]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'quintela/migration-next-20121017' into staging
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
7762c2c1 62#include "memory-internal.h"
67d95c15 63
fd6ce8f6 64//#define DEBUG_TB_INVALIDATE
66e85a21 65//#define DEBUG_FLUSH
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24 69//#define DEBUG_TB_CHECK
fd6ce8f6 70
1196be37 71//#define DEBUG_IOPORT
db7b5426 72//#define DEBUG_SUBPAGE
1196be37 73
99773bd4
PB		 74#if !defined(CONFIG_USER_ONLY)
75/* TB consistency checks only implemented for usermode emulation. */
76#undef DEBUG_TB_CHECK
77#endif
78
9fa3e853
FB		 79#define SMC_BITMAP_USE_THRESHOLD 10
80
bdaf78e0 81static TranslationBlock *tbs;
24ab68ac 82static int code_gen_max_blocks;
9fa3e853 83TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 84static int nb_tbs;
eb51d102 85/* any access to the tbs or the page table must use this lock */
c227f099 86spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 87
4438c8a9 88uint8_t *code_gen_prologue;
bdaf78e0 89static uint8_t *code_gen_buffer;
f1bc0bcc 90static size_t code_gen_buffer_size;
26a5f13b 91/* threshold to flush the translated code buffer */
f1bc0bcc 92static size_t code_gen_buffer_max_size;
24ab68ac 93static uint8_t *code_gen_ptr;
fd6ce8f6 94
e2eef170 95#if !defined(CONFIG_USER_ONLY)
9fa3e853 96int phys_ram_fd;
74576198 97static int in_migration;
94a6b54f 98
85d59fef 99RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 100
101static MemoryRegion *system_memory;
309cb471 102static MemoryRegion *system_io;
62152b8a 103
f6790af6
AK		 104AddressSpace address_space_io;
105AddressSpace address_space_memory;
2673a5da 106
0e0df1e2 107MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 108static MemoryRegion io_mem_subpage_ram;
0e0df1e2 109
e2eef170 110#endif
9fa3e853 111
9349b4f9 112CPUArchState *first_cpu;
6a00d601
FB		 113/* current CPU in the current thread. It is only valid inside
114 cpu_exec() */
9349b4f9 115DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 116/* 0 = Do not count executed instructions.
bf20dc07 117 1 = Precise instruction counting.
2e70f6ef
PB		 118 2 = Adaptive rate instruction counting. */
119int use_icount = 0;
6a00d601 120
54936004 121typedef struct PageDesc {
92e873b9 122 /* list of TBs intersecting this ram page */
fd6ce8f6 123 TranslationBlock *first_tb;
9fa3e853
FB		 124 /* in order to optimize self modifying code, we count the number
125 of lookups we do to a given page to use a bitmap */
126 unsigned int code_write_count;
127 uint8_t *code_bitmap;
128#if defined(CONFIG_USER_ONLY)
129 unsigned long flags;
130#endif
54936004
FB		 131} PageDesc;
132
41c1b1c9 133/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 134 while in user mode we want it to be based on virtual addresses. */
135#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 136#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
137# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
138#else
5cd2c5b6 139# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 140#endif
bedb69ea 141#else
5cd2c5b6 142# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 143#endif
54936004 144
5cd2c5b6
RH		 145/* Size of the L2 (and L3, etc) page tables. */
146#define L2_BITS 10
54936004
FB		 147#define L2_SIZE (1 << L2_BITS)
148
3eef53df
AK		 149#define P_L2_LEVELS \
150 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
151
5cd2c5b6 152/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 153#define V_L1_BITS_REM \
154 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
155
5cd2c5b6
RH		 156#if V_L1_BITS_REM < 4
157#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
158#else
159#define V_L1_BITS V_L1_BITS_REM
160#endif
161
5cd2c5b6
RH		 162#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
163
5cd2c5b6
RH		 164#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
165
c6d50674
SW		 166uintptr_t qemu_real_host_page_size;
167uintptr_t qemu_host_page_size;
168uintptr_t qemu_host_page_mask;
54936004 169
5cd2c5b6
RH		 170/* This is a multi-level map on the virtual address space.
171 The bottom level has pointers to PageDesc. */
172static void *l1_map[V_L1_SIZE];
54936004 173
e2eef170 174#if !defined(CONFIG_USER_ONLY)
4346ae3e 175
5312bd8b
AK		 176static MemoryRegionSection *phys_sections;
177static unsigned phys_sections_nb, phys_sections_nb_alloc;
178static uint16_t phys_section_unassigned;
aa102231
AK		 179static uint16_t phys_section_notdirty;
180static uint16_t phys_section_rom;
181static uint16_t phys_section_watch;
5312bd8b 182
d6f2ea22
AK		 183/* Simple allocator for PhysPageEntry nodes */
184static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
185static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
186
07f07b31 187#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 188
e2eef170 189static void io_mem_init(void);
62152b8a 190static void memory_map_init(void);
e2eef170 191
1ec9b909 192static MemoryRegion io_mem_watch;
6658ffb8 193#endif
33417e70 194
e3db7226 195/* statistics */
e3db7226
FB		 196static int tb_flush_count;
197static int tb_phys_invalidate_count;
198
7cb69cae 199#ifdef _WIN32
4438c8a9 200static inline void map_exec(void *addr, long size)
7cb69cae
FB		 201{
202 DWORD old_protect;
203 VirtualProtect(addr, size,
204 PAGE_EXECUTE_READWRITE, &old_protect);
205
206}
207#else
4438c8a9 208static inline void map_exec(void *addr, long size)
7cb69cae 209{
4369415f 210 unsigned long start, end, page_size;
7cb69cae 211
4369415f 212 page_size = getpagesize();
7cb69cae 213 start = (unsigned long)addr;
4369415f 214 start &= ~(page_size - 1);
7cb69cae
FB		 215
216 end = (unsigned long)addr + size;
4369415f
FB		 217 end += page_size - 1;
218 end &= ~(page_size - 1);
7cb69cae
FB		 219
220 mprotect((void *)start, end - start,
221 PROT_READ | PROT_WRITE | PROT_EXEC);
222}
223#endif
224
b346ff46 225static void page_init(void)
54936004 226{
83fb7adf 227 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 228 TARGET_PAGE_SIZE */
c2b48b69
AL		 229#ifdef _WIN32
230 {
231 SYSTEM_INFO system_info;
232
233 GetSystemInfo(&system_info);
234 qemu_real_host_page_size = system_info.dwPageSize;
235 }
236#else
237 qemu_real_host_page_size = getpagesize();
238#endif
83fb7adf
FB		 239 if (qemu_host_page_size == 0)
240 qemu_host_page_size = qemu_real_host_page_size;
241 if (qemu_host_page_size < TARGET_PAGE_SIZE)
242 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 243 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 244
2e9a5713 245#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 246 {
f01576f1
JL		 247#ifdef HAVE_KINFO_GETVMMAP
248 struct kinfo_vmentry *freep;
249 int i, cnt;
250
251 freep = kinfo_getvmmap(getpid(), &cnt);
252 if (freep) {
253 mmap_lock();
254 for (i = 0; i < cnt; i++) {
255 unsigned long startaddr, endaddr;
256
257 startaddr = freep[i].kve_start;
258 endaddr = freep[i].kve_end;
259 if (h2g_valid(startaddr)) {
260 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
261
262 if (h2g_valid(endaddr)) {
263 endaddr = h2g(endaddr);
fd436907 264 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 265 } else {
266#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
267 endaddr = ~0ul;
fd436907 268 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 269#endif
270 }
271 }
272 }
273 free(freep);
274 mmap_unlock();
275 }
276#else
50a9569b 277 FILE *f;
50a9569b 278
0776590d 279 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 280
fd436907 281 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 282 if (f) {
5cd2c5b6
RH		 283 mmap_lock();
284
50a9569b 285 do {
5cd2c5b6
RH		 286 unsigned long startaddr, endaddr;
287 int n;
288
289 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
290
291 if (n == 2 && h2g_valid(startaddr)) {
292 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
293
294 if (h2g_valid(endaddr)) {
295 endaddr = h2g(endaddr);
296 } else {
297 endaddr = ~0ul;
298 }
299 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 300 }
301 } while (!feof(f));
5cd2c5b6 302
50a9569b 303 fclose(f);
5cd2c5b6 304 mmap_unlock();
50a9569b 305 }
f01576f1 306#endif
50a9569b
AZ		 307 }
308#endif
54936004
FB		 309}
310
41c1b1c9 311static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 312{
41c1b1c9
PB		 313 PageDesc *pd;
314 void **lp;
315 int i;
316
5cd2c5b6 317#if defined(CONFIG_USER_ONLY)
7267c094 318 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 319# define ALLOC(P, SIZE) \
320 do { \
321 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
322 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 323 } while (0)
324#else
325# define ALLOC(P, SIZE) \
7267c094 326 do { P = g_malloc0(SIZE); } while (0)
17e2377a 327#endif
434929bf 328
5cd2c5b6
RH		 329 /* Level 1. Always allocated. */
330 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
331
332 /* Level 2..N-1. */
333 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
334 void **p = *lp;
335
336 if (p == NULL) {
337 if (!alloc) {
338 return NULL;
339 }
340 ALLOC(p, sizeof(void *) * L2_SIZE);
341 *lp = p;
17e2377a 342 }
5cd2c5b6
RH		 343
344 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
345 }
346
347 pd = *lp;
348 if (pd == NULL) {
349 if (!alloc) {
350 return NULL;
351 }
352 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
353 *lp = pd;
54936004 354 }
5cd2c5b6
RH		 355
356#undef ALLOC
5cd2c5b6
RH		 357
358 return pd + (index & (L2_SIZE - 1));
54936004
FB		 359}
360
41c1b1c9 361static inline PageDesc *page_find(tb_page_addr_t index)
54936004 362{
5cd2c5b6 363 return page_find_alloc(index, 0);
fd6ce8f6
FB		 364}
365
6d9a1304 366#if !defined(CONFIG_USER_ONLY)
d6f2ea22 367
f7bf5461 368static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 369{
f7bf5461 370 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 371 typedef PhysPageEntry Node[L2_SIZE];
372 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 373 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
374 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 375 phys_map_nodes = g_renew(Node, phys_map_nodes,
376 phys_map_nodes_nb_alloc);
377 }
f7bf5461
AK		 378}
379
380static uint16_t phys_map_node_alloc(void)
381{
382 unsigned i;
383 uint16_t ret;
384
385 ret = phys_map_nodes_nb++;
386 assert(ret != PHYS_MAP_NODE_NIL);
387 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 388 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 389 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 390 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 391 }
f7bf5461 392 return ret;
d6f2ea22
AK		 393}
394
395static void phys_map_nodes_reset(void)
396{
397 phys_map_nodes_nb = 0;
398}
399
92e873b9 400
2999097b
AK		 401static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
402 target_phys_addr_t *nb, uint16_t leaf,
403 int level)
f7bf5461
AK		 404{
405 PhysPageEntry *p;
406 int i;
07f07b31 407 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 408
07f07b31 409 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 410 lp->ptr = phys_map_node_alloc();
411 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 412 if (level == 0) {
413 for (i = 0; i < L2_SIZE; i++) {
07f07b31 414 p[i].is_leaf = 1;
c19e8800 415 p[i].ptr = phys_section_unassigned;
4346ae3e 416 }
67c4d23c 417 }
f7bf5461 418 } else {
c19e8800 419 p = phys_map_nodes[lp->ptr];
92e873b9 420 }
2999097b 421 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 422
2999097b 423 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 424 if ((*index & (step - 1)) == 0 && *nb >= step) {
425 lp->is_leaf = true;
c19e8800 426 lp->ptr = leaf;
07f07b31
AK		 427 *index += step;
428 *nb -= step;
2999097b
AK		 429 } else {
430 phys_page_set_level(lp, index, nb, leaf, level - 1);
431 }
432 ++lp;
f7bf5461
AK		 433 }
434}
435
ac1970fb
AK		 436static void phys_page_set(AddressSpaceDispatch *d,
437 target_phys_addr_t index, target_phys_addr_t nb,
2999097b 438 uint16_t leaf)
f7bf5461 439{
2999097b 440 /* Wildly overreserve - it doesn't matter much. */
07f07b31 441 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 442
ac1970fb 443 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 444}
445
ac1970fb 446MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, target_phys_addr_t index)
92e873b9 447{
ac1970fb 448 PhysPageEntry lp = d->phys_map;
31ab2b4a
AK		 449 PhysPageEntry *p;
450 int i;
31ab2b4a 451 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 452
07f07b31 453 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 454 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 455 goto not_found;
456 }
c19e8800 457 p = phys_map_nodes[lp.ptr];
31ab2b4a 458 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 459 }
31ab2b4a 460
c19e8800 461 s_index = lp.ptr;
31ab2b4a 462not_found:
f3705d53
AK		 463 return &phys_sections[s_index];
464}
465
e5548617
BS		 466bool memory_region_is_unassigned(MemoryRegion *mr)
467{
468 return mr != &io_mem_ram && mr != &io_mem_rom
469 && mr != &io_mem_notdirty && !mr->rom_device
470 && mr != &io_mem_watch;
471}
472
c8a706fe
PB		 473#define mmap_lock() do { } while(0)
474#define mmap_unlock() do { } while(0)
9fa3e853 475#endif
fd6ce8f6 476
4369415f 477#if defined(CONFIG_USER_ONLY)
ccbb4d44 478/* Currently it is not recommended to allocate big chunks of data in
f1bc0bcc
RH		 479 user mode. It will change when a dedicated libc will be used. */
480/* ??? 64-bit hosts ought to have no problem mmaping data outside the
481 region in which the guest needs to run. Revisit this. */
4369415f
FB		 482#define USE_STATIC_CODE_GEN_BUFFER
483#endif
484
f1bc0bcc
RH		 485/* ??? Should configure for this, not list operating systems here. */
486#if (defined(__linux__) \
487 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
488 || defined(__DragonFly__) || defined(__OpenBSD__) \
489 || defined(__NetBSD__))
490# define USE_MMAP
4369415f
FB		 491#endif
492
74d590c8
RH		 493/* Minimum size of the code gen buffer. This number is randomly chosen,
494 but not so small that we can't have a fair number of TB's live. */
495#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
496
f1bc0bcc
RH		 497/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
498 indicated, this is constrained by the range of direct branches on the
499 host cpu, as used by the TCG implementation of goto_tb. */
500#if defined(__x86_64__)
501# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
502#elif defined(__sparc__)
503# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504#elif defined(__arm__)
505# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
506#elif defined(__s390x__)
507 /* We have a +- 4GB range on the branches; leave some slop. */
508# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
509#else
510# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
511#endif
512
3d85a72f
RH		 513#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
514
515#define DEFAULT_CODE_GEN_BUFFER_SIZE \
516 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
517 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
f1bc0bcc
RH		 518
519static inline size_t size_code_gen_buffer(size_t tb_size)
26a5f13b 520{
f1bc0bcc
RH		 521 /* Size the buffer. */
522 if (tb_size == 0) {
4369415f 523#ifdef USE_STATIC_CODE_GEN_BUFFER
f1bc0bcc 524 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
4369415f 525#else
f1bc0bcc
RH		 526 /* ??? Needs adjustments. */
527 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
528 static buffer, we could size this on RESERVED_VA, on the text
529 segment size of the executable, or continue to use the default. */
530 tb_size = (unsigned long)(ram_size / 4);
4369415f 531#endif
26a5f13b 532 }
f1bc0bcc
RH		 533 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
534 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
26a5f13b 535 }
f1bc0bcc
RH		 536 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
537 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
06e67a82 538 }
f1bc0bcc
RH		 539 code_gen_buffer_size = tb_size;
540 return tb_size;
541}
542
543#ifdef USE_STATIC_CODE_GEN_BUFFER
544static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
545 __attribute__((aligned(CODE_GEN_ALIGN)));
546
547static inline void *alloc_code_gen_buffer(void)
548{
549 map_exec(static_code_gen_buffer, code_gen_buffer_size);
550 return static_code_gen_buffer;
551}
552#elif defined(USE_MMAP)
553static inline void *alloc_code_gen_buffer(void)
554{
555 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
556 uintptr_t start = 0;
557 void *buf;
558
559 /* Constrain the position of the buffer based on the host cpu.
560 Note that these addresses are chosen in concert with the
561 addresses assigned in the relevant linker script file. */
405def18
RH		 562# if defined(__PIE__) || defined(__PIC__)
563 /* Don't bother setting a preferred location if we're building
564 a position-independent executable. We're more likely to get
565 an address near the main executable if we let the kernel
566 choose the address. */
567# elif defined(__x86_64__) && defined(MAP_32BIT)
f1bc0bcc
RH		 568 /* Force the memory down into low memory with the executable.
569 Leave the choice of exact location with the kernel. */
570 flags |= MAP_32BIT;
571 /* Cannot expect to map more than 800MB in low memory. */
572 if (code_gen_buffer_size > 800u * 1024 * 1024) {
573 code_gen_buffer_size = 800u * 1024 * 1024;
574 }
575# elif defined(__sparc__)
576 start = 0x40000000ul;
577# elif defined(__s390x__)
578 start = 0x90000000ul;
579# endif
580
581 buf = mmap((void *)start, code_gen_buffer_size,
582 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
583 return buf == MAP_FAILED ? NULL : buf;
584}
26a5f13b 585#else
f1bc0bcc
RH		 586static inline void *alloc_code_gen_buffer(void)
587{
588 void *buf = g_malloc(code_gen_buffer_size);
589 if (buf) {
590 map_exec(buf, code_gen_buffer_size);
591 }
592 return buf;
593}
594#endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
595
596static inline void code_gen_alloc(size_t tb_size)
597{
598 code_gen_buffer_size = size_code_gen_buffer(tb_size);
599 code_gen_buffer = alloc_code_gen_buffer();
600 if (code_gen_buffer == NULL) {
601 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
602 exit(1);
603 }
604
4438c8a9
RH		 605 /* Steal room for the prologue at the end of the buffer. This ensures
606 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
607 from TB's to the prologue are going to be in range. It also means
608 that we don't need to mark (additional) portions of the data segment
609 as executable. */
610 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
611 code_gen_buffer_size -= 1024;
612
a884da8a
PM		 613 code_gen_buffer_max_size = code_gen_buffer_size -
614 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 615 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 616 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 617}
618
619/* Must be called before using the QEMU cpus. 'tb_size' is the size
620 (in bytes) allocated to the translation buffer. Zero means default
621 size. */
d5ab9713 622void tcg_exec_init(unsigned long tb_size)
26a5f13b 623{
26a5f13b
FB		 624 cpu_gen_init();
625 code_gen_alloc(tb_size);
626 code_gen_ptr = code_gen_buffer;
813da627 627 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 628 page_init();
9002ec79
RH		 629#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
630 /* There's no guest base to take into account, so go ahead and
631 initialize the prologue now. */
632 tcg_prologue_init(&tcg_ctx);
633#endif
26a5f13b
FB		 634}
635
d5ab9713
JK		 636bool tcg_enabled(void)
637{
638 return code_gen_buffer != NULL;
639}
640
641void cpu_exec_init_all(void)
642{
643#if !defined(CONFIG_USER_ONLY)
644 memory_map_init();
645 io_mem_init();
646#endif
647}
648
9656f324
PB		 649#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
650
e59fb374 651static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 652{
9349b4f9 653 CPUArchState *env = opaque;
9656f324 654
3098dba0
AJ		 655 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
656 version_id is increased. */
657 env->interrupt_request &= ~0x01;
9656f324
PB		 658 tlb_flush(env, 1);
659
660 return 0;
661}
e7f4eff7
JQ		 662
663static const VMStateDescription vmstate_cpu_common = {
664 .name = "cpu_common",
665 .version_id = 1,
666 .minimum_version_id = 1,
667 .minimum_version_id_old = 1,
e7f4eff7
JQ		 668 .post_load = cpu_common_post_load,
669 .fields = (VMStateField []) {
9349b4f9
AF		 670 VMSTATE_UINT32(halted, CPUArchState),
671 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 672 VMSTATE_END_OF_LIST()
673 }
674};
9656f324
PB		 675#endif
676
9349b4f9 677CPUArchState *qemu_get_cpu(int cpu)
950f1472 678{
9349b4f9 679 CPUArchState *env = first_cpu;
950f1472
GC		 680
681 while (env) {
682 if (env->cpu_index == cpu)
683 break;
684 env = env->next_cpu;
685 }
686
687 return env;
688}
689
9349b4f9 690void cpu_exec_init(CPUArchState *env)
fd6ce8f6 691{
9349b4f9 692 CPUArchState **penv;
6a00d601
FB		 693 int cpu_index;
694
c2764719
PB		 695#if defined(CONFIG_USER_ONLY)
696 cpu_list_lock();
697#endif
6a00d601
FB		 698 env->next_cpu = NULL;
699 penv = &first_cpu;
700 cpu_index = 0;
701 while (*penv != NULL) {
1e9fa730 702 penv = &(*penv)->next_cpu;
6a00d601
FB		 703 cpu_index++;
704 }
705 env->cpu_index = cpu_index;
268a362c 706 env->numa_node = 0;
72cf2d4f
BS		 707 QTAILQ_INIT(&env->breakpoints);
708 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 709#ifndef CONFIG_USER_ONLY
710 env->thread_id = qemu_get_thread_id();
711#endif
6a00d601 712 *penv = env;
c2764719
PB		 713#if defined(CONFIG_USER_ONLY)
714 cpu_list_unlock();
715#endif
b3c7724c 716#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 717 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
718 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 719 cpu_save, cpu_load, env);
720#endif
fd6ce8f6
FB		 721}
722
d1a1eb74
TG		 723/* Allocate a new translation block. Flush the translation buffer if
724 too many translation blocks or too much generated code. */
725static TranslationBlock *tb_alloc(target_ulong pc)
726{
727 TranslationBlock *tb;
728
729 if (nb_tbs >= code_gen_max_blocks ||
730 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
731 return NULL;
732 tb = &tbs[nb_tbs++];
733 tb->pc = pc;
734 tb->cflags = 0;
735 return tb;
736}
737
738void tb_free(TranslationBlock *tb)
739{
740 /* In practice this is mostly used for single use temporary TB
741 Ignore the hard cases and just back up if this TB happens to
742 be the last one generated. */
743 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
744 code_gen_ptr = tb->tc_ptr;
745 nb_tbs--;
746 }
747}
748
9fa3e853
FB		 749static inline void invalidate_page_bitmap(PageDesc *p)
750{
751 if (p->code_bitmap) {
7267c094 752 g_free(p->code_bitmap);
9fa3e853
FB		 753 p->code_bitmap = NULL;
754 }
755 p->code_write_count = 0;
756}
757
5cd2c5b6
RH		 758/* Set to NULL all the 'first_tb' fields in all PageDescs. */
759
760static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 761{
5cd2c5b6 762 int i;
fd6ce8f6 763
5cd2c5b6
RH		 764 if (*lp == NULL) {
765 return;
766 }
767 if (level == 0) {
768 PageDesc *pd = *lp;
7296abac 769 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 770 pd[i].first_tb = NULL;
771 invalidate_page_bitmap(pd + i);
fd6ce8f6 772 }
5cd2c5b6
RH		 773 } else {
774 void **pp = *lp;
7296abac 775 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 776 page_flush_tb_1 (level - 1, pp + i);
777 }
778 }
779}
780
781static void page_flush_tb(void)
782{
783 int i;
784 for (i = 0; i < V_L1_SIZE; i++) {
785 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 786 }
787}
788
789/* flush all the translation blocks */
d4e8164f 790/* XXX: tb_flush is currently not thread safe */
9349b4f9 791void tb_flush(CPUArchState *env1)
fd6ce8f6 792{
9349b4f9 793 CPUArchState *env;
0124311e 794#if defined(DEBUG_FLUSH)
ab3d1727
BS		 795 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
796 (unsigned long)(code_gen_ptr - code_gen_buffer),
797 nb_tbs, nb_tbs > 0 ?
798 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 799#endif
26a5f13b 800 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 801 cpu_abort(env1, "Internal error: code buffer overflow\n");
802
fd6ce8f6 803 nb_tbs = 0;
3b46e624 804
6a00d601
FB		 805 for(env = first_cpu; env != NULL; env = env->next_cpu) {
806 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
807 }
9fa3e853 808
8a8a608f 809 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 810 page_flush_tb();
9fa3e853 811
fd6ce8f6 812 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 813 /* XXX: flush processor icache at this point if cache flush is
814 expensive */
e3db7226 815 tb_flush_count++;
fd6ce8f6
FB		 816}
817
818#ifdef DEBUG_TB_CHECK
819
bc98a7ef 820static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 821{
822 TranslationBlock *tb;
823 int i;
824 address &= TARGET_PAGE_MASK;
99773bd4
PB		 825 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
826 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 827 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
828 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 829 printf("ERROR invalidate: address=" TARGET_FMT_lx
830 " PC=%08lx size=%04x\n",
99773bd4 831 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 832 }
833 }
834 }
835}
836
837/* verify that all the pages have correct rights for code */
838static void tb_page_check(void)
839{
840 TranslationBlock *tb;
841 int i, flags1, flags2;
3b46e624 842
99773bd4
PB		 843 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
844 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 845 flags1 = page_get_flags(tb->pc);
846 flags2 = page_get_flags(tb->pc + tb->size - 1);
847 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
848 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 849 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 850 }
851 }
852 }
853}
854
855#endif
856
857/* invalidate one TB */
858static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
859 int next_offset)
860{
861 TranslationBlock *tb1;
862 for(;;) {
863 tb1 = *ptb;
864 if (tb1 == tb) {
865 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
866 break;
867 }
868 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
869 }
870}
871
9fa3e853
FB		 872static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
873{
874 TranslationBlock *tb1;
875 unsigned int n1;
876
877 for(;;) {
878 tb1 = *ptb;
8efe0ca8
SW		 879 n1 = (uintptr_t)tb1 & 3;
880 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 881 if (tb1 == tb) {
882 *ptb = tb1->page_next[n1];
883 break;
884 }
885 ptb = &tb1->page_next[n1];
886 }
887}
888
d4e8164f
FB		 889static inline void tb_jmp_remove(TranslationBlock *tb, int n)
890{
891 TranslationBlock *tb1, **ptb;
892 unsigned int n1;
893
894 ptb = &tb->jmp_next[n];
895 tb1 = *ptb;
896 if (tb1) {
897 /* find tb(n) in circular list */
898 for(;;) {
899 tb1 = *ptb;
8efe0ca8
SW		 900 n1 = (uintptr_t)tb1 & 3;
901 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 902 if (n1 == n && tb1 == tb)
903 break;
904 if (n1 == 2) {
905 ptb = &tb1->jmp_first;
906 } else {
907 ptb = &tb1->jmp_next[n1];
908 }
909 }
910 /* now we can suppress tb(n) from the list */
911 *ptb = tb->jmp_next[n];
912
913 tb->jmp_next[n] = NULL;
914 }
915}
916
917/* reset the jump entry 'n' of a TB so that it is not chained to
918 another TB */
919static inline void tb_reset_jump(TranslationBlock *tb, int n)
920{
8efe0ca8 921 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 922}
923
41c1b1c9 924void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 925{
9349b4f9 926 CPUArchState *env;
8a40a180 927 PageDesc *p;
d4e8164f 928 unsigned int h, n1;
41c1b1c9 929 tb_page_addr_t phys_pc;
8a40a180 930 TranslationBlock *tb1, *tb2;
3b46e624 931
8a40a180
FB		 932 /* remove the TB from the hash list */
933 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
934 h = tb_phys_hash_func(phys_pc);
5fafdf24 935 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 936 offsetof(TranslationBlock, phys_hash_next));
937
938 /* remove the TB from the page list */
939 if (tb->page_addr[0] != page_addr) {
940 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
941 tb_page_remove(&p->first_tb, tb);
942 invalidate_page_bitmap(p);
943 }
944 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
945 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
946 tb_page_remove(&p->first_tb, tb);
947 invalidate_page_bitmap(p);
948 }
949
36bdbe54 950 tb_invalidated_flag = 1;
59817ccb 951
fd6ce8f6 952 /* remove the TB from the hash list */
8a40a180 953 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 954 for(env = first_cpu; env != NULL; env = env->next_cpu) {
955 if (env->tb_jmp_cache[h] == tb)
956 env->tb_jmp_cache[h] = NULL;
957 }
d4e8164f
FB		 958
959 /* suppress this TB from the two jump lists */
960 tb_jmp_remove(tb, 0);
961 tb_jmp_remove(tb, 1);
962
963 /* suppress any remaining jumps to this TB */
964 tb1 = tb->jmp_first;
965 for(;;) {
8efe0ca8 966 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 967 if (n1 == 2)
968 break;
8efe0ca8 969 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 970 tb2 = tb1->jmp_next[n1];
971 tb_reset_jump(tb1, n1);
972 tb1->jmp_next[n1] = NULL;
973 tb1 = tb2;
974 }
8efe0ca8 975 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 976
e3db7226 977 tb_phys_invalidate_count++;
9fa3e853
FB		 978}
979
980static inline void set_bits(uint8_t *tab, int start, int len)
981{
982 int end, mask, end1;
983
984 end = start + len;
985 tab += start >> 3;
986 mask = 0xff << (start & 7);
987 if ((start & ~7) == (end & ~7)) {
988 if (start < end) {
989 mask &= ~(0xff << (end & 7));
990 *tab |= mask;
991 }
992 } else {
993 *tab++ |= mask;
994 start = (start + 8) & ~7;
995 end1 = end & ~7;
996 while (start < end1) {
997 *tab++ = 0xff;
998 start += 8;
999 }
1000 if (start < end) {
1001 mask = ~(0xff << (end & 7));
1002 *tab |= mask;
1003 }
1004 }
1005}
1006
1007static void build_page_bitmap(PageDesc *p)
1008{
1009 int n, tb_start, tb_end;
1010 TranslationBlock *tb;
3b46e624 1011
7267c094 1012 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1013
1014 tb = p->first_tb;
1015 while (tb != NULL) {
8efe0ca8
SW		 1016 n = (uintptr_t)tb & 3;
1017 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1018 /* NOTE: this is subtle as a TB may span two physical pages */
1019 if (n == 0) {
1020 /* NOTE: tb_end may be after the end of the page, but
1021 it is not a problem */
1022 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1023 tb_end = tb_start + tb->size;
1024 if (tb_end > TARGET_PAGE_SIZE)
1025 tb_end = TARGET_PAGE_SIZE;
1026 } else {
1027 tb_start = 0;
1028 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1029 }
1030 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1031 tb = tb->page_next[n];
1032 }
1033}
1034
9349b4f9 1035TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1036 target_ulong pc, target_ulong cs_base,
1037 int flags, int cflags)
d720b93d
FB		 1038{
1039 TranslationBlock *tb;
1040 uint8_t *tc_ptr;
41c1b1c9
PB		 1041 tb_page_addr_t phys_pc, phys_page2;
1042 target_ulong virt_page2;
d720b93d
FB		 1043 int code_gen_size;
1044
41c1b1c9 1045 phys_pc = get_page_addr_code(env, pc);
c27004ec 1046 tb = tb_alloc(pc);
d720b93d
FB		 1047 if (!tb) {
1048 /* flush must be done */
1049 tb_flush(env);
1050 /* cannot fail at this point */
c27004ec 1051 tb = tb_alloc(pc);
2e70f6ef
PB		 1052 /* Don't forget to invalidate previous TB info. */
1053 tb_invalidated_flag = 1;
d720b93d
FB		 1054 }
1055 tc_ptr = code_gen_ptr;
1056 tb->tc_ptr = tc_ptr;
1057 tb->cs_base = cs_base;
1058 tb->flags = flags;
1059 tb->cflags = cflags;
d07bde88 1060 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1061 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1062 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1063
d720b93d 1064 /* check next page if needed */
c27004ec 1065 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1066 phys_page2 = -1;
c27004ec 1067 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1068 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1069 }
41c1b1c9 1070 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1071 return tb;
d720b93d 1072}
3b46e624 1073
77a8f1a5 1074/*
8e0fdce3
JK		 1075 * Invalidate all TBs which intersect with the target physical address range
1076 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1077 * 'is_cpu_write_access' should be true if called from a real cpu write
1078 * access: the virtual CPU will exit the current TB if code is modified inside
1079 * this TB.
77a8f1a5
AG		 1080 */
1081void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1082 int is_cpu_write_access)
1083{
1084 while (start < end) {
1085 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1086 start &= TARGET_PAGE_MASK;
1087 start += TARGET_PAGE_SIZE;
1088 }
1089}
1090
8e0fdce3
JK		 1091/*
1092 * Invalidate all TBs which intersect with the target physical address range
1093 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1094 * 'is_cpu_write_access' should be true if called from a real cpu write
1095 * access: the virtual CPU will exit the current TB if code is modified inside
1096 * this TB.
1097 */
41c1b1c9 1098void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1099 int is_cpu_write_access)
1100{
6b917547 1101 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1102 CPUArchState *env = cpu_single_env;
41c1b1c9 1103 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1104 PageDesc *p;
1105 int n;
1106#ifdef TARGET_HAS_PRECISE_SMC
1107 int current_tb_not_found = is_cpu_write_access;
1108 TranslationBlock *current_tb = NULL;
1109 int current_tb_modified = 0;
1110 target_ulong current_pc = 0;
1111 target_ulong current_cs_base = 0;
1112 int current_flags = 0;
1113#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1114
1115 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1116 if (!p)
9fa3e853 1117 return;
5fafdf24 1118 if (!p->code_bitmap &&
d720b93d
FB		 1119 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1120 is_cpu_write_access) {
9fa3e853
FB		 1121 /* build code bitmap */
1122 build_page_bitmap(p);
1123 }
1124
1125 /* we remove all the TBs in the range [start, end[ */
1126 /* XXX: see if in some cases it could be faster to invalidate all the code */
1127 tb = p->first_tb;
1128 while (tb != NULL) {
8efe0ca8
SW		 1129 n = (uintptr_t)tb & 3;
1130 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1131 tb_next = tb->page_next[n];
1132 /* NOTE: this is subtle as a TB may span two physical pages */
1133 if (n == 0) {
1134 /* NOTE: tb_end may be after the end of the page, but
1135 it is not a problem */
1136 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1137 tb_end = tb_start + tb->size;
1138 } else {
1139 tb_start = tb->page_addr[1];
1140 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1141 }
1142 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1143#ifdef TARGET_HAS_PRECISE_SMC
1144 if (current_tb_not_found) {
1145 current_tb_not_found = 0;
1146 current_tb = NULL;
2e70f6ef 1147 if (env->mem_io_pc) {
d720b93d 1148 /* now we have a real cpu fault */
2e70f6ef 1149 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1150 }
1151 }
1152 if (current_tb == tb &&
2e70f6ef 1153 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1154 /* If we are modifying the current TB, we must stop
1155 its execution. We could be more precise by checking
1156 that the modification is after the current PC, but it
1157 would require a specialized function to partially
1158 restore the CPU state */
3b46e624 1159
d720b93d 1160 current_tb_modified = 1;
618ba8e6 1161 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1162 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1163 &current_flags);
d720b93d
FB		 1164 }
1165#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1166 /* we need to do that to handle the case where a signal
1167 occurs while doing tb_phys_invalidate() */
1168 saved_tb = NULL;
1169 if (env) {
1170 saved_tb = env->current_tb;
1171 env->current_tb = NULL;
1172 }
9fa3e853 1173 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1174 if (env) {
1175 env->current_tb = saved_tb;
1176 if (env->interrupt_request && env->current_tb)
1177 cpu_interrupt(env, env->interrupt_request);
1178 }
9fa3e853
FB		 1179 }
1180 tb = tb_next;
1181 }
1182#if !defined(CONFIG_USER_ONLY)
1183 /* if no code remaining, no need to continue to use slow writes */
1184 if (!p->first_tb) {
1185 invalidate_page_bitmap(p);
d720b93d 1186 if (is_cpu_write_access) {
2e70f6ef 1187 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1188 }
1189 }
1190#endif
1191#ifdef TARGET_HAS_PRECISE_SMC
1192 if (current_tb_modified) {
1193 /* we generate a block containing just the instruction
1194 modifying the memory. It will ensure that it cannot modify
1195 itself */
ea1c1802 1196 env->current_tb = NULL;
2e70f6ef 1197 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1198 cpu_resume_from_signal(env, NULL);
9fa3e853 1199 }
fd6ce8f6 1200#endif
9fa3e853 1201}
fd6ce8f6 1202
9fa3e853 1203/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1204static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1205{
1206 PageDesc *p;
1207 int offset, b;
59817ccb 1208#if 0
a4193c8a 1209 if (1) {
93fcfe39
AL		 1210 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1211 cpu_single_env->mem_io_vaddr, len,
1212 cpu_single_env->eip,
8efe0ca8
SW		 1213 cpu_single_env->eip +
1214 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1215 }
1216#endif
9fa3e853 1217 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1218 if (!p)
9fa3e853
FB		 1219 return;
1220 if (p->code_bitmap) {
1221 offset = start & ~TARGET_PAGE_MASK;
1222 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1223 if (b & ((1 << len) - 1))
1224 goto do_invalidate;
1225 } else {
1226 do_invalidate:
d720b93d 1227 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1228 }
1229}
1230
9fa3e853 1231#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1232static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1233 uintptr_t pc, void *puc)
9fa3e853 1234{
6b917547 1235 TranslationBlock *tb;
9fa3e853 1236 PageDesc *p;
6b917547 1237 int n;
d720b93d 1238#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1239 TranslationBlock *current_tb = NULL;
9349b4f9 1240 CPUArchState *env = cpu_single_env;
6b917547
AL		 1241 int current_tb_modified = 0;
1242 target_ulong current_pc = 0;
1243 target_ulong current_cs_base = 0;
1244 int current_flags = 0;
d720b93d 1245#endif
9fa3e853
FB		 1246
1247 addr &= TARGET_PAGE_MASK;
1248 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1249 if (!p)
9fa3e853
FB		 1250 return;
1251 tb = p->first_tb;
d720b93d
FB		 1252#ifdef TARGET_HAS_PRECISE_SMC
1253 if (tb && pc != 0) {
1254 current_tb = tb_find_pc(pc);
1255 }
1256#endif
9fa3e853 1257 while (tb != NULL) {
8efe0ca8
SW		 1258 n = (uintptr_t)tb & 3;
1259 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1260#ifdef TARGET_HAS_PRECISE_SMC
1261 if (current_tb == tb &&
2e70f6ef 1262 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1263 /* If we are modifying the current TB, we must stop
1264 its execution. We could be more precise by checking
1265 that the modification is after the current PC, but it
1266 would require a specialized function to partially
1267 restore the CPU state */
3b46e624 1268
d720b93d 1269 current_tb_modified = 1;
618ba8e6 1270 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1271 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1272 &current_flags);
d720b93d
FB		 1273 }
1274#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1275 tb_phys_invalidate(tb, addr);
1276 tb = tb->page_next[n];
1277 }
fd6ce8f6 1278 p->first_tb = NULL;
d720b93d
FB		 1279#ifdef TARGET_HAS_PRECISE_SMC
1280 if (current_tb_modified) {
1281 /* we generate a block containing just the instruction
1282 modifying the memory. It will ensure that it cannot modify
1283 itself */
ea1c1802 1284 env->current_tb = NULL;
2e70f6ef 1285 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1286 cpu_resume_from_signal(env, puc);
1287 }
1288#endif
fd6ce8f6 1289}
9fa3e853 1290#endif
fd6ce8f6
FB		 1291
1292/* add the tb in the target page and protect it if necessary */
5fafdf24 1293static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1294 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1295{
1296 PageDesc *p;
4429ab44
JQ		 1297#ifndef CONFIG_USER_ONLY
1298 bool page_already_protected;
1299#endif
9fa3e853
FB		 1300
1301 tb->page_addr[n] = page_addr;
5cd2c5b6 1302 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1303 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1304#ifndef CONFIG_USER_ONLY
1305 page_already_protected = p->first_tb != NULL;
1306#endif
8efe0ca8 1307 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1308 invalidate_page_bitmap(p);
fd6ce8f6 1309
107db443 1310#if defined(TARGET_HAS_SMC) || 1
d720b93d 1311
9fa3e853 1312#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1313 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1314 target_ulong addr;
1315 PageDesc *p2;
9fa3e853
FB		 1316 int prot;
1317
fd6ce8f6
FB		 1318 /* force the host page as non writable (writes will have a
1319 page fault + mprotect overhead) */
53a5960a 1320 page_addr &= qemu_host_page_mask;
fd6ce8f6 1321 prot = 0;
53a5960a
PB		 1322 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1323 addr += TARGET_PAGE_SIZE) {
1324
1325 p2 = page_find (addr >> TARGET_PAGE_BITS);
1326 if (!p2)
1327 continue;
1328 prot |= p2->flags;
1329 p2->flags &= ~PAGE_WRITE;
53a5960a 1330 }
5fafdf24 1331 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1332 (prot & PAGE_BITS) & ~PAGE_WRITE);
1333#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1334 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1335 page_addr);
fd6ce8f6 1336#endif
fd6ce8f6 1337 }
9fa3e853
FB		 1338#else
1339 /* if some code is already present, then the pages are already
1340 protected. So we handle the case where only the first TB is
1341 allocated in a physical page */
4429ab44 1342 if (!page_already_protected) {
6a00d601 1343 tlb_protect_code(page_addr);
9fa3e853
FB		 1344 }
1345#endif
d720b93d
FB		 1346
1347#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1348}
1349
9fa3e853
FB		 1350/* add a new TB and link it to the physical page tables. phys_page2 is
1351 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1352void tb_link_page(TranslationBlock *tb,
1353 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1354{
9fa3e853
FB		 1355 unsigned int h;
1356 TranslationBlock **ptb;
1357
c8a706fe
PB		 1358 /* Grab the mmap lock to stop another thread invalidating this TB
1359 before we are done. */
1360 mmap_lock();
9fa3e853
FB		 1361 /* add in the physical hash table */
1362 h = tb_phys_hash_func(phys_pc);
1363 ptb = &tb_phys_hash[h];
1364 tb->phys_hash_next = *ptb;
1365 *ptb = tb;
fd6ce8f6
FB		 1366
1367 /* add in the page list */
9fa3e853
FB		 1368 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1369 if (phys_page2 != -1)
1370 tb_alloc_page(tb, 1, phys_page2);
1371 else
1372 tb->page_addr[1] = -1;
9fa3e853 1373
8efe0ca8 1374 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1375 tb->jmp_next[0] = NULL;
1376 tb->jmp_next[1] = NULL;
1377
1378 /* init original jump addresses */
1379 if (tb->tb_next_offset[0] != 0xffff)
1380 tb_reset_jump(tb, 0);
1381 if (tb->tb_next_offset[1] != 0xffff)
1382 tb_reset_jump(tb, 1);
8a40a180
FB		 1383
1384#ifdef DEBUG_TB_CHECK
1385 tb_page_check();
1386#endif
c8a706fe 1387 mmap_unlock();
fd6ce8f6
FB		 1388}
1389
9fa3e853
FB		 1390/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1391 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1392TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1393{
9fa3e853 1394 int m_min, m_max, m;
8efe0ca8 1395 uintptr_t v;
9fa3e853 1396 TranslationBlock *tb;
a513fe19
FB		 1397
1398 if (nb_tbs <= 0)
1399 return NULL;
8efe0ca8
SW		 1400 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1401 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1402 return NULL;
8efe0ca8 1403 }
a513fe19
FB		 1404 /* binary search (cf Knuth) */
1405 m_min = 0;
1406 m_max = nb_tbs - 1;
1407 while (m_min <= m_max) {
1408 m = (m_min + m_max) >> 1;
1409 tb = &tbs[m];
8efe0ca8 1410 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1411 if (v == tc_ptr)
1412 return tb;
1413 else if (tc_ptr < v) {
1414 m_max = m - 1;
1415 } else {
1416 m_min = m + 1;
1417 }
5fafdf24 1418 }
a513fe19
FB		 1419 return &tbs[m_max];
1420}
7501267e 1421
ea041c0e
FB		 1422static void tb_reset_jump_recursive(TranslationBlock *tb);
1423
1424static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1425{
1426 TranslationBlock *tb1, *tb_next, **ptb;
1427 unsigned int n1;
1428
1429 tb1 = tb->jmp_next[n];
1430 if (tb1 != NULL) {
1431 /* find head of list */
1432 for(;;) {
8efe0ca8
SW		 1433 n1 = (uintptr_t)tb1 & 3;
1434 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1435 if (n1 == 2)
1436 break;
1437 tb1 = tb1->jmp_next[n1];
1438 }
1439 /* we are now sure now that tb jumps to tb1 */
1440 tb_next = tb1;
1441
1442 /* remove tb from the jmp_first list */
1443 ptb = &tb_next->jmp_first;
1444 for(;;) {
1445 tb1 = *ptb;
8efe0ca8
SW		 1446 n1 = (uintptr_t)tb1 & 3;
1447 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1448 if (n1 == n && tb1 == tb)
1449 break;
1450 ptb = &tb1->jmp_next[n1];
1451 }
1452 *ptb = tb->jmp_next[n];
1453 tb->jmp_next[n] = NULL;
3b46e624 1454
ea041c0e
FB		 1455 /* suppress the jump to next tb in generated code */
1456 tb_reset_jump(tb, n);
1457
0124311e 1458 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1459 tb_reset_jump_recursive(tb_next);
1460 }
1461}
1462
1463static void tb_reset_jump_recursive(TranslationBlock *tb)
1464{
1465 tb_reset_jump_recursive2(tb, 0);
1466 tb_reset_jump_recursive2(tb, 1);
1467}
1468
1fddef4b 1469#if defined(TARGET_HAS_ICE)
94df27fd 1470#if defined(CONFIG_USER_ONLY)
9349b4f9 1471static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1472{
1473 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1474}
1475#else
1e7855a5 1476void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1477{
c227f099 1478 ram_addr_t ram_addr;
f3705d53 1479 MemoryRegionSection *section;
d720b93d 1480
ac1970fb 1481 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1482 if (!(memory_region_is_ram(section->mr)
1483 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1484 return;
1485 }
f3705d53 1486 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1487 + memory_region_section_addr(section, addr);
706cd4b5 1488 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1489}
1e7855a5
MF		 1490
1491static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1492{
9d70c4b7
MF		 1493 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1494 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1495}
c27004ec 1496#endif
94df27fd 1497#endif /* TARGET_HAS_ICE */
d720b93d 1498
c527ee8f 1499#if defined(CONFIG_USER_ONLY)
9349b4f9 1500void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1501
1502{
1503}
1504
9349b4f9 1505int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1506 int flags, CPUWatchpoint **watchpoint)
1507{
1508 return -ENOSYS;
1509}
1510#else
6658ffb8 1511/* Add a watchpoint. */
9349b4f9 1512int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1513 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1514{
b4051334 1515 target_ulong len_mask = ~(len - 1);
c0ce998e 1516 CPUWatchpoint *wp;
6658ffb8 1517
b4051334 1518 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1519 if ((len & (len - 1)) || (addr & ~len_mask) ||
1520 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1521 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1522 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1523 return -EINVAL;
1524 }
7267c094 1525 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1526
1527 wp->vaddr = addr;
b4051334 1528 wp->len_mask = len_mask;
a1d1bb31
AL		 1529 wp->flags = flags;
1530
2dc9f411 1531 /* keep all GDB-injected watchpoints in front */
c0ce998e 1532 if (flags & BP_GDB)
72cf2d4f 1533 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1534 else
72cf2d4f 1535 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1536
6658ffb8 1537 tlb_flush_page(env, addr);
a1d1bb31
AL		 1538
1539 if (watchpoint)
1540 *watchpoint = wp;
1541 return 0;
6658ffb8
PB		 1542}
1543
a1d1bb31 1544/* Remove a specific watchpoint. */
9349b4f9 1545int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1546 int flags)
6658ffb8 1547{
b4051334 1548 target_ulong len_mask = ~(len - 1);
a1d1bb31 1549 CPUWatchpoint *wp;
6658ffb8 1550
72cf2d4f 1551 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1552 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1553 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1554 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1555 return 0;
1556 }
1557 }
a1d1bb31 1558 return -ENOENT;
6658ffb8
PB		 1559}
1560
a1d1bb31 1561/* Remove a specific watchpoint by reference. */
9349b4f9 1562void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1563{
72cf2d4f 1564 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1565
a1d1bb31
AL		 1566 tlb_flush_page(env, watchpoint->vaddr);
1567
7267c094 1568 g_free(watchpoint);
a1d1bb31
AL		 1569}
1570
1571/* Remove all matching watchpoints. */
9349b4f9 1572void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1573{
c0ce998e 1574 CPUWatchpoint *wp, *next;
a1d1bb31 1575
72cf2d4f 1576 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1577 if (wp->flags & mask)
1578 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1579 }
7d03f82f 1580}
c527ee8f 1581#endif
7d03f82f 1582
a1d1bb31 1583/* Add a breakpoint. */
9349b4f9 1584int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1585 CPUBreakpoint **breakpoint)
4c3a88a2 1586{
1fddef4b 1587#if defined(TARGET_HAS_ICE)
c0ce998e 1588 CPUBreakpoint *bp;
3b46e624 1589
7267c094 1590 bp = g_malloc(sizeof(*bp));
4c3a88a2 1591
a1d1bb31
AL		 1592 bp->pc = pc;
1593 bp->flags = flags;
1594
2dc9f411 1595 /* keep all GDB-injected breakpoints in front */
c0ce998e 1596 if (flags & BP_GDB)
72cf2d4f 1597 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1598 else
72cf2d4f 1599 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1600
d720b93d 1601 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1602
1603 if (breakpoint)
1604 *breakpoint = bp;
4c3a88a2
FB		 1605 return 0;
1606#else
a1d1bb31 1607 return -ENOSYS;
4c3a88a2
FB		 1608#endif
1609}
1610
a1d1bb31 1611/* Remove a specific breakpoint. */
9349b4f9 1612int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1613{
7d03f82f 1614#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1615 CPUBreakpoint *bp;
1616
72cf2d4f 1617 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1618 if (bp->pc == pc && bp->flags == flags) {
1619 cpu_breakpoint_remove_by_ref(env, bp);
1620 return 0;
1621 }
7d03f82f 1622 }
a1d1bb31
AL		 1623 return -ENOENT;
1624#else
1625 return -ENOSYS;
7d03f82f
EI		 1626#endif
1627}
1628
a1d1bb31 1629/* Remove a specific breakpoint by reference. */
9349b4f9 1630void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1631{
1fddef4b 1632#if defined(TARGET_HAS_ICE)
72cf2d4f 1633 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1634
a1d1bb31
AL		 1635 breakpoint_invalidate(env, breakpoint->pc);
1636
7267c094 1637 g_free(breakpoint);
a1d1bb31
AL		 1638#endif
1639}
1640
1641/* Remove all matching breakpoints. */
9349b4f9 1642void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1643{
1644#if defined(TARGET_HAS_ICE)
c0ce998e 1645 CPUBreakpoint *bp, *next;
a1d1bb31 1646
72cf2d4f 1647 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1648 if (bp->flags & mask)
1649 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1650 }
4c3a88a2
FB		 1651#endif
1652}
1653
c33a346e
FB		 1654/* enable or disable single step mode. EXCP_DEBUG is returned by the
1655 CPU loop after each instruction */
9349b4f9 1656void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1657{
1fddef4b 1658#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1659 if (env->singlestep_enabled != enabled) {
1660 env->singlestep_enabled = enabled;
e22a25c9
AL		 1661 if (kvm_enabled())
1662 kvm_update_guest_debug(env, 0);
1663 else {
ccbb4d44 1664 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1665 /* XXX: only flush what is necessary */
1666 tb_flush(env);
1667 }
c33a346e
FB		 1668 }
1669#endif
1670}
1671
9349b4f9 1672static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1673{
3098dba0
AJ		 1674 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1675 problem and hope the cpu will stop of its own accord. For userspace
1676 emulation this often isn't actually as bad as it sounds. Often
1677 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1678 TranslationBlock *tb;
c227f099 1679 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1680
cab1b4bd 1681 spin_lock(&interrupt_lock);
3098dba0
AJ		 1682 tb = env->current_tb;
1683 /* if the cpu is currently executing code, we must unlink it and
1684 all the potentially executing TB */
f76cfe56 1685 if (tb) {
3098dba0
AJ		 1686 env->current_tb = NULL;
1687 tb_reset_jump_recursive(tb);
be214e6c 1688 }
cab1b4bd 1689 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1690}
1691
97ffbd8d 1692#ifndef CONFIG_USER_ONLY
3098dba0 1693/* mask must never be zero, except for A20 change call */
9349b4f9 1694static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1695{
1696 int old_mask;
be214e6c 1697
2e70f6ef 1698 old_mask = env->interrupt_request;
68a79315 1699 env->interrupt_request |= mask;
3098dba0 1700
8edac960
AL		 1701 /*
1702 * If called from iothread context, wake the target cpu in
1703 * case its halted.
1704 */
b7680cb6 1705 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1706 qemu_cpu_kick(env);
1707 return;
1708 }
8edac960 1709
2e70f6ef 1710 if (use_icount) {
266910c4 1711 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1712 if (!can_do_io(env)
be214e6c 1713 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1714 cpu_abort(env, "Raised interrupt while not in I/O function");
1715 }
2e70f6ef 1716 } else {
3098dba0 1717 cpu_unlink_tb(env);
ea041c0e
FB		 1718 }
1719}
1720
ec6959d0
JK		 1721CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1722
97ffbd8d
JK		 1723#else /* CONFIG_USER_ONLY */
1724
9349b4f9 1725void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1726{
1727 env->interrupt_request |= mask;
1728 cpu_unlink_tb(env);
1729}
1730#endif /* CONFIG_USER_ONLY */
1731
9349b4f9 1732void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1733{
1734 env->interrupt_request &= ~mask;
1735}
1736
9349b4f9 1737void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1738{
1739 env->exit_request = 1;
1740 cpu_unlink_tb(env);
1741}
1742
9349b4f9 1743void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1744{
1745 va_list ap;
493ae1f0 1746 va_list ap2;
7501267e
FB		 1747
1748 va_start(ap, fmt);
493ae1f0 1749 va_copy(ap2, ap);
7501267e
FB		 1750 fprintf(stderr, "qemu: fatal: ");
1751 vfprintf(stderr, fmt, ap);
1752 fprintf(stderr, "\n");
6fd2a026 1753 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
93fcfe39
AL		 1754 if (qemu_log_enabled()) {
1755 qemu_log("qemu: fatal: ");
1756 qemu_log_vprintf(fmt, ap2);
1757 qemu_log("\n");
6fd2a026 1758 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 1759 qemu_log_flush();
93fcfe39 1760 qemu_log_close();
924edcae 1761 }
493ae1f0 1762 va_end(ap2);
f9373291 1763 va_end(ap);
fd052bf6
RV		 1764#if defined(CONFIG_USER_ONLY)
1765 {
1766 struct sigaction act;
1767 sigfillset(&act.sa_mask);
1768 act.sa_handler = SIG_DFL;
1769 sigaction(SIGABRT, &act, NULL);
1770 }
1771#endif
7501267e
FB		 1772 abort();
1773}
1774
9349b4f9 1775CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1776{
9349b4f9
AF		 1777 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1778 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1779 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1780#if defined(TARGET_HAS_ICE)
1781 CPUBreakpoint *bp;
1782 CPUWatchpoint *wp;
1783#endif
1784
9349b4f9 1785 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1786
1787 /* Preserve chaining and index. */
c5be9f08
TS		 1788 new_env->next_cpu = next_cpu;
1789 new_env->cpu_index = cpu_index;
5a38f081
AL		 1790
1791 /* Clone all break/watchpoints.
1792 Note: Once we support ptrace with hw-debug register access, make sure
1793 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1794 QTAILQ_INIT(&env->breakpoints);
1795 QTAILQ_INIT(&env->watchpoints);
5a38f081 1796#if defined(TARGET_HAS_ICE)
72cf2d4f 1797 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1798 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1799 }
72cf2d4f 1800 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1801 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1802 wp->flags, NULL);
1803 }
1804#endif
1805
c5be9f08
TS		 1806 return new_env;
1807}
1808
0124311e 1809#if !defined(CONFIG_USER_ONLY)
0cac1b66 1810void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1811{
1812 unsigned int i;
1813
1814 /* Discard jump cache entries for any tb which might potentially
1815 overlap the flushed page. */
1816 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1817 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1818 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1819
1820 i = tb_jmp_cache_hash_page(addr);
1821 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1822 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1823}
1824
d24981d3
JQ		 1825static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1826 uintptr_t length)
1827{
1828 uintptr_t start1;
1829
1830 /* we modify the TLB cache so that the dirty bit will be set again
1831 when accessing the range */
1832 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1833 /* Check that we don't span multiple blocks - this breaks the
1834 address comparisons below. */
1835 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1836 != (end - 1) - start) {
1837 abort();
1838 }
1839 cpu_tlb_reset_dirty_all(start1, length);
1840
1841}
1842
5579c7f3 1843/* Note: start and end must be within the same ram block. */
c227f099 1844void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1845 int dirty_flags)
1ccde1cb 1846{
d24981d3 1847 uintptr_t length;
1ccde1cb
FB		 1848
1849 start &= TARGET_PAGE_MASK;
1850 end = TARGET_PAGE_ALIGN(end);
1851
1852 length = end - start;
1853 if (length == 0)
1854 return;
f7c11b53 1855 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1856
d24981d3
JQ		 1857 if (tcg_enabled()) {
1858 tlb_reset_dirty_range_all(start, end, length);
5579c7f3 1859 }
1ccde1cb
FB		 1860}
1861
74576198
AL		 1862int cpu_physical_memory_set_dirty_tracking(int enable)
1863{
f6f3fbca 1864 int ret = 0;
74576198 1865 in_migration = enable;
f6f3fbca 1866 return ret;
74576198
AL		 1867}
1868
e5548617
BS		 1869target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1870 MemoryRegionSection *section,
1871 target_ulong vaddr,
1872 target_phys_addr_t paddr,
1873 int prot,
1874 target_ulong *address)
1875{
1876 target_phys_addr_t iotlb;
1877 CPUWatchpoint *wp;
1878
cc5bea60 1879 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1880 /* Normal RAM. */
1881 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1882 + memory_region_section_addr(section, paddr);
e5548617
BS		 1883 if (!section->readonly) {
1884 iotlb |= phys_section_notdirty;
1885 } else {
1886 iotlb |= phys_section_rom;
1887 }
1888 } else {
1889 /* IO handlers are currently passed a physical address.
1890 It would be nice to pass an offset from the base address
1891 of that region. This would avoid having to special case RAM,
1892 and avoid full address decoding in every device.
1893 We can't use the high bits of pd for this because
1894 IO_MEM_ROMD uses these as a ram address. */
1895 iotlb = section - phys_sections;
cc5bea60 1896 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 1897 }
1898
1899 /* Make accesses to pages with watchpoints go via the
1900 watchpoint trap routines. */
1901 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1902 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1903 /* Avoid trapping reads of pages with a write breakpoint. */
1904 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1905 iotlb = phys_section_watch + paddr;
1906 *address |= TLB_MMIO;
1907 break;
1908 }
1909 }
1910 }
1911
1912 return iotlb;
1913}
1914
0124311e 1915#else
edf8e2af
MW		 1916/*
1917 * Walks guest process memory "regions" one by one
1918 * and calls callback function 'fn' for each region.
1919 */
5cd2c5b6
RH		 1920
1921struct walk_memory_regions_data
1922{
1923 walk_memory_regions_fn fn;
1924 void *priv;
8efe0ca8 1925 uintptr_t start;
5cd2c5b6
RH		 1926 int prot;
1927};
1928
1929static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 1930 abi_ulong end, int new_prot)
5cd2c5b6
RH		 1931{
1932 if (data->start != -1ul) {
1933 int rc = data->fn(data->priv, data->start, end, data->prot);
1934 if (rc != 0) {
1935 return rc;
1936 }
1937 }
1938
1939 data->start = (new_prot ? end : -1ul);
1940 data->prot = new_prot;
1941
1942 return 0;
1943}
1944
1945static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 1946 abi_ulong base, int level, void **lp)
5cd2c5b6 1947{
b480d9b7 1948 abi_ulong pa;
5cd2c5b6
RH		 1949 int i, rc;
1950
1951 if (*lp == NULL) {
1952 return walk_memory_regions_end(data, base, 0);
1953 }
1954
1955 if (level == 0) {
1956 PageDesc *pd = *lp;
7296abac 1957 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 1958 int prot = pd[i].flags;
1959
1960 pa = base | (i << TARGET_PAGE_BITS);
1961 if (prot != data->prot) {
1962 rc = walk_memory_regions_end(data, pa, prot);
1963 if (rc != 0) {
1964 return rc;
9fa3e853 1965 }
9fa3e853 1966 }
5cd2c5b6
RH		 1967 }
1968 } else {
1969 void **pp = *lp;
7296abac 1970 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 1971 pa = base | ((abi_ulong)i <<
1972 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 1973 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1974 if (rc != 0) {
1975 return rc;
1976 }
1977 }
1978 }
1979
1980 return 0;
1981}
1982
1983int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
1984{
1985 struct walk_memory_regions_data data;
8efe0ca8 1986 uintptr_t i;
5cd2c5b6
RH		 1987
1988 data.fn = fn;
1989 data.priv = priv;
1990 data.start = -1ul;
1991 data.prot = 0;
1992
1993 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 1994 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 1995 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
1996 if (rc != 0) {
1997 return rc;
9fa3e853 1998 }
33417e70 1999 }
5cd2c5b6
RH		 2000
2001 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2002}
2003
b480d9b7
PB		 2004static int dump_region(void *priv, abi_ulong start,
2005 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2006{
2007 FILE *f = (FILE *)priv;
2008
b480d9b7
PB		 2009 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2010 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2011 start, end, end - start,
2012 ((prot & PAGE_READ) ? 'r' : '-'),
2013 ((prot & PAGE_WRITE) ? 'w' : '-'),
2014 ((prot & PAGE_EXEC) ? 'x' : '-'));
2015
2016 return (0);
2017}
2018
2019/* dump memory mappings */
2020void page_dump(FILE *f)
2021{
2022 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2023 "start", "end", "size", "prot");
2024 walk_memory_regions(f, dump_region);
33417e70
FB		 2025}
2026
53a5960a 2027int page_get_flags(target_ulong address)
33417e70 2028{
9fa3e853
FB		 2029 PageDesc *p;
2030
2031 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2032 if (!p)
9fa3e853
FB		 2033 return 0;
2034 return p->flags;
2035}
2036
376a7909
RH		 2037/* Modify the flags of a page and invalidate the code if necessary.
2038 The flag PAGE_WRITE_ORG is positioned automatically depending
2039 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2040void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2041{
376a7909
RH		 2042 target_ulong addr, len;
2043
2044 /* This function should never be called with addresses outside the
2045 guest address space. If this assert fires, it probably indicates
2046 a missing call to h2g_valid. */
b480d9b7
PB		 2047#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2048 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2049#endif
2050 assert(start < end);
9fa3e853
FB		 2051
2052 start = start & TARGET_PAGE_MASK;
2053 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2054
2055 if (flags & PAGE_WRITE) {
9fa3e853 2056 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2057 }
2058
2059 for (addr = start, len = end - start;
2060 len != 0;
2061 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2062 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2063
2064 /* If the write protection bit is set, then we invalidate
2065 the code inside. */
5fafdf24 2066 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2067 (flags & PAGE_WRITE) &&
2068 p->first_tb) {
d720b93d 2069 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2070 }
2071 p->flags = flags;
2072 }
33417e70
FB		 2073}
2074
3d97b40b
TS		 2075int page_check_range(target_ulong start, target_ulong len, int flags)
2076{
2077 PageDesc *p;
2078 target_ulong end;
2079 target_ulong addr;
2080
376a7909
RH		 2081 /* This function should never be called with addresses outside the
2082 guest address space. If this assert fires, it probably indicates
2083 a missing call to h2g_valid. */
338e9e6c
BS		 2084#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2085 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2086#endif
2087
3e0650a9
RH		 2088 if (len == 0) {
2089 return 0;
2090 }
376a7909
RH		 2091 if (start + len - 1 < start) {
2092 /* We've wrapped around. */
55f280c9 2093 return -1;
376a7909 2094 }
55f280c9 2095
3d97b40b
TS		 2096 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2097 start = start & TARGET_PAGE_MASK;
2098
376a7909
RH		 2099 for (addr = start, len = end - start;
2100 len != 0;
2101 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2102 p = page_find(addr >> TARGET_PAGE_BITS);
2103 if( !p )
2104 return -1;
2105 if( !(p->flags & PAGE_VALID) )
2106 return -1;
2107
dae3270c 2108 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2109 return -1;
dae3270c
FB		 2110 if (flags & PAGE_WRITE) {
2111 if (!(p->flags & PAGE_WRITE_ORG))
2112 return -1;
2113 /* unprotect the page if it was put read-only because it
2114 contains translated code */
2115 if (!(p->flags & PAGE_WRITE)) {
2116 if (!page_unprotect(addr, 0, NULL))
2117 return -1;
2118 }
2119 return 0;
2120 }
3d97b40b
TS		 2121 }
2122 return 0;
2123}
2124
9fa3e853 2125/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2126 page. Return TRUE if the fault was successfully handled. */
6375e09e 2127int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2128{
45d679d6
AJ		 2129 unsigned int prot;
2130 PageDesc *p;
53a5960a 2131 target_ulong host_start, host_end, addr;
9fa3e853 2132
c8a706fe
PB		 2133 /* Technically this isn't safe inside a signal handler. However we
2134 know this only ever happens in a synchronous SEGV handler, so in
2135 practice it seems to be ok. */
2136 mmap_lock();
2137
45d679d6
AJ		 2138 p = page_find(address >> TARGET_PAGE_BITS);
2139 if (!p) {
c8a706fe 2140 mmap_unlock();
9fa3e853 2141 return 0;
c8a706fe 2142 }
45d679d6 2143
9fa3e853
FB		 2144 /* if the page was really writable, then we change its
2145 protection back to writable */
45d679d6
AJ		 2146 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2147 host_start = address & qemu_host_page_mask;
2148 host_end = host_start + qemu_host_page_size;
2149
2150 prot = 0;
2151 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2152 p = page_find(addr >> TARGET_PAGE_BITS);
2153 p->flags |= PAGE_WRITE;
2154 prot |= p->flags;
2155
9fa3e853
FB		 2156 /* and since the content will be modified, we must invalidate
2157 the corresponding translated code. */
45d679d6 2158 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2159#ifdef DEBUG_TB_CHECK
45d679d6 2160 tb_invalidate_check(addr);
9fa3e853 2161#endif
9fa3e853 2162 }
45d679d6
AJ		 2163 mprotect((void *)g2h(host_start), qemu_host_page_size,
2164 prot & PAGE_BITS);
2165
2166 mmap_unlock();
2167 return 1;
9fa3e853 2168 }
c8a706fe 2169 mmap_unlock();
9fa3e853
FB		 2170 return 0;
2171}
9fa3e853
FB		 2172#endif /* defined(CONFIG_USER_ONLY) */
2173
e2eef170 2174#if !defined(CONFIG_USER_ONLY)
8da3ff18 2175
c04b2b78
PB		 2176#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2177typedef struct subpage_t {
70c68e44 2178 MemoryRegion iomem;
c04b2b78 2179 target_phys_addr_t base;
5312bd8b 2180 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2181} subpage_t;
2182
c227f099 2183static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2184 uint16_t section);
0f0cb164 2185static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2186static void destroy_page_desc(uint16_t section_index)
54688b1e 2187{
5312bd8b
AK		 2188 MemoryRegionSection *section = &phys_sections[section_index];
2189 MemoryRegion *mr = section->mr;
54688b1e
AK		 2190
2191 if (mr->subpage) {
2192 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2193 memory_region_destroy(&subpage->iomem);
2194 g_free(subpage);
2195 }
2196}
2197
4346ae3e 2198static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2199{
2200 unsigned i;
d6f2ea22 2201 PhysPageEntry *p;
54688b1e 2202
c19e8800 2203 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2204 return;
2205 }
2206
c19e8800 2207 p = phys_map_nodes[lp->ptr];
4346ae3e 2208 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2209 if (!p[i].is_leaf) {
54688b1e 2210 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2211 } else {
c19e8800 2212 destroy_page_desc(p[i].ptr);
54688b1e 2213 }
54688b1e 2214 }
07f07b31 2215 lp->is_leaf = 0;
c19e8800 2216 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2217}
2218
ac1970fb 2219static void destroy_all_mappings(AddressSpaceDispatch *d)
54688b1e 2220{
ac1970fb 2221 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
d6f2ea22 2222 phys_map_nodes_reset();
54688b1e
AK		 2223}
2224
5312bd8b
AK		 2225static uint16_t phys_section_add(MemoryRegionSection *section)
2226{
2227 if (phys_sections_nb == phys_sections_nb_alloc) {
2228 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2229 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2230 phys_sections_nb_alloc);
2231 }
2232 phys_sections[phys_sections_nb] = *section;
2233 return phys_sections_nb++;
2234}
2235
2236static void phys_sections_clear(void)
2237{
2238 phys_sections_nb = 0;
2239}
2240
ac1970fb 2241static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 2242{
2243 subpage_t *subpage;
2244 target_phys_addr_t base = section->offset_within_address_space
2245 & TARGET_PAGE_MASK;
ac1970fb 2246 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2247 MemoryRegionSection subsection = {
2248 .offset_within_address_space = base,
2249 .size = TARGET_PAGE_SIZE,
2250 };
0f0cb164
AK		 2251 target_phys_addr_t start, end;
2252
f3705d53 2253 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2254
f3705d53 2255 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2256 subpage = subpage_init(base);
2257 subsection.mr = &subpage->iomem;
ac1970fb 2258 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2999097b 2259 phys_section_add(&subsection));
0f0cb164 2260 } else {
f3705d53 2261 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2262 }
2263 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
adb2a9b5 2264 end = start + section->size - 1;
0f0cb164
AK		 2265 subpage_register(subpage, start, end, phys_section_add(section));
2266}
2267
2268
ac1970fb 2269static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
33417e70 2270{
dd81124b
AK		 2271 target_phys_addr_t start_addr = section->offset_within_address_space;
2272 ram_addr_t size = section->size;
2999097b 2273 target_phys_addr_t addr;
5312bd8b 2274 uint16_t section_index = phys_section_add(section);
dd81124b 2275
3b8e6a2d 2276 assert(size);
f6f3fbca 2277
3b8e6a2d 2278 addr = start_addr;
ac1970fb 2279 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2999097b 2280 section_index);
33417e70
FB		 2281}
2282
ac1970fb 2283static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 2284{
ac1970fb 2285 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
0f0cb164
AK		 2286 MemoryRegionSection now = *section, remain = *section;
2287
2288 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2289 || (now.size < TARGET_PAGE_SIZE)) {
2290 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2291 - now.offset_within_address_space,
2292 now.size);
ac1970fb 2293 register_subpage(d, &now);
0f0cb164
AK		 2294 remain.size -= now.size;
2295 remain.offset_within_address_space += now.size;
2296 remain.offset_within_region += now.size;
2297 }
69b67646
TH		 2298 while (remain.size >= TARGET_PAGE_SIZE) {
2299 now = remain;
2300 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2301 now.size = TARGET_PAGE_SIZE;
ac1970fb 2302 register_subpage(d, &now);
69b67646
TH		 2303 } else {
2304 now.size &= TARGET_PAGE_MASK;
ac1970fb 2305 register_multipage(d, &now);
69b67646 2306 }
0f0cb164
AK		 2307 remain.size -= now.size;
2308 remain.offset_within_address_space += now.size;
2309 remain.offset_within_region += now.size;
2310 }
2311 now = remain;
2312 if (now.size) {
ac1970fb 2313 register_subpage(d, &now);
0f0cb164
AK		 2314 }
2315}
2316
62a2744c
SY		 2317void qemu_flush_coalesced_mmio_buffer(void)
2318{
2319 if (kvm_enabled())
2320 kvm_flush_coalesced_mmio_buffer();
2321}
2322
c902760f
MT		 2323#if defined(__linux__) && !defined(TARGET_S390X)
2324
2325#include <sys/vfs.h>
2326
2327#define HUGETLBFS_MAGIC 0x958458f6
2328
2329static long gethugepagesize(const char *path)
2330{
2331 struct statfs fs;
2332 int ret;
2333
2334 do {
9742bf26 2335 ret = statfs(path, &fs);
c902760f
MT		 2336 } while (ret != 0 && errno == EINTR);
2337
2338 if (ret != 0) {
9742bf26
YT		 2339 perror(path);
2340 return 0;
c902760f
MT		 2341 }
2342
2343 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2344 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2345
2346 return fs.f_bsize;
2347}
2348
04b16653
AW		 2349static void *file_ram_alloc(RAMBlock *block,
2350 ram_addr_t memory,
2351 const char *path)
c902760f
MT		 2352{
2353 char *filename;
2354 void *area;
2355 int fd;
2356#ifdef MAP_POPULATE
2357 int flags;
2358#endif
2359 unsigned long hpagesize;
2360
2361 hpagesize = gethugepagesize(path);
2362 if (!hpagesize) {
9742bf26 2363 return NULL;
c902760f
MT		 2364 }
2365
2366 if (memory < hpagesize) {
2367 return NULL;
2368 }
2369
2370 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2371 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2372 return NULL;
2373 }
2374
2375 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2376 return NULL;
c902760f
MT		 2377 }
2378
2379 fd = mkstemp(filename);
2380 if (fd < 0) {
9742bf26
YT		 2381 perror("unable to create backing store for hugepages");
2382 free(filename);
2383 return NULL;
c902760f
MT		 2384 }
2385 unlink(filename);
2386 free(filename);
2387
2388 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2389
2390 /*
2391 * ftruncate is not supported by hugetlbfs in older
2392 * hosts, so don't bother bailing out on errors.
2393 * If anything goes wrong with it under other filesystems,
2394 * mmap will fail.
2395 */
2396 if (ftruncate(fd, memory))
9742bf26 2397 perror("ftruncate");
c902760f
MT		 2398
2399#ifdef MAP_POPULATE
2400 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2401 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2402 * to sidestep this quirk.
2403 */
2404 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2405 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2406#else
2407 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2408#endif
2409 if (area == MAP_FAILED) {
9742bf26
YT		 2410 perror("file_ram_alloc: can't mmap RAM pages");
2411 close(fd);
2412 return (NULL);
c902760f 2413 }
04b16653 2414 block->fd = fd;
c902760f
MT		 2415 return area;
2416}
2417#endif
2418
d17b5288 2419static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2420{
2421 RAMBlock *block, *next_block;
3e837b2c 2422 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2423
2424 if (QLIST_EMPTY(&ram_list.blocks))
2425 return 0;
2426
2427 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2428 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2429
2430 end = block->offset + block->length;
2431
2432 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2433 if (next_block->offset >= end) {
2434 next = MIN(next, next_block->offset);
2435 }
2436 }
2437 if (next - end >= size && next - end < mingap) {
3e837b2c 2438 offset = end;
04b16653
AW		 2439 mingap = next - end;
2440 }
2441 }
3e837b2c
AW		 2442
2443 if (offset == RAM_ADDR_MAX) {
2444 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2445 (uint64_t)size);
2446 abort();
2447 }
2448
04b16653
AW		 2449 return offset;
2450}
2451
652d7ec2 2452ram_addr_t last_ram_offset(void)
d17b5288
AW		 2453{
2454 RAMBlock *block;
2455 ram_addr_t last = 0;
2456
2457 QLIST_FOREACH(block, &ram_list.blocks, next)
2458 last = MAX(last, block->offset + block->length);
2459
2460 return last;
2461}
2462
ddb97f1d
JB		 2463static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2464{
2465 int ret;
2466 QemuOpts *machine_opts;
2467
2468 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2469 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2470 if (machine_opts &&
2471 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2472 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2473 if (ret) {
2474 perror("qemu_madvise");
2475 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2476 "but dump_guest_core=off specified\n");
2477 }
2478 }
2479}
2480
c5705a77 2481void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2482{
2483 RAMBlock *new_block, *block;
2484
c5705a77
AK		 2485 new_block = NULL;
2486 QLIST_FOREACH(block, &ram_list.blocks, next) {
2487 if (block->offset == addr) {
2488 new_block = block;
2489 break;
2490 }
2491 }
2492 assert(new_block);
2493 assert(!new_block->idstr[0]);
84b89d78 2494
09e5ab63
AL		 2495 if (dev) {
2496 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 2497 if (id) {
2498 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2499 g_free(id);
84b89d78
CM		 2500 }
2501 }
2502 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2503
2504 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2505 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2506 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2507 new_block->idstr);
2508 abort();
2509 }
2510 }
c5705a77
AK		 2511}
2512
8490fc78
LC		 2513static int memory_try_enable_merging(void *addr, size_t len)
2514{
2515 QemuOpts *opts;
2516
2517 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2518 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2519 /* disabled by the user */
2520 return 0;
2521 }
2522
2523 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2524}
2525
c5705a77
AK		 2526ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2527 MemoryRegion *mr)
2528{
2529 RAMBlock *new_block;
2530
2531 size = TARGET_PAGE_ALIGN(size);
2532 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2533
7c637366 2534 new_block->mr = mr;
432d268c 2535 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2536 if (host) {
2537 new_block->host = host;
cd19cfa2 2538 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2539 } else {
2540 if (mem_path) {
c902760f 2541#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2542 new_block->host = file_ram_alloc(new_block, size, mem_path);
2543 if (!new_block->host) {
2544 new_block->host = qemu_vmalloc(size);
8490fc78 2545 memory_try_enable_merging(new_block->host, size);
6977dfe6 2546 }
c902760f 2547#else
6977dfe6
YT		 2548 fprintf(stderr, "-mem-path option unsupported\n");
2549 exit(1);
c902760f 2550#endif
6977dfe6 2551 } else {
868bb33f 2552 if (xen_enabled()) {
fce537d4 2553 xen_ram_alloc(new_block->offset, size, mr);
fdec9918
CB		 2554 } else if (kvm_enabled()) {
2555 /* some s390/kvm configurations have special constraints */
2556 new_block->host = kvm_vmalloc(size);
432d268c
JN		 2557 } else {
2558 new_block->host = qemu_vmalloc(size);
2559 }
8490fc78 2560 memory_try_enable_merging(new_block->host, size);
6977dfe6 2561 }
c902760f 2562 }
94a6b54f
PB		 2563 new_block->length = size;
2564
f471a17e 2565 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2566
7267c094 2567 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2568 last_ram_offset() >> TARGET_PAGE_BITS);
5fda043f
IM		 2569 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2570 0, size >> TARGET_PAGE_BITS);
1720aeee 2571 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
94a6b54f 2572
ddb97f1d
JB		 2573 qemu_ram_setup_dump(new_block->host, size);
2574
6f0437e8
JK		 2575 if (kvm_enabled())
2576 kvm_setup_guest_memory(new_block->host, size);
2577
94a6b54f
PB		 2578 return new_block->offset;
2579}
e9a1ab19 2580
c5705a77 2581ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2582{
c5705a77 2583 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2584}
2585
1f2e98b6
AW		 2586void qemu_ram_free_from_ptr(ram_addr_t addr)
2587{
2588 RAMBlock *block;
2589
2590 QLIST_FOREACH(block, &ram_list.blocks, next) {
2591 if (addr == block->offset) {
2592 QLIST_REMOVE(block, next);
7267c094 2593 g_free(block);
1f2e98b6
AW		 2594 return;
2595 }
2596 }
2597}
2598
c227f099 2599void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2600{
04b16653
AW		 2601 RAMBlock *block;
2602
2603 QLIST_FOREACH(block, &ram_list.blocks, next) {
2604 if (addr == block->offset) {
2605 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2606 if (block->flags & RAM_PREALLOC_MASK) {
2607 ;
2608 } else if (mem_path) {
04b16653
AW		 2609#if defined (__linux__) && !defined(TARGET_S390X)
2610 if (block->fd) {
2611 munmap(block->host, block->length);
2612 close(block->fd);
2613 } else {
2614 qemu_vfree(block->host);
2615 }
fd28aa13
JK		 2616#else
2617 abort();
04b16653
AW		 2618#endif
2619 } else {
2620#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2621 munmap(block->host, block->length);
2622#else
868bb33f 2623 if (xen_enabled()) {
e41d7c69 2624 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2625 } else {
2626 qemu_vfree(block->host);
2627 }
04b16653
AW		 2628#endif
2629 }
7267c094 2630 g_free(block);
04b16653
AW		 2631 return;
2632 }
2633 }
2634
e9a1ab19
FB		 2635}
2636
cd19cfa2
HY		 2637#ifndef _WIN32
2638void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2639{
2640 RAMBlock *block;
2641 ram_addr_t offset;
2642 int flags;
2643 void *area, *vaddr;
2644
2645 QLIST_FOREACH(block, &ram_list.blocks, next) {
2646 offset = addr - block->offset;
2647 if (offset < block->length) {
2648 vaddr = block->host + offset;
2649 if (block->flags & RAM_PREALLOC_MASK) {
2650 ;
2651 } else {
2652 flags = MAP_FIXED;
2653 munmap(vaddr, length);
2654 if (mem_path) {
2655#if defined(__linux__) && !defined(TARGET_S390X)
2656 if (block->fd) {
2657#ifdef MAP_POPULATE
2658 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2659 MAP_PRIVATE;
2660#else
2661 flags |= MAP_PRIVATE;
2662#endif
2663 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2664 flags, block->fd, offset);
2665 } else {
2666 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2667 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2668 flags, -1, 0);
2669 }
fd28aa13
JK		 2670#else
2671 abort();
cd19cfa2
HY		 2672#endif
2673 } else {
2674#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2675 flags |= MAP_SHARED | MAP_ANONYMOUS;
2676 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2677 flags, -1, 0);
2678#else
2679 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2680 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2681 flags, -1, 0);
2682#endif
2683 }
2684 if (area != vaddr) {
f15fbc4b
AP		 2685 fprintf(stderr, "Could not remap addr: "
2686 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2687 length, addr);
2688 exit(1);
2689 }
8490fc78 2690 memory_try_enable_merging(vaddr, length);
ddb97f1d 2691 qemu_ram_setup_dump(vaddr, length);
cd19cfa2
HY		 2692 }
2693 return;
2694 }
2695 }
2696}
2697#endif /* !_WIN32 */
2698
dc828ca1 2699/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2700 With the exception of the softmmu code in this file, this should
2701 only be used for local memory (e.g. video ram) that the device owns,
2702 and knows it isn't going to access beyond the end of the block.
2703
2704 It should not be used for general purpose DMA.
2705 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2706 */
c227f099 2707void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2708{
94a6b54f
PB		 2709 RAMBlock *block;
2710
f471a17e
AW		 2711 QLIST_FOREACH(block, &ram_list.blocks, next) {
2712 if (addr - block->offset < block->length) {
7d82af38
VP		 2713 /* Move this entry to to start of the list. */
2714 if (block != QLIST_FIRST(&ram_list.blocks)) {
2715 QLIST_REMOVE(block, next);
2716 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2717 }
868bb33f 2718 if (xen_enabled()) {
432d268c
JN		 2719 /* We need to check if the requested address is in the RAM
2720 * because we don't want to map the entire memory in QEMU.
712c2b41 2721 * In that case just map until the end of the page.
432d268c
JN		 2722 */
2723 if (block->offset == 0) {
e41d7c69 2724 return xen_map_cache(addr, 0, 0);
432d268c 2725 } else if (block->host == NULL) {
e41d7c69
JK		 2726 block->host =
2727 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2728 }
2729 }
f471a17e
AW		 2730 return block->host + (addr - block->offset);
2731 }
94a6b54f 2732 }
f471a17e
AW		 2733
2734 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2735 abort();
2736
2737 return NULL;
dc828ca1
PB		 2738}
2739
b2e0a138
MT		 2740/* Return a host pointer to ram allocated with qemu_ram_alloc.
2741 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2742 */
2743void *qemu_safe_ram_ptr(ram_addr_t addr)
2744{
2745 RAMBlock *block;
2746
2747 QLIST_FOREACH(block, &ram_list.blocks, next) {
2748 if (addr - block->offset < block->length) {
868bb33f 2749 if (xen_enabled()) {
432d268c
JN		 2750 /* We need to check if the requested address is in the RAM
2751 * because we don't want to map the entire memory in QEMU.
712c2b41 2752 * In that case just map until the end of the page.
432d268c
JN		 2753 */
2754 if (block->offset == 0) {
e41d7c69 2755 return xen_map_cache(addr, 0, 0);
432d268c 2756 } else if (block->host == NULL) {
e41d7c69
JK		 2757 block->host =
2758 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2759 }
2760 }
b2e0a138
MT		 2761 return block->host + (addr - block->offset);
2762 }
2763 }
2764
2765 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2766 abort();
2767
2768 return NULL;
2769}
2770
38bee5dc
SS		 2771/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2772 * but takes a size argument */
8ab934f9 2773void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2774{
8ab934f9
SS		 2775 if (*size == 0) {
2776 return NULL;
2777 }
868bb33f 2778 if (xen_enabled()) {
e41d7c69 2779 return xen_map_cache(addr, *size, 1);
868bb33f 2780 } else {
38bee5dc
SS		 2781 RAMBlock *block;
2782
2783 QLIST_FOREACH(block, &ram_list.blocks, next) {
2784 if (addr - block->offset < block->length) {
2785 if (addr - block->offset + *size > block->length)
2786 *size = block->length - addr + block->offset;
2787 return block->host + (addr - block->offset);
2788 }
2789 }
2790
2791 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2792 abort();
38bee5dc
SS		 2793 }
2794}
2795
050a0ddf
AP		 2796void qemu_put_ram_ptr(void *addr)
2797{
2798 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2799}
2800
e890261f 2801int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2802{
94a6b54f
PB		 2803 RAMBlock *block;
2804 uint8_t *host = ptr;
2805
868bb33f 2806 if (xen_enabled()) {
e41d7c69 2807 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2808 return 0;
2809 }
2810
f471a17e 2811 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2812 /* This case append when the block is not mapped. */
2813 if (block->host == NULL) {
2814 continue;
2815 }
f471a17e 2816 if (host - block->host < block->length) {
e890261f
MT		 2817 *ram_addr = block->offset + (host - block->host);
2818 return 0;
f471a17e 2819 }
94a6b54f 2820 }
432d268c 2821
e890261f
MT		 2822 return -1;
2823}
f471a17e 2824
e890261f
MT		 2825/* Some of the softmmu routines need to translate from a host pointer
2826 (typically a TLB entry) back to a ram offset. */
2827ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2828{
2829 ram_addr_t ram_addr;
f471a17e 2830
e890261f
MT		 2831 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2832 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2833 abort();
2834 }
2835 return ram_addr;
5579c7f3
PB		 2836}
2837
0e0df1e2
AK		 2838static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2839 unsigned size)
e18231a3
BS		 2840{
2841#ifdef DEBUG_UNASSIGNED
2842 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2843#endif
5b450407 2844#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2845 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2846#endif
2847 return 0;
2848}
2849
0e0df1e2
AK		 2850static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2851 uint64_t val, unsigned size)
e18231a3
BS		 2852{
2853#ifdef DEBUG_UNASSIGNED
0e0df1e2 2854 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2855#endif
5b450407 2856#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2857 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2858#endif
33417e70
FB		 2859}
2860
0e0df1e2
AK		 2861static const MemoryRegionOps unassigned_mem_ops = {
2862 .read = unassigned_mem_read,
2863 .write = unassigned_mem_write,
2864 .endianness = DEVICE_NATIVE_ENDIAN,
2865};
e18231a3 2866
0e0df1e2
AK		 2867static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2868 unsigned size)
e18231a3 2869{
0e0df1e2 2870 abort();
e18231a3
BS		 2871}
2872
0e0df1e2
AK		 2873static void error_mem_write(void *opaque, target_phys_addr_t addr,
2874 uint64_t value, unsigned size)
e18231a3 2875{
0e0df1e2 2876 abort();
33417e70
FB		 2877}
2878
0e0df1e2
AK		 2879static const MemoryRegionOps error_mem_ops = {
2880 .read = error_mem_read,
2881 .write = error_mem_write,
2882 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2883};
2884
0e0df1e2
AK		 2885static const MemoryRegionOps rom_mem_ops = {
2886 .read = error_mem_read,
2887 .write = unassigned_mem_write,
2888 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2889};
2890
0e0df1e2
AK		 2891static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2892 uint64_t val, unsigned size)
9fa3e853 2893{
3a7d929e 2894 int dirty_flags;
f7c11b53 2895 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 2896 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 2897#if !defined(CONFIG_USER_ONLY)
0e0df1e2 2898 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 2899 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 2900#endif
3a7d929e 2901 }
0e0df1e2
AK		 2902 switch (size) {
2903 case 1:
2904 stb_p(qemu_get_ram_ptr(ram_addr), val);
2905 break;
2906 case 2:
2907 stw_p(qemu_get_ram_ptr(ram_addr), val);
2908 break;
2909 case 4:
2910 stl_p(qemu_get_ram_ptr(ram_addr), val);
2911 break;
2912 default:
2913 abort();
3a7d929e 2914 }
f23db169 2915 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 2916 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 2917 /* we remove the notdirty callback only if the code has been
2918 flushed */
2919 if (dirty_flags == 0xff)
2e70f6ef 2920 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 2921}
2922
0e0df1e2
AK		 2923static const MemoryRegionOps notdirty_mem_ops = {
2924 .read = error_mem_read,
2925 .write = notdirty_mem_write,
2926 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2927};
2928
0f459d16 2929/* Generate a debug exception if a watchpoint has been hit. */
b4051334 2930static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 2931{
9349b4f9 2932 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 2933 target_ulong pc, cs_base;
2934 TranslationBlock *tb;
0f459d16 2935 target_ulong vaddr;
a1d1bb31 2936 CPUWatchpoint *wp;
06d55cc1 2937 int cpu_flags;
0f459d16 2938
06d55cc1
AL		 2939 if (env->watchpoint_hit) {
2940 /* We re-entered the check after replacing the TB. Now raise
2941 * the debug interrupt so that is will trigger after the
2942 * current instruction. */
2943 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
2944 return;
2945 }
2e70f6ef 2946 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 2947 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 2948 if ((vaddr == (wp->vaddr & len_mask) ||
2949 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 2950 wp->flags |= BP_WATCHPOINT_HIT;
2951 if (!env->watchpoint_hit) {
2952 env->watchpoint_hit = wp;
2953 tb = tb_find_pc(env->mem_io_pc);
2954 if (!tb) {
2955 cpu_abort(env, "check_watchpoint: could not find TB for "
2956 "pc=%p", (void *)env->mem_io_pc);
2957 }
618ba8e6 2958 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 2959 tb_phys_invalidate(tb, -1);
2960 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2961 env->exception_index = EXCP_DEBUG;
488d6577 2962 cpu_loop_exit(env);
6e140f28
AL		 2963 } else {
2964 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2965 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 2966 cpu_resume_from_signal(env, NULL);
6e140f28 2967 }
06d55cc1 2968 }
6e140f28
AL		 2969 } else {
2970 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2971 }
2972 }
2973}
2974
6658ffb8
PB		 2975/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2976 so these check for a hit then pass through to the normal out-of-line
2977 phys routines. */
1ec9b909
AK		 2978static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
2979 unsigned size)
6658ffb8 2980{
1ec9b909
AK		 2981 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
2982 switch (size) {
2983 case 1: return ldub_phys(addr);
2984 case 2: return lduw_phys(addr);
2985 case 4: return ldl_phys(addr);
2986 default: abort();
2987 }
6658ffb8
PB		 2988}
2989
1ec9b909
AK		 2990static void watch_mem_write(void *opaque, target_phys_addr_t addr,
2991 uint64_t val, unsigned size)
6658ffb8 2992{
1ec9b909
AK		 2993 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
2994 switch (size) {
67364150
MF		 2995 case 1:
2996 stb_phys(addr, val);
2997 break;
2998 case 2:
2999 stw_phys(addr, val);
3000 break;
3001 case 4:
3002 stl_phys(addr, val);
3003 break;
1ec9b909
AK		 3004 default: abort();
3005 }
6658ffb8
PB		 3006}
3007
1ec9b909
AK		 3008static const MemoryRegionOps watch_mem_ops = {
3009 .read = watch_mem_read,
3010 .write = watch_mem_write,
3011 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3012};
6658ffb8 3013
70c68e44
AK		 3014static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3015 unsigned len)
db7b5426 3016{
70c68e44 3017 subpage_t *mmio = opaque;
f6405247 3018 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3019 MemoryRegionSection *section;
db7b5426
BS		 3020#if defined(DEBUG_SUBPAGE)
3021 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3022 mmio, len, addr, idx);
3023#endif
db7b5426 3024
5312bd8b
AK		 3025 section = &phys_sections[mmio->sub_section[idx]];
3026 addr += mmio->base;
3027 addr -= section->offset_within_address_space;
3028 addr += section->offset_within_region;
37ec01d4 3029 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3030}
3031
70c68e44
AK		 3032static void subpage_write(void *opaque, target_phys_addr_t addr,
3033 uint64_t value, unsigned len)
db7b5426 3034{
70c68e44 3035 subpage_t *mmio = opaque;
f6405247 3036 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3037 MemoryRegionSection *section;
db7b5426 3038#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3039 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3040 " idx %d value %"PRIx64"\n",
f6405247 3041 __func__, mmio, len, addr, idx, value);
db7b5426 3042#endif
f6405247 3043
5312bd8b
AK		 3044 section = &phys_sections[mmio->sub_section[idx]];
3045 addr += mmio->base;
3046 addr -= section->offset_within_address_space;
3047 addr += section->offset_within_region;
37ec01d4 3048 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3049}
3050
70c68e44
AK		 3051static const MemoryRegionOps subpage_ops = {
3052 .read = subpage_read,
3053 .write = subpage_write,
3054 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3055};
3056
de712f94
AK		 3057static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3058 unsigned size)
56384e8b
AF		 3059{
3060 ram_addr_t raddr = addr;
3061 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3062 switch (size) {
3063 case 1: return ldub_p(ptr);
3064 case 2: return lduw_p(ptr);
3065 case 4: return ldl_p(ptr);
3066 default: abort();
3067 }
56384e8b
AF		 3068}
3069
de712f94
AK		 3070static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3071 uint64_t value, unsigned size)
56384e8b
AF		 3072{
3073 ram_addr_t raddr = addr;
3074 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3075 switch (size) {
3076 case 1: return stb_p(ptr, value);
3077 case 2: return stw_p(ptr, value);
3078 case 4: return stl_p(ptr, value);
3079 default: abort();
3080 }
56384e8b
AF		 3081}
3082
de712f94
AK		 3083static const MemoryRegionOps subpage_ram_ops = {
3084 .read = subpage_ram_read,
3085 .write = subpage_ram_write,
3086 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3087};
3088
c227f099 3089static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3090 uint16_t section)
db7b5426
BS		 3091{
3092 int idx, eidx;
3093
3094 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3095 return -1;
3096 idx = SUBPAGE_IDX(start);
3097 eidx = SUBPAGE_IDX(end);
3098#if defined(DEBUG_SUBPAGE)
0bf9e31a 3099 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3100 mmio, start, end, idx, eidx, memory);
3101#endif
5312bd8b
AK		 3102 if (memory_region_is_ram(phys_sections[section].mr)) {
3103 MemoryRegionSection new_section = phys_sections[section];
3104 new_section.mr = &io_mem_subpage_ram;
3105 section = phys_section_add(&new_section);
56384e8b 3106 }
db7b5426 3107 for (; idx <= eidx; idx++) {
5312bd8b 3108 mmio->sub_section[idx] = section;
db7b5426
BS		 3109 }
3110
3111 return 0;
3112}
3113
0f0cb164 3114static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3115{
c227f099 3116 subpage_t *mmio;
db7b5426 3117
7267c094 3118 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3119
3120 mmio->base = base;
70c68e44
AK		 3121 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3122 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3123 mmio->iomem.subpage = true;
db7b5426 3124#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3125 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3126 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3127#endif
0f0cb164 3128 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3129
3130 return mmio;
3131}
3132
5312bd8b
AK		 3133static uint16_t dummy_section(MemoryRegion *mr)
3134{
3135 MemoryRegionSection section = {
3136 .mr = mr,
3137 .offset_within_address_space = 0,
3138 .offset_within_region = 0,
3139 .size = UINT64_MAX,
3140 };
3141
3142 return phys_section_add(&section);
3143}
3144
37ec01d4 3145MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3146{
37ec01d4 3147 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3148}
3149
e9179ce1
AK		 3150static void io_mem_init(void)
3151{
0e0df1e2 3152 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3153 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3154 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3155 "unassigned", UINT64_MAX);
3156 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3157 "notdirty", UINT64_MAX);
de712f94
AK		 3158 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3159 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3160 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3161 "watch", UINT64_MAX);
e9179ce1
AK		 3162}
3163
ac1970fb
AK		 3164static void mem_begin(MemoryListener *listener)
3165{
3166 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3167
3168 destroy_all_mappings(d);
3169 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3170}
3171
50c1e149
AK		 3172static void core_begin(MemoryListener *listener)
3173{
5312bd8b
AK		 3174 phys_sections_clear();
3175 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3176 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3177 phys_section_rom = dummy_section(&io_mem_rom);
3178 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3179}
3180
1d71148e 3181static void tcg_commit(MemoryListener *listener)
50c1e149 3182{
9349b4f9 3183 CPUArchState *env;
117712c3
AK		 3184
3185 /* since each CPU stores ram addresses in its TLB cache, we must
3186 reset the modified entries */
3187 /* XXX: slow ! */
3188 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3189 tlb_flush(env, 1);
3190 }
50c1e149
AK		 3191}
3192
93632747
AK		 3193static void core_log_global_start(MemoryListener *listener)
3194{
3195 cpu_physical_memory_set_dirty_tracking(1);
3196}
3197
3198static void core_log_global_stop(MemoryListener *listener)
3199{
3200 cpu_physical_memory_set_dirty_tracking(0);
3201}
3202
4855d41a
AK		 3203static void io_region_add(MemoryListener *listener,
3204 MemoryRegionSection *section)
3205{
a2d33521
AK		 3206 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3207
3208 mrio->mr = section->mr;
3209 mrio->offset = section->offset_within_region;
3210 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3211 section->offset_within_address_space, section->size);
a2d33521 3212 ioport_register(&mrio->iorange);
4855d41a
AK		 3213}
3214
3215static void io_region_del(MemoryListener *listener,
3216 MemoryRegionSection *section)
3217{
3218 isa_unassign_ioport(section->offset_within_address_space, section->size);
3219}
3220
93632747 3221static MemoryListener core_memory_listener = {
50c1e149 3222 .begin = core_begin,
93632747
AK		 3223 .log_global_start = core_log_global_start,
3224 .log_global_stop = core_log_global_stop,
ac1970fb 3225 .priority = 1,
93632747
AK		 3226};
3227
4855d41a
AK		 3228static MemoryListener io_memory_listener = {
3229 .region_add = io_region_add,
3230 .region_del = io_region_del,
4855d41a
AK		 3231 .priority = 0,
3232};
3233
1d71148e
AK		 3234static MemoryListener tcg_memory_listener = {
3235 .commit = tcg_commit,
3236};
3237
ac1970fb
AK		 3238void address_space_init_dispatch(AddressSpace *as)
3239{
3240 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3241
3242 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3243 d->listener = (MemoryListener) {
3244 .begin = mem_begin,
3245 .region_add = mem_add,
3246 .region_nop = mem_add,
3247 .priority = 0,
3248 };
3249 as->dispatch = d;
3250 memory_listener_register(&d->listener, as);
3251}
3252
83f3c251
AK		 3253void address_space_destroy_dispatch(AddressSpace *as)
3254{
3255 AddressSpaceDispatch *d = as->dispatch;
3256
3257 memory_listener_unregister(&d->listener);
3258 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
3259 g_free(d);
3260 as->dispatch = NULL;
3261}
3262
62152b8a
AK		 3263static void memory_map_init(void)
3264{
7267c094 3265 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3266 memory_region_init(system_memory, "system", INT64_MAX);
2673a5da
AK		 3267 address_space_init(&address_space_memory, system_memory);
3268 address_space_memory.name = "memory";
309cb471 3269
7267c094 3270 system_io = g_malloc(sizeof(*system_io));
309cb471 3271 memory_region_init(system_io, "io", 65536);
2673a5da
AK		 3272 address_space_init(&address_space_io, system_io);
3273 address_space_io.name = "I/O";
93632747 3274
f6790af6
AK		 3275 memory_listener_register(&core_memory_listener, &address_space_memory);
3276 memory_listener_register(&io_memory_listener, &address_space_io);
3277 memory_listener_register(&tcg_memory_listener, &address_space_memory);
62152b8a
AK		 3278}
3279
3280MemoryRegion *get_system_memory(void)
3281{
3282 return system_memory;
3283}
3284
309cb471
AK		 3285MemoryRegion *get_system_io(void)
3286{
3287 return system_io;
3288}
3289
e2eef170
PB		 3290#endif /* !defined(CONFIG_USER_ONLY) */
3291
13eb76e0
FB		 3292/* physical memory access (slow version, mainly for debug) */
3293#if defined(CONFIG_USER_ONLY)
9349b4f9 3294int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3295 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3296{
3297 int l, flags;
3298 target_ulong page;
53a5960a 3299 void * p;
13eb76e0
FB		 3300
3301 while (len > 0) {
3302 page = addr & TARGET_PAGE_MASK;
3303 l = (page + TARGET_PAGE_SIZE) - addr;
3304 if (l > len)
3305 l = len;
3306 flags = page_get_flags(page);
3307 if (!(flags & PAGE_VALID))
a68fe89c 3308 return -1;
13eb76e0
FB		 3309 if (is_write) {
3310 if (!(flags & PAGE_WRITE))
a68fe89c 3311 return -1;
579a97f7 3312 /* XXX: this code should not depend on lock_user */
72fb7daa 3313 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3314 return -1;
72fb7daa
AJ		 3315 memcpy(p, buf, l);
3316 unlock_user(p, addr, l);
13eb76e0
FB		 3317 } else {
3318 if (!(flags & PAGE_READ))
a68fe89c 3319 return -1;
579a97f7 3320 /* XXX: this code should not depend on lock_user */
72fb7daa 3321 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3322 return -1;
72fb7daa 3323 memcpy(buf, p, l);
5b257578 3324 unlock_user(p, addr, 0);
13eb76e0
FB		 3325 }
3326 len -= l;
3327 buf += l;
3328 addr += l;
3329 }
a68fe89c 3330 return 0;
13eb76e0 3331}
8df1cd07 3332
13eb76e0 3333#else
51d7a9eb
AP		 3334
3335static void invalidate_and_set_dirty(target_phys_addr_t addr,
3336 target_phys_addr_t length)
3337{
3338 if (!cpu_physical_memory_is_dirty(addr)) {
3339 /* invalidate code */
3340 tb_invalidate_phys_page_range(addr, addr + length, 0);
3341 /* set dirty bit */
3342 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3343 }
e226939d 3344 xen_modified_memory(addr, length);
51d7a9eb
AP		 3345}
3346
ac1970fb
AK		 3347void address_space_rw(AddressSpace *as, target_phys_addr_t addr, uint8_t *buf,
3348 int len, bool is_write)
13eb76e0 3349{
ac1970fb 3350 AddressSpaceDispatch *d = as->dispatch;
37ec01d4 3351 int l;
13eb76e0
FB		 3352 uint8_t *ptr;
3353 uint32_t val;
c227f099 3354 target_phys_addr_t page;
f3705d53 3355 MemoryRegionSection *section;
3b46e624 3356
13eb76e0
FB		 3357 while (len > 0) {
3358 page = addr & TARGET_PAGE_MASK;
3359 l = (page + TARGET_PAGE_SIZE) - addr;
3360 if (l > len)
3361 l = len;
ac1970fb 3362 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3363
13eb76e0 3364 if (is_write) {
f3705d53 3365 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3366 target_phys_addr_t addr1;
cc5bea60 3367 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3368 /* XXX: could force cpu_single_env to NULL to avoid
3369 potential bugs */
6c2934db 3370 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3371 /* 32 bit write access */
c27004ec 3372 val = ldl_p(buf);
37ec01d4 3373 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3374 l = 4;
6c2934db 3375 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3376 /* 16 bit write access */
c27004ec 3377 val = lduw_p(buf);
37ec01d4 3378 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3379 l = 2;
3380 } else {
1c213d19 3381 /* 8 bit write access */
c27004ec 3382 val = ldub_p(buf);
37ec01d4 3383 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3384 l = 1;
3385 }
f3705d53 3386 } else if (!section->readonly) {
8ca5692d 3387 ram_addr_t addr1;
f3705d53 3388 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3389 + memory_region_section_addr(section, addr);
13eb76e0 3390 /* RAM case */
5579c7f3 3391 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3392 memcpy(ptr, buf, l);
51d7a9eb 3393 invalidate_and_set_dirty(addr1, l);
050a0ddf 3394 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3395 }
3396 } else {
cc5bea60
BS		 3397 if (!(memory_region_is_ram(section->mr) ||
3398 memory_region_is_romd(section->mr))) {
f1f6e3b8 3399 target_phys_addr_t addr1;
13eb76e0 3400 /* I/O case */
cc5bea60 3401 addr1 = memory_region_section_addr(section, addr);
6c2934db 3402 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3403 /* 32 bit read access */
37ec01d4 3404 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3405 stl_p(buf, val);
13eb76e0 3406 l = 4;
6c2934db 3407 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3408 /* 16 bit read access */
37ec01d4 3409 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3410 stw_p(buf, val);
13eb76e0
FB		 3411 l = 2;
3412 } else {
1c213d19 3413 /* 8 bit read access */
37ec01d4 3414 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3415 stb_p(buf, val);
13eb76e0
FB		 3416 l = 1;
3417 }
3418 } else {
3419 /* RAM case */
0a1b357f 3420 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3421 + memory_region_section_addr(section,
3422 addr));
f3705d53 3423 memcpy(buf, ptr, l);
050a0ddf 3424 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3425 }
3426 }
3427 len -= l;
3428 buf += l;
3429 addr += l;
3430 }
3431}
8df1cd07 3432
ac1970fb
AK		 3433void address_space_write(AddressSpace *as, target_phys_addr_t addr,
3434 const uint8_t *buf, int len)
3435{
3436 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3437}
3438
3439/**
3440 * address_space_read: read from an address space.
3441 *
3442 * @as: #AddressSpace to be accessed
3443 * @addr: address within that address space
3444 * @buf: buffer with the data transferred
3445 */
3446void address_space_read(AddressSpace *as, target_phys_addr_t addr, uint8_t *buf, int len)
3447{
3448 address_space_rw(as, addr, buf, len, false);
3449}
3450
3451
3452void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3453 int len, int is_write)
3454{
3455 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3456}
3457
d0ecd2aa 3458/* used for ROM loading : can write in RAM and ROM */
c227f099 3459void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3460 const uint8_t *buf, int len)
3461{
ac1970fb 3462 AddressSpaceDispatch *d = address_space_memory.dispatch;
d0ecd2aa
FB		 3463 int l;
3464 uint8_t *ptr;
c227f099 3465 target_phys_addr_t page;
f3705d53 3466 MemoryRegionSection *section;
3b46e624 3467
d0ecd2aa
FB		 3468 while (len > 0) {
3469 page = addr & TARGET_PAGE_MASK;
3470 l = (page + TARGET_PAGE_SIZE) - addr;
3471 if (l > len)
3472 l = len;
ac1970fb 3473 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3b46e624 3474
cc5bea60
BS		 3475 if (!(memory_region_is_ram(section->mr) ||
3476 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3477 /* do nothing */
3478 } else {
3479 unsigned long addr1;
f3705d53 3480 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3481 + memory_region_section_addr(section, addr);
d0ecd2aa 3482 /* ROM/RAM case */
5579c7f3 3483 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3484 memcpy(ptr, buf, l);
51d7a9eb 3485 invalidate_and_set_dirty(addr1, l);
050a0ddf 3486 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3487 }
3488 len -= l;
3489 buf += l;
3490 addr += l;
3491 }
3492}
3493
6d16c2f8
AL		 3494typedef struct {
3495 void *buffer;
c227f099
AL		 3496 target_phys_addr_t addr;
3497 target_phys_addr_t len;
6d16c2f8
AL		 3498} BounceBuffer;
3499
3500static BounceBuffer bounce;
3501
ba223c29
AL		 3502typedef struct MapClient {
3503 void *opaque;
3504 void (*callback)(void *opaque);
72cf2d4f 3505 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3506} MapClient;
3507
72cf2d4f
BS		 3508static QLIST_HEAD(map_client_list, MapClient) map_client_list
3509 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3510
3511void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3512{
7267c094 3513 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3514
3515 client->opaque = opaque;
3516 client->callback = callback;
72cf2d4f 3517 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3518 return client;
3519}
3520
3521void cpu_unregister_map_client(void *_client)
3522{
3523 MapClient *client = (MapClient *)_client;
3524
72cf2d4f 3525 QLIST_REMOVE(client, link);
7267c094 3526 g_free(client);
ba223c29
AL		 3527}
3528
3529static void cpu_notify_map_clients(void)
3530{
3531 MapClient *client;
3532
72cf2d4f
BS		 3533 while (!QLIST_EMPTY(&map_client_list)) {
3534 client = QLIST_FIRST(&map_client_list);
ba223c29 3535 client->callback(client->opaque);
34d5e948 3536 cpu_unregister_map_client(client);
ba223c29
AL		 3537 }
3538}
3539
6d16c2f8
AL		 3540/* Map a physical memory region into a host virtual address.
3541 * May map a subset of the requested range, given by and returned in *plen.
3542 * May return NULL if resources needed to perform the mapping are exhausted.
3543 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3544 * Use cpu_register_map_client() to know when retrying the map operation is
3545 * likely to succeed.
6d16c2f8 3546 */
ac1970fb
AK		 3547void *address_space_map(AddressSpace *as,
3548 target_phys_addr_t addr,
3549 target_phys_addr_t *plen,
3550 bool is_write)
6d16c2f8 3551{
ac1970fb 3552 AddressSpaceDispatch *d = as->dispatch;
c227f099 3553 target_phys_addr_t len = *plen;
38bee5dc 3554 target_phys_addr_t todo = 0;
6d16c2f8 3555 int l;
c227f099 3556 target_phys_addr_t page;
f3705d53 3557 MemoryRegionSection *section;
f15fbc4b 3558 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3559 ram_addr_t rlen;
3560 void *ret;
6d16c2f8
AL		 3561
3562 while (len > 0) {
3563 page = addr & TARGET_PAGE_MASK;
3564 l = (page + TARGET_PAGE_SIZE) - addr;
3565 if (l > len)
3566 l = len;
ac1970fb 3567 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
6d16c2f8 3568
f3705d53 3569 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3570 if (todo || bounce.buffer) {
6d16c2f8
AL		 3571 break;
3572 }
3573 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3574 bounce.addr = addr;
3575 bounce.len = l;
3576 if (!is_write) {
ac1970fb 3577 address_space_read(as, addr, bounce.buffer, l);
6d16c2f8 3578 }
38bee5dc
SS		 3579
3580 *plen = l;
3581 return bounce.buffer;
6d16c2f8 3582 }
8ab934f9 3583 if (!todo) {
f3705d53 3584 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3585 + memory_region_section_addr(section, addr);
8ab934f9 3586 }
6d16c2f8
AL		 3587
3588 len -= l;
3589 addr += l;
38bee5dc 3590 todo += l;
6d16c2f8 3591 }
8ab934f9
SS		 3592 rlen = todo;
3593 ret = qemu_ram_ptr_length(raddr, &rlen);
3594 *plen = rlen;
3595 return ret;
6d16c2f8
AL		 3596}
3597
ac1970fb 3598/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 3599 * Will also mark the memory as dirty if is_write == 1. access_len gives
3600 * the amount of memory that was actually read or written by the caller.
3601 */
ac1970fb
AK		 3602void address_space_unmap(AddressSpace *as, void *buffer, target_phys_addr_t len,
3603 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3604{
3605 if (buffer != bounce.buffer) {
3606 if (is_write) {
e890261f 3607 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3608 while (access_len) {
3609 unsigned l;
3610 l = TARGET_PAGE_SIZE;
3611 if (l > access_len)
3612 l = access_len;
51d7a9eb 3613 invalidate_and_set_dirty(addr1, l);
6d16c2f8
AL		 3614 addr1 += l;
3615 access_len -= l;
3616 }
3617 }
868bb33f 3618 if (xen_enabled()) {
e41d7c69 3619 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3620 }
6d16c2f8
AL		 3621 return;
3622 }
3623 if (is_write) {
ac1970fb 3624 address_space_write(as, bounce.addr, bounce.buffer, access_len);
6d16c2f8 3625 }
f8a83245 3626 qemu_vfree(bounce.buffer);
6d16c2f8 3627 bounce.buffer = NULL;
ba223c29 3628 cpu_notify_map_clients();
6d16c2f8 3629}
d0ecd2aa 3630
ac1970fb
AK		 3631void *cpu_physical_memory_map(target_phys_addr_t addr,
3632 target_phys_addr_t *plen,
3633 int is_write)
3634{
3635 return address_space_map(&address_space_memory, addr, plen, is_write);
3636}
3637
3638void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3639 int is_write, target_phys_addr_t access_len)
3640{
3641 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3642}
3643
8df1cd07 3644/* warning: addr must be aligned */
1e78bcc1
AG		 3645static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3646 enum device_endian endian)
8df1cd07 3647{
8df1cd07
FB		 3648 uint8_t *ptr;
3649 uint32_t val;
f3705d53 3650 MemoryRegionSection *section;
8df1cd07 3651
ac1970fb 3652 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3653
cc5bea60
BS		 3654 if (!(memory_region_is_ram(section->mr) ||
3655 memory_region_is_romd(section->mr))) {
8df1cd07 3656 /* I/O case */
cc5bea60 3657 addr = memory_region_section_addr(section, addr);
37ec01d4 3658 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3659#if defined(TARGET_WORDS_BIGENDIAN)
3660 if (endian == DEVICE_LITTLE_ENDIAN) {
3661 val = bswap32(val);
3662 }
3663#else
3664 if (endian == DEVICE_BIG_ENDIAN) {
3665 val = bswap32(val);
3666 }
3667#endif
8df1cd07
FB		 3668 } else {
3669 /* RAM case */
f3705d53 3670 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3671 & TARGET_PAGE_MASK)
cc5bea60 3672 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3673 switch (endian) {
3674 case DEVICE_LITTLE_ENDIAN:
3675 val = ldl_le_p(ptr);
3676 break;
3677 case DEVICE_BIG_ENDIAN:
3678 val = ldl_be_p(ptr);
3679 break;
3680 default:
3681 val = ldl_p(ptr);
3682 break;
3683 }
8df1cd07
FB		 3684 }
3685 return val;
3686}
3687
1e78bcc1
AG		 3688uint32_t ldl_phys(target_phys_addr_t addr)
3689{
3690 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3691}
3692
3693uint32_t ldl_le_phys(target_phys_addr_t addr)
3694{
3695 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3696}
3697
3698uint32_t ldl_be_phys(target_phys_addr_t addr)
3699{
3700 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3701}
3702
84b7b8e7 3703/* warning: addr must be aligned */
1e78bcc1
AG		 3704static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3705 enum device_endian endian)
84b7b8e7 3706{
84b7b8e7
FB		 3707 uint8_t *ptr;
3708 uint64_t val;
f3705d53 3709 MemoryRegionSection *section;
84b7b8e7 3710
ac1970fb 3711 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3712
cc5bea60
BS		 3713 if (!(memory_region_is_ram(section->mr) ||
3714 memory_region_is_romd(section->mr))) {
84b7b8e7 3715 /* I/O case */
cc5bea60 3716 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3717
3718 /* XXX This is broken when device endian != cpu endian.
3719 Fix and add "endian" variable check */
84b7b8e7 3720#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3721 val = io_mem_read(section->mr, addr, 4) << 32;
3722 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3723#else
37ec01d4
AK		 3724 val = io_mem_read(section->mr, addr, 4);
3725 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3726#endif
3727 } else {
3728 /* RAM case */
f3705d53 3729 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3730 & TARGET_PAGE_MASK)
cc5bea60 3731 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3732 switch (endian) {
3733 case DEVICE_LITTLE_ENDIAN:
3734 val = ldq_le_p(ptr);
3735 break;
3736 case DEVICE_BIG_ENDIAN:
3737 val = ldq_be_p(ptr);
3738 break;
3739 default:
3740 val = ldq_p(ptr);
3741 break;
3742 }
84b7b8e7
FB		 3743 }
3744 return val;
3745}
3746
1e78bcc1
AG		 3747uint64_t ldq_phys(target_phys_addr_t addr)
3748{
3749 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3750}
3751
3752uint64_t ldq_le_phys(target_phys_addr_t addr)
3753{
3754 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3755}
3756
3757uint64_t ldq_be_phys(target_phys_addr_t addr)
3758{
3759 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3760}
3761
aab33094 3762/* XXX: optimize */
c227f099 3763uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3764{
3765 uint8_t val;
3766 cpu_physical_memory_read(addr, &val, 1);
3767 return val;
3768}
3769
733f0b02 3770/* warning: addr must be aligned */
1e78bcc1
AG		 3771static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3772 enum device_endian endian)
aab33094 3773{
733f0b02
MT		 3774 uint8_t *ptr;
3775 uint64_t val;
f3705d53 3776 MemoryRegionSection *section;
733f0b02 3777
ac1970fb 3778 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3779
cc5bea60
BS		 3780 if (!(memory_region_is_ram(section->mr) ||
3781 memory_region_is_romd(section->mr))) {
733f0b02 3782 /* I/O case */
cc5bea60 3783 addr = memory_region_section_addr(section, addr);
37ec01d4 3784 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3785#if defined(TARGET_WORDS_BIGENDIAN)
3786 if (endian == DEVICE_LITTLE_ENDIAN) {
3787 val = bswap16(val);
3788 }
3789#else
3790 if (endian == DEVICE_BIG_ENDIAN) {
3791 val = bswap16(val);
3792 }
3793#endif
733f0b02
MT		 3794 } else {
3795 /* RAM case */
f3705d53 3796 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3797 & TARGET_PAGE_MASK)
cc5bea60 3798 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3799 switch (endian) {
3800 case DEVICE_LITTLE_ENDIAN:
3801 val = lduw_le_p(ptr);
3802 break;
3803 case DEVICE_BIG_ENDIAN:
3804 val = lduw_be_p(ptr);
3805 break;
3806 default:
3807 val = lduw_p(ptr);
3808 break;
3809 }
733f0b02
MT		 3810 }
3811 return val;
aab33094
FB		 3812}
3813
1e78bcc1
AG		 3814uint32_t lduw_phys(target_phys_addr_t addr)
3815{
3816 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3817}
3818
3819uint32_t lduw_le_phys(target_phys_addr_t addr)
3820{
3821 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3822}
3823
3824uint32_t lduw_be_phys(target_phys_addr_t addr)
3825{
3826 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3827}
3828
8df1cd07
FB		 3829/* warning: addr must be aligned. The ram page is not masked as dirty
3830 and the code inside is not invalidated. It is useful if the dirty
3831 bits are used to track modified PTEs */
c227f099 3832void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3833{
8df1cd07 3834 uint8_t *ptr;
f3705d53 3835 MemoryRegionSection *section;
8df1cd07 3836
ac1970fb 3837 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3838
f3705d53 3839 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3840 addr = memory_region_section_addr(section, addr);
f3705d53 3841 if (memory_region_is_ram(section->mr)) {
37ec01d4 3842 section = &phys_sections[phys_section_rom];
06ef3525 3843 }
37ec01d4 3844 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3845 } else {
f3705d53 3846 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3847 & TARGET_PAGE_MASK)
cc5bea60 3848 + memory_region_section_addr(section, addr);
5579c7f3 3849 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3850 stl_p(ptr, val);
74576198
AL		 3851
3852 if (unlikely(in_migration)) {
3853 if (!cpu_physical_memory_is_dirty(addr1)) {
3854 /* invalidate code */
3855 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3856 /* set dirty bit */
f7c11b53
YT		 3857 cpu_physical_memory_set_dirty_flags(
3858 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3859 }
3860 }
8df1cd07
FB		 3861 }
3862}
3863
c227f099 3864void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 3865{
bc98a7ef 3866 uint8_t *ptr;
f3705d53 3867 MemoryRegionSection *section;
bc98a7ef 3868
ac1970fb 3869 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3870
f3705d53 3871 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3872 addr = memory_region_section_addr(section, addr);
f3705d53 3873 if (memory_region_is_ram(section->mr)) {
37ec01d4 3874 section = &phys_sections[phys_section_rom];
06ef3525 3875 }
bc98a7ef 3876#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3877 io_mem_write(section->mr, addr, val >> 32, 4);
3878 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 3879#else
37ec01d4
AK		 3880 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3881 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 3882#endif
3883 } else {
f3705d53 3884 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3885 & TARGET_PAGE_MASK)
cc5bea60 3886 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 3887 stq_p(ptr, val);
3888 }
3889}
3890
8df1cd07 3891/* warning: addr must be aligned */
1e78bcc1
AG		 3892static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
3893 enum device_endian endian)
8df1cd07 3894{
8df1cd07 3895 uint8_t *ptr;
f3705d53 3896 MemoryRegionSection *section;
8df1cd07 3897
ac1970fb 3898 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3b46e624 3899
f3705d53 3900 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3901 addr = memory_region_section_addr(section, addr);
f3705d53 3902 if (memory_region_is_ram(section->mr)) {
37ec01d4 3903 section = &phys_sections[phys_section_rom];
06ef3525 3904 }
1e78bcc1
AG		 3905#if defined(TARGET_WORDS_BIGENDIAN)
3906 if (endian == DEVICE_LITTLE_ENDIAN) {
3907 val = bswap32(val);
3908 }
3909#else
3910 if (endian == DEVICE_BIG_ENDIAN) {
3911 val = bswap32(val);
3912 }
3913#endif
37ec01d4 3914 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 3915 } else {
3916 unsigned long addr1;
f3705d53 3917 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3918 + memory_region_section_addr(section, addr);
8df1cd07 3919 /* RAM case */
5579c7f3 3920 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3921 switch (endian) {
3922 case DEVICE_LITTLE_ENDIAN:
3923 stl_le_p(ptr, val);
3924 break;
3925 case DEVICE_BIG_ENDIAN:
3926 stl_be_p(ptr, val);
3927 break;
3928 default:
3929 stl_p(ptr, val);
3930 break;
3931 }
51d7a9eb 3932 invalidate_and_set_dirty(addr1, 4);
8df1cd07
FB		 3933 }
3934}
3935
1e78bcc1
AG		 3936void stl_phys(target_phys_addr_t addr, uint32_t val)
3937{
3938 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
3939}
3940
3941void stl_le_phys(target_phys_addr_t addr, uint32_t val)
3942{
3943 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
3944}
3945
3946void stl_be_phys(target_phys_addr_t addr, uint32_t val)
3947{
3948 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
3949}
3950
aab33094 3951/* XXX: optimize */
c227f099 3952void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 3953{
3954 uint8_t v = val;
3955 cpu_physical_memory_write(addr, &v, 1);
3956}
3957
733f0b02 3958/* warning: addr must be aligned */
1e78bcc1
AG		 3959static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
3960 enum device_endian endian)
aab33094 3961{
733f0b02 3962 uint8_t *ptr;
f3705d53 3963 MemoryRegionSection *section;
733f0b02 3964
ac1970fb 3965 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
733f0b02 3966
f3705d53 3967 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3968 addr = memory_region_section_addr(section, addr);
f3705d53 3969 if (memory_region_is_ram(section->mr)) {
37ec01d4 3970 section = &phys_sections[phys_section_rom];
06ef3525 3971 }
1e78bcc1
AG		 3972#if defined(TARGET_WORDS_BIGENDIAN)
3973 if (endian == DEVICE_LITTLE_ENDIAN) {
3974 val = bswap16(val);
3975 }
3976#else
3977 if (endian == DEVICE_BIG_ENDIAN) {
3978 val = bswap16(val);
3979 }
3980#endif
37ec01d4 3981 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 3982 } else {
3983 unsigned long addr1;
f3705d53 3984 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 3985 + memory_region_section_addr(section, addr);
733f0b02
MT		 3986 /* RAM case */
3987 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 3988 switch (endian) {
3989 case DEVICE_LITTLE_ENDIAN:
3990 stw_le_p(ptr, val);
3991 break;
3992 case DEVICE_BIG_ENDIAN:
3993 stw_be_p(ptr, val);
3994 break;
3995 default:
3996 stw_p(ptr, val);
3997 break;
3998 }
51d7a9eb 3999 invalidate_and_set_dirty(addr1, 2);
733f0b02 4000 }
aab33094
FB		 4001}
4002
1e78bcc1
AG		 4003void stw_phys(target_phys_addr_t addr, uint32_t val)
4004{
4005 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4006}
4007
4008void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4009{
4010 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4011}
4012
4013void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4014{
4015 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4016}
4017
aab33094 4018/* XXX: optimize */
c227f099 4019void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4020{
4021 val = tswap64(val);
71d2b725 4022 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4023}
4024
1e78bcc1
AG		 4025void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4026{
4027 val = cpu_to_le64(val);
4028 cpu_physical_memory_write(addr, &val, 8);
4029}
4030
4031void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4032{
4033 val = cpu_to_be64(val);
4034 cpu_physical_memory_write(addr, &val, 8);
4035}
4036
5e2972fd 4037/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4038int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4039 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4040{
4041 int l;
c227f099 4042 target_phys_addr_t phys_addr;
9b3c35e0 4043 target_ulong page;
13eb76e0
FB		 4044
4045 while (len > 0) {
4046 page = addr & TARGET_PAGE_MASK;
4047 phys_addr = cpu_get_phys_page_debug(env, page);
4048 /* if no physical page mapped, return an error */
4049 if (phys_addr == -1)
4050 return -1;
4051 l = (page + TARGET_PAGE_SIZE) - addr;
4052 if (l > len)
4053 l = len;
5e2972fd 4054 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4055 if (is_write)
4056 cpu_physical_memory_write_rom(phys_addr, buf, l);
4057 else
5e2972fd 4058 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4059 len -= l;
4060 buf += l;
4061 addr += l;
4062 }
4063 return 0;
4064}
a68fe89c 4065#endif
13eb76e0 4066
2e70f6ef
PB		 4067/* in deterministic execution mode, instructions doing device I/Os
4068 must be at the end of the TB */
20503968 4069void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4070{
4071 TranslationBlock *tb;
4072 uint32_t n, cflags;
4073 target_ulong pc, cs_base;
4074 uint64_t flags;
4075
20503968 4076 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4077 if (!tb) {
4078 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4079 (void *)retaddr);
2e70f6ef
PB		 4080 }
4081 n = env->icount_decr.u16.low + tb->icount;
20503968 4082 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4083 /* Calculate how many instructions had been executed before the fault
bf20dc07 4084 occurred. */
2e70f6ef
PB		 4085 n = n - env->icount_decr.u16.low;
4086 /* Generate a new TB ending on the I/O insn. */
4087 n++;
4088 /* On MIPS and SH, delay slot instructions can only be restarted if
4089 they were already the first instruction in the TB. If this is not
bf20dc07 4090 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4091 branch. */
4092#if defined(TARGET_MIPS)
4093 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4094 env->active_tc.PC -= 4;
4095 env->icount_decr.u16.low++;
4096 env->hflags &= ~MIPS_HFLAG_BMASK;
4097 }
4098#elif defined(TARGET_SH4)
4099 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4100 && n > 1) {
4101 env->pc -= 2;
4102 env->icount_decr.u16.low++;
4103 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4104 }
4105#endif
4106 /* This should never happen. */
4107 if (n > CF_COUNT_MASK)
4108 cpu_abort(env, "TB too big during recompile");
4109
4110 cflags = n | CF_LAST_IO;
4111 pc = tb->pc;
4112 cs_base = tb->cs_base;
4113 flags = tb->flags;
4114 tb_phys_invalidate(tb, -1);
4115 /* FIXME: In theory this could raise an exception. In practice
4116 we have already translated the block once so it's probably ok. */
4117 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4118 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4119 the first in the TB) then we end up generating a whole new TB and
4120 repeating the fault, which is horribly inefficient.
4121 Better would be to execute just this insn uncached, or generate a
4122 second new TB. */
4123 cpu_resume_from_signal(env, NULL);
4124}
4125
b3755a91
PB		 4126#if !defined(CONFIG_USER_ONLY)
4127
055403b2 4128void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4129{
4130 int i, target_code_size, max_target_code_size;
4131 int direct_jmp_count, direct_jmp2_count, cross_page;
4132 TranslationBlock *tb;
3b46e624 4133
e3db7226
FB		 4134 target_code_size = 0;
4135 max_target_code_size = 0;
4136 cross_page = 0;
4137 direct_jmp_count = 0;
4138 direct_jmp2_count = 0;
4139 for(i = 0; i < nb_tbs; i++) {
4140 tb = &tbs[i];
4141 target_code_size += tb->size;
4142 if (tb->size > max_target_code_size)
4143 max_target_code_size = tb->size;
4144 if (tb->page_addr[1] != -1)
4145 cross_page++;
4146 if (tb->tb_next_offset[0] != 0xffff) {
4147 direct_jmp_count++;
4148 if (tb->tb_next_offset[1] != 0xffff) {
4149 direct_jmp2_count++;
4150 }
4151 }
4152 }
4153 /* XXX: avoid using doubles ? */
57fec1fe 4154 cpu_fprintf(f, "Translation buffer state:\n");
f1bc0bcc 4155 cpu_fprintf(f, "gen code size %td/%zd\n",
26a5f13b
FB		 4156 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4157 cpu_fprintf(f, "TB count %d/%d\n",
4158 nb_tbs, code_gen_max_blocks);
5fafdf24 4159 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4160 nb_tbs ? target_code_size / nb_tbs : 0,
4161 max_target_code_size);
055403b2 4162 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4163 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4164 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4165 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4166 cross_page,
e3db7226
FB		 4167 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4168 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4169 direct_jmp_count,
e3db7226
FB		 4170 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4171 direct_jmp2_count,
4172 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4173 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4174 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4175 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4176 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4177 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4178}
4179
82afa586
BH		 4180/*
4181 * A helper function for the _utterly broken_ virtio device model to find out if
4182 * it's running on a big endian machine. Don't do this at home kids!
4183 */
4184bool virtio_is_big_endian(void);
4185bool virtio_is_big_endian(void)
4186{
4187#if defined(TARGET_WORDS_BIGENDIAN)
4188 return true;
4189#else
4190 return false;
4191#endif
4192}
4193
61382a50 4194#endif
76f35538
WC		 4195
4196#ifndef CONFIG_USER_ONLY
4197bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4198{
4199 MemoryRegionSection *section;
4200
ac1970fb
AK		 4201 section = phys_page_find(address_space_memory.dispatch,
4202 phys_addr >> TARGET_PAGE_BITS);
76f35538
WC		 4203
4204 return !(memory_region_is_ram(section->mr) ||
4205 memory_region_is_romd(section->mr));
4206}
4207#endif
QEMU mirror