]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-pull-request' into staging
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
b35ba30f 60#include "qemu/range.h"
794e8f30
MT		 61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
b35ba30f 64
db7b5426 65//#define DEBUG_SUBPAGE
1196be37 66
e2eef170 67#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
0d53d9fe 71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 72
73static MemoryRegion *system_memory;
309cb471 74static MemoryRegion *system_io;
62152b8a 75
f6790af6
AK		 76AddressSpace address_space_io;
77AddressSpace address_space_memory;
2673a5da 78
0844e007 79MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 80static MemoryRegion io_mem_unassigned;
0e0df1e2 81
7bd4f430
PB		 82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
dbcb8981
PB		 85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
62be4e3a
MT		 88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
729633c2 141 MemoryRegionSection *mru_section;
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
29cb533d
FZ		 314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
97115a8d 325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 326 Node *nodes, MemoryRegionSection *sections)
92e873b9 327{
31ab2b4a 328 PhysPageEntry *p;
97115a8d 329 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 330 int i;
f1f6e3b8 331
9736e55b 332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 334 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 335 }
9affd6fc 336 p = nodes[lp.ptr];
03f49957 337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 338 }
b35ba30f 339
29cb533d 340 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
f3705d53
AK		 345}
346
e5548617
BS		 347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
2a8e7499 349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 350 && mr != &io_mem_watch;
fd6ce8f6 351}
149f54b5 352
79e2b9ae 353/* Called from RCU critical section */
c7086b4a 354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 355 hwaddr addr,
356 bool resolve_subpage)
9f029603 357{
729633c2 358 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 359 subpage_t *subpage;
729633c2 360 bool update;
90260c6c 361
729633c2
FZ		 362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
90260c6c
JK		 370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 373 }
729633c2
FZ		 374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
90260c6c 377 return section;
9f029603
JK		 378}
379
79e2b9ae 380/* Called from RCU critical section */
90260c6c 381static MemoryRegionSection *
c7086b4a 382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 383 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 384{
385 MemoryRegionSection *section;
965eb2fc 386 MemoryRegion *mr;
a87f3954 387 Int128 diff;
149f54b5 388
c7086b4a 389 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
965eb2fc 396 mr = section->mr;
b242e0e0
PB		 397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
965eb2fc 409 if (memory_region_is_ram(mr)) {
e4a511f8 410 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
149f54b5
PB		 413 return section;
414}
90260c6c 415
41063e1e 416/* Called from RCU critical section */
5c8a00ce
PB		 417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
90260c6c 420{
30951157
AK		 421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
30951157
AK		 424
425 for (;;) {
79e2b9ae
PB		 426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
8d7b8cb9 434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
23820dbf 437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
fe680d0d 446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 448 *plen = MIN(page, *plen);
a87f3954
PB		 449 }
450
30951157
AK		 451 *xlat = addr;
452 return mr;
90260c6c
JK		 453}
454
79e2b9ae 455/* Called from RCU critical section */
90260c6c 456MemoryRegionSection *
d7898cda 457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 458 hwaddr *xlat, hwaddr *plen)
90260c6c 459{
30951157 460 MemoryRegionSection *section;
d7898cda
PM		 461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 464
465 assert(!section->mr->iommu_ops);
466 return section;
90260c6c 467}
5b6dd868 468#endif
fd6ce8f6 469
b170fce3 470#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 471
472static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 473{
259186a7 474 CPUState *cpu = opaque;
a513fe19 475
5b6dd868
BS		 476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
259186a7 478 cpu->interrupt_request &= ~0x01;
c01a71c1 479 tlb_flush(cpu, 1);
5b6dd868
BS		 480
481 return 0;
a513fe19 482}
7501267e 483
6c3bff0e
PD		 484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 cpu->exception_index = -1;
6c3bff0e
PD		 489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
adee6424 497 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
5cd8cada 504 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
bac05aa9
AS		 511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
1a1562f5 529const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
6c3bff0e 533 .pre_load = cpu_common_pre_load,
5b6dd868 534 .post_load = cpu_common_post_load,
35d08458 535 .fields = (VMStateField[]) {
259186a7
AF		 536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 538 VMSTATE_END_OF_LIST()
6c3bff0e 539 },
5cd8cada
JQ		 540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
bac05aa9 542 &vmstate_cpu_common_crash_occurred,
5cd8cada 543 NULL
5b6dd868
BS		 544 }
545};
1a1562f5 546
5b6dd868 547#endif
ea041c0e 548
38d8f5c8 549CPUState *qemu_get_cpu(int index)
ea041c0e 550{
bdc44640 551 CPUState *cpu;
ea041c0e 552
bdc44640 553 CPU_FOREACH(cpu) {
55e5c285 554 if (cpu->cpu_index == index) {
bdc44640 555 return cpu;
55e5c285 556 }
ea041c0e 557 }
5b6dd868 558
bdc44640 559 return NULL;
ea041c0e
FB		 560}
561
09daed84 562#if !defined(CONFIG_USER_ONLY)
56943e8c 563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 564{
12ebc9a7
PM		 565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
56943e8c
PM		 570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
12ebc9a7
PM		 575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
09daed84 577
12ebc9a7
PM		 578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 580 }
32857f4d 581
12ebc9a7
PM		 582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
56943e8c 585 if (tcg_enabled()) {
12ebc9a7
PM		 586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 588 }
09daed84 589}
651a5bc0
PM		 590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
09daed84
EI		 596#endif
597
b7bca733
BR		 598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
4bad9e39 643void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 644{
b170fce3 645 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 646 Error *local_err = NULL;
5b6dd868 647
56943e8c 648 cpu->as = NULL;
12ebc9a7 649 cpu->num_ases = 0;
56943e8c 650
291135b5 651#ifndef CONFIG_USER_ONLY
291135b5 652 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
291135b5
EH		 667#endif
668
5b6dd868
BS		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
741da0d3 672 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
5b6dd868 679 }
bdc44640 680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 681#if defined(CONFIG_USER_ONLY)
741da0d3 682 (void) cc;
5b6dd868 683 cpu_list_unlock();
741da0d3 684#else
e0d47944 685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 687 }
b170fce3 688 if (cc->vmsd != NULL) {
741da0d3 689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 690 }
741da0d3 691#endif
ea041c0e
FB		 692}
693
94df27fd 694#if defined(CONFIG_USER_ONLY)
00b941e5 695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
00b941e5 700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 701{
5232e4c7
PM		 702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 705 if (phys != -1) {
5232e4c7 706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 707 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 708 }
1e7855a5 709}
c27004ec 710#endif
d720b93d 711
c527ee8f 712#if defined(CONFIG_USER_ONLY)
75a34036 713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 714
715{
716}
717
3ee887e8
PM		 718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
6658ffb8 734/* Add a watchpoint. */
75a34036 735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags, CPUWatchpoint **watchpoint)
6658ffb8 737{
c0ce998e 738 CPUWatchpoint *wp;
6658ffb8 739
05068c0d 740 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 741 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 744 return -EINVAL;
745 }
7267c094 746 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 747
748 wp->vaddr = addr;
05068c0d 749 wp->len = len;
a1d1bb31
AL		 750 wp->flags = flags;
751
2dc9f411 752 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
6658ffb8 758
31b030d4 759 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
6658ffb8
PB		 764}
765
a1d1bb31 766/* Remove a specific watchpoint. */
75a34036 767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 768 int flags)
6658ffb8 769{
a1d1bb31 770 CPUWatchpoint *wp;
6658ffb8 771
ff4700b0 772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 773 if (addr == wp->vaddr && len == wp->len
6e140f28 774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 775 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 776 return 0;
777 }
778 }
a1d1bb31 779 return -ENOENT;
6658ffb8
PB		 780}
781
a1d1bb31 782/* Remove a specific watchpoint by reference. */
75a34036 783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 784{
ff4700b0 785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 786
31b030d4 787 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 788
7267c094 789 g_free(watchpoint);
a1d1bb31
AL		 790}
791
792/* Remove all matching watchpoints. */
75a34036 793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 794{
c0ce998e 795 CPUWatchpoint *wp, *next;
a1d1bb31 796
ff4700b0 797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
c0ce998e 801 }
7d03f82f 802}
05068c0d
PM		 803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
c527ee8f 824#endif
7d03f82f 825
a1d1bb31 826/* Add a breakpoint. */
b3310ab3 827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 828 CPUBreakpoint **breakpoint)
4c3a88a2 829{
c0ce998e 830 CPUBreakpoint *bp;
3b46e624 831
7267c094 832 bp = g_malloc(sizeof(*bp));
4c3a88a2 833
a1d1bb31
AL		 834 bp->pc = pc;
835 bp->flags = flags;
836
2dc9f411 837 /* keep all GDB-injected breakpoints in front */
00b941e5 838 if (flags & BP_GDB) {
f0c3c505 839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 840 } else {
f0c3c505 841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 842 }
3b46e624 843
f0c3c505 844 breakpoint_invalidate(cpu, pc);
a1d1bb31 845
00b941e5 846 if (breakpoint) {
a1d1bb31 847 *breakpoint = bp;
00b941e5 848 }
4c3a88a2 849 return 0;
4c3a88a2
FB		 850}
851
a1d1bb31 852/* Remove a specific breakpoint. */
b3310ab3 853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 854{
a1d1bb31
AL		 855 CPUBreakpoint *bp;
856
f0c3c505 857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 858 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 859 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 860 return 0;
861 }
7d03f82f 862 }
a1d1bb31 863 return -ENOENT;
7d03f82f
EI		 864}
865
a1d1bb31 866/* Remove a specific breakpoint by reference. */
b3310ab3 867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 868{
f0c3c505
AF		 869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 872
7267c094 873 g_free(breakpoint);
a1d1bb31
AL		 874}
875
876/* Remove all matching breakpoints. */
b3310ab3 877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 878{
c0ce998e 879 CPUBreakpoint *bp, *next;
a1d1bb31 880
f0c3c505 881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
c0ce998e 885 }
4c3a88a2
FB		 886}
887
c33a346e
FB		 888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
3825b28f 890void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 891{
ed2803da
AF		 892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
38e478ec 895 kvm_update_guest_debug(cpu, 0);
ed2803da 896 } else {
ccbb4d44 897 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 898 /* XXX: only flush what is necessary */
bbd77c18 899 tb_flush(cpu);
e22a25c9 900 }
c33a346e 901 }
c33a346e
FB		 902}
903
a47dddd7 904void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 905{
906 va_list ap;
493ae1f0 907 va_list ap2;
7501267e
FB		 908
909 va_start(ap, fmt);
493ae1f0 910 va_copy(ap2, ap);
7501267e
FB		 911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
878096ee 914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 915 if (qemu_log_separate()) {
93fcfe39
AL		 916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
a0762859 919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 920 qemu_log_flush();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1048 /* Normal RAM. */
1049 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
149f54b5 1050 + xlat;
e5548617 1051 if (!section->readonly) {
b41aac4f 1052 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1053 } else {
b41aac4f 1054 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1055 }
1056 } else {
0b8e2c10
PM		 1057 AddressSpaceDispatch *d;
1058
1059 d = atomic_rcu_read(&section->address_space->dispatch);
1060 iotlb = section - d->map.sections;
149f54b5 1061 iotlb += xlat;
e5548617
BS		 1062 }
1063
1064 /* Make accesses to pages with watchpoints go via the
1065 watchpoint trap routines. */
ff4700b0 1066 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1067 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1068 /* Avoid trapping reads of pages with a write breakpoint. */
1069 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1070 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1071 *address |= TLB_MMIO;
1072 break;
1073 }
1074 }
1075 }
1076
1077 return iotlb;
1078}
9fa3e853
FB		 1079#endif /* defined(CONFIG_USER_ONLY) */
1080
e2eef170 1081#if !defined(CONFIG_USER_ONLY)
8da3ff18 1082
c227f099 1083static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1084 uint16_t section);
acc9d80b 1085static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1086
a2b257d6
IM		 1087static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1088 qemu_anon_ram_alloc;
91138037
MA		 1089
1090/*
1091 * Set a custom physical guest memory alloator.
1092 * Accelerators with unusual needs may need this. Hopefully, we can
1093 * get rid of it eventually.
1094 */
a2b257d6 1095void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1096{
1097 phys_mem_alloc = alloc;
1098}
1099
53cb28cb
MA		 1100static uint16_t phys_section_add(PhysPageMap *map,
1101 MemoryRegionSection *section)
5312bd8b 1102{
68f3f65b
PB		 1103 /* The physical section number is ORed with a page-aligned
1104 * pointer to produce the iotlb entries. Thus it should
1105 * never overflow into the page-aligned value.
1106 */
53cb28cb 1107 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1108
53cb28cb
MA		 1109 if (map->sections_nb == map->sections_nb_alloc) {
1110 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1111 map->sections = g_renew(MemoryRegionSection, map->sections,
1112 map->sections_nb_alloc);
5312bd8b 1113 }
53cb28cb 1114 map->sections[map->sections_nb] = *section;
dfde4e6e 1115 memory_region_ref(section->mr);
53cb28cb 1116 return map->sections_nb++;
5312bd8b
AK		 1117}
1118
058bc4b5
PB		 1119static void phys_section_destroy(MemoryRegion *mr)
1120{
55b4e80b
DS		 1121 bool have_sub_page = mr->subpage;
1122
dfde4e6e
PB		 1123 memory_region_unref(mr);
1124
55b4e80b 1125 if (have_sub_page) {
058bc4b5 1126 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1127 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1128 g_free(subpage);
1129 }
1130}
1131
6092666e 1132static void phys_sections_free(PhysPageMap *map)
5312bd8b 1133{
9affd6fc
PB		 1134 while (map->sections_nb > 0) {
1135 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1136 phys_section_destroy(section->mr);
1137 }
9affd6fc
PB		 1138 g_free(map->sections);
1139 g_free(map->nodes);
5312bd8b
AK		 1140}
1141
ac1970fb 1142static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1143{
1144 subpage_t *subpage;
a8170e5e 1145 hwaddr base = section->offset_within_address_space
0f0cb164 1146 & TARGET_PAGE_MASK;
97115a8d 1147 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1148 d->map.nodes, d->map.sections);
0f0cb164
AK		 1149 MemoryRegionSection subsection = {
1150 .offset_within_address_space = base,
052e87b0 1151 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1152 };
a8170e5e 1153 hwaddr start, end;
0f0cb164 1154
f3705d53 1155 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1156
f3705d53 1157 if (!(existing->mr->subpage)) {
acc9d80b 1158 subpage = subpage_init(d->as, base);
3be91e86 1159 subsection.address_space = d->as;
0f0cb164 1160 subsection.mr = &subpage->iomem;
ac1970fb 1161 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1162 phys_section_add(&d->map, &subsection));
0f0cb164 1163 } else {
f3705d53 1164 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1165 }
1166 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1167 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1168 subpage_register(subpage, start, end,
1169 phys_section_add(&d->map, section));
0f0cb164
AK		 1170}
1171
1172
052e87b0
PB		 1173static void register_multipage(AddressSpaceDispatch *d,
1174 MemoryRegionSection *section)
33417e70 1175{
a8170e5e 1176 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1177 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1178 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1179 TARGET_PAGE_BITS));
dd81124b 1180
733d5ef5
PB		 1181 assert(num_pages);
1182 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1183}
1184
ac1970fb 1185static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1186{
89ae337a 1187 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1188 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1189 MemoryRegionSection now = *section, remain = *section;
052e87b0 1190 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1191
733d5ef5
PB		 1192 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1193 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1194 - now.offset_within_address_space;
1195
052e87b0 1196 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1197 register_subpage(d, &now);
733d5ef5 1198 } else {
052e87b0 1199 now.size = int128_zero();
733d5ef5 1200 }
052e87b0
PB		 1201 while (int128_ne(remain.size, now.size)) {
1202 remain.size = int128_sub(remain.size, now.size);
1203 remain.offset_within_address_space += int128_get64(now.size);
1204 remain.offset_within_region += int128_get64(now.size);
69b67646 1205 now = remain;
052e87b0 1206 if (int128_lt(remain.size, page_size)) {
733d5ef5 1207 register_subpage(d, &now);
88266249 1208 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1209 now.size = page_size;
ac1970fb 1210 register_subpage(d, &now);
69b67646 1211 } else {
052e87b0 1212 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1213 register_multipage(d, &now);
69b67646 1214 }
0f0cb164
AK		 1215 }
1216}
1217
62a2744c
SY		 1218void qemu_flush_coalesced_mmio_buffer(void)
1219{
1220 if (kvm_enabled())
1221 kvm_flush_coalesced_mmio_buffer();
1222}
1223
b2a8658e
UD		 1224void qemu_mutex_lock_ramlist(void)
1225{
1226 qemu_mutex_lock(&ram_list.mutex);
1227}
1228
1229void qemu_mutex_unlock_ramlist(void)
1230{
1231 qemu_mutex_unlock(&ram_list.mutex);
1232}
1233
e1e84ba0 1234#ifdef __linux__
04b16653
AW		 1235static void *file_ram_alloc(RAMBlock *block,
1236 ram_addr_t memory,
7f56e740
PB		 1237 const char *path,
1238 Error **errp)
c902760f 1239{
fd97fd44 1240 bool unlink_on_error = false;
c902760f 1241 char *filename;
8ca761f6
PF		 1242 char *sanitized_name;
1243 char *c;
794e8f30 1244 void *area;
5c3ece79 1245 int fd = -1;
e1fb6471 1246 int64_t page_size;
c902760f
MT		 1247
1248 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1249 error_setg(errp,
1250 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1251 return NULL;
c902760f
MT		 1252 }
1253
fd97fd44
MA		 1254 for (;;) {
1255 fd = open(path, O_RDWR);
1256 if (fd >= 0) {
1257 /* @path names an existing file, use it */
1258 break;
8d31d6b6 1259 }
fd97fd44
MA		 1260 if (errno == ENOENT) {
1261 /* @path names a file that doesn't exist, create it */
1262 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1263 if (fd >= 0) {
1264 unlink_on_error = true;
1265 break;
1266 }
1267 } else if (errno == EISDIR) {
1268 /* @path names a directory, create a file there */
1269 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1270 sanitized_name = g_strdup(memory_region_name(block->mr));
1271 for (c = sanitized_name; *c != '\0'; c++) {
1272 if (*c == '/') {
1273 *c = '_';
1274 }
1275 }
8ca761f6 1276
fd97fd44
MA		 1277 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1278 sanitized_name);
1279 g_free(sanitized_name);
8d31d6b6 1280
fd97fd44
MA		 1281 fd = mkstemp(filename);
1282 if (fd >= 0) {
1283 unlink(filename);
1284 g_free(filename);
1285 break;
1286 }
1287 g_free(filename);
8d31d6b6 1288 }
fd97fd44
MA		 1289 if (errno != EEXIST && errno != EINTR) {
1290 error_setg_errno(errp, errno,
1291 "can't open backing store %s for guest RAM",
1292 path);
1293 goto error;
1294 }
1295 /*
1296 * Try again on EINTR and EEXIST. The latter happens when
1297 * something else creates the file between our two open().
1298 */
8d31d6b6 1299 }
c902760f 1300
e1fb6471
MA		 1301 page_size = qemu_fd_getpagesize(fd);
1302 block->mr->align = page_size;
fd97fd44 1303
e1fb6471 1304 if (memory < page_size) {
fd97fd44
MA		 1305 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1306 "or larger than page size 0x%" PRIx64,
e1fb6471 1307 memory, page_size);
f9a49dfa 1308 goto error;
c902760f 1309 }
c902760f 1310
e1fb6471 1311 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1312
1313 /*
1314 * ftruncate is not supported by hugetlbfs in older
1315 * hosts, so don't bother bailing out on errors.
1316 * If anything goes wrong with it under other filesystems,
1317 * mmap will fail.
1318 */
7f56e740 1319 if (ftruncate(fd, memory)) {
9742bf26 1320 perror("ftruncate");
7f56e740 1321 }
c902760f 1322
e1fb6471 1323 area = qemu_ram_mmap(fd, memory, page_size, block->flags & RAM_SHARED);
c902760f 1324 if (area == MAP_FAILED) {
7f56e740 1325 error_setg_errno(errp, errno,
fd97fd44 1326 "unable to map backing store for guest RAM");
f9a49dfa 1327 goto error;
c902760f 1328 }
ef36fa14
MT		 1329
1330 if (mem_prealloc) {
38183310 1331 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1332 }
1333
04b16653 1334 block->fd = fd;
c902760f 1335 return area;
f9a49dfa
MT		 1336
1337error:
fd97fd44
MA		 1338 if (unlink_on_error) {
1339 unlink(path);
1340 }
5c3ece79
PB		 1341 if (fd != -1) {
1342 close(fd);
1343 }
f9a49dfa 1344 return NULL;
c902760f
MT		 1345}
1346#endif
1347
0dc3f44a 1348/* Called with the ramlist lock held. */
d17b5288 1349static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1350{
1351 RAMBlock *block, *next_block;
3e837b2c 1352 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1353
49cd9ac6
SH		 1354 assert(size != 0); /* it would hand out same offset multiple times */
1355
0dc3f44a 1356 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1357 return 0;
0d53d9fe 1358 }
04b16653 1359
0dc3f44a 1360 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1361 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1362
62be4e3a 1363 end = block->offset + block->max_length;
04b16653 1364
0dc3f44a 1365 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1366 if (next_block->offset >= end) {
1367 next = MIN(next, next_block->offset);
1368 }
1369 }
1370 if (next - end >= size && next - end < mingap) {
3e837b2c 1371 offset = end;
04b16653
AW		 1372 mingap = next - end;
1373 }
1374 }
3e837b2c
AW		 1375
1376 if (offset == RAM_ADDR_MAX) {
1377 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1378 (uint64_t)size);
1379 abort();
1380 }
1381
04b16653
AW		 1382 return offset;
1383}
1384
652d7ec2 1385ram_addr_t last_ram_offset(void)
d17b5288
AW		 1386{
1387 RAMBlock *block;
1388 ram_addr_t last = 0;
1389
0dc3f44a
MD		 1390 rcu_read_lock();
1391 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1392 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1393 }
0dc3f44a 1394 rcu_read_unlock();
d17b5288
AW		 1395 return last;
1396}
1397
ddb97f1d
JB		 1398static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1399{
1400 int ret;
ddb97f1d
JB		 1401
1402 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1403 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1404 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1405 if (ret) {
1406 perror("qemu_madvise");
1407 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1408 "but dump_guest_core=off specified\n");
1409 }
1410 }
1411}
1412
0dc3f44a
MD		 1413/* Called within an RCU critical section, or while the ramlist lock
1414 * is held.
1415 */
20cfe881 1416static RAMBlock *find_ram_block(ram_addr_t addr)
84b89d78 1417{
20cfe881 1418 RAMBlock *block;
84b89d78 1419
0dc3f44a 1420 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1421 if (block->offset == addr) {
20cfe881 1422 return block;
c5705a77
AK		 1423 }
1424 }
20cfe881
HT		 1425
1426 return NULL;
1427}
1428
422148d3
DDAG		 1429const char *qemu_ram_get_idstr(RAMBlock *rb)
1430{
1431 return rb->idstr;
1432}
1433
ae3a7047 1434/* Called with iothread lock held. */
20cfe881
HT		 1435void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1436{
ae3a7047 1437 RAMBlock *new_block, *block;
20cfe881 1438
0dc3f44a 1439 rcu_read_lock();
ae3a7047 1440 new_block = find_ram_block(addr);
c5705a77
AK		 1441 assert(new_block);
1442 assert(!new_block->idstr[0]);
84b89d78 1443
09e5ab63
AL		 1444 if (dev) {
1445 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1446 if (id) {
1447 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1448 g_free(id);
84b89d78
CM		 1449 }
1450 }
1451 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1452
0dc3f44a 1453 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
c5705a77 1454 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1455 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1456 new_block->idstr);
1457 abort();
1458 }
1459 }
0dc3f44a 1460 rcu_read_unlock();
c5705a77
AK		 1461}
1462
ae3a7047 1463/* Called with iothread lock held. */
20cfe881
HT		 1464void qemu_ram_unset_idstr(ram_addr_t addr)
1465{
ae3a7047 1466 RAMBlock *block;
20cfe881 1467
ae3a7047
MD		 1468 /* FIXME: arch_init.c assumes that this is not called throughout
1469 * migration. Ignore the problem since hot-unplug during migration
1470 * does not work anyway.
1471 */
1472
0dc3f44a 1473 rcu_read_lock();
ae3a7047 1474 block = find_ram_block(addr);
20cfe881
HT		 1475 if (block) {
1476 memset(block->idstr, 0, sizeof(block->idstr));
1477 }
0dc3f44a 1478 rcu_read_unlock();
20cfe881
HT		 1479}
1480
8490fc78
LC		 1481static int memory_try_enable_merging(void *addr, size_t len)
1482{
75cc7f01 1483 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1484 /* disabled by the user */
1485 return 0;
1486 }
1487
1488 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1489}
1490
62be4e3a
MT		 1491/* Only legal before guest might have detected the memory size: e.g. on
1492 * incoming migration, or right after reset.
1493 *
1494 * As memory core doesn't know how is memory accessed, it is up to
1495 * resize callback to update device state and/or add assertions to detect
1496 * misuse, if necessary.
1497 */
1498int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1499{
1500 RAMBlock *block = find_ram_block(base);
1501
1502 assert(block);
1503
4ed023ce 1504 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1505
62be4e3a
MT		 1506 if (block->used_length == newsize) {
1507 return 0;
1508 }
1509
1510 if (!(block->flags & RAM_RESIZEABLE)) {
1511 error_setg_errno(errp, EINVAL,
1512 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1513 " in != 0x" RAM_ADDR_FMT, block->idstr,
1514 newsize, block->used_length);
1515 return -EINVAL;
1516 }
1517
1518 if (block->max_length < newsize) {
1519 error_setg_errno(errp, EINVAL,
1520 "Length too large: %s: 0x" RAM_ADDR_FMT
1521 " > 0x" RAM_ADDR_FMT, block->idstr,
1522 newsize, block->max_length);
1523 return -EINVAL;
1524 }
1525
1526 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1527 block->used_length = newsize;
58d2707e
PB		 1528 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1529 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1530 memory_region_set_size(block->mr, newsize);
1531 if (block->resized) {
1532 block->resized(block->idstr, newsize, block->host);
1533 }
1534 return 0;
1535}
1536
5b82b703
SH		 1537/* Called with ram_list.mutex held */
1538static void dirty_memory_extend(ram_addr_t old_ram_size,
1539 ram_addr_t new_ram_size)
1540{
1541 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1542 DIRTY_MEMORY_BLOCK_SIZE);
1543 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1544 DIRTY_MEMORY_BLOCK_SIZE);
1545 int i;
1546
1547 /* Only need to extend if block count increased */
1548 if (new_num_blocks <= old_num_blocks) {
1549 return;
1550 }
1551
1552 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1553 DirtyMemoryBlocks *old_blocks;
1554 DirtyMemoryBlocks *new_blocks;
1555 int j;
1556
1557 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1558 new_blocks = g_malloc(sizeof(*new_blocks) +
1559 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1560
1561 if (old_num_blocks) {
1562 memcpy(new_blocks->blocks, old_blocks->blocks,
1563 old_num_blocks * sizeof(old_blocks->blocks[0]));
1564 }
1565
1566 for (j = old_num_blocks; j < new_num_blocks; j++) {
1567 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1568 }
1569
1570 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1571
1572 if (old_blocks) {
1573 g_free_rcu(old_blocks, rcu);
1574 }
1575 }
1576}
1577
528f46af 1578static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1579{
e1c57ab8 1580 RAMBlock *block;
0d53d9fe 1581 RAMBlock *last_block = NULL;
2152f5ca 1582 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1583 Error *err = NULL;
2152f5ca
JQ		 1584
1585 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1586
b2a8658e 1587 qemu_mutex_lock_ramlist();
9b8424d5 1588 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1589
1590 if (!new_block->host) {
1591 if (xen_enabled()) {
9b8424d5 1592 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1593 new_block->mr, &err);
1594 if (err) {
1595 error_propagate(errp, err);
1596 qemu_mutex_unlock_ramlist();
39c350ee 1597 return;
37aa7a0e 1598 }
e1c57ab8 1599 } else {
9b8424d5 1600 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1601 &new_block->mr->align);
39228250 1602 if (!new_block->host) {
ef701d7b
HT		 1603 error_setg_errno(errp, errno,
1604 "cannot set up guest memory '%s'",
1605 memory_region_name(new_block->mr));
1606 qemu_mutex_unlock_ramlist();
39c350ee 1607 return;
39228250 1608 }
9b8424d5 1609 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1610 }
c902760f 1611 }
94a6b54f 1612
dd631697
LZ		 1613 new_ram_size = MAX(old_ram_size,
1614 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1615 if (new_ram_size > old_ram_size) {
1616 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1617 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1618 }
0d53d9fe
MD		 1619 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1620 * QLIST (which has an RCU-friendly variant) does not have insertion at
1621 * tail, so save the last element in last_block.
1622 */
0dc3f44a 1623 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1624 last_block = block;
9b8424d5 1625 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1626 break;
1627 }
1628 }
1629 if (block) {
0dc3f44a 1630 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1631 } else if (last_block) {
0dc3f44a 1632 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1633 } else { /* list is empty */
0dc3f44a 1634 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1635 }
0d6d3c87 1636 ram_list.mru_block = NULL;
94a6b54f 1637
0dc3f44a
MD		 1638 /* Write list before version */
1639 smp_wmb();
f798b07f 1640 ram_list.version++;
b2a8658e 1641 qemu_mutex_unlock_ramlist();
f798b07f 1642
9b8424d5 1643 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1644 new_block->used_length,
1645 DIRTY_CLIENTS_ALL);
94a6b54f 1646
a904c911
PB		 1647 if (new_block->host) {
1648 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1649 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1650 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1651 if (kvm_enabled()) {
1652 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1653 }
e1c57ab8 1654 }
94a6b54f 1655}
e9a1ab19 1656
0b183fc8 1657#ifdef __linux__
528f46af
FZ		 1658RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1659 bool share, const char *mem_path,
1660 Error **errp)
e1c57ab8
PB		 1661{
1662 RAMBlock *new_block;
ef701d7b 1663 Error *local_err = NULL;
e1c57ab8
PB		 1664
1665 if (xen_enabled()) {
7f56e740 1666 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1667 return NULL;
e1c57ab8
PB		 1668 }
1669
1670 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1671 /*
1672 * file_ram_alloc() needs to allocate just like
1673 * phys_mem_alloc, but we haven't bothered to provide
1674 * a hook there.
1675 */
7f56e740
PB		 1676 error_setg(errp,
1677 "-mem-path not supported with this accelerator");
528f46af 1678 return NULL;
e1c57ab8
PB		 1679 }
1680
4ed023ce 1681 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1682 new_block = g_malloc0(sizeof(*new_block));
1683 new_block->mr = mr;
9b8424d5
MT		 1684 new_block->used_length = size;
1685 new_block->max_length = size;
dbcb8981 1686 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1687 new_block->host = file_ram_alloc(new_block, size,
1688 mem_path, errp);
1689 if (!new_block->host) {
1690 g_free(new_block);
528f46af 1691 return NULL;
7f56e740
PB		 1692 }
1693
528f46af 1694 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1695 if (local_err) {
1696 g_free(new_block);
1697 error_propagate(errp, local_err);
528f46af 1698 return NULL;
ef701d7b 1699 }
528f46af 1700 return new_block;
e1c57ab8 1701}
0b183fc8 1702#endif
e1c57ab8 1703
62be4e3a 1704static
528f46af
FZ		 1705RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1706 void (*resized)(const char*,
1707 uint64_t length,
1708 void *host),
1709 void *host, bool resizeable,
1710 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1711{
1712 RAMBlock *new_block;
ef701d7b 1713 Error *local_err = NULL;
e1c57ab8 1714
4ed023ce
DDAG		 1715 size = HOST_PAGE_ALIGN(size);
1716 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1717 new_block = g_malloc0(sizeof(*new_block));
1718 new_block->mr = mr;
62be4e3a 1719 new_block->resized = resized;
9b8424d5
MT		 1720 new_block->used_length = size;
1721 new_block->max_length = max_size;
62be4e3a 1722 assert(max_size >= size);
e1c57ab8
PB		 1723 new_block->fd = -1;
1724 new_block->host = host;
1725 if (host) {
7bd4f430 1726 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1727 }
62be4e3a
MT		 1728 if (resizeable) {
1729 new_block->flags |= RAM_RESIZEABLE;
1730 }
528f46af 1731 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1732 if (local_err) {
1733 g_free(new_block);
1734 error_propagate(errp, local_err);
528f46af 1735 return NULL;
ef701d7b 1736 }
528f46af 1737 return new_block;
e1c57ab8
PB		 1738}
1739
528f46af 1740RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1741 MemoryRegion *mr, Error **errp)
1742{
1743 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1744}
1745
528f46af 1746RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1747{
62be4e3a
MT		 1748 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1749}
1750
528f46af 1751RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1752 void (*resized)(const char*,
1753 uint64_t length,
1754 void *host),
1755 MemoryRegion *mr, Error **errp)
1756{
1757 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1758}
1759
43771539
PB		 1760static void reclaim_ramblock(RAMBlock *block)
1761{
1762 if (block->flags & RAM_PREALLOC) {
1763 ;
1764 } else if (xen_enabled()) {
1765 xen_invalidate_map_cache_entry(block->host);
1766#ifndef _WIN32
1767 } else if (block->fd >= 0) {
2f3a2bb1 1768 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1769 close(block->fd);
1770#endif
1771 } else {
1772 qemu_anon_ram_free(block->host, block->max_length);
1773 }
1774 g_free(block);
1775}
1776
f1060c55 1777void qemu_ram_free(RAMBlock *block)
e9a1ab19 1778{
85bc2a15
MAL		 1779 if (!block) {
1780 return;
1781 }
1782
b2a8658e 1783 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1784 QLIST_REMOVE_RCU(block, next);
1785 ram_list.mru_block = NULL;
1786 /* Write list before version */
1787 smp_wmb();
1788 ram_list.version++;
1789 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1790 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1791}
1792
cd19cfa2
HY		 1793#ifndef _WIN32
1794void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1795{
1796 RAMBlock *block;
1797 ram_addr_t offset;
1798 int flags;
1799 void *area, *vaddr;
1800
0dc3f44a 1801 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1802 offset = addr - block->offset;
9b8424d5 1803 if (offset < block->max_length) {
1240be24 1804 vaddr = ramblock_ptr(block, offset);
7bd4f430 1805 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1806 ;
dfeaf2ab
MA		 1807 } else if (xen_enabled()) {
1808 abort();
cd19cfa2
HY		 1809 } else {
1810 flags = MAP_FIXED;
3435f395 1811 if (block->fd >= 0) {
dbcb8981
PB		 1812 flags |= (block->flags & RAM_SHARED ?
1813 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1814 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1815 flags, block->fd, offset);
cd19cfa2 1816 } else {
2eb9fbaa
MA		 1817 /*
1818 * Remap needs to match alloc. Accelerators that
1819 * set phys_mem_alloc never remap. If they did,
1820 * we'd need a remap hook here.
1821 */
1822 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1823
cd19cfa2
HY		 1824 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1825 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1826 flags, -1, 0);
cd19cfa2
HY		 1827 }
1828 if (area != vaddr) {
f15fbc4b
AP		 1829 fprintf(stderr, "Could not remap addr: "
1830 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1831 length, addr);
1832 exit(1);
1833 }
8490fc78 1834 memory_try_enable_merging(vaddr, length);
ddb97f1d 1835 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1836 }
cd19cfa2
HY		 1837 }
1838 }
1839}
1840#endif /* !_WIN32 */
1841
a35ba7be
PB		 1842int qemu_get_ram_fd(ram_addr_t addr)
1843{
ae3a7047
MD		 1844 RAMBlock *block;
1845 int fd;
a35ba7be 1846
0dc3f44a 1847 rcu_read_lock();
ae3a7047
MD		 1848 block = qemu_get_ram_block(addr);
1849 fd = block->fd;
0dc3f44a 1850 rcu_read_unlock();
ae3a7047 1851 return fd;
a35ba7be
PB		 1852}
1853
56a571d9
TM		 1854void qemu_set_ram_fd(ram_addr_t addr, int fd)
1855{
1856 RAMBlock *block;
1857
1858 rcu_read_lock();
1859 block = qemu_get_ram_block(addr);
1860 block->fd = fd;
1861 rcu_read_unlock();
1862}
1863
3fd74b84
DM		 1864void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1865{
ae3a7047
MD		 1866 RAMBlock *block;
1867 void *ptr;
3fd74b84 1868
0dc3f44a 1869 rcu_read_lock();
ae3a7047
MD		 1870 block = qemu_get_ram_block(addr);
1871 ptr = ramblock_ptr(block, 0);
0dc3f44a 1872 rcu_read_unlock();
ae3a7047 1873 return ptr;
3fd74b84
DM		 1874}
1875
1b5ec234 1876/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1877 * This should not be used for general purpose DMA. Use address_space_map
1878 * or address_space_rw instead. For local memory (e.g. video ram) that the
1879 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1880 *
49b24afc 1881 * Called within RCU critical section.
1b5ec234 1882 */
3655cb9c 1883void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1884{
3655cb9c
GA		 1885 RAMBlock *block = ram_block;
1886
1887 if (block == NULL) {
1888 block = qemu_get_ram_block(addr);
1889 }
ae3a7047
MD		 1890
1891 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1892 /* We need to check if the requested address is in the RAM
1893 * because we don't want to map the entire memory in QEMU.
1894 * In that case just map until the end of the page.
1895 */
1896 if (block->offset == 0) {
49b24afc 1897 return xen_map_cache(addr, 0, 0);
0d6d3c87 1898 }
ae3a7047
MD		 1899
1900 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1901 }
49b24afc 1902 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1903}
1904
38bee5dc 1905/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1906 * but takes a size argument.
0dc3f44a 1907 *
e81bcda5 1908 * Called within RCU critical section.
ae3a7047 1909 */
3655cb9c
GA		 1910static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1911 hwaddr *size)
38bee5dc 1912{
3655cb9c 1913 RAMBlock *block = ram_block;
e81bcda5 1914 ram_addr_t offset_inside_block;
8ab934f9
SS		 1915 if (*size == 0) {
1916 return NULL;
1917 }
e81bcda5 1918
3655cb9c
GA		 1919 if (block == NULL) {
1920 block = qemu_get_ram_block(addr);
1921 }
e81bcda5
PB		 1922 offset_inside_block = addr - block->offset;
1923 *size = MIN(*size, block->max_length - offset_inside_block);
1924
1925 if (xen_enabled() && block->host == NULL) {
1926 /* We need to check if the requested address is in the RAM
1927 * because we don't want to map the entire memory in QEMU.
1928 * In that case just map the requested area.
1929 */
1930 if (block->offset == 0) {
1931 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1932 }
1933
e81bcda5 1934 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1935 }
e81bcda5
PB		 1936
1937 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1938}
1939
422148d3
DDAG		 1940/*
1941 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1942 * in that RAMBlock.
1943 *
1944 * ptr: Host pointer to look up
1945 * round_offset: If true round the result offset down to a page boundary
1946 * *ram_addr: set to result ram_addr
1947 * *offset: set to result offset within the RAMBlock
1948 *
1949 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1950 *
1951 * By the time this function returns, the returned pointer is not protected
1952 * by RCU anymore. If the caller is not within an RCU critical section and
1953 * does not hold the iothread lock, it must have other means of protecting the
1954 * pointer, such as a reference to the region that includes the incoming
1955 * ram_addr_t.
1956 */
422148d3
DDAG		 1957RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1958 ram_addr_t *ram_addr,
1959 ram_addr_t *offset)
5579c7f3 1960{
94a6b54f
PB		 1961 RAMBlock *block;
1962 uint8_t *host = ptr;
1963
868bb33f 1964 if (xen_enabled()) {
0dc3f44a 1965 rcu_read_lock();
e41d7c69 1966 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1967 block = qemu_get_ram_block(*ram_addr);
1968 if (block) {
1969 *offset = (host - block->host);
1970 }
0dc3f44a 1971 rcu_read_unlock();
422148d3 1972 return block;
712c2b41
SS		 1973 }
1974
0dc3f44a
MD		 1975 rcu_read_lock();
1976 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1977 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1978 goto found;
1979 }
1980
0dc3f44a 1981 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1982 /* This case append when the block is not mapped. */
1983 if (block->host == NULL) {
1984 continue;
1985 }
9b8424d5 1986 if (host - block->host < block->max_length) {
23887b79 1987 goto found;
f471a17e 1988 }
94a6b54f 1989 }
432d268c 1990
0dc3f44a 1991 rcu_read_unlock();
1b5ec234 1992 return NULL;
23887b79
PB		 1993
1994found:
422148d3
DDAG		 1995 *offset = (host - block->host);
1996 if (round_offset) {
1997 *offset &= TARGET_PAGE_MASK;
1998 }
1999 *ram_addr = block->offset + *offset;
0dc3f44a 2000 rcu_read_unlock();
422148d3
DDAG		 2001 return block;
2002}
2003
e3dd7493
DDAG		 2004/*
2005 * Finds the named RAMBlock
2006 *
2007 * name: The name of RAMBlock to find
2008 *
2009 * Returns: RAMBlock (or NULL if not found)
2010 */
2011RAMBlock *qemu_ram_block_by_name(const char *name)
2012{
2013 RAMBlock *block;
2014
2015 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
2016 if (!strcmp(name, block->idstr)) {
2017 return block;
2018 }
2019 }
2020
2021 return NULL;
2022}
2023
422148d3
DDAG		 2024/* Some of the softmmu routines need to translate from a host pointer
2025 (typically a TLB entry) back to a ram offset. */
2026MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2027{
2028 RAMBlock *block;
2029 ram_addr_t offset; /* Not used */
2030
2031 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2032
2033 if (!block) {
2034 return NULL;
2035 }
2036
2037 return block->mr;
e890261f 2038}
f471a17e 2039
49b24afc 2040/* Called within RCU critical section. */
a8170e5e 2041static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2042 uint64_t val, unsigned size)
9fa3e853 2043{
52159192 2044 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2045 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2046 }
0e0df1e2
AK		 2047 switch (size) {
2048 case 1:
3655cb9c 2049 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2050 break;
2051 case 2:
3655cb9c 2052 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2053 break;
2054 case 4:
3655cb9c 2055 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2056 break;
2057 default:
2058 abort();
3a7d929e 2059 }
58d2707e
PB		 2060 /* Set both VGA and migration bits for simplicity and to remove
2061 * the notdirty callback faster.
2062 */
2063 cpu_physical_memory_set_dirty_range(ram_addr, size,
2064 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2065 /* we remove the notdirty callback only if the code has been
2066 flushed */
a2cd8c85 2067 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2068 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2069 }
9fa3e853
FB		 2070}
2071
b018ddf6
PB		 2072static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2073 unsigned size, bool is_write)
2074{
2075 return is_write;
2076}
2077
0e0df1e2 2078static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2079 .write = notdirty_mem_write,
b018ddf6 2080 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2081 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2082};
2083
0f459d16 2084/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2085static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2086{
93afeade 2087 CPUState *cpu = current_cpu;
568496c0 2088 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2089 CPUArchState *env = cpu->env_ptr;
06d55cc1 2090 target_ulong pc, cs_base;
0f459d16 2091 target_ulong vaddr;
a1d1bb31 2092 CPUWatchpoint *wp;
89fee74a 2093 uint32_t cpu_flags;
0f459d16 2094
ff4700b0 2095 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2096 /* We re-entered the check after replacing the TB. Now raise
2097 * the debug interrupt so that is will trigger after the
2098 * current instruction. */
93afeade 2099 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2100 return;
2101 }
93afeade 2102 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2103 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2104 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2105 && (wp->flags & flags)) {
08225676
PM		 2106 if (flags == BP_MEM_READ) {
2107 wp->flags |= BP_WATCHPOINT_HIT_READ;
2108 } else {
2109 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2110 }
2111 wp->hitaddr = vaddr;
66b9b43c 2112 wp->hitattrs = attrs;
ff4700b0 2113 if (!cpu->watchpoint_hit) {
568496c0
SF		 2114 if (wp->flags & BP_CPU &&
2115 !cc->debug_check_watchpoint(cpu, wp)) {
2116 wp->flags &= ~BP_WATCHPOINT_HIT;
2117 continue;
2118 }
ff4700b0 2119 cpu->watchpoint_hit = wp;
239c51a5 2120 tb_check_watchpoint(cpu);
6e140f28 2121 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2122 cpu->exception_index = EXCP_DEBUG;
5638d180 2123 cpu_loop_exit(cpu);
6e140f28
AL		 2124 } else {
2125 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2126 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2127 cpu_resume_from_signal(cpu, NULL);
6e140f28 2128 }
06d55cc1 2129 }
6e140f28
AL		 2130 } else {
2131 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2132 }
2133 }
2134}
2135
6658ffb8
PB		 2136/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2137 so these check for a hit then pass through to the normal out-of-line
2138 phys routines. */
66b9b43c
PM		 2139static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2140 unsigned size, MemTxAttrs attrs)
6658ffb8 2141{
66b9b43c
PM		 2142 MemTxResult res;
2143 uint64_t data;
79ed0416
PM		 2144 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2145 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2146
2147 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2148 switch (size) {
66b9b43c 2149 case 1:
79ed0416 2150 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2151 break;
2152 case 2:
79ed0416 2153 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2154 break;
2155 case 4:
79ed0416 2156 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2157 break;
1ec9b909
AK		 2158 default: abort();
2159 }
66b9b43c
PM		 2160 *pdata = data;
2161 return res;
6658ffb8
PB		 2162}
2163
66b9b43c
PM		 2164static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2165 uint64_t val, unsigned size,
2166 MemTxAttrs attrs)
6658ffb8 2167{
66b9b43c 2168 MemTxResult res;
79ed0416
PM		 2169 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2170 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2171
2172 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2173 switch (size) {
67364150 2174 case 1:
79ed0416 2175 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2176 break;
2177 case 2:
79ed0416 2178 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2179 break;
2180 case 4:
79ed0416 2181 address_space_stl(as, addr, val, attrs, &res);
67364150 2182 break;
1ec9b909
AK		 2183 default: abort();
2184 }
66b9b43c 2185 return res;
6658ffb8
PB		 2186}
2187
1ec9b909 2188static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2189 .read_with_attrs = watch_mem_read,
2190 .write_with_attrs = watch_mem_write,
1ec9b909 2191 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2192};
6658ffb8 2193
f25a49e0
PM		 2194static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2195 unsigned len, MemTxAttrs attrs)
db7b5426 2196{
acc9d80b 2197 subpage_t *subpage = opaque;
ff6cff75 2198 uint8_t buf[8];
5c9eb028 2199 MemTxResult res;
791af8c8 2200
db7b5426 2201#if defined(DEBUG_SUBPAGE)
016e9d62 2202 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2203 subpage, len, addr);
db7b5426 2204#endif
5c9eb028
PM		 2205 res = address_space_read(subpage->as, addr + subpage->base,
2206 attrs, buf, len);
2207 if (res) {
2208 return res;
f25a49e0 2209 }
acc9d80b
JK		 2210 switch (len) {
2211 case 1:
f25a49e0
PM		 2212 *data = ldub_p(buf);
2213 return MEMTX_OK;
acc9d80b 2214 case 2:
f25a49e0
PM		 2215 *data = lduw_p(buf);
2216 return MEMTX_OK;
acc9d80b 2217 case 4:
f25a49e0
PM		 2218 *data = ldl_p(buf);
2219 return MEMTX_OK;
ff6cff75 2220 case 8:
f25a49e0
PM		 2221 *data = ldq_p(buf);
2222 return MEMTX_OK;
acc9d80b
JK		 2223 default:
2224 abort();
2225 }
db7b5426
BS		 2226}
2227
f25a49e0
PM		 2228static MemTxResult subpage_write(void *opaque, hwaddr addr,
2229 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2230{
acc9d80b 2231 subpage_t *subpage = opaque;
ff6cff75 2232 uint8_t buf[8];
acc9d80b 2233
db7b5426 2234#if defined(DEBUG_SUBPAGE)
016e9d62 2235 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2236 " value %"PRIx64"\n",
2237 __func__, subpage, len, addr, value);
db7b5426 2238#endif
acc9d80b
JK		 2239 switch (len) {
2240 case 1:
2241 stb_p(buf, value);
2242 break;
2243 case 2:
2244 stw_p(buf, value);
2245 break;
2246 case 4:
2247 stl_p(buf, value);
2248 break;
ff6cff75
PB		 2249 case 8:
2250 stq_p(buf, value);
2251 break;
acc9d80b
JK		 2252 default:
2253 abort();
2254 }
5c9eb028
PM		 2255 return address_space_write(subpage->as, addr + subpage->base,
2256 attrs, buf, len);
db7b5426
BS		 2257}
2258
c353e4cc 2259static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2260 unsigned len, bool is_write)
c353e4cc 2261{
acc9d80b 2262 subpage_t *subpage = opaque;
c353e4cc 2263#if defined(DEBUG_SUBPAGE)
016e9d62 2264 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2265 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2266#endif
2267
acc9d80b 2268 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2269 len, is_write);
c353e4cc
PB		 2270}
2271
70c68e44 2272static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2273 .read_with_attrs = subpage_read,
2274 .write_with_attrs = subpage_write,
ff6cff75
PB		 2275 .impl.min_access_size = 1,
2276 .impl.max_access_size = 8,
2277 .valid.min_access_size = 1,
2278 .valid.max_access_size = 8,
c353e4cc 2279 .valid.accepts = subpage_accepts,
70c68e44 2280 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2281};
2282
c227f099 2283static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2284 uint16_t section)
db7b5426
BS		 2285{
2286 int idx, eidx;
2287
2288 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2289 return -1;
2290 idx = SUBPAGE_IDX(start);
2291 eidx = SUBPAGE_IDX(end);
2292#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2293 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2294 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2295#endif
db7b5426 2296 for (; idx <= eidx; idx++) {
5312bd8b 2297 mmio->sub_section[idx] = section;
db7b5426
BS		 2298 }
2299
2300 return 0;
2301}
2302
acc9d80b 2303static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2304{
c227f099 2305 subpage_t *mmio;
db7b5426 2306
7267c094 2307 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2308
acc9d80b 2309 mmio->as = as;
1eec614b 2310 mmio->base = base;
2c9b15ca 2311 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2312 NULL, TARGET_PAGE_SIZE);
b3b00c78 2313 mmio->iomem.subpage = true;
db7b5426 2314#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2315 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2316 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2317#endif
b41aac4f 2318 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2319
2320 return mmio;
2321}
2322
a656e22f
PC		 2323static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2324 MemoryRegion *mr)
5312bd8b 2325{
a656e22f 2326 assert(as);
5312bd8b 2327 MemoryRegionSection section = {
a656e22f 2328 .address_space = as,
5312bd8b
AK		 2329 .mr = mr,
2330 .offset_within_address_space = 0,
2331 .offset_within_region = 0,
052e87b0 2332 .size = int128_2_64(),
5312bd8b
AK		 2333 };
2334
53cb28cb 2335 return phys_section_add(map, &section);
5312bd8b
AK		 2336}
2337
a54c87b6 2338MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2339{
a54c87b6
PM		 2340 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2341 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2342 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2343 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2344
2345 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2346}
2347
e9179ce1
AK		 2348static void io_mem_init(void)
2349{
1f6245e5 2350 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2351 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2352 NULL, UINT64_MAX);
2c9b15ca 2353 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2354 NULL, UINT64_MAX);
2c9b15ca 2355 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2356 NULL, UINT64_MAX);
e9179ce1
AK		 2357}
2358
ac1970fb 2359static void mem_begin(MemoryListener *listener)
00752703
PB		 2360{
2361 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2362 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2363 uint16_t n;
2364
a656e22f 2365 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2366 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2367 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2368 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2369 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2370 assert(n == PHYS_SECTION_ROM);
a656e22f 2371 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2372 assert(n == PHYS_SECTION_WATCH);
00752703 2373
9736e55b 2374 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2375 d->as = as;
2376 as->next_dispatch = d;
2377}
2378
79e2b9ae
PB		 2379static void address_space_dispatch_free(AddressSpaceDispatch *d)
2380{
2381 phys_sections_free(&d->map);
2382 g_free(d);
2383}
2384
00752703 2385static void mem_commit(MemoryListener *listener)
ac1970fb 2386{
89ae337a 2387 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2388 AddressSpaceDispatch *cur = as->dispatch;
2389 AddressSpaceDispatch *next = as->next_dispatch;
2390
53cb28cb 2391 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2392
79e2b9ae 2393 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2394 if (cur) {
79e2b9ae 2395 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2396 }
9affd6fc
PB		 2397}
2398
1d71148e 2399static void tcg_commit(MemoryListener *listener)
50c1e149 2400{
32857f4d
PM		 2401 CPUAddressSpace *cpuas;
2402 AddressSpaceDispatch *d;
117712c3
AK		 2403
2404 /* since each CPU stores ram addresses in its TLB cache, we must
2405 reset the modified entries */
32857f4d
PM		 2406 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2407 cpu_reloading_memory_map();
2408 /* The CPU and TLB are protected by the iothread lock.
2409 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2410 * may have split the RCU critical section.
2411 */
2412 d = atomic_rcu_read(&cpuas->as->dispatch);
2413 cpuas->memory_dispatch = d;
2414 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2415}
2416
ac1970fb
AK		 2417void address_space_init_dispatch(AddressSpace *as)
2418{
00752703 2419 as->dispatch = NULL;
89ae337a 2420 as->dispatch_listener = (MemoryListener) {
ac1970fb 2421 .begin = mem_begin,
00752703 2422 .commit = mem_commit,
ac1970fb
AK		 2423 .region_add = mem_add,
2424 .region_nop = mem_add,
2425 .priority = 0,
2426 };
89ae337a 2427 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2428}
2429
6e48e8f9
PB		 2430void address_space_unregister(AddressSpace *as)
2431{
2432 memory_listener_unregister(&as->dispatch_listener);
2433}
2434
83f3c251
AK		 2435void address_space_destroy_dispatch(AddressSpace *as)
2436{
2437 AddressSpaceDispatch *d = as->dispatch;
2438
79e2b9ae
PB		 2439 atomic_rcu_set(&as->dispatch, NULL);
2440 if (d) {
2441 call_rcu(d, address_space_dispatch_free, rcu);
2442 }
83f3c251
AK		 2443}
2444
62152b8a
AK		 2445static void memory_map_init(void)
2446{
7267c094 2447 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2448
57271d63 2449 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2450 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2451
7267c094 2452 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2453 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2454 65536);
7dca8043 2455 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2456}
2457
2458MemoryRegion *get_system_memory(void)
2459{
2460 return system_memory;
2461}
2462
309cb471
AK		 2463MemoryRegion *get_system_io(void)
2464{
2465 return system_io;
2466}
2467
e2eef170
PB		 2468#endif /* !defined(CONFIG_USER_ONLY) */
2469
13eb76e0
FB		 2470/* physical memory access (slow version, mainly for debug) */
2471#if defined(CONFIG_USER_ONLY)
f17ec444 2472int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2473 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2474{
2475 int l, flags;
2476 target_ulong page;
53a5960a 2477 void * p;
13eb76e0
FB		 2478
2479 while (len > 0) {
2480 page = addr & TARGET_PAGE_MASK;
2481 l = (page + TARGET_PAGE_SIZE) - addr;
2482 if (l > len)
2483 l = len;
2484 flags = page_get_flags(page);
2485 if (!(flags & PAGE_VALID))
a68fe89c 2486 return -1;
13eb76e0
FB		 2487 if (is_write) {
2488 if (!(flags & PAGE_WRITE))
a68fe89c 2489 return -1;
579a97f7 2490 /* XXX: this code should not depend on lock_user */
72fb7daa 2491 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2492 return -1;
72fb7daa
AJ		 2493 memcpy(p, buf, l);
2494 unlock_user(p, addr, l);
13eb76e0
FB		 2495 } else {
2496 if (!(flags & PAGE_READ))
a68fe89c 2497 return -1;
579a97f7 2498 /* XXX: this code should not depend on lock_user */
72fb7daa 2499 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2500 return -1;
72fb7daa 2501 memcpy(buf, p, l);
5b257578 2502 unlock_user(p, addr, 0);
13eb76e0
FB		 2503 }
2504 len -= l;
2505 buf += l;
2506 addr += l;
2507 }
a68fe89c 2508 return 0;
13eb76e0 2509}
8df1cd07 2510
13eb76e0 2511#else
51d7a9eb 2512
845b6214 2513static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2514 hwaddr length)
51d7a9eb 2515{
e87f7778
PB		 2516 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2517 /* No early return if dirty_log_mask is or becomes 0, because
2518 * cpu_physical_memory_set_dirty_range will still call
2519 * xen_modified_memory.
2520 */
2521 if (dirty_log_mask) {
2522 dirty_log_mask =
2523 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2524 }
2525 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2526 tb_invalidate_phys_range(addr, addr + length);
2527 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2528 }
e87f7778 2529 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2530}
2531
23326164 2532static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2533{
e1622f4b 2534 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2535
2536 /* Regions are assumed to support 1-4 byte accesses unless
2537 otherwise specified. */
23326164
RH		 2538 if (access_size_max == 0) {
2539 access_size_max = 4;
2540 }
2541
2542 /* Bound the maximum access by the alignment of the address. */
2543 if (!mr->ops->impl.unaligned) {
2544 unsigned align_size_max = addr & -addr;
2545 if (align_size_max != 0 && align_size_max < access_size_max) {
2546 access_size_max = align_size_max;
2547 }
82f2563f 2548 }
23326164
RH		 2549
2550 /* Don't attempt accesses larger than the maximum. */
2551 if (l > access_size_max) {
2552 l = access_size_max;
82f2563f 2553 }
6554f5c0 2554 l = pow2floor(l);
23326164
RH		 2555
2556 return l;
82f2563f
PB		 2557}
2558
4840f10e 2559static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2560{
4840f10e
JK		 2561 bool unlocked = !qemu_mutex_iothread_locked();
2562 bool release_lock = false;
2563
2564 if (unlocked && mr->global_locking) {
2565 qemu_mutex_lock_iothread();
2566 unlocked = false;
2567 release_lock = true;
2568 }
125b3806 2569 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2570 if (unlocked) {
2571 qemu_mutex_lock_iothread();
2572 }
125b3806 2573 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2574 if (unlocked) {
2575 qemu_mutex_unlock_iothread();
2576 }
125b3806 2577 }
4840f10e
JK		 2578
2579 return release_lock;
125b3806
PB		 2580}
2581
a203ac70
PB		 2582/* Called within RCU critical section. */
2583static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2584 MemTxAttrs attrs,
2585 const uint8_t *buf,
2586 int len, hwaddr addr1,
2587 hwaddr l, MemoryRegion *mr)
13eb76e0 2588{
13eb76e0 2589 uint8_t *ptr;
791af8c8 2590 uint64_t val;
3b643495 2591 MemTxResult result = MEMTX_OK;
4840f10e 2592 bool release_lock = false;
3b46e624 2593
a203ac70 2594 for (;;) {
eb7eeb88
PB		 2595 if (!memory_access_is_direct(mr, true)) {
2596 release_lock |= prepare_mmio_access(mr);
2597 l = memory_access_size(mr, l, addr1);
2598 /* XXX: could force current_cpu to NULL to avoid
2599 potential bugs */
2600 switch (l) {
2601 case 8:
2602 /* 64 bit write access */
2603 val = ldq_p(buf);
2604 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2605 attrs);
2606 break;
2607 case 4:
2608 /* 32 bit write access */
2609 val = ldl_p(buf);
2610 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2611 attrs);
2612 break;
2613 case 2:
2614 /* 16 bit write access */
2615 val = lduw_p(buf);
2616 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2617 attrs);
2618 break;
2619 case 1:
2620 /* 8 bit write access */
2621 val = ldub_p(buf);
2622 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2623 attrs);
2624 break;
2625 default:
2626 abort();
13eb76e0
FB		 2627 }
2628 } else {
eb7eeb88
PB		 2629 addr1 += memory_region_get_ram_addr(mr);
2630 /* RAM case */
3655cb9c 2631 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2632 memcpy(ptr, buf, l);
2633 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2634 }
4840f10e
JK		 2635
2636 if (release_lock) {
2637 qemu_mutex_unlock_iothread();
2638 release_lock = false;
2639 }
2640
13eb76e0
FB		 2641 len -= l;
2642 buf += l;
2643 addr += l;
a203ac70
PB		 2644
2645 if (!len) {
2646 break;
2647 }
2648
2649 l = len;
2650 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2651 }
fd8aaa76 2652
3b643495 2653 return result;
13eb76e0 2654}
8df1cd07 2655
a203ac70
PB		 2656MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2657 const uint8_t *buf, int len)
ac1970fb 2658{
eb7eeb88 2659 hwaddr l;
eb7eeb88
PB		 2660 hwaddr addr1;
2661 MemoryRegion *mr;
2662 MemTxResult result = MEMTX_OK;
eb7eeb88 2663
a203ac70
PB		 2664 if (len > 0) {
2665 rcu_read_lock();
eb7eeb88 2666 l = len;
a203ac70
PB		 2667 mr = address_space_translate(as, addr, &addr1, &l, true);
2668 result = address_space_write_continue(as, addr, attrs, buf, len,
2669 addr1, l, mr);
2670 rcu_read_unlock();
2671 }
2672
2673 return result;
2674}
2675
2676/* Called within RCU critical section. */
2677MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2678 MemTxAttrs attrs, uint8_t *buf,
2679 int len, hwaddr addr1, hwaddr l,
2680 MemoryRegion *mr)
2681{
2682 uint8_t *ptr;
2683 uint64_t val;
2684 MemTxResult result = MEMTX_OK;
2685 bool release_lock = false;
eb7eeb88 2686
a203ac70 2687 for (;;) {
eb7eeb88
PB		 2688 if (!memory_access_is_direct(mr, false)) {
2689 /* I/O case */
2690 release_lock |= prepare_mmio_access(mr);
2691 l = memory_access_size(mr, l, addr1);
2692 switch (l) {
2693 case 8:
2694 /* 64 bit read access */
2695 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2696 attrs);
2697 stq_p(buf, val);
2698 break;
2699 case 4:
2700 /* 32 bit read access */
2701 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2702 attrs);
2703 stl_p(buf, val);
2704 break;
2705 case 2:
2706 /* 16 bit read access */
2707 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2708 attrs);
2709 stw_p(buf, val);
2710 break;
2711 case 1:
2712 /* 8 bit read access */
2713 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2714 attrs);
2715 stb_p(buf, val);
2716 break;
2717 default:
2718 abort();
2719 }
2720 } else {
2721 /* RAM case */
8e41fb63
FZ		 2722 ptr = qemu_get_ram_ptr(mr->ram_block,
2723 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2724 memcpy(buf, ptr, l);
2725 }
2726
2727 if (release_lock) {
2728 qemu_mutex_unlock_iothread();
2729 release_lock = false;
2730 }
2731
2732 len -= l;
2733 buf += l;
2734 addr += l;
a203ac70
PB		 2735
2736 if (!len) {
2737 break;
2738 }
2739
2740 l = len;
2741 mr = address_space_translate(as, addr, &addr1, &l, false);
2742 }
2743
2744 return result;
2745}
2746
3cc8f884
PB		 2747MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2748 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2749{
2750 hwaddr l;
2751 hwaddr addr1;
2752 MemoryRegion *mr;
2753 MemTxResult result = MEMTX_OK;
2754
2755 if (len > 0) {
2756 rcu_read_lock();
2757 l = len;
2758 mr = address_space_translate(as, addr, &addr1, &l, false);
2759 result = address_space_read_continue(as, addr, attrs, buf, len,
2760 addr1, l, mr);
2761 rcu_read_unlock();
eb7eeb88 2762 }
eb7eeb88
PB		 2763
2764 return result;
ac1970fb
AK		 2765}
2766
eb7eeb88
PB		 2767MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2768 uint8_t *buf, int len, bool is_write)
2769{
2770 if (is_write) {
2771 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2772 } else {
2773 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2774 }
2775}
ac1970fb 2776
a8170e5e 2777void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2778 int len, int is_write)
2779{
5c9eb028
PM		 2780 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2781 buf, len, is_write);
ac1970fb
AK		 2782}
2783
582b55a9
AG		 2784enum write_rom_type {
2785 WRITE_DATA,
2786 FLUSH_CACHE,
2787};
2788
2a221651 2789static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2790 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2791{
149f54b5 2792 hwaddr l;
d0ecd2aa 2793 uint8_t *ptr;
149f54b5 2794 hwaddr addr1;
5c8a00ce 2795 MemoryRegion *mr;
3b46e624 2796
41063e1e 2797 rcu_read_lock();
d0ecd2aa 2798 while (len > 0) {
149f54b5 2799 l = len;
2a221651 2800 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2801
5c8a00ce
PB		 2802 if (!(memory_region_is_ram(mr) ||
2803 memory_region_is_romd(mr))) {
b242e0e0 2804 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2805 } else {
5c8a00ce 2806 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2807 /* ROM/RAM case */
3655cb9c 2808 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2809 switch (type) {
2810 case WRITE_DATA:
2811 memcpy(ptr, buf, l);
845b6214 2812 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2813 break;
2814 case FLUSH_CACHE:
2815 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2816 break;
2817 }
d0ecd2aa
FB		 2818 }
2819 len -= l;
2820 buf += l;
2821 addr += l;
2822 }
41063e1e 2823 rcu_read_unlock();
d0ecd2aa
FB		 2824}
2825
582b55a9 2826/* used for ROM loading : can write in RAM and ROM */
2a221651 2827void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2828 const uint8_t *buf, int len)
2829{
2a221651 2830 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2831}
2832
2833void cpu_flush_icache_range(hwaddr start, int len)
2834{
2835 /*
2836 * This function should do the same thing as an icache flush that was
2837 * triggered from within the guest. For TCG we are always cache coherent,
2838 * so there is no need to flush anything. For KVM / Xen we need to flush
2839 * the host's instruction cache at least.
2840 */
2841 if (tcg_enabled()) {
2842 return;
2843 }
2844
2a221651
EI		 2845 cpu_physical_memory_write_rom_internal(&address_space_memory,
2846 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2847}
2848
6d16c2f8 2849typedef struct {
d3e71559 2850 MemoryRegion *mr;
6d16c2f8 2851 void *buffer;
a8170e5e
AK		 2852 hwaddr addr;
2853 hwaddr len;
c2cba0ff 2854 bool in_use;
6d16c2f8
AL		 2855} BounceBuffer;
2856
2857static BounceBuffer bounce;
2858
ba223c29 2859typedef struct MapClient {
e95205e1 2860 QEMUBH *bh;
72cf2d4f 2861 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2862} MapClient;
2863
38e047b5 2864QemuMutex map_client_list_lock;
72cf2d4f
BS		 2865static QLIST_HEAD(map_client_list, MapClient) map_client_list
2866 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2867
e95205e1
FZ		 2868static void cpu_unregister_map_client_do(MapClient *client)
2869{
2870 QLIST_REMOVE(client, link);
2871 g_free(client);
2872}
2873
33b6c2ed
FZ		 2874static void cpu_notify_map_clients_locked(void)
2875{
2876 MapClient *client;
2877
2878 while (!QLIST_EMPTY(&map_client_list)) {
2879 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2880 qemu_bh_schedule(client->bh);
2881 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2882 }
2883}
2884
e95205e1 2885void cpu_register_map_client(QEMUBH *bh)
ba223c29 2886{
7267c094 2887 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2888
38e047b5 2889 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2890 client->bh = bh;
72cf2d4f 2891 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2892 if (!atomic_read(&bounce.in_use)) {
2893 cpu_notify_map_clients_locked();
2894 }
38e047b5 2895 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2896}
2897
38e047b5 2898void cpu_exec_init_all(void)
ba223c29 2899{
38e047b5 2900 qemu_mutex_init(&ram_list.mutex);
38e047b5 2901 io_mem_init();
680a4783 2902 memory_map_init();
38e047b5 2903 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2904}
2905
e95205e1 2906void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2907{
2908 MapClient *client;
2909
e95205e1
FZ		 2910 qemu_mutex_lock(&map_client_list_lock);
2911 QLIST_FOREACH(client, &map_client_list, link) {
2912 if (client->bh == bh) {
2913 cpu_unregister_map_client_do(client);
2914 break;
2915 }
ba223c29 2916 }
e95205e1 2917 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2918}
2919
2920static void cpu_notify_map_clients(void)
2921{
38e047b5 2922 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2923 cpu_notify_map_clients_locked();
38e047b5 2924 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2925}
2926
51644ab7
PB		 2927bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2928{
5c8a00ce 2929 MemoryRegion *mr;
51644ab7
PB		 2930 hwaddr l, xlat;
2931
41063e1e 2932 rcu_read_lock();
51644ab7
PB		 2933 while (len > 0) {
2934 l = len;
5c8a00ce
PB		 2935 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2936 if (!memory_access_is_direct(mr, is_write)) {
2937 l = memory_access_size(mr, l, addr);
2938 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2939 return false;
2940 }
2941 }
2942
2943 len -= l;
2944 addr += l;
2945 }
41063e1e 2946 rcu_read_unlock();
51644ab7
PB		 2947 return true;
2948}
2949
6d16c2f8
AL		 2950/* Map a physical memory region into a host virtual address.
2951 * May map a subset of the requested range, given by and returned in *plen.
2952 * May return NULL if resources needed to perform the mapping are exhausted.
2953 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2954 * Use cpu_register_map_client() to know when retrying the map operation is
2955 * likely to succeed.
6d16c2f8 2956 */
ac1970fb 2957void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2958 hwaddr addr,
2959 hwaddr *plen,
ac1970fb 2960 bool is_write)
6d16c2f8 2961{
a8170e5e 2962 hwaddr len = *plen;
e3127ae0
PB		 2963 hwaddr done = 0;
2964 hwaddr l, xlat, base;
2965 MemoryRegion *mr, *this_mr;
2966 ram_addr_t raddr;
e81bcda5 2967 void *ptr;
6d16c2f8 2968
e3127ae0
PB		 2969 if (len == 0) {
2970 return NULL;
2971 }
38bee5dc 2972
e3127ae0 2973 l = len;
41063e1e 2974 rcu_read_lock();
e3127ae0 2975 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2976
e3127ae0 2977 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2978 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2979 rcu_read_unlock();
e3127ae0 2980 return NULL;
6d16c2f8 2981 }
e85d9db5
KW		 2982 /* Avoid unbounded allocations */
2983 l = MIN(l, TARGET_PAGE_SIZE);
2984 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2985 bounce.addr = addr;
2986 bounce.len = l;
d3e71559
PB		 2987
2988 memory_region_ref(mr);
2989 bounce.mr = mr;
e3127ae0 2990 if (!is_write) {
5c9eb028
PM		 2991 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2992 bounce.buffer, l);
8ab934f9 2993 }
6d16c2f8 2994
41063e1e 2995 rcu_read_unlock();
e3127ae0
PB		 2996 *plen = l;
2997 return bounce.buffer;
2998 }
2999
3000 base = xlat;
3001 raddr = memory_region_get_ram_addr(mr);
3002
3003 for (;;) {
6d16c2f8
AL		 3004 len -= l;
3005 addr += l;
e3127ae0
PB		 3006 done += l;
3007 if (len == 0) {
3008 break;
3009 }
3010
3011 l = len;
3012 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3013 if (this_mr != mr || xlat != base + done) {
3014 break;
3015 }
6d16c2f8 3016 }
e3127ae0 3017
d3e71559 3018 memory_region_ref(mr);
e3127ae0 3019 *plen = done;
3655cb9c 3020 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 3021 rcu_read_unlock();
3022
3023 return ptr;
6d16c2f8
AL		 3024}
3025
ac1970fb 3026/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3027 * Will also mark the memory as dirty if is_write == 1. access_len gives
3028 * the amount of memory that was actually read or written by the caller.
3029 */
a8170e5e
AK		 3030void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3031 int is_write, hwaddr access_len)
6d16c2f8
AL		 3032{
3033 if (buffer != bounce.buffer) {
d3e71559
PB		 3034 MemoryRegion *mr;
3035 ram_addr_t addr1;
3036
3037 mr = qemu_ram_addr_from_host(buffer, &addr1);
3038 assert(mr != NULL);
6d16c2f8 3039 if (is_write) {
845b6214 3040 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3041 }
868bb33f 3042 if (xen_enabled()) {
e41d7c69 3043 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3044 }
d3e71559 3045 memory_region_unref(mr);
6d16c2f8
AL		 3046 return;
3047 }
3048 if (is_write) {
5c9eb028
PM		 3049 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3050 bounce.buffer, access_len);
6d16c2f8 3051 }
f8a83245 3052 qemu_vfree(bounce.buffer);
6d16c2f8 3053 bounce.buffer = NULL;
d3e71559 3054 memory_region_unref(bounce.mr);
c2cba0ff 3055 atomic_mb_set(&bounce.in_use, false);
ba223c29 3056 cpu_notify_map_clients();
6d16c2f8 3057}
d0ecd2aa 3058
a8170e5e
AK		 3059void *cpu_physical_memory_map(hwaddr addr,
3060 hwaddr *plen,
ac1970fb
AK		 3061 int is_write)
3062{
3063 return address_space_map(&address_space_memory, addr, plen, is_write);
3064}
3065
a8170e5e
AK		 3066void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3067 int is_write, hwaddr access_len)
ac1970fb
AK		 3068{
3069 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3070}
3071
8df1cd07 3072/* warning: addr must be aligned */
50013115
PM		 3073static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3074 MemTxAttrs attrs,
3075 MemTxResult *result,
3076 enum device_endian endian)
8df1cd07 3077{
8df1cd07 3078 uint8_t *ptr;
791af8c8 3079 uint64_t val;
5c8a00ce 3080 MemoryRegion *mr;
149f54b5
PB		 3081 hwaddr l = 4;
3082 hwaddr addr1;
50013115 3083 MemTxResult r;
4840f10e 3084 bool release_lock = false;
8df1cd07 3085
41063e1e 3086 rcu_read_lock();
fdfba1a2 3087 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3088 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3089 release_lock |= prepare_mmio_access(mr);
125b3806 3090
8df1cd07 3091 /* I/O case */
50013115 3092 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3093#if defined(TARGET_WORDS_BIGENDIAN)
3094 if (endian == DEVICE_LITTLE_ENDIAN) {
3095 val = bswap32(val);
3096 }
3097#else
3098 if (endian == DEVICE_BIG_ENDIAN) {
3099 val = bswap32(val);
3100 }
3101#endif
8df1cd07
FB		 3102 } else {
3103 /* RAM case */
3655cb9c
GA		 3104 ptr = qemu_get_ram_ptr(mr->ram_block,
3105 (memory_region_get_ram_addr(mr)
06ef3525 3106 & TARGET_PAGE_MASK)
149f54b5 3107 + addr1);
1e78bcc1
AG		 3108 switch (endian) {
3109 case DEVICE_LITTLE_ENDIAN:
3110 val = ldl_le_p(ptr);
3111 break;
3112 case DEVICE_BIG_ENDIAN:
3113 val = ldl_be_p(ptr);
3114 break;
3115 default:
3116 val = ldl_p(ptr);
3117 break;
3118 }
50013115
PM		 3119 r = MEMTX_OK;
3120 }
3121 if (result) {
3122 *result = r;
8df1cd07 3123 }
4840f10e
JK		 3124 if (release_lock) {
3125 qemu_mutex_unlock_iothread();
3126 }
41063e1e 3127 rcu_read_unlock();
8df1cd07
FB		 3128 return val;
3129}
3130
50013115
PM		 3131uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3132 MemTxAttrs attrs, MemTxResult *result)
3133{
3134 return address_space_ldl_internal(as, addr, attrs, result,
3135 DEVICE_NATIVE_ENDIAN);
3136}
3137
3138uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3139 MemTxAttrs attrs, MemTxResult *result)
3140{
3141 return address_space_ldl_internal(as, addr, attrs, result,
3142 DEVICE_LITTLE_ENDIAN);
3143}
3144
3145uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs, MemTxResult *result)
3147{
3148 return address_space_ldl_internal(as, addr, attrs, result,
3149 DEVICE_BIG_ENDIAN);
3150}
3151
fdfba1a2 3152uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3153{
50013115 3154 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3155}
3156
fdfba1a2 3157uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3158{
50013115 3159 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3160}
3161
fdfba1a2 3162uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3163{
50013115 3164 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3165}
3166
84b7b8e7 3167/* warning: addr must be aligned */
50013115
PM		 3168static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3169 MemTxAttrs attrs,
3170 MemTxResult *result,
3171 enum device_endian endian)
84b7b8e7 3172{
84b7b8e7
FB		 3173 uint8_t *ptr;
3174 uint64_t val;
5c8a00ce 3175 MemoryRegion *mr;
149f54b5
PB		 3176 hwaddr l = 8;
3177 hwaddr addr1;
50013115 3178 MemTxResult r;
4840f10e 3179 bool release_lock = false;
84b7b8e7 3180
41063e1e 3181 rcu_read_lock();
2c17449b 3182 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3183 false);
3184 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3185 release_lock |= prepare_mmio_access(mr);
125b3806 3186
84b7b8e7 3187 /* I/O case */
50013115 3188 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3189#if defined(TARGET_WORDS_BIGENDIAN)
3190 if (endian == DEVICE_LITTLE_ENDIAN) {
3191 val = bswap64(val);
3192 }
3193#else
3194 if (endian == DEVICE_BIG_ENDIAN) {
3195 val = bswap64(val);
3196 }
84b7b8e7
FB		 3197#endif
3198 } else {
3199 /* RAM case */
3655cb9c
GA		 3200 ptr = qemu_get_ram_ptr(mr->ram_block,
3201 (memory_region_get_ram_addr(mr)
06ef3525 3202 & TARGET_PAGE_MASK)
149f54b5 3203 + addr1);
1e78bcc1
AG		 3204 switch (endian) {
3205 case DEVICE_LITTLE_ENDIAN:
3206 val = ldq_le_p(ptr);
3207 break;
3208 case DEVICE_BIG_ENDIAN:
3209 val = ldq_be_p(ptr);
3210 break;
3211 default:
3212 val = ldq_p(ptr);
3213 break;
3214 }
50013115
PM		 3215 r = MEMTX_OK;
3216 }
3217 if (result) {
3218 *result = r;
84b7b8e7 3219 }
4840f10e
JK		 3220 if (release_lock) {
3221 qemu_mutex_unlock_iothread();
3222 }
41063e1e 3223 rcu_read_unlock();
84b7b8e7
FB		 3224 return val;
3225}
3226
50013115
PM		 3227uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3228 MemTxAttrs attrs, MemTxResult *result)
3229{
3230 return address_space_ldq_internal(as, addr, attrs, result,
3231 DEVICE_NATIVE_ENDIAN);
3232}
3233
3234uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3235 MemTxAttrs attrs, MemTxResult *result)
3236{
3237 return address_space_ldq_internal(as, addr, attrs, result,
3238 DEVICE_LITTLE_ENDIAN);
3239}
3240
3241uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3242 MemTxAttrs attrs, MemTxResult *result)
3243{
3244 return address_space_ldq_internal(as, addr, attrs, result,
3245 DEVICE_BIG_ENDIAN);
3246}
3247
2c17449b 3248uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3249{
50013115 3250 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3251}
3252
2c17449b 3253uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3254{
50013115 3255 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3256}
3257
2c17449b 3258uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3259{
50013115 3260 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3261}
3262
aab33094 3263/* XXX: optimize */
50013115
PM		 3264uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3265 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3266{
3267 uint8_t val;
50013115
PM		 3268 MemTxResult r;
3269
3270 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3271 if (result) {
3272 *result = r;
3273 }
aab33094
FB		 3274 return val;
3275}
3276
50013115
PM		 3277uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3278{
3279 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3280}
3281
733f0b02 3282/* warning: addr must be aligned */
50013115
PM		 3283static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3284 hwaddr addr,
3285 MemTxAttrs attrs,
3286 MemTxResult *result,
3287 enum device_endian endian)
aab33094 3288{
733f0b02
MT		 3289 uint8_t *ptr;
3290 uint64_t val;
5c8a00ce 3291 MemoryRegion *mr;
149f54b5
PB		 3292 hwaddr l = 2;
3293 hwaddr addr1;
50013115 3294 MemTxResult r;
4840f10e 3295 bool release_lock = false;
733f0b02 3296
41063e1e 3297 rcu_read_lock();
41701aa4 3298 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3299 false);
3300 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3301 release_lock |= prepare_mmio_access(mr);
125b3806 3302
733f0b02 3303 /* I/O case */
50013115 3304 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3305#if defined(TARGET_WORDS_BIGENDIAN)
3306 if (endian == DEVICE_LITTLE_ENDIAN) {
3307 val = bswap16(val);
3308 }
3309#else
3310 if (endian == DEVICE_BIG_ENDIAN) {
3311 val = bswap16(val);
3312 }
3313#endif
733f0b02
MT		 3314 } else {
3315 /* RAM case */
3655cb9c
GA		 3316 ptr = qemu_get_ram_ptr(mr->ram_block,
3317 (memory_region_get_ram_addr(mr)
06ef3525 3318 & TARGET_PAGE_MASK)
149f54b5 3319 + addr1);
1e78bcc1
AG		 3320 switch (endian) {
3321 case DEVICE_LITTLE_ENDIAN:
3322 val = lduw_le_p(ptr);
3323 break;
3324 case DEVICE_BIG_ENDIAN:
3325 val = lduw_be_p(ptr);
3326 break;
3327 default:
3328 val = lduw_p(ptr);
3329 break;
3330 }
50013115
PM		 3331 r = MEMTX_OK;
3332 }
3333 if (result) {
3334 *result = r;
733f0b02 3335 }
4840f10e
JK		 3336 if (release_lock) {
3337 qemu_mutex_unlock_iothread();
3338 }
41063e1e 3339 rcu_read_unlock();
733f0b02 3340 return val;
aab33094
FB		 3341}
3342
50013115
PM		 3343uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3344 MemTxAttrs attrs, MemTxResult *result)
3345{
3346 return address_space_lduw_internal(as, addr, attrs, result,
3347 DEVICE_NATIVE_ENDIAN);
3348}
3349
3350uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3351 MemTxAttrs attrs, MemTxResult *result)
3352{
3353 return address_space_lduw_internal(as, addr, attrs, result,
3354 DEVICE_LITTLE_ENDIAN);
3355}
3356
3357uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3358 MemTxAttrs attrs, MemTxResult *result)
3359{
3360 return address_space_lduw_internal(as, addr, attrs, result,
3361 DEVICE_BIG_ENDIAN);
3362}
3363
41701aa4 3364uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3365{
50013115 3366 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3367}
3368
41701aa4 3369uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3370{
50013115 3371 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3372}
3373
41701aa4 3374uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3375{
50013115 3376 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3377}
3378
8df1cd07
FB		 3379/* warning: addr must be aligned. The ram page is not masked as dirty
3380 and the code inside is not invalidated. It is useful if the dirty
3381 bits are used to track modified PTEs */
50013115
PM		 3382void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3383 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3384{
8df1cd07 3385 uint8_t *ptr;
5c8a00ce 3386 MemoryRegion *mr;
149f54b5
PB		 3387 hwaddr l = 4;
3388 hwaddr addr1;
50013115 3389 MemTxResult r;
845b6214 3390 uint8_t dirty_log_mask;
4840f10e 3391 bool release_lock = false;
8df1cd07 3392
41063e1e 3393 rcu_read_lock();
2198a121 3394 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3395 true);
3396 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3397 release_lock |= prepare_mmio_access(mr);
125b3806 3398
50013115 3399 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3400 } else {
5c8a00ce 3401 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3402 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3403 stl_p(ptr, val);
74576198 3404
845b6214
PB		 3405 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3406 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3407 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3408 r = MEMTX_OK;
3409 }
3410 if (result) {
3411 *result = r;
8df1cd07 3412 }
4840f10e
JK		 3413 if (release_lock) {
3414 qemu_mutex_unlock_iothread();
3415 }
41063e1e 3416 rcu_read_unlock();
8df1cd07
FB		 3417}
3418
50013115
PM		 3419void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3420{
3421 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3422}
3423
8df1cd07 3424/* warning: addr must be aligned */
50013115
PM		 3425static inline void address_space_stl_internal(AddressSpace *as,
3426 hwaddr addr, uint32_t val,
3427 MemTxAttrs attrs,
3428 MemTxResult *result,
3429 enum device_endian endian)
8df1cd07 3430{
8df1cd07 3431 uint8_t *ptr;
5c8a00ce 3432 MemoryRegion *mr;
149f54b5
PB		 3433 hwaddr l = 4;
3434 hwaddr addr1;
50013115 3435 MemTxResult r;
4840f10e 3436 bool release_lock = false;
8df1cd07 3437
41063e1e 3438 rcu_read_lock();
ab1da857 3439 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3440 true);
3441 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3442 release_lock |= prepare_mmio_access(mr);
125b3806 3443
1e78bcc1
AG		 3444#if defined(TARGET_WORDS_BIGENDIAN)
3445 if (endian == DEVICE_LITTLE_ENDIAN) {
3446 val = bswap32(val);
3447 }
3448#else
3449 if (endian == DEVICE_BIG_ENDIAN) {
3450 val = bswap32(val);
3451 }
3452#endif
50013115 3453 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3454 } else {
8df1cd07 3455 /* RAM case */
5c8a00ce 3456 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3457 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3458 switch (endian) {
3459 case DEVICE_LITTLE_ENDIAN:
3460 stl_le_p(ptr, val);
3461 break;
3462 case DEVICE_BIG_ENDIAN:
3463 stl_be_p(ptr, val);
3464 break;
3465 default:
3466 stl_p(ptr, val);
3467 break;
3468 }
845b6214 3469 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3470 r = MEMTX_OK;
3471 }
3472 if (result) {
3473 *result = r;
8df1cd07 3474 }
4840f10e
JK		 3475 if (release_lock) {
3476 qemu_mutex_unlock_iothread();
3477 }
41063e1e 3478 rcu_read_unlock();
8df1cd07
FB		 3479}
3480
50013115
PM		 3481void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3482 MemTxAttrs attrs, MemTxResult *result)
3483{
3484 address_space_stl_internal(as, addr, val, attrs, result,
3485 DEVICE_NATIVE_ENDIAN);
3486}
3487
3488void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3489 MemTxAttrs attrs, MemTxResult *result)
3490{
3491 address_space_stl_internal(as, addr, val, attrs, result,
3492 DEVICE_LITTLE_ENDIAN);
3493}
3494
3495void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
3497{
3498 address_space_stl_internal(as, addr, val, attrs, result,
3499 DEVICE_BIG_ENDIAN);
3500}
3501
ab1da857 3502void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3503{
50013115 3504 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3505}
3506
ab1da857 3507void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3508{
50013115 3509 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3510}
3511
ab1da857 3512void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3513{
50013115 3514 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3515}
3516
aab33094 3517/* XXX: optimize */
50013115
PM		 3518void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3519 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3520{
3521 uint8_t v = val;
50013115
PM		 3522 MemTxResult r;
3523
3524 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3525 if (result) {
3526 *result = r;
3527 }
3528}
3529
3530void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3531{
3532 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3533}
3534
733f0b02 3535/* warning: addr must be aligned */
50013115
PM		 3536static inline void address_space_stw_internal(AddressSpace *as,
3537 hwaddr addr, uint32_t val,
3538 MemTxAttrs attrs,
3539 MemTxResult *result,
3540 enum device_endian endian)
aab33094 3541{
733f0b02 3542 uint8_t *ptr;
5c8a00ce 3543 MemoryRegion *mr;
149f54b5
PB		 3544 hwaddr l = 2;
3545 hwaddr addr1;
50013115 3546 MemTxResult r;
4840f10e 3547 bool release_lock = false;
733f0b02 3548
41063e1e 3549 rcu_read_lock();
5ce5944d 3550 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3551 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3552 release_lock |= prepare_mmio_access(mr);
125b3806 3553
1e78bcc1
AG		 3554#if defined(TARGET_WORDS_BIGENDIAN)
3555 if (endian == DEVICE_LITTLE_ENDIAN) {
3556 val = bswap16(val);
3557 }
3558#else
3559 if (endian == DEVICE_BIG_ENDIAN) {
3560 val = bswap16(val);
3561 }
3562#endif
50013115 3563 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3564 } else {
733f0b02 3565 /* RAM case */
5c8a00ce 3566 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3655cb9c 3567 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3568 switch (endian) {
3569 case DEVICE_LITTLE_ENDIAN:
3570 stw_le_p(ptr, val);
3571 break;
3572 case DEVICE_BIG_ENDIAN:
3573 stw_be_p(ptr, val);
3574 break;
3575 default:
3576 stw_p(ptr, val);
3577 break;
3578 }
845b6214 3579 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3580 r = MEMTX_OK;
3581 }
3582 if (result) {
3583 *result = r;
733f0b02 3584 }
4840f10e
JK		 3585 if (release_lock) {
3586 qemu_mutex_unlock_iothread();
3587 }
41063e1e 3588 rcu_read_unlock();
aab33094
FB		 3589}
3590
50013115
PM		 3591void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3592 MemTxAttrs attrs, MemTxResult *result)
3593{
3594 address_space_stw_internal(as, addr, val, attrs, result,
3595 DEVICE_NATIVE_ENDIAN);
3596}
3597
3598void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3599 MemTxAttrs attrs, MemTxResult *result)
3600{
3601 address_space_stw_internal(as, addr, val, attrs, result,
3602 DEVICE_LITTLE_ENDIAN);
3603}
3604
3605void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3606 MemTxAttrs attrs, MemTxResult *result)
3607{
3608 address_space_stw_internal(as, addr, val, attrs, result,
3609 DEVICE_BIG_ENDIAN);
3610}
3611
5ce5944d 3612void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3613{
50013115 3614 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3615}
3616
5ce5944d 3617void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3618{
50013115 3619 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3620}
3621
5ce5944d 3622void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3623{
50013115 3624 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3625}
3626
aab33094 3627/* XXX: optimize */
50013115
PM		 3628void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3629 MemTxAttrs attrs, MemTxResult *result)
aab33094 3630{
50013115 3631 MemTxResult r;
aab33094 3632 val = tswap64(val);
50013115
PM		 3633 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3634 if (result) {
3635 *result = r;
3636 }
aab33094
FB		 3637}
3638
50013115
PM		 3639void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3640 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3641{
50013115 3642 MemTxResult r;
1e78bcc1 3643 val = cpu_to_le64(val);
50013115
PM		 3644 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3645 if (result) {
3646 *result = r;
3647 }
3648}
3649void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3650 MemTxAttrs attrs, MemTxResult *result)
3651{
3652 MemTxResult r;
3653 val = cpu_to_be64(val);
3654 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3655 if (result) {
3656 *result = r;
3657 }
3658}
3659
3660void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3661{
3662 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3663}
3664
3665void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3666{
3667 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3668}
3669
f606604f 3670void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3671{
50013115 3672 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3673}
3674
5e2972fd 3675/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3676int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3677 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3678{
3679 int l;
a8170e5e 3680 hwaddr phys_addr;
9b3c35e0 3681 target_ulong page;
13eb76e0
FB		 3682
3683 while (len > 0) {
5232e4c7
PM		 3684 int asidx;
3685 MemTxAttrs attrs;
3686
13eb76e0 3687 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3688 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3689 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3690 /* if no physical page mapped, return an error */
3691 if (phys_addr == -1)
3692 return -1;
3693 l = (page + TARGET_PAGE_SIZE) - addr;
3694 if (l > len)
3695 l = len;
5e2972fd 3696 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3697 if (is_write) {
5232e4c7
PM		 3698 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3699 phys_addr, buf, l);
2e38847b 3700 } else {
5232e4c7
PM		 3701 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3702 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3703 buf, l, 0);
2e38847b 3704 }
13eb76e0
FB		 3705 len -= l;
3706 buf += l;
3707 addr += l;
3708 }
3709 return 0;
3710}
038629a6
DDAG		 3711
3712/*
3713 * Allows code that needs to deal with migration bitmaps etc to still be built
3714 * target independent.
3715 */
3716size_t qemu_target_page_bits(void)
3717{
3718 return TARGET_PAGE_BITS;
3719}
3720
a68fe89c 3721#endif
13eb76e0 3722
8e4a424b
BS		 3723/*
3724 * A helper function for the _utterly broken_ virtio device model to find out if
3725 * it's running on a big endian machine. Don't do this at home kids!
3726 */
98ed8ecf
GK		 3727bool target_words_bigendian(void);
3728bool target_words_bigendian(void)
8e4a424b
BS		 3729{
3730#if defined(TARGET_WORDS_BIGENDIAN)
3731 return true;
3732#else
3733 return false;
3734#endif
3735}
3736
76f35538 3737#ifndef CONFIG_USER_ONLY
a8170e5e 3738bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3739{
5c8a00ce 3740 MemoryRegion*mr;
149f54b5 3741 hwaddr l = 1;
41063e1e 3742 bool res;
76f35538 3743
41063e1e 3744 rcu_read_lock();
5c8a00ce
PB		 3745 mr = address_space_translate(&address_space_memory,
3746 phys_addr, &phys_addr, &l, false);
76f35538 3747
41063e1e
PB		 3748 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3749 rcu_read_unlock();
3750 return res;
76f35538 3751}
bd2fa51f 3752
e3807054 3753int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3754{
3755 RAMBlock *block;
e3807054 3756 int ret = 0;
bd2fa51f 3757
0dc3f44a
MD		 3758 rcu_read_lock();
3759 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3760 ret = func(block->idstr, block->host, block->offset,
3761 block->used_length, opaque);
3762 if (ret) {
3763 break;
3764 }
bd2fa51f 3765 }
0dc3f44a 3766 rcu_read_unlock();
e3807054 3767 return ret;
bd2fa51f 3768}
ec3f8c99 3769#endif
QEMU mirror