]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: compress phys_map node pointers to 16 bits
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 189typedef struct PhysPageDesc {
190 /* offset in host memory of the page + io_index in the low bits */
191 ram_addr_t phys_offset;
192 ram_addr_t region_offset;
193} PhysPageDesc;
194
4346ae3e
AK		 195typedef struct PhysPageEntry PhysPageEntry;
196
5312bd8b
AK		 197static MemoryRegionSection *phys_sections;
198static unsigned phys_sections_nb, phys_sections_nb_alloc;
199static uint16_t phys_section_unassigned;
200
4346ae3e
AK		 201struct PhysPageEntry {
202 union {
5312bd8b 203 uint16_t leaf; /* index into phys_sections */
d6f2ea22 204 uint16_t node; /* index into phys_map_nodes */
4346ae3e
AK		 205 } u;
206};
207
d6f2ea22
AK		 208/* Simple allocator for PhysPageEntry nodes */
209static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
210static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
211
212#define PHYS_MAP_NODE_NIL ((uint16_t)~0)
213
5cd2c5b6
RH		 214/* This is a multi-level map on the physical address space.
215 The bottom level has pointers to PhysPageDesc. */
d6f2ea22 216static PhysPageEntry phys_map = { .u.node = PHYS_MAP_NODE_NIL };
6d9a1304 217
e2eef170 218static void io_mem_init(void);
62152b8a 219static void memory_map_init(void);
e2eef170 220
33417e70 221/* io memory support */
a621f38d 222MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 223static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 224static MemoryRegion io_mem_watch;
6658ffb8 225#endif
33417e70 226
34865134 227/* log support */
1e8b27ca
JR		 228#ifdef WIN32
229static const char *logfilename = "qemu.log";
230#else
d9b630fd 231static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 232#endif
34865134
FB		 233FILE *logfile;
234int loglevel;
e735b91c 235static int log_append = 0;
34865134 236
e3db7226 237/* statistics */
b3755a91 238#if !defined(CONFIG_USER_ONLY)
e3db7226 239static int tlb_flush_count;
b3755a91 240#endif
e3db7226
FB		 241static int tb_flush_count;
242static int tb_phys_invalidate_count;
243
7cb69cae
FB		 244#ifdef _WIN32
245static void map_exec(void *addr, long size)
246{
247 DWORD old_protect;
248 VirtualProtect(addr, size,
249 PAGE_EXECUTE_READWRITE, &old_protect);
250
251}
252#else
253static void map_exec(void *addr, long size)
254{
4369415f 255 unsigned long start, end, page_size;
7cb69cae 256
4369415f 257 page_size = getpagesize();
7cb69cae 258 start = (unsigned long)addr;
4369415f 259 start &= ~(page_size - 1);
7cb69cae
FB		 260
261 end = (unsigned long)addr + size;
4369415f
FB		 262 end += page_size - 1;
263 end &= ~(page_size - 1);
7cb69cae
FB		 264
265 mprotect((void *)start, end - start,
266 PROT_READ | PROT_WRITE | PROT_EXEC);
267}
268#endif
269
b346ff46 270static void page_init(void)
54936004 271{
83fb7adf 272 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 273 TARGET_PAGE_SIZE */
c2b48b69
AL		 274#ifdef _WIN32
275 {
276 SYSTEM_INFO system_info;
277
278 GetSystemInfo(&system_info);
279 qemu_real_host_page_size = system_info.dwPageSize;
280 }
281#else
282 qemu_real_host_page_size = getpagesize();
283#endif
83fb7adf
FB		 284 if (qemu_host_page_size == 0)
285 qemu_host_page_size = qemu_real_host_page_size;
286 if (qemu_host_page_size < TARGET_PAGE_SIZE)
287 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 288 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 289
2e9a5713 290#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 291 {
f01576f1
JL		 292#ifdef HAVE_KINFO_GETVMMAP
293 struct kinfo_vmentry *freep;
294 int i, cnt;
295
296 freep = kinfo_getvmmap(getpid(), &cnt);
297 if (freep) {
298 mmap_lock();
299 for (i = 0; i < cnt; i++) {
300 unsigned long startaddr, endaddr;
301
302 startaddr = freep[i].kve_start;
303 endaddr = freep[i].kve_end;
304 if (h2g_valid(startaddr)) {
305 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
306
307 if (h2g_valid(endaddr)) {
308 endaddr = h2g(endaddr);
fd436907 309 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 310 } else {
311#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
312 endaddr = ~0ul;
fd436907 313 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 314#endif
315 }
316 }
317 }
318 free(freep);
319 mmap_unlock();
320 }
321#else
50a9569b 322 FILE *f;
50a9569b 323
0776590d 324 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 325
fd436907 326 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 327 if (f) {
5cd2c5b6
RH		 328 mmap_lock();
329
50a9569b 330 do {
5cd2c5b6
RH		 331 unsigned long startaddr, endaddr;
332 int n;
333
334 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
335
336 if (n == 2 && h2g_valid(startaddr)) {
337 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
338
339 if (h2g_valid(endaddr)) {
340 endaddr = h2g(endaddr);
341 } else {
342 endaddr = ~0ul;
343 }
344 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 345 }
346 } while (!feof(f));
5cd2c5b6 347
50a9569b 348 fclose(f);
5cd2c5b6 349 mmap_unlock();
50a9569b 350 }
f01576f1 351#endif
50a9569b
AZ		 352 }
353#endif
54936004
FB		 354}
355
41c1b1c9 356static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 357{
41c1b1c9
PB		 358 PageDesc *pd;
359 void **lp;
360 int i;
361
5cd2c5b6 362#if defined(CONFIG_USER_ONLY)
7267c094 363 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 364# define ALLOC(P, SIZE) \
365 do { \
366 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
367 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 368 } while (0)
369#else
370# define ALLOC(P, SIZE) \
7267c094 371 do { P = g_malloc0(SIZE); } while (0)
17e2377a 372#endif
434929bf 373
5cd2c5b6
RH		 374 /* Level 1. Always allocated. */
375 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
376
377 /* Level 2..N-1. */
378 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
379 void **p = *lp;
380
381 if (p == NULL) {
382 if (!alloc) {
383 return NULL;
384 }
385 ALLOC(p, sizeof(void *) * L2_SIZE);
386 *lp = p;
17e2377a 387 }
5cd2c5b6
RH		 388
389 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
390 }
391
392 pd = *lp;
393 if (pd == NULL) {
394 if (!alloc) {
395 return NULL;
396 }
397 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
398 *lp = pd;
54936004 399 }
5cd2c5b6
RH		 400
401#undef ALLOC
5cd2c5b6
RH		 402
403 return pd + (index & (L2_SIZE - 1));
54936004
FB		 404}
405
41c1b1c9 406static inline PageDesc *page_find(tb_page_addr_t index)
54936004 407{
5cd2c5b6 408 return page_find_alloc(index, 0);
fd6ce8f6
FB		 409}
410
6d9a1304 411#if !defined(CONFIG_USER_ONLY)
d6f2ea22
AK		 412
413static PhysPageEntry *phys_map_node_alloc(uint16_t *ptr)
414{
415 unsigned i;
416 uint16_t ret;
417
418 /* Assign early to avoid the pointer being invalidated by g_renew() */
419 *ptr = ret = phys_map_nodes_nb++;
420 assert(ret != PHYS_MAP_NODE_NIL);
421 if (ret == phys_map_nodes_nb_alloc) {
422 typedef PhysPageEntry Node[L2_SIZE];
423 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
424 phys_map_nodes = g_renew(Node, phys_map_nodes,
425 phys_map_nodes_nb_alloc);
426 }
427 for (i = 0; i < L2_SIZE; ++i) {
428 phys_map_nodes[ret][i].u.node = PHYS_MAP_NODE_NIL;
429 }
430 return phys_map_nodes[ret];
431}
432
433static void phys_map_nodes_reset(void)
434{
435 phys_map_nodes_nb = 0;
436}
437
5312bd8b 438static uint16_t *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 439{
4346ae3e
AK		 440 PhysPageEntry *lp, *p;
441 int i, j;
92e873b9 442
3eef53df 443 lp = &phys_map;
108c49b8 444
4346ae3e
AK		 445 /* Level 1..N. */
446 for (i = P_L2_LEVELS - 1; i >= 0; i--) {
d6f2ea22 447 if (lp->u.node == PHYS_MAP_NODE_NIL) {
5cd2c5b6
RH		 448 if (!alloc) {
449 return NULL;
450 }
d6f2ea22 451 p = phys_map_node_alloc(&lp->u.node);
4346ae3e 452 if (i == 0) {
4346ae3e 453 for (j = 0; j < L2_SIZE; j++) {
5312bd8b 454 p[j].u.leaf = phys_section_unassigned;
4346ae3e
AK		 455 }
456 }
d6f2ea22
AK		 457 } else {
458 p = phys_map_nodes[lp->u.node];
67c4d23c 459 }
d6f2ea22 460 lp = &p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
92e873b9 461 }
5cd2c5b6 462
4346ae3e 463 return &lp->u.leaf;
92e873b9
FB		 464}
465
f1f6e3b8 466static inline PhysPageDesc phys_page_find(target_phys_addr_t index)
92e873b9 467{
5312bd8b
AK		 468 uint16_t *p = phys_page_find_alloc(index, 0);
469 uint16_t s_index = phys_section_unassigned;
470 MemoryRegionSection *section;
471 PhysPageDesc pd;
f1f6e3b8
AK		 472
473 if (p) {
5312bd8b
AK		 474 s_index = *p;
475 }
476 section = &phys_sections[s_index];
477 index <<= TARGET_PAGE_BITS;
478 assert(section->offset_within_address_space <= index
479 && index <= section->offset_within_address_space + section->size-1);
480 pd.phys_offset = section->mr->ram_addr;
481 pd.region_offset = (index - section->offset_within_address_space)
482 + section->offset_within_region;
483 if (memory_region_is_ram(section->mr)) {
484 pd.phys_offset += pd.region_offset;
485 pd.region_offset = 0;
486 } else if (section->mr->rom_device) {
487 pd.phys_offset += pd.region_offset;
f1f6e3b8 488 }
5312bd8b
AK		 489 if (section->readonly) {
490 pd.phys_offset |= io_mem_rom.ram_addr;
491 }
492 return pd;
92e873b9
FB		 493}
494
c227f099
AL		 495static void tlb_protect_code(ram_addr_t ram_addr);
496static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 497 target_ulong vaddr);
c8a706fe
PB		 498#define mmap_lock() do { } while(0)
499#define mmap_unlock() do { } while(0)
9fa3e853 500#endif
fd6ce8f6 501
4369415f
FB		 502#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
503
504#if defined(CONFIG_USER_ONLY)
ccbb4d44 505/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 506 user mode. It will change when a dedicated libc will be used */
507#define USE_STATIC_CODE_GEN_BUFFER
508#endif
509
510#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 511static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
512 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 513#endif
514
8fcd3692 515static void code_gen_alloc(unsigned long tb_size)
26a5f13b 516{
4369415f
FB		 517#ifdef USE_STATIC_CODE_GEN_BUFFER
518 code_gen_buffer = static_code_gen_buffer;
519 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
520 map_exec(code_gen_buffer, code_gen_buffer_size);
521#else
26a5f13b
FB		 522 code_gen_buffer_size = tb_size;
523 if (code_gen_buffer_size == 0) {
4369415f 524#if defined(CONFIG_USER_ONLY)
4369415f
FB		 525 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
526#else
ccbb4d44 527 /* XXX: needs adjustments */
94a6b54f 528 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 529#endif
26a5f13b
FB		 530 }
531 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
532 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
533 /* The code gen buffer location may have constraints depending on
534 the host cpu and OS */
535#if defined(__linux__)
536 {
537 int flags;
141ac468
BS		 538 void *start = NULL;
539
26a5f13b
FB		 540 flags = MAP_PRIVATE | MAP_ANONYMOUS;
541#if defined(__x86_64__)
542 flags |= MAP_32BIT;
543 /* Cannot map more than that */
544 if (code_gen_buffer_size > (800 * 1024 * 1024))
545 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 546#elif defined(__sparc_v9__)
547 // Map the buffer below 2G, so we can use direct calls and branches
548 flags |= MAP_FIXED;
549 start = (void *) 0x60000000UL;
550 if (code_gen_buffer_size > (512 * 1024 * 1024))
551 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 552#elif defined(__arm__)
5c84bd90 553 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 554 if (code_gen_buffer_size > 16 * 1024 * 1024)
555 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 556#elif defined(__s390x__)
557 /* Map the buffer so that we can use direct calls and branches. */
558 /* We have a +- 4GB range on the branches; leave some slop. */
559 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
560 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
561 }
562 start = (void *)0x90000000UL;
26a5f13b 563#endif
141ac468
BS		 564 code_gen_buffer = mmap(start, code_gen_buffer_size,
565 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 566 flags, -1, 0);
567 if (code_gen_buffer == MAP_FAILED) {
568 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
569 exit(1);
570 }
571 }
cbb608a5 572#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 573 || defined(__DragonFly__) || defined(__OpenBSD__) \
574 || defined(__NetBSD__)
06e67a82
AL		 575 {
576 int flags;
577 void *addr = NULL;
578 flags = MAP_PRIVATE | MAP_ANONYMOUS;
579#if defined(__x86_64__)
580 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
581 * 0x40000000 is free */
582 flags |= MAP_FIXED;
583 addr = (void *)0x40000000;
584 /* Cannot map more than that */
585 if (code_gen_buffer_size > (800 * 1024 * 1024))
586 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 587#elif defined(__sparc_v9__)
588 // Map the buffer below 2G, so we can use direct calls and branches
589 flags |= MAP_FIXED;
590 addr = (void *) 0x60000000UL;
591 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
592 code_gen_buffer_size = (512 * 1024 * 1024);
593 }
06e67a82
AL		 594#endif
595 code_gen_buffer = mmap(addr, code_gen_buffer_size,
596 PROT_WRITE | PROT_READ | PROT_EXEC,
597 flags, -1, 0);
598 if (code_gen_buffer == MAP_FAILED) {
599 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
600 exit(1);
601 }
602 }
26a5f13b 603#else
7267c094 604 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 605 map_exec(code_gen_buffer, code_gen_buffer_size);
606#endif
4369415f 607#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 608 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 609 code_gen_buffer_max_size = code_gen_buffer_size -
610 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 611 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 612 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 613}
614
615/* Must be called before using the QEMU cpus. 'tb_size' is the size
616 (in bytes) allocated to the translation buffer. Zero means default
617 size. */
d5ab9713 618void tcg_exec_init(unsigned long tb_size)
26a5f13b 619{
26a5f13b
FB		 620 cpu_gen_init();
621 code_gen_alloc(tb_size);
622 code_gen_ptr = code_gen_buffer;
4369415f 623 page_init();
9002ec79
RH		 624#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
625 /* There's no guest base to take into account, so go ahead and
626 initialize the prologue now. */
627 tcg_prologue_init(&tcg_ctx);
628#endif
26a5f13b
FB		 629}
630
d5ab9713
JK		 631bool tcg_enabled(void)
632{
633 return code_gen_buffer != NULL;
634}
635
636void cpu_exec_init_all(void)
637{
638#if !defined(CONFIG_USER_ONLY)
639 memory_map_init();
640 io_mem_init();
641#endif
642}
643
9656f324
PB		 644#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
645
e59fb374 646static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 647{
648 CPUState *env = opaque;
9656f324 649
3098dba0
AJ		 650 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
651 version_id is increased. */
652 env->interrupt_request &= ~0x01;
9656f324
PB		 653 tlb_flush(env, 1);
654
655 return 0;
656}
e7f4eff7
JQ		 657
658static const VMStateDescription vmstate_cpu_common = {
659 .name = "cpu_common",
660 .version_id = 1,
661 .minimum_version_id = 1,
662 .minimum_version_id_old = 1,
e7f4eff7
JQ		 663 .post_load = cpu_common_post_load,
664 .fields = (VMStateField []) {
665 VMSTATE_UINT32(halted, CPUState),
666 VMSTATE_UINT32(interrupt_request, CPUState),
667 VMSTATE_END_OF_LIST()
668 }
669};
9656f324
PB		 670#endif
671
950f1472
GC		 672CPUState *qemu_get_cpu(int cpu)
673{
674 CPUState *env = first_cpu;
675
676 while (env) {
677 if (env->cpu_index == cpu)
678 break;
679 env = env->next_cpu;
680 }
681
682 return env;
683}
684
6a00d601 685void cpu_exec_init(CPUState *env)
fd6ce8f6 686{
6a00d601
FB		 687 CPUState **penv;
688 int cpu_index;
689
c2764719
PB		 690#if defined(CONFIG_USER_ONLY)
691 cpu_list_lock();
692#endif
6a00d601
FB		 693 env->next_cpu = NULL;
694 penv = &first_cpu;
695 cpu_index = 0;
696 while (*penv != NULL) {
1e9fa730 697 penv = &(*penv)->next_cpu;
6a00d601
FB		 698 cpu_index++;
699 }
700 env->cpu_index = cpu_index;
268a362c 701 env->numa_node = 0;
72cf2d4f
BS		 702 QTAILQ_INIT(&env->breakpoints);
703 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 704#ifndef CONFIG_USER_ONLY
705 env->thread_id = qemu_get_thread_id();
706#endif
6a00d601 707 *penv = env;
c2764719
PB		 708#if defined(CONFIG_USER_ONLY)
709 cpu_list_unlock();
710#endif
b3c7724c 711#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 712 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
713 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 714 cpu_save, cpu_load, env);
715#endif
fd6ce8f6
FB		 716}
717
d1a1eb74
TG		 718/* Allocate a new translation block. Flush the translation buffer if
719 too many translation blocks or too much generated code. */
720static TranslationBlock *tb_alloc(target_ulong pc)
721{
722 TranslationBlock *tb;
723
724 if (nb_tbs >= code_gen_max_blocks ||
725 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
726 return NULL;
727 tb = &tbs[nb_tbs++];
728 tb->pc = pc;
729 tb->cflags = 0;
730 return tb;
731}
732
733void tb_free(TranslationBlock *tb)
734{
735 /* In practice this is mostly used for single use temporary TB
736 Ignore the hard cases and just back up if this TB happens to
737 be the last one generated. */
738 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
739 code_gen_ptr = tb->tc_ptr;
740 nb_tbs--;
741 }
742}
743
9fa3e853
FB		 744static inline void invalidate_page_bitmap(PageDesc *p)
745{
746 if (p->code_bitmap) {
7267c094 747 g_free(p->code_bitmap);
9fa3e853
FB		 748 p->code_bitmap = NULL;
749 }
750 p->code_write_count = 0;
751}
752
5cd2c5b6
RH		 753/* Set to NULL all the 'first_tb' fields in all PageDescs. */
754
755static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 756{
5cd2c5b6 757 int i;
fd6ce8f6 758
5cd2c5b6
RH		 759 if (*lp == NULL) {
760 return;
761 }
762 if (level == 0) {
763 PageDesc *pd = *lp;
7296abac 764 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 765 pd[i].first_tb = NULL;
766 invalidate_page_bitmap(pd + i);
fd6ce8f6 767 }
5cd2c5b6
RH		 768 } else {
769 void **pp = *lp;
7296abac 770 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 771 page_flush_tb_1 (level - 1, pp + i);
772 }
773 }
774}
775
776static void page_flush_tb(void)
777{
778 int i;
779 for (i = 0; i < V_L1_SIZE; i++) {
780 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 781 }
782}
783
784/* flush all the translation blocks */
d4e8164f 785/* XXX: tb_flush is currently not thread safe */
6a00d601 786void tb_flush(CPUState *env1)
fd6ce8f6 787{
6a00d601 788 CPUState *env;
0124311e 789#if defined(DEBUG_FLUSH)
ab3d1727
BS		 790 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
791 (unsigned long)(code_gen_ptr - code_gen_buffer),
792 nb_tbs, nb_tbs > 0 ?
793 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 794#endif
26a5f13b 795 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 796 cpu_abort(env1, "Internal error: code buffer overflow\n");
797
fd6ce8f6 798 nb_tbs = 0;
3b46e624 799
6a00d601
FB		 800 for(env = first_cpu; env != NULL; env = env->next_cpu) {
801 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
802 }
9fa3e853 803
8a8a608f 804 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 805 page_flush_tb();
9fa3e853 806
fd6ce8f6 807 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 808 /* XXX: flush processor icache at this point if cache flush is
809 expensive */
e3db7226 810 tb_flush_count++;
fd6ce8f6
FB		 811}
812
813#ifdef DEBUG_TB_CHECK
814
bc98a7ef 815static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 816{
817 TranslationBlock *tb;
818 int i;
819 address &= TARGET_PAGE_MASK;
99773bd4
PB		 820 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
821 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 822 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
823 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 824 printf("ERROR invalidate: address=" TARGET_FMT_lx
825 " PC=%08lx size=%04x\n",
99773bd4 826 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 827 }
828 }
829 }
830}
831
832/* verify that all the pages have correct rights for code */
833static void tb_page_check(void)
834{
835 TranslationBlock *tb;
836 int i, flags1, flags2;
3b46e624 837
99773bd4
PB		 838 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
839 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 840 flags1 = page_get_flags(tb->pc);
841 flags2 = page_get_flags(tb->pc + tb->size - 1);
842 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
843 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 844 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 845 }
846 }
847 }
848}
849
850#endif
851
852/* invalidate one TB */
853static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
854 int next_offset)
855{
856 TranslationBlock *tb1;
857 for(;;) {
858 tb1 = *ptb;
859 if (tb1 == tb) {
860 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
861 break;
862 }
863 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
864 }
865}
866
9fa3e853
FB		 867static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
868{
869 TranslationBlock *tb1;
870 unsigned int n1;
871
872 for(;;) {
873 tb1 = *ptb;
874 n1 = (long)tb1 & 3;
875 tb1 = (TranslationBlock *)((long)tb1 & ~3);
876 if (tb1 == tb) {
877 *ptb = tb1->page_next[n1];
878 break;
879 }
880 ptb = &tb1->page_next[n1];
881 }
882}
883
d4e8164f
FB		 884static inline void tb_jmp_remove(TranslationBlock *tb, int n)
885{
886 TranslationBlock *tb1, **ptb;
887 unsigned int n1;
888
889 ptb = &tb->jmp_next[n];
890 tb1 = *ptb;
891 if (tb1) {
892 /* find tb(n) in circular list */
893 for(;;) {
894 tb1 = *ptb;
895 n1 = (long)tb1 & 3;
896 tb1 = (TranslationBlock *)((long)tb1 & ~3);
897 if (n1 == n && tb1 == tb)
898 break;
899 if (n1 == 2) {
900 ptb = &tb1->jmp_first;
901 } else {
902 ptb = &tb1->jmp_next[n1];
903 }
904 }
905 /* now we can suppress tb(n) from the list */
906 *ptb = tb->jmp_next[n];
907
908 tb->jmp_next[n] = NULL;
909 }
910}
911
912/* reset the jump entry 'n' of a TB so that it is not chained to
913 another TB */
914static inline void tb_reset_jump(TranslationBlock *tb, int n)
915{
916 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
917}
918
41c1b1c9 919void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 920{
6a00d601 921 CPUState *env;
8a40a180 922 PageDesc *p;
d4e8164f 923 unsigned int h, n1;
41c1b1c9 924 tb_page_addr_t phys_pc;
8a40a180 925 TranslationBlock *tb1, *tb2;
3b46e624 926
8a40a180
FB		 927 /* remove the TB from the hash list */
928 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
929 h = tb_phys_hash_func(phys_pc);
5fafdf24 930 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 931 offsetof(TranslationBlock, phys_hash_next));
932
933 /* remove the TB from the page list */
934 if (tb->page_addr[0] != page_addr) {
935 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
936 tb_page_remove(&p->first_tb, tb);
937 invalidate_page_bitmap(p);
938 }
939 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
940 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
941 tb_page_remove(&p->first_tb, tb);
942 invalidate_page_bitmap(p);
943 }
944
36bdbe54 945 tb_invalidated_flag = 1;
59817ccb 946
fd6ce8f6 947 /* remove the TB from the hash list */
8a40a180 948 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 949 for(env = first_cpu; env != NULL; env = env->next_cpu) {
950 if (env->tb_jmp_cache[h] == tb)
951 env->tb_jmp_cache[h] = NULL;
952 }
d4e8164f
FB		 953
954 /* suppress this TB from the two jump lists */
955 tb_jmp_remove(tb, 0);
956 tb_jmp_remove(tb, 1);
957
958 /* suppress any remaining jumps to this TB */
959 tb1 = tb->jmp_first;
960 for(;;) {
961 n1 = (long)tb1 & 3;
962 if (n1 == 2)
963 break;
964 tb1 = (TranslationBlock *)((long)tb1 & ~3);
965 tb2 = tb1->jmp_next[n1];
966 tb_reset_jump(tb1, n1);
967 tb1->jmp_next[n1] = NULL;
968 tb1 = tb2;
969 }
970 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 971
e3db7226 972 tb_phys_invalidate_count++;
9fa3e853
FB		 973}
974
975static inline void set_bits(uint8_t *tab, int start, int len)
976{
977 int end, mask, end1;
978
979 end = start + len;
980 tab += start >> 3;
981 mask = 0xff << (start & 7);
982 if ((start & ~7) == (end & ~7)) {
983 if (start < end) {
984 mask &= ~(0xff << (end & 7));
985 *tab |= mask;
986 }
987 } else {
988 *tab++ |= mask;
989 start = (start + 8) & ~7;
990 end1 = end & ~7;
991 while (start < end1) {
992 *tab++ = 0xff;
993 start += 8;
994 }
995 if (start < end) {
996 mask = ~(0xff << (end & 7));
997 *tab |= mask;
998 }
999 }
1000}
1001
1002static void build_page_bitmap(PageDesc *p)
1003{
1004 int n, tb_start, tb_end;
1005 TranslationBlock *tb;
3b46e624 1006
7267c094 1007 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1008
1009 tb = p->first_tb;
1010 while (tb != NULL) {
1011 n = (long)tb & 3;
1012 tb = (TranslationBlock *)((long)tb & ~3);
1013 /* NOTE: this is subtle as a TB may span two physical pages */
1014 if (n == 0) {
1015 /* NOTE: tb_end may be after the end of the page, but
1016 it is not a problem */
1017 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1018 tb_end = tb_start + tb->size;
1019 if (tb_end > TARGET_PAGE_SIZE)
1020 tb_end = TARGET_PAGE_SIZE;
1021 } else {
1022 tb_start = 0;
1023 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1024 }
1025 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1026 tb = tb->page_next[n];
1027 }
1028}
1029
2e70f6ef
PB		 1030TranslationBlock *tb_gen_code(CPUState *env,
1031 target_ulong pc, target_ulong cs_base,
1032 int flags, int cflags)
d720b93d
FB		 1033{
1034 TranslationBlock *tb;
1035 uint8_t *tc_ptr;
41c1b1c9
PB		 1036 tb_page_addr_t phys_pc, phys_page2;
1037 target_ulong virt_page2;
d720b93d
FB		 1038 int code_gen_size;
1039
41c1b1c9 1040 phys_pc = get_page_addr_code(env, pc);
c27004ec 1041 tb = tb_alloc(pc);
d720b93d
FB		 1042 if (!tb) {
1043 /* flush must be done */
1044 tb_flush(env);
1045 /* cannot fail at this point */
c27004ec 1046 tb = tb_alloc(pc);
2e70f6ef
PB		 1047 /* Don't forget to invalidate previous TB info. */
1048 tb_invalidated_flag = 1;
d720b93d
FB		 1049 }
1050 tc_ptr = code_gen_ptr;
1051 tb->tc_ptr = tc_ptr;
1052 tb->cs_base = cs_base;
1053 tb->flags = flags;
1054 tb->cflags = cflags;
d07bde88 1055 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1056 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1057
d720b93d 1058 /* check next page if needed */
c27004ec 1059 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1060 phys_page2 = -1;
c27004ec 1061 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1062 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1063 }
41c1b1c9 1064 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1065 return tb;
d720b93d 1066}
3b46e624 1067
9fa3e853
FB		 1068/* invalidate all TBs which intersect with the target physical page
1069 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1070 the same physical page. 'is_cpu_write_access' should be true if called
1071 from a real cpu write access: the virtual CPU will exit the current
1072 TB if code is modified inside this TB. */
41c1b1c9 1073void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1074 int is_cpu_write_access)
1075{
6b917547 1076 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1077 CPUState *env = cpu_single_env;
41c1b1c9 1078 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1079 PageDesc *p;
1080 int n;
1081#ifdef TARGET_HAS_PRECISE_SMC
1082 int current_tb_not_found = is_cpu_write_access;
1083 TranslationBlock *current_tb = NULL;
1084 int current_tb_modified = 0;
1085 target_ulong current_pc = 0;
1086 target_ulong current_cs_base = 0;
1087 int current_flags = 0;
1088#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1089
1090 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1091 if (!p)
9fa3e853 1092 return;
5fafdf24 1093 if (!p->code_bitmap &&
d720b93d
FB		 1094 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1095 is_cpu_write_access) {
9fa3e853
FB		 1096 /* build code bitmap */
1097 build_page_bitmap(p);
1098 }
1099
1100 /* we remove all the TBs in the range [start, end[ */
1101 /* XXX: see if in some cases it could be faster to invalidate all the code */
1102 tb = p->first_tb;
1103 while (tb != NULL) {
1104 n = (long)tb & 3;
1105 tb = (TranslationBlock *)((long)tb & ~3);
1106 tb_next = tb->page_next[n];
1107 /* NOTE: this is subtle as a TB may span two physical pages */
1108 if (n == 0) {
1109 /* NOTE: tb_end may be after the end of the page, but
1110 it is not a problem */
1111 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1112 tb_end = tb_start + tb->size;
1113 } else {
1114 tb_start = tb->page_addr[1];
1115 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1116 }
1117 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1118#ifdef TARGET_HAS_PRECISE_SMC
1119 if (current_tb_not_found) {
1120 current_tb_not_found = 0;
1121 current_tb = NULL;
2e70f6ef 1122 if (env->mem_io_pc) {
d720b93d 1123 /* now we have a real cpu fault */
2e70f6ef 1124 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1125 }
1126 }
1127 if (current_tb == tb &&
2e70f6ef 1128 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1129 /* If we are modifying the current TB, we must stop
1130 its execution. We could be more precise by checking
1131 that the modification is after the current PC, but it
1132 would require a specialized function to partially
1133 restore the CPU state */
3b46e624 1134
d720b93d 1135 current_tb_modified = 1;
618ba8e6 1136 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1137 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1138 &current_flags);
d720b93d
FB		 1139 }
1140#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1141 /* we need to do that to handle the case where a signal
1142 occurs while doing tb_phys_invalidate() */
1143 saved_tb = NULL;
1144 if (env) {
1145 saved_tb = env->current_tb;
1146 env->current_tb = NULL;
1147 }
9fa3e853 1148 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1149 if (env) {
1150 env->current_tb = saved_tb;
1151 if (env->interrupt_request && env->current_tb)
1152 cpu_interrupt(env, env->interrupt_request);
1153 }
9fa3e853
FB		 1154 }
1155 tb = tb_next;
1156 }
1157#if !defined(CONFIG_USER_ONLY)
1158 /* if no code remaining, no need to continue to use slow writes */
1159 if (!p->first_tb) {
1160 invalidate_page_bitmap(p);
d720b93d 1161 if (is_cpu_write_access) {
2e70f6ef 1162 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1163 }
1164 }
1165#endif
1166#ifdef TARGET_HAS_PRECISE_SMC
1167 if (current_tb_modified) {
1168 /* we generate a block containing just the instruction
1169 modifying the memory. It will ensure that it cannot modify
1170 itself */
ea1c1802 1171 env->current_tb = NULL;
2e70f6ef 1172 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1173 cpu_resume_from_signal(env, NULL);
9fa3e853 1174 }
fd6ce8f6 1175#endif
9fa3e853 1176}
fd6ce8f6 1177
9fa3e853 1178/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1179static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1180{
1181 PageDesc *p;
1182 int offset, b;
59817ccb 1183#if 0
a4193c8a 1184 if (1) {
93fcfe39
AL		 1185 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1186 cpu_single_env->mem_io_vaddr, len,
1187 cpu_single_env->eip,
1188 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1189 }
1190#endif
9fa3e853 1191 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1192 if (!p)
9fa3e853
FB		 1193 return;
1194 if (p->code_bitmap) {
1195 offset = start & ~TARGET_PAGE_MASK;
1196 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1197 if (b & ((1 << len) - 1))
1198 goto do_invalidate;
1199 } else {
1200 do_invalidate:
d720b93d 1201 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1202 }
1203}
1204
9fa3e853 1205#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1206static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1207 unsigned long pc, void *puc)
9fa3e853 1208{
6b917547 1209 TranslationBlock *tb;
9fa3e853 1210 PageDesc *p;
6b917547 1211 int n;
d720b93d 1212#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1213 TranslationBlock *current_tb = NULL;
d720b93d 1214 CPUState *env = cpu_single_env;
6b917547
AL		 1215 int current_tb_modified = 0;
1216 target_ulong current_pc = 0;
1217 target_ulong current_cs_base = 0;
1218 int current_flags = 0;
d720b93d 1219#endif
9fa3e853
FB		 1220
1221 addr &= TARGET_PAGE_MASK;
1222 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1223 if (!p)
9fa3e853
FB		 1224 return;
1225 tb = p->first_tb;
d720b93d
FB		 1226#ifdef TARGET_HAS_PRECISE_SMC
1227 if (tb && pc != 0) {
1228 current_tb = tb_find_pc(pc);
1229 }
1230#endif
9fa3e853
FB		 1231 while (tb != NULL) {
1232 n = (long)tb & 3;
1233 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1234#ifdef TARGET_HAS_PRECISE_SMC
1235 if (current_tb == tb &&
2e70f6ef 1236 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1237 /* If we are modifying the current TB, we must stop
1238 its execution. We could be more precise by checking
1239 that the modification is after the current PC, but it
1240 would require a specialized function to partially
1241 restore the CPU state */
3b46e624 1242
d720b93d 1243 current_tb_modified = 1;
618ba8e6 1244 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1245 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1246 &current_flags);
d720b93d
FB		 1247 }
1248#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1249 tb_phys_invalidate(tb, addr);
1250 tb = tb->page_next[n];
1251 }
fd6ce8f6 1252 p->first_tb = NULL;
d720b93d
FB		 1253#ifdef TARGET_HAS_PRECISE_SMC
1254 if (current_tb_modified) {
1255 /* we generate a block containing just the instruction
1256 modifying the memory. It will ensure that it cannot modify
1257 itself */
ea1c1802 1258 env->current_tb = NULL;
2e70f6ef 1259 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1260 cpu_resume_from_signal(env, puc);
1261 }
1262#endif
fd6ce8f6 1263}
9fa3e853 1264#endif
fd6ce8f6
FB		 1265
1266/* add the tb in the target page and protect it if necessary */
5fafdf24 1267static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1268 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1269{
1270 PageDesc *p;
4429ab44
JQ		 1271#ifndef CONFIG_USER_ONLY
1272 bool page_already_protected;
1273#endif
9fa3e853
FB		 1274
1275 tb->page_addr[n] = page_addr;
5cd2c5b6 1276 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1277 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1278#ifndef CONFIG_USER_ONLY
1279 page_already_protected = p->first_tb != NULL;
1280#endif
9fa3e853
FB		 1281 p->first_tb = (TranslationBlock *)((long)tb | n);
1282 invalidate_page_bitmap(p);
fd6ce8f6 1283
107db443 1284#if defined(TARGET_HAS_SMC) || 1
d720b93d 1285
9fa3e853 1286#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1287 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1288 target_ulong addr;
1289 PageDesc *p2;
9fa3e853
FB		 1290 int prot;
1291
fd6ce8f6
FB		 1292 /* force the host page as non writable (writes will have a
1293 page fault + mprotect overhead) */
53a5960a 1294 page_addr &= qemu_host_page_mask;
fd6ce8f6 1295 prot = 0;
53a5960a
PB		 1296 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1297 addr += TARGET_PAGE_SIZE) {
1298
1299 p2 = page_find (addr >> TARGET_PAGE_BITS);
1300 if (!p2)
1301 continue;
1302 prot |= p2->flags;
1303 p2->flags &= ~PAGE_WRITE;
53a5960a 1304 }
5fafdf24 1305 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1306 (prot & PAGE_BITS) & ~PAGE_WRITE);
1307#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1308 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1309 page_addr);
fd6ce8f6 1310#endif
fd6ce8f6 1311 }
9fa3e853
FB		 1312#else
1313 /* if some code is already present, then the pages are already
1314 protected. So we handle the case where only the first TB is
1315 allocated in a physical page */
4429ab44 1316 if (!page_already_protected) {
6a00d601 1317 tlb_protect_code(page_addr);
9fa3e853
FB		 1318 }
1319#endif
d720b93d
FB		 1320
1321#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1322}
1323
9fa3e853
FB		 1324/* add a new TB and link it to the physical page tables. phys_page2 is
1325 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1326void tb_link_page(TranslationBlock *tb,
1327 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1328{
9fa3e853
FB		 1329 unsigned int h;
1330 TranslationBlock **ptb;
1331
c8a706fe
PB		 1332 /* Grab the mmap lock to stop another thread invalidating this TB
1333 before we are done. */
1334 mmap_lock();
9fa3e853
FB		 1335 /* add in the physical hash table */
1336 h = tb_phys_hash_func(phys_pc);
1337 ptb = &tb_phys_hash[h];
1338 tb->phys_hash_next = *ptb;
1339 *ptb = tb;
fd6ce8f6
FB		 1340
1341 /* add in the page list */
9fa3e853
FB		 1342 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1343 if (phys_page2 != -1)
1344 tb_alloc_page(tb, 1, phys_page2);
1345 else
1346 tb->page_addr[1] = -1;
9fa3e853 1347
d4e8164f
FB		 1348 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1349 tb->jmp_next[0] = NULL;
1350 tb->jmp_next[1] = NULL;
1351
1352 /* init original jump addresses */
1353 if (tb->tb_next_offset[0] != 0xffff)
1354 tb_reset_jump(tb, 0);
1355 if (tb->tb_next_offset[1] != 0xffff)
1356 tb_reset_jump(tb, 1);
8a40a180
FB		 1357
1358#ifdef DEBUG_TB_CHECK
1359 tb_page_check();
1360#endif
c8a706fe 1361 mmap_unlock();
fd6ce8f6
FB		 1362}
1363
9fa3e853
FB		 1364/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1365 tb[1].tc_ptr. Return NULL if not found */
1366TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1367{
9fa3e853
FB		 1368 int m_min, m_max, m;
1369 unsigned long v;
1370 TranslationBlock *tb;
a513fe19
FB		 1371
1372 if (nb_tbs <= 0)
1373 return NULL;
1374 if (tc_ptr < (unsigned long)code_gen_buffer ||
1375 tc_ptr >= (unsigned long)code_gen_ptr)
1376 return NULL;
1377 /* binary search (cf Knuth) */
1378 m_min = 0;
1379 m_max = nb_tbs - 1;
1380 while (m_min <= m_max) {
1381 m = (m_min + m_max) >> 1;
1382 tb = &tbs[m];
1383 v = (unsigned long)tb->tc_ptr;
1384 if (v == tc_ptr)
1385 return tb;
1386 else if (tc_ptr < v) {
1387 m_max = m - 1;
1388 } else {
1389 m_min = m + 1;
1390 }
5fafdf24 1391 }
a513fe19
FB		 1392 return &tbs[m_max];
1393}
7501267e 1394
ea041c0e
FB		 1395static void tb_reset_jump_recursive(TranslationBlock *tb);
1396
1397static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1398{
1399 TranslationBlock *tb1, *tb_next, **ptb;
1400 unsigned int n1;
1401
1402 tb1 = tb->jmp_next[n];
1403 if (tb1 != NULL) {
1404 /* find head of list */
1405 for(;;) {
1406 n1 = (long)tb1 & 3;
1407 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1408 if (n1 == 2)
1409 break;
1410 tb1 = tb1->jmp_next[n1];
1411 }
1412 /* we are now sure now that tb jumps to tb1 */
1413 tb_next = tb1;
1414
1415 /* remove tb from the jmp_first list */
1416 ptb = &tb_next->jmp_first;
1417 for(;;) {
1418 tb1 = *ptb;
1419 n1 = (long)tb1 & 3;
1420 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1421 if (n1 == n && tb1 == tb)
1422 break;
1423 ptb = &tb1->jmp_next[n1];
1424 }
1425 *ptb = tb->jmp_next[n];
1426 tb->jmp_next[n] = NULL;
3b46e624 1427
ea041c0e
FB		 1428 /* suppress the jump to next tb in generated code */
1429 tb_reset_jump(tb, n);
1430
0124311e 1431 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1432 tb_reset_jump_recursive(tb_next);
1433 }
1434}
1435
1436static void tb_reset_jump_recursive(TranslationBlock *tb)
1437{
1438 tb_reset_jump_recursive2(tb, 0);
1439 tb_reset_jump_recursive2(tb, 1);
1440}
1441
1fddef4b 1442#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1443#if defined(CONFIG_USER_ONLY)
1444static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1445{
1446 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1447}
1448#else
d720b93d
FB		 1449static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1450{
c227f099 1451 target_phys_addr_t addr;
9b3c35e0 1452 target_ulong pd;
c227f099 1453 ram_addr_t ram_addr;
f1f6e3b8 1454 PhysPageDesc p;
d720b93d 1455
c2f07f81
PB		 1456 addr = cpu_get_phys_page_debug(env, pc);
1457 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 1458 pd = p.phys_offset;
c2f07f81 1459 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
706cd4b5 1460 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1461}
c27004ec 1462#endif
94df27fd 1463#endif /* TARGET_HAS_ICE */
d720b93d 1464
c527ee8f
PB		 1465#if defined(CONFIG_USER_ONLY)
1466void cpu_watchpoint_remove_all(CPUState *env, int mask)
1467
1468{
1469}
1470
1471int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1472 int flags, CPUWatchpoint **watchpoint)
1473{
1474 return -ENOSYS;
1475}
1476#else
6658ffb8 1477/* Add a watchpoint. */
a1d1bb31
AL		 1478int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1479 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1480{
b4051334 1481 target_ulong len_mask = ~(len - 1);
c0ce998e 1482 CPUWatchpoint *wp;
6658ffb8 1483
b4051334
AL		 1484 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1485 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1486 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1487 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1488 return -EINVAL;
1489 }
7267c094 1490 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1491
1492 wp->vaddr = addr;
b4051334 1493 wp->len_mask = len_mask;
a1d1bb31
AL		 1494 wp->flags = flags;
1495
2dc9f411 1496 /* keep all GDB-injected watchpoints in front */
c0ce998e 1497 if (flags & BP_GDB)
72cf2d4f 1498 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1499 else
72cf2d4f 1500 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1501
6658ffb8 1502 tlb_flush_page(env, addr);
a1d1bb31
AL		 1503
1504 if (watchpoint)
1505 *watchpoint = wp;
1506 return 0;
6658ffb8
PB		 1507}
1508
a1d1bb31
AL		 1509/* Remove a specific watchpoint. */
1510int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1511 int flags)
6658ffb8 1512{
b4051334 1513 target_ulong len_mask = ~(len - 1);
a1d1bb31 1514 CPUWatchpoint *wp;
6658ffb8 1515
72cf2d4f 1516 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1517 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1518 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1519 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1520 return 0;
1521 }
1522 }
a1d1bb31 1523 return -ENOENT;
6658ffb8
PB		 1524}
1525
a1d1bb31
AL		 1526/* Remove a specific watchpoint by reference. */
1527void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1528{
72cf2d4f 1529 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1530
a1d1bb31
AL		 1531 tlb_flush_page(env, watchpoint->vaddr);
1532
7267c094 1533 g_free(watchpoint);
a1d1bb31
AL		 1534}
1535
1536/* Remove all matching watchpoints. */
1537void cpu_watchpoint_remove_all(CPUState *env, int mask)
1538{
c0ce998e 1539 CPUWatchpoint *wp, *next;
a1d1bb31 1540
72cf2d4f 1541 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1542 if (wp->flags & mask)
1543 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1544 }
7d03f82f 1545}
c527ee8f 1546#endif
7d03f82f 1547
a1d1bb31
AL		 1548/* Add a breakpoint. */
1549int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1550 CPUBreakpoint **breakpoint)
4c3a88a2 1551{
1fddef4b 1552#if defined(TARGET_HAS_ICE)
c0ce998e 1553 CPUBreakpoint *bp;
3b46e624 1554
7267c094 1555 bp = g_malloc(sizeof(*bp));
4c3a88a2 1556
a1d1bb31
AL		 1557 bp->pc = pc;
1558 bp->flags = flags;
1559
2dc9f411 1560 /* keep all GDB-injected breakpoints in front */
c0ce998e 1561 if (flags & BP_GDB)
72cf2d4f 1562 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1563 else
72cf2d4f 1564 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1565
d720b93d 1566 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1567
1568 if (breakpoint)
1569 *breakpoint = bp;
4c3a88a2
FB		 1570 return 0;
1571#else
a1d1bb31 1572 return -ENOSYS;
4c3a88a2
FB		 1573#endif
1574}
1575
a1d1bb31
AL		 1576/* Remove a specific breakpoint. */
1577int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1578{
7d03f82f 1579#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1580 CPUBreakpoint *bp;
1581
72cf2d4f 1582 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1583 if (bp->pc == pc && bp->flags == flags) {
1584 cpu_breakpoint_remove_by_ref(env, bp);
1585 return 0;
1586 }
7d03f82f 1587 }
a1d1bb31
AL		 1588 return -ENOENT;
1589#else
1590 return -ENOSYS;
7d03f82f
EI		 1591#endif
1592}
1593
a1d1bb31
AL		 1594/* Remove a specific breakpoint by reference. */
1595void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1596{
1fddef4b 1597#if defined(TARGET_HAS_ICE)
72cf2d4f 1598 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1599
a1d1bb31
AL		 1600 breakpoint_invalidate(env, breakpoint->pc);
1601
7267c094 1602 g_free(breakpoint);
a1d1bb31
AL		 1603#endif
1604}
1605
1606/* Remove all matching breakpoints. */
1607void cpu_breakpoint_remove_all(CPUState *env, int mask)
1608{
1609#if defined(TARGET_HAS_ICE)
c0ce998e 1610 CPUBreakpoint *bp, *next;
a1d1bb31 1611
72cf2d4f 1612 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1613 if (bp->flags & mask)
1614 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1615 }
4c3a88a2
FB		 1616#endif
1617}
1618
c33a346e
FB		 1619/* enable or disable single step mode. EXCP_DEBUG is returned by the
1620 CPU loop after each instruction */
1621void cpu_single_step(CPUState *env, int enabled)
1622{
1fddef4b 1623#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1624 if (env->singlestep_enabled != enabled) {
1625 env->singlestep_enabled = enabled;
e22a25c9
AL		 1626 if (kvm_enabled())
1627 kvm_update_guest_debug(env, 0);
1628 else {
ccbb4d44 1629 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1630 /* XXX: only flush what is necessary */
1631 tb_flush(env);
1632 }
c33a346e
FB		 1633 }
1634#endif
1635}
1636
34865134
FB		 1637/* enable or disable low levels log */
1638void cpu_set_log(int log_flags)
1639{
1640 loglevel = log_flags;
1641 if (loglevel && !logfile) {
11fcfab4 1642 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1643 if (!logfile) {
1644 perror(logfilename);
1645 _exit(1);
1646 }
9fa3e853
FB		 1647#if !defined(CONFIG_SOFTMMU)
1648 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1649 {
b55266b5 1650 static char logfile_buf[4096];
9fa3e853
FB		 1651 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1652 }
daf767b1
SW		 1653#elif defined(_WIN32)
1654 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1655 setvbuf(logfile, NULL, _IONBF, 0);
1656#else
34865134 1657 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1658#endif
e735b91c
PB		 1659 log_append = 1;
1660 }
1661 if (!loglevel && logfile) {
1662 fclose(logfile);
1663 logfile = NULL;
34865134
FB		 1664 }
1665}
1666
1667void cpu_set_log_filename(const char *filename)
1668{
1669 logfilename = strdup(filename);
e735b91c
PB		 1670 if (logfile) {
1671 fclose(logfile);
1672 logfile = NULL;
1673 }
1674 cpu_set_log(loglevel);
34865134 1675}
c33a346e 1676
3098dba0 1677static void cpu_unlink_tb(CPUState *env)
ea041c0e 1678{
3098dba0
AJ		 1679 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1680 problem and hope the cpu will stop of its own accord. For userspace
1681 emulation this often isn't actually as bad as it sounds. Often
1682 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1683 TranslationBlock *tb;
c227f099 1684 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1685
cab1b4bd 1686 spin_lock(&interrupt_lock);
3098dba0
AJ		 1687 tb = env->current_tb;
1688 /* if the cpu is currently executing code, we must unlink it and
1689 all the potentially executing TB */
f76cfe56 1690 if (tb) {
3098dba0
AJ		 1691 env->current_tb = NULL;
1692 tb_reset_jump_recursive(tb);
be214e6c 1693 }
cab1b4bd 1694 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1695}
1696
97ffbd8d 1697#ifndef CONFIG_USER_ONLY
3098dba0 1698/* mask must never be zero, except for A20 change call */
ec6959d0 1699static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1700{
1701 int old_mask;
be214e6c 1702
2e70f6ef 1703 old_mask = env->interrupt_request;
68a79315 1704 env->interrupt_request |= mask;
3098dba0 1705
8edac960
AL		 1706 /*
1707 * If called from iothread context, wake the target cpu in
1708 * case its halted.
1709 */
b7680cb6 1710 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1711 qemu_cpu_kick(env);
1712 return;
1713 }
8edac960 1714
2e70f6ef 1715 if (use_icount) {
266910c4 1716 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1717 if (!can_do_io(env)
be214e6c 1718 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1719 cpu_abort(env, "Raised interrupt while not in I/O function");
1720 }
2e70f6ef 1721 } else {
3098dba0 1722 cpu_unlink_tb(env);
ea041c0e
FB		 1723 }
1724}
1725
ec6959d0
JK		 1726CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1727
97ffbd8d
JK		 1728#else /* CONFIG_USER_ONLY */
1729
1730void cpu_interrupt(CPUState *env, int mask)
1731{
1732 env->interrupt_request |= mask;
1733 cpu_unlink_tb(env);
1734}
1735#endif /* CONFIG_USER_ONLY */
1736
b54ad049
FB		 1737void cpu_reset_interrupt(CPUState *env, int mask)
1738{
1739 env->interrupt_request &= ~mask;
1740}
1741
3098dba0
AJ		 1742void cpu_exit(CPUState *env)
1743{
1744 env->exit_request = 1;
1745 cpu_unlink_tb(env);
1746}
1747
c7cd6a37 1748const CPULogItem cpu_log_items[] = {
5fafdf24 1749 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1750 "show generated host assembly code for each compiled TB" },
1751 { CPU_LOG_TB_IN_ASM, "in_asm",
1752 "show target assembly code for each compiled TB" },
5fafdf24 1753 { CPU_LOG_TB_OP, "op",
57fec1fe 1754 "show micro ops for each compiled TB" },
f193c797 1755 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1756 "show micro ops "
1757#ifdef TARGET_I386
1758 "before eflags optimization and "
f193c797 1759#endif
e01a1157 1760 "after liveness analysis" },
f193c797
FB		 1761 { CPU_LOG_INT, "int",
1762 "show interrupts/exceptions in short format" },
1763 { CPU_LOG_EXEC, "exec",
1764 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1765 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1766 "show CPU state before block translation" },
f193c797
FB		 1767#ifdef TARGET_I386
1768 { CPU_LOG_PCALL, "pcall",
1769 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1770 { CPU_LOG_RESET, "cpu_reset",
1771 "show CPU state before CPU resets" },
f193c797 1772#endif
8e3a9fd2 1773#ifdef DEBUG_IOPORT
fd872598
FB		 1774 { CPU_LOG_IOPORT, "ioport",
1775 "show all i/o ports accesses" },
8e3a9fd2 1776#endif
f193c797
FB		 1777 { 0, NULL, NULL },
1778};
1779
1780static int cmp1(const char *s1, int n, const char *s2)
1781{
1782 if (strlen(s2) != n)
1783 return 0;
1784 return memcmp(s1, s2, n) == 0;
1785}
3b46e624 1786
f193c797
FB		 1787/* takes a comma separated list of log masks. Return 0 if error. */
1788int cpu_str_to_log_mask(const char *str)
1789{
c7cd6a37 1790 const CPULogItem *item;
f193c797
FB		 1791 int mask;
1792 const char *p, *p1;
1793
1794 p = str;
1795 mask = 0;
1796 for(;;) {
1797 p1 = strchr(p, ',');
1798 if (!p1)
1799 p1 = p + strlen(p);
9742bf26
YT		 1800 if(cmp1(p,p1-p,"all")) {
1801 for(item = cpu_log_items; item->mask != 0; item++) {
1802 mask |= item->mask;
1803 }
1804 } else {
1805 for(item = cpu_log_items; item->mask != 0; item++) {
1806 if (cmp1(p, p1 - p, item->name))
1807 goto found;
1808 }
1809 return 0;
f193c797 1810 }
f193c797
FB		 1811 found:
1812 mask |= item->mask;
1813 if (*p1 != ',')
1814 break;
1815 p = p1 + 1;
1816 }
1817 return mask;
1818}
ea041c0e 1819
7501267e
FB		 1820void cpu_abort(CPUState *env, const char *fmt, ...)
1821{
1822 va_list ap;
493ae1f0 1823 va_list ap2;
7501267e
FB		 1824
1825 va_start(ap, fmt);
493ae1f0 1826 va_copy(ap2, ap);
7501267e
FB		 1827 fprintf(stderr, "qemu: fatal: ");
1828 vfprintf(stderr, fmt, ap);
1829 fprintf(stderr, "\n");
1830#ifdef TARGET_I386
7fe48483
FB		 1831 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1832#else
1833 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1834#endif
93fcfe39
AL		 1835 if (qemu_log_enabled()) {
1836 qemu_log("qemu: fatal: ");
1837 qemu_log_vprintf(fmt, ap2);
1838 qemu_log("\n");
f9373291 1839#ifdef TARGET_I386
93fcfe39 1840 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1841#else
93fcfe39 1842 log_cpu_state(env, 0);
f9373291 1843#endif
31b1a7b4 1844 qemu_log_flush();
93fcfe39 1845 qemu_log_close();
924edcae 1846 }
493ae1f0 1847 va_end(ap2);
f9373291 1848 va_end(ap);
fd052bf6
RV		 1849#if defined(CONFIG_USER_ONLY)
1850 {
1851 struct sigaction act;
1852 sigfillset(&act.sa_mask);
1853 act.sa_handler = SIG_DFL;
1854 sigaction(SIGABRT, &act, NULL);
1855 }
1856#endif
7501267e
FB		 1857 abort();
1858}
1859
c5be9f08
TS		 1860CPUState *cpu_copy(CPUState *env)
1861{
01ba9816 1862 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1863 CPUState *next_cpu = new_env->next_cpu;
1864 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1865#if defined(TARGET_HAS_ICE)
1866 CPUBreakpoint *bp;
1867 CPUWatchpoint *wp;
1868#endif
1869
c5be9f08 1870 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1871
1872 /* Preserve chaining and index. */
c5be9f08
TS		 1873 new_env->next_cpu = next_cpu;
1874 new_env->cpu_index = cpu_index;
5a38f081
AL		 1875
1876 /* Clone all break/watchpoints.
1877 Note: Once we support ptrace with hw-debug register access, make sure
1878 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1879 QTAILQ_INIT(&env->breakpoints);
1880 QTAILQ_INIT(&env->watchpoints);
5a38f081 1881#if defined(TARGET_HAS_ICE)
72cf2d4f 1882 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1883 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1884 }
72cf2d4f 1885 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1886 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1887 wp->flags, NULL);
1888 }
1889#endif
1890
c5be9f08
TS		 1891 return new_env;
1892}
1893
0124311e
FB		 1894#if !defined(CONFIG_USER_ONLY)
1895
5c751e99
EI		 1896static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1897{
1898 unsigned int i;
1899
1900 /* Discard jump cache entries for any tb which might potentially
1901 overlap the flushed page. */
1902 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1903 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1904 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1905
1906 i = tb_jmp_cache_hash_page(addr);
1907 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1908 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1909}
1910
08738984
IK		 1911static CPUTLBEntry s_cputlb_empty_entry = {
1912 .addr_read = -1,
1913 .addr_write = -1,
1914 .addr_code = -1,
1915 .addend = -1,
1916};
1917
771124e1
PM		 1918/* NOTE:
1919 * If flush_global is true (the usual case), flush all tlb entries.
1920 * If flush_global is false, flush (at least) all tlb entries not
1921 * marked global.
1922 *
1923 * Since QEMU doesn't currently implement a global/not-global flag
1924 * for tlb entries, at the moment tlb_flush() will also flush all
1925 * tlb entries in the flush_global == false case. This is OK because
1926 * CPU architectures generally permit an implementation to drop
1927 * entries from the TLB at any time, so flushing more entries than
1928 * required is only an efficiency issue, not a correctness issue.
1929 */
ee8b7021 1930void tlb_flush(CPUState *env, int flush_global)
33417e70 1931{
33417e70 1932 int i;
0124311e 1933
9fa3e853
FB		 1934#if defined(DEBUG_TLB)
1935 printf("tlb_flush:\n");
1936#endif
0124311e
FB		 1937 /* must reset current TB so that interrupts cannot modify the
1938 links while we are modifying them */
1939 env->current_tb = NULL;
1940
33417e70 1941 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1942 int mmu_idx;
1943 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1944 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1945 }
33417e70 1946 }
9fa3e853 1947
8a40a180 1948 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1949
d4c430a8
PB		 1950 env->tlb_flush_addr = -1;
1951 env->tlb_flush_mask = 0;
e3db7226 1952 tlb_flush_count++;
33417e70
FB		 1953}
1954
274da6b2 1955static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1956{
5fafdf24 1957 if (addr == (tlb_entry->addr_read &
84b7b8e7 1958 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1959 addr == (tlb_entry->addr_write &
84b7b8e7 1960 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1961 addr == (tlb_entry->addr_code &
84b7b8e7 1962 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1963 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1964 }
61382a50
FB		 1965}
1966
2e12669a 1967void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1968{
8a40a180 1969 int i;
cfde4bd9 1970 int mmu_idx;
0124311e 1971
9fa3e853 1972#if defined(DEBUG_TLB)
108c49b8 1973 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1974#endif
d4c430a8
PB		 1975 /* Check if we need to flush due to large pages. */
1976 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1977#if defined(DEBUG_TLB)
1978 printf("tlb_flush_page: forced full flush ("
1979 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1980 env->tlb_flush_addr, env->tlb_flush_mask);
1981#endif
1982 tlb_flush(env, 1);
1983 return;
1984 }
0124311e
FB		 1985 /* must reset current TB so that interrupts cannot modify the
1986 links while we are modifying them */
1987 env->current_tb = NULL;
61382a50
FB		 1988
1989 addr &= TARGET_PAGE_MASK;
1990 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 1991 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1992 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 1993
5c751e99 1994 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 1995}
1996
9fa3e853
FB		 1997/* update the TLBs so that writes to code in the virtual page 'addr'
1998 can be detected */
c227f099 1999static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 2000{
5fafdf24 2001 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 2002 ram_addr + TARGET_PAGE_SIZE,
2003 CODE_DIRTY_FLAG);
9fa3e853
FB		 2004}
2005
9fa3e853 2006/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 2007 tested for self modifying code */
c227f099 2008static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 2009 target_ulong vaddr)
9fa3e853 2010{
f7c11b53 2011 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 2012}
2013
5fafdf24 2014static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 2015 unsigned long start, unsigned long length)
2016{
2017 unsigned long addr;
0e0df1e2 2018 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 2019 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 2020 if ((addr - start) < length) {
0f459d16 2021 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 2022 }
2023 }
2024}
2025
5579c7f3 2026/* Note: start and end must be within the same ram block. */
c227f099 2027void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 2028 int dirty_flags)
1ccde1cb
FB		 2029{
2030 CPUState *env;
4f2ac237 2031 unsigned long length, start1;
f7c11b53 2032 int i;
1ccde1cb
FB		 2033
2034 start &= TARGET_PAGE_MASK;
2035 end = TARGET_PAGE_ALIGN(end);
2036
2037 length = end - start;
2038 if (length == 0)
2039 return;
f7c11b53 2040 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2041
1ccde1cb
FB		 2042 /* we modify the TLB cache so that the dirty bit will be set again
2043 when accessing the range */
b2e0a138 2044 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2045 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2046 address comparisons below. */
b2e0a138 2047 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2048 != (end - 1) - start) {
2049 abort();
2050 }
2051
6a00d601 2052 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2053 int mmu_idx;
2054 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2055 for(i = 0; i < CPU_TLB_SIZE; i++)
2056 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2057 start1, length);
2058 }
6a00d601 2059 }
1ccde1cb
FB		 2060}
2061
74576198
AL		 2062int cpu_physical_memory_set_dirty_tracking(int enable)
2063{
f6f3fbca 2064 int ret = 0;
74576198 2065 in_migration = enable;
f6f3fbca 2066 return ret;
74576198
AL		 2067}
2068
3a7d929e
FB		 2069static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2070{
c227f099 2071 ram_addr_t ram_addr;
5579c7f3 2072 void *p;
3a7d929e 2073
0e0df1e2 2074 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2075 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2076 + tlb_entry->addend);
e890261f 2077 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2078 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2079 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2080 }
2081 }
2082}
2083
2084/* update the TLB according to the current state of the dirty bits */
2085void cpu_tlb_update_dirty(CPUState *env)
2086{
2087 int i;
cfde4bd9
IY		 2088 int mmu_idx;
2089 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2090 for(i = 0; i < CPU_TLB_SIZE; i++)
2091 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2092 }
3a7d929e
FB		 2093}
2094
0f459d16 2095static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2096{
0f459d16
PB		 2097 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2098 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2099}
2100
0f459d16
PB		 2101/* update the TLB corresponding to virtual page vaddr
2102 so that it is no longer dirty */
2103static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2104{
1ccde1cb 2105 int i;
cfde4bd9 2106 int mmu_idx;
1ccde1cb 2107
0f459d16 2108 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2109 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2110 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2111 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2112}
2113
d4c430a8
PB		 2114/* Our TLB does not support large pages, so remember the area covered by
2115 large pages and trigger a full TLB flush if these are invalidated. */
2116static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2117 target_ulong size)
2118{
2119 target_ulong mask = ~(size - 1);
2120
2121 if (env->tlb_flush_addr == (target_ulong)-1) {
2122 env->tlb_flush_addr = vaddr & mask;
2123 env->tlb_flush_mask = mask;
2124 return;
2125 }
2126 /* Extend the existing region to include the new page.
2127 This is a compromise between unnecessary flushes and the cost
2128 of maintaining a full variable size TLB. */
2129 mask &= env->tlb_flush_mask;
2130 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2131 mask <<= 1;
2132 }
2133 env->tlb_flush_addr &= mask;
2134 env->tlb_flush_mask = mask;
2135}
2136
1d393fa2
AK		 2137static bool is_ram_rom(ram_addr_t pd)
2138{
2139 pd &= ~TARGET_PAGE_MASK;
0e0df1e2 2140 return pd == io_mem_ram.ram_addr || pd == io_mem_rom.ram_addr;
1d393fa2
AK		 2141}
2142
75c578dc
AK		 2143static bool is_romd(ram_addr_t pd)
2144{
2145 MemoryRegion *mr;
2146
2147 pd &= ~TARGET_PAGE_MASK;
11c7ef0c 2148 mr = io_mem_region[pd];
75c578dc
AK		 2149 return mr->rom_device && mr->readable;
2150}
2151
1d393fa2
AK		 2152static bool is_ram_rom_romd(ram_addr_t pd)
2153{
75c578dc 2154 return is_ram_rom(pd) || is_romd(pd);
1d393fa2
AK		 2155}
2156
d4c430a8
PB		 2157/* Add a new TLB entry. At most one entry for a given virtual address
2158 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2159 supplied size is only used by tlb_flush_page. */
2160void tlb_set_page(CPUState *env, target_ulong vaddr,
2161 target_phys_addr_t paddr, int prot,
2162 int mmu_idx, target_ulong size)
9fa3e853 2163{
f1f6e3b8 2164 PhysPageDesc p;
4f2ac237 2165 unsigned long pd;
9fa3e853 2166 unsigned int index;
4f2ac237 2167 target_ulong address;
0f459d16 2168 target_ulong code_address;
355b1943 2169 unsigned long addend;
84b7b8e7 2170 CPUTLBEntry *te;
a1d1bb31 2171 CPUWatchpoint *wp;
c227f099 2172 target_phys_addr_t iotlb;
9fa3e853 2173
d4c430a8
PB		 2174 assert(size >= TARGET_PAGE_SIZE);
2175 if (size != TARGET_PAGE_SIZE) {
2176 tlb_add_large_page(env, vaddr, size);
2177 }
92e873b9 2178 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
f1f6e3b8 2179 pd = p.phys_offset;
9fa3e853 2180#if defined(DEBUG_TLB)
7fd3f494
SW		 2181 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2182 " prot=%x idx=%d pd=0x%08lx\n",
2183 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2184#endif
2185
0f459d16 2186 address = vaddr;
1d393fa2 2187 if (!is_ram_rom_romd(pd)) {
0f459d16
PB		 2188 /* IO memory case (romd handled later) */
2189 address |= TLB_MMIO;
2190 }
5579c7f3 2191 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
1d393fa2 2192 if (is_ram_rom(pd)) {
0f459d16
PB		 2193 /* Normal RAM. */
2194 iotlb = pd & TARGET_PAGE_MASK;
0e0df1e2
AK		 2195 if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr)
2196 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2197 else
0e0df1e2 2198 iotlb |= io_mem_rom.ram_addr;
0f459d16 2199 } else {
ccbb4d44 2200 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2201 It would be nice to pass an offset from the base address
2202 of that region. This would avoid having to special case RAM,
2203 and avoid full address decoding in every device.
2204 We can't use the high bits of pd for this because
2205 IO_MEM_ROMD uses these as a ram address. */
8da3ff18 2206 iotlb = (pd & ~TARGET_PAGE_MASK);
f1f6e3b8 2207 iotlb += p.region_offset;
0f459d16
PB		 2208 }
2209
2210 code_address = address;
2211 /* Make accesses to pages with watchpoints go via the
2212 watchpoint trap routines. */
72cf2d4f 2213 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2214 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2215 /* Avoid trapping reads of pages with a write breakpoint. */
2216 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2217 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2218 address |= TLB_MMIO;
2219 break;
2220 }
6658ffb8 2221 }
0f459d16 2222 }
d79acba4 2223
0f459d16
PB		 2224 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2225 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2226 te = &env->tlb_table[mmu_idx][index];
2227 te->addend = addend - vaddr;
2228 if (prot & PAGE_READ) {
2229 te->addr_read = address;
2230 } else {
2231 te->addr_read = -1;
2232 }
5c751e99 2233
0f459d16
PB		 2234 if (prot & PAGE_EXEC) {
2235 te->addr_code = code_address;
2236 } else {
2237 te->addr_code = -1;
2238 }
2239 if (prot & PAGE_WRITE) {
75c578dc 2240 if ((pd & ~TARGET_PAGE_MASK) == io_mem_rom.ram_addr || is_romd(pd)) {
0f459d16
PB		 2241 /* Write access calls the I/O callback. */
2242 te->addr_write = address | TLB_MMIO;
0e0df1e2 2243 } else if ((pd & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr &&
0f459d16
PB		 2244 !cpu_physical_memory_is_dirty(pd)) {
2245 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2246 } else {
0f459d16 2247 te->addr_write = address;
9fa3e853 2248 }
0f459d16
PB		 2249 } else {
2250 te->addr_write = -1;
9fa3e853 2251 }
9fa3e853
FB		 2252}
2253
0124311e
FB		 2254#else
2255
ee8b7021 2256void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2257{
2258}
2259
2e12669a 2260void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2261{
2262}
2263
edf8e2af
MW		 2264/*
2265 * Walks guest process memory "regions" one by one
2266 * and calls callback function 'fn' for each region.
2267 */
5cd2c5b6
RH		 2268
2269struct walk_memory_regions_data
2270{
2271 walk_memory_regions_fn fn;
2272 void *priv;
2273 unsigned long start;
2274 int prot;
2275};
2276
2277static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2278 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2279{
2280 if (data->start != -1ul) {
2281 int rc = data->fn(data->priv, data->start, end, data->prot);
2282 if (rc != 0) {
2283 return rc;
2284 }
2285 }
2286
2287 data->start = (new_prot ? end : -1ul);
2288 data->prot = new_prot;
2289
2290 return 0;
2291}
2292
2293static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2294 abi_ulong base, int level, void **lp)
5cd2c5b6 2295{
b480d9b7 2296 abi_ulong pa;
5cd2c5b6
RH		 2297 int i, rc;
2298
2299 if (*lp == NULL) {
2300 return walk_memory_regions_end(data, base, 0);
2301 }
2302
2303 if (level == 0) {
2304 PageDesc *pd = *lp;
7296abac 2305 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2306 int prot = pd[i].flags;
2307
2308 pa = base | (i << TARGET_PAGE_BITS);
2309 if (prot != data->prot) {
2310 rc = walk_memory_regions_end(data, pa, prot);
2311 if (rc != 0) {
2312 return rc;
9fa3e853 2313 }
9fa3e853 2314 }
5cd2c5b6
RH		 2315 }
2316 } else {
2317 void **pp = *lp;
7296abac 2318 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2319 pa = base | ((abi_ulong)i <<
2320 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2321 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2322 if (rc != 0) {
2323 return rc;
2324 }
2325 }
2326 }
2327
2328 return 0;
2329}
2330
2331int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2332{
2333 struct walk_memory_regions_data data;
2334 unsigned long i;
2335
2336 data.fn = fn;
2337 data.priv = priv;
2338 data.start = -1ul;
2339 data.prot = 0;
2340
2341 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2342 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2343 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2344 if (rc != 0) {
2345 return rc;
9fa3e853 2346 }
33417e70 2347 }
5cd2c5b6
RH		 2348
2349 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2350}
2351
b480d9b7
PB		 2352static int dump_region(void *priv, abi_ulong start,
2353 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2354{
2355 FILE *f = (FILE *)priv;
2356
b480d9b7
PB		 2357 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2358 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2359 start, end, end - start,
2360 ((prot & PAGE_READ) ? 'r' : '-'),
2361 ((prot & PAGE_WRITE) ? 'w' : '-'),
2362 ((prot & PAGE_EXEC) ? 'x' : '-'));
2363
2364 return (0);
2365}
2366
2367/* dump memory mappings */
2368void page_dump(FILE *f)
2369{
2370 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2371 "start", "end", "size", "prot");
2372 walk_memory_regions(f, dump_region);
33417e70
FB		 2373}
2374
53a5960a 2375int page_get_flags(target_ulong address)
33417e70 2376{
9fa3e853
FB		 2377 PageDesc *p;
2378
2379 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2380 if (!p)
9fa3e853
FB		 2381 return 0;
2382 return p->flags;
2383}
2384
376a7909
RH		 2385/* Modify the flags of a page and invalidate the code if necessary.
2386 The flag PAGE_WRITE_ORG is positioned automatically depending
2387 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2388void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2389{
376a7909
RH		 2390 target_ulong addr, len;
2391
2392 /* This function should never be called with addresses outside the
2393 guest address space. If this assert fires, it probably indicates
2394 a missing call to h2g_valid. */
b480d9b7
PB		 2395#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2396 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2397#endif
2398 assert(start < end);
9fa3e853
FB		 2399
2400 start = start & TARGET_PAGE_MASK;
2401 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2402
2403 if (flags & PAGE_WRITE) {
9fa3e853 2404 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2405 }
2406
2407 for (addr = start, len = end - start;
2408 len != 0;
2409 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2410 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2411
2412 /* If the write protection bit is set, then we invalidate
2413 the code inside. */
5fafdf24 2414 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2415 (flags & PAGE_WRITE) &&
2416 p->first_tb) {
d720b93d 2417 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2418 }
2419 p->flags = flags;
2420 }
33417e70
FB		 2421}
2422
3d97b40b
TS		 2423int page_check_range(target_ulong start, target_ulong len, int flags)
2424{
2425 PageDesc *p;
2426 target_ulong end;
2427 target_ulong addr;
2428
376a7909
RH		 2429 /* This function should never be called with addresses outside the
2430 guest address space. If this assert fires, it probably indicates
2431 a missing call to h2g_valid. */
338e9e6c
BS		 2432#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2433 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2434#endif
2435
3e0650a9
RH		 2436 if (len == 0) {
2437 return 0;
2438 }
376a7909
RH		 2439 if (start + len - 1 < start) {
2440 /* We've wrapped around. */
55f280c9 2441 return -1;
376a7909 2442 }
55f280c9 2443
3d97b40b
TS		 2444 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2445 start = start & TARGET_PAGE_MASK;
2446
376a7909
RH		 2447 for (addr = start, len = end - start;
2448 len != 0;
2449 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2450 p = page_find(addr >> TARGET_PAGE_BITS);
2451 if( !p )
2452 return -1;
2453 if( !(p->flags & PAGE_VALID) )
2454 return -1;
2455
dae3270c 2456 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2457 return -1;
dae3270c
FB		 2458 if (flags & PAGE_WRITE) {
2459 if (!(p->flags & PAGE_WRITE_ORG))
2460 return -1;
2461 /* unprotect the page if it was put read-only because it
2462 contains translated code */
2463 if (!(p->flags & PAGE_WRITE)) {
2464 if (!page_unprotect(addr, 0, NULL))
2465 return -1;
2466 }
2467 return 0;
2468 }
3d97b40b
TS		 2469 }
2470 return 0;
2471}
2472
9fa3e853 2473/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2474 page. Return TRUE if the fault was successfully handled. */
53a5960a 2475int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2476{
45d679d6
AJ		 2477 unsigned int prot;
2478 PageDesc *p;
53a5960a 2479 target_ulong host_start, host_end, addr;
9fa3e853 2480
c8a706fe
PB		 2481 /* Technically this isn't safe inside a signal handler. However we
2482 know this only ever happens in a synchronous SEGV handler, so in
2483 practice it seems to be ok. */
2484 mmap_lock();
2485
45d679d6
AJ		 2486 p = page_find(address >> TARGET_PAGE_BITS);
2487 if (!p) {
c8a706fe 2488 mmap_unlock();
9fa3e853 2489 return 0;
c8a706fe 2490 }
45d679d6 2491
9fa3e853
FB		 2492 /* if the page was really writable, then we change its
2493 protection back to writable */
45d679d6
AJ		 2494 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2495 host_start = address & qemu_host_page_mask;
2496 host_end = host_start + qemu_host_page_size;
2497
2498 prot = 0;
2499 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2500 p = page_find(addr >> TARGET_PAGE_BITS);
2501 p->flags |= PAGE_WRITE;
2502 prot |= p->flags;
2503
9fa3e853
FB		 2504 /* and since the content will be modified, we must invalidate
2505 the corresponding translated code. */
45d679d6 2506 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2507#ifdef DEBUG_TB_CHECK
45d679d6 2508 tb_invalidate_check(addr);
9fa3e853 2509#endif
9fa3e853 2510 }
45d679d6
AJ		 2511 mprotect((void *)g2h(host_start), qemu_host_page_size,
2512 prot & PAGE_BITS);
2513
2514 mmap_unlock();
2515 return 1;
9fa3e853 2516 }
c8a706fe 2517 mmap_unlock();
9fa3e853
FB		 2518 return 0;
2519}
2520
6a00d601
FB		 2521static inline void tlb_set_dirty(CPUState *env,
2522 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2523{
2524}
9fa3e853
FB		 2525#endif /* defined(CONFIG_USER_ONLY) */
2526
e2eef170 2527#if !defined(CONFIG_USER_ONLY)
8da3ff18 2528
c04b2b78
PB		 2529#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2530typedef struct subpage_t {
70c68e44 2531 MemoryRegion iomem;
c04b2b78 2532 target_phys_addr_t base;
5312bd8b 2533 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2534} subpage_t;
2535
c227f099 2536static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b
AK		 2537 uint16_t section);
2538static subpage_t *subpage_init (target_phys_addr_t base, uint16_t *section,
2539 uint16_t orig_section);
db7b5426
BS		 2540#define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2541 need_subpage) \
2542 do { \
2543 if (addr > start_addr) \
2544 start_addr2 = 0; \
2545 else { \
2546 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2547 if (start_addr2 > 0) \
2548 need_subpage = 1; \
2549 } \
2550 \
49e9fba2 2551 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
db7b5426
BS		 2552 end_addr2 = TARGET_PAGE_SIZE - 1; \
2553 else { \
2554 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2555 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2556 need_subpage = 1; \
2557 } \
2558 } while (0)
2559
5312bd8b 2560static void destroy_page_desc(uint16_t section_index)
54688b1e 2561{
5312bd8b
AK		 2562 MemoryRegionSection *section = &phys_sections[section_index];
2563 MemoryRegion *mr = section->mr;
54688b1e
AK		 2564
2565 if (mr->subpage) {
2566 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2567 memory_region_destroy(&subpage->iomem);
2568 g_free(subpage);
2569 }
2570}
2571
4346ae3e 2572static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2573{
2574 unsigned i;
d6f2ea22 2575 PhysPageEntry *p;
54688b1e 2576
d6f2ea22 2577 if (lp->u.node == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2578 return;
2579 }
2580
d6f2ea22 2581 p = phys_map_nodes[lp->u.node];
4346ae3e
AK		 2582 for (i = 0; i < L2_SIZE; ++i) {
2583 if (level > 0) {
54688b1e 2584 destroy_l2_mapping(&p[i], level - 1);
4346ae3e
AK		 2585 } else {
2586 destroy_page_desc(p[i].u.leaf);
54688b1e 2587 }
54688b1e 2588 }
d6f2ea22 2589 lp->u.node = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2590}
2591
2592static void destroy_all_mappings(void)
2593{
3eef53df 2594 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2595 phys_map_nodes_reset();
54688b1e
AK		 2596}
2597
5312bd8b
AK		 2598static uint16_t phys_section_add(MemoryRegionSection *section)
2599{
2600 if (phys_sections_nb == phys_sections_nb_alloc) {
2601 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2602 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2603 phys_sections_nb_alloc);
2604 }
2605 phys_sections[phys_sections_nb] = *section;
2606 return phys_sections_nb++;
2607}
2608
2609static void phys_sections_clear(void)
2610{
2611 phys_sections_nb = 0;
2612}
2613
8f2498f9
MT		 2614/* register physical memory.
2615 For RAM, 'size' must be a multiple of the target page size.
2616 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2617 io memory page. The address used when calling the IO function is
2618 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2619 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2620 before calculating this offset. This should not be a problem unless
2621 the low bits of start_addr and region_offset differ. */
dd81124b 2622void cpu_register_physical_memory_log(MemoryRegionSection *section,
d7ec83e6 2623 bool readonly)
33417e70 2624{
dd81124b
AK		 2625 target_phys_addr_t start_addr = section->offset_within_address_space;
2626 ram_addr_t size = section->size;
c227f099 2627 target_phys_addr_t addr, end_addr;
5312bd8b 2628 uint16_t *p;
9d42037b 2629 CPUState *env;
c227f099 2630 ram_addr_t orig_size = size;
f6405247 2631 subpage_t *subpage;
5312bd8b 2632 uint16_t section_index = phys_section_add(section);
dd81124b 2633
3b8e6a2d 2634 assert(size);
f6f3fbca 2635
5fd386f6 2636 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
c227f099 2637 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2638
2639 addr = start_addr;
2640 do {
f1f6e3b8 2641 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 0);
5312bd8b
AK		 2642 if (p && *p != phys_section_unassigned) {
2643 uint16_t orig_memory= *p;
c227f099 2644 target_phys_addr_t start_addr2, end_addr2;
db7b5426 2645 int need_subpage = 0;
5312bd8b 2646 MemoryRegion *mr = phys_sections[orig_memory].mr;
db7b5426
BS		 2647
2648 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2649 need_subpage);
f6405247 2650 if (need_subpage) {
b3b00c78 2651 if (!(mr->subpage)) {
db7b5426 2652 subpage = subpage_init((addr & TARGET_PAGE_MASK),
5312bd8b 2653 p, orig_memory);
db7b5426 2654 } else {
a621f38d 2655 subpage = container_of(mr, subpage_t, iomem);
db7b5426 2656 }
5312bd8b
AK		 2657 subpage_register(subpage, start_addr2, end_addr2,
2658 section_index);
db7b5426 2659 } else {
5312bd8b 2660 *p = section_index;
db7b5426
BS		 2661 }
2662 } else {
5312bd8b 2663 MemoryRegion *mr = section->mr;
db7b5426 2664 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
5312bd8b
AK		 2665 *p = section_index;
2666 if (!(memory_region_is_ram(mr) || mr->rom_device)) {
c227f099 2667 target_phys_addr_t start_addr2, end_addr2;
db7b5426
BS		 2668 int need_subpage = 0;
2669
2670 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2671 end_addr2, need_subpage);
2672
f6405247 2673 if (need_subpage) {
db7b5426 2674 subpage = subpage_init((addr & TARGET_PAGE_MASK),
5312bd8b 2675 p, phys_section_unassigned);
db7b5426 2676 subpage_register(subpage, start_addr2, end_addr2,
5312bd8b 2677 section_index);
db7b5426
BS		 2678 }
2679 }
2680 }
3b8e6a2d
EI		 2681 addr += TARGET_PAGE_SIZE;
2682 } while (addr != end_addr);
3b46e624 2683
9d42037b
FB		 2684 /* since each CPU stores ram addresses in its TLB cache, we must
2685 reset the modified entries */
2686 /* XXX: slow ! */
2687 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2688 tlb_flush(env, 1);
2689 }
33417e70
FB		 2690}
2691
c227f099 2692void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2693{
2694 if (kvm_enabled())
2695 kvm_coalesce_mmio_region(addr, size);
2696}
2697
c227f099 2698void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2699{
2700 if (kvm_enabled())
2701 kvm_uncoalesce_mmio_region(addr, size);
2702}
2703
62a2744c
SY		 2704void qemu_flush_coalesced_mmio_buffer(void)
2705{
2706 if (kvm_enabled())
2707 kvm_flush_coalesced_mmio_buffer();
2708}
2709
c902760f
MT		 2710#if defined(__linux__) && !defined(TARGET_S390X)
2711
2712#include <sys/vfs.h>
2713
2714#define HUGETLBFS_MAGIC 0x958458f6
2715
2716static long gethugepagesize(const char *path)
2717{
2718 struct statfs fs;
2719 int ret;
2720
2721 do {
9742bf26 2722 ret = statfs(path, &fs);
c902760f
MT		 2723 } while (ret != 0 && errno == EINTR);
2724
2725 if (ret != 0) {
9742bf26
YT		 2726 perror(path);
2727 return 0;
c902760f
MT		 2728 }
2729
2730 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2731 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2732
2733 return fs.f_bsize;
2734}
2735
04b16653
AW		 2736static void *file_ram_alloc(RAMBlock *block,
2737 ram_addr_t memory,
2738 const char *path)
c902760f
MT		 2739{
2740 char *filename;
2741 void *area;
2742 int fd;
2743#ifdef MAP_POPULATE
2744 int flags;
2745#endif
2746 unsigned long hpagesize;
2747
2748 hpagesize = gethugepagesize(path);
2749 if (!hpagesize) {
9742bf26 2750 return NULL;
c902760f
MT		 2751 }
2752
2753 if (memory < hpagesize) {
2754 return NULL;
2755 }
2756
2757 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2758 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2759 return NULL;
2760 }
2761
2762 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2763 return NULL;
c902760f
MT		 2764 }
2765
2766 fd = mkstemp(filename);
2767 if (fd < 0) {
9742bf26
YT		 2768 perror("unable to create backing store for hugepages");
2769 free(filename);
2770 return NULL;
c902760f
MT		 2771 }
2772 unlink(filename);
2773 free(filename);
2774
2775 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2776
2777 /*
2778 * ftruncate is not supported by hugetlbfs in older
2779 * hosts, so don't bother bailing out on errors.
2780 * If anything goes wrong with it under other filesystems,
2781 * mmap will fail.
2782 */
2783 if (ftruncate(fd, memory))
9742bf26 2784 perror("ftruncate");
c902760f
MT		 2785
2786#ifdef MAP_POPULATE
2787 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2788 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2789 * to sidestep this quirk.
2790 */
2791 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2792 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2793#else
2794 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2795#endif
2796 if (area == MAP_FAILED) {
9742bf26
YT		 2797 perror("file_ram_alloc: can't mmap RAM pages");
2798 close(fd);
2799 return (NULL);
c902760f 2800 }
04b16653 2801 block->fd = fd;
c902760f
MT		 2802 return area;
2803}
2804#endif
2805
d17b5288 2806static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2807{
2808 RAMBlock *block, *next_block;
3e837b2c 2809 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2810
2811 if (QLIST_EMPTY(&ram_list.blocks))
2812 return 0;
2813
2814 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2815 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2816
2817 end = block->offset + block->length;
2818
2819 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2820 if (next_block->offset >= end) {
2821 next = MIN(next, next_block->offset);
2822 }
2823 }
2824 if (next - end >= size && next - end < mingap) {
3e837b2c 2825 offset = end;
04b16653
AW		 2826 mingap = next - end;
2827 }
2828 }
3e837b2c
AW		 2829
2830 if (offset == RAM_ADDR_MAX) {
2831 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2832 (uint64_t)size);
2833 abort();
2834 }
2835
04b16653
AW		 2836 return offset;
2837}
2838
2839static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2840{
2841 RAMBlock *block;
2842 ram_addr_t last = 0;
2843
2844 QLIST_FOREACH(block, &ram_list.blocks, next)
2845 last = MAX(last, block->offset + block->length);
2846
2847 return last;
2848}
2849
c5705a77 2850void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2851{
2852 RAMBlock *new_block, *block;
2853
c5705a77
AK		 2854 new_block = NULL;
2855 QLIST_FOREACH(block, &ram_list.blocks, next) {
2856 if (block->offset == addr) {
2857 new_block = block;
2858 break;
2859 }
2860 }
2861 assert(new_block);
2862 assert(!new_block->idstr[0]);
84b89d78
CM		 2863
2864 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2865 char *id = dev->parent_bus->info->get_dev_path(dev);
2866 if (id) {
2867 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2868 g_free(id);
84b89d78
CM		 2869 }
2870 }
2871 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2872
2873 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2874 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2875 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2876 new_block->idstr);
2877 abort();
2878 }
2879 }
c5705a77
AK		 2880}
2881
2882ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2883 MemoryRegion *mr)
2884{
2885 RAMBlock *new_block;
2886
2887 size = TARGET_PAGE_ALIGN(size);
2888 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2889
7c637366 2890 new_block->mr = mr;
432d268c 2891 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2892 if (host) {
2893 new_block->host = host;
cd19cfa2 2894 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2895 } else {
2896 if (mem_path) {
c902760f 2897#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2898 new_block->host = file_ram_alloc(new_block, size, mem_path);
2899 if (!new_block->host) {
2900 new_block->host = qemu_vmalloc(size);
e78815a5 2901 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2902 }
c902760f 2903#else
6977dfe6
YT		 2904 fprintf(stderr, "-mem-path option unsupported\n");
2905 exit(1);
c902760f 2906#endif
6977dfe6 2907 } else {
6b02494d 2908#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2909 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2910 an system defined value, which is at least 256GB. Larger systems
2911 have larger values. We put the guest between the end of data
2912 segment (system break) and this value. We use 32GB as a base to
2913 have enough room for the system break to grow. */
2914 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2915 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2916 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2917 if (new_block->host == MAP_FAILED) {
2918 fprintf(stderr, "Allocating RAM failed\n");
2919 abort();
2920 }
6b02494d 2921#else
868bb33f 2922 if (xen_enabled()) {
fce537d4 2923 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2924 } else {
2925 new_block->host = qemu_vmalloc(size);
2926 }
6b02494d 2927#endif
e78815a5 2928 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2929 }
c902760f 2930 }
94a6b54f
PB		 2931 new_block->length = size;
2932
f471a17e 2933 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2934
7267c094 2935 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2936 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2937 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2938 0xff, size >> TARGET_PAGE_BITS);
2939
6f0437e8
JK		 2940 if (kvm_enabled())
2941 kvm_setup_guest_memory(new_block->host, size);
2942
94a6b54f
PB		 2943 return new_block->offset;
2944}
e9a1ab19 2945
c5705a77 2946ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2947{
c5705a77 2948 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2949}
2950
1f2e98b6
AW		 2951void qemu_ram_free_from_ptr(ram_addr_t addr)
2952{
2953 RAMBlock *block;
2954
2955 QLIST_FOREACH(block, &ram_list.blocks, next) {
2956 if (addr == block->offset) {
2957 QLIST_REMOVE(block, next);
7267c094 2958 g_free(block);
1f2e98b6
AW		 2959 return;
2960 }
2961 }
2962}
2963
c227f099 2964void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2965{
04b16653
AW		 2966 RAMBlock *block;
2967
2968 QLIST_FOREACH(block, &ram_list.blocks, next) {
2969 if (addr == block->offset) {
2970 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2971 if (block->flags & RAM_PREALLOC_MASK) {
2972 ;
2973 } else if (mem_path) {
04b16653
AW		 2974#if defined (__linux__) && !defined(TARGET_S390X)
2975 if (block->fd) {
2976 munmap(block->host, block->length);
2977 close(block->fd);
2978 } else {
2979 qemu_vfree(block->host);
2980 }
fd28aa13
JK		 2981#else
2982 abort();
04b16653
AW		 2983#endif
2984 } else {
2985#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2986 munmap(block->host, block->length);
2987#else
868bb33f 2988 if (xen_enabled()) {
e41d7c69 2989 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2990 } else {
2991 qemu_vfree(block->host);
2992 }
04b16653
AW		 2993#endif
2994 }
7267c094 2995 g_free(block);
04b16653
AW		 2996 return;
2997 }
2998 }
2999
e9a1ab19
FB		 3000}
3001
cd19cfa2
HY		 3002#ifndef _WIN32
3003void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3004{
3005 RAMBlock *block;
3006 ram_addr_t offset;
3007 int flags;
3008 void *area, *vaddr;
3009
3010 QLIST_FOREACH(block, &ram_list.blocks, next) {
3011 offset = addr - block->offset;
3012 if (offset < block->length) {
3013 vaddr = block->host + offset;
3014 if (block->flags & RAM_PREALLOC_MASK) {
3015 ;
3016 } else {
3017 flags = MAP_FIXED;
3018 munmap(vaddr, length);
3019 if (mem_path) {
3020#if defined(__linux__) && !defined(TARGET_S390X)
3021 if (block->fd) {
3022#ifdef MAP_POPULATE
3023 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3024 MAP_PRIVATE;
3025#else
3026 flags |= MAP_PRIVATE;
3027#endif
3028 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3029 flags, block->fd, offset);
3030 } else {
3031 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3032 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3033 flags, -1, 0);
3034 }
fd28aa13
JK		 3035#else
3036 abort();
cd19cfa2
HY		 3037#endif
3038 } else {
3039#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3040 flags |= MAP_SHARED | MAP_ANONYMOUS;
3041 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3042 flags, -1, 0);
3043#else
3044 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3045 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3046 flags, -1, 0);
3047#endif
3048 }
3049 if (area != vaddr) {
f15fbc4b
AP		 3050 fprintf(stderr, "Could not remap addr: "
3051 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3052 length, addr);
3053 exit(1);
3054 }
3055 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3056 }
3057 return;
3058 }
3059 }
3060}
3061#endif /* !_WIN32 */
3062
dc828ca1 3063/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3064 With the exception of the softmmu code in this file, this should
3065 only be used for local memory (e.g. video ram) that the device owns,
3066 and knows it isn't going to access beyond the end of the block.
3067
3068 It should not be used for general purpose DMA.
3069 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3070 */
c227f099 3071void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3072{
94a6b54f
PB		 3073 RAMBlock *block;
3074
f471a17e
AW		 3075 QLIST_FOREACH(block, &ram_list.blocks, next) {
3076 if (addr - block->offset < block->length) {
7d82af38
VP		 3077 /* Move this entry to to start of the list. */
3078 if (block != QLIST_FIRST(&ram_list.blocks)) {
3079 QLIST_REMOVE(block, next);
3080 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3081 }
868bb33f 3082 if (xen_enabled()) {
432d268c
JN		 3083 /* We need to check if the requested address is in the RAM
3084 * because we don't want to map the entire memory in QEMU.
712c2b41 3085 * In that case just map until the end of the page.
432d268c
JN		 3086 */
3087 if (block->offset == 0) {
e41d7c69 3088 return xen_map_cache(addr, 0, 0);
432d268c 3089 } else if (block->host == NULL) {
e41d7c69
JK		 3090 block->host =
3091 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3092 }
3093 }
f471a17e
AW		 3094 return block->host + (addr - block->offset);
3095 }
94a6b54f 3096 }
f471a17e
AW		 3097
3098 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3099 abort();
3100
3101 return NULL;
dc828ca1
PB		 3102}
3103
b2e0a138
MT		 3104/* Return a host pointer to ram allocated with qemu_ram_alloc.
3105 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3106 */
3107void *qemu_safe_ram_ptr(ram_addr_t addr)
3108{
3109 RAMBlock *block;
3110
3111 QLIST_FOREACH(block, &ram_list.blocks, next) {
3112 if (addr - block->offset < block->length) {
868bb33f 3113 if (xen_enabled()) {
432d268c
JN		 3114 /* We need to check if the requested address is in the RAM
3115 * because we don't want to map the entire memory in QEMU.
712c2b41 3116 * In that case just map until the end of the page.
432d268c
JN		 3117 */
3118 if (block->offset == 0) {
e41d7c69 3119 return xen_map_cache(addr, 0, 0);
432d268c 3120 } else if (block->host == NULL) {
e41d7c69
JK		 3121 block->host =
3122 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3123 }
3124 }
b2e0a138
MT		 3125 return block->host + (addr - block->offset);
3126 }
3127 }
3128
3129 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3130 abort();
3131
3132 return NULL;
3133}
3134
38bee5dc
SS		 3135/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3136 * but takes a size argument */
8ab934f9 3137void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3138{
8ab934f9
SS		 3139 if (*size == 0) {
3140 return NULL;
3141 }
868bb33f 3142 if (xen_enabled()) {
e41d7c69 3143 return xen_map_cache(addr, *size, 1);
868bb33f 3144 } else {
38bee5dc
SS		 3145 RAMBlock *block;
3146
3147 QLIST_FOREACH(block, &ram_list.blocks, next) {
3148 if (addr - block->offset < block->length) {
3149 if (addr - block->offset + *size > block->length)
3150 *size = block->length - addr + block->offset;
3151 return block->host + (addr - block->offset);
3152 }
3153 }
3154
3155 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3156 abort();
38bee5dc
SS		 3157 }
3158}
3159
050a0ddf
AP		 3160void qemu_put_ram_ptr(void *addr)
3161{
3162 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3163}
3164
e890261f 3165int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3166{
94a6b54f
PB		 3167 RAMBlock *block;
3168 uint8_t *host = ptr;
3169
868bb33f 3170 if (xen_enabled()) {
e41d7c69 3171 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3172 return 0;
3173 }
3174
f471a17e 3175 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3176 /* This case append when the block is not mapped. */
3177 if (block->host == NULL) {
3178 continue;
3179 }
f471a17e 3180 if (host - block->host < block->length) {
e890261f
MT		 3181 *ram_addr = block->offset + (host - block->host);
3182 return 0;
f471a17e 3183 }
94a6b54f 3184 }
432d268c 3185
e890261f
MT		 3186 return -1;
3187}
f471a17e 3188
e890261f
MT		 3189/* Some of the softmmu routines need to translate from a host pointer
3190 (typically a TLB entry) back to a ram offset. */
3191ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3192{
3193 ram_addr_t ram_addr;
f471a17e 3194
e890261f
MT		 3195 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3196 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3197 abort();
3198 }
3199 return ram_addr;
5579c7f3
PB		 3200}
3201
0e0df1e2
AK		 3202static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3203 unsigned size)
e18231a3
BS		 3204{
3205#ifdef DEBUG_UNASSIGNED
3206 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3207#endif
5b450407 3208#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3209 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3210#endif
3211 return 0;
3212}
3213
0e0df1e2
AK		 3214static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3215 uint64_t val, unsigned size)
e18231a3
BS		 3216{
3217#ifdef DEBUG_UNASSIGNED
0e0df1e2 3218 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3219#endif
5b450407 3220#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3221 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3222#endif
33417e70
FB		 3223}
3224
0e0df1e2
AK		 3225static const MemoryRegionOps unassigned_mem_ops = {
3226 .read = unassigned_mem_read,
3227 .write = unassigned_mem_write,
3228 .endianness = DEVICE_NATIVE_ENDIAN,
3229};
e18231a3 3230
0e0df1e2
AK		 3231static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3232 unsigned size)
e18231a3 3233{
0e0df1e2 3234 abort();
e18231a3
BS		 3235}
3236
0e0df1e2
AK		 3237static void error_mem_write(void *opaque, target_phys_addr_t addr,
3238 uint64_t value, unsigned size)
e18231a3 3239{
0e0df1e2 3240 abort();
33417e70
FB		 3241}
3242
0e0df1e2
AK		 3243static const MemoryRegionOps error_mem_ops = {
3244 .read = error_mem_read,
3245 .write = error_mem_write,
3246 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3247};
3248
0e0df1e2
AK		 3249static const MemoryRegionOps rom_mem_ops = {
3250 .read = error_mem_read,
3251 .write = unassigned_mem_write,
3252 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3253};
3254
0e0df1e2
AK		 3255static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3256 uint64_t val, unsigned size)
9fa3e853 3257{
3a7d929e 3258 int dirty_flags;
f7c11b53 3259 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3260 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3261#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3262 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3263 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3264#endif
3a7d929e 3265 }
0e0df1e2
AK		 3266 switch (size) {
3267 case 1:
3268 stb_p(qemu_get_ram_ptr(ram_addr), val);
3269 break;
3270 case 2:
3271 stw_p(qemu_get_ram_ptr(ram_addr), val);
3272 break;
3273 case 4:
3274 stl_p(qemu_get_ram_ptr(ram_addr), val);
3275 break;
3276 default:
3277 abort();
3a7d929e 3278 }
f23db169 3279 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3280 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3281 /* we remove the notdirty callback only if the code has been
3282 flushed */
3283 if (dirty_flags == 0xff)
2e70f6ef 3284 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3285}
3286
0e0df1e2
AK		 3287static const MemoryRegionOps notdirty_mem_ops = {
3288 .read = error_mem_read,
3289 .write = notdirty_mem_write,
3290 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3291};
3292
0f459d16 3293/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3294static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3295{
3296 CPUState *env = cpu_single_env;
06d55cc1
AL		 3297 target_ulong pc, cs_base;
3298 TranslationBlock *tb;
0f459d16 3299 target_ulong vaddr;
a1d1bb31 3300 CPUWatchpoint *wp;
06d55cc1 3301 int cpu_flags;
0f459d16 3302
06d55cc1
AL		 3303 if (env->watchpoint_hit) {
3304 /* We re-entered the check after replacing the TB. Now raise
3305 * the debug interrupt so that is will trigger after the
3306 * current instruction. */
3307 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3308 return;
3309 }
2e70f6ef 3310 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3311 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3312 if ((vaddr == (wp->vaddr & len_mask) ||
3313 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3314 wp->flags |= BP_WATCHPOINT_HIT;
3315 if (!env->watchpoint_hit) {
3316 env->watchpoint_hit = wp;
3317 tb = tb_find_pc(env->mem_io_pc);
3318 if (!tb) {
3319 cpu_abort(env, "check_watchpoint: could not find TB for "
3320 "pc=%p", (void *)env->mem_io_pc);
3321 }
618ba8e6 3322 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3323 tb_phys_invalidate(tb, -1);
3324 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3325 env->exception_index = EXCP_DEBUG;
3326 } else {
3327 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3328 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3329 }
3330 cpu_resume_from_signal(env, NULL);
06d55cc1 3331 }
6e140f28
AL		 3332 } else {
3333 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3334 }
3335 }
3336}
3337
6658ffb8
PB		 3338/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3339 so these check for a hit then pass through to the normal out-of-line
3340 phys routines. */
1ec9b909
AK		 3341static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3342 unsigned size)
6658ffb8 3343{
1ec9b909
AK		 3344 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3345 switch (size) {
3346 case 1: return ldub_phys(addr);
3347 case 2: return lduw_phys(addr);
3348 case 4: return ldl_phys(addr);
3349 default: abort();
3350 }
6658ffb8
PB		 3351}
3352
1ec9b909
AK		 3353static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3354 uint64_t val, unsigned size)
6658ffb8 3355{
1ec9b909
AK		 3356 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3357 switch (size) {
3358 case 1: stb_phys(addr, val);
3359 case 2: stw_phys(addr, val);
3360 case 4: stl_phys(addr, val);
3361 default: abort();
3362 }
6658ffb8
PB		 3363}
3364
1ec9b909
AK		 3365static const MemoryRegionOps watch_mem_ops = {
3366 .read = watch_mem_read,
3367 .write = watch_mem_write,
3368 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3369};
6658ffb8 3370
70c68e44
AK		 3371static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3372 unsigned len)
db7b5426 3373{
70c68e44 3374 subpage_t *mmio = opaque;
f6405247 3375 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3376 MemoryRegionSection *section;
db7b5426
BS		 3377#if defined(DEBUG_SUBPAGE)
3378 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3379 mmio, len, addr, idx);
3380#endif
db7b5426 3381
5312bd8b
AK		 3382 section = &phys_sections[mmio->sub_section[idx]];
3383 addr += mmio->base;
3384 addr -= section->offset_within_address_space;
3385 addr += section->offset_within_region;
3386 return io_mem_read(section->mr->ram_addr, addr, len);
db7b5426
BS		 3387}
3388
70c68e44
AK		 3389static void subpage_write(void *opaque, target_phys_addr_t addr,
3390 uint64_t value, unsigned len)
db7b5426 3391{
70c68e44 3392 subpage_t *mmio = opaque;
f6405247 3393 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3394 MemoryRegionSection *section;
db7b5426 3395#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3396 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3397 " idx %d value %"PRIx64"\n",
f6405247 3398 __func__, mmio, len, addr, idx, value);
db7b5426 3399#endif
f6405247 3400
5312bd8b
AK		 3401 section = &phys_sections[mmio->sub_section[idx]];
3402 addr += mmio->base;
3403 addr -= section->offset_within_address_space;
3404 addr += section->offset_within_region;
3405 io_mem_write(section->mr->ram_addr, addr, value, len);
db7b5426
BS		 3406}
3407
70c68e44
AK		 3408static const MemoryRegionOps subpage_ops = {
3409 .read = subpage_read,
3410 .write = subpage_write,
3411 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3412};
3413
de712f94
AK		 3414static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3415 unsigned size)
56384e8b
AF		 3416{
3417 ram_addr_t raddr = addr;
3418 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3419 switch (size) {
3420 case 1: return ldub_p(ptr);
3421 case 2: return lduw_p(ptr);
3422 case 4: return ldl_p(ptr);
3423 default: abort();
3424 }
56384e8b
AF		 3425}
3426
de712f94
AK		 3427static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3428 uint64_t value, unsigned size)
56384e8b
AF		 3429{
3430 ram_addr_t raddr = addr;
3431 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3432 switch (size) {
3433 case 1: return stb_p(ptr, value);
3434 case 2: return stw_p(ptr, value);
3435 case 4: return stl_p(ptr, value);
3436 default: abort();
3437 }
56384e8b
AF		 3438}
3439
de712f94
AK		 3440static const MemoryRegionOps subpage_ram_ops = {
3441 .read = subpage_ram_read,
3442 .write = subpage_ram_write,
3443 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3444};
3445
c227f099 3446static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3447 uint16_t section)
db7b5426
BS		 3448{
3449 int idx, eidx;
3450
3451 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3452 return -1;
3453 idx = SUBPAGE_IDX(start);
3454 eidx = SUBPAGE_IDX(end);
3455#if defined(DEBUG_SUBPAGE)
0bf9e31a 3456 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3457 mmio, start, end, idx, eidx, memory);
3458#endif
5312bd8b
AK		 3459 if (memory_region_is_ram(phys_sections[section].mr)) {
3460 MemoryRegionSection new_section = phys_sections[section];
3461 new_section.mr = &io_mem_subpage_ram;
3462 section = phys_section_add(&new_section);
56384e8b 3463 }
db7b5426 3464 for (; idx <= eidx; idx++) {
5312bd8b 3465 mmio->sub_section[idx] = section;
db7b5426
BS		 3466 }
3467
3468 return 0;
3469}
3470
5312bd8b
AK		 3471static subpage_t *subpage_init (target_phys_addr_t base, uint16_t *section_ind,
3472 uint16_t orig_section)
db7b5426 3473{
c227f099 3474 subpage_t *mmio;
5312bd8b
AK		 3475 MemoryRegionSection section = {
3476 .offset_within_address_space = base,
3477 .size = TARGET_PAGE_SIZE,
3478 };
db7b5426 3479
7267c094 3480 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3481
3482 mmio->base = base;
70c68e44
AK		 3483 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3484 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3485 mmio->iomem.subpage = true;
5312bd8b 3486 section.mr = &mmio->iomem;
db7b5426 3487#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3488 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3489 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3490#endif
5312bd8b
AK		 3491 *section_ind = phys_section_add(&section);
3492 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_section);
db7b5426
BS		 3493
3494 return mmio;
3495}
3496
88715657
AL		 3497static int get_free_io_mem_idx(void)
3498{
3499 int i;
3500
3501 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3502 if (!io_mem_used[i]) {
3503 io_mem_used[i] = 1;
3504 return i;
3505 }
c6703b47 3506 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3507 return -1;
3508}
3509
33417e70
FB		 3510/* mem_read and mem_write are arrays of functions containing the
3511 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3512 2). Functions can be omitted with a NULL function pointer.
3ee89922 3513 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3514 modified. If it is zero, a new io zone is allocated. The return
3515 value can be used with cpu_register_physical_memory(). (-1) is
3516 returned if error. */
a621f38d 3517static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3518{
33417e70 3519 if (io_index <= 0) {
88715657
AL		 3520 io_index = get_free_io_mem_idx();
3521 if (io_index == -1)
3522 return io_index;
33417e70
FB		 3523 } else {
3524 if (io_index >= IO_MEM_NB_ENTRIES)
3525 return -1;
3526 }
b5ff1b31 3527
a621f38d 3528 io_mem_region[io_index] = mr;
f6405247 3529
11c7ef0c 3530 return io_index;
33417e70 3531}
61382a50 3532
a621f38d 3533int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3534{
a621f38d 3535 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3536}
3537
11c7ef0c 3538void cpu_unregister_io_memory(int io_index)
88715657 3539{
a621f38d 3540 io_mem_region[io_index] = NULL;
88715657
AL		 3541 io_mem_used[io_index] = 0;
3542}
3543
5312bd8b
AK		 3544static uint16_t dummy_section(MemoryRegion *mr)
3545{
3546 MemoryRegionSection section = {
3547 .mr = mr,
3548 .offset_within_address_space = 0,
3549 .offset_within_region = 0,
3550 .size = UINT64_MAX,
3551 };
3552
3553 return phys_section_add(&section);
3554}
3555
e9179ce1
AK		 3556static void io_mem_init(void)
3557{
3558 int i;
3559
0e0df1e2
AK		 3560 /* Must be first: */
3561 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3562 assert(io_mem_ram.ram_addr == 0);
3563 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3564 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3565 "unassigned", UINT64_MAX);
3566 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3567 "notdirty", UINT64_MAX);
de712f94
AK		 3568 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3569 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3570 for (i=0; i<5; i++)
3571 io_mem_used[i] = 1;
3572
1ec9b909
AK		 3573 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3574 "watch", UINT64_MAX);
e9179ce1
AK		 3575}
3576
50c1e149
AK		 3577static void core_begin(MemoryListener *listener)
3578{
54688b1e 3579 destroy_all_mappings();
5312bd8b 3580 phys_sections_clear();
d6f2ea22 3581 phys_map.u.node = PHYS_MAP_NODE_NIL;
5312bd8b 3582 phys_section_unassigned = dummy_section(&io_mem_unassigned);
50c1e149
AK		 3583}
3584
3585static void core_commit(MemoryListener *listener)
3586{
3587}
3588
93632747
AK		 3589static void core_region_add(MemoryListener *listener,
3590 MemoryRegionSection *section)
3591{
4855d41a 3592 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3593}
3594
3595static void core_region_del(MemoryListener *listener,
3596 MemoryRegionSection *section)
3597{
93632747
AK		 3598}
3599
50c1e149
AK		 3600static void core_region_nop(MemoryListener *listener,
3601 MemoryRegionSection *section)
3602{
54688b1e 3603 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3604}
3605
93632747
AK		 3606static void core_log_start(MemoryListener *listener,
3607 MemoryRegionSection *section)
3608{
3609}
3610
3611static void core_log_stop(MemoryListener *listener,
3612 MemoryRegionSection *section)
3613{
3614}
3615
3616static void core_log_sync(MemoryListener *listener,
3617 MemoryRegionSection *section)
3618{
3619}
3620
3621static void core_log_global_start(MemoryListener *listener)
3622{
3623 cpu_physical_memory_set_dirty_tracking(1);
3624}
3625
3626static void core_log_global_stop(MemoryListener *listener)
3627{
3628 cpu_physical_memory_set_dirty_tracking(0);
3629}
3630
3631static void core_eventfd_add(MemoryListener *listener,
3632 MemoryRegionSection *section,
3633 bool match_data, uint64_t data, int fd)
3634{
3635}
3636
3637static void core_eventfd_del(MemoryListener *listener,
3638 MemoryRegionSection *section,
3639 bool match_data, uint64_t data, int fd)
3640{
3641}
3642
50c1e149
AK		 3643static void io_begin(MemoryListener *listener)
3644{
3645}
3646
3647static void io_commit(MemoryListener *listener)
3648{
3649}
3650
4855d41a
AK		 3651static void io_region_add(MemoryListener *listener,
3652 MemoryRegionSection *section)
3653{
3654 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3655 section->offset_within_address_space, section->size);
3656 ioport_register(&section->mr->iorange);
3657}
3658
3659static void io_region_del(MemoryListener *listener,
3660 MemoryRegionSection *section)
3661{
3662 isa_unassign_ioport(section->offset_within_address_space, section->size);
3663}
3664
50c1e149
AK		 3665static void io_region_nop(MemoryListener *listener,
3666 MemoryRegionSection *section)
3667{
3668}
3669
4855d41a
AK		 3670static void io_log_start(MemoryListener *listener,
3671 MemoryRegionSection *section)
3672{
3673}
3674
3675static void io_log_stop(MemoryListener *listener,
3676 MemoryRegionSection *section)
3677{
3678}
3679
3680static void io_log_sync(MemoryListener *listener,
3681 MemoryRegionSection *section)
3682{
3683}
3684
3685static void io_log_global_start(MemoryListener *listener)
3686{
3687}
3688
3689static void io_log_global_stop(MemoryListener *listener)
3690{
3691}
3692
3693static void io_eventfd_add(MemoryListener *listener,
3694 MemoryRegionSection *section,
3695 bool match_data, uint64_t data, int fd)
3696{
3697}
3698
3699static void io_eventfd_del(MemoryListener *listener,
3700 MemoryRegionSection *section,
3701 bool match_data, uint64_t data, int fd)
3702{
3703}
3704
93632747 3705static MemoryListener core_memory_listener = {
50c1e149
AK		 3706 .begin = core_begin,
3707 .commit = core_commit,
93632747
AK		 3708 .region_add = core_region_add,
3709 .region_del = core_region_del,
50c1e149 3710 .region_nop = core_region_nop,
93632747
AK		 3711 .log_start = core_log_start,
3712 .log_stop = core_log_stop,
3713 .log_sync = core_log_sync,
3714 .log_global_start = core_log_global_start,
3715 .log_global_stop = core_log_global_stop,
3716 .eventfd_add = core_eventfd_add,
3717 .eventfd_del = core_eventfd_del,
3718 .priority = 0,
3719};
3720
4855d41a 3721static MemoryListener io_memory_listener = {
50c1e149
AK		 3722 .begin = io_begin,
3723 .commit = io_commit,
4855d41a
AK		 3724 .region_add = io_region_add,
3725 .region_del = io_region_del,
50c1e149 3726 .region_nop = io_region_nop,
4855d41a
AK		 3727 .log_start = io_log_start,
3728 .log_stop = io_log_stop,
3729 .log_sync = io_log_sync,
3730 .log_global_start = io_log_global_start,
3731 .log_global_stop = io_log_global_stop,
3732 .eventfd_add = io_eventfd_add,
3733 .eventfd_del = io_eventfd_del,
3734 .priority = 0,
3735};
3736
62152b8a
AK		 3737static void memory_map_init(void)
3738{
7267c094 3739 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3740 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3741 set_system_memory_map(system_memory);
309cb471 3742
7267c094 3743 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3744 memory_region_init(system_io, "io", 65536);
3745 set_system_io_map(system_io);
93632747 3746
4855d41a
AK		 3747 memory_listener_register(&core_memory_listener, system_memory);
3748 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3749}
3750
3751MemoryRegion *get_system_memory(void)
3752{
3753 return system_memory;
3754}
3755
309cb471
AK		 3756MemoryRegion *get_system_io(void)
3757{
3758 return system_io;
3759}
3760
e2eef170
PB		 3761#endif /* !defined(CONFIG_USER_ONLY) */
3762
13eb76e0
FB		 3763/* physical memory access (slow version, mainly for debug) */
3764#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3765int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3766 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3767{
3768 int l, flags;
3769 target_ulong page;
53a5960a 3770 void * p;
13eb76e0
FB		 3771
3772 while (len > 0) {
3773 page = addr & TARGET_PAGE_MASK;
3774 l = (page + TARGET_PAGE_SIZE) - addr;
3775 if (l > len)
3776 l = len;
3777 flags = page_get_flags(page);
3778 if (!(flags & PAGE_VALID))
a68fe89c 3779 return -1;
13eb76e0
FB		 3780 if (is_write) {
3781 if (!(flags & PAGE_WRITE))
a68fe89c 3782 return -1;
579a97f7 3783 /* XXX: this code should not depend on lock_user */
72fb7daa 3784 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3785 return -1;
72fb7daa
AJ		 3786 memcpy(p, buf, l);
3787 unlock_user(p, addr, l);
13eb76e0
FB		 3788 } else {
3789 if (!(flags & PAGE_READ))
a68fe89c 3790 return -1;
579a97f7 3791 /* XXX: this code should not depend on lock_user */
72fb7daa 3792 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3793 return -1;
72fb7daa 3794 memcpy(buf, p, l);
5b257578 3795 unlock_user(p, addr, 0);
13eb76e0
FB		 3796 }
3797 len -= l;
3798 buf += l;
3799 addr += l;
3800 }
a68fe89c 3801 return 0;
13eb76e0 3802}
8df1cd07 3803
13eb76e0 3804#else
c227f099 3805void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3806 int len, int is_write)
3807{
3808 int l, io_index;
3809 uint8_t *ptr;
3810 uint32_t val;
c227f099 3811 target_phys_addr_t page;
8ca5692d 3812 ram_addr_t pd;
f1f6e3b8 3813 PhysPageDesc p;
3b46e624 3814
13eb76e0
FB		 3815 while (len > 0) {
3816 page = addr & TARGET_PAGE_MASK;
3817 l = (page + TARGET_PAGE_SIZE) - addr;
3818 if (l > len)
3819 l = len;
92e873b9 3820 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3821 pd = p.phys_offset;
3b46e624 3822
13eb76e0 3823 if (is_write) {
0e0df1e2 3824 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
f1f6e3b8 3825 target_phys_addr_t addr1;
11c7ef0c 3826 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3827 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6a00d601
FB		 3828 /* XXX: could force cpu_single_env to NULL to avoid
3829 potential bugs */
6c2934db 3830 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3831 /* 32 bit write access */
c27004ec 3832 val = ldl_p(buf);
acbbec5d 3833 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3834 l = 4;
6c2934db 3835 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3836 /* 16 bit write access */
c27004ec 3837 val = lduw_p(buf);
acbbec5d 3838 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3839 l = 2;
3840 } else {
1c213d19 3841 /* 8 bit write access */
c27004ec 3842 val = ldub_p(buf);
acbbec5d 3843 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3844 l = 1;
3845 }
3846 } else {
8ca5692d 3847 ram_addr_t addr1;
b448f2f3 3848 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
13eb76e0 3849 /* RAM case */
5579c7f3 3850 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3851 memcpy(ptr, buf, l);
3a7d929e
FB		 3852 if (!cpu_physical_memory_is_dirty(addr1)) {
3853 /* invalidate code */
3854 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3855 /* set dirty bit */
f7c11b53
YT		 3856 cpu_physical_memory_set_dirty_flags(
3857 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3858 }
050a0ddf 3859 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3860 }
3861 } else {
1d393fa2 3862 if (!is_ram_rom_romd(pd)) {
f1f6e3b8 3863 target_phys_addr_t addr1;
13eb76e0 3864 /* I/O case */
11c7ef0c 3865 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 3866 addr1 = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
6c2934db 3867 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3868 /* 32 bit read access */
acbbec5d 3869 val = io_mem_read(io_index, addr1, 4);
c27004ec 3870 stl_p(buf, val);
13eb76e0 3871 l = 4;
6c2934db 3872 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3873 /* 16 bit read access */
acbbec5d 3874 val = io_mem_read(io_index, addr1, 2);
c27004ec 3875 stw_p(buf, val);
13eb76e0
FB		 3876 l = 2;
3877 } else {
1c213d19 3878 /* 8 bit read access */
acbbec5d 3879 val = io_mem_read(io_index, addr1, 1);
c27004ec 3880 stb_p(buf, val);
13eb76e0
FB		 3881 l = 1;
3882 }
3883 } else {
3884 /* RAM case */
050a0ddf
AP		 3885 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
3886 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3887 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3888 }
3889 }
3890 len -= l;
3891 buf += l;
3892 addr += l;
3893 }
3894}
8df1cd07 3895
d0ecd2aa 3896/* used for ROM loading : can write in RAM and ROM */
c227f099 3897void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3898 const uint8_t *buf, int len)
3899{
3900 int l;
3901 uint8_t *ptr;
c227f099 3902 target_phys_addr_t page;
d0ecd2aa 3903 unsigned long pd;
f1f6e3b8 3904 PhysPageDesc p;
3b46e624 3905
d0ecd2aa
FB		 3906 while (len > 0) {
3907 page = addr & TARGET_PAGE_MASK;
3908 l = (page + TARGET_PAGE_SIZE) - addr;
3909 if (l > len)
3910 l = len;
3911 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 3912 pd = p.phys_offset;
3b46e624 3913
1d393fa2 3914 if (!is_ram_rom_romd(pd)) {
d0ecd2aa
FB		 3915 /* do nothing */
3916 } else {
3917 unsigned long addr1;
3918 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
3919 /* ROM/RAM case */
5579c7f3 3920 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3921 memcpy(ptr, buf, l);
050a0ddf 3922 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3923 }
3924 len -= l;
3925 buf += l;
3926 addr += l;
3927 }
3928}
3929
6d16c2f8
AL		 3930typedef struct {
3931 void *buffer;
c227f099
AL		 3932 target_phys_addr_t addr;
3933 target_phys_addr_t len;
6d16c2f8
AL		 3934} BounceBuffer;
3935
3936static BounceBuffer bounce;
3937
ba223c29
AL		 3938typedef struct MapClient {
3939 void *opaque;
3940 void (*callback)(void *opaque);
72cf2d4f 3941 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3942} MapClient;
3943
72cf2d4f
BS		 3944static QLIST_HEAD(map_client_list, MapClient) map_client_list
3945 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3946
3947void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3948{
7267c094 3949 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3950
3951 client->opaque = opaque;
3952 client->callback = callback;
72cf2d4f 3953 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3954 return client;
3955}
3956
3957void cpu_unregister_map_client(void *_client)
3958{
3959 MapClient *client = (MapClient *)_client;
3960
72cf2d4f 3961 QLIST_REMOVE(client, link);
7267c094 3962 g_free(client);
ba223c29
AL		 3963}
3964
3965static void cpu_notify_map_clients(void)
3966{
3967 MapClient *client;
3968
72cf2d4f
BS		 3969 while (!QLIST_EMPTY(&map_client_list)) {
3970 client = QLIST_FIRST(&map_client_list);
ba223c29 3971 client->callback(client->opaque);
34d5e948 3972 cpu_unregister_map_client(client);
ba223c29
AL		 3973 }
3974}
3975
6d16c2f8
AL		 3976/* Map a physical memory region into a host virtual address.
3977 * May map a subset of the requested range, given by and returned in *plen.
3978 * May return NULL if resources needed to perform the mapping are exhausted.
3979 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3980 * Use cpu_register_map_client() to know when retrying the map operation is
3981 * likely to succeed.
6d16c2f8 3982 */
c227f099
AL		 3983void *cpu_physical_memory_map(target_phys_addr_t addr,
3984 target_phys_addr_t *plen,
6d16c2f8
AL		 3985 int is_write)
3986{
c227f099 3987 target_phys_addr_t len = *plen;
38bee5dc 3988 target_phys_addr_t todo = 0;
6d16c2f8 3989 int l;
c227f099 3990 target_phys_addr_t page;
6d16c2f8 3991 unsigned long pd;
f1f6e3b8 3992 PhysPageDesc p;
f15fbc4b 3993 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3994 ram_addr_t rlen;
3995 void *ret;
6d16c2f8
AL		 3996
3997 while (len > 0) {
3998 page = addr & TARGET_PAGE_MASK;
3999 l = (page + TARGET_PAGE_SIZE) - addr;
4000 if (l > len)
4001 l = len;
4002 p = phys_page_find(page >> TARGET_PAGE_BITS);
f1f6e3b8 4003 pd = p.phys_offset;
6d16c2f8 4004
0e0df1e2 4005 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
38bee5dc 4006 if (todo || bounce.buffer) {
6d16c2f8
AL		 4007 break;
4008 }
4009 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4010 bounce.addr = addr;
4011 bounce.len = l;
4012 if (!is_write) {
54f7b4a3 4013 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 4014 }
38bee5dc
SS		 4015
4016 *plen = l;
4017 return bounce.buffer;
6d16c2f8 4018 }
8ab934f9
SS		 4019 if (!todo) {
4020 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4021 }
6d16c2f8
AL		 4022
4023 len -= l;
4024 addr += l;
38bee5dc 4025 todo += l;
6d16c2f8 4026 }
8ab934f9
SS		 4027 rlen = todo;
4028 ret = qemu_ram_ptr_length(raddr, &rlen);
4029 *plen = rlen;
4030 return ret;
6d16c2f8
AL		 4031}
4032
4033/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4034 * Will also mark the memory as dirty if is_write == 1. access_len gives
4035 * the amount of memory that was actually read or written by the caller.
4036 */
c227f099
AL		 4037void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4038 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4039{
4040 if (buffer != bounce.buffer) {
4041 if (is_write) {
e890261f 4042 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4043 while (access_len) {
4044 unsigned l;
4045 l = TARGET_PAGE_SIZE;
4046 if (l > access_len)
4047 l = access_len;
4048 if (!cpu_physical_memory_is_dirty(addr1)) {
4049 /* invalidate code */
4050 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4051 /* set dirty bit */
f7c11b53
YT		 4052 cpu_physical_memory_set_dirty_flags(
4053 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4054 }
4055 addr1 += l;
4056 access_len -= l;
4057 }
4058 }
868bb33f 4059 if (xen_enabled()) {
e41d7c69 4060 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4061 }
6d16c2f8
AL		 4062 return;
4063 }
4064 if (is_write) {
4065 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4066 }
f8a83245 4067 qemu_vfree(bounce.buffer);
6d16c2f8 4068 bounce.buffer = NULL;
ba223c29 4069 cpu_notify_map_clients();
6d16c2f8 4070}
d0ecd2aa 4071
8df1cd07 4072/* warning: addr must be aligned */
1e78bcc1
AG		 4073static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4074 enum device_endian endian)
8df1cd07
FB		 4075{
4076 int io_index;
4077 uint8_t *ptr;
4078 uint32_t val;
4079 unsigned long pd;
f1f6e3b8 4080 PhysPageDesc p;
8df1cd07
FB		 4081
4082 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4083 pd = p.phys_offset;
3b46e624 4084
1d393fa2 4085 if (!is_ram_rom_romd(pd)) {
8df1cd07 4086 /* I/O case */
11c7ef0c 4087 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4088 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4089 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4090#if defined(TARGET_WORDS_BIGENDIAN)
4091 if (endian == DEVICE_LITTLE_ENDIAN) {
4092 val = bswap32(val);
4093 }
4094#else
4095 if (endian == DEVICE_BIG_ENDIAN) {
4096 val = bswap32(val);
4097 }
4098#endif
8df1cd07
FB		 4099 } else {
4100 /* RAM case */
5579c7f3 4101 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
8df1cd07 4102 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4103 switch (endian) {
4104 case DEVICE_LITTLE_ENDIAN:
4105 val = ldl_le_p(ptr);
4106 break;
4107 case DEVICE_BIG_ENDIAN:
4108 val = ldl_be_p(ptr);
4109 break;
4110 default:
4111 val = ldl_p(ptr);
4112 break;
4113 }
8df1cd07
FB		 4114 }
4115 return val;
4116}
4117
1e78bcc1
AG		 4118uint32_t ldl_phys(target_phys_addr_t addr)
4119{
4120 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4121}
4122
4123uint32_t ldl_le_phys(target_phys_addr_t addr)
4124{
4125 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4126}
4127
4128uint32_t ldl_be_phys(target_phys_addr_t addr)
4129{
4130 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4131}
4132
84b7b8e7 4133/* warning: addr must be aligned */
1e78bcc1
AG		 4134static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4135 enum device_endian endian)
84b7b8e7
FB		 4136{
4137 int io_index;
4138 uint8_t *ptr;
4139 uint64_t val;
4140 unsigned long pd;
f1f6e3b8 4141 PhysPageDesc p;
84b7b8e7
FB		 4142
4143 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4144 pd = p.phys_offset;
3b46e624 4145
1d393fa2 4146 if (!is_ram_rom_romd(pd)) {
84b7b8e7 4147 /* I/O case */
11c7ef0c 4148 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4149 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4150
4151 /* XXX This is broken when device endian != cpu endian.
4152 Fix and add "endian" variable check */
84b7b8e7 4153#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4154 val = io_mem_read(io_index, addr, 4) << 32;
4155 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4156#else
acbbec5d
AK		 4157 val = io_mem_read(io_index, addr, 4);
4158 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4159#endif
4160 } else {
4161 /* RAM case */
5579c7f3 4162 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
84b7b8e7 4163 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4164 switch (endian) {
4165 case DEVICE_LITTLE_ENDIAN:
4166 val = ldq_le_p(ptr);
4167 break;
4168 case DEVICE_BIG_ENDIAN:
4169 val = ldq_be_p(ptr);
4170 break;
4171 default:
4172 val = ldq_p(ptr);
4173 break;
4174 }
84b7b8e7
FB		 4175 }
4176 return val;
4177}
4178
1e78bcc1
AG		 4179uint64_t ldq_phys(target_phys_addr_t addr)
4180{
4181 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4182}
4183
4184uint64_t ldq_le_phys(target_phys_addr_t addr)
4185{
4186 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4187}
4188
4189uint64_t ldq_be_phys(target_phys_addr_t addr)
4190{
4191 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4192}
4193
aab33094 4194/* XXX: optimize */
c227f099 4195uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4196{
4197 uint8_t val;
4198 cpu_physical_memory_read(addr, &val, 1);
4199 return val;
4200}
4201
733f0b02 4202/* warning: addr must be aligned */
1e78bcc1
AG		 4203static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4204 enum device_endian endian)
aab33094 4205{
733f0b02
MT		 4206 int io_index;
4207 uint8_t *ptr;
4208 uint64_t val;
4209 unsigned long pd;
f1f6e3b8 4210 PhysPageDesc p;
733f0b02
MT		 4211
4212 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4213 pd = p.phys_offset;
733f0b02 4214
1d393fa2 4215 if (!is_ram_rom_romd(pd)) {
733f0b02 4216 /* I/O case */
11c7ef0c 4217 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4218 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4219 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4220#if defined(TARGET_WORDS_BIGENDIAN)
4221 if (endian == DEVICE_LITTLE_ENDIAN) {
4222 val = bswap16(val);
4223 }
4224#else
4225 if (endian == DEVICE_BIG_ENDIAN) {
4226 val = bswap16(val);
4227 }
4228#endif
733f0b02
MT		 4229 } else {
4230 /* RAM case */
4231 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4232 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4233 switch (endian) {
4234 case DEVICE_LITTLE_ENDIAN:
4235 val = lduw_le_p(ptr);
4236 break;
4237 case DEVICE_BIG_ENDIAN:
4238 val = lduw_be_p(ptr);
4239 break;
4240 default:
4241 val = lduw_p(ptr);
4242 break;
4243 }
733f0b02
MT		 4244 }
4245 return val;
aab33094
FB		 4246}
4247
1e78bcc1
AG		 4248uint32_t lduw_phys(target_phys_addr_t addr)
4249{
4250 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4251}
4252
4253uint32_t lduw_le_phys(target_phys_addr_t addr)
4254{
4255 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4256}
4257
4258uint32_t lduw_be_phys(target_phys_addr_t addr)
4259{
4260 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4261}
4262
8df1cd07
FB		 4263/* warning: addr must be aligned. The ram page is not masked as dirty
4264 and the code inside is not invalidated. It is useful if the dirty
4265 bits are used to track modified PTEs */
c227f099 4266void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4267{
4268 int io_index;
4269 uint8_t *ptr;
4270 unsigned long pd;
f1f6e3b8 4271 PhysPageDesc p;
8df1cd07
FB		 4272
4273 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4274 pd = p.phys_offset;
3b46e624 4275
0e0df1e2 4276 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4277 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4278 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
acbbec5d 4279 io_mem_write(io_index, addr, val, 4);
8df1cd07 4280 } else {
74576198 4281 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4282 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4283 stl_p(ptr, val);
74576198
AL		 4284
4285 if (unlikely(in_migration)) {
4286 if (!cpu_physical_memory_is_dirty(addr1)) {
4287 /* invalidate code */
4288 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4289 /* set dirty bit */
f7c11b53
YT		 4290 cpu_physical_memory_set_dirty_flags(
4291 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4292 }
4293 }
8df1cd07
FB		 4294 }
4295}
4296
c227f099 4297void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4298{
4299 int io_index;
4300 uint8_t *ptr;
4301 unsigned long pd;
f1f6e3b8 4302 PhysPageDesc p;
bc98a7ef
JM		 4303
4304 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4305 pd = p.phys_offset;
3b46e624 4306
0e0df1e2 4307 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4308 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4309 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
bc98a7ef 4310#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4311 io_mem_write(io_index, addr, val >> 32, 4);
4312 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4313#else
acbbec5d
AK		 4314 io_mem_write(io_index, addr, (uint32_t)val, 4);
4315 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4316#endif
4317 } else {
5579c7f3 4318 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
bc98a7ef
JM		 4319 (addr & ~TARGET_PAGE_MASK);
4320 stq_p(ptr, val);
4321 }
4322}
4323
8df1cd07 4324/* warning: addr must be aligned */
1e78bcc1
AG		 4325static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4326 enum device_endian endian)
8df1cd07
FB		 4327{
4328 int io_index;
4329 uint8_t *ptr;
4330 unsigned long pd;
f1f6e3b8 4331 PhysPageDesc p;
8df1cd07
FB		 4332
4333 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4334 pd = p.phys_offset;
3b46e624 4335
0e0df1e2 4336 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4337 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4338 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4339#if defined(TARGET_WORDS_BIGENDIAN)
4340 if (endian == DEVICE_LITTLE_ENDIAN) {
4341 val = bswap32(val);
4342 }
4343#else
4344 if (endian == DEVICE_BIG_ENDIAN) {
4345 val = bswap32(val);
4346 }
4347#endif
acbbec5d 4348 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4349 } else {
4350 unsigned long addr1;
4351 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4352 /* RAM case */
5579c7f3 4353 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4354 switch (endian) {
4355 case DEVICE_LITTLE_ENDIAN:
4356 stl_le_p(ptr, val);
4357 break;
4358 case DEVICE_BIG_ENDIAN:
4359 stl_be_p(ptr, val);
4360 break;
4361 default:
4362 stl_p(ptr, val);
4363 break;
4364 }
3a7d929e
FB		 4365 if (!cpu_physical_memory_is_dirty(addr1)) {
4366 /* invalidate code */
4367 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4368 /* set dirty bit */
f7c11b53
YT		 4369 cpu_physical_memory_set_dirty_flags(addr1,
4370 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4371 }
8df1cd07
FB		 4372 }
4373}
4374
1e78bcc1
AG		 4375void stl_phys(target_phys_addr_t addr, uint32_t val)
4376{
4377 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4378}
4379
4380void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4381{
4382 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4383}
4384
4385void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4386{
4387 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4388}
4389
aab33094 4390/* XXX: optimize */
c227f099 4391void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4392{
4393 uint8_t v = val;
4394 cpu_physical_memory_write(addr, &v, 1);
4395}
4396
733f0b02 4397/* warning: addr must be aligned */
1e78bcc1
AG		 4398static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4399 enum device_endian endian)
aab33094 4400{
733f0b02
MT		 4401 int io_index;
4402 uint8_t *ptr;
4403 unsigned long pd;
f1f6e3b8 4404 PhysPageDesc p;
733f0b02
MT		 4405
4406 p = phys_page_find(addr >> TARGET_PAGE_BITS);
f1f6e3b8 4407 pd = p.phys_offset;
733f0b02 4408
0e0df1e2 4409 if ((pd & ~TARGET_PAGE_MASK) != io_mem_ram.ram_addr) {
11c7ef0c 4410 io_index = pd & (IO_MEM_NB_ENTRIES - 1);
f1f6e3b8 4411 addr = (addr & ~TARGET_PAGE_MASK) + p.region_offset;
1e78bcc1
AG		 4412#if defined(TARGET_WORDS_BIGENDIAN)
4413 if (endian == DEVICE_LITTLE_ENDIAN) {
4414 val = bswap16(val);
4415 }
4416#else
4417 if (endian == DEVICE_BIG_ENDIAN) {
4418 val = bswap16(val);
4419 }
4420#endif
acbbec5d 4421 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4422 } else {
4423 unsigned long addr1;
4424 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4425 /* RAM case */
4426 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4427 switch (endian) {
4428 case DEVICE_LITTLE_ENDIAN:
4429 stw_le_p(ptr, val);
4430 break;
4431 case DEVICE_BIG_ENDIAN:
4432 stw_be_p(ptr, val);
4433 break;
4434 default:
4435 stw_p(ptr, val);
4436 break;
4437 }
733f0b02
MT		 4438 if (!cpu_physical_memory_is_dirty(addr1)) {
4439 /* invalidate code */
4440 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4441 /* set dirty bit */
4442 cpu_physical_memory_set_dirty_flags(addr1,
4443 (0xff & ~CODE_DIRTY_FLAG));
4444 }
4445 }
aab33094
FB		 4446}
4447
1e78bcc1
AG		 4448void stw_phys(target_phys_addr_t addr, uint32_t val)
4449{
4450 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4451}
4452
4453void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4454{
4455 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4456}
4457
4458void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4459{
4460 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4461}
4462
aab33094 4463/* XXX: optimize */
c227f099 4464void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4465{
4466 val = tswap64(val);
71d2b725 4467 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4468}
4469
1e78bcc1
AG		 4470void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4471{
4472 val = cpu_to_le64(val);
4473 cpu_physical_memory_write(addr, &val, 8);
4474}
4475
4476void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4477{
4478 val = cpu_to_be64(val);
4479 cpu_physical_memory_write(addr, &val, 8);
4480}
4481
5e2972fd 4482/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4483int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4484 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4485{
4486 int l;
c227f099 4487 target_phys_addr_t phys_addr;
9b3c35e0 4488 target_ulong page;
13eb76e0
FB		 4489
4490 while (len > 0) {
4491 page = addr & TARGET_PAGE_MASK;
4492 phys_addr = cpu_get_phys_page_debug(env, page);
4493 /* if no physical page mapped, return an error */
4494 if (phys_addr == -1)
4495 return -1;
4496 l = (page + TARGET_PAGE_SIZE) - addr;
4497 if (l > len)
4498 l = len;
5e2972fd 4499 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4500 if (is_write)
4501 cpu_physical_memory_write_rom(phys_addr, buf, l);
4502 else
5e2972fd 4503 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4504 len -= l;
4505 buf += l;
4506 addr += l;
4507 }
4508 return 0;
4509}
a68fe89c 4510#endif
13eb76e0 4511
2e70f6ef
PB		 4512/* in deterministic execution mode, instructions doing device I/Os
4513 must be at the end of the TB */
4514void cpu_io_recompile(CPUState *env, void *retaddr)
4515{
4516 TranslationBlock *tb;
4517 uint32_t n, cflags;
4518 target_ulong pc, cs_base;
4519 uint64_t flags;
4520
4521 tb = tb_find_pc((unsigned long)retaddr);
4522 if (!tb) {
4523 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4524 retaddr);
4525 }
4526 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4527 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4528 /* Calculate how many instructions had been executed before the fault
bf20dc07 4529 occurred. */
2e70f6ef
PB		 4530 n = n - env->icount_decr.u16.low;
4531 /* Generate a new TB ending on the I/O insn. */
4532 n++;
4533 /* On MIPS and SH, delay slot instructions can only be restarted if
4534 they were already the first instruction in the TB. If this is not
bf20dc07 4535 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4536 branch. */
4537#if defined(TARGET_MIPS)
4538 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4539 env->active_tc.PC -= 4;
4540 env->icount_decr.u16.low++;
4541 env->hflags &= ~MIPS_HFLAG_BMASK;
4542 }
4543#elif defined(TARGET_SH4)
4544 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4545 && n > 1) {
4546 env->pc -= 2;
4547 env->icount_decr.u16.low++;
4548 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4549 }
4550#endif
4551 /* This should never happen. */
4552 if (n > CF_COUNT_MASK)
4553 cpu_abort(env, "TB too big during recompile");
4554
4555 cflags = n | CF_LAST_IO;
4556 pc = tb->pc;
4557 cs_base = tb->cs_base;
4558 flags = tb->flags;
4559 tb_phys_invalidate(tb, -1);
4560 /* FIXME: In theory this could raise an exception. In practice
4561 we have already translated the block once so it's probably ok. */
4562 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4563 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4564 the first in the TB) then we end up generating a whole new TB and
4565 repeating the fault, which is horribly inefficient.
4566 Better would be to execute just this insn uncached, or generate a
4567 second new TB. */
4568 cpu_resume_from_signal(env, NULL);
4569}
4570
b3755a91
PB		 4571#if !defined(CONFIG_USER_ONLY)
4572
055403b2 4573void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4574{
4575 int i, target_code_size, max_target_code_size;
4576 int direct_jmp_count, direct_jmp2_count, cross_page;
4577 TranslationBlock *tb;
3b46e624 4578
e3db7226
FB		 4579 target_code_size = 0;
4580 max_target_code_size = 0;
4581 cross_page = 0;
4582 direct_jmp_count = 0;
4583 direct_jmp2_count = 0;
4584 for(i = 0; i < nb_tbs; i++) {
4585 tb = &tbs[i];
4586 target_code_size += tb->size;
4587 if (tb->size > max_target_code_size)
4588 max_target_code_size = tb->size;
4589 if (tb->page_addr[1] != -1)
4590 cross_page++;
4591 if (tb->tb_next_offset[0] != 0xffff) {
4592 direct_jmp_count++;
4593 if (tb->tb_next_offset[1] != 0xffff) {
4594 direct_jmp2_count++;
4595 }
4596 }
4597 }
4598 /* XXX: avoid using doubles ? */
57fec1fe 4599 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4600 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4601 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4602 cpu_fprintf(f, "TB count %d/%d\n",
4603 nb_tbs, code_gen_max_blocks);
5fafdf24 4604 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4605 nb_tbs ? target_code_size / nb_tbs : 0,
4606 max_target_code_size);
055403b2 4607 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4608 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4609 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4610 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4611 cross_page,
e3db7226
FB		 4612 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4613 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4614 direct_jmp_count,
e3db7226
FB		 4615 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4616 direct_jmp2_count,
4617 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4618 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4619 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4620 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4621 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4622 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4623}
4624
d39e8222
AK		 4625/* NOTE: this function can trigger an exception */
4626/* NOTE2: the returned address is not exactly the physical address: it
4627 is the offset relative to phys_ram_base */
4628tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4629{
4630 int mmu_idx, page_index, pd;
4631 void *p;
4632
4633 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4634 mmu_idx = cpu_mmu_index(env1);
4635 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4636 (addr & TARGET_PAGE_MASK))) {
4637 ldub_code(addr);
4638 }
4639 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4640 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
75c578dc 4641 && !is_romd(pd)) {
d39e8222
AK		 4642#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4643 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4644#else
4645 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4646#endif
4647 }
4648 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4649 return qemu_ram_addr_from_host_nofail(p);
4650}
4651
82afa586
BH		 4652/*
4653 * A helper function for the _utterly broken_ virtio device model to find out if
4654 * it's running on a big endian machine. Don't do this at home kids!
4655 */
4656bool virtio_is_big_endian(void);
4657bool virtio_is_big_endian(void)
4658{
4659#if defined(TARGET_WORDS_BIGENDIAN)
4660 return true;
4661#else
4662 return false;
4663#endif
4664}
4665
61382a50 4666#define MMUSUFFIX _cmmu
3917149d 4667#undef GETPC
61382a50
FB		 4668#define GETPC() NULL
4669#define env cpu_single_env
b769d8fe 4670#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4671
4672#define SHIFT 0
4673#include "softmmu_template.h"
4674
4675#define SHIFT 1
4676#include "softmmu_template.h"
4677
4678#define SHIFT 2
4679#include "softmmu_template.h"
4680
4681#define SHIFT 3
4682#include "softmmu_template.h"
4683
4684#undef env
4685
4686#endif
QEMU mirror