326164 2504static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2505{
e1622f4b 2506 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2507
2508 /* Regions are assumed to support 1-4 byte accesses unless
2509 otherwise specified. */
23326164
RH		 2510 if (access_size_max == 0) {
2511 access_size_max = 4;
2512 }
2513
2514 /* Bound the maximum access by the alignment of the address. */
2515 if (!mr->ops->impl.unaligned) {
2516 unsigned align_size_max = addr & -addr;
2517 if (align_size_max != 0 && align_size_max < access_size_max) {
2518 access_size_max = align_size_max;
2519 }
82f2563f 2520 }
23326164
RH		 2521
2522 /* Don't attempt accesses larger than the maximum. */
2523 if (l > access_size_max) {
2524 l = access_size_max;
82f2563f 2525 }
6554f5c0 2526 l = pow2floor(l);
23326164
RH		 2527
2528 return l;
82f2563f
PB		 2529}
2530
4840f10e 2531static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2532{
4840f10e
JK		 2533 bool unlocked = !qemu_mutex_iothread_locked();
2534 bool release_lock = false;
2535
2536 if (unlocked && mr->global_locking) {
2537 qemu_mutex_lock_iothread();
2538 unlocked = false;
2539 release_lock = true;
2540 }
125b3806 2541 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2542 if (unlocked) {
2543 qemu_mutex_lock_iothread();
2544 }
125b3806 2545 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2546 if (unlocked) {
2547 qemu_mutex_unlock_iothread();
2548 }
125b3806 2549 }
4840f10e
JK		 2550
2551 return release_lock;
125b3806
PB		 2552}
2553
a203ac70
PB		 2554/* Called within RCU critical section. */
2555static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2556 MemTxAttrs attrs,
2557 const uint8_t *buf,
2558 int len, hwaddr addr1,
2559 hwaddr l, MemoryRegion *mr)
13eb76e0 2560{
13eb76e0 2561 uint8_t *ptr;
791af8c8 2562 uint64_t val;
3b643495 2563 MemTxResult result = MEMTX_OK;
4840f10e 2564 bool release_lock = false;
3b46e624 2565
a203ac70 2566 for (;;) {
eb7eeb88
PB		 2567 if (!memory_access_is_direct(mr, true)) {
2568 release_lock |= prepare_mmio_access(mr);
2569 l = memory_access_size(mr, l, addr1);
2570 /* XXX: could force current_cpu to NULL to avoid
2571 potential bugs */
2572 switch (l) {
2573 case 8:
2574 /* 64 bit write access */
2575 val = ldq_p(buf);
2576 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2577 attrs);
2578 break;
2579 case 4:
2580 /* 32 bit write access */
2581 val = ldl_p(buf);
2582 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2583 attrs);
2584 break;
2585 case 2:
2586 /* 16 bit write access */
2587 val = lduw_p(buf);
2588 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2589 attrs);
2590 break;
2591 case 1:
2592 /* 8 bit write access */
2593 val = ldub_p(buf);
2594 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2595 attrs);
2596 break;
2597 default:
2598 abort();
13eb76e0
FB		 2599 }
2600 } else {
eb7eeb88 2601 /* RAM case */
0878d0e1 2602 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2603 memcpy(ptr, buf, l);
2604 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2605 }
4840f10e
JK		 2606
2607 if (release_lock) {
2608 qemu_mutex_unlock_iothread();
2609 release_lock = false;
2610 }
2611
13eb76e0
FB		 2612 len -= l;
2613 buf += l;
2614 addr += l;
a203ac70
PB		 2615
2616 if (!len) {
2617 break;
2618 }
2619
2620 l = len;
2621 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2622 }
fd8aaa76 2623
3b643495 2624 return result;
13eb76e0 2625}
8df1cd07 2626
a203ac70
PB		 2627MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2628 const uint8_t *buf, int len)
ac1970fb 2629{
eb7eeb88 2630 hwaddr l;
eb7eeb88
PB		 2631 hwaddr addr1;
2632 MemoryRegion *mr;
2633 MemTxResult result = MEMTX_OK;
eb7eeb88 2634
a203ac70
PB		 2635 if (len > 0) {
2636 rcu_read_lock();
eb7eeb88 2637 l = len;
a203ac70
PB		 2638 mr = address_space_translate(as, addr, &addr1, &l, true);
2639 result = address_space_write_continue(as, addr, attrs, buf, len,
2640 addr1, l, mr);
2641 rcu_read_unlock();
2642 }
2643
2644 return result;
2645}
2646
2647/* Called within RCU critical section. */
2648MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2649 MemTxAttrs attrs, uint8_t *buf,
2650 int len, hwaddr addr1, hwaddr l,
2651 MemoryRegion *mr)
2652{
2653 uint8_t *ptr;
2654 uint64_t val;
2655 MemTxResult result = MEMTX_OK;
2656 bool release_lock = false;
eb7eeb88 2657
a203ac70 2658 for (;;) {
eb7eeb88
PB		 2659 if (!memory_access_is_direct(mr, false)) {
2660 /* I/O case */
2661 release_lock |= prepare_mmio_access(mr);
2662 l = memory_access_size(mr, l, addr1);
2663 switch (l) {
2664 case 8:
2665 /* 64 bit read access */
2666 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2667 attrs);
2668 stq_p(buf, val);
2669 break;
2670 case 4:
2671 /* 32 bit read access */
2672 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2673 attrs);
2674 stl_p(buf, val);
2675 break;
2676 case 2:
2677 /* 16 bit read access */
2678 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2679 attrs);
2680 stw_p(buf, val);
2681 break;
2682 case 1:
2683 /* 8 bit read access */
2684 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2685 attrs);
2686 stb_p(buf, val);
2687 break;
2688 default:
2689 abort();
2690 }
2691 } else {
2692 /* RAM case */
0878d0e1 2693 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2694 memcpy(buf, ptr, l);
2695 }
2696
2697 if (release_lock) {
2698 qemu_mutex_unlock_iothread();
2699 release_lock = false;
2700 }
2701
2702 len -= l;
2703 buf += l;
2704 addr += l;
a203ac70
PB		 2705
2706 if (!len) {
2707 break;
2708 }
2709
2710 l = len;
2711 mr = address_space_translate(as, addr, &addr1, &l, false);
2712 }
2713
2714 return result;
2715}
2716
3cc8f884
PB		 2717MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2718 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2719{
2720 hwaddr l;
2721 hwaddr addr1;
2722 MemoryRegion *mr;
2723 MemTxResult result = MEMTX_OK;
2724
2725 if (len > 0) {
2726 rcu_read_lock();
2727 l = len;
2728 mr = address_space_translate(as, addr, &addr1, &l, false);
2729 result = address_space_read_continue(as, addr, attrs, buf, len,
2730 addr1, l, mr);
2731 rcu_read_unlock();
eb7eeb88 2732 }
eb7eeb88
PB		 2733
2734 return result;
ac1970fb
AK		 2735}
2736
eb7eeb88
PB		 2737MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2738 uint8_t *buf, int len, bool is_write)
2739{
2740 if (is_write) {
2741 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2742 } else {
2743 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2744 }
2745}
ac1970fb 2746
a8170e5e 2747void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2748 int len, int is_write)
2749{
5c9eb028
PM		 2750 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2751 buf, len, is_write);
ac1970fb
AK		 2752}
2753
582b55a9
AG		 2754enum write_rom_type {
2755 WRITE_DATA,
2756 FLUSH_CACHE,
2757};
2758
2a221651 2759static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2760 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2761{
149f54b5 2762 hwaddr l;
d0ecd2aa 2763 uint8_t *ptr;
149f54b5 2764 hwaddr addr1;
5c8a00ce 2765 MemoryRegion *mr;
3b46e624 2766
41063e1e 2767 rcu_read_lock();
d0ecd2aa 2768 while (len > 0) {
149f54b5 2769 l = len;
2a221651 2770 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2771
5c8a00ce
PB		 2772 if (!(memory_region_is_ram(mr) ||
2773 memory_region_is_romd(mr))) {
b242e0e0 2774 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2775 } else {
d0ecd2aa 2776 /* ROM/RAM case */
0878d0e1 2777 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2778 switch (type) {
2779 case WRITE_DATA:
2780 memcpy(ptr, buf, l);
845b6214 2781 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2782 break;
2783 case FLUSH_CACHE:
2784 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2785 break;
2786 }
d0ecd2aa
FB		 2787 }
2788 len -= l;
2789 buf += l;
2790 addr += l;
2791 }
41063e1e 2792 rcu_read_unlock();
d0ecd2aa
FB		 2793}
2794
582b55a9 2795/* used for ROM loading : can write in RAM and ROM */
2a221651 2796void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2797 const uint8_t *buf, int len)
2798{
2a221651 2799 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2800}
2801
2802void cpu_flush_icache_range(hwaddr start, int len)
2803{
2804 /*
2805 * This function should do the same thing as an icache flush that was
2806 * triggered from within the guest. For TCG we are always cache coherent,
2807 * so there is no need to flush anything. For KVM / Xen we need to flush
2808 * the host's instruction cache at least.
2809 */
2810 if (tcg_enabled()) {
2811 return;
2812 }
2813
2a221651
EI		 2814 cpu_physical_memory_write_rom_internal(&address_space_memory,
2815 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2816}
2817
6d16c2f8 2818typedef struct {
d3e71559 2819 MemoryRegion *mr;
6d16c2f8 2820 void *buffer;
a8170e5e
AK		 2821 hwaddr addr;
2822 hwaddr len;
c2cba0ff 2823 bool in_use;
6d16c2f8
AL		 2824} BounceBuffer;
2825
2826static BounceBuffer bounce;
2827
ba223c29 2828typedef struct MapClient {
e95205e1 2829 QEMUBH *bh;
72cf2d4f 2830 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2831} MapClient;
2832
38e047b5 2833QemuMutex map_client_list_lock;
72cf2d4f
BS		 2834static QLIST_HEAD(map_client_list, MapClient) map_client_list
2835 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2836
e95205e1
FZ		 2837static void cpu_unregister_map_client_do(MapClient *client)
2838{
2839 QLIST_REMOVE(client, link);
2840 g_free(client);
2841}
2842
33b6c2ed
FZ		 2843static void cpu_notify_map_clients_locked(void)
2844{
2845 MapClient *client;
2846
2847 while (!QLIST_EMPTY(&map_client_list)) {
2848 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2849 qemu_bh_schedule(client->bh);
2850 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2851 }
2852}
2853
e95205e1 2854void cpu_register_map_client(QEMUBH *bh)
ba223c29 2855{
7267c094 2856 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2857
38e047b5 2858 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2859 client->bh = bh;
72cf2d4f 2860 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2861 if (!atomic_read(&bounce.in_use)) {
2862 cpu_notify_map_clients_locked();
2863 }
38e047b5 2864 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2865}
2866
38e047b5 2867void cpu_exec_init_all(void)
ba223c29 2868{
38e047b5 2869 qemu_mutex_init(&ram_list.mutex);
20bccb82
PM		 2870 /* The data structures we set up here depend on knowing the page size,
2871 * so no more changes can be made after this point.
2872 * In an ideal world, nothing we did before we had finished the
2873 * machine setup would care about the target page size, and we could
2874 * do this much later, rather than requiring board models to state
2875 * up front what their requirements are.
2876 */
2877 finalize_target_page_bits();
38e047b5 2878 io_mem_init();
680a4783 2879 memory_map_init();
38e047b5 2880 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2881}
2882
e95205e1 2883void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2884{
2885 MapClient *client;
2886
e95205e1
FZ		 2887 qemu_mutex_lock(&map_client_list_lock);
2888 QLIST_FOREACH(client, &map_client_list, link) {
2889 if (client->bh == bh) {
2890 cpu_unregister_map_client_do(client);
2891 break;
2892 }
ba223c29 2893 }
e95205e1 2894 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2895}
2896
2897static void cpu_notify_map_clients(void)
2898{
38e047b5 2899 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2900 cpu_notify_map_clients_locked();
38e047b5 2901 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2902}
2903
51644ab7
PB		 2904bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2905{
5c8a00ce 2906 MemoryRegion *mr;
51644ab7
PB		 2907 hwaddr l, xlat;
2908
41063e1e 2909 rcu_read_lock();
51644ab7
PB		 2910 while (len > 0) {
2911 l = len;
5c8a00ce
PB		 2912 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2913 if (!memory_access_is_direct(mr, is_write)) {
2914 l = memory_access_size(mr, l, addr);
2915 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2916 return false;
2917 }
2918 }
2919
2920 len -= l;
2921 addr += l;
2922 }
41063e1e 2923 rcu_read_unlock();
51644ab7
PB		 2924 return true;
2925}
2926
6d16c2f8
AL		 2927/* Map a physical memory region into a host virtual address.
2928 * May map a subset of the requested range, given by and returned in *plen.
2929 * May return NULL if resources needed to perform the mapping are exhausted.
2930 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2931 * Use cpu_register_map_client() to know when retrying the map operation is
2932 * likely to succeed.
6d16c2f8 2933 */
ac1970fb 2934void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2935 hwaddr addr,
2936 hwaddr *plen,
ac1970fb 2937 bool is_write)
6d16c2f8 2938{
a8170e5e 2939 hwaddr len = *plen;
e3127ae0
PB		 2940 hwaddr done = 0;
2941 hwaddr l, xlat, base;
2942 MemoryRegion *mr, *this_mr;
e81bcda5 2943 void *ptr;
6d16c2f8 2944
e3127ae0
PB		 2945 if (len == 0) {
2946 return NULL;
2947 }
38bee5dc 2948
e3127ae0 2949 l = len;
41063e1e 2950 rcu_read_lock();
e3127ae0 2951 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2952
e3127ae0 2953 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2954 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2955 rcu_read_unlock();
e3127ae0 2956 return NULL;
6d16c2f8 2957 }
e85d9db5
KW		 2958 /* Avoid unbounded allocations */
2959 l = MIN(l, TARGET_PAGE_SIZE);
2960 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2961 bounce.addr = addr;
2962 bounce.len = l;
d3e71559
PB		 2963
2964 memory_region_ref(mr);
2965 bounce.mr = mr;
e3127ae0 2966 if (!is_write) {
5c9eb028
PM		 2967 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2968 bounce.buffer, l);
8ab934f9 2969 }
6d16c2f8 2970
41063e1e 2971 rcu_read_unlock();
e3127ae0
PB		 2972 *plen = l;
2973 return bounce.buffer;
2974 }
2975
2976 base = xlat;
e3127ae0
PB		 2977
2978 for (;;) {
6d16c2f8
AL		 2979 len -= l;
2980 addr += l;
e3127ae0
PB		 2981 done += l;
2982 if (len == 0) {
2983 break;
2984 }
2985
2986 l = len;
2987 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2988 if (this_mr != mr || xlat != base + done) {
2989 break;
2990 }
6d16c2f8 2991 }
e3127ae0 2992
d3e71559 2993 memory_region_ref(mr);
e3127ae0 2994 *plen = done;
0878d0e1 2995 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2996 rcu_read_unlock();
2997
2998 return ptr;
6d16c2f8
AL		 2999}
3000
ac1970fb 3001/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3002 * Will also mark the memory as dirty if is_write == 1. access_len gives
3003 * the amount of memory that was actually read or written by the caller.
3004 */
a8170e5e
AK		 3005void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3006 int is_write, hwaddr access_len)
6d16c2f8
AL		 3007{
3008 if (buffer != bounce.buffer) {
d3e71559
PB		 3009 MemoryRegion *mr;
3010 ram_addr_t addr1;
3011
07bdaa41 3012 mr = memory_region_from_host(buffer, &addr1);
d3e71559 3013 assert(mr != NULL);
6d16c2f8 3014 if (is_write) {
845b6214 3015 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3016 }
868bb33f 3017 if (xen_enabled()) {
e41d7c69 3018 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3019 }
d3e71559 3020 memory_region_unref(mr);
6d16c2f8
AL		 3021 return;
3022 }
3023 if (is_write) {
5c9eb028
PM		 3024 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3025 bounce.buffer, access_len);
6d16c2f8 3026 }
f8a83245 3027 qemu_vfree(bounce.buffer);
6d16c2f8 3028 bounce.buffer = NULL;
d3e71559 3029 memory_region_unref(bounce.mr);
c2cba0ff 3030 atomic_mb_set(&bounce.in_use, false);
ba223c29 3031 cpu_notify_map_clients();
6d16c2f8 3032}
d0ecd2aa 3033
a8170e5e
AK		 3034void *cpu_physical_memory_map(hwaddr addr,
3035 hwaddr *plen,
ac1970fb
AK		 3036 int is_write)
3037{
3038 return address_space_map(&address_space_memory, addr, plen, is_write);
3039}
3040
a8170e5e
AK		 3041void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3042 int is_write, hwaddr access_len)
ac1970fb
AK		 3043{
3044 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3045}
3046
8df1cd07 3047/* warning: addr must be aligned */
50013115
PM		 3048static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3049 MemTxAttrs attrs,
3050 MemTxResult *result,
3051 enum device_endian endian)
8df1cd07 3052{
8df1cd07 3053 uint8_t *ptr;
791af8c8 3054 uint64_t val;
5c8a00ce 3055 MemoryRegion *mr;
149f54b5
PB		 3056 hwaddr l = 4;
3057 hwaddr addr1;
50013115 3058 MemTxResult r;
4840f10e 3059 bool release_lock = false;
8df1cd07 3060
41063e1e 3061 rcu_read_lock();
fdfba1a2 3062 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3063 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3064 release_lock |= prepare_mmio_access(mr);
125b3806 3065
8df1cd07 3066 /* I/O case */
50013115 3067 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3068#if defined(TARGET_WORDS_BIGENDIAN)
3069 if (endian == DEVICE_LITTLE_ENDIAN) {
3070 val = bswap32(val);
3071 }
3072#else
3073 if (endian == DEVICE_BIG_ENDIAN) {
3074 val = bswap32(val);
3075 }
3076#endif
8df1cd07
FB		 3077 } else {
3078 /* RAM case */
0878d0e1 3079 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3080 switch (endian) {
3081 case DEVICE_LITTLE_ENDIAN:
3082 val = ldl_le_p(ptr);
3083 break;
3084 case DEVICE_BIG_ENDIAN:
3085 val = ldl_be_p(ptr);
3086 break;
3087 default:
3088 val = ldl_p(ptr);
3089 break;
3090 }
50013115
PM		 3091 r = MEMTX_OK;
3092 }
3093 if (result) {
3094 *result = r;
8df1cd07 3095 }
4840f10e
JK		 3096 if (release_lock) {
3097 qemu_mutex_unlock_iothread();
3098 }
41063e1e 3099 rcu_read_unlock();
8df1cd07
FB		 3100 return val;
3101}
3102
50013115
PM		 3103uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3104 MemTxAttrs attrs, MemTxResult *result)
3105{
3106 return address_space_ldl_internal(as, addr, attrs, result,
3107 DEVICE_NATIVE_ENDIAN);
3108}
3109
3110uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3111 MemTxAttrs attrs, MemTxResult *result)
3112{
3113 return address_space_ldl_internal(as, addr, attrs, result,
3114 DEVICE_LITTLE_ENDIAN);
3115}
3116
3117uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3118 MemTxAttrs attrs, MemTxResult *result)
3119{
3120 return address_space_ldl_internal(as, addr, attrs, result,
3121 DEVICE_BIG_ENDIAN);
3122}
3123
fdfba1a2 3124uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3125{
50013115 3126 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3127}
3128
fdfba1a2 3129uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3130{
50013115 3131 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3132}
3133
fdfba1a2 3134uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3135{
50013115 3136 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3137}
3138
84b7b8e7 3139/* warning: addr must be aligned */
50013115
PM		 3140static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3141 MemTxAttrs attrs,
3142 MemTxResult *result,
3143 enum device_endian endian)
84b7b8e7 3144{
84b7b8e7
FB		 3145 uint8_t *ptr;
3146 uint64_t val;
5c8a00ce 3147 MemoryRegion *mr;
149f54b5
PB		 3148 hwaddr l = 8;
3149 hwaddr addr1;
50013115 3150 MemTxResult r;
4840f10e 3151 bool release_lock = false;
84b7b8e7 3152
41063e1e 3153 rcu_read_lock();
2c17449b 3154 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3155 false);
3156 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3157 release_lock |= prepare_mmio_access(mr);
125b3806 3158
84b7b8e7 3159 /* I/O case */
50013115 3160 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3161#if defined(TARGET_WORDS_BIGENDIAN)
3162 if (endian == DEVICE_LITTLE_ENDIAN) {
3163 val = bswap64(val);
3164 }
3165#else
3166 if (endian == DEVICE_BIG_ENDIAN) {
3167 val = bswap64(val);
3168 }
84b7b8e7
FB		 3169#endif
3170 } else {
3171 /* RAM case */
0878d0e1 3172 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3173 switch (endian) {
3174 case DEVICE_LITTLE_ENDIAN:
3175 val = ldq_le_p(ptr);
3176 break;
3177 case DEVICE_BIG_ENDIAN:
3178 val = ldq_be_p(ptr);
3179 break;
3180 default:
3181 val = ldq_p(ptr);
3182 break;
3183 }
50013115
PM		 3184 r = MEMTX_OK;
3185 }
3186 if (result) {
3187 *result = r;
84b7b8e7 3188 }
4840f10e
JK		 3189 if (release_lock) {
3190 qemu_mutex_unlock_iothread();
3191 }
41063e1e 3192 rcu_read_unlock();
84b7b8e7
FB		 3193 return val;
3194}
3195
50013115
PM		 3196uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3197 MemTxAttrs attrs, MemTxResult *result)
3198{
3199 return address_space_ldq_internal(as, addr, attrs, result,
3200 DEVICE_NATIVE_ENDIAN);
3201}
3202
3203uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3204 MemTxAttrs attrs, MemTxResult *result)
3205{
3206 return address_space_ldq_internal(as, addr, attrs, result,
3207 DEVICE_LITTLE_ENDIAN);
3208}
3209
3210uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3211 MemTxAttrs attrs, MemTxResult *result)
3212{
3213 return address_space_ldq_internal(as, addr, attrs, result,
3214 DEVICE_BIG_ENDIAN);
3215}
3216
2c17449b 3217uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3218{
50013115 3219 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3220}
3221
2c17449b 3222uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3223{
50013115 3224 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3225}
3226
2c17449b 3227uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3228{
50013115 3229 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3230}
3231
aab33094 3232/* XXX: optimize */
50013115
PM		 3233uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3234 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3235{
3236 uint8_t val;
50013115
PM		 3237 MemTxResult r;
3238
3239 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3240 if (result) {
3241 *result = r;
3242 }
aab33094
FB		 3243 return val;
3244}
3245
50013115
PM		 3246uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3247{
3248 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3249}
3250
733f0b02 3251/* warning: addr must be aligned */
50013115
PM		 3252static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3253 hwaddr addr,
3254 MemTxAttrs attrs,
3255 MemTxResult *result,
3256 enum device_endian endian)
aab33094 3257{
733f0b02
MT		 3258 uint8_t *ptr;
3259 uint64_t val;
5c8a00ce 3260 MemoryRegion *mr;
149f54b5
PB		 3261 hwaddr l = 2;
3262 hwaddr addr1;
50013115 3263 MemTxResult r;
4840f10e 3264 bool release_lock = false;
733f0b02 3265
41063e1e 3266 rcu_read_lock();
41701aa4 3267 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3268 false);
3269 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3270 release_lock |= prepare_mmio_access(mr);
125b3806 3271
733f0b02 3272 /* I/O case */
50013115 3273 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3274#if defined(TARGET_WORDS_BIGENDIAN)
3275 if (endian == DEVICE_LITTLE_ENDIAN) {
3276 val = bswap16(val);
3277 }
3278#else
3279 if (endian == DEVICE_BIG_ENDIAN) {
3280 val = bswap16(val);
3281 }
3282#endif
733f0b02
MT		 3283 } else {
3284 /* RAM case */
0878d0e1 3285 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3286 switch (endian) {
3287 case DEVICE_LITTLE_ENDIAN:
3288 val = lduw_le_p(ptr);
3289 break;
3290 case DEVICE_BIG_ENDIAN:
3291 val = lduw_be_p(ptr);
3292 break;
3293 default:
3294 val = lduw_p(ptr);
3295 break;
3296 }
50013115
PM		 3297 r = MEMTX_OK;
3298 }
3299 if (result) {
3300 *result = r;
733f0b02 3301 }
4840f10e
JK		 3302 if (release_lock) {
3303 qemu_mutex_unlock_iothread();
3304 }
41063e1e 3305 rcu_read_unlock();
733f0b02 3306 return val;
aab33094
FB		 3307}
3308
50013115
PM		 3309uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3310 MemTxAttrs attrs, MemTxResult *result)
3311{
3312 return address_space_lduw_internal(as, addr, attrs, result,
3313 DEVICE_NATIVE_ENDIAN);
3314}
3315
3316uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3317 MemTxAttrs attrs, MemTxResult *result)
3318{
3319 return address_space_lduw_internal(as, addr, attrs, result,
3320 DEVICE_LITTLE_ENDIAN);
3321}
3322
3323uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3324 MemTxAttrs attrs, MemTxResult *result)
3325{
3326 return address_space_lduw_internal(as, addr, attrs, result,
3327 DEVICE_BIG_ENDIAN);
3328}
3329
41701aa4 3330uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3331{
50013115 3332 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3333}
3334
41701aa4 3335uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3336{
50013115 3337 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3338}
3339
41701aa4 3340uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3341{
50013115 3342 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3343}
3344
8df1cd07
FB		 3345/* warning: addr must be aligned. The ram page is not masked as dirty
3346 and the code inside is not invalidated. It is useful if the dirty
3347 bits are used to track modified PTEs */
50013115
PM		 3348void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3349 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3350{
8df1cd07 3351 uint8_t *ptr;
5c8a00ce 3352 MemoryRegion *mr;
149f54b5
PB		 3353 hwaddr l = 4;
3354 hwaddr addr1;
50013115 3355 MemTxResult r;
845b6214 3356 uint8_t dirty_log_mask;
4840f10e 3357 bool release_lock = false;
8df1cd07 3358
41063e1e 3359 rcu_read_lock();
2198a121 3360 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3361 true);
3362 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3363 release_lock |= prepare_mmio_access(mr);
125b3806 3364
50013115 3365 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3366 } else {
0878d0e1 3367 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3368 stl_p(ptr, val);
74576198 3369
845b6214
PB		 3370 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3371 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3372 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3373 4, dirty_log_mask);
50013115
PM		 3374 r = MEMTX_OK;
3375 }
3376 if (result) {
3377 *result = r;
8df1cd07 3378 }
4840f10e
JK		 3379 if (release_lock) {
3380 qemu_mutex_unlock_iothread();
3381 }
41063e1e 3382 rcu_read_unlock();
8df1cd07
FB		 3383}
3384
50013115
PM		 3385void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3386{
3387 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3388}
3389
8df1cd07 3390/* warning: addr must be aligned */
50013115
PM		 3391static inline void address_space_stl_internal(AddressSpace *as,
3392 hwaddr addr, uint32_t val,
3393 MemTxAttrs attrs,
3394 MemTxResult *result,
3395 enum device_endian endian)
8df1cd07 3396{
8df1cd07 3397 uint8_t *ptr;
5c8a00ce 3398 MemoryRegion *mr;
149f54b5
PB		 3399 hwaddr l = 4;
3400 hwaddr addr1;
50013115 3401 MemTxResult r;
4840f10e 3402 bool release_lock = false;
8df1cd07 3403
41063e1e 3404 rcu_read_lock();
ab1da857 3405 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3406 true);
3407 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3408 release_lock |= prepare_mmio_access(mr);
125b3806 3409
1e78bcc1
AG		 3410#if defined(TARGET_WORDS_BIGENDIAN)
3411 if (endian == DEVICE_LITTLE_ENDIAN) {
3412 val = bswap32(val);
3413 }
3414#else
3415 if (endian == DEVICE_BIG_ENDIAN) {
3416 val = bswap32(val);
3417 }
3418#endif
50013115 3419 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3420 } else {
8df1cd07 3421 /* RAM case */
0878d0e1 3422 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3423 switch (endian) {
3424 case DEVICE_LITTLE_ENDIAN:
3425 stl_le_p(ptr, val);
3426 break;
3427 case DEVICE_BIG_ENDIAN:
3428 stl_be_p(ptr, val);
3429 break;
3430 default:
3431 stl_p(ptr, val);
3432 break;
3433 }
845b6214 3434 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3435 r = MEMTX_OK;
3436 }
3437 if (result) {
3438 *result = r;
8df1cd07 3439 }
4840f10e
JK		 3440 if (release_lock) {
3441 qemu_mutex_unlock_iothread();
3442 }
41063e1e 3443 rcu_read_unlock();
8df1cd07
FB		 3444}
3445
50013115
PM		 3446void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3447 MemTxAttrs attrs, MemTxResult *result)
3448{
3449 address_space_stl_internal(as, addr, val, attrs, result,
3450 DEVICE_NATIVE_ENDIAN);
3451}
3452
3453void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3454 MemTxAttrs attrs, MemTxResult *result)
3455{
3456 address_space_stl_internal(as, addr, val, attrs, result,
3457 DEVICE_LITTLE_ENDIAN);
3458}
3459
3460void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3461 MemTxAttrs attrs, MemTxResult *result)
3462{
3463 address_space_stl_internal(as, addr, val, attrs, result,
3464 DEVICE_BIG_ENDIAN);
3465}
3466
ab1da857 3467void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3468{
50013115 3469 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3470}
3471
ab1da857 3472void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3473{
50013115 3474 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3475}
3476
ab1da857 3477void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3478{
50013115 3479 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3480}
3481
aab33094 3482/* XXX: optimize */
50013115
PM		 3483void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3484 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3485{
3486 uint8_t v = val;
50013115
PM		 3487 MemTxResult r;
3488
3489 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3490 if (result) {
3491 *result = r;
3492 }
3493}
3494
3495void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3496{
3497 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3498}
3499
733f0b02 3500/* warning: addr must be aligned */
50013115
PM		 3501static inline void address_space_stw_internal(AddressSpace *as,
3502 hwaddr addr, uint32_t val,
3503 MemTxAttrs attrs,
3504 MemTxResult *result,
3505 enum device_endian endian)
aab33094 3506{
733f0b02 3507 uint8_t *ptr;
5c8a00ce 3508 MemoryRegion *mr;
149f54b5
PB		 3509 hwaddr l = 2;
3510 hwaddr addr1;
50013115 3511 MemTxResult r;
4840f10e 3512 bool release_lock = false;
733f0b02 3513
41063e1e 3514 rcu_read_lock();
5ce5944d 3515 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3516 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3517 release_lock |= prepare_mmio_access(mr);
125b3806 3518
1e78bcc1
AG		 3519#if defined(TARGET_WORDS_BIGENDIAN)
3520 if (endian == DEVICE_LITTLE_ENDIAN) {
3521 val = bswap16(val);
3522 }
3523#else
3524 if (endian == DEVICE_BIG_ENDIAN) {
3525 val = bswap16(val);
3526 }
3527#endif
50013115 3528 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3529 } else {
733f0b02 3530 /* RAM case */
0878d0e1 3531 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3532 switch (endian) {
3533 case DEVICE_LITTLE_ENDIAN:
3534 stw_le_p(ptr, val);
3535 break;
3536 case DEVICE_BIG_ENDIAN:
3537 stw_be_p(ptr, val);
3538 break;
3539 default:
3540 stw_p(ptr, val);
3541 break;
3542 }
845b6214 3543 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3544 r = MEMTX_OK;
3545 }
3546 if (result) {
3547 *result = r;
733f0b02 3548 }
4840f10e
JK		 3549 if (release_lock) {
3550 qemu_mutex_unlock_iothread();
3551 }
41063e1e 3552 rcu_read_unlock();
aab33094
FB		 3553}
3554
50013115
PM		 3555void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3556 MemTxAttrs attrs, MemTxResult *result)
3557{
3558 address_space_stw_internal(as, addr, val, attrs, result,
3559 DEVICE_NATIVE_ENDIAN);
3560}
3561
3562void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3563 MemTxAttrs attrs, MemTxResult *result)
3564{
3565 address_space_stw_internal(as, addr, val, attrs, result,
3566 DEVICE_LITTLE_ENDIAN);
3567}
3568
3569void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3570 MemTxAttrs attrs, MemTxResult *result)
3571{
3572 address_space_stw_internal(as, addr, val, attrs, result,
3573 DEVICE_BIG_ENDIAN);
3574}
3575
5ce5944d 3576void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3577{
50013115 3578 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3579}
3580
5ce5944d 3581void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3582{
50013115 3583 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3584}
3585
5ce5944d 3586void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3587{
50013115 3588 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3589}
3590
aab33094 3591/* XXX: optimize */
50013115
PM		 3592void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3593 MemTxAttrs attrs, MemTxResult *result)
aab33094 3594{
50013115 3595 MemTxResult r;
aab33094 3596 val = tswap64(val);
50013115
PM		 3597 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3598 if (result) {
3599 *result = r;
3600 }
aab33094
FB		 3601}
3602
50013115
PM		 3603void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3604 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3605{
50013115 3606 MemTxResult r;
1e78bcc1 3607 val = cpu_to_le64(val);
50013115
PM		 3608 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3609 if (result) {
3610 *result = r;
3611 }
3612}
3613void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3614 MemTxAttrs attrs, MemTxResult *result)
3615{
3616 MemTxResult r;
3617 val = cpu_to_be64(val);
3618 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3619 if (result) {
3620 *result = r;
3621 }
3622}
3623
3624void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3625{
3626 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3627}
3628
3629void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3630{
3631 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3632}
3633
f606604f 3634void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3635{
50013115 3636 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3637}
3638
5e2972fd 3639/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3640int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3641 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3642{
3643 int l;
a8170e5e 3644 hwaddr phys_addr;
9b3c35e0 3645 target_ulong page;
13eb76e0
FB		 3646
3647 while (len > 0) {
5232e4c7
PM		 3648 int asidx;
3649 MemTxAttrs attrs;
3650
13eb76e0 3651 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3652 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3653 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3654 /* if no physical page mapped, return an error */
3655 if (phys_addr == -1)
3656 return -1;
3657 l = (page + TARGET_PAGE_SIZE) - addr;
3658 if (l > len)
3659 l = len;
5e2972fd 3660 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3661 if (is_write) {
5232e4c7
PM		 3662 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3663 phys_addr, buf, l);
2e38847b 3664 } else {
5232e4c7
PM		 3665 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3666 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3667 buf, l, 0);
2e38847b 3668 }
13eb76e0
FB		 3669 len -= l;
3670 buf += l;
3671 addr += l;
3672 }
3673 return 0;
3674}
038629a6
DDAG		 3675
3676/*
3677 * Allows code that needs to deal with migration bitmaps etc to still be built
3678 * target independent.
3679 */
3680size_t qemu_target_page_bits(void)
3681{
3682 return TARGET_PAGE_BITS;
3683}
3684
a68fe89c 3685#endif
13eb76e0 3686
8e4a424b
BS		 3687/*
3688 * A helper function for the _utterly broken_ virtio device model to find out if
3689 * it's running on a big endian machine. Don't do this at home kids!
3690 */
98ed8ecf
GK		 3691bool target_words_bigendian(void);
3692bool target_words_bigendian(void)
8e4a424b
BS		 3693{
3694#if defined(TARGET_WORDS_BIGENDIAN)
3695 return true;
3696#else
3697 return false;
3698#endif
3699}
3700
76f35538 3701#ifndef CONFIG_USER_ONLY
a8170e5e 3702bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3703{
5c8a00ce 3704 MemoryRegion*mr;
149f54b5 3705 hwaddr l = 1;
41063e1e 3706 bool res;
76f35538 3707
41063e1e 3708 rcu_read_lock();
5c8a00ce
PB		 3709 mr = address_space_translate(&address_space_memory,
3710 phys_addr, &phys_addr, &l, false);
76f35538 3711
41063e1e
PB		 3712 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3713 rcu_read_unlock();
3714 return res;
76f35538 3715}
bd2fa51f 3716
e3807054 3717int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3718{
3719 RAMBlock *block;
e3807054 3720 int ret = 0;
bd2fa51f 3721
0dc3f44a
MD		 3722 rcu_read_lock();
3723 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3724 ret = func(block->idstr, block->host, block->offset,
3725 block->used_length, opaque);
3726 if (ret) {
3727 break;
3728 }
bd2fa51f 3729 }
0dc3f44a 3730 rcu_read_unlock();
e3807054 3731 return ret;
bd2fa51f 3732}
ec3f8c99 3733#endif
QEMU mirror