]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: remove unnecessary masking of MemoryRegion ram_addr
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c
FB		 22#include <sys/mman.h>
23#endif
54936004 24
f348b6d1 25#include "qemu/cutils.h"
6180a181 26#include "cpu.h"
63c91552 27#include "exec/exec-all.h"
b67d9a52 28#include "tcg.h"
741da0d3 29#include "hw/qdev-core.h"
4485bd26 30#if !defined(CONFIG_USER_ONLY)
47c8ca53 31#include "hw/boards.h"
33c11879 32#include "hw/xen/xen.h"
4485bd26 33#endif
9c17d615 34#include "sysemu/kvm.h"
2ff3de68 35#include "sysemu/sysemu.h"
1de7afc9
PB		 36#include "qemu/timer.h"
37#include "qemu/config-file.h"
75a34036 38#include "qemu/error-report.h"
53a5960a
PB		 39#if defined(CONFIG_USER_ONLY)
40#include <qemu.h>
432d268c 41#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 42#include "hw/hw.h"
43#include "exec/memory.h"
df43d49c 44#include "exec/ioport.h"
741da0d3
PB		 45#include "sysemu/dma.h"
46#include "exec/address-spaces.h"
9c17d615 47#include "sysemu/xen-mapcache.h"
6506e4f9 48#include "trace.h"
53a5960a 49#endif
0d6d3c87 50#include "exec/cpu-all.h"
0dc3f44a 51#include "qemu/rcu_queue.h"
4840f10e 52#include "qemu/main-loop.h"
5b6dd868 53#include "translate-all.h"
7615936e 54#include "sysemu/replay.h"
0cac1b66 55
022c62cb 56#include "exec/memory-internal.h"
220c3ebd 57#include "exec/ram_addr.h"
508127e2 58#include "exec/log.h"
67d95c15 59
b35ba30f 60#include "qemu/range.h"
794e8f30
MT		 61#ifndef _WIN32
62#include "qemu/mmap-alloc.h"
63#endif
b35ba30f 64
db7b5426 65//#define DEBUG_SUBPAGE
1196be37 66
e2eef170 67#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 68/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
69 * are protected by the ramlist lock.
70 */
0d53d9fe 71RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 72
73static MemoryRegion *system_memory;
309cb471 74static MemoryRegion *system_io;
62152b8a 75
f6790af6
AK		 76AddressSpace address_space_io;
77AddressSpace address_space_memory;
2673a5da 78
0844e007 79MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 80static MemoryRegion io_mem_unassigned;
0e0df1e2 81
7bd4f430
PB		 82/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
83#define RAM_PREALLOC (1 << 0)
84
dbcb8981
PB		 85/* RAM is mmap-ed with MAP_SHARED */
86#define RAM_SHARED (1 << 1)
87
62be4e3a
MT		 88/* Only a portion of RAM (used_length) is actually used, and migrated.
89 * This used_length size can change across reboots.
90 */
91#define RAM_RESIZEABLE (1 << 2)
92
e2eef170 93#endif
9fa3e853 94
bdc44640 95struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 96/* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
f240eb6f 98__thread CPUState *current_cpu;
2e70f6ef 99/* 0 = Do not count executed instructions.
bf20dc07 100 1 = Precise instruction counting.
2e70f6ef 101 2 = Adaptive rate instruction counting. */
5708fc66 102int use_icount;
6a00d601 103
e2eef170 104#if !defined(CONFIG_USER_ONLY)
4346ae3e 105
1db8abb1
PB		 106typedef struct PhysPageEntry PhysPageEntry;
107
108struct PhysPageEntry {
9736e55b 109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 110 uint32_t skip : 6;
9736e55b 111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 112 uint32_t ptr : 26;
1db8abb1
PB		 113};
114
8b795765
MT		 115#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
03f49957 117/* Size of the L2 (and L3, etc) page tables. */
57271d63 118#define ADDR_SPACE_BITS 64
03f49957 119
026736ce 120#define P_L2_BITS 9
03f49957
PB		 121#define P_L2_SIZE (1 << P_L2_BITS)
122
123#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 126
53cb28cb 127typedef struct PhysPageMap {
79e2b9ae
PB		 128 struct rcu_head rcu;
129
53cb28cb
MA		 130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136} PhysPageMap;
137
1db8abb1 138struct AddressSpaceDispatch {
79e2b9ae
PB		 139 struct rcu_head rcu;
140
729633c2 141 MemoryRegionSection *mru_section;
1db8abb1
PB		 142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
53cb28cb 146 PhysPageMap map;
acc9d80b 147 AddressSpace *as;
1db8abb1
PB		 148};
149
90260c6c
JK		 150#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151typedef struct subpage_t {
152 MemoryRegion iomem;
acc9d80b 153 AddressSpace *as;
90260c6c
JK		 154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156} subpage_t;
157
b41aac4f
LPF		 158#define PHYS_SECTION_UNASSIGNED 0
159#define PHYS_SECTION_NOTDIRTY 1
160#define PHYS_SECTION_ROM 2
161#define PHYS_SECTION_WATCH 3
5312bd8b 162
e2eef170 163static void io_mem_init(void);
62152b8a 164static void memory_map_init(void);
09daed84 165static void tcg_commit(MemoryListener *listener);
e2eef170 166
1ec9b909 167static MemoryRegion io_mem_watch;
32857f4d
PM		 168
169/**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181};
182
6658ffb8 183#endif
fd6ce8f6 184
6d9a1304 185#if !defined(CONFIG_USER_ONLY)
d6f2ea22 186
53cb28cb 187static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 188{
53cb28cb
MA		 189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
d6f2ea22 193 }
f7bf5461
AK		 194}
195
db94604b 196static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 197{
198 unsigned i;
8b795765 199 uint32_t ret;
db94604b
PB		 200 PhysPageEntry e;
201 PhysPageEntry *p;
f7bf5461 202
53cb28cb 203 ret = map->nodes_nb++;
db94604b 204 p = map->nodes[ret];
f7bf5461 205 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 206 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 210 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 211 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 212 }
f7bf5461 213 return ret;
d6f2ea22
AK		 214}
215
53cb28cb
MA		 216static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 218 int level)
f7bf5461
AK		 219{
220 PhysPageEntry *p;
03f49957 221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 222
9736e55b 223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 224 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 225 }
db94604b 226 p = map->nodes[lp->ptr];
03f49957 227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 228
03f49957 229 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 230 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 231 lp->skip = 0;
c19e8800 232 lp->ptr = leaf;
07f07b31
AK		 233 *index += step;
234 *nb -= step;
2999097b 235 } else {
53cb28cb 236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 237 }
238 ++lp;
f7bf5461
AK		 239 }
240}
241
ac1970fb 242static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 243 hwaddr index, hwaddr nb,
2999097b 244 uint16_t leaf)
f7bf5461 245{
2999097b 246 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 248
53cb28cb 249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 250}
251
b35ba30f
MT		 252/* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256{
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303}
304
305static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306{
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
53cb28cb 310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 311 }
312}
313
29cb533d
FZ		 314static inline bool section_covers_addr(const MemoryRegionSection *section,
315 hwaddr addr)
316{
317 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
318 * the section must cover the entire address space.
319 */
320 return section->size.hi ||
321 range_covers_byte(section->offset_within_address_space,
322 section->size.lo, addr);
323}
324
97115a8d 325static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 326 Node *nodes, MemoryRegionSection *sections)
92e873b9 327{
31ab2b4a 328 PhysPageEntry *p;
97115a8d 329 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 330 int i;
f1f6e3b8 331
9736e55b 332 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 333 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 334 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 335 }
9affd6fc 336 p = nodes[lp.ptr];
03f49957 337 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 338 }
b35ba30f 339
29cb533d 340 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 341 return &sections[lp.ptr];
342 } else {
343 return &sections[PHYS_SECTION_UNASSIGNED];
344 }
f3705d53
AK		 345}
346
e5548617
BS		 347bool memory_region_is_unassigned(MemoryRegion *mr)
348{
2a8e7499 349 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 350 && mr != &io_mem_watch;
fd6ce8f6 351}
149f54b5 352
79e2b9ae 353/* Called from RCU critical section */
c7086b4a 354static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 355 hwaddr addr,
356 bool resolve_subpage)
9f029603 357{
729633c2 358 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 359 subpage_t *subpage;
729633c2 360 bool update;
90260c6c 361
729633c2
FZ		 362 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
363 section_covers_addr(section, addr)) {
364 update = false;
365 } else {
366 section = phys_page_find(d->phys_map, addr, d->map.nodes,
367 d->map.sections);
368 update = true;
369 }
90260c6c
JK		 370 if (resolve_subpage && section->mr->subpage) {
371 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 372 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 373 }
729633c2
FZ		 374 if (update) {
375 atomic_set(&d->mru_section, section);
376 }
90260c6c 377 return section;
9f029603
JK		 378}
379
79e2b9ae 380/* Called from RCU critical section */
90260c6c 381static MemoryRegionSection *
c7086b4a 382address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 383 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 384{
385 MemoryRegionSection *section;
965eb2fc 386 MemoryRegion *mr;
a87f3954 387 Int128 diff;
149f54b5 388
c7086b4a 389 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 390 /* Compute offset within MemoryRegionSection */
391 addr -= section->offset_within_address_space;
392
393 /* Compute offset within MemoryRegion */
394 *xlat = addr + section->offset_within_region;
395
965eb2fc 396 mr = section->mr;
b242e0e0
PB		 397
398 /* MMIO registers can be expected to perform full-width accesses based only
399 * on their address, without considering adjacent registers that could
400 * decode to completely different MemoryRegions. When such registers
401 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
402 * regions overlap wildly. For this reason we cannot clamp the accesses
403 * here.
404 *
405 * If the length is small (as is the case for address_space_ldl/stl),
406 * everything works fine. If the incoming length is large, however,
407 * the caller really has to do the clamping through memory_access_size.
408 */
965eb2fc 409 if (memory_region_is_ram(mr)) {
e4a511f8 410 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 411 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
412 }
149f54b5
PB		 413 return section;
414}
90260c6c 415
41063e1e 416/* Called from RCU critical section */
5c8a00ce
PB		 417MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
418 hwaddr *xlat, hwaddr *plen,
419 bool is_write)
90260c6c 420{
30951157
AK		 421 IOMMUTLBEntry iotlb;
422 MemoryRegionSection *section;
423 MemoryRegion *mr;
30951157
AK		 424
425 for (;;) {
79e2b9ae
PB		 426 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
427 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 428 mr = section->mr;
429
430 if (!mr->iommu_ops) {
431 break;
432 }
433
8d7b8cb9 434 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 435 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
436 | (addr & iotlb.addr_mask));
23820dbf 437 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 438 if (!(iotlb.perm & (1 << is_write))) {
439 mr = &io_mem_unassigned;
440 break;
441 }
442
443 as = iotlb.target_as;
444 }
445
fe680d0d 446 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 447 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 448 *plen = MIN(page, *plen);
a87f3954
PB		 449 }
450
30951157
AK		 451 *xlat = addr;
452 return mr;
90260c6c
JK		 453}
454
79e2b9ae 455/* Called from RCU critical section */
90260c6c 456MemoryRegionSection *
d7898cda 457address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 458 hwaddr *xlat, hwaddr *plen)
90260c6c 459{
30951157 460 MemoryRegionSection *section;
d7898cda
PM		 461 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
462
463 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 464
465 assert(!section->mr->iommu_ops);
466 return section;
90260c6c 467}
5b6dd868 468#endif
fd6ce8f6 469
b170fce3 470#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 471
472static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 473{
259186a7 474 CPUState *cpu = opaque;
a513fe19 475
5b6dd868
BS		 476 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
477 version_id is increased. */
259186a7 478 cpu->interrupt_request &= ~0x01;
c01a71c1 479 tlb_flush(cpu, 1);
5b6dd868
BS		 480
481 return 0;
a513fe19 482}
7501267e 483
6c3bff0e
PD		 484static int cpu_common_pre_load(void *opaque)
485{
486 CPUState *cpu = opaque;
487
adee6424 488 cpu->exception_index = -1;
6c3bff0e
PD		 489
490 return 0;
491}
492
493static bool cpu_common_exception_index_needed(void *opaque)
494{
495 CPUState *cpu = opaque;
496
adee6424 497 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 498}
499
500static const VMStateDescription vmstate_cpu_common_exception_index = {
501 .name = "cpu_common/exception_index",
502 .version_id = 1,
503 .minimum_version_id = 1,
5cd8cada 504 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 505 .fields = (VMStateField[]) {
506 VMSTATE_INT32(exception_index, CPUState),
507 VMSTATE_END_OF_LIST()
508 }
509};
510
bac05aa9
AS		 511static bool cpu_common_crash_occurred_needed(void *opaque)
512{
513 CPUState *cpu = opaque;
514
515 return cpu->crash_occurred;
516}
517
518static const VMStateDescription vmstate_cpu_common_crash_occurred = {
519 .name = "cpu_common/crash_occurred",
520 .version_id = 1,
521 .minimum_version_id = 1,
522 .needed = cpu_common_crash_occurred_needed,
523 .fields = (VMStateField[]) {
524 VMSTATE_BOOL(crash_occurred, CPUState),
525 VMSTATE_END_OF_LIST()
526 }
527};
528
1a1562f5 529const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 530 .name = "cpu_common",
531 .version_id = 1,
532 .minimum_version_id = 1,
6c3bff0e 533 .pre_load = cpu_common_pre_load,
5b6dd868 534 .post_load = cpu_common_post_load,
35d08458 535 .fields = (VMStateField[]) {
259186a7
AF		 536 VMSTATE_UINT32(halted, CPUState),
537 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 538 VMSTATE_END_OF_LIST()
6c3bff0e 539 },
5cd8cada
JQ		 540 .subsections = (const VMStateDescription*[]) {
541 &vmstate_cpu_common_exception_index,
bac05aa9 542 &vmstate_cpu_common_crash_occurred,
5cd8cada 543 NULL
5b6dd868
BS		 544 }
545};
1a1562f5 546
5b6dd868 547#endif
ea041c0e 548
38d8f5c8 549CPUState *qemu_get_cpu(int index)
ea041c0e 550{
bdc44640 551 CPUState *cpu;
ea041c0e 552
bdc44640 553 CPU_FOREACH(cpu) {
55e5c285 554 if (cpu->cpu_index == index) {
bdc44640 555 return cpu;
55e5c285 556 }
ea041c0e 557 }
5b6dd868 558
bdc44640 559 return NULL;
ea041c0e
FB		 560}
561
09daed84 562#if !defined(CONFIG_USER_ONLY)
56943e8c 563void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 564{
12ebc9a7
PM		 565 CPUAddressSpace *newas;
566
567 /* Target code should have set num_ases before calling us */
568 assert(asidx < cpu->num_ases);
569
56943e8c
PM		 570 if (asidx == 0) {
571 /* address space 0 gets the convenience alias */
572 cpu->as = as;
573 }
574
12ebc9a7
PM		 575 /* KVM cannot currently support multiple address spaces. */
576 assert(asidx == 0 || !kvm_enabled());
09daed84 577
12ebc9a7
PM		 578 if (!cpu->cpu_ases) {
579 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 580 }
32857f4d 581
12ebc9a7
PM		 582 newas = &cpu->cpu_ases[asidx];
583 newas->cpu = cpu;
584 newas->as = as;
56943e8c 585 if (tcg_enabled()) {
12ebc9a7
PM		 586 newas->tcg_as_listener.commit = tcg_commit;
587 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 588 }
09daed84 589}
651a5bc0
PM		 590
591AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
592{
593 /* Return the AddressSpace corresponding to the specified index */
594 return cpu->cpu_ases[asidx].as;
595}
09daed84
EI		 596#endif
597
b7bca733
BR		 598#ifndef CONFIG_USER_ONLY
599static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
600
601static int cpu_get_free_index(Error **errp)
602{
603 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
604
605 if (cpu >= MAX_CPUMASK_BITS) {
606 error_setg(errp, "Trying to use more CPUs than max of %d",
607 MAX_CPUMASK_BITS);
608 return -1;
609 }
610
611 bitmap_set(cpu_index_map, cpu, 1);
612 return cpu;
613}
614
615void cpu_exec_exit(CPUState *cpu)
616{
617 if (cpu->cpu_index == -1) {
618 /* cpu_index was never allocated by this @cpu or was already freed. */
619 return;
620 }
621
622 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
623 cpu->cpu_index = -1;
624}
625#else
626
627static int cpu_get_free_index(Error **errp)
628{
629 CPUState *some_cpu;
630 int cpu_index = 0;
631
632 CPU_FOREACH(some_cpu) {
633 cpu_index++;
634 }
635 return cpu_index;
636}
637
638void cpu_exec_exit(CPUState *cpu)
639{
640}
641#endif
642
4bad9e39 643void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 644{
b170fce3 645 CPUClass *cc = CPU_GET_CLASS(cpu);
b7bca733 646 Error *local_err = NULL;
5b6dd868 647
56943e8c 648 cpu->as = NULL;
12ebc9a7 649 cpu->num_ases = 0;
56943e8c 650
291135b5 651#ifndef CONFIG_USER_ONLY
291135b5 652 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 653
654 /* This is a softmmu CPU object, so create a property for it
655 * so users can wire up its memory. (This can't go in qom/cpu.c
656 * because that file is compiled only once for both user-mode
657 * and system builds.) The default if no link is set up is to use
658 * the system address space.
659 */
660 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
661 (Object **)&cpu->memory,
662 qdev_prop_allow_set_link_before_realize,
663 OBJ_PROP_LINK_UNREF_ON_RELEASE,
664 &error_abort);
665 cpu->memory = system_memory;
666 object_ref(OBJECT(cpu->memory));
291135b5
EH		 667#endif
668
5b6dd868
BS		 669#if defined(CONFIG_USER_ONLY)
670 cpu_list_lock();
671#endif
741da0d3 672 cpu->cpu_index = cpu_get_free_index(&local_err);
b7bca733
BR		 673 if (local_err) {
674 error_propagate(errp, local_err);
675#if defined(CONFIG_USER_ONLY)
676 cpu_list_unlock();
677#endif
678 return;
5b6dd868 679 }
bdc44640 680 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 681#if defined(CONFIG_USER_ONLY)
741da0d3 682 (void) cc;
5b6dd868 683 cpu_list_unlock();
741da0d3 684#else
e0d47944 685 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 686 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 687 }
b170fce3 688 if (cc->vmsd != NULL) {
741da0d3 689 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 690 }
741da0d3 691#endif
ea041c0e
FB		 692}
693
94df27fd 694#if defined(CONFIG_USER_ONLY)
00b941e5 695static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 696{
697 tb_invalidate_phys_page_range(pc, pc + 1, 0);
698}
699#else
00b941e5 700static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 701{
5232e4c7
PM		 702 MemTxAttrs attrs;
703 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
704 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 705 if (phys != -1) {
5232e4c7 706 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 707 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 708 }
1e7855a5 709}
c27004ec 710#endif
d720b93d 711
c527ee8f 712#if defined(CONFIG_USER_ONLY)
75a34036 713void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 714
715{
716}
717
3ee887e8
PM		 718int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
719 int flags)
720{
721 return -ENOSYS;
722}
723
724void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
725{
726}
727
75a34036 728int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 729 int flags, CPUWatchpoint **watchpoint)
730{
731 return -ENOSYS;
732}
733#else
6658ffb8 734/* Add a watchpoint. */
75a34036 735int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 736 int flags, CPUWatchpoint **watchpoint)
6658ffb8 737{
c0ce998e 738 CPUWatchpoint *wp;
6658ffb8 739
05068c0d 740 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 741 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 742 error_report("tried to set invalid watchpoint at %"
743 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 744 return -EINVAL;
745 }
7267c094 746 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 747
748 wp->vaddr = addr;
05068c0d 749 wp->len = len;
a1d1bb31
AL		 750 wp->flags = flags;
751
2dc9f411 752 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 753 if (flags & BP_GDB) {
754 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
755 } else {
756 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
757 }
6658ffb8 758
31b030d4 759 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 760
761 if (watchpoint)
762 *watchpoint = wp;
763 return 0;
6658ffb8
PB		 764}
765
a1d1bb31 766/* Remove a specific watchpoint. */
75a34036 767int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 768 int flags)
6658ffb8 769{
a1d1bb31 770 CPUWatchpoint *wp;
6658ffb8 771
ff4700b0 772 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 773 if (addr == wp->vaddr && len == wp->len
6e140f28 774 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 775 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 776 return 0;
777 }
778 }
a1d1bb31 779 return -ENOENT;
6658ffb8
PB		 780}
781
a1d1bb31 782/* Remove a specific watchpoint by reference. */
75a34036 783void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 784{
ff4700b0 785 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 786
31b030d4 787 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 788
7267c094 789 g_free(watchpoint);
a1d1bb31
AL		 790}
791
792/* Remove all matching watchpoints. */
75a34036 793void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 794{
c0ce998e 795 CPUWatchpoint *wp, *next;
a1d1bb31 796
ff4700b0 797 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 798 if (wp->flags & mask) {
799 cpu_watchpoint_remove_by_ref(cpu, wp);
800 }
c0ce998e 801 }
7d03f82f 802}
05068c0d
PM		 803
804/* Return true if this watchpoint address matches the specified
805 * access (ie the address range covered by the watchpoint overlaps
806 * partially or completely with the address range covered by the
807 * access).
808 */
809static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
810 vaddr addr,
811 vaddr len)
812{
813 /* We know the lengths are non-zero, but a little caution is
814 * required to avoid errors in the case where the range ends
815 * exactly at the top of the address space and so addr + len
816 * wraps round to zero.
817 */
818 vaddr wpend = wp->vaddr + wp->len - 1;
819 vaddr addrend = addr + len - 1;
820
821 return !(addr > wpend || wp->vaddr > addrend);
822}
823
c527ee8f 824#endif
7d03f82f 825
a1d1bb31 826/* Add a breakpoint. */
b3310ab3 827int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 828 CPUBreakpoint **breakpoint)
4c3a88a2 829{
c0ce998e 830 CPUBreakpoint *bp;
3b46e624 831
7267c094 832 bp = g_malloc(sizeof(*bp));
4c3a88a2 833
a1d1bb31
AL		 834 bp->pc = pc;
835 bp->flags = flags;
836
2dc9f411 837 /* keep all GDB-injected breakpoints in front */
00b941e5 838 if (flags & BP_GDB) {
f0c3c505 839 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 840 } else {
f0c3c505 841 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 842 }
3b46e624 843
f0c3c505 844 breakpoint_invalidate(cpu, pc);
a1d1bb31 845
00b941e5 846 if (breakpoint) {
a1d1bb31 847 *breakpoint = bp;
00b941e5 848 }
4c3a88a2 849 return 0;
4c3a88a2
FB		 850}
851
a1d1bb31 852/* Remove a specific breakpoint. */
b3310ab3 853int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 854{
a1d1bb31
AL		 855 CPUBreakpoint *bp;
856
f0c3c505 857 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 858 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 859 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 860 return 0;
861 }
7d03f82f 862 }
a1d1bb31 863 return -ENOENT;
7d03f82f
EI		 864}
865
a1d1bb31 866/* Remove a specific breakpoint by reference. */
b3310ab3 867void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 868{
f0c3c505
AF		 869 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
870
871 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 872
7267c094 873 g_free(breakpoint);
a1d1bb31
AL		 874}
875
876/* Remove all matching breakpoints. */
b3310ab3 877void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 878{
c0ce998e 879 CPUBreakpoint *bp, *next;
a1d1bb31 880
f0c3c505 881 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 882 if (bp->flags & mask) {
883 cpu_breakpoint_remove_by_ref(cpu, bp);
884 }
c0ce998e 885 }
4c3a88a2
FB		 886}
887
c33a346e
FB		 888/* enable or disable single step mode. EXCP_DEBUG is returned by the
889 CPU loop after each instruction */
3825b28f 890void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 891{
ed2803da
AF		 892 if (cpu->singlestep_enabled != enabled) {
893 cpu->singlestep_enabled = enabled;
894 if (kvm_enabled()) {
38e478ec 895 kvm_update_guest_debug(cpu, 0);
ed2803da 896 } else {
ccbb4d44 897 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 898 /* XXX: only flush what is necessary */
bbd77c18 899 tb_flush(cpu);
e22a25c9 900 }
c33a346e 901 }
c33a346e
FB		 902}
903
a47dddd7 904void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 905{
906 va_list ap;
493ae1f0 907 va_list ap2;
7501267e
FB		 908
909 va_start(ap, fmt);
493ae1f0 910 va_copy(ap2, ap);
7501267e
FB		 911 fprintf(stderr, "qemu: fatal: ");
912 vfprintf(stderr, fmt, ap);
913 fprintf(stderr, "\n");
878096ee 914 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 915 if (qemu_log_separate()) {
93fcfe39
AL		 916 qemu_log("qemu: fatal: ");
917 qemu_log_vprintf(fmt, ap2);
918 qemu_log("\n");
a0762859 919 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 920 qemu_log_flush();
93fcfe39 921 qemu_log_close();
924edcae 922 }
493ae1f0 923 va_end(ap2);
f9373291 924 va_end(ap);
7615936e 925 replay_finish();
fd052bf6
RV		 926#if defined(CONFIG_USER_ONLY)
927 {
928 struct sigaction act;
929 sigfillset(&act.sa_mask);
930 act.sa_handler = SIG_DFL;
931 sigaction(SIGABRT, &act, NULL);
932 }
933#endif
7501267e
FB		 934 abort();
935}
936
0124311e 937#if !defined(CONFIG_USER_ONLY)
0dc3f44a 938/* Called from RCU critical section */
041603fe
PB		 939static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
940{
941 RAMBlock *block;
942
43771539 943 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 944 if (block && addr - block->offset < block->max_length) {
68851b98 945 return block;
041603fe 946 }
0dc3f44a 947 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 948 if (addr - block->offset < block->max_length) {
041603fe
PB		 949 goto found;
950 }
951 }
952
953 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
954 abort();
955
956found:
43771539
PB		 957 /* It is safe to write mru_block outside the iothread lock. This
958 * is what happens:
959 *
960 * mru_block = xxx
961 * rcu_read_unlock()
962 * xxx removed from list
963 * rcu_read_lock()
964 * read mru_block
965 * mru_block = NULL;
966 * call_rcu(reclaim_ramblock, xxx);
967 * rcu_read_unlock()
968 *
969 * atomic_rcu_set is not needed here. The block was already published
970 * when it was placed into the list. Here we're just making an extra
971 * copy of the pointer.
972 */
041603fe
PB		 973 ram_list.mru_block = block;
974 return block;
975}
976
a2f4d5be 977static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 978{
9a13565d 979 CPUState *cpu;
041603fe 980 ram_addr_t start1;
a2f4d5be
JQ		 981 RAMBlock *block;
982 ram_addr_t end;
983
984 end = TARGET_PAGE_ALIGN(start + length);
985 start &= TARGET_PAGE_MASK;
d24981d3 986
0dc3f44a 987 rcu_read_lock();
041603fe
PB		 988 block = qemu_get_ram_block(start);
989 assert(block == qemu_get_ram_block(end - 1));
1240be24 990 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 991 CPU_FOREACH(cpu) {
992 tlb_reset_dirty(cpu, start1, length);
993 }
0dc3f44a 994 rcu_read_unlock();
d24981d3
JQ		 995}
996
5579c7f3 997/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 998bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
999 ram_addr_t length,
1000 unsigned client)
1ccde1cb 1001{
5b82b703 1002 DirtyMemoryBlocks *blocks;
03eebc9e 1003 unsigned long end, page;
5b82b703 1004 bool dirty = false;
03eebc9e
SH		 1005
1006 if (length == 0) {
1007 return false;
1008 }
f23db169 1009
03eebc9e
SH		 1010 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1011 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 1012
1013 rcu_read_lock();
1014
1015 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1016
1017 while (page < end) {
1018 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1020 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1021
1022 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1023 offset, num);
1024 page += num;
1025 }
1026
1027 rcu_read_unlock();
03eebc9e
SH		 1028
1029 if (dirty && tcg_enabled()) {
a2f4d5be 1030 tlb_reset_dirty_range_all(start, length);
5579c7f3 1031 }
03eebc9e
SH		 1032
1033 return dirty;
1ccde1cb
FB		 1034}
1035
79e2b9ae 1036/* Called from RCU critical section */
bb0e627a 1037hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1038 MemoryRegionSection *section,
1039 target_ulong vaddr,
1040 hwaddr paddr, hwaddr xlat,
1041 int prot,
1042 target_ulong *address)
e5548617 1043{
a8170e5e 1044 hwaddr iotlb;
e5548617
BS		 1045 CPUWatchpoint *wp;
1046
cc5bea60 1047 if (memory_region_is_ram(section->mr)) {
e5548617 1048 /* Normal RAM. */
e4e69794 1049 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1050 if (!section->readonly) {
b41aac4f 1051 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1052 } else {
b41aac4f 1053 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1054 }
1055 } else {
0b8e2c10
PM		 1056 AddressSpaceDispatch *d;
1057
1058 d = atomic_rcu_read(&section->address_space->dispatch);
1059 iotlb = section - d->map.sections;
149f54b5 1060 iotlb += xlat;
e5548617
BS		 1061 }
1062
1063 /* Make accesses to pages with watchpoints go via the
1064 watchpoint trap routines. */
ff4700b0 1065 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1066 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1067 /* Avoid trapping reads of pages with a write breakpoint. */
1068 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1069 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1070 *address |= TLB_MMIO;
1071 break;
1072 }
1073 }
1074 }
1075
1076 return iotlb;
1077}
9fa3e853
FB		 1078#endif /* defined(CONFIG_USER_ONLY) */
1079
e2eef170 1080#if !defined(CONFIG_USER_ONLY)
8da3ff18 1081
c227f099 1082static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1083 uint16_t section);
acc9d80b 1084static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1085
a2b257d6
IM		 1086static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1087 qemu_anon_ram_alloc;
91138037
MA		 1088
1089/*
1090 * Set a custom physical guest memory alloator.
1091 * Accelerators with unusual needs may need this. Hopefully, we can
1092 * get rid of it eventually.
1093 */
a2b257d6 1094void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1095{
1096 phys_mem_alloc = alloc;
1097}
1098
53cb28cb
MA		 1099static uint16_t phys_section_add(PhysPageMap *map,
1100 MemoryRegionSection *section)
5312bd8b 1101{
68f3f65b
PB		 1102 /* The physical section number is ORed with a page-aligned
1103 * pointer to produce the iotlb entries. Thus it should
1104 * never overflow into the page-aligned value.
1105 */
53cb28cb 1106 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1107
53cb28cb
MA		 1108 if (map->sections_nb == map->sections_nb_alloc) {
1109 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1110 map->sections = g_renew(MemoryRegionSection, map->sections,
1111 map->sections_nb_alloc);
5312bd8b 1112 }
53cb28cb 1113 map->sections[map->sections_nb] = *section;
dfde4e6e 1114 memory_region_ref(section->mr);
53cb28cb 1115 return map->sections_nb++;
5312bd8b
AK		 1116}
1117
058bc4b5
PB		 1118static void phys_section_destroy(MemoryRegion *mr)
1119{
55b4e80b
DS		 1120 bool have_sub_page = mr->subpage;
1121
dfde4e6e
PB		 1122 memory_region_unref(mr);
1123
55b4e80b 1124 if (have_sub_page) {
058bc4b5 1125 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1126 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1127 g_free(subpage);
1128 }
1129}
1130
6092666e 1131static void phys_sections_free(PhysPageMap *map)
5312bd8b 1132{
9affd6fc
PB		 1133 while (map->sections_nb > 0) {
1134 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1135 phys_section_destroy(section->mr);
1136 }
9affd6fc
PB		 1137 g_free(map->sections);
1138 g_free(map->nodes);
5312bd8b
AK		 1139}
1140
ac1970fb 1141static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1142{
1143 subpage_t *subpage;
a8170e5e 1144 hwaddr base = section->offset_within_address_space
0f0cb164 1145 & TARGET_PAGE_MASK;
97115a8d 1146 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1147 d->map.nodes, d->map.sections);
0f0cb164
AK		 1148 MemoryRegionSection subsection = {
1149 .offset_within_address_space = base,
052e87b0 1150 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1151 };
a8170e5e 1152 hwaddr start, end;
0f0cb164 1153
f3705d53 1154 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1155
f3705d53 1156 if (!(existing->mr->subpage)) {
acc9d80b 1157 subpage = subpage_init(d->as, base);
3be91e86 1158 subsection.address_space = d->as;
0f0cb164 1159 subsection.mr = &subpage->iomem;
ac1970fb 1160 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1161 phys_section_add(&d->map, &subsection));
0f0cb164 1162 } else {
f3705d53 1163 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1164 }
1165 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1166 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1167 subpage_register(subpage, start, end,
1168 phys_section_add(&d->map, section));
0f0cb164
AK		 1169}
1170
1171
052e87b0
PB		 1172static void register_multipage(AddressSpaceDispatch *d,
1173 MemoryRegionSection *section)
33417e70 1174{
a8170e5e 1175 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1176 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1177 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1178 TARGET_PAGE_BITS));
dd81124b 1179
733d5ef5
PB		 1180 assert(num_pages);
1181 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1182}
1183
ac1970fb 1184static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1185{
89ae337a 1186 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1187 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1188 MemoryRegionSection now = *section, remain = *section;
052e87b0 1189 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1190
733d5ef5
PB		 1191 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1192 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1193 - now.offset_within_address_space;
1194
052e87b0 1195 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1196 register_subpage(d, &now);
733d5ef5 1197 } else {
052e87b0 1198 now.size = int128_zero();
733d5ef5 1199 }
052e87b0
PB		 1200 while (int128_ne(remain.size, now.size)) {
1201 remain.size = int128_sub(remain.size, now.size);
1202 remain.offset_within_address_space += int128_get64(now.size);
1203 remain.offset_within_region += int128_get64(now.size);
69b67646 1204 now = remain;
052e87b0 1205 if (int128_lt(remain.size, page_size)) {
733d5ef5 1206 register_subpage(d, &now);
88266249 1207 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1208 now.size = page_size;
ac1970fb 1209 register_subpage(d, &now);
69b67646 1210 } else {
052e87b0 1211 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1212 register_multipage(d, &now);
69b67646 1213 }
0f0cb164
AK		 1214 }
1215}
1216
62a2744c
SY		 1217void qemu_flush_coalesced_mmio_buffer(void)
1218{
1219 if (kvm_enabled())
1220 kvm_flush_coalesced_mmio_buffer();
1221}
1222
b2a8658e
UD		 1223void qemu_mutex_lock_ramlist(void)
1224{
1225 qemu_mutex_lock(&ram_list.mutex);
1226}
1227
1228void qemu_mutex_unlock_ramlist(void)
1229{
1230 qemu_mutex_unlock(&ram_list.mutex);
1231}
1232
e1e84ba0 1233#ifdef __linux__
04b16653
AW		 1234static void *file_ram_alloc(RAMBlock *block,
1235 ram_addr_t memory,
7f56e740
PB		 1236 const char *path,
1237 Error **errp)
c902760f 1238{
fd97fd44 1239 bool unlink_on_error = false;
c902760f 1240 char *filename;
8ca761f6
PF		 1241 char *sanitized_name;
1242 char *c;
794e8f30 1243 void *area;
5c3ece79 1244 int fd = -1;
e1fb6471 1245 int64_t page_size;
c902760f
MT		 1246
1247 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1248 error_setg(errp,
1249 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1250 return NULL;
c902760f
MT		 1251 }
1252
fd97fd44
MA		 1253 for (;;) {
1254 fd = open(path, O_RDWR);
1255 if (fd >= 0) {
1256 /* @path names an existing file, use it */
1257 break;
8d31d6b6 1258 }
fd97fd44
MA		 1259 if (errno == ENOENT) {
1260 /* @path names a file that doesn't exist, create it */
1261 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1262 if (fd >= 0) {
1263 unlink_on_error = true;
1264 break;
1265 }
1266 } else if (errno == EISDIR) {
1267 /* @path names a directory, create a file there */
1268 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1269 sanitized_name = g_strdup(memory_region_name(block->mr));
1270 for (c = sanitized_name; *c != '\0'; c++) {
1271 if (*c == '/') {
1272 *c = '_';
1273 }
1274 }
8ca761f6 1275
fd97fd44
MA		 1276 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1277 sanitized_name);
1278 g_free(sanitized_name);
8d31d6b6 1279
fd97fd44
MA		 1280 fd = mkstemp(filename);
1281 if (fd >= 0) {
1282 unlink(filename);
1283 g_free(filename);
1284 break;
1285 }
1286 g_free(filename);
8d31d6b6 1287 }
fd97fd44
MA		 1288 if (errno != EEXIST && errno != EINTR) {
1289 error_setg_errno(errp, errno,
1290 "can't open backing store %s for guest RAM",
1291 path);
1292 goto error;
1293 }
1294 /*
1295 * Try again on EINTR and EEXIST. The latter happens when
1296 * something else creates the file between our two open().
1297 */
8d31d6b6 1298 }
c902760f 1299
e1fb6471 1300 page_size = qemu_fd_getpagesize(fd);
d2f39add 1301 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1302
e1fb6471 1303 if (memory < page_size) {
fd97fd44
MA		 1304 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1305 "or larger than page size 0x%" PRIx64,
e1fb6471 1306 memory, page_size);
f9a49dfa 1307 goto error;
c902760f 1308 }
c902760f 1309
e1fb6471 1310 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1311
1312 /*
1313 * ftruncate is not supported by hugetlbfs in older
1314 * hosts, so don't bother bailing out on errors.
1315 * If anything goes wrong with it under other filesystems,
1316 * mmap will fail.
1317 */
7f56e740 1318 if (ftruncate(fd, memory)) {
9742bf26 1319 perror("ftruncate");
7f56e740 1320 }
c902760f 1321
d2f39add
DD		 1322 area = qemu_ram_mmap(fd, memory, block->mr->align,
1323 block->flags & RAM_SHARED);
c902760f 1324 if (area == MAP_FAILED) {
7f56e740 1325 error_setg_errno(errp, errno,
fd97fd44 1326 "unable to map backing store for guest RAM");
f9a49dfa 1327 goto error;
c902760f 1328 }
ef36fa14
MT		 1329
1330 if (mem_prealloc) {
38183310 1331 os_mem_prealloc(fd, area, memory);
ef36fa14
MT		 1332 }
1333
04b16653 1334 block->fd = fd;
c902760f 1335 return area;
f9a49dfa
MT		 1336
1337error:
fd97fd44
MA		 1338 if (unlink_on_error) {
1339 unlink(path);
1340 }
5c3ece79
PB		 1341 if (fd != -1) {
1342 close(fd);
1343 }
f9a49dfa 1344 return NULL;
c902760f
MT		 1345}
1346#endif
1347
0dc3f44a 1348/* Called with the ramlist lock held. */
d17b5288 1349static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1350{
1351 RAMBlock *block, *next_block;
3e837b2c 1352 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1353
49cd9ac6
SH		 1354 assert(size != 0); /* it would hand out same offset multiple times */
1355
0dc3f44a 1356 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1357 return 0;
0d53d9fe 1358 }
04b16653 1359
0dc3f44a 1360 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1361 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1362
62be4e3a 1363 end = block->offset + block->max_length;
04b16653 1364
0dc3f44a 1365 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1366 if (next_block->offset >= end) {
1367 next = MIN(next, next_block->offset);
1368 }
1369 }
1370 if (next - end >= size && next - end < mingap) {
3e837b2c 1371 offset = end;
04b16653
AW		 1372 mingap = next - end;
1373 }
1374 }
3e837b2c
AW		 1375
1376 if (offset == RAM_ADDR_MAX) {
1377 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1378 (uint64_t)size);
1379 abort();
1380 }
1381
04b16653
AW		 1382 return offset;
1383}
1384
652d7ec2 1385ram_addr_t last_ram_offset(void)
d17b5288
AW		 1386{
1387 RAMBlock *block;
1388 ram_addr_t last = 0;
1389
0dc3f44a
MD		 1390 rcu_read_lock();
1391 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1392 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1393 }
0dc3f44a 1394 rcu_read_unlock();
d17b5288
AW		 1395 return last;
1396}
1397
ddb97f1d
JB		 1398static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1399{
1400 int ret;
ddb97f1d
JB		 1401
1402 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1403 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1404 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1405 if (ret) {
1406 perror("qemu_madvise");
1407 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1408 "but dump_guest_core=off specified\n");
1409 }
1410 }
1411}
1412
422148d3
DDAG		 1413const char *qemu_ram_get_idstr(RAMBlock *rb)
1414{
1415 return rb->idstr;
1416}
1417
ae3a7047 1418/* Called with iothread lock held. */
fa53a0e5 1419void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1420{
fa53a0e5 1421 RAMBlock *block;
20cfe881 1422
c5705a77
AK		 1423 assert(new_block);
1424 assert(!new_block->idstr[0]);
84b89d78 1425
09e5ab63
AL		 1426 if (dev) {
1427 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1428 if (id) {
1429 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1430 g_free(id);
84b89d78
CM		 1431 }
1432 }
1433 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1434
ab0a9956 1435 rcu_read_lock();
0dc3f44a 1436 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1437 if (block != new_block &&
1438 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1439 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1440 new_block->idstr);
1441 abort();
1442 }
1443 }
0dc3f44a 1444 rcu_read_unlock();
c5705a77
AK		 1445}
1446
ae3a7047 1447/* Called with iothread lock held. */
fa53a0e5 1448void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1449{
ae3a7047
MD		 1450 /* FIXME: arch_init.c assumes that this is not called throughout
1451 * migration. Ignore the problem since hot-unplug during migration
1452 * does not work anyway.
1453 */
20cfe881
HT		 1454 if (block) {
1455 memset(block->idstr, 0, sizeof(block->idstr));
1456 }
1457}
1458
8490fc78
LC		 1459static int memory_try_enable_merging(void *addr, size_t len)
1460{
75cc7f01 1461 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1462 /* disabled by the user */
1463 return 0;
1464 }
1465
1466 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1467}
1468
62be4e3a
MT		 1469/* Only legal before guest might have detected the memory size: e.g. on
1470 * incoming migration, or right after reset.
1471 *
1472 * As memory core doesn't know how is memory accessed, it is up to
1473 * resize callback to update device state and/or add assertions to detect
1474 * misuse, if necessary.
1475 */
fa53a0e5 1476int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1477{
62be4e3a
MT		 1478 assert(block);
1479
4ed023ce 1480 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1481
62be4e3a
MT		 1482 if (block->used_length == newsize) {
1483 return 0;
1484 }
1485
1486 if (!(block->flags & RAM_RESIZEABLE)) {
1487 error_setg_errno(errp, EINVAL,
1488 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1489 " in != 0x" RAM_ADDR_FMT, block->idstr,
1490 newsize, block->used_length);
1491 return -EINVAL;
1492 }
1493
1494 if (block->max_length < newsize) {
1495 error_setg_errno(errp, EINVAL,
1496 "Length too large: %s: 0x" RAM_ADDR_FMT
1497 " > 0x" RAM_ADDR_FMT, block->idstr,
1498 newsize, block->max_length);
1499 return -EINVAL;
1500 }
1501
1502 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1503 block->used_length = newsize;
58d2707e
PB		 1504 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1505 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1506 memory_region_set_size(block->mr, newsize);
1507 if (block->resized) {
1508 block->resized(block->idstr, newsize, block->host);
1509 }
1510 return 0;
1511}
1512
5b82b703
SH		 1513/* Called with ram_list.mutex held */
1514static void dirty_memory_extend(ram_addr_t old_ram_size,
1515 ram_addr_t new_ram_size)
1516{
1517 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1518 DIRTY_MEMORY_BLOCK_SIZE);
1519 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1520 DIRTY_MEMORY_BLOCK_SIZE);
1521 int i;
1522
1523 /* Only need to extend if block count increased */
1524 if (new_num_blocks <= old_num_blocks) {
1525 return;
1526 }
1527
1528 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1529 DirtyMemoryBlocks *old_blocks;
1530 DirtyMemoryBlocks *new_blocks;
1531 int j;
1532
1533 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1534 new_blocks = g_malloc(sizeof(*new_blocks) +
1535 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1536
1537 if (old_num_blocks) {
1538 memcpy(new_blocks->blocks, old_blocks->blocks,
1539 old_num_blocks * sizeof(old_blocks->blocks[0]));
1540 }
1541
1542 for (j = old_num_blocks; j < new_num_blocks; j++) {
1543 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1544 }
1545
1546 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1547
1548 if (old_blocks) {
1549 g_free_rcu(old_blocks, rcu);
1550 }
1551 }
1552}
1553
528f46af 1554static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1555{
e1c57ab8 1556 RAMBlock *block;
0d53d9fe 1557 RAMBlock *last_block = NULL;
2152f5ca 1558 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1559 Error *err = NULL;
2152f5ca
JQ		 1560
1561 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1562
b2a8658e 1563 qemu_mutex_lock_ramlist();
9b8424d5 1564 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1565
1566 if (!new_block->host) {
1567 if (xen_enabled()) {
9b8424d5 1568 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1569 new_block->mr, &err);
1570 if (err) {
1571 error_propagate(errp, err);
1572 qemu_mutex_unlock_ramlist();
39c350ee 1573 return;
37aa7a0e 1574 }
e1c57ab8 1575 } else {
9b8424d5 1576 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1577 &new_block->mr->align);
39228250 1578 if (!new_block->host) {
ef701d7b
HT		 1579 error_setg_errno(errp, errno,
1580 "cannot set up guest memory '%s'",
1581 memory_region_name(new_block->mr));
1582 qemu_mutex_unlock_ramlist();
39c350ee 1583 return;
39228250 1584 }
9b8424d5 1585 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1586 }
c902760f 1587 }
94a6b54f 1588
dd631697
LZ		 1589 new_ram_size = MAX(old_ram_size,
1590 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1591 if (new_ram_size > old_ram_size) {
1592 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1593 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1594 }
0d53d9fe
MD		 1595 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1596 * QLIST (which has an RCU-friendly variant) does not have insertion at
1597 * tail, so save the last element in last_block.
1598 */
0dc3f44a 1599 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1600 last_block = block;
9b8424d5 1601 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1602 break;
1603 }
1604 }
1605 if (block) {
0dc3f44a 1606 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1607 } else if (last_block) {
0dc3f44a 1608 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1609 } else { /* list is empty */
0dc3f44a 1610 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1611 }
0d6d3c87 1612 ram_list.mru_block = NULL;
94a6b54f 1613
0dc3f44a
MD		 1614 /* Write list before version */
1615 smp_wmb();
f798b07f 1616 ram_list.version++;
b2a8658e 1617 qemu_mutex_unlock_ramlist();
f798b07f 1618
9b8424d5 1619 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1620 new_block->used_length,
1621 DIRTY_CLIENTS_ALL);
94a6b54f 1622
a904c911
PB		 1623 if (new_block->host) {
1624 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1625 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1626 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1627 if (kvm_enabled()) {
1628 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1629 }
e1c57ab8 1630 }
94a6b54f 1631}
e9a1ab19 1632
0b183fc8 1633#ifdef __linux__
528f46af
FZ		 1634RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1635 bool share, const char *mem_path,
1636 Error **errp)
e1c57ab8
PB		 1637{
1638 RAMBlock *new_block;
ef701d7b 1639 Error *local_err = NULL;
e1c57ab8
PB		 1640
1641 if (xen_enabled()) {
7f56e740 1642 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1643 return NULL;
e1c57ab8
PB		 1644 }
1645
1646 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1647 /*
1648 * file_ram_alloc() needs to allocate just like
1649 * phys_mem_alloc, but we haven't bothered to provide
1650 * a hook there.
1651 */
7f56e740
PB		 1652 error_setg(errp,
1653 "-mem-path not supported with this accelerator");
528f46af 1654 return NULL;
e1c57ab8
PB		 1655 }
1656
4ed023ce 1657 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1658 new_block = g_malloc0(sizeof(*new_block));
1659 new_block->mr = mr;
9b8424d5
MT		 1660 new_block->used_length = size;
1661 new_block->max_length = size;
dbcb8981 1662 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1663 new_block->host = file_ram_alloc(new_block, size,
1664 mem_path, errp);
1665 if (!new_block->host) {
1666 g_free(new_block);
528f46af 1667 return NULL;
7f56e740
PB		 1668 }
1669
528f46af 1670 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1671 if (local_err) {
1672 g_free(new_block);
1673 error_propagate(errp, local_err);
528f46af 1674 return NULL;
ef701d7b 1675 }
528f46af 1676 return new_block;
e1c57ab8 1677}
0b183fc8 1678#endif
e1c57ab8 1679
62be4e3a 1680static
528f46af
FZ		 1681RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1682 void (*resized)(const char*,
1683 uint64_t length,
1684 void *host),
1685 void *host, bool resizeable,
1686 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1687{
1688 RAMBlock *new_block;
ef701d7b 1689 Error *local_err = NULL;
e1c57ab8 1690
4ed023ce
DDAG		 1691 size = HOST_PAGE_ALIGN(size);
1692 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1693 new_block = g_malloc0(sizeof(*new_block));
1694 new_block->mr = mr;
62be4e3a 1695 new_block->resized = resized;
9b8424d5
MT		 1696 new_block->used_length = size;
1697 new_block->max_length = max_size;
62be4e3a 1698 assert(max_size >= size);
e1c57ab8
PB		 1699 new_block->fd = -1;
1700 new_block->host = host;
1701 if (host) {
7bd4f430 1702 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1703 }
62be4e3a
MT		 1704 if (resizeable) {
1705 new_block->flags |= RAM_RESIZEABLE;
1706 }
528f46af 1707 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1708 if (local_err) {
1709 g_free(new_block);
1710 error_propagate(errp, local_err);
528f46af 1711 return NULL;
ef701d7b 1712 }
528f46af 1713 return new_block;
e1c57ab8
PB		 1714}
1715
528f46af 1716RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1717 MemoryRegion *mr, Error **errp)
1718{
1719 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1720}
1721
528f46af 1722RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1723{
62be4e3a
MT		 1724 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1725}
1726
528f46af 1727RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1728 void (*resized)(const char*,
1729 uint64_t length,
1730 void *host),
1731 MemoryRegion *mr, Error **errp)
1732{
1733 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1734}
1735
43771539
PB		 1736static void reclaim_ramblock(RAMBlock *block)
1737{
1738 if (block->flags & RAM_PREALLOC) {
1739 ;
1740 } else if (xen_enabled()) {
1741 xen_invalidate_map_cache_entry(block->host);
1742#ifndef _WIN32
1743 } else if (block->fd >= 0) {
2f3a2bb1 1744 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1745 close(block->fd);
1746#endif
1747 } else {
1748 qemu_anon_ram_free(block->host, block->max_length);
1749 }
1750 g_free(block);
1751}
1752
f1060c55 1753void qemu_ram_free(RAMBlock *block)
e9a1ab19 1754{
85bc2a15
MAL		 1755 if (!block) {
1756 return;
1757 }
1758
b2a8658e 1759 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1760 QLIST_REMOVE_RCU(block, next);
1761 ram_list.mru_block = NULL;
1762 /* Write list before version */
1763 smp_wmb();
1764 ram_list.version++;
1765 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1766 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1767}
1768
cd19cfa2
HY		 1769#ifndef _WIN32
1770void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1771{
1772 RAMBlock *block;
1773 ram_addr_t offset;
1774 int flags;
1775 void *area, *vaddr;
1776
0dc3f44a 1777 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1778 offset = addr - block->offset;
9b8424d5 1779 if (offset < block->max_length) {
1240be24 1780 vaddr = ramblock_ptr(block, offset);
7bd4f430 1781 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1782 ;
dfeaf2ab
MA		 1783 } else if (xen_enabled()) {
1784 abort();
cd19cfa2
HY		 1785 } else {
1786 flags = MAP_FIXED;
3435f395 1787 if (block->fd >= 0) {
dbcb8981
PB		 1788 flags |= (block->flags & RAM_SHARED ?
1789 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1790 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1791 flags, block->fd, offset);
cd19cfa2 1792 } else {
2eb9fbaa
MA		 1793 /*
1794 * Remap needs to match alloc. Accelerators that
1795 * set phys_mem_alloc never remap. If they did,
1796 * we'd need a remap hook here.
1797 */
1798 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1799
cd19cfa2
HY		 1800 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1801 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1802 flags, -1, 0);
cd19cfa2
HY		 1803 }
1804 if (area != vaddr) {
f15fbc4b
AP		 1805 fprintf(stderr, "Could not remap addr: "
1806 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1807 length, addr);
1808 exit(1);
1809 }
8490fc78 1810 memory_try_enable_merging(vaddr, length);
ddb97f1d 1811 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1812 }
cd19cfa2
HY		 1813 }
1814 }
1815}
1816#endif /* !_WIN32 */
1817
a35ba7be
PB		 1818int qemu_get_ram_fd(ram_addr_t addr)
1819{
ae3a7047
MD		 1820 RAMBlock *block;
1821 int fd;
a35ba7be 1822
0dc3f44a 1823 rcu_read_lock();
ae3a7047
MD		 1824 block = qemu_get_ram_block(addr);
1825 fd = block->fd;
0dc3f44a 1826 rcu_read_unlock();
ae3a7047 1827 return fd;
a35ba7be
PB		 1828}
1829
56a571d9
TM		 1830void qemu_set_ram_fd(ram_addr_t addr, int fd)
1831{
1832 RAMBlock *block;
1833
1834 rcu_read_lock();
1835 block = qemu_get_ram_block(addr);
1836 block->fd = fd;
1837 rcu_read_unlock();
1838}
1839
3fd74b84
DM		 1840void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1841{
ae3a7047
MD		 1842 RAMBlock *block;
1843 void *ptr;
3fd74b84 1844
0dc3f44a 1845 rcu_read_lock();
ae3a7047
MD		 1846 block = qemu_get_ram_block(addr);
1847 ptr = ramblock_ptr(block, 0);
0dc3f44a 1848 rcu_read_unlock();
ae3a7047 1849 return ptr;
3fd74b84
DM		 1850}
1851
1b5ec234 1852/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1853 * This should not be used for general purpose DMA. Use address_space_map
1854 * or address_space_rw instead. For local memory (e.g. video ram) that the
1855 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1856 *
49b24afc 1857 * Called within RCU critical section.
1b5ec234 1858 */
3655cb9c 1859void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1860{
3655cb9c
GA		 1861 RAMBlock *block = ram_block;
1862
1863 if (block == NULL) {
1864 block = qemu_get_ram_block(addr);
1865 }
ae3a7047
MD		 1866
1867 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1868 /* We need to check if the requested address is in the RAM
1869 * because we don't want to map the entire memory in QEMU.
1870 * In that case just map until the end of the page.
1871 */
1872 if (block->offset == 0) {
49b24afc 1873 return xen_map_cache(addr, 0, 0);
0d6d3c87 1874 }
ae3a7047
MD		 1875
1876 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1877 }
49b24afc 1878 return ramblock_ptr(block, addr - block->offset);
dc828ca1
PB		 1879}
1880
38bee5dc 1881/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
ae3a7047 1882 * but takes a size argument.
0dc3f44a 1883 *
e81bcda5 1884 * Called within RCU critical section.
ae3a7047 1885 */
3655cb9c
GA		 1886static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1887 hwaddr *size)
38bee5dc 1888{
3655cb9c 1889 RAMBlock *block = ram_block;
e81bcda5 1890 ram_addr_t offset_inside_block;
8ab934f9
SS		 1891 if (*size == 0) {
1892 return NULL;
1893 }
e81bcda5 1894
3655cb9c
GA		 1895 if (block == NULL) {
1896 block = qemu_get_ram_block(addr);
1897 }
e81bcda5
PB		 1898 offset_inside_block = addr - block->offset;
1899 *size = MIN(*size, block->max_length - offset_inside_block);
1900
1901 if (xen_enabled() && block->host == NULL) {
1902 /* We need to check if the requested address is in the RAM
1903 * because we don't want to map the entire memory in QEMU.
1904 * In that case just map the requested area.
1905 */
1906 if (block->offset == 0) {
1907 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1908 }
1909
e81bcda5 1910 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1911 }
e81bcda5
PB		 1912
1913 return ramblock_ptr(block, offset_inside_block);
38bee5dc
SS		 1914}
1915
422148d3
DDAG		 1916/*
1917 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1918 * in that RAMBlock.
1919 *
1920 * ptr: Host pointer to look up
1921 * round_offset: If true round the result offset down to a page boundary
1922 * *ram_addr: set to result ram_addr
1923 * *offset: set to result offset within the RAMBlock
1924 *
1925 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1926 *
1927 * By the time this function returns, the returned pointer is not protected
1928 * by RCU anymore. If the caller is not within an RCU critical section and
1929 * does not hold the iothread lock, it must have other means of protecting the
1930 * pointer, such as a reference to the region that includes the incoming
1931 * ram_addr_t.
1932 */
422148d3
DDAG		 1933RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1934 ram_addr_t *ram_addr,
1935 ram_addr_t *offset)
5579c7f3 1936{
94a6b54f
PB		 1937 RAMBlock *block;
1938 uint8_t *host = ptr;
1939
868bb33f 1940 if (xen_enabled()) {
0dc3f44a 1941 rcu_read_lock();
e41d7c69 1942 *ram_addr = xen_ram_addr_from_mapcache(ptr);
422148d3
DDAG		 1943 block = qemu_get_ram_block(*ram_addr);
1944 if (block) {
1945 *offset = (host - block->host);
1946 }
0dc3f44a 1947 rcu_read_unlock();
422148d3 1948 return block;
712c2b41
SS		 1949 }
1950
0dc3f44a
MD		 1951 rcu_read_lock();
1952 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1953 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1954 goto found;
1955 }
1956
0dc3f44a 1957 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1958 /* This case append when the block is not mapped. */
1959 if (block->host == NULL) {
1960 continue;
1961 }
9b8424d5 1962 if (host - block->host < block->max_length) {
23887b79 1963 goto found;
f471a17e 1964 }
94a6b54f 1965 }
432d268c 1966
0dc3f44a 1967 rcu_read_unlock();
1b5ec234 1968 return NULL;
23887b79
PB		 1969
1970found:
422148d3
DDAG		 1971 *offset = (host - block->host);
1972 if (round_offset) {
1973 *offset &= TARGET_PAGE_MASK;
1974 }
1975 *ram_addr = block->offset + *offset;
0dc3f44a 1976 rcu_read_unlock();
422148d3
DDAG		 1977 return block;
1978}
1979
e3dd7493
DDAG		 1980/*
1981 * Finds the named RAMBlock
1982 *
1983 * name: The name of RAMBlock to find
1984 *
1985 * Returns: RAMBlock (or NULL if not found)
1986 */
1987RAMBlock *qemu_ram_block_by_name(const char *name)
1988{
1989 RAMBlock *block;
1990
1991 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1992 if (!strcmp(name, block->idstr)) {
1993 return block;
1994 }
1995 }
1996
1997 return NULL;
1998}
1999
422148d3
DDAG		 2000/* Some of the softmmu routines need to translate from a host pointer
2001 (typically a TLB entry) back to a ram offset. */
2002MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2003{
2004 RAMBlock *block;
2005 ram_addr_t offset; /* Not used */
2006
2007 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2008
2009 if (!block) {
2010 return NULL;
2011 }
2012
2013 return block->mr;
e890261f 2014}
f471a17e 2015
49b24afc 2016/* Called within RCU critical section. */
a8170e5e 2017static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 2018 uint64_t val, unsigned size)
9fa3e853 2019{
52159192 2020 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 2021 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 2022 }
0e0df1e2
AK		 2023 switch (size) {
2024 case 1:
3655cb9c 2025 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2026 break;
2027 case 2:
3655cb9c 2028 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2029 break;
2030 case 4:
3655cb9c 2031 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 2032 break;
2033 default:
2034 abort();
3a7d929e 2035 }
58d2707e
PB		 2036 /* Set both VGA and migration bits for simplicity and to remove
2037 * the notdirty callback faster.
2038 */
2039 cpu_physical_memory_set_dirty_range(ram_addr, size,
2040 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 2041 /* we remove the notdirty callback only if the code has been
2042 flushed */
a2cd8c85 2043 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2044 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2045 }
9fa3e853
FB		 2046}
2047
b018ddf6
PB		 2048static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2049 unsigned size, bool is_write)
2050{
2051 return is_write;
2052}
2053
0e0df1e2 2054static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2055 .write = notdirty_mem_write,
b018ddf6 2056 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2057 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2058};
2059
0f459d16 2060/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2061static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2062{
93afeade 2063 CPUState *cpu = current_cpu;
568496c0 2064 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2065 CPUArchState *env = cpu->env_ptr;
06d55cc1 2066 target_ulong pc, cs_base;
0f459d16 2067 target_ulong vaddr;
a1d1bb31 2068 CPUWatchpoint *wp;
89fee74a 2069 uint32_t cpu_flags;
0f459d16 2070
ff4700b0 2071 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2072 /* We re-entered the check after replacing the TB. Now raise
2073 * the debug interrupt so that is will trigger after the
2074 * current instruction. */
93afeade 2075 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2076 return;
2077 }
93afeade 2078 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2079 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2080 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2081 && (wp->flags & flags)) {
08225676
PM		 2082 if (flags == BP_MEM_READ) {
2083 wp->flags |= BP_WATCHPOINT_HIT_READ;
2084 } else {
2085 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2086 }
2087 wp->hitaddr = vaddr;
66b9b43c 2088 wp->hitattrs = attrs;
ff4700b0 2089 if (!cpu->watchpoint_hit) {
568496c0
SF		 2090 if (wp->flags & BP_CPU &&
2091 !cc->debug_check_watchpoint(cpu, wp)) {
2092 wp->flags &= ~BP_WATCHPOINT_HIT;
2093 continue;
2094 }
ff4700b0 2095 cpu->watchpoint_hit = wp;
239c51a5 2096 tb_check_watchpoint(cpu);
6e140f28 2097 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2098 cpu->exception_index = EXCP_DEBUG;
5638d180 2099 cpu_loop_exit(cpu);
6e140f28
AL		 2100 } else {
2101 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2102 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
0ea8cb88 2103 cpu_resume_from_signal(cpu, NULL);
6e140f28 2104 }
06d55cc1 2105 }
6e140f28
AL		 2106 } else {
2107 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2108 }
2109 }
2110}
2111
6658ffb8
PB		 2112/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2113 so these check for a hit then pass through to the normal out-of-line
2114 phys routines. */
66b9b43c
PM		 2115static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2116 unsigned size, MemTxAttrs attrs)
6658ffb8 2117{
66b9b43c
PM		 2118 MemTxResult res;
2119 uint64_t data;
79ed0416
PM		 2120 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2121 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2122
2123 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2124 switch (size) {
66b9b43c 2125 case 1:
79ed0416 2126 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2127 break;
2128 case 2:
79ed0416 2129 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2130 break;
2131 case 4:
79ed0416 2132 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2133 break;
1ec9b909
AK		 2134 default: abort();
2135 }
66b9b43c
PM		 2136 *pdata = data;
2137 return res;
6658ffb8
PB		 2138}
2139
66b9b43c
PM		 2140static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2141 uint64_t val, unsigned size,
2142 MemTxAttrs attrs)
6658ffb8 2143{
66b9b43c 2144 MemTxResult res;
79ed0416
PM		 2145 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2146 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2147
2148 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2149 switch (size) {
67364150 2150 case 1:
79ed0416 2151 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2152 break;
2153 case 2:
79ed0416 2154 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2155 break;
2156 case 4:
79ed0416 2157 address_space_stl(as, addr, val, attrs, &res);
67364150 2158 break;
1ec9b909
AK		 2159 default: abort();
2160 }
66b9b43c 2161 return res;
6658ffb8
PB		 2162}
2163
1ec9b909 2164static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2165 .read_with_attrs = watch_mem_read,
2166 .write_with_attrs = watch_mem_write,
1ec9b909 2167 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2168};
6658ffb8 2169
f25a49e0
PM		 2170static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2171 unsigned len, MemTxAttrs attrs)
db7b5426 2172{
acc9d80b 2173 subpage_t *subpage = opaque;
ff6cff75 2174 uint8_t buf[8];
5c9eb028 2175 MemTxResult res;
791af8c8 2176
db7b5426 2177#if defined(DEBUG_SUBPAGE)
016e9d62 2178 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2179 subpage, len, addr);
db7b5426 2180#endif
5c9eb028
PM		 2181 res = address_space_read(subpage->as, addr + subpage->base,
2182 attrs, buf, len);
2183 if (res) {
2184 return res;
f25a49e0 2185 }
acc9d80b
JK		 2186 switch (len) {
2187 case 1:
f25a49e0
PM		 2188 *data = ldub_p(buf);
2189 return MEMTX_OK;
acc9d80b 2190 case 2:
f25a49e0
PM		 2191 *data = lduw_p(buf);
2192 return MEMTX_OK;
acc9d80b 2193 case 4:
f25a49e0
PM		 2194 *data = ldl_p(buf);
2195 return MEMTX_OK;
ff6cff75 2196 case 8:
f25a49e0
PM		 2197 *data = ldq_p(buf);
2198 return MEMTX_OK;
acc9d80b
JK		 2199 default:
2200 abort();
2201 }
db7b5426
BS		 2202}
2203
f25a49e0
PM		 2204static MemTxResult subpage_write(void *opaque, hwaddr addr,
2205 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2206{
acc9d80b 2207 subpage_t *subpage = opaque;
ff6cff75 2208 uint8_t buf[8];
acc9d80b 2209
db7b5426 2210#if defined(DEBUG_SUBPAGE)
016e9d62 2211 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2212 " value %"PRIx64"\n",
2213 __func__, subpage, len, addr, value);
db7b5426 2214#endif
acc9d80b
JK		 2215 switch (len) {
2216 case 1:
2217 stb_p(buf, value);
2218 break;
2219 case 2:
2220 stw_p(buf, value);
2221 break;
2222 case 4:
2223 stl_p(buf, value);
2224 break;
ff6cff75
PB		 2225 case 8:
2226 stq_p(buf, value);
2227 break;
acc9d80b
JK		 2228 default:
2229 abort();
2230 }
5c9eb028
PM		 2231 return address_space_write(subpage->as, addr + subpage->base,
2232 attrs, buf, len);
db7b5426
BS		 2233}
2234
c353e4cc 2235static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2236 unsigned len, bool is_write)
c353e4cc 2237{
acc9d80b 2238 subpage_t *subpage = opaque;
c353e4cc 2239#if defined(DEBUG_SUBPAGE)
016e9d62 2240 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2241 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2242#endif
2243
acc9d80b 2244 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2245 len, is_write);
c353e4cc
PB		 2246}
2247
70c68e44 2248static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2249 .read_with_attrs = subpage_read,
2250 .write_with_attrs = subpage_write,
ff6cff75
PB		 2251 .impl.min_access_size = 1,
2252 .impl.max_access_size = 8,
2253 .valid.min_access_size = 1,
2254 .valid.max_access_size = 8,
c353e4cc 2255 .valid.accepts = subpage_accepts,
70c68e44 2256 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2257};
2258
c227f099 2259static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2260 uint16_t section)
db7b5426
BS		 2261{
2262 int idx, eidx;
2263
2264 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2265 return -1;
2266 idx = SUBPAGE_IDX(start);
2267 eidx = SUBPAGE_IDX(end);
2268#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2269 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2270 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2271#endif
db7b5426 2272 for (; idx <= eidx; idx++) {
5312bd8b 2273 mmio->sub_section[idx] = section;
db7b5426
BS		 2274 }
2275
2276 return 0;
2277}
2278
acc9d80b 2279static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2280{
c227f099 2281 subpage_t *mmio;
db7b5426 2282
7267c094 2283 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2284
acc9d80b 2285 mmio->as = as;
1eec614b 2286 mmio->base = base;
2c9b15ca 2287 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2288 NULL, TARGET_PAGE_SIZE);
b3b00c78 2289 mmio->iomem.subpage = true;
db7b5426 2290#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2291 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2292 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2293#endif
b41aac4f 2294 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2295
2296 return mmio;
2297}
2298
a656e22f
PC		 2299static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2300 MemoryRegion *mr)
5312bd8b 2301{
a656e22f 2302 assert(as);
5312bd8b 2303 MemoryRegionSection section = {
a656e22f 2304 .address_space = as,
5312bd8b
AK		 2305 .mr = mr,
2306 .offset_within_address_space = 0,
2307 .offset_within_region = 0,
052e87b0 2308 .size = int128_2_64(),
5312bd8b
AK		 2309 };
2310
53cb28cb 2311 return phys_section_add(map, &section);
5312bd8b
AK		 2312}
2313
a54c87b6 2314MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2315{
a54c87b6
PM		 2316 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2317 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2318 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2319 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2320
2321 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2322}
2323
e9179ce1
AK		 2324static void io_mem_init(void)
2325{
1f6245e5 2326 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2327 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2328 NULL, UINT64_MAX);
2c9b15ca 2329 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2330 NULL, UINT64_MAX);
2c9b15ca 2331 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2332 NULL, UINT64_MAX);
e9179ce1
AK		 2333}
2334
ac1970fb 2335static void mem_begin(MemoryListener *listener)
00752703
PB		 2336{
2337 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2338 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2339 uint16_t n;
2340
a656e22f 2341 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2342 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2343 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2344 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2345 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2346 assert(n == PHYS_SECTION_ROM);
a656e22f 2347 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2348 assert(n == PHYS_SECTION_WATCH);
00752703 2349
9736e55b 2350 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2351 d->as = as;
2352 as->next_dispatch = d;
2353}
2354
79e2b9ae
PB		 2355static void address_space_dispatch_free(AddressSpaceDispatch *d)
2356{
2357 phys_sections_free(&d->map);
2358 g_free(d);
2359}
2360
00752703 2361static void mem_commit(MemoryListener *listener)
ac1970fb 2362{
89ae337a 2363 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2364 AddressSpaceDispatch *cur = as->dispatch;
2365 AddressSpaceDispatch *next = as->next_dispatch;
2366
53cb28cb 2367 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2368
79e2b9ae 2369 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2370 if (cur) {
79e2b9ae 2371 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2372 }
9affd6fc
PB		 2373}
2374
1d71148e 2375static void tcg_commit(MemoryListener *listener)
50c1e149 2376{
32857f4d
PM		 2377 CPUAddressSpace *cpuas;
2378 AddressSpaceDispatch *d;
117712c3
AK		 2379
2380 /* since each CPU stores ram addresses in its TLB cache, we must
2381 reset the modified entries */
32857f4d
PM		 2382 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2383 cpu_reloading_memory_map();
2384 /* The CPU and TLB are protected by the iothread lock.
2385 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2386 * may have split the RCU critical section.
2387 */
2388 d = atomic_rcu_read(&cpuas->as->dispatch);
2389 cpuas->memory_dispatch = d;
2390 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2391}
2392
ac1970fb
AK		 2393void address_space_init_dispatch(AddressSpace *as)
2394{
00752703 2395 as->dispatch = NULL;
89ae337a 2396 as->dispatch_listener = (MemoryListener) {
ac1970fb 2397 .begin = mem_begin,
00752703 2398 .commit = mem_commit,
ac1970fb
AK		 2399 .region_add = mem_add,
2400 .region_nop = mem_add,
2401 .priority = 0,
2402 };
89ae337a 2403 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2404}
2405
6e48e8f9
PB		 2406void address_space_unregister(AddressSpace *as)
2407{
2408 memory_listener_unregister(&as->dispatch_listener);
2409}
2410
83f3c251
AK		 2411void address_space_destroy_dispatch(AddressSpace *as)
2412{
2413 AddressSpaceDispatch *d = as->dispatch;
2414
79e2b9ae
PB		 2415 atomic_rcu_set(&as->dispatch, NULL);
2416 if (d) {
2417 call_rcu(d, address_space_dispatch_free, rcu);
2418 }
83f3c251
AK		 2419}
2420
62152b8a
AK		 2421static void memory_map_init(void)
2422{
7267c094 2423 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2424
57271d63 2425 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2426 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2427
7267c094 2428 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2429 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2430 65536);
7dca8043 2431 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2432}
2433
2434MemoryRegion *get_system_memory(void)
2435{
2436 return system_memory;
2437}
2438
309cb471
AK		 2439MemoryRegion *get_system_io(void)
2440{
2441 return system_io;
2442}
2443
e2eef170
PB		 2444#endif /* !defined(CONFIG_USER_ONLY) */
2445
13eb76e0
FB		 2446/* physical memory access (slow version, mainly for debug) */
2447#if defined(CONFIG_USER_ONLY)
f17ec444 2448int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2449 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2450{
2451 int l, flags;
2452 target_ulong page;
53a5960a 2453 void * p;
13eb76e0
FB		 2454
2455 while (len > 0) {
2456 page = addr & TARGET_PAGE_MASK;
2457 l = (page + TARGET_PAGE_SIZE) - addr;
2458 if (l > len)
2459 l = len;
2460 flags = page_get_flags(page);
2461 if (!(flags & PAGE_VALID))
a68fe89c 2462 return -1;
13eb76e0
FB		 2463 if (is_write) {
2464 if (!(flags & PAGE_WRITE))
a68fe89c 2465 return -1;
579a97f7 2466 /* XXX: this code should not depend on lock_user */
72fb7daa 2467 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2468 return -1;
72fb7daa
AJ		 2469 memcpy(p, buf, l);
2470 unlock_user(p, addr, l);
13eb76e0
FB		 2471 } else {
2472 if (!(flags & PAGE_READ))
a68fe89c 2473 return -1;
579a97f7 2474 /* XXX: this code should not depend on lock_user */
72fb7daa 2475 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2476 return -1;
72fb7daa 2477 memcpy(buf, p, l);
5b257578 2478 unlock_user(p, addr, 0);
13eb76e0
FB		 2479 }
2480 len -= l;
2481 buf += l;
2482 addr += l;
2483 }
a68fe89c 2484 return 0;
13eb76e0 2485}
8df1cd07 2486
13eb76e0 2487#else
51d7a9eb 2488
845b6214 2489static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2490 hwaddr length)
51d7a9eb 2491{
e87f7778
PB		 2492 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2493 /* No early return if dirty_log_mask is or becomes 0, because
2494 * cpu_physical_memory_set_dirty_range will still call
2495 * xen_modified_memory.
2496 */
2497 if (dirty_log_mask) {
2498 dirty_log_mask =
2499 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2500 }
2501 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2502 tb_invalidate_phys_range(addr, addr + length);
2503 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2504 }
e87f7778 2505 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2506}
2507
23326164 2508static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2509{
e1622f4b 2510 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2511
2512 /* Regions are assumed to support 1-4 byte accesses unless
2513 otherwise specified. */
23326164
RH		 2514 if (access_size_max == 0) {
2515 access_size_max = 4;
2516 }
2517
2518 /* Bound the maximum access by the alignment of the address. */
2519 if (!mr->ops->impl.unaligned) {
2520 unsigned align_size_max = addr & -addr;
2521 if (align_size_max != 0 && align_size_max < access_size_max) {
2522 access_size_max = align_size_max;
2523 }
82f2563f 2524 }
23326164
RH		 2525
2526 /* Don't attempt accesses larger than the maximum. */
2527 if (l > access_size_max) {
2528 l = access_size_max;
82f2563f 2529 }
6554f5c0 2530 l = pow2floor(l);
23326164
RH		 2531
2532 return l;
82f2563f
PB		 2533}
2534
4840f10e 2535static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2536{
4840f10e
JK		 2537 bool unlocked = !qemu_mutex_iothread_locked();
2538 bool release_lock = false;
2539
2540 if (unlocked && mr->global_locking) {
2541 qemu_mutex_lock_iothread();
2542 unlocked = false;
2543 release_lock = true;
2544 }
125b3806 2545 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2546 if (unlocked) {
2547 qemu_mutex_lock_iothread();
2548 }
125b3806 2549 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2550 if (unlocked) {
2551 qemu_mutex_unlock_iothread();
2552 }
125b3806 2553 }
4840f10e
JK		 2554
2555 return release_lock;
125b3806
PB		 2556}
2557
a203ac70
PB		 2558/* Called within RCU critical section. */
2559static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2560 MemTxAttrs attrs,
2561 const uint8_t *buf,
2562 int len, hwaddr addr1,
2563 hwaddr l, MemoryRegion *mr)
13eb76e0 2564{
13eb76e0 2565 uint8_t *ptr;
791af8c8 2566 uint64_t val;
3b643495 2567 MemTxResult result = MEMTX_OK;
4840f10e 2568 bool release_lock = false;
3b46e624 2569
a203ac70 2570 for (;;) {
eb7eeb88
PB		 2571 if (!memory_access_is_direct(mr, true)) {
2572 release_lock |= prepare_mmio_access(mr);
2573 l = memory_access_size(mr, l, addr1);
2574 /* XXX: could force current_cpu to NULL to avoid
2575 potential bugs */
2576 switch (l) {
2577 case 8:
2578 /* 64 bit write access */
2579 val = ldq_p(buf);
2580 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2581 attrs);
2582 break;
2583 case 4:
2584 /* 32 bit write access */
2585 val = ldl_p(buf);
2586 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2587 attrs);
2588 break;
2589 case 2:
2590 /* 16 bit write access */
2591 val = lduw_p(buf);
2592 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2593 attrs);
2594 break;
2595 case 1:
2596 /* 8 bit write access */
2597 val = ldub_p(buf);
2598 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2599 attrs);
2600 break;
2601 default:
2602 abort();
13eb76e0
FB		 2603 }
2604 } else {
eb7eeb88
PB		 2605 addr1 += memory_region_get_ram_addr(mr);
2606 /* RAM case */
3655cb9c 2607 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2608 memcpy(ptr, buf, l);
2609 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2610 }
4840f10e
JK		 2611
2612 if (release_lock) {
2613 qemu_mutex_unlock_iothread();
2614 release_lock = false;
2615 }
2616
13eb76e0
FB		 2617 len -= l;
2618 buf += l;
2619 addr += l;
a203ac70
PB		 2620
2621 if (!len) {
2622 break;
2623 }
2624
2625 l = len;
2626 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2627 }
fd8aaa76 2628
3b643495 2629 return result;
13eb76e0 2630}
8df1cd07 2631
a203ac70
PB		 2632MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2633 const uint8_t *buf, int len)
ac1970fb 2634{
eb7eeb88 2635 hwaddr l;
eb7eeb88
PB		 2636 hwaddr addr1;
2637 MemoryRegion *mr;
2638 MemTxResult result = MEMTX_OK;
eb7eeb88 2639
a203ac70
PB		 2640 if (len > 0) {
2641 rcu_read_lock();
eb7eeb88 2642 l = len;
a203ac70
PB		 2643 mr = address_space_translate(as, addr, &addr1, &l, true);
2644 result = address_space_write_continue(as, addr, attrs, buf, len,
2645 addr1, l, mr);
2646 rcu_read_unlock();
2647 }
2648
2649 return result;
2650}
2651
2652/* Called within RCU critical section. */
2653MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2654 MemTxAttrs attrs, uint8_t *buf,
2655 int len, hwaddr addr1, hwaddr l,
2656 MemoryRegion *mr)
2657{
2658 uint8_t *ptr;
2659 uint64_t val;
2660 MemTxResult result = MEMTX_OK;
2661 bool release_lock = false;
eb7eeb88 2662
a203ac70 2663 for (;;) {
eb7eeb88
PB		 2664 if (!memory_access_is_direct(mr, false)) {
2665 /* I/O case */
2666 release_lock |= prepare_mmio_access(mr);
2667 l = memory_access_size(mr, l, addr1);
2668 switch (l) {
2669 case 8:
2670 /* 64 bit read access */
2671 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2672 attrs);
2673 stq_p(buf, val);
2674 break;
2675 case 4:
2676 /* 32 bit read access */
2677 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2678 attrs);
2679 stl_p(buf, val);
2680 break;
2681 case 2:
2682 /* 16 bit read access */
2683 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2684 attrs);
2685 stw_p(buf, val);
2686 break;
2687 case 1:
2688 /* 8 bit read access */
2689 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2690 attrs);
2691 stb_p(buf, val);
2692 break;
2693 default:
2694 abort();
2695 }
2696 } else {
2697 /* RAM case */
8e41fb63
FZ		 2698 ptr = qemu_get_ram_ptr(mr->ram_block,
2699 memory_region_get_ram_addr(mr) + addr1);
eb7eeb88
PB		 2700 memcpy(buf, ptr, l);
2701 }
2702
2703 if (release_lock) {
2704 qemu_mutex_unlock_iothread();
2705 release_lock = false;
2706 }
2707
2708 len -= l;
2709 buf += l;
2710 addr += l;
a203ac70
PB		 2711
2712 if (!len) {
2713 break;
2714 }
2715
2716 l = len;
2717 mr = address_space_translate(as, addr, &addr1, &l, false);
2718 }
2719
2720 return result;
2721}
2722
3cc8f884
PB		 2723MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2724 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2725{
2726 hwaddr l;
2727 hwaddr addr1;
2728 MemoryRegion *mr;
2729 MemTxResult result = MEMTX_OK;
2730
2731 if (len > 0) {
2732 rcu_read_lock();
2733 l = len;
2734 mr = address_space_translate(as, addr, &addr1, &l, false);
2735 result = address_space_read_continue(as, addr, attrs, buf, len,
2736 addr1, l, mr);
2737 rcu_read_unlock();
eb7eeb88 2738 }
eb7eeb88
PB		 2739
2740 return result;
ac1970fb
AK		 2741}
2742
eb7eeb88
PB		 2743MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2744 uint8_t *buf, int len, bool is_write)
2745{
2746 if (is_write) {
2747 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2748 } else {
2749 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2750 }
2751}
ac1970fb 2752
a8170e5e 2753void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2754 int len, int is_write)
2755{
5c9eb028
PM		 2756 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2757 buf, len, is_write);
ac1970fb
AK		 2758}
2759
582b55a9
AG		 2760enum write_rom_type {
2761 WRITE_DATA,
2762 FLUSH_CACHE,
2763};
2764
2a221651 2765static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2766 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2767{
149f54b5 2768 hwaddr l;
d0ecd2aa 2769 uint8_t *ptr;
149f54b5 2770 hwaddr addr1;
5c8a00ce 2771 MemoryRegion *mr;
3b46e624 2772
41063e1e 2773 rcu_read_lock();
d0ecd2aa 2774 while (len > 0) {
149f54b5 2775 l = len;
2a221651 2776 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2777
5c8a00ce
PB		 2778 if (!(memory_region_is_ram(mr) ||
2779 memory_region_is_romd(mr))) {
b242e0e0 2780 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2781 } else {
5c8a00ce 2782 addr1 += memory_region_get_ram_addr(mr);
d0ecd2aa 2783 /* ROM/RAM case */
3655cb9c 2784 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2785 switch (type) {
2786 case WRITE_DATA:
2787 memcpy(ptr, buf, l);
845b6214 2788 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2789 break;
2790 case FLUSH_CACHE:
2791 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2792 break;
2793 }
d0ecd2aa
FB		 2794 }
2795 len -= l;
2796 buf += l;
2797 addr += l;
2798 }
41063e1e 2799 rcu_read_unlock();
d0ecd2aa
FB		 2800}
2801
582b55a9 2802/* used for ROM loading : can write in RAM and ROM */
2a221651 2803void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2804 const uint8_t *buf, int len)
2805{
2a221651 2806 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2807}
2808
2809void cpu_flush_icache_range(hwaddr start, int len)
2810{
2811 /*
2812 * This function should do the same thing as an icache flush that was
2813 * triggered from within the guest. For TCG we are always cache coherent,
2814 * so there is no need to flush anything. For KVM / Xen we need to flush
2815 * the host's instruction cache at least.
2816 */
2817 if (tcg_enabled()) {
2818 return;
2819 }
2820
2a221651
EI		 2821 cpu_physical_memory_write_rom_internal(&address_space_memory,
2822 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2823}
2824
6d16c2f8 2825typedef struct {
d3e71559 2826 MemoryRegion *mr;
6d16c2f8 2827 void *buffer;
a8170e5e
AK		 2828 hwaddr addr;
2829 hwaddr len;
c2cba0ff 2830 bool in_use;
6d16c2f8
AL		 2831} BounceBuffer;
2832
2833static BounceBuffer bounce;
2834
ba223c29 2835typedef struct MapClient {
e95205e1 2836 QEMUBH *bh;
72cf2d4f 2837 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2838} MapClient;
2839
38e047b5 2840QemuMutex map_client_list_lock;
72cf2d4f
BS		 2841static QLIST_HEAD(map_client_list, MapClient) map_client_list
2842 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2843
e95205e1
FZ		 2844static void cpu_unregister_map_client_do(MapClient *client)
2845{
2846 QLIST_REMOVE(client, link);
2847 g_free(client);
2848}
2849
33b6c2ed
FZ		 2850static void cpu_notify_map_clients_locked(void)
2851{
2852 MapClient *client;
2853
2854 while (!QLIST_EMPTY(&map_client_list)) {
2855 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2856 qemu_bh_schedule(client->bh);
2857 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2858 }
2859}
2860
e95205e1 2861void cpu_register_map_client(QEMUBH *bh)
ba223c29 2862{
7267c094 2863 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2864
38e047b5 2865 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2866 client->bh = bh;
72cf2d4f 2867 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2868 if (!atomic_read(&bounce.in_use)) {
2869 cpu_notify_map_clients_locked();
2870 }
38e047b5 2871 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2872}
2873
38e047b5 2874void cpu_exec_init_all(void)
ba223c29 2875{
38e047b5 2876 qemu_mutex_init(&ram_list.mutex);
38e047b5 2877 io_mem_init();
680a4783 2878 memory_map_init();
38e047b5 2879 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2880}
2881
e95205e1 2882void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2883{
2884 MapClient *client;
2885
e95205e1
FZ		 2886 qemu_mutex_lock(&map_client_list_lock);
2887 QLIST_FOREACH(client, &map_client_list, link) {
2888 if (client->bh == bh) {
2889 cpu_unregister_map_client_do(client);
2890 break;
2891 }
ba223c29 2892 }
e95205e1 2893 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2894}
2895
2896static void cpu_notify_map_clients(void)
2897{
38e047b5 2898 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2899 cpu_notify_map_clients_locked();
38e047b5 2900 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2901}
2902
51644ab7
PB		 2903bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2904{
5c8a00ce 2905 MemoryRegion *mr;
51644ab7
PB		 2906 hwaddr l, xlat;
2907
41063e1e 2908 rcu_read_lock();
51644ab7
PB		 2909 while (len > 0) {
2910 l = len;
5c8a00ce
PB		 2911 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2912 if (!memory_access_is_direct(mr, is_write)) {
2913 l = memory_access_size(mr, l, addr);
2914 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2915 return false;
2916 }
2917 }
2918
2919 len -= l;
2920 addr += l;
2921 }
41063e1e 2922 rcu_read_unlock();
51644ab7
PB		 2923 return true;
2924}
2925
6d16c2f8
AL		 2926/* Map a physical memory region into a host virtual address.
2927 * May map a subset of the requested range, given by and returned in *plen.
2928 * May return NULL if resources needed to perform the mapping are exhausted.
2929 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2930 * Use cpu_register_map_client() to know when retrying the map operation is
2931 * likely to succeed.
6d16c2f8 2932 */
ac1970fb 2933void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2934 hwaddr addr,
2935 hwaddr *plen,
ac1970fb 2936 bool is_write)
6d16c2f8 2937{
a8170e5e 2938 hwaddr len = *plen;
e3127ae0
PB		 2939 hwaddr done = 0;
2940 hwaddr l, xlat, base;
2941 MemoryRegion *mr, *this_mr;
2942 ram_addr_t raddr;
e81bcda5 2943 void *ptr;
6d16c2f8 2944
e3127ae0
PB		 2945 if (len == 0) {
2946 return NULL;
2947 }
38bee5dc 2948
e3127ae0 2949 l = len;
41063e1e 2950 rcu_read_lock();
e3127ae0 2951 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2952
e3127ae0 2953 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2954 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2955 rcu_read_unlock();
e3127ae0 2956 return NULL;
6d16c2f8 2957 }
e85d9db5
KW		 2958 /* Avoid unbounded allocations */
2959 l = MIN(l, TARGET_PAGE_SIZE);
2960 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2961 bounce.addr = addr;
2962 bounce.len = l;
d3e71559
PB		 2963
2964 memory_region_ref(mr);
2965 bounce.mr = mr;
e3127ae0 2966 if (!is_write) {
5c9eb028
PM		 2967 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2968 bounce.buffer, l);
8ab934f9 2969 }
6d16c2f8 2970
41063e1e 2971 rcu_read_unlock();
e3127ae0
PB		 2972 *plen = l;
2973 return bounce.buffer;
2974 }
2975
2976 base = xlat;
2977 raddr = memory_region_get_ram_addr(mr);
2978
2979 for (;;) {
6d16c2f8
AL		 2980 len -= l;
2981 addr += l;
e3127ae0
PB		 2982 done += l;
2983 if (len == 0) {
2984 break;
2985 }
2986
2987 l = len;
2988 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2989 if (this_mr != mr || xlat != base + done) {
2990 break;
2991 }
6d16c2f8 2992 }
e3127ae0 2993
d3e71559 2994 memory_region_ref(mr);
e3127ae0 2995 *plen = done;
3655cb9c 2996 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
e81bcda5
PB		 2997 rcu_read_unlock();
2998
2999 return ptr;
6d16c2f8
AL		 3000}
3001
ac1970fb 3002/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3003 * Will also mark the memory as dirty if is_write == 1. access_len gives
3004 * the amount of memory that was actually read or written by the caller.
3005 */
a8170e5e
AK		 3006void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3007 int is_write, hwaddr access_len)
6d16c2f8
AL		 3008{
3009 if (buffer != bounce.buffer) {
d3e71559
PB		 3010 MemoryRegion *mr;
3011 ram_addr_t addr1;
3012
3013 mr = qemu_ram_addr_from_host(buffer, &addr1);
3014 assert(mr != NULL);
6d16c2f8 3015 if (is_write) {
845b6214 3016 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 3017 }
868bb33f 3018 if (xen_enabled()) {
e41d7c69 3019 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3020 }
d3e71559 3021 memory_region_unref(mr);
6d16c2f8
AL		 3022 return;
3023 }
3024 if (is_write) {
5c9eb028
PM		 3025 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3026 bounce.buffer, access_len);
6d16c2f8 3027 }
f8a83245 3028 qemu_vfree(bounce.buffer);
6d16c2f8 3029 bounce.buffer = NULL;
d3e71559 3030 memory_region_unref(bounce.mr);
c2cba0ff 3031 atomic_mb_set(&bounce.in_use, false);
ba223c29 3032 cpu_notify_map_clients();
6d16c2f8 3033}
d0ecd2aa 3034
a8170e5e
AK		 3035void *cpu_physical_memory_map(hwaddr addr,
3036 hwaddr *plen,
ac1970fb
AK		 3037 int is_write)
3038{
3039 return address_space_map(&address_space_memory, addr, plen, is_write);
3040}
3041
a8170e5e
AK		 3042void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3043 int is_write, hwaddr access_len)
ac1970fb
AK		 3044{
3045 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3046}
3047
8df1cd07 3048/* warning: addr must be aligned */
50013115
PM		 3049static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3050 MemTxAttrs attrs,
3051 MemTxResult *result,
3052 enum device_endian endian)
8df1cd07 3053{
8df1cd07 3054 uint8_t *ptr;
791af8c8 3055 uint64_t val;
5c8a00ce 3056 MemoryRegion *mr;
149f54b5
PB		 3057 hwaddr l = 4;
3058 hwaddr addr1;
50013115 3059 MemTxResult r;
4840f10e 3060 bool release_lock = false;
8df1cd07 3061
41063e1e 3062 rcu_read_lock();
fdfba1a2 3063 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3064 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3065 release_lock |= prepare_mmio_access(mr);
125b3806 3066
8df1cd07 3067 /* I/O case */
50013115 3068 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3069#if defined(TARGET_WORDS_BIGENDIAN)
3070 if (endian == DEVICE_LITTLE_ENDIAN) {
3071 val = bswap32(val);
3072 }
3073#else
3074 if (endian == DEVICE_BIG_ENDIAN) {
3075 val = bswap32(val);
3076 }
3077#endif
8df1cd07
FB		 3078 } else {
3079 /* RAM case */
3655cb9c 3080 ptr = qemu_get_ram_ptr(mr->ram_block,
e4e69794 3081 memory_region_get_ram_addr(mr) + addr1);
1e78bcc1
AG		 3082 switch (endian) {
3083 case DEVICE_LITTLE_ENDIAN:
3084 val = ldl_le_p(ptr);
3085 break;
3086 case DEVICE_BIG_ENDIAN:
3087 val = ldl_be_p(ptr);
3088 break;
3089 default:
3090 val = ldl_p(ptr);
3091 break;
3092 }
50013115
PM		 3093 r = MEMTX_OK;
3094 }
3095 if (result) {
3096 *result = r;
8df1cd07 3097 }
4840f10e
JK		 3098 if (release_lock) {
3099 qemu_mutex_unlock_iothread();
3100 }
41063e1e 3101 rcu_read_unlock();
8df1cd07
FB		 3102 return val;
3103}
3104
50013115
PM		 3105uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3106 MemTxAttrs attrs, MemTxResult *result)
3107{
3108 return address_space_ldl_internal(as, addr, attrs, result,
3109 DEVICE_NATIVE_ENDIAN);
3110}
3111
3112uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3113 MemTxAttrs attrs, MemTxResult *result)
3114{
3115 return address_space_ldl_internal(as, addr, attrs, result,
3116 DEVICE_LITTLE_ENDIAN);
3117}
3118
3119uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3120 MemTxAttrs attrs, MemTxResult *result)
3121{
3122 return address_space_ldl_internal(as, addr, attrs, result,
3123 DEVICE_BIG_ENDIAN);
3124}
3125
fdfba1a2 3126uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3127{
50013115 3128 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3129}
3130
fdfba1a2 3131uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3132{
50013115 3133 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3134}
3135
fdfba1a2 3136uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3137{
50013115 3138 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3139}
3140
84b7b8e7 3141/* warning: addr must be aligned */
50013115
PM		 3142static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3143 MemTxAttrs attrs,
3144 MemTxResult *result,
3145 enum device_endian endian)
84b7b8e7 3146{
84b7b8e7
FB		 3147 uint8_t *ptr;
3148 uint64_t val;
5c8a00ce 3149 MemoryRegion *mr;
149f54b5
PB		 3150 hwaddr l = 8;
3151 hwaddr addr1;
50013115 3152 MemTxResult r;
4840f10e 3153 bool release_lock = false;
84b7b8e7 3154
41063e1e 3155 rcu_read_lock();
2c17449b 3156 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3157 false);
3158 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3159 release_lock |= prepare_mmio_access(mr);
125b3806 3160
84b7b8e7 3161 /* I/O case */
50013115 3162 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3163#if defined(TARGET_WORDS_BIGENDIAN)
3164 if (endian == DEVICE_LITTLE_ENDIAN) {
3165 val = bswap64(val);
3166 }
3167#else
3168 if (endian == DEVICE_BIG_ENDIAN) {
3169 val = bswap64(val);
3170 }
84b7b8e7
FB		 3171#endif
3172 } else {
3173 /* RAM case */
3655cb9c 3174 ptr = qemu_get_ram_ptr(mr->ram_block,
e4e69794 3175 memory_region_get_ram_addr(mr) + addr1);
1e78bcc1
AG		 3176 switch (endian) {
3177 case DEVICE_LITTLE_ENDIAN:
3178 val = ldq_le_p(ptr);
3179 break;
3180 case DEVICE_BIG_ENDIAN:
3181 val = ldq_be_p(ptr);
3182 break;
3183 default:
3184 val = ldq_p(ptr);
3185 break;
3186 }
50013115
PM		 3187 r = MEMTX_OK;
3188 }
3189 if (result) {
3190 *result = r;
84b7b8e7 3191 }
4840f10e
JK		 3192 if (release_lock) {
3193 qemu_mutex_unlock_iothread();
3194 }
41063e1e 3195 rcu_read_unlock();
84b7b8e7
FB		 3196 return val;
3197}
3198
50013115
PM		 3199uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3200 MemTxAttrs attrs, MemTxResult *result)
3201{
3202 return address_space_ldq_internal(as, addr, attrs, result,
3203 DEVICE_NATIVE_ENDIAN);
3204}
3205
3206uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3207 MemTxAttrs attrs, MemTxResult *result)
3208{
3209 return address_space_ldq_internal(as, addr, attrs, result,
3210 DEVICE_LITTLE_ENDIAN);
3211}
3212
3213uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3214 MemTxAttrs attrs, MemTxResult *result)
3215{
3216 return address_space_ldq_internal(as, addr, attrs, result,
3217 DEVICE_BIG_ENDIAN);
3218}
3219
2c17449b 3220uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3221{
50013115 3222 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3223}
3224
2c17449b 3225uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3226{
50013115 3227 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3228}
3229
2c17449b 3230uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3231{
50013115 3232 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3233}
3234
aab33094 3235/* XXX: optimize */
50013115
PM		 3236uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3237 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3238{
3239 uint8_t val;
50013115
PM		 3240 MemTxResult r;
3241
3242 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3243 if (result) {
3244 *result = r;
3245 }
aab33094
FB		 3246 return val;
3247}
3248
50013115
PM		 3249uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3250{
3251 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3252}
3253
733f0b02 3254/* warning: addr must be aligned */
50013115
PM		 3255static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3256 hwaddr addr,
3257 MemTxAttrs attrs,
3258 MemTxResult *result,
3259 enum device_endian endian)
aab33094 3260{
733f0b02
MT		 3261 uint8_t *ptr;
3262 uint64_t val;
5c8a00ce 3263 MemoryRegion *mr;
149f54b5
PB		 3264 hwaddr l = 2;
3265 hwaddr addr1;
50013115 3266 MemTxResult r;
4840f10e 3267 bool release_lock = false;
733f0b02 3268
41063e1e 3269 rcu_read_lock();
41701aa4 3270 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3271 false);
3272 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3273 release_lock |= prepare_mmio_access(mr);
125b3806 3274
733f0b02 3275 /* I/O case */
50013115 3276 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3277#if defined(TARGET_WORDS_BIGENDIAN)
3278 if (endian == DEVICE_LITTLE_ENDIAN) {
3279 val = bswap16(val);
3280 }
3281#else
3282 if (endian == DEVICE_BIG_ENDIAN) {
3283 val = bswap16(val);
3284 }
3285#endif
733f0b02
MT		 3286 } else {
3287 /* RAM case */
3655cb9c 3288 ptr = qemu_get_ram_ptr(mr->ram_block,
e4e69794 3289 memory_region_get_ram_addr(mr) + addr1);
1e78bcc1
AG		 3290 switch (endian) {
3291 case DEVICE_LITTLE_ENDIAN:
3292 val = lduw_le_p(ptr);
3293 break;
3294 case DEVICE_BIG_ENDIAN:
3295 val = lduw_be_p(ptr);
3296 break;
3297 default:
3298 val = lduw_p(ptr);
3299 break;
3300 }
50013115
PM		 3301 r = MEMTX_OK;
3302 }
3303 if (result) {
3304 *result = r;
733f0b02 3305 }
4840f10e
JK		 3306 if (release_lock) {
3307 qemu_mutex_unlock_iothread();
3308 }
41063e1e 3309 rcu_read_unlock();
733f0b02 3310 return val;
aab33094
FB		 3311}
3312
50013115
PM		 3313uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3314 MemTxAttrs attrs, MemTxResult *result)
3315{
3316 return address_space_lduw_internal(as, addr, attrs, result,
3317 DEVICE_NATIVE_ENDIAN);
3318}
3319
3320uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3321 MemTxAttrs attrs, MemTxResult *result)
3322{
3323 return address_space_lduw_internal(as, addr, attrs, result,
3324 DEVICE_LITTLE_ENDIAN);
3325}
3326
3327uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3328 MemTxAttrs attrs, MemTxResult *result)
3329{
3330 return address_space_lduw_internal(as, addr, attrs, result,
3331 DEVICE_BIG_ENDIAN);
3332}
3333
41701aa4 3334uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3335{
50013115 3336 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3337}
3338
41701aa4 3339uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3340{
50013115 3341 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3342}
3343
41701aa4 3344uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3345{
50013115 3346 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3347}
3348
8df1cd07
FB		 3349/* warning: addr must be aligned. The ram page is not masked as dirty
3350 and the code inside is not invalidated. It is useful if the dirty
3351 bits are used to track modified PTEs */
50013115
PM		 3352void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3353 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3354{
8df1cd07 3355 uint8_t *ptr;
5c8a00ce 3356 MemoryRegion *mr;
149f54b5
PB		 3357 hwaddr l = 4;
3358 hwaddr addr1;
50013115 3359 MemTxResult r;
845b6214 3360 uint8_t dirty_log_mask;
4840f10e 3361 bool release_lock = false;
8df1cd07 3362
41063e1e 3363 rcu_read_lock();
2198a121 3364 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3365 true);
3366 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3367 release_lock |= prepare_mmio_access(mr);
125b3806 3368
50013115 3369 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3370 } else {
e4e69794 3371 addr1 += memory_region_get_ram_addr(mr);
3655cb9c 3372 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
8df1cd07 3373 stl_p(ptr, val);
74576198 3374
845b6214
PB		 3375 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3376 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
58d2707e 3377 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
50013115
PM		 3378 r = MEMTX_OK;
3379 }
3380 if (result) {
3381 *result = r;
8df1cd07 3382 }
4840f10e
JK		 3383 if (release_lock) {
3384 qemu_mutex_unlock_iothread();
3385 }
41063e1e 3386 rcu_read_unlock();
8df1cd07
FB		 3387}
3388
50013115
PM		 3389void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3390{
3391 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3392}
3393
8df1cd07 3394/* warning: addr must be aligned */
50013115
PM		 3395static inline void address_space_stl_internal(AddressSpace *as,
3396 hwaddr addr, uint32_t val,
3397 MemTxAttrs attrs,
3398 MemTxResult *result,
3399 enum device_endian endian)
8df1cd07 3400{
8df1cd07 3401 uint8_t *ptr;
5c8a00ce 3402 MemoryRegion *mr;
149f54b5
PB		 3403 hwaddr l = 4;
3404 hwaddr addr1;
50013115 3405 MemTxResult r;
4840f10e 3406 bool release_lock = false;
8df1cd07 3407
41063e1e 3408 rcu_read_lock();
ab1da857 3409 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3410 true);
3411 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3412 release_lock |= prepare_mmio_access(mr);
125b3806 3413
1e78bcc1
AG		 3414#if defined(TARGET_WORDS_BIGENDIAN)
3415 if (endian == DEVICE_LITTLE_ENDIAN) {
3416 val = bswap32(val);
3417 }
3418#else
3419 if (endian == DEVICE_BIG_ENDIAN) {
3420 val = bswap32(val);
3421 }
3422#endif
50013115 3423 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3424 } else {
8df1cd07 3425 /* RAM case */
e4e69794 3426 addr1 += memory_region_get_ram_addr(mr);
3655cb9c 3427 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3428 switch (endian) {
3429 case DEVICE_LITTLE_ENDIAN:
3430 stl_le_p(ptr, val);
3431 break;
3432 case DEVICE_BIG_ENDIAN:
3433 stl_be_p(ptr, val);
3434 break;
3435 default:
3436 stl_p(ptr, val);
3437 break;
3438 }
845b6214 3439 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3440 r = MEMTX_OK;
3441 }
3442 if (result) {
3443 *result = r;
8df1cd07 3444 }
4840f10e
JK		 3445 if (release_lock) {
3446 qemu_mutex_unlock_iothread();
3447 }
41063e1e 3448 rcu_read_unlock();
8df1cd07
FB		 3449}
3450
50013115
PM		 3451void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3452 MemTxAttrs attrs, MemTxResult *result)
3453{
3454 address_space_stl_internal(as, addr, val, attrs, result,
3455 DEVICE_NATIVE_ENDIAN);
3456}
3457
3458void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3459 MemTxAttrs attrs, MemTxResult *result)
3460{
3461 address_space_stl_internal(as, addr, val, attrs, result,
3462 DEVICE_LITTLE_ENDIAN);
3463}
3464
3465void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3466 MemTxAttrs attrs, MemTxResult *result)
3467{
3468 address_space_stl_internal(as, addr, val, attrs, result,
3469 DEVICE_BIG_ENDIAN);
3470}
3471
ab1da857 3472void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3473{
50013115 3474 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3475}
3476
ab1da857 3477void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3478{
50013115 3479 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3480}
3481
ab1da857 3482void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3483{
50013115 3484 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3485}
3486
aab33094 3487/* XXX: optimize */
50013115
PM		 3488void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3489 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3490{
3491 uint8_t v = val;
50013115
PM		 3492 MemTxResult r;
3493
3494 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3495 if (result) {
3496 *result = r;
3497 }
3498}
3499
3500void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3501{
3502 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3503}
3504
733f0b02 3505/* warning: addr must be aligned */
50013115
PM		 3506static inline void address_space_stw_internal(AddressSpace *as,
3507 hwaddr addr, uint32_t val,
3508 MemTxAttrs attrs,
3509 MemTxResult *result,
3510 enum device_endian endian)
aab33094 3511{
733f0b02 3512 uint8_t *ptr;
5c8a00ce 3513 MemoryRegion *mr;
149f54b5
PB		 3514 hwaddr l = 2;
3515 hwaddr addr1;
50013115 3516 MemTxResult r;
4840f10e 3517 bool release_lock = false;
733f0b02 3518
41063e1e 3519 rcu_read_lock();
5ce5944d 3520 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3521 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3522 release_lock |= prepare_mmio_access(mr);
125b3806 3523
1e78bcc1
AG		 3524#if defined(TARGET_WORDS_BIGENDIAN)
3525 if (endian == DEVICE_LITTLE_ENDIAN) {
3526 val = bswap16(val);
3527 }
3528#else
3529 if (endian == DEVICE_BIG_ENDIAN) {
3530 val = bswap16(val);
3531 }
3532#endif
50013115 3533 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3534 } else {
733f0b02 3535 /* RAM case */
e4e69794 3536 addr1 += memory_region_get_ram_addr(mr);
3655cb9c 3537 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3538 switch (endian) {
3539 case DEVICE_LITTLE_ENDIAN:
3540 stw_le_p(ptr, val);
3541 break;
3542 case DEVICE_BIG_ENDIAN:
3543 stw_be_p(ptr, val);
3544 break;
3545 default:
3546 stw_p(ptr, val);
3547 break;
3548 }
845b6214 3549 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3550 r = MEMTX_OK;
3551 }
3552 if (result) {
3553 *result = r;
733f0b02 3554 }
4840f10e
JK		 3555 if (release_lock) {
3556 qemu_mutex_unlock_iothread();
3557 }
41063e1e 3558 rcu_read_unlock();
aab33094
FB		 3559}
3560
50013115
PM		 3561void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3562 MemTxAttrs attrs, MemTxResult *result)
3563{
3564 address_space_stw_internal(as, addr, val, attrs, result,
3565 DEVICE_NATIVE_ENDIAN);
3566}
3567
3568void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3569 MemTxAttrs attrs, MemTxResult *result)
3570{
3571 address_space_stw_internal(as, addr, val, attrs, result,
3572 DEVICE_LITTLE_ENDIAN);
3573}
3574
3575void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3576 MemTxAttrs attrs, MemTxResult *result)
3577{
3578 address_space_stw_internal(as, addr, val, attrs, result,
3579 DEVICE_BIG_ENDIAN);
3580}
3581
5ce5944d 3582void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3583{
50013115 3584 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3585}
3586
5ce5944d 3587void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3588{
50013115 3589 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3590}
3591
5ce5944d 3592void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3593{
50013115 3594 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3595}
3596
aab33094 3597/* XXX: optimize */
50013115
PM		 3598void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3599 MemTxAttrs attrs, MemTxResult *result)
aab33094 3600{
50013115 3601 MemTxResult r;
aab33094 3602 val = tswap64(val);
50013115
PM		 3603 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3604 if (result) {
3605 *result = r;
3606 }
aab33094
FB		 3607}
3608
50013115
PM		 3609void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3610 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3611{
50013115 3612 MemTxResult r;
1e78bcc1 3613 val = cpu_to_le64(val);
50013115
PM		 3614 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3615 if (result) {
3616 *result = r;
3617 }
3618}
3619void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3620 MemTxAttrs attrs, MemTxResult *result)
3621{
3622 MemTxResult r;
3623 val = cpu_to_be64(val);
3624 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3625 if (result) {
3626 *result = r;
3627 }
3628}
3629
3630void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3631{
3632 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3633}
3634
3635void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3636{
3637 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3638}
3639
f606604f 3640void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3641{
50013115 3642 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3643}
3644
5e2972fd 3645/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3646int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3647 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3648{
3649 int l;
a8170e5e 3650 hwaddr phys_addr;
9b3c35e0 3651 target_ulong page;
13eb76e0
FB		 3652
3653 while (len > 0) {
5232e4c7
PM		 3654 int asidx;
3655 MemTxAttrs attrs;
3656
13eb76e0 3657 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3658 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3659 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3660 /* if no physical page mapped, return an error */
3661 if (phys_addr == -1)
3662 return -1;
3663 l = (page + TARGET_PAGE_SIZE) - addr;
3664 if (l > len)
3665 l = len;
5e2972fd 3666 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3667 if (is_write) {
5232e4c7
PM		 3668 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3669 phys_addr, buf, l);
2e38847b 3670 } else {
5232e4c7
PM		 3671 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3672 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3673 buf, l, 0);
2e38847b 3674 }
13eb76e0
FB		 3675 len -= l;
3676 buf += l;
3677 addr += l;
3678 }
3679 return 0;
3680}
038629a6
DDAG		 3681
3682/*
3683 * Allows code that needs to deal with migration bitmaps etc to still be built
3684 * target independent.
3685 */
3686size_t qemu_target_page_bits(void)
3687{
3688 return TARGET_PAGE_BITS;
3689}
3690
a68fe89c 3691#endif
13eb76e0 3692
8e4a424b
BS		 3693/*
3694 * A helper function for the _utterly broken_ virtio device model to find out if
3695 * it's running on a big endian machine. Don't do this at home kids!
3696 */
98ed8ecf
GK		 3697bool target_words_bigendian(void);
3698bool target_words_bigendian(void)
8e4a424b
BS		 3699{
3700#if defined(TARGET_WORDS_BIGENDIAN)
3701 return true;
3702#else
3703 return false;
3704#endif
3705}
3706
76f35538 3707#ifndef CONFIG_USER_ONLY
a8170e5e 3708bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3709{
5c8a00ce 3710 MemoryRegion*mr;
149f54b5 3711 hwaddr l = 1;
41063e1e 3712 bool res;
76f35538 3713
41063e1e 3714 rcu_read_lock();
5c8a00ce
PB		 3715 mr = address_space_translate(&address_space_memory,
3716 phys_addr, &phys_addr, &l, false);
76f35538 3717
41063e1e
PB		 3718 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3719 rcu_read_unlock();
3720 return res;
76f35538 3721}
bd2fa51f 3722
e3807054 3723int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3724{
3725 RAMBlock *block;
e3807054 3726 int ret = 0;
bd2fa51f 3727
0dc3f44a
MD		 3728 rcu_read_lock();
3729 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3730 ret = func(block->idstr, block->host, block->offset,
3731 block->used_length, opaque);
3732 if (ret) {
3733 break;
3734 }
bd2fa51f 3735 }
0dc3f44a 3736 rcu_read_unlock();
e3807054 3737 return ret;
bd2fa51f 3738}
ec3f8c99 3739#endif
QEMU mirror