]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
qdev: Remove qdev_prop_set_defaults
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
0cac1b66
BS		 60#include "cputlb.h"
61
67d95c15
AK		 62#define WANT_EXEC_OBSOLETE
63#include "exec-obsolete.h"
64
fd6ce8f6 65//#define DEBUG_TB_INVALIDATE
66e85a21 66//#define DEBUG_FLUSH
67d3b957 67//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 68
69/* make various TB consistency checks */
5fafdf24 70//#define DEBUG_TB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
6840981d 96#elif defined(_WIN32) && !defined(_WIN64)
f8e2af11
SW		 97#define code_gen_section \
98 __attribute__((aligned (16)))
d03d860b
BS		 99#else
100#define code_gen_section \
101 __attribute__((aligned (32)))
102#endif
103
104uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 105static uint8_t *code_gen_buffer;
106static unsigned long code_gen_buffer_size;
26a5f13b 107/* threshold to flush the translated code buffer */
bdaf78e0 108static unsigned long code_gen_buffer_max_size;
24ab68ac 109static uint8_t *code_gen_ptr;
fd6ce8f6 110
e2eef170 111#if !defined(CONFIG_USER_ONLY)
9fa3e853 112int phys_ram_fd;
74576198 113static int in_migration;
94a6b54f 114
85d59fef 115RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 116
117static MemoryRegion *system_memory;
309cb471 118static MemoryRegion *system_io;
62152b8a 119
0e0df1e2 120MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 121static MemoryRegion io_mem_subpage_ram;
0e0df1e2 122
e2eef170 123#endif
9fa3e853 124
9349b4f9 125CPUArchState *first_cpu;
6a00d601
FB		 126/* current CPU in the current thread. It is only valid inside
127 cpu_exec() */
9349b4f9 128DEFINE_TLS(CPUArchState *,cpu_single_env);
2e70f6ef 129/* 0 = Do not count executed instructions.
bf20dc07 130 1 = Precise instruction counting.
2e70f6ef
PB		 131 2 = Adaptive rate instruction counting. */
132int use_icount = 0;
6a00d601 133
54936004 134typedef struct PageDesc {
92e873b9 135 /* list of TBs intersecting this ram page */
fd6ce8f6 136 TranslationBlock *first_tb;
9fa3e853
FB		 137 /* in order to optimize self modifying code, we count the number
138 of lookups we do to a given page to use a bitmap */
139 unsigned int code_write_count;
140 uint8_t *code_bitmap;
141#if defined(CONFIG_USER_ONLY)
142 unsigned long flags;
143#endif
54936004
FB		 144} PageDesc;
145
41c1b1c9 146/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 147 while in user mode we want it to be based on virtual addresses. */
148#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 149#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
150# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
151#else
5cd2c5b6 152# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 153#endif
bedb69ea 154#else
5cd2c5b6 155# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 156#endif
54936004 157
5cd2c5b6
RH		 158/* Size of the L2 (and L3, etc) page tables. */
159#define L2_BITS 10
54936004
FB		 160#define L2_SIZE (1 << L2_BITS)
161
3eef53df
AK		 162#define P_L2_LEVELS \
163 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
164
5cd2c5b6 165/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 166#define V_L1_BITS_REM \
167 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
168
5cd2c5b6
RH		 169#if V_L1_BITS_REM < 4
170#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
171#else
172#define V_L1_BITS V_L1_BITS_REM
173#endif
174
5cd2c5b6
RH		 175#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
176
5cd2c5b6
RH		 177#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
178
c6d50674
SW		 179uintptr_t qemu_real_host_page_size;
180uintptr_t qemu_host_page_size;
181uintptr_t qemu_host_page_mask;
54936004 182
5cd2c5b6
RH		 183/* This is a multi-level map on the virtual address space.
184 The bottom level has pointers to PageDesc. */
185static void *l1_map[V_L1_SIZE];
54936004 186
e2eef170 187#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 188typedef struct PhysPageEntry PhysPageEntry;
189
5312bd8b
AK		 190static MemoryRegionSection *phys_sections;
191static unsigned phys_sections_nb, phys_sections_nb_alloc;
192static uint16_t phys_section_unassigned;
aa102231
AK		 193static uint16_t phys_section_notdirty;
194static uint16_t phys_section_rom;
195static uint16_t phys_section_watch;
5312bd8b 196
4346ae3e 197struct PhysPageEntry {
07f07b31
AK		 198 uint16_t is_leaf : 1;
199 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
200 uint16_t ptr : 15;
4346ae3e
AK		 201};
202
d6f2ea22
AK		 203/* Simple allocator for PhysPageEntry nodes */
204static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
205static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
206
07f07b31 207#define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
d6f2ea22 208
5cd2c5b6 209/* This is a multi-level map on the physical address space.
06ef3525 210 The bottom level has pointers to MemoryRegionSections. */
07f07b31 211static PhysPageEntry phys_map = { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
6d9a1304 212
e2eef170 213static void io_mem_init(void);
62152b8a 214static void memory_map_init(void);
e2eef170 215
1ec9b909 216static MemoryRegion io_mem_watch;
6658ffb8 217#endif
33417e70 218
34865134 219/* log support */
1e8b27ca
JR		 220#ifdef WIN32
221static const char *logfilename = "qemu.log";
222#else
d9b630fd 223static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 224#endif
34865134
FB		 225FILE *logfile;
226int loglevel;
e735b91c 227static int log_append = 0;
34865134 228
e3db7226 229/* statistics */
e3db7226
FB		 230static int tb_flush_count;
231static int tb_phys_invalidate_count;
232
7cb69cae
FB		 233#ifdef _WIN32
234static void map_exec(void *addr, long size)
235{
236 DWORD old_protect;
237 VirtualProtect(addr, size,
238 PAGE_EXECUTE_READWRITE, &old_protect);
239
240}
241#else
242static void map_exec(void *addr, long size)
243{
4369415f 244 unsigned long start, end, page_size;
7cb69cae 245
4369415f 246 page_size = getpagesize();
7cb69cae 247 start = (unsigned long)addr;
4369415f 248 start &= ~(page_size - 1);
7cb69cae
FB		 249
250 end = (unsigned long)addr + size;
4369415f
FB		 251 end += page_size - 1;
252 end &= ~(page_size - 1);
7cb69cae
FB		 253
254 mprotect((void *)start, end - start,
255 PROT_READ | PROT_WRITE | PROT_EXEC);
256}
257#endif
258
b346ff46 259static void page_init(void)
54936004 260{
83fb7adf 261 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 262 TARGET_PAGE_SIZE */
c2b48b69
AL		 263#ifdef _WIN32
264 {
265 SYSTEM_INFO system_info;
266
267 GetSystemInfo(&system_info);
268 qemu_real_host_page_size = system_info.dwPageSize;
269 }
270#else
271 qemu_real_host_page_size = getpagesize();
272#endif
83fb7adf
FB		 273 if (qemu_host_page_size == 0)
274 qemu_host_page_size = qemu_real_host_page_size;
275 if (qemu_host_page_size < TARGET_PAGE_SIZE)
276 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 277 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 278
2e9a5713 279#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 280 {
f01576f1
JL		 281#ifdef HAVE_KINFO_GETVMMAP
282 struct kinfo_vmentry *freep;
283 int i, cnt;
284
285 freep = kinfo_getvmmap(getpid(), &cnt);
286 if (freep) {
287 mmap_lock();
288 for (i = 0; i < cnt; i++) {
289 unsigned long startaddr, endaddr;
290
291 startaddr = freep[i].kve_start;
292 endaddr = freep[i].kve_end;
293 if (h2g_valid(startaddr)) {
294 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
295
296 if (h2g_valid(endaddr)) {
297 endaddr = h2g(endaddr);
fd436907 298 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 299 } else {
300#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
301 endaddr = ~0ul;
fd436907 302 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 303#endif
304 }
305 }
306 }
307 free(freep);
308 mmap_unlock();
309 }
310#else
50a9569b 311 FILE *f;
50a9569b 312
0776590d 313 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 314
fd436907 315 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 316 if (f) {
5cd2c5b6
RH		 317 mmap_lock();
318
50a9569b 319 do {
5cd2c5b6
RH		 320 unsigned long startaddr, endaddr;
321 int n;
322
323 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
324
325 if (n == 2 && h2g_valid(startaddr)) {
326 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
327
328 if (h2g_valid(endaddr)) {
329 endaddr = h2g(endaddr);
330 } else {
331 endaddr = ~0ul;
332 }
333 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 334 }
335 } while (!feof(f));
5cd2c5b6 336
50a9569b 337 fclose(f);
5cd2c5b6 338 mmap_unlock();
50a9569b 339 }
f01576f1 340#endif
50a9569b
AZ		 341 }
342#endif
54936004
FB		 343}
344
41c1b1c9 345static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 346{
41c1b1c9
PB		 347 PageDesc *pd;
348 void **lp;
349 int i;
350
5cd2c5b6 351#if defined(CONFIG_USER_ONLY)
7267c094 352 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 353# define ALLOC(P, SIZE) \
354 do { \
355 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
356 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 357 } while (0)
358#else
359# define ALLOC(P, SIZE) \
7267c094 360 do { P = g_malloc0(SIZE); } while (0)
17e2377a 361#endif
434929bf 362
5cd2c5b6
RH		 363 /* Level 1. Always allocated. */
364 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
365
366 /* Level 2..N-1. */
367 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
368 void **p = *lp;
369
370 if (p == NULL) {
371 if (!alloc) {
372 return NULL;
373 }
374 ALLOC(p, sizeof(void *) * L2_SIZE);
375 *lp = p;
17e2377a 376 }
5cd2c5b6
RH		 377
378 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
379 }
380
381 pd = *lp;
382 if (pd == NULL) {
383 if (!alloc) {
384 return NULL;
385 }
386 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
387 *lp = pd;
54936004 388 }
5cd2c5b6
RH		 389
390#undef ALLOC
5cd2c5b6
RH		 391
392 return pd + (index & (L2_SIZE - 1));
54936004
FB		 393}
394
41c1b1c9 395static inline PageDesc *page_find(tb_page_addr_t index)
54936004 396{
5cd2c5b6 397 return page_find_alloc(index, 0);
fd6ce8f6
FB		 398}
399
6d9a1304 400#if !defined(CONFIG_USER_ONLY)
d6f2ea22 401
f7bf5461 402static void phys_map_node_reserve(unsigned nodes)
d6f2ea22 403{
f7bf5461 404 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
d6f2ea22
AK		 405 typedef PhysPageEntry Node[L2_SIZE];
406 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
f7bf5461
AK		 407 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
408 phys_map_nodes_nb + nodes);
d6f2ea22
AK		 409 phys_map_nodes = g_renew(Node, phys_map_nodes,
410 phys_map_nodes_nb_alloc);
411 }
f7bf5461
AK		 412}
413
414static uint16_t phys_map_node_alloc(void)
415{
416 unsigned i;
417 uint16_t ret;
418
419 ret = phys_map_nodes_nb++;
420 assert(ret != PHYS_MAP_NODE_NIL);
421 assert(ret != phys_map_nodes_nb_alloc);
d6f2ea22 422 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 423 phys_map_nodes[ret][i].is_leaf = 0;
c19e8800 424 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
d6f2ea22 425 }
f7bf5461 426 return ret;
d6f2ea22
AK		 427}
428
429static void phys_map_nodes_reset(void)
430{
431 phys_map_nodes_nb = 0;
432}
433
92e873b9 434
2999097b
AK		 435static void phys_page_set_level(PhysPageEntry *lp, target_phys_addr_t *index,
436 target_phys_addr_t *nb, uint16_t leaf,
437 int level)
f7bf5461
AK		 438{
439 PhysPageEntry *p;
440 int i;
07f07b31 441 target_phys_addr_t step = (target_phys_addr_t)1 << (level * L2_BITS);
108c49b8 442
07f07b31 443 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
c19e8800
AK		 444 lp->ptr = phys_map_node_alloc();
445 p = phys_map_nodes[lp->ptr];
f7bf5461
AK		 446 if (level == 0) {
447 for (i = 0; i < L2_SIZE; i++) {
07f07b31 448 p[i].is_leaf = 1;
c19e8800 449 p[i].ptr = phys_section_unassigned;
4346ae3e 450 }
67c4d23c 451 }
f7bf5461 452 } else {
c19e8800 453 p = phys_map_nodes[lp->ptr];
92e873b9 454 }
2999097b 455 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
f7bf5461 456
2999097b 457 while (*nb && lp < &p[L2_SIZE]) {
07f07b31
AK		 458 if ((*index & (step - 1)) == 0 && *nb >= step) {
459 lp->is_leaf = true;
c19e8800 460 lp->ptr = leaf;
07f07b31
AK		 461 *index += step;
462 *nb -= step;
2999097b
AK		 463 } else {
464 phys_page_set_level(lp, index, nb, leaf, level - 1);
465 }
466 ++lp;
f7bf5461
AK		 467 }
468}
469
2999097b
AK		 470static void phys_page_set(target_phys_addr_t index, target_phys_addr_t nb,
471 uint16_t leaf)
f7bf5461 472{
2999097b 473 /* Wildly overreserve - it doesn't matter much. */
07f07b31 474 phys_map_node_reserve(3 * P_L2_LEVELS);
5cd2c5b6 475
2999097b 476 phys_page_set_level(&phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 477}
478
0cac1b66 479MemoryRegionSection *phys_page_find(target_phys_addr_t index)
92e873b9 480{
31ab2b4a
AK		 481 PhysPageEntry lp = phys_map;
482 PhysPageEntry *p;
483 int i;
31ab2b4a 484 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 485
07f07b31 486 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
c19e8800 487 if (lp.ptr == PHYS_MAP_NODE_NIL) {
31ab2b4a
AK		 488 goto not_found;
489 }
c19e8800 490 p = phys_map_nodes[lp.ptr];
31ab2b4a 491 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 492 }
31ab2b4a 493
c19e8800 494 s_index = lp.ptr;
31ab2b4a 495not_found:
f3705d53
AK		 496 return &phys_sections[s_index];
497}
498
e5548617
BS		 499bool memory_region_is_unassigned(MemoryRegion *mr)
500{
501 return mr != &io_mem_ram && mr != &io_mem_rom
502 && mr != &io_mem_notdirty && !mr->rom_device
503 && mr != &io_mem_watch;
504}
505
c8a706fe
PB		 506#define mmap_lock() do { } while(0)
507#define mmap_unlock() do { } while(0)
9fa3e853 508#endif
fd6ce8f6 509
4369415f
FB		 510#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
511
512#if defined(CONFIG_USER_ONLY)
ccbb4d44 513/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 514 user mode. It will change when a dedicated libc will be used */
515#define USE_STATIC_CODE_GEN_BUFFER
516#endif
517
518#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 519static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
520 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 521#endif
522
8fcd3692 523static void code_gen_alloc(unsigned long tb_size)
26a5f13b 524{
4369415f
FB		 525#ifdef USE_STATIC_CODE_GEN_BUFFER
526 code_gen_buffer = static_code_gen_buffer;
527 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
528 map_exec(code_gen_buffer, code_gen_buffer_size);
529#else
26a5f13b
FB		 530 code_gen_buffer_size = tb_size;
531 if (code_gen_buffer_size == 0) {
4369415f 532#if defined(CONFIG_USER_ONLY)
4369415f
FB		 533 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
534#else
ccbb4d44 535 /* XXX: needs adjustments */
94a6b54f 536 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 537#endif
26a5f13b
FB		 538 }
539 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
540 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
541 /* The code gen buffer location may have constraints depending on
542 the host cpu and OS */
543#if defined(__linux__)
544 {
545 int flags;
141ac468
BS		 546 void *start = NULL;
547
26a5f13b
FB		 548 flags = MAP_PRIVATE | MAP_ANONYMOUS;
549#if defined(__x86_64__)
550 flags |= MAP_32BIT;
551 /* Cannot map more than that */
552 if (code_gen_buffer_size > (800 * 1024 * 1024))
553 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 554#elif defined(__sparc_v9__)
555 // Map the buffer below 2G, so we can use direct calls and branches
556 flags |= MAP_FIXED;
557 start = (void *) 0x60000000UL;
558 if (code_gen_buffer_size > (512 * 1024 * 1024))
559 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 560#elif defined(__arm__)
5c84bd90 561 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 562 if (code_gen_buffer_size > 16 * 1024 * 1024)
563 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 564#elif defined(__s390x__)
565 /* Map the buffer so that we can use direct calls and branches. */
566 /* We have a +- 4GB range on the branches; leave some slop. */
567 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
568 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
569 }
570 start = (void *)0x90000000UL;
26a5f13b 571#endif
141ac468
BS		 572 code_gen_buffer = mmap(start, code_gen_buffer_size,
573 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 574 flags, -1, 0);
575 if (code_gen_buffer == MAP_FAILED) {
576 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
577 exit(1);
578 }
579 }
cbb608a5 580#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 581 || defined(__DragonFly__) || defined(__OpenBSD__) \
582 || defined(__NetBSD__)
06e67a82
AL		 583 {
584 int flags;
585 void *addr = NULL;
586 flags = MAP_PRIVATE | MAP_ANONYMOUS;
587#if defined(__x86_64__)
588 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
589 * 0x40000000 is free */
590 flags |= MAP_FIXED;
591 addr = (void *)0x40000000;
592 /* Cannot map more than that */
593 if (code_gen_buffer_size > (800 * 1024 * 1024))
594 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 595#elif defined(__sparc_v9__)
596 // Map the buffer below 2G, so we can use direct calls and branches
597 flags |= MAP_FIXED;
598 addr = (void *) 0x60000000UL;
599 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
600 code_gen_buffer_size = (512 * 1024 * 1024);
601 }
06e67a82
AL		 602#endif
603 code_gen_buffer = mmap(addr, code_gen_buffer_size,
604 PROT_WRITE | PROT_READ | PROT_EXEC,
605 flags, -1, 0);
606 if (code_gen_buffer == MAP_FAILED) {
607 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
608 exit(1);
609 }
610 }
26a5f13b 611#else
7267c094 612 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 613 map_exec(code_gen_buffer, code_gen_buffer_size);
614#endif
4369415f 615#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 616 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 617 code_gen_buffer_max_size = code_gen_buffer_size -
618 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 619 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 620 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 621}
622
623/* Must be called before using the QEMU cpus. 'tb_size' is the size
624 (in bytes) allocated to the translation buffer. Zero means default
625 size. */
d5ab9713 626void tcg_exec_init(unsigned long tb_size)
26a5f13b 627{
26a5f13b
FB		 628 cpu_gen_init();
629 code_gen_alloc(tb_size);
630 code_gen_ptr = code_gen_buffer;
813da627 631 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
4369415f 632 page_init();
9002ec79
RH		 633#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
634 /* There's no guest base to take into account, so go ahead and
635 initialize the prologue now. */
636 tcg_prologue_init(&tcg_ctx);
637#endif
26a5f13b
FB		 638}
639
d5ab9713
JK		 640bool tcg_enabled(void)
641{
642 return code_gen_buffer != NULL;
643}
644
645void cpu_exec_init_all(void)
646{
647#if !defined(CONFIG_USER_ONLY)
648 memory_map_init();
649 io_mem_init();
650#endif
651}
652
9656f324
PB		 653#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
654
e59fb374 655static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7 656{
9349b4f9 657 CPUArchState *env = opaque;
9656f324 658
3098dba0
AJ		 659 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
660 version_id is increased. */
661 env->interrupt_request &= ~0x01;
9656f324
PB		 662 tlb_flush(env, 1);
663
664 return 0;
665}
e7f4eff7
JQ		 666
667static const VMStateDescription vmstate_cpu_common = {
668 .name = "cpu_common",
669 .version_id = 1,
670 .minimum_version_id = 1,
671 .minimum_version_id_old = 1,
e7f4eff7
JQ		 672 .post_load = cpu_common_post_load,
673 .fields = (VMStateField []) {
9349b4f9
AF		 674 VMSTATE_UINT32(halted, CPUArchState),
675 VMSTATE_UINT32(interrupt_request, CPUArchState),
e7f4eff7
JQ		 676 VMSTATE_END_OF_LIST()
677 }
678};
9656f324
PB		 679#endif
680
9349b4f9 681CPUArchState *qemu_get_cpu(int cpu)
950f1472 682{
9349b4f9 683 CPUArchState *env = first_cpu;
950f1472
GC		 684
685 while (env) {
686 if (env->cpu_index == cpu)
687 break;
688 env = env->next_cpu;
689 }
690
691 return env;
692}
693
9349b4f9 694void cpu_exec_init(CPUArchState *env)
fd6ce8f6 695{
9349b4f9 696 CPUArchState **penv;
6a00d601
FB		 697 int cpu_index;
698
c2764719
PB		 699#if defined(CONFIG_USER_ONLY)
700 cpu_list_lock();
701#endif
6a00d601
FB		 702 env->next_cpu = NULL;
703 penv = &first_cpu;
704 cpu_index = 0;
705 while (*penv != NULL) {
1e9fa730 706 penv = &(*penv)->next_cpu;
6a00d601
FB		 707 cpu_index++;
708 }
709 env->cpu_index = cpu_index;
268a362c 710 env->numa_node = 0;
72cf2d4f
BS		 711 QTAILQ_INIT(&env->breakpoints);
712 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 713#ifndef CONFIG_USER_ONLY
714 env->thread_id = qemu_get_thread_id();
715#endif
6a00d601 716 *penv = env;
c2764719
PB		 717#if defined(CONFIG_USER_ONLY)
718 cpu_list_unlock();
719#endif
b3c7724c 720#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 721 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
722 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 723 cpu_save, cpu_load, env);
724#endif
fd6ce8f6
FB		 725}
726
d1a1eb74
TG		 727/* Allocate a new translation block. Flush the translation buffer if
728 too many translation blocks or too much generated code. */
729static TranslationBlock *tb_alloc(target_ulong pc)
730{
731 TranslationBlock *tb;
732
733 if (nb_tbs >= code_gen_max_blocks ||
734 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
735 return NULL;
736 tb = &tbs[nb_tbs++];
737 tb->pc = pc;
738 tb->cflags = 0;
739 return tb;
740}
741
742void tb_free(TranslationBlock *tb)
743{
744 /* In practice this is mostly used for single use temporary TB
745 Ignore the hard cases and just back up if this TB happens to
746 be the last one generated. */
747 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
748 code_gen_ptr = tb->tc_ptr;
749 nb_tbs--;
750 }
751}
752
9fa3e853
FB		 753static inline void invalidate_page_bitmap(PageDesc *p)
754{
755 if (p->code_bitmap) {
7267c094 756 g_free(p->code_bitmap);
9fa3e853
FB		 757 p->code_bitmap = NULL;
758 }
759 p->code_write_count = 0;
760}
761
5cd2c5b6
RH		 762/* Set to NULL all the 'first_tb' fields in all PageDescs. */
763
764static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 765{
5cd2c5b6 766 int i;
fd6ce8f6 767
5cd2c5b6
RH		 768 if (*lp == NULL) {
769 return;
770 }
771 if (level == 0) {
772 PageDesc *pd = *lp;
7296abac 773 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 774 pd[i].first_tb = NULL;
775 invalidate_page_bitmap(pd + i);
fd6ce8f6 776 }
5cd2c5b6
RH		 777 } else {
778 void **pp = *lp;
7296abac 779 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 780 page_flush_tb_1 (level - 1, pp + i);
781 }
782 }
783}
784
785static void page_flush_tb(void)
786{
787 int i;
788 for (i = 0; i < V_L1_SIZE; i++) {
789 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 790 }
791}
792
793/* flush all the translation blocks */
d4e8164f 794/* XXX: tb_flush is currently not thread safe */
9349b4f9 795void tb_flush(CPUArchState *env1)
fd6ce8f6 796{
9349b4f9 797 CPUArchState *env;
0124311e 798#if defined(DEBUG_FLUSH)
ab3d1727
BS		 799 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
800 (unsigned long)(code_gen_ptr - code_gen_buffer),
801 nb_tbs, nb_tbs > 0 ?
802 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 803#endif
26a5f13b 804 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 805 cpu_abort(env1, "Internal error: code buffer overflow\n");
806
fd6ce8f6 807 nb_tbs = 0;
3b46e624 808
6a00d601
FB		 809 for(env = first_cpu; env != NULL; env = env->next_cpu) {
810 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
811 }
9fa3e853 812
8a8a608f 813 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 814 page_flush_tb();
9fa3e853 815
fd6ce8f6 816 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 817 /* XXX: flush processor icache at this point if cache flush is
818 expensive */
e3db7226 819 tb_flush_count++;
fd6ce8f6
FB		 820}
821
822#ifdef DEBUG_TB_CHECK
823
bc98a7ef 824static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 825{
826 TranslationBlock *tb;
827 int i;
828 address &= TARGET_PAGE_MASK;
99773bd4
PB		 829 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
830 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 831 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
832 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 833 printf("ERROR invalidate: address=" TARGET_FMT_lx
834 " PC=%08lx size=%04x\n",
99773bd4 835 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 836 }
837 }
838 }
839}
840
841/* verify that all the pages have correct rights for code */
842static void tb_page_check(void)
843{
844 TranslationBlock *tb;
845 int i, flags1, flags2;
3b46e624 846
99773bd4
PB		 847 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
848 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 849 flags1 = page_get_flags(tb->pc);
850 flags2 = page_get_flags(tb->pc + tb->size - 1);
851 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
852 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 853 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 854 }
855 }
856 }
857}
858
859#endif
860
861/* invalidate one TB */
862static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
863 int next_offset)
864{
865 TranslationBlock *tb1;
866 for(;;) {
867 tb1 = *ptb;
868 if (tb1 == tb) {
869 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
870 break;
871 }
872 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
873 }
874}
875
9fa3e853
FB		 876static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
877{
878 TranslationBlock *tb1;
879 unsigned int n1;
880
881 for(;;) {
882 tb1 = *ptb;
8efe0ca8
SW		 883 n1 = (uintptr_t)tb1 & 3;
884 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
9fa3e853
FB		 885 if (tb1 == tb) {
886 *ptb = tb1->page_next[n1];
887 break;
888 }
889 ptb = &tb1->page_next[n1];
890 }
891}
892
d4e8164f
FB		 893static inline void tb_jmp_remove(TranslationBlock *tb, int n)
894{
895 TranslationBlock *tb1, **ptb;
896 unsigned int n1;
897
898 ptb = &tb->jmp_next[n];
899 tb1 = *ptb;
900 if (tb1) {
901 /* find tb(n) in circular list */
902 for(;;) {
903 tb1 = *ptb;
8efe0ca8
SW		 904 n1 = (uintptr_t)tb1 & 3;
905 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 906 if (n1 == n && tb1 == tb)
907 break;
908 if (n1 == 2) {
909 ptb = &tb1->jmp_first;
910 } else {
911 ptb = &tb1->jmp_next[n1];
912 }
913 }
914 /* now we can suppress tb(n) from the list */
915 *ptb = tb->jmp_next[n];
916
917 tb->jmp_next[n] = NULL;
918 }
919}
920
921/* reset the jump entry 'n' of a TB so that it is not chained to
922 another TB */
923static inline void tb_reset_jump(TranslationBlock *tb, int n)
924{
8efe0ca8 925 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
d4e8164f
FB		 926}
927
41c1b1c9 928void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 929{
9349b4f9 930 CPUArchState *env;
8a40a180 931 PageDesc *p;
d4e8164f 932 unsigned int h, n1;
41c1b1c9 933 tb_page_addr_t phys_pc;
8a40a180 934 TranslationBlock *tb1, *tb2;
3b46e624 935
8a40a180
FB		 936 /* remove the TB from the hash list */
937 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
938 h = tb_phys_hash_func(phys_pc);
5fafdf24 939 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 940 offsetof(TranslationBlock, phys_hash_next));
941
942 /* remove the TB from the page list */
943 if (tb->page_addr[0] != page_addr) {
944 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
945 tb_page_remove(&p->first_tb, tb);
946 invalidate_page_bitmap(p);
947 }
948 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
949 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
950 tb_page_remove(&p->first_tb, tb);
951 invalidate_page_bitmap(p);
952 }
953
36bdbe54 954 tb_invalidated_flag = 1;
59817ccb 955
fd6ce8f6 956 /* remove the TB from the hash list */
8a40a180 957 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 958 for(env = first_cpu; env != NULL; env = env->next_cpu) {
959 if (env->tb_jmp_cache[h] == tb)
960 env->tb_jmp_cache[h] = NULL;
961 }
d4e8164f
FB		 962
963 /* suppress this TB from the two jump lists */
964 tb_jmp_remove(tb, 0);
965 tb_jmp_remove(tb, 1);
966
967 /* suppress any remaining jumps to this TB */
968 tb1 = tb->jmp_first;
969 for(;;) {
8efe0ca8 970 n1 = (uintptr_t)tb1 & 3;
d4e8164f
FB		 971 if (n1 == 2)
972 break;
8efe0ca8 973 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
d4e8164f
FB		 974 tb2 = tb1->jmp_next[n1];
975 tb_reset_jump(tb1, n1);
976 tb1->jmp_next[n1] = NULL;
977 tb1 = tb2;
978 }
8efe0ca8 979 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
9fa3e853 980
e3db7226 981 tb_phys_invalidate_count++;
9fa3e853
FB		 982}
983
984static inline void set_bits(uint8_t *tab, int start, int len)
985{
986 int end, mask, end1;
987
988 end = start + len;
989 tab += start >> 3;
990 mask = 0xff << (start & 7);
991 if ((start & ~7) == (end & ~7)) {
992 if (start < end) {
993 mask &= ~(0xff << (end & 7));
994 *tab |= mask;
995 }
996 } else {
997 *tab++ |= mask;
998 start = (start + 8) & ~7;
999 end1 = end & ~7;
1000 while (start < end1) {
1001 *tab++ = 0xff;
1002 start += 8;
1003 }
1004 if (start < end) {
1005 mask = ~(0xff << (end & 7));
1006 *tab |= mask;
1007 }
1008 }
1009}
1010
1011static void build_page_bitmap(PageDesc *p)
1012{
1013 int n, tb_start, tb_end;
1014 TranslationBlock *tb;
3b46e624 1015
7267c094 1016 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1017
1018 tb = p->first_tb;
1019 while (tb != NULL) {
8efe0ca8
SW		 1020 n = (uintptr_t)tb & 3;
1021 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1022 /* NOTE: this is subtle as a TB may span two physical pages */
1023 if (n == 0) {
1024 /* NOTE: tb_end may be after the end of the page, but
1025 it is not a problem */
1026 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1027 tb_end = tb_start + tb->size;
1028 if (tb_end > TARGET_PAGE_SIZE)
1029 tb_end = TARGET_PAGE_SIZE;
1030 } else {
1031 tb_start = 0;
1032 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1033 }
1034 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1035 tb = tb->page_next[n];
1036 }
1037}
1038
9349b4f9 1039TranslationBlock *tb_gen_code(CPUArchState *env,
2e70f6ef
PB		 1040 target_ulong pc, target_ulong cs_base,
1041 int flags, int cflags)
d720b93d
FB		 1042{
1043 TranslationBlock *tb;
1044 uint8_t *tc_ptr;
41c1b1c9
PB		 1045 tb_page_addr_t phys_pc, phys_page2;
1046 target_ulong virt_page2;
d720b93d
FB		 1047 int code_gen_size;
1048
41c1b1c9 1049 phys_pc = get_page_addr_code(env, pc);
c27004ec 1050 tb = tb_alloc(pc);
d720b93d
FB		 1051 if (!tb) {
1052 /* flush must be done */
1053 tb_flush(env);
1054 /* cannot fail at this point */
c27004ec 1055 tb = tb_alloc(pc);
2e70f6ef
PB		 1056 /* Don't forget to invalidate previous TB info. */
1057 tb_invalidated_flag = 1;
d720b93d
FB		 1058 }
1059 tc_ptr = code_gen_ptr;
1060 tb->tc_ptr = tc_ptr;
1061 tb->cs_base = cs_base;
1062 tb->flags = flags;
1063 tb->cflags = cflags;
d07bde88 1064 cpu_gen_code(env, tb, &code_gen_size);
8efe0ca8
SW		 1065 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1066 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1067
d720b93d 1068 /* check next page if needed */
c27004ec 1069 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1070 phys_page2 = -1;
c27004ec 1071 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1072 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1073 }
41c1b1c9 1074 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1075 return tb;
d720b93d 1076}
3b46e624 1077
77a8f1a5 1078/*
8e0fdce3
JK		 1079 * Invalidate all TBs which intersect with the target physical address range
1080 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1081 * 'is_cpu_write_access' should be true if called from a real cpu write
1082 * access: the virtual CPU will exit the current TB if code is modified inside
1083 * this TB.
77a8f1a5
AG		 1084 */
1085void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1086 int is_cpu_write_access)
1087{
1088 while (start < end) {
1089 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1090 start &= TARGET_PAGE_MASK;
1091 start += TARGET_PAGE_SIZE;
1092 }
1093}
1094
8e0fdce3
JK		 1095/*
1096 * Invalidate all TBs which intersect with the target physical address range
1097 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1098 * 'is_cpu_write_access' should be true if called from a real cpu write
1099 * access: the virtual CPU will exit the current TB if code is modified inside
1100 * this TB.
1101 */
41c1b1c9 1102void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1103 int is_cpu_write_access)
1104{
6b917547 1105 TranslationBlock *tb, *tb_next, *saved_tb;
9349b4f9 1106 CPUArchState *env = cpu_single_env;
41c1b1c9 1107 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1108 PageDesc *p;
1109 int n;
1110#ifdef TARGET_HAS_PRECISE_SMC
1111 int current_tb_not_found = is_cpu_write_access;
1112 TranslationBlock *current_tb = NULL;
1113 int current_tb_modified = 0;
1114 target_ulong current_pc = 0;
1115 target_ulong current_cs_base = 0;
1116 int current_flags = 0;
1117#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1118
1119 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1120 if (!p)
9fa3e853 1121 return;
5fafdf24 1122 if (!p->code_bitmap &&
d720b93d
FB		 1123 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1124 is_cpu_write_access) {
9fa3e853
FB		 1125 /* build code bitmap */
1126 build_page_bitmap(p);
1127 }
1128
1129 /* we remove all the TBs in the range [start, end[ */
1130 /* XXX: see if in some cases it could be faster to invalidate all the code */
1131 tb = p->first_tb;
1132 while (tb != NULL) {
8efe0ca8
SW		 1133 n = (uintptr_t)tb & 3;
1134 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
9fa3e853
FB		 1135 tb_next = tb->page_next[n];
1136 /* NOTE: this is subtle as a TB may span two physical pages */
1137 if (n == 0) {
1138 /* NOTE: tb_end may be after the end of the page, but
1139 it is not a problem */
1140 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1141 tb_end = tb_start + tb->size;
1142 } else {
1143 tb_start = tb->page_addr[1];
1144 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1145 }
1146 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1147#ifdef TARGET_HAS_PRECISE_SMC
1148 if (current_tb_not_found) {
1149 current_tb_not_found = 0;
1150 current_tb = NULL;
2e70f6ef 1151 if (env->mem_io_pc) {
d720b93d 1152 /* now we have a real cpu fault */
2e70f6ef 1153 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1154 }
1155 }
1156 if (current_tb == tb &&
2e70f6ef 1157 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1158 /* If we are modifying the current TB, we must stop
1159 its execution. We could be more precise by checking
1160 that the modification is after the current PC, but it
1161 would require a specialized function to partially
1162 restore the CPU state */
3b46e624 1163
d720b93d 1164 current_tb_modified = 1;
618ba8e6 1165 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1166 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1167 &current_flags);
d720b93d
FB		 1168 }
1169#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1170 /* we need to do that to handle the case where a signal
1171 occurs while doing tb_phys_invalidate() */
1172 saved_tb = NULL;
1173 if (env) {
1174 saved_tb = env->current_tb;
1175 env->current_tb = NULL;
1176 }
9fa3e853 1177 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1178 if (env) {
1179 env->current_tb = saved_tb;
1180 if (env->interrupt_request && env->current_tb)
1181 cpu_interrupt(env, env->interrupt_request);
1182 }
9fa3e853
FB		 1183 }
1184 tb = tb_next;
1185 }
1186#if !defined(CONFIG_USER_ONLY)
1187 /* if no code remaining, no need to continue to use slow writes */
1188 if (!p->first_tb) {
1189 invalidate_page_bitmap(p);
d720b93d 1190 if (is_cpu_write_access) {
2e70f6ef 1191 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1192 }
1193 }
1194#endif
1195#ifdef TARGET_HAS_PRECISE_SMC
1196 if (current_tb_modified) {
1197 /* we generate a block containing just the instruction
1198 modifying the memory. It will ensure that it cannot modify
1199 itself */
ea1c1802 1200 env->current_tb = NULL;
2e70f6ef 1201 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1202 cpu_resume_from_signal(env, NULL);
9fa3e853 1203 }
fd6ce8f6 1204#endif
9fa3e853 1205}
fd6ce8f6 1206
9fa3e853 1207/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1208static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1209{
1210 PageDesc *p;
1211 int offset, b;
59817ccb 1212#if 0
a4193c8a 1213 if (1) {
93fcfe39
AL		 1214 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1215 cpu_single_env->mem_io_vaddr, len,
1216 cpu_single_env->eip,
8efe0ca8
SW		 1217 cpu_single_env->eip +
1218 (intptr_t)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1219 }
1220#endif
9fa3e853 1221 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1222 if (!p)
9fa3e853
FB		 1223 return;
1224 if (p->code_bitmap) {
1225 offset = start & ~TARGET_PAGE_MASK;
1226 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1227 if (b & ((1 << len) - 1))
1228 goto do_invalidate;
1229 } else {
1230 do_invalidate:
d720b93d 1231 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1232 }
1233}
1234
9fa3e853 1235#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1236static void tb_invalidate_phys_page(tb_page_addr_t addr,
20503968 1237 uintptr_t pc, void *puc)
9fa3e853 1238{
6b917547 1239 TranslationBlock *tb;
9fa3e853 1240 PageDesc *p;
6b917547 1241 int n;
d720b93d 1242#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1243 TranslationBlock *current_tb = NULL;
9349b4f9 1244 CPUArchState *env = cpu_single_env;
6b917547
AL		 1245 int current_tb_modified = 0;
1246 target_ulong current_pc = 0;
1247 target_ulong current_cs_base = 0;
1248 int current_flags = 0;
d720b93d 1249#endif
9fa3e853
FB		 1250
1251 addr &= TARGET_PAGE_MASK;
1252 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1253 if (!p)
9fa3e853
FB		 1254 return;
1255 tb = p->first_tb;
d720b93d
FB		 1256#ifdef TARGET_HAS_PRECISE_SMC
1257 if (tb && pc != 0) {
1258 current_tb = tb_find_pc(pc);
1259 }
1260#endif
9fa3e853 1261 while (tb != NULL) {
8efe0ca8
SW		 1262 n = (uintptr_t)tb & 3;
1263 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
d720b93d
FB		 1264#ifdef TARGET_HAS_PRECISE_SMC
1265 if (current_tb == tb &&
2e70f6ef 1266 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1267 /* If we are modifying the current TB, we must stop
1268 its execution. We could be more precise by checking
1269 that the modification is after the current PC, but it
1270 would require a specialized function to partially
1271 restore the CPU state */
3b46e624 1272
d720b93d 1273 current_tb_modified = 1;
618ba8e6 1274 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1275 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1276 &current_flags);
d720b93d
FB		 1277 }
1278#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1279 tb_phys_invalidate(tb, addr);
1280 tb = tb->page_next[n];
1281 }
fd6ce8f6 1282 p->first_tb = NULL;
d720b93d
FB		 1283#ifdef TARGET_HAS_PRECISE_SMC
1284 if (current_tb_modified) {
1285 /* we generate a block containing just the instruction
1286 modifying the memory. It will ensure that it cannot modify
1287 itself */
ea1c1802 1288 env->current_tb = NULL;
2e70f6ef 1289 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1290 cpu_resume_from_signal(env, puc);
1291 }
1292#endif
fd6ce8f6 1293}
9fa3e853 1294#endif
fd6ce8f6
FB		 1295
1296/* add the tb in the target page and protect it if necessary */
5fafdf24 1297static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1298 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1299{
1300 PageDesc *p;
4429ab44
JQ		 1301#ifndef CONFIG_USER_ONLY
1302 bool page_already_protected;
1303#endif
9fa3e853
FB		 1304
1305 tb->page_addr[n] = page_addr;
5cd2c5b6 1306 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1307 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1308#ifndef CONFIG_USER_ONLY
1309 page_already_protected = p->first_tb != NULL;
1310#endif
8efe0ca8 1311 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
9fa3e853 1312 invalidate_page_bitmap(p);
fd6ce8f6 1313
107db443 1314#if defined(TARGET_HAS_SMC) || 1
d720b93d 1315
9fa3e853 1316#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1317 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1318 target_ulong addr;
1319 PageDesc *p2;
9fa3e853
FB		 1320 int prot;
1321
fd6ce8f6
FB		 1322 /* force the host page as non writable (writes will have a
1323 page fault + mprotect overhead) */
53a5960a 1324 page_addr &= qemu_host_page_mask;
fd6ce8f6 1325 prot = 0;
53a5960a
PB		 1326 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1327 addr += TARGET_PAGE_SIZE) {
1328
1329 p2 = page_find (addr >> TARGET_PAGE_BITS);
1330 if (!p2)
1331 continue;
1332 prot |= p2->flags;
1333 p2->flags &= ~PAGE_WRITE;
53a5960a 1334 }
5fafdf24 1335 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1336 (prot & PAGE_BITS) & ~PAGE_WRITE);
1337#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1338 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1339 page_addr);
fd6ce8f6 1340#endif
fd6ce8f6 1341 }
9fa3e853
FB		 1342#else
1343 /* if some code is already present, then the pages are already
1344 protected. So we handle the case where only the first TB is
1345 allocated in a physical page */
4429ab44 1346 if (!page_already_protected) {
6a00d601 1347 tlb_protect_code(page_addr);
9fa3e853
FB		 1348 }
1349#endif
d720b93d
FB		 1350
1351#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1352}
1353
9fa3e853
FB		 1354/* add a new TB and link it to the physical page tables. phys_page2 is
1355 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1356void tb_link_page(TranslationBlock *tb,
1357 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1358{
9fa3e853
FB		 1359 unsigned int h;
1360 TranslationBlock **ptb;
1361
c8a706fe
PB		 1362 /* Grab the mmap lock to stop another thread invalidating this TB
1363 before we are done. */
1364 mmap_lock();
9fa3e853
FB		 1365 /* add in the physical hash table */
1366 h = tb_phys_hash_func(phys_pc);
1367 ptb = &tb_phys_hash[h];
1368 tb->phys_hash_next = *ptb;
1369 *ptb = tb;
fd6ce8f6
FB		 1370
1371 /* add in the page list */
9fa3e853
FB		 1372 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1373 if (phys_page2 != -1)
1374 tb_alloc_page(tb, 1, phys_page2);
1375 else
1376 tb->page_addr[1] = -1;
9fa3e853 1377
8efe0ca8 1378 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
d4e8164f
FB		 1379 tb->jmp_next[0] = NULL;
1380 tb->jmp_next[1] = NULL;
1381
1382 /* init original jump addresses */
1383 if (tb->tb_next_offset[0] != 0xffff)
1384 tb_reset_jump(tb, 0);
1385 if (tb->tb_next_offset[1] != 0xffff)
1386 tb_reset_jump(tb, 1);
8a40a180
FB		 1387
1388#ifdef DEBUG_TB_CHECK
1389 tb_page_check();
1390#endif
c8a706fe 1391 mmap_unlock();
fd6ce8f6
FB		 1392}
1393
9fa3e853
FB		 1394/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1395 tb[1].tc_ptr. Return NULL if not found */
6375e09e 1396TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
fd6ce8f6 1397{
9fa3e853 1398 int m_min, m_max, m;
8efe0ca8 1399 uintptr_t v;
9fa3e853 1400 TranslationBlock *tb;
a513fe19
FB		 1401
1402 if (nb_tbs <= 0)
1403 return NULL;
8efe0ca8
SW		 1404 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1405 tc_ptr >= (uintptr_t)code_gen_ptr) {
a513fe19 1406 return NULL;
8efe0ca8 1407 }
a513fe19
FB		 1408 /* binary search (cf Knuth) */
1409 m_min = 0;
1410 m_max = nb_tbs - 1;
1411 while (m_min <= m_max) {
1412 m = (m_min + m_max) >> 1;
1413 tb = &tbs[m];
8efe0ca8 1414 v = (uintptr_t)tb->tc_ptr;
a513fe19
FB		 1415 if (v == tc_ptr)
1416 return tb;
1417 else if (tc_ptr < v) {
1418 m_max = m - 1;
1419 } else {
1420 m_min = m + 1;
1421 }
5fafdf24 1422 }
a513fe19
FB		 1423 return &tbs[m_max];
1424}
7501267e 1425
ea041c0e
FB		 1426static void tb_reset_jump_recursive(TranslationBlock *tb);
1427
1428static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1429{
1430 TranslationBlock *tb1, *tb_next, **ptb;
1431 unsigned int n1;
1432
1433 tb1 = tb->jmp_next[n];
1434 if (tb1 != NULL) {
1435 /* find head of list */
1436 for(;;) {
8efe0ca8
SW		 1437 n1 = (uintptr_t)tb1 & 3;
1438 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1439 if (n1 == 2)
1440 break;
1441 tb1 = tb1->jmp_next[n1];
1442 }
1443 /* we are now sure now that tb jumps to tb1 */
1444 tb_next = tb1;
1445
1446 /* remove tb from the jmp_first list */
1447 ptb = &tb_next->jmp_first;
1448 for(;;) {
1449 tb1 = *ptb;
8efe0ca8
SW		 1450 n1 = (uintptr_t)tb1 & 3;
1451 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
ea041c0e
FB		 1452 if (n1 == n && tb1 == tb)
1453 break;
1454 ptb = &tb1->jmp_next[n1];
1455 }
1456 *ptb = tb->jmp_next[n];
1457 tb->jmp_next[n] = NULL;
3b46e624 1458
ea041c0e
FB		 1459 /* suppress the jump to next tb in generated code */
1460 tb_reset_jump(tb, n);
1461
0124311e 1462 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1463 tb_reset_jump_recursive(tb_next);
1464 }
1465}
1466
1467static void tb_reset_jump_recursive(TranslationBlock *tb)
1468{
1469 tb_reset_jump_recursive2(tb, 0);
1470 tb_reset_jump_recursive2(tb, 1);
1471}
1472
1fddef4b 1473#if defined(TARGET_HAS_ICE)
94df27fd 1474#if defined(CONFIG_USER_ONLY)
9349b4f9 1475static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
94df27fd
PB		 1476{
1477 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1478}
1479#else
1e7855a5 1480void tb_invalidate_phys_addr(target_phys_addr_t addr)
d720b93d 1481{
c227f099 1482 ram_addr_t ram_addr;
f3705d53 1483 MemoryRegionSection *section;
d720b93d 1484
06ef3525 1485 section = phys_page_find(addr >> TARGET_PAGE_BITS);
f3705d53
AK		 1486 if (!(memory_region_is_ram(section->mr)
1487 || (section->mr->rom_device && section->mr->readable))) {
06ef3525
AK		 1488 return;
1489 }
f3705d53 1490 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1491 + memory_region_section_addr(section, addr);
706cd4b5 1492 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1493}
1e7855a5
MF		 1494
1495static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1496{
9d70c4b7
MF		 1497 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1498 (pc & ~TARGET_PAGE_MASK));
1e7855a5 1499}
c27004ec 1500#endif
94df27fd 1501#endif /* TARGET_HAS_ICE */
d720b93d 1502
c527ee8f 1503#if defined(CONFIG_USER_ONLY)
9349b4f9 1504void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
c527ee8f
PB		 1505
1506{
1507}
1508
9349b4f9 1509int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
c527ee8f
PB		 1510 int flags, CPUWatchpoint **watchpoint)
1511{
1512 return -ENOSYS;
1513}
1514#else
6658ffb8 1515/* Add a watchpoint. */
9349b4f9 1516int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1517 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1518{
b4051334 1519 target_ulong len_mask = ~(len - 1);
c0ce998e 1520 CPUWatchpoint *wp;
6658ffb8 1521
b4051334 1522 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
0dc23828
MF		 1523 if ((len & (len - 1)) || (addr & ~len_mask) ||
1524 len == 0 || len > TARGET_PAGE_SIZE) {
b4051334
AL		 1525 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1526 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1527 return -EINVAL;
1528 }
7267c094 1529 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1530
1531 wp->vaddr = addr;
b4051334 1532 wp->len_mask = len_mask;
a1d1bb31
AL		 1533 wp->flags = flags;
1534
2dc9f411 1535 /* keep all GDB-injected watchpoints in front */
c0ce998e 1536 if (flags & BP_GDB)
72cf2d4f 1537 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1538 else
72cf2d4f 1539 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1540
6658ffb8 1541 tlb_flush_page(env, addr);
a1d1bb31
AL		 1542
1543 if (watchpoint)
1544 *watchpoint = wp;
1545 return 0;
6658ffb8
PB		 1546}
1547
a1d1bb31 1548/* Remove a specific watchpoint. */
9349b4f9 1549int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
a1d1bb31 1550 int flags)
6658ffb8 1551{
b4051334 1552 target_ulong len_mask = ~(len - 1);
a1d1bb31 1553 CPUWatchpoint *wp;
6658ffb8 1554
72cf2d4f 1555 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1556 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1557 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1558 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1559 return 0;
1560 }
1561 }
a1d1bb31 1562 return -ENOENT;
6658ffb8
PB		 1563}
1564
a1d1bb31 1565/* Remove a specific watchpoint by reference. */
9349b4f9 1566void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
a1d1bb31 1567{
72cf2d4f 1568 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1569
a1d1bb31
AL		 1570 tlb_flush_page(env, watchpoint->vaddr);
1571
7267c094 1572 g_free(watchpoint);
a1d1bb31
AL		 1573}
1574
1575/* Remove all matching watchpoints. */
9349b4f9 1576void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31 1577{
c0ce998e 1578 CPUWatchpoint *wp, *next;
a1d1bb31 1579
72cf2d4f 1580 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1581 if (wp->flags & mask)
1582 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1583 }
7d03f82f 1584}
c527ee8f 1585#endif
7d03f82f 1586
a1d1bb31 1587/* Add a breakpoint. */
9349b4f9 1588int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
a1d1bb31 1589 CPUBreakpoint **breakpoint)
4c3a88a2 1590{
1fddef4b 1591#if defined(TARGET_HAS_ICE)
c0ce998e 1592 CPUBreakpoint *bp;
3b46e624 1593
7267c094 1594 bp = g_malloc(sizeof(*bp));
4c3a88a2 1595
a1d1bb31
AL		 1596 bp->pc = pc;
1597 bp->flags = flags;
1598
2dc9f411 1599 /* keep all GDB-injected breakpoints in front */
c0ce998e 1600 if (flags & BP_GDB)
72cf2d4f 1601 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1602 else
72cf2d4f 1603 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1604
d720b93d 1605 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1606
1607 if (breakpoint)
1608 *breakpoint = bp;
4c3a88a2
FB		 1609 return 0;
1610#else
a1d1bb31 1611 return -ENOSYS;
4c3a88a2
FB		 1612#endif
1613}
1614
a1d1bb31 1615/* Remove a specific breakpoint. */
9349b4f9 1616int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
a1d1bb31 1617{
7d03f82f 1618#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1619 CPUBreakpoint *bp;
1620
72cf2d4f 1621 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1622 if (bp->pc == pc && bp->flags == flags) {
1623 cpu_breakpoint_remove_by_ref(env, bp);
1624 return 0;
1625 }
7d03f82f 1626 }
a1d1bb31
AL		 1627 return -ENOENT;
1628#else
1629 return -ENOSYS;
7d03f82f
EI		 1630#endif
1631}
1632
a1d1bb31 1633/* Remove a specific breakpoint by reference. */
9349b4f9 1634void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1635{
1fddef4b 1636#if defined(TARGET_HAS_ICE)
72cf2d4f 1637 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1638
a1d1bb31
AL		 1639 breakpoint_invalidate(env, breakpoint->pc);
1640
7267c094 1641 g_free(breakpoint);
a1d1bb31
AL		 1642#endif
1643}
1644
1645/* Remove all matching breakpoints. */
9349b4f9 1646void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
a1d1bb31
AL		 1647{
1648#if defined(TARGET_HAS_ICE)
c0ce998e 1649 CPUBreakpoint *bp, *next;
a1d1bb31 1650
72cf2d4f 1651 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1652 if (bp->flags & mask)
1653 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1654 }
4c3a88a2
FB		 1655#endif
1656}
1657
c33a346e
FB		 1658/* enable or disable single step mode. EXCP_DEBUG is returned by the
1659 CPU loop after each instruction */
9349b4f9 1660void cpu_single_step(CPUArchState *env, int enabled)
c33a346e 1661{
1fddef4b 1662#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1663 if (env->singlestep_enabled != enabled) {
1664 env->singlestep_enabled = enabled;
e22a25c9
AL		 1665 if (kvm_enabled())
1666 kvm_update_guest_debug(env, 0);
1667 else {
ccbb4d44 1668 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1669 /* XXX: only flush what is necessary */
1670 tb_flush(env);
1671 }
c33a346e
FB		 1672 }
1673#endif
1674}
1675
34865134
FB		 1676/* enable or disable low levels log */
1677void cpu_set_log(int log_flags)
1678{
1679 loglevel = log_flags;
1680 if (loglevel && !logfile) {
11fcfab4 1681 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1682 if (!logfile) {
1683 perror(logfilename);
1684 _exit(1);
1685 }
9fa3e853
FB		 1686#if !defined(CONFIG_SOFTMMU)
1687 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1688 {
b55266b5 1689 static char logfile_buf[4096];
9fa3e853
FB		 1690 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1691 }
daf767b1
SW		 1692#elif defined(_WIN32)
1693 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1694 setvbuf(logfile, NULL, _IONBF, 0);
1695#else
34865134 1696 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1697#endif
e735b91c
PB		 1698 log_append = 1;
1699 }
1700 if (!loglevel && logfile) {
1701 fclose(logfile);
1702 logfile = NULL;
34865134
FB		 1703 }
1704}
1705
1706void cpu_set_log_filename(const char *filename)
1707{
1708 logfilename = strdup(filename);
e735b91c
PB		 1709 if (logfile) {
1710 fclose(logfile);
1711 logfile = NULL;
1712 }
1713 cpu_set_log(loglevel);
34865134 1714}
c33a346e 1715
9349b4f9 1716static void cpu_unlink_tb(CPUArchState *env)
ea041c0e 1717{
3098dba0
AJ		 1718 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1719 problem and hope the cpu will stop of its own accord. For userspace
1720 emulation this often isn't actually as bad as it sounds. Often
1721 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1722 TranslationBlock *tb;
c227f099 1723 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1724
cab1b4bd 1725 spin_lock(&interrupt_lock);
3098dba0
AJ		 1726 tb = env->current_tb;
1727 /* if the cpu is currently executing code, we must unlink it and
1728 all the potentially executing TB */
f76cfe56 1729 if (tb) {
3098dba0
AJ		 1730 env->current_tb = NULL;
1731 tb_reset_jump_recursive(tb);
be214e6c 1732 }
cab1b4bd 1733 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1734}
1735
97ffbd8d 1736#ifndef CONFIG_USER_ONLY
3098dba0 1737/* mask must never be zero, except for A20 change call */
9349b4f9 1738static void tcg_handle_interrupt(CPUArchState *env, int mask)
3098dba0
AJ		 1739{
1740 int old_mask;
be214e6c 1741
2e70f6ef 1742 old_mask = env->interrupt_request;
68a79315 1743 env->interrupt_request |= mask;
3098dba0 1744
8edac960
AL		 1745 /*
1746 * If called from iothread context, wake the target cpu in
1747 * case its halted.
1748 */
b7680cb6 1749 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1750 qemu_cpu_kick(env);
1751 return;
1752 }
8edac960 1753
2e70f6ef 1754 if (use_icount) {
266910c4 1755 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1756 if (!can_do_io(env)
be214e6c 1757 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1758 cpu_abort(env, "Raised interrupt while not in I/O function");
1759 }
2e70f6ef 1760 } else {
3098dba0 1761 cpu_unlink_tb(env);
ea041c0e
FB		 1762 }
1763}
1764
ec6959d0
JK		 1765CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1766
97ffbd8d
JK		 1767#else /* CONFIG_USER_ONLY */
1768
9349b4f9 1769void cpu_interrupt(CPUArchState *env, int mask)
97ffbd8d
JK		 1770{
1771 env->interrupt_request |= mask;
1772 cpu_unlink_tb(env);
1773}
1774#endif /* CONFIG_USER_ONLY */
1775
9349b4f9 1776void cpu_reset_interrupt(CPUArchState *env, int mask)
b54ad049
FB		 1777{
1778 env->interrupt_request &= ~mask;
1779}
1780
9349b4f9 1781void cpu_exit(CPUArchState *env)
3098dba0
AJ		 1782{
1783 env->exit_request = 1;
1784 cpu_unlink_tb(env);
1785}
1786
c7cd6a37 1787const CPULogItem cpu_log_items[] = {
5fafdf24 1788 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1789 "show generated host assembly code for each compiled TB" },
1790 { CPU_LOG_TB_IN_ASM, "in_asm",
1791 "show target assembly code for each compiled TB" },
5fafdf24 1792 { CPU_LOG_TB_OP, "op",
57fec1fe 1793 "show micro ops for each compiled TB" },
f193c797 1794 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1795 "show micro ops "
1796#ifdef TARGET_I386
1797 "before eflags optimization and "
f193c797 1798#endif
e01a1157 1799 "after liveness analysis" },
f193c797
FB		 1800 { CPU_LOG_INT, "int",
1801 "show interrupts/exceptions in short format" },
1802 { CPU_LOG_EXEC, "exec",
1803 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1804 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1805 "show CPU state before block translation" },
f193c797
FB		 1806#ifdef TARGET_I386
1807 { CPU_LOG_PCALL, "pcall",
1808 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1809 { CPU_LOG_RESET, "cpu_reset",
1810 "show CPU state before CPU resets" },
f193c797 1811#endif
8e3a9fd2 1812#ifdef DEBUG_IOPORT
fd872598
FB		 1813 { CPU_LOG_IOPORT, "ioport",
1814 "show all i/o ports accesses" },
8e3a9fd2 1815#endif
f193c797
FB		 1816 { 0, NULL, NULL },
1817};
1818
1819static int cmp1(const char *s1, int n, const char *s2)
1820{
1821 if (strlen(s2) != n)
1822 return 0;
1823 return memcmp(s1, s2, n) == 0;
1824}
3b46e624 1825
f193c797
FB		 1826/* takes a comma separated list of log masks. Return 0 if error. */
1827int cpu_str_to_log_mask(const char *str)
1828{
c7cd6a37 1829 const CPULogItem *item;
f193c797
FB		 1830 int mask;
1831 const char *p, *p1;
1832
1833 p = str;
1834 mask = 0;
1835 for(;;) {
1836 p1 = strchr(p, ',');
1837 if (!p1)
1838 p1 = p + strlen(p);
9742bf26
YT		 1839 if(cmp1(p,p1-p,"all")) {
1840 for(item = cpu_log_items; item->mask != 0; item++) {
1841 mask |= item->mask;
1842 }
1843 } else {
1844 for(item = cpu_log_items; item->mask != 0; item++) {
1845 if (cmp1(p, p1 - p, item->name))
1846 goto found;
1847 }
1848 return 0;
f193c797 1849 }
f193c797
FB		 1850 found:
1851 mask |= item->mask;
1852 if (*p1 != ',')
1853 break;
1854 p = p1 + 1;
1855 }
1856 return mask;
1857}
ea041c0e 1858
9349b4f9 1859void cpu_abort(CPUArchState *env, const char *fmt, ...)
7501267e
FB		 1860{
1861 va_list ap;
493ae1f0 1862 va_list ap2;
7501267e
FB		 1863
1864 va_start(ap, fmt);
493ae1f0 1865 va_copy(ap2, ap);
7501267e
FB		 1866 fprintf(stderr, "qemu: fatal: ");
1867 vfprintf(stderr, fmt, ap);
1868 fprintf(stderr, "\n");
1869#ifdef TARGET_I386
7fe48483
FB		 1870 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1871#else
1872 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1873#endif
93fcfe39
AL		 1874 if (qemu_log_enabled()) {
1875 qemu_log("qemu: fatal: ");
1876 qemu_log_vprintf(fmt, ap2);
1877 qemu_log("\n");
f9373291 1878#ifdef TARGET_I386
93fcfe39 1879 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1880#else
93fcfe39 1881 log_cpu_state(env, 0);
f9373291 1882#endif
31b1a7b4 1883 qemu_log_flush();
93fcfe39 1884 qemu_log_close();
924edcae 1885 }
493ae1f0 1886 va_end(ap2);
f9373291 1887 va_end(ap);
fd052bf6
RV		 1888#if defined(CONFIG_USER_ONLY)
1889 {
1890 struct sigaction act;
1891 sigfillset(&act.sa_mask);
1892 act.sa_handler = SIG_DFL;
1893 sigaction(SIGABRT, &act, NULL);
1894 }
1895#endif
7501267e
FB		 1896 abort();
1897}
1898
9349b4f9 1899CPUArchState *cpu_copy(CPUArchState *env)
c5be9f08 1900{
9349b4f9
AF		 1901 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1902 CPUArchState *next_cpu = new_env->next_cpu;
c5be9f08 1903 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1904#if defined(TARGET_HAS_ICE)
1905 CPUBreakpoint *bp;
1906 CPUWatchpoint *wp;
1907#endif
1908
9349b4f9 1909 memcpy(new_env, env, sizeof(CPUArchState));
5a38f081
AL		 1910
1911 /* Preserve chaining and index. */
c5be9f08
TS		 1912 new_env->next_cpu = next_cpu;
1913 new_env->cpu_index = cpu_index;
5a38f081
AL		 1914
1915 /* Clone all break/watchpoints.
1916 Note: Once we support ptrace with hw-debug register access, make sure
1917 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1918 QTAILQ_INIT(&env->breakpoints);
1919 QTAILQ_INIT(&env->watchpoints);
5a38f081 1920#if defined(TARGET_HAS_ICE)
72cf2d4f 1921 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1922 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1923 }
72cf2d4f 1924 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1925 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1926 wp->flags, NULL);
1927 }
1928#endif
1929
c5be9f08
TS		 1930 return new_env;
1931}
1932
0124311e 1933#if !defined(CONFIG_USER_ONLY)
0cac1b66 1934void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
5c751e99
EI		 1935{
1936 unsigned int i;
1937
1938 /* Discard jump cache entries for any tb which might potentially
1939 overlap the flushed page. */
1940 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1941 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1942 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1943
1944 i = tb_jmp_cache_hash_page(addr);
1945 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1946 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1947}
1948
5579c7f3 1949/* Note: start and end must be within the same ram block. */
c227f099 1950void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 1951 int dirty_flags)
1ccde1cb 1952{
8efe0ca8 1953 uintptr_t length, start1;
1ccde1cb
FB		 1954
1955 start &= TARGET_PAGE_MASK;
1956 end = TARGET_PAGE_ALIGN(end);
1957
1958 length = end - start;
1959 if (length == 0)
1960 return;
f7c11b53 1961 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 1962
1ccde1cb
FB		 1963 /* we modify the TLB cache so that the dirty bit will be set again
1964 when accessing the range */
8efe0ca8 1965 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
a57d23e4 1966 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 1967 address comparisons below. */
8efe0ca8 1968 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 1969 != (end - 1) - start) {
1970 abort();
1971 }
e5548617 1972 cpu_tlb_reset_dirty_all(start1, length);
1ccde1cb
FB		 1973}
1974
74576198
AL		 1975int cpu_physical_memory_set_dirty_tracking(int enable)
1976{
f6f3fbca 1977 int ret = 0;
74576198 1978 in_migration = enable;
f6f3fbca 1979 return ret;
74576198
AL		 1980}
1981
e5548617
BS		 1982target_phys_addr_t memory_region_section_get_iotlb(CPUArchState *env,
1983 MemoryRegionSection *section,
1984 target_ulong vaddr,
1985 target_phys_addr_t paddr,
1986 int prot,
1987 target_ulong *address)
1988{
1989 target_phys_addr_t iotlb;
1990 CPUWatchpoint *wp;
1991
cc5bea60 1992 if (memory_region_is_ram(section->mr)) {
e5548617
BS		 1993 /* Normal RAM. */
1994 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 1995 + memory_region_section_addr(section, paddr);
e5548617
BS		 1996 if (!section->readonly) {
1997 iotlb |= phys_section_notdirty;
1998 } else {
1999 iotlb |= phys_section_rom;
2000 }
2001 } else {
2002 /* IO handlers are currently passed a physical address.
2003 It would be nice to pass an offset from the base address
2004 of that region. This would avoid having to special case RAM,
2005 and avoid full address decoding in every device.
2006 We can't use the high bits of pd for this because
2007 IO_MEM_ROMD uses these as a ram address. */
2008 iotlb = section - phys_sections;
cc5bea60 2009 iotlb += memory_region_section_addr(section, paddr);
e5548617
BS		 2010 }
2011
2012 /* Make accesses to pages with watchpoints go via the
2013 watchpoint trap routines. */
2014 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2015 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2016 /* Avoid trapping reads of pages with a write breakpoint. */
2017 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2018 iotlb = phys_section_watch + paddr;
2019 *address |= TLB_MMIO;
2020 break;
2021 }
2022 }
2023 }
2024
2025 return iotlb;
2026}
2027
0124311e 2028#else
edf8e2af
MW		 2029/*
2030 * Walks guest process memory "regions" one by one
2031 * and calls callback function 'fn' for each region.
2032 */
5cd2c5b6
RH		 2033
2034struct walk_memory_regions_data
2035{
2036 walk_memory_regions_fn fn;
2037 void *priv;
8efe0ca8 2038 uintptr_t start;
5cd2c5b6
RH		 2039 int prot;
2040};
2041
2042static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2043 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2044{
2045 if (data->start != -1ul) {
2046 int rc = data->fn(data->priv, data->start, end, data->prot);
2047 if (rc != 0) {
2048 return rc;
2049 }
2050 }
2051
2052 data->start = (new_prot ? end : -1ul);
2053 data->prot = new_prot;
2054
2055 return 0;
2056}
2057
2058static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2059 abi_ulong base, int level, void **lp)
5cd2c5b6 2060{
b480d9b7 2061 abi_ulong pa;
5cd2c5b6
RH		 2062 int i, rc;
2063
2064 if (*lp == NULL) {
2065 return walk_memory_regions_end(data, base, 0);
2066 }
2067
2068 if (level == 0) {
2069 PageDesc *pd = *lp;
7296abac 2070 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2071 int prot = pd[i].flags;
2072
2073 pa = base | (i << TARGET_PAGE_BITS);
2074 if (prot != data->prot) {
2075 rc = walk_memory_regions_end(data, pa, prot);
2076 if (rc != 0) {
2077 return rc;
9fa3e853 2078 }
9fa3e853 2079 }
5cd2c5b6
RH		 2080 }
2081 } else {
2082 void **pp = *lp;
7296abac 2083 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2084 pa = base | ((abi_ulong)i <<
2085 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2086 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2087 if (rc != 0) {
2088 return rc;
2089 }
2090 }
2091 }
2092
2093 return 0;
2094}
2095
2096int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2097{
2098 struct walk_memory_regions_data data;
8efe0ca8 2099 uintptr_t i;
5cd2c5b6
RH		 2100
2101 data.fn = fn;
2102 data.priv = priv;
2103 data.start = -1ul;
2104 data.prot = 0;
2105
2106 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2107 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2108 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2109 if (rc != 0) {
2110 return rc;
9fa3e853 2111 }
33417e70 2112 }
5cd2c5b6
RH		 2113
2114 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2115}
2116
b480d9b7
PB		 2117static int dump_region(void *priv, abi_ulong start,
2118 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2119{
2120 FILE *f = (FILE *)priv;
2121
b480d9b7
PB		 2122 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2123 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2124 start, end, end - start,
2125 ((prot & PAGE_READ) ? 'r' : '-'),
2126 ((prot & PAGE_WRITE) ? 'w' : '-'),
2127 ((prot & PAGE_EXEC) ? 'x' : '-'));
2128
2129 return (0);
2130}
2131
2132/* dump memory mappings */
2133void page_dump(FILE *f)
2134{
2135 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2136 "start", "end", "size", "prot");
2137 walk_memory_regions(f, dump_region);
33417e70
FB		 2138}
2139
53a5960a 2140int page_get_flags(target_ulong address)
33417e70 2141{
9fa3e853
FB		 2142 PageDesc *p;
2143
2144 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2145 if (!p)
9fa3e853
FB		 2146 return 0;
2147 return p->flags;
2148}
2149
376a7909
RH		 2150/* Modify the flags of a page and invalidate the code if necessary.
2151 The flag PAGE_WRITE_ORG is positioned automatically depending
2152 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2153void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2154{
376a7909
RH		 2155 target_ulong addr, len;
2156
2157 /* This function should never be called with addresses outside the
2158 guest address space. If this assert fires, it probably indicates
2159 a missing call to h2g_valid. */
b480d9b7
PB		 2160#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2161 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2162#endif
2163 assert(start < end);
9fa3e853
FB		 2164
2165 start = start & TARGET_PAGE_MASK;
2166 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2167
2168 if (flags & PAGE_WRITE) {
9fa3e853 2169 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2170 }
2171
2172 for (addr = start, len = end - start;
2173 len != 0;
2174 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2175 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2176
2177 /* If the write protection bit is set, then we invalidate
2178 the code inside. */
5fafdf24 2179 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2180 (flags & PAGE_WRITE) &&
2181 p->first_tb) {
d720b93d 2182 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2183 }
2184 p->flags = flags;
2185 }
33417e70
FB		 2186}
2187
3d97b40b
TS		 2188int page_check_range(target_ulong start, target_ulong len, int flags)
2189{
2190 PageDesc *p;
2191 target_ulong end;
2192 target_ulong addr;
2193
376a7909
RH		 2194 /* This function should never be called with addresses outside the
2195 guest address space. If this assert fires, it probably indicates
2196 a missing call to h2g_valid. */
338e9e6c
BS		 2197#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2198 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2199#endif
2200
3e0650a9
RH		 2201 if (len == 0) {
2202 return 0;
2203 }
376a7909
RH		 2204 if (start + len - 1 < start) {
2205 /* We've wrapped around. */
55f280c9 2206 return -1;
376a7909 2207 }
55f280c9 2208
3d97b40b
TS		 2209 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2210 start = start & TARGET_PAGE_MASK;
2211
376a7909
RH		 2212 for (addr = start, len = end - start;
2213 len != 0;
2214 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2215 p = page_find(addr >> TARGET_PAGE_BITS);
2216 if( !p )
2217 return -1;
2218 if( !(p->flags & PAGE_VALID) )
2219 return -1;
2220
dae3270c 2221 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2222 return -1;
dae3270c
FB		 2223 if (flags & PAGE_WRITE) {
2224 if (!(p->flags & PAGE_WRITE_ORG))
2225 return -1;
2226 /* unprotect the page if it was put read-only because it
2227 contains translated code */
2228 if (!(p->flags & PAGE_WRITE)) {
2229 if (!page_unprotect(addr, 0, NULL))
2230 return -1;
2231 }
2232 return 0;
2233 }
3d97b40b
TS		 2234 }
2235 return 0;
2236}
2237
9fa3e853 2238/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2239 page. Return TRUE if the fault was successfully handled. */
6375e09e 2240int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
9fa3e853 2241{
45d679d6
AJ		 2242 unsigned int prot;
2243 PageDesc *p;
53a5960a 2244 target_ulong host_start, host_end, addr;
9fa3e853 2245
c8a706fe
PB		 2246 /* Technically this isn't safe inside a signal handler. However we
2247 know this only ever happens in a synchronous SEGV handler, so in
2248 practice it seems to be ok. */
2249 mmap_lock();
2250
45d679d6
AJ		 2251 p = page_find(address >> TARGET_PAGE_BITS);
2252 if (!p) {
c8a706fe 2253 mmap_unlock();
9fa3e853 2254 return 0;
c8a706fe 2255 }
45d679d6 2256
9fa3e853
FB		 2257 /* if the page was really writable, then we change its
2258 protection back to writable */
45d679d6
AJ		 2259 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2260 host_start = address & qemu_host_page_mask;
2261 host_end = host_start + qemu_host_page_size;
2262
2263 prot = 0;
2264 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2265 p = page_find(addr >> TARGET_PAGE_BITS);
2266 p->flags |= PAGE_WRITE;
2267 prot |= p->flags;
2268
9fa3e853
FB		 2269 /* and since the content will be modified, we must invalidate
2270 the corresponding translated code. */
45d679d6 2271 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2272#ifdef DEBUG_TB_CHECK
45d679d6 2273 tb_invalidate_check(addr);
9fa3e853 2274#endif
9fa3e853 2275 }
45d679d6
AJ		 2276 mprotect((void *)g2h(host_start), qemu_host_page_size,
2277 prot & PAGE_BITS);
2278
2279 mmap_unlock();
2280 return 1;
9fa3e853 2281 }
c8a706fe 2282 mmap_unlock();
9fa3e853
FB		 2283 return 0;
2284}
9fa3e853
FB		 2285#endif /* defined(CONFIG_USER_ONLY) */
2286
e2eef170 2287#if !defined(CONFIG_USER_ONLY)
8da3ff18 2288
c04b2b78
PB		 2289#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2290typedef struct subpage_t {
70c68e44 2291 MemoryRegion iomem;
c04b2b78 2292 target_phys_addr_t base;
5312bd8b 2293 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2294} subpage_t;
2295
c227f099 2296static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2297 uint16_t section);
0f0cb164 2298static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2299static void destroy_page_desc(uint16_t section_index)
54688b1e 2300{
5312bd8b
AK		 2301 MemoryRegionSection *section = &phys_sections[section_index];
2302 MemoryRegion *mr = section->mr;
54688b1e
AK		 2303
2304 if (mr->subpage) {
2305 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2306 memory_region_destroy(&subpage->iomem);
2307 g_free(subpage);
2308 }
2309}
2310
4346ae3e 2311static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2312{
2313 unsigned i;
d6f2ea22 2314 PhysPageEntry *p;
54688b1e 2315
c19e8800 2316 if (lp->ptr == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2317 return;
2318 }
2319
c19e8800 2320 p = phys_map_nodes[lp->ptr];
4346ae3e 2321 for (i = 0; i < L2_SIZE; ++i) {
07f07b31 2322 if (!p[i].is_leaf) {
54688b1e 2323 destroy_l2_mapping(&p[i], level - 1);
4346ae3e 2324 } else {
c19e8800 2325 destroy_page_desc(p[i].ptr);
54688b1e 2326 }
54688b1e 2327 }
07f07b31 2328 lp->is_leaf = 0;
c19e8800 2329 lp->ptr = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2330}
2331
2332static void destroy_all_mappings(void)
2333{
3eef53df 2334 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2335 phys_map_nodes_reset();
54688b1e
AK		 2336}
2337
5312bd8b
AK		 2338static uint16_t phys_section_add(MemoryRegionSection *section)
2339{
2340 if (phys_sections_nb == phys_sections_nb_alloc) {
2341 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2342 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2343 phys_sections_nb_alloc);
2344 }
2345 phys_sections[phys_sections_nb] = *section;
2346 return phys_sections_nb++;
2347}
2348
2349static void phys_sections_clear(void)
2350{
2351 phys_sections_nb = 0;
2352}
2353
8f2498f9
MT		 2354/* register physical memory.
2355 For RAM, 'size' must be a multiple of the target page size.
2356 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2357 io memory page. The address used when calling the IO function is
2358 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2359 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2360 before calculating this offset. This should not be a problem unless
2361 the low bits of start_addr and region_offset differ. */
0f0cb164
AK		 2362static void register_subpage(MemoryRegionSection *section)
2363{
2364 subpage_t *subpage;
2365 target_phys_addr_t base = section->offset_within_address_space
2366 & TARGET_PAGE_MASK;
f3705d53 2367 MemoryRegionSection *existing = phys_page_find(base >> TARGET_PAGE_BITS);
0f0cb164
AK		 2368 MemoryRegionSection subsection = {
2369 .offset_within_address_space = base,
2370 .size = TARGET_PAGE_SIZE,
2371 };
0f0cb164
AK		 2372 target_phys_addr_t start, end;
2373
f3705d53 2374 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 2375
f3705d53 2376 if (!(existing->mr->subpage)) {
0f0cb164
AK		 2377 subpage = subpage_init(base);
2378 subsection.mr = &subpage->iomem;
2999097b
AK		 2379 phys_page_set(base >> TARGET_PAGE_BITS, 1,
2380 phys_section_add(&subsection));
0f0cb164 2381 } else {
f3705d53 2382 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 2383 }
2384 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2385 end = start + section->size;
2386 subpage_register(subpage, start, end, phys_section_add(section));
2387}
2388
2389
2390static void register_multipage(MemoryRegionSection *section)
33417e70 2391{
dd81124b
AK		 2392 target_phys_addr_t start_addr = section->offset_within_address_space;
2393 ram_addr_t size = section->size;
2999097b 2394 target_phys_addr_t addr;
5312bd8b 2395 uint16_t section_index = phys_section_add(section);
dd81124b 2396
3b8e6a2d 2397 assert(size);
f6f3fbca 2398
3b8e6a2d 2399 addr = start_addr;
2999097b
AK		 2400 phys_page_set(addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2401 section_index);
33417e70
FB		 2402}
2403
0f0cb164
AK		 2404void cpu_register_physical_memory_log(MemoryRegionSection *section,
2405 bool readonly)
2406{
2407 MemoryRegionSection now = *section, remain = *section;
2408
2409 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2410 || (now.size < TARGET_PAGE_SIZE)) {
2411 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2412 - now.offset_within_address_space,
2413 now.size);
2414 register_subpage(&now);
2415 remain.size -= now.size;
2416 remain.offset_within_address_space += now.size;
2417 remain.offset_within_region += now.size;
2418 }
2419 now = remain;
2420 now.size &= TARGET_PAGE_MASK;
2421 if (now.size) {
2422 register_multipage(&now);
2423 remain.size -= now.size;
2424 remain.offset_within_address_space += now.size;
2425 remain.offset_within_region += now.size;
2426 }
2427 now = remain;
2428 if (now.size) {
2429 register_subpage(&now);
2430 }
2431}
2432
2433
c227f099 2434void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2435{
2436 if (kvm_enabled())
2437 kvm_coalesce_mmio_region(addr, size);
2438}
2439
c227f099 2440void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2441{
2442 if (kvm_enabled())
2443 kvm_uncoalesce_mmio_region(addr, size);
2444}
2445
62a2744c
SY		 2446void qemu_flush_coalesced_mmio_buffer(void)
2447{
2448 if (kvm_enabled())
2449 kvm_flush_coalesced_mmio_buffer();
2450}
2451
c902760f
MT		 2452#if defined(__linux__) && !defined(TARGET_S390X)
2453
2454#include <sys/vfs.h>
2455
2456#define HUGETLBFS_MAGIC 0x958458f6
2457
2458static long gethugepagesize(const char *path)
2459{
2460 struct statfs fs;
2461 int ret;
2462
2463 do {
9742bf26 2464 ret = statfs(path, &fs);
c902760f
MT		 2465 } while (ret != 0 && errno == EINTR);
2466
2467 if (ret != 0) {
9742bf26
YT		 2468 perror(path);
2469 return 0;
c902760f
MT		 2470 }
2471
2472 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2473 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2474
2475 return fs.f_bsize;
2476}
2477
04b16653
AW		 2478static void *file_ram_alloc(RAMBlock *block,
2479 ram_addr_t memory,
2480 const char *path)
c902760f
MT		 2481{
2482 char *filename;
2483 void *area;
2484 int fd;
2485#ifdef MAP_POPULATE
2486 int flags;
2487#endif
2488 unsigned long hpagesize;
2489
2490 hpagesize = gethugepagesize(path);
2491 if (!hpagesize) {
9742bf26 2492 return NULL;
c902760f
MT		 2493 }
2494
2495 if (memory < hpagesize) {
2496 return NULL;
2497 }
2498
2499 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2500 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2501 return NULL;
2502 }
2503
2504 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2505 return NULL;
c902760f
MT		 2506 }
2507
2508 fd = mkstemp(filename);
2509 if (fd < 0) {
9742bf26
YT		 2510 perror("unable to create backing store for hugepages");
2511 free(filename);
2512 return NULL;
c902760f
MT		 2513 }
2514 unlink(filename);
2515 free(filename);
2516
2517 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2518
2519 /*
2520 * ftruncate is not supported by hugetlbfs in older
2521 * hosts, so don't bother bailing out on errors.
2522 * If anything goes wrong with it under other filesystems,
2523 * mmap will fail.
2524 */
2525 if (ftruncate(fd, memory))
9742bf26 2526 perror("ftruncate");
c902760f
MT		 2527
2528#ifdef MAP_POPULATE
2529 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2530 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2531 * to sidestep this quirk.
2532 */
2533 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2534 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2535#else
2536 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2537#endif
2538 if (area == MAP_FAILED) {
9742bf26
YT		 2539 perror("file_ram_alloc: can't mmap RAM pages");
2540 close(fd);
2541 return (NULL);
c902760f 2542 }
04b16653 2543 block->fd = fd;
c902760f
MT		 2544 return area;
2545}
2546#endif
2547
d17b5288 2548static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2549{
2550 RAMBlock *block, *next_block;
3e837b2c 2551 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2552
2553 if (QLIST_EMPTY(&ram_list.blocks))
2554 return 0;
2555
2556 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2557 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2558
2559 end = block->offset + block->length;
2560
2561 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2562 if (next_block->offset >= end) {
2563 next = MIN(next, next_block->offset);
2564 }
2565 }
2566 if (next - end >= size && next - end < mingap) {
3e837b2c 2567 offset = end;
04b16653
AW		 2568 mingap = next - end;
2569 }
2570 }
3e837b2c
AW		 2571
2572 if (offset == RAM_ADDR_MAX) {
2573 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2574 (uint64_t)size);
2575 abort();
2576 }
2577
04b16653
AW		 2578 return offset;
2579}
2580
2581static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2582{
2583 RAMBlock *block;
2584 ram_addr_t last = 0;
2585
2586 QLIST_FOREACH(block, &ram_list.blocks, next)
2587 last = MAX(last, block->offset + block->length);
2588
2589 return last;
2590}
2591
c5705a77 2592void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2593{
2594 RAMBlock *new_block, *block;
2595
c5705a77
AK		 2596 new_block = NULL;
2597 QLIST_FOREACH(block, &ram_list.blocks, next) {
2598 if (block->offset == addr) {
2599 new_block = block;
2600 break;
2601 }
2602 }
2603 assert(new_block);
2604 assert(!new_block->idstr[0]);
84b89d78
CM		 2605
2606 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2607 char *id = dev->parent_bus->info->get_dev_path(dev);
2608 if (id) {
2609 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2610 g_free(id);
84b89d78
CM		 2611 }
2612 }
2613 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2614
2615 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2616 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2617 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2618 new_block->idstr);
2619 abort();
2620 }
2621 }
c5705a77
AK		 2622}
2623
2624ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2625 MemoryRegion *mr)
2626{
2627 RAMBlock *new_block;
2628
2629 size = TARGET_PAGE_ALIGN(size);
2630 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2631
7c637366 2632 new_block->mr = mr;
432d268c 2633 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2634 if (host) {
2635 new_block->host = host;
cd19cfa2 2636 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2637 } else {
2638 if (mem_path) {
c902760f 2639#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2640 new_block->host = file_ram_alloc(new_block, size, mem_path);
2641 if (!new_block->host) {
2642 new_block->host = qemu_vmalloc(size);
e78815a5 2643 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2644 }
c902760f 2645#else
6977dfe6
YT		 2646 fprintf(stderr, "-mem-path option unsupported\n");
2647 exit(1);
c902760f 2648#endif
6977dfe6 2649 } else {
6b02494d 2650#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2651 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2652 an system defined value, which is at least 256GB. Larger systems
2653 have larger values. We put the guest between the end of data
2654 segment (system break) and this value. We use 32GB as a base to
2655 have enough room for the system break to grow. */
2656 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2657 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2658 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2659 if (new_block->host == MAP_FAILED) {
2660 fprintf(stderr, "Allocating RAM failed\n");
2661 abort();
2662 }
6b02494d 2663#else
868bb33f 2664 if (xen_enabled()) {
fce537d4 2665 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2666 } else {
2667 new_block->host = qemu_vmalloc(size);
2668 }
6b02494d 2669#endif
e78815a5 2670 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2671 }
c902760f 2672 }
94a6b54f
PB		 2673 new_block->length = size;
2674
f471a17e 2675 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2676
7267c094 2677 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2678 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2679 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2680 0xff, size >> TARGET_PAGE_BITS);
2681
6f0437e8
JK		 2682 if (kvm_enabled())
2683 kvm_setup_guest_memory(new_block->host, size);
2684
94a6b54f
PB		 2685 return new_block->offset;
2686}
e9a1ab19 2687
c5705a77 2688ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2689{
c5705a77 2690 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2691}
2692
1f2e98b6
AW		 2693void qemu_ram_free_from_ptr(ram_addr_t addr)
2694{
2695 RAMBlock *block;
2696
2697 QLIST_FOREACH(block, &ram_list.blocks, next) {
2698 if (addr == block->offset) {
2699 QLIST_REMOVE(block, next);
7267c094 2700 g_free(block);
1f2e98b6
AW		 2701 return;
2702 }
2703 }
2704}
2705
c227f099 2706void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2707{
04b16653
AW		 2708 RAMBlock *block;
2709
2710 QLIST_FOREACH(block, &ram_list.blocks, next) {
2711 if (addr == block->offset) {
2712 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2713 if (block->flags & RAM_PREALLOC_MASK) {
2714 ;
2715 } else if (mem_path) {
04b16653
AW		 2716#if defined (__linux__) && !defined(TARGET_S390X)
2717 if (block->fd) {
2718 munmap(block->host, block->length);
2719 close(block->fd);
2720 } else {
2721 qemu_vfree(block->host);
2722 }
fd28aa13
JK		 2723#else
2724 abort();
04b16653
AW		 2725#endif
2726 } else {
2727#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2728 munmap(block->host, block->length);
2729#else
868bb33f 2730 if (xen_enabled()) {
e41d7c69 2731 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2732 } else {
2733 qemu_vfree(block->host);
2734 }
04b16653
AW		 2735#endif
2736 }
7267c094 2737 g_free(block);
04b16653
AW		 2738 return;
2739 }
2740 }
2741
e9a1ab19
FB		 2742}
2743
cd19cfa2
HY		 2744#ifndef _WIN32
2745void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2746{
2747 RAMBlock *block;
2748 ram_addr_t offset;
2749 int flags;
2750 void *area, *vaddr;
2751
2752 QLIST_FOREACH(block, &ram_list.blocks, next) {
2753 offset = addr - block->offset;
2754 if (offset < block->length) {
2755 vaddr = block->host + offset;
2756 if (block->flags & RAM_PREALLOC_MASK) {
2757 ;
2758 } else {
2759 flags = MAP_FIXED;
2760 munmap(vaddr, length);
2761 if (mem_path) {
2762#if defined(__linux__) && !defined(TARGET_S390X)
2763 if (block->fd) {
2764#ifdef MAP_POPULATE
2765 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2766 MAP_PRIVATE;
2767#else
2768 flags |= MAP_PRIVATE;
2769#endif
2770 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2771 flags, block->fd, offset);
2772 } else {
2773 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2774 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2775 flags, -1, 0);
2776 }
fd28aa13
JK		 2777#else
2778 abort();
cd19cfa2
HY		 2779#endif
2780 } else {
2781#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2782 flags |= MAP_SHARED | MAP_ANONYMOUS;
2783 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2784 flags, -1, 0);
2785#else
2786 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2787 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2788 flags, -1, 0);
2789#endif
2790 }
2791 if (area != vaddr) {
f15fbc4b
AP		 2792 fprintf(stderr, "Could not remap addr: "
2793 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 2794 length, addr);
2795 exit(1);
2796 }
2797 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
2798 }
2799 return;
2800 }
2801 }
2802}
2803#endif /* !_WIN32 */
2804
dc828ca1 2805/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 2806 With the exception of the softmmu code in this file, this should
2807 only be used for local memory (e.g. video ram) that the device owns,
2808 and knows it isn't going to access beyond the end of the block.
2809
2810 It should not be used for general purpose DMA.
2811 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2812 */
c227f099 2813void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 2814{
94a6b54f
PB		 2815 RAMBlock *block;
2816
f471a17e
AW		 2817 QLIST_FOREACH(block, &ram_list.blocks, next) {
2818 if (addr - block->offset < block->length) {
7d82af38
VP		 2819 /* Move this entry to to start of the list. */
2820 if (block != QLIST_FIRST(&ram_list.blocks)) {
2821 QLIST_REMOVE(block, next);
2822 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2823 }
868bb33f 2824 if (xen_enabled()) {
432d268c
JN		 2825 /* We need to check if the requested address is in the RAM
2826 * because we don't want to map the entire memory in QEMU.
712c2b41 2827 * In that case just map until the end of the page.
432d268c
JN		 2828 */
2829 if (block->offset == 0) {
e41d7c69 2830 return xen_map_cache(addr, 0, 0);
432d268c 2831 } else if (block->host == NULL) {
e41d7c69
JK		 2832 block->host =
2833 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2834 }
2835 }
f471a17e
AW		 2836 return block->host + (addr - block->offset);
2837 }
94a6b54f 2838 }
f471a17e
AW		 2839
2840 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2841 abort();
2842
2843 return NULL;
dc828ca1
PB		 2844}
2845
b2e0a138
MT		 2846/* Return a host pointer to ram allocated with qemu_ram_alloc.
2847 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2848 */
2849void *qemu_safe_ram_ptr(ram_addr_t addr)
2850{
2851 RAMBlock *block;
2852
2853 QLIST_FOREACH(block, &ram_list.blocks, next) {
2854 if (addr - block->offset < block->length) {
868bb33f 2855 if (xen_enabled()) {
432d268c
JN		 2856 /* We need to check if the requested address is in the RAM
2857 * because we don't want to map the entire memory in QEMU.
712c2b41 2858 * In that case just map until the end of the page.
432d268c
JN		 2859 */
2860 if (block->offset == 0) {
e41d7c69 2861 return xen_map_cache(addr, 0, 0);
432d268c 2862 } else if (block->host == NULL) {
e41d7c69
JK		 2863 block->host =
2864 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 2865 }
2866 }
b2e0a138
MT		 2867 return block->host + (addr - block->offset);
2868 }
2869 }
2870
2871 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2872 abort();
2873
2874 return NULL;
2875}
2876
38bee5dc
SS		 2877/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2878 * but takes a size argument */
8ab934f9 2879void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 2880{
8ab934f9
SS		 2881 if (*size == 0) {
2882 return NULL;
2883 }
868bb33f 2884 if (xen_enabled()) {
e41d7c69 2885 return xen_map_cache(addr, *size, 1);
868bb33f 2886 } else {
38bee5dc
SS		 2887 RAMBlock *block;
2888
2889 QLIST_FOREACH(block, &ram_list.blocks, next) {
2890 if (addr - block->offset < block->length) {
2891 if (addr - block->offset + *size > block->length)
2892 *size = block->length - addr + block->offset;
2893 return block->host + (addr - block->offset);
2894 }
2895 }
2896
2897 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2898 abort();
38bee5dc
SS		 2899 }
2900}
2901
050a0ddf
AP		 2902void qemu_put_ram_ptr(void *addr)
2903{
2904 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 2905}
2906
e890261f 2907int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 2908{
94a6b54f
PB		 2909 RAMBlock *block;
2910 uint8_t *host = ptr;
2911
868bb33f 2912 if (xen_enabled()) {
e41d7c69 2913 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 2914 return 0;
2915 }
2916
f471a17e 2917 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 2918 /* This case append when the block is not mapped. */
2919 if (block->host == NULL) {
2920 continue;
2921 }
f471a17e 2922 if (host - block->host < block->length) {
e890261f
MT		 2923 *ram_addr = block->offset + (host - block->host);
2924 return 0;
f471a17e 2925 }
94a6b54f 2926 }
432d268c 2927
e890261f
MT		 2928 return -1;
2929}
f471a17e 2930
e890261f
MT		 2931/* Some of the softmmu routines need to translate from a host pointer
2932 (typically a TLB entry) back to a ram offset. */
2933ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2934{
2935 ram_addr_t ram_addr;
f471a17e 2936
e890261f
MT		 2937 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2938 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2939 abort();
2940 }
2941 return ram_addr;
5579c7f3
PB		 2942}
2943
0e0df1e2
AK		 2944static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
2945 unsigned size)
e18231a3
BS		 2946{
2947#ifdef DEBUG_UNASSIGNED
2948 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2949#endif
5b450407 2950#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2951 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 2952#endif
2953 return 0;
2954}
2955
0e0df1e2
AK		 2956static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
2957 uint64_t val, unsigned size)
e18231a3
BS		 2958{
2959#ifdef DEBUG_UNASSIGNED
0e0df1e2 2960 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 2961#endif
5b450407 2962#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 2963 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 2964#endif
33417e70
FB		 2965}
2966
0e0df1e2
AK		 2967static const MemoryRegionOps unassigned_mem_ops = {
2968 .read = unassigned_mem_read,
2969 .write = unassigned_mem_write,
2970 .endianness = DEVICE_NATIVE_ENDIAN,
2971};
e18231a3 2972
0e0df1e2
AK		 2973static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
2974 unsigned size)
e18231a3 2975{
0e0df1e2 2976 abort();
e18231a3
BS		 2977}
2978
0e0df1e2
AK		 2979static void error_mem_write(void *opaque, target_phys_addr_t addr,
2980 uint64_t value, unsigned size)
e18231a3 2981{
0e0df1e2 2982 abort();
33417e70
FB		 2983}
2984
0e0df1e2
AK		 2985static const MemoryRegionOps error_mem_ops = {
2986 .read = error_mem_read,
2987 .write = error_mem_write,
2988 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2989};
2990
0e0df1e2
AK		 2991static const MemoryRegionOps rom_mem_ops = {
2992 .read = error_mem_read,
2993 .write = unassigned_mem_write,
2994 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 2995};
2996
0e0df1e2
AK		 2997static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
2998 uint64_t val, unsigned size)
9fa3e853 2999{
3a7d929e 3000 int dirty_flags;
f7c11b53 3001 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3002 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3003#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3004 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3005 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3006#endif
3a7d929e 3007 }
0e0df1e2
AK		 3008 switch (size) {
3009 case 1:
3010 stb_p(qemu_get_ram_ptr(ram_addr), val);
3011 break;
3012 case 2:
3013 stw_p(qemu_get_ram_ptr(ram_addr), val);
3014 break;
3015 case 4:
3016 stl_p(qemu_get_ram_ptr(ram_addr), val);
3017 break;
3018 default:
3019 abort();
3a7d929e 3020 }
f23db169 3021 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3022 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3023 /* we remove the notdirty callback only if the code has been
3024 flushed */
3025 if (dirty_flags == 0xff)
2e70f6ef 3026 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3027}
3028
0e0df1e2
AK		 3029static const MemoryRegionOps notdirty_mem_ops = {
3030 .read = error_mem_read,
3031 .write = notdirty_mem_write,
3032 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3033};
3034
0f459d16 3035/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3036static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16 3037{
9349b4f9 3038 CPUArchState *env = cpu_single_env;
06d55cc1
AL		 3039 target_ulong pc, cs_base;
3040 TranslationBlock *tb;
0f459d16 3041 target_ulong vaddr;
a1d1bb31 3042 CPUWatchpoint *wp;
06d55cc1 3043 int cpu_flags;
0f459d16 3044
06d55cc1
AL		 3045 if (env->watchpoint_hit) {
3046 /* We re-entered the check after replacing the TB. Now raise
3047 * the debug interrupt so that is will trigger after the
3048 * current instruction. */
3049 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3050 return;
3051 }
2e70f6ef 3052 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3053 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3054 if ((vaddr == (wp->vaddr & len_mask) ||
3055 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3056 wp->flags |= BP_WATCHPOINT_HIT;
3057 if (!env->watchpoint_hit) {
3058 env->watchpoint_hit = wp;
3059 tb = tb_find_pc(env->mem_io_pc);
3060 if (!tb) {
3061 cpu_abort(env, "check_watchpoint: could not find TB for "
3062 "pc=%p", (void *)env->mem_io_pc);
3063 }
618ba8e6 3064 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3065 tb_phys_invalidate(tb, -1);
3066 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3067 env->exception_index = EXCP_DEBUG;
488d6577 3068 cpu_loop_exit(env);
6e140f28
AL		 3069 } else {
3070 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3071 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
488d6577 3072 cpu_resume_from_signal(env, NULL);
6e140f28 3073 }
06d55cc1 3074 }
6e140f28
AL		 3075 } else {
3076 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3077 }
3078 }
3079}
3080
6658ffb8
PB		 3081/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3082 so these check for a hit then pass through to the normal out-of-line
3083 phys routines. */
1ec9b909
AK		 3084static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3085 unsigned size)
6658ffb8 3086{
1ec9b909
AK		 3087 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3088 switch (size) {
3089 case 1: return ldub_phys(addr);
3090 case 2: return lduw_phys(addr);
3091 case 4: return ldl_phys(addr);
3092 default: abort();
3093 }
6658ffb8
PB		 3094}
3095
1ec9b909
AK		 3096static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3097 uint64_t val, unsigned size)
6658ffb8 3098{
1ec9b909
AK		 3099 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3100 switch (size) {
67364150
MF		 3101 case 1:
3102 stb_phys(addr, val);
3103 break;
3104 case 2:
3105 stw_phys(addr, val);
3106 break;
3107 case 4:
3108 stl_phys(addr, val);
3109 break;
1ec9b909
AK		 3110 default: abort();
3111 }
6658ffb8
PB		 3112}
3113
1ec9b909
AK		 3114static const MemoryRegionOps watch_mem_ops = {
3115 .read = watch_mem_read,
3116 .write = watch_mem_write,
3117 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3118};
6658ffb8 3119
70c68e44
AK		 3120static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3121 unsigned len)
db7b5426 3122{
70c68e44 3123 subpage_t *mmio = opaque;
f6405247 3124 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3125 MemoryRegionSection *section;
db7b5426
BS		 3126#if defined(DEBUG_SUBPAGE)
3127 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3128 mmio, len, addr, idx);
3129#endif
db7b5426 3130
5312bd8b
AK		 3131 section = &phys_sections[mmio->sub_section[idx]];
3132 addr += mmio->base;
3133 addr -= section->offset_within_address_space;
3134 addr += section->offset_within_region;
37ec01d4 3135 return io_mem_read(section->mr, addr, len);
db7b5426
BS		 3136}
3137
70c68e44
AK		 3138static void subpage_write(void *opaque, target_phys_addr_t addr,
3139 uint64_t value, unsigned len)
db7b5426 3140{
70c68e44 3141 subpage_t *mmio = opaque;
f6405247 3142 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3143 MemoryRegionSection *section;
db7b5426 3144#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3145 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3146 " idx %d value %"PRIx64"\n",
f6405247 3147 __func__, mmio, len, addr, idx, value);
db7b5426 3148#endif
f6405247 3149
5312bd8b
AK		 3150 section = &phys_sections[mmio->sub_section[idx]];
3151 addr += mmio->base;
3152 addr -= section->offset_within_address_space;
3153 addr += section->offset_within_region;
37ec01d4 3154 io_mem_write(section->mr, addr, value, len);
db7b5426
BS		 3155}
3156
70c68e44
AK		 3157static const MemoryRegionOps subpage_ops = {
3158 .read = subpage_read,
3159 .write = subpage_write,
3160 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3161};
3162
de712f94
AK		 3163static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3164 unsigned size)
56384e8b
AF		 3165{
3166 ram_addr_t raddr = addr;
3167 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3168 switch (size) {
3169 case 1: return ldub_p(ptr);
3170 case 2: return lduw_p(ptr);
3171 case 4: return ldl_p(ptr);
3172 default: abort();
3173 }
56384e8b
AF		 3174}
3175
de712f94
AK		 3176static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3177 uint64_t value, unsigned size)
56384e8b
AF		 3178{
3179 ram_addr_t raddr = addr;
3180 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3181 switch (size) {
3182 case 1: return stb_p(ptr, value);
3183 case 2: return stw_p(ptr, value);
3184 case 4: return stl_p(ptr, value);
3185 default: abort();
3186 }
56384e8b
AF		 3187}
3188
de712f94
AK		 3189static const MemoryRegionOps subpage_ram_ops = {
3190 .read = subpage_ram_read,
3191 .write = subpage_ram_write,
3192 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3193};
3194
c227f099 3195static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3196 uint16_t section)
db7b5426
BS		 3197{
3198 int idx, eidx;
3199
3200 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3201 return -1;
3202 idx = SUBPAGE_IDX(start);
3203 eidx = SUBPAGE_IDX(end);
3204#if defined(DEBUG_SUBPAGE)
0bf9e31a 3205 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3206 mmio, start, end, idx, eidx, memory);
3207#endif
5312bd8b
AK		 3208 if (memory_region_is_ram(phys_sections[section].mr)) {
3209 MemoryRegionSection new_section = phys_sections[section];
3210 new_section.mr = &io_mem_subpage_ram;
3211 section = phys_section_add(&new_section);
56384e8b 3212 }
db7b5426 3213 for (; idx <= eidx; idx++) {
5312bd8b 3214 mmio->sub_section[idx] = section;
db7b5426
BS		 3215 }
3216
3217 return 0;
3218}
3219
0f0cb164 3220static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3221{
c227f099 3222 subpage_t *mmio;
db7b5426 3223
7267c094 3224 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3225
3226 mmio->base = base;
70c68e44
AK		 3227 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3228 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3229 mmio->iomem.subpage = true;
db7b5426 3230#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3231 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3232 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3233#endif
0f0cb164 3234 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3235
3236 return mmio;
3237}
3238
5312bd8b
AK		 3239static uint16_t dummy_section(MemoryRegion *mr)
3240{
3241 MemoryRegionSection section = {
3242 .mr = mr,
3243 .offset_within_address_space = 0,
3244 .offset_within_region = 0,
3245 .size = UINT64_MAX,
3246 };
3247
3248 return phys_section_add(&section);
3249}
3250
37ec01d4 3251MemoryRegion *iotlb_to_region(target_phys_addr_t index)
aa102231 3252{
37ec01d4 3253 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 3254}
3255
e9179ce1
AK		 3256static void io_mem_init(void)
3257{
0e0df1e2 3258 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
0e0df1e2
AK		 3259 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3260 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3261 "unassigned", UINT64_MAX);
3262 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3263 "notdirty", UINT64_MAX);
de712f94
AK		 3264 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3265 "subpage-ram", UINT64_MAX);
1ec9b909
AK		 3266 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3267 "watch", UINT64_MAX);
e9179ce1
AK		 3268}
3269
50c1e149
AK		 3270static void core_begin(MemoryListener *listener)
3271{
54688b1e 3272 destroy_all_mappings();
5312bd8b 3273 phys_sections_clear();
c19e8800 3274 phys_map.ptr = PHYS_MAP_NODE_NIL;
5312bd8b 3275 phys_section_unassigned = dummy_section(&io_mem_unassigned);
aa102231
AK		 3276 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3277 phys_section_rom = dummy_section(&io_mem_rom);
3278 phys_section_watch = dummy_section(&io_mem_watch);
50c1e149
AK		 3279}
3280
3281static void core_commit(MemoryListener *listener)
3282{
9349b4f9 3283 CPUArchState *env;
117712c3
AK		 3284
3285 /* since each CPU stores ram addresses in its TLB cache, we must
3286 reset the modified entries */
3287 /* XXX: slow ! */
3288 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3289 tlb_flush(env, 1);
3290 }
50c1e149
AK		 3291}
3292
93632747
AK		 3293static void core_region_add(MemoryListener *listener,
3294 MemoryRegionSection *section)
3295{
4855d41a 3296 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3297}
3298
3299static void core_region_del(MemoryListener *listener,
3300 MemoryRegionSection *section)
3301{
93632747
AK		 3302}
3303
50c1e149
AK		 3304static void core_region_nop(MemoryListener *listener,
3305 MemoryRegionSection *section)
3306{
54688b1e 3307 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3308}
3309
93632747
AK		 3310static void core_log_start(MemoryListener *listener,
3311 MemoryRegionSection *section)
3312{
3313}
3314
3315static void core_log_stop(MemoryListener *listener,
3316 MemoryRegionSection *section)
3317{
3318}
3319
3320static void core_log_sync(MemoryListener *listener,
3321 MemoryRegionSection *section)
3322{
3323}
3324
3325static void core_log_global_start(MemoryListener *listener)
3326{
3327 cpu_physical_memory_set_dirty_tracking(1);
3328}
3329
3330static void core_log_global_stop(MemoryListener *listener)
3331{
3332 cpu_physical_memory_set_dirty_tracking(0);
3333}
3334
3335static void core_eventfd_add(MemoryListener *listener,
3336 MemoryRegionSection *section,
3337 bool match_data, uint64_t data, int fd)
3338{
3339}
3340
3341static void core_eventfd_del(MemoryListener *listener,
3342 MemoryRegionSection *section,
3343 bool match_data, uint64_t data, int fd)
3344{
3345}
3346
50c1e149
AK		 3347static void io_begin(MemoryListener *listener)
3348{
3349}
3350
3351static void io_commit(MemoryListener *listener)
3352{
3353}
3354
4855d41a
AK		 3355static void io_region_add(MemoryListener *listener,
3356 MemoryRegionSection *section)
3357{
a2d33521
AK		 3358 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3359
3360 mrio->mr = section->mr;
3361 mrio->offset = section->offset_within_region;
3362 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
4855d41a 3363 section->offset_within_address_space, section->size);
a2d33521 3364 ioport_register(&mrio->iorange);
4855d41a
AK		 3365}
3366
3367static void io_region_del(MemoryListener *listener,
3368 MemoryRegionSection *section)
3369{
3370 isa_unassign_ioport(section->offset_within_address_space, section->size);
3371}
3372
50c1e149
AK		 3373static void io_region_nop(MemoryListener *listener,
3374 MemoryRegionSection *section)
3375{
3376}
3377
4855d41a
AK		 3378static void io_log_start(MemoryListener *listener,
3379 MemoryRegionSection *section)
3380{
3381}
3382
3383static void io_log_stop(MemoryListener *listener,
3384 MemoryRegionSection *section)
3385{
3386}
3387
3388static void io_log_sync(MemoryListener *listener,
3389 MemoryRegionSection *section)
3390{
3391}
3392
3393static void io_log_global_start(MemoryListener *listener)
3394{
3395}
3396
3397static void io_log_global_stop(MemoryListener *listener)
3398{
3399}
3400
3401static void io_eventfd_add(MemoryListener *listener,
3402 MemoryRegionSection *section,
3403 bool match_data, uint64_t data, int fd)
3404{
3405}
3406
3407static void io_eventfd_del(MemoryListener *listener,
3408 MemoryRegionSection *section,
3409 bool match_data, uint64_t data, int fd)
3410{
3411}
3412
93632747 3413static MemoryListener core_memory_listener = {
50c1e149
AK		 3414 .begin = core_begin,
3415 .commit = core_commit,
93632747
AK		 3416 .region_add = core_region_add,
3417 .region_del = core_region_del,
50c1e149 3418 .region_nop = core_region_nop,
93632747
AK		 3419 .log_start = core_log_start,
3420 .log_stop = core_log_stop,
3421 .log_sync = core_log_sync,
3422 .log_global_start = core_log_global_start,
3423 .log_global_stop = core_log_global_stop,
3424 .eventfd_add = core_eventfd_add,
3425 .eventfd_del = core_eventfd_del,
3426 .priority = 0,
3427};
3428
4855d41a 3429static MemoryListener io_memory_listener = {
50c1e149
AK		 3430 .begin = io_begin,
3431 .commit = io_commit,
4855d41a
AK		 3432 .region_add = io_region_add,
3433 .region_del = io_region_del,
50c1e149 3434 .region_nop = io_region_nop,
4855d41a
AK		 3435 .log_start = io_log_start,
3436 .log_stop = io_log_stop,
3437 .log_sync = io_log_sync,
3438 .log_global_start = io_log_global_start,
3439 .log_global_stop = io_log_global_stop,
3440 .eventfd_add = io_eventfd_add,
3441 .eventfd_del = io_eventfd_del,
3442 .priority = 0,
3443};
3444
62152b8a
AK		 3445static void memory_map_init(void)
3446{
7267c094 3447 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3448 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3449 set_system_memory_map(system_memory);
309cb471 3450
7267c094 3451 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3452 memory_region_init(system_io, "io", 65536);
3453 set_system_io_map(system_io);
93632747 3454
4855d41a
AK		 3455 memory_listener_register(&core_memory_listener, system_memory);
3456 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3457}
3458
3459MemoryRegion *get_system_memory(void)
3460{
3461 return system_memory;
3462}
3463
309cb471
AK		 3464MemoryRegion *get_system_io(void)
3465{
3466 return system_io;
3467}
3468
e2eef170
PB		 3469#endif /* !defined(CONFIG_USER_ONLY) */
3470
13eb76e0
FB		 3471/* physical memory access (slow version, mainly for debug) */
3472#if defined(CONFIG_USER_ONLY)
9349b4f9 3473int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
a68fe89c 3474 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3475{
3476 int l, flags;
3477 target_ulong page;
53a5960a 3478 void * p;
13eb76e0
FB		 3479
3480 while (len > 0) {
3481 page = addr & TARGET_PAGE_MASK;
3482 l = (page + TARGET_PAGE_SIZE) - addr;
3483 if (l > len)
3484 l = len;
3485 flags = page_get_flags(page);
3486 if (!(flags & PAGE_VALID))
a68fe89c 3487 return -1;
13eb76e0
FB		 3488 if (is_write) {
3489 if (!(flags & PAGE_WRITE))
a68fe89c 3490 return -1;
579a97f7 3491 /* XXX: this code should not depend on lock_user */
72fb7daa 3492 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3493 return -1;
72fb7daa
AJ		 3494 memcpy(p, buf, l);
3495 unlock_user(p, addr, l);
13eb76e0
FB		 3496 } else {
3497 if (!(flags & PAGE_READ))
a68fe89c 3498 return -1;
579a97f7 3499 /* XXX: this code should not depend on lock_user */
72fb7daa 3500 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3501 return -1;
72fb7daa 3502 memcpy(buf, p, l);
5b257578 3503 unlock_user(p, addr, 0);
13eb76e0
FB		 3504 }
3505 len -= l;
3506 buf += l;
3507 addr += l;
3508 }
a68fe89c 3509 return 0;
13eb76e0 3510}
8df1cd07 3511
13eb76e0 3512#else
c227f099 3513void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3514 int len, int is_write)
3515{
37ec01d4 3516 int l;
13eb76e0
FB		 3517 uint8_t *ptr;
3518 uint32_t val;
c227f099 3519 target_phys_addr_t page;
f3705d53 3520 MemoryRegionSection *section;
3b46e624 3521
13eb76e0
FB		 3522 while (len > 0) {
3523 page = addr & TARGET_PAGE_MASK;
3524 l = (page + TARGET_PAGE_SIZE) - addr;
3525 if (l > len)
3526 l = len;
06ef3525 3527 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3528
13eb76e0 3529 if (is_write) {
f3705d53 3530 if (!memory_region_is_ram(section->mr)) {
f1f6e3b8 3531 target_phys_addr_t addr1;
cc5bea60 3532 addr1 = memory_region_section_addr(section, addr);
6a00d601
FB		 3533 /* XXX: could force cpu_single_env to NULL to avoid
3534 potential bugs */
6c2934db 3535 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3536 /* 32 bit write access */
c27004ec 3537 val = ldl_p(buf);
37ec01d4 3538 io_mem_write(section->mr, addr1, val, 4);
13eb76e0 3539 l = 4;
6c2934db 3540 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3541 /* 16 bit write access */
c27004ec 3542 val = lduw_p(buf);
37ec01d4 3543 io_mem_write(section->mr, addr1, val, 2);
13eb76e0
FB		 3544 l = 2;
3545 } else {
1c213d19 3546 /* 8 bit write access */
c27004ec 3547 val = ldub_p(buf);
37ec01d4 3548 io_mem_write(section->mr, addr1, val, 1);
13eb76e0
FB		 3549 l = 1;
3550 }
f3705d53 3551 } else if (!section->readonly) {
8ca5692d 3552 ram_addr_t addr1;
f3705d53 3553 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3554 + memory_region_section_addr(section, addr);
13eb76e0 3555 /* RAM case */
5579c7f3 3556 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3557 memcpy(ptr, buf, l);
3a7d929e
FB		 3558 if (!cpu_physical_memory_is_dirty(addr1)) {
3559 /* invalidate code */
3560 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3561 /* set dirty bit */
f7c11b53
YT		 3562 cpu_physical_memory_set_dirty_flags(
3563 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3564 }
050a0ddf 3565 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3566 }
3567 } else {
cc5bea60
BS		 3568 if (!(memory_region_is_ram(section->mr) ||
3569 memory_region_is_romd(section->mr))) {
f1f6e3b8 3570 target_phys_addr_t addr1;
13eb76e0 3571 /* I/O case */
cc5bea60 3572 addr1 = memory_region_section_addr(section, addr);
6c2934db 3573 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3574 /* 32 bit read access */
37ec01d4 3575 val = io_mem_read(section->mr, addr1, 4);
c27004ec 3576 stl_p(buf, val);
13eb76e0 3577 l = 4;
6c2934db 3578 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3579 /* 16 bit read access */
37ec01d4 3580 val = io_mem_read(section->mr, addr1, 2);
c27004ec 3581 stw_p(buf, val);
13eb76e0
FB		 3582 l = 2;
3583 } else {
1c213d19 3584 /* 8 bit read access */
37ec01d4 3585 val = io_mem_read(section->mr, addr1, 1);
c27004ec 3586 stb_p(buf, val);
13eb76e0
FB		 3587 l = 1;
3588 }
3589 } else {
3590 /* RAM case */
0a1b357f 3591 ptr = qemu_get_ram_ptr(section->mr->ram_addr
cc5bea60
BS		 3592 + memory_region_section_addr(section,
3593 addr));
f3705d53 3594 memcpy(buf, ptr, l);
050a0ddf 3595 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3596 }
3597 }
3598 len -= l;
3599 buf += l;
3600 addr += l;
3601 }
3602}
8df1cd07 3603
d0ecd2aa 3604/* used for ROM loading : can write in RAM and ROM */
c227f099 3605void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3606 const uint8_t *buf, int len)
3607{
3608 int l;
3609 uint8_t *ptr;
c227f099 3610 target_phys_addr_t page;
f3705d53 3611 MemoryRegionSection *section;
3b46e624 3612
d0ecd2aa
FB		 3613 while (len > 0) {
3614 page = addr & TARGET_PAGE_MASK;
3615 l = (page + TARGET_PAGE_SIZE) - addr;
3616 if (l > len)
3617 l = len;
06ef3525 3618 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3619
cc5bea60
BS		 3620 if (!(memory_region_is_ram(section->mr) ||
3621 memory_region_is_romd(section->mr))) {
d0ecd2aa
FB		 3622 /* do nothing */
3623 } else {
3624 unsigned long addr1;
f3705d53 3625 addr1 = memory_region_get_ram_addr(section->mr)
cc5bea60 3626 + memory_region_section_addr(section, addr);
d0ecd2aa 3627 /* ROM/RAM case */
5579c7f3 3628 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3629 memcpy(ptr, buf, l);
050a0ddf 3630 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3631 }
3632 len -= l;
3633 buf += l;
3634 addr += l;
3635 }
3636}
3637
6d16c2f8
AL		 3638typedef struct {
3639 void *buffer;
c227f099
AL		 3640 target_phys_addr_t addr;
3641 target_phys_addr_t len;
6d16c2f8
AL		 3642} BounceBuffer;
3643
3644static BounceBuffer bounce;
3645
ba223c29
AL		 3646typedef struct MapClient {
3647 void *opaque;
3648 void (*callback)(void *opaque);
72cf2d4f 3649 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3650} MapClient;
3651
72cf2d4f
BS		 3652static QLIST_HEAD(map_client_list, MapClient) map_client_list
3653 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3654
3655void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3656{
7267c094 3657 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3658
3659 client->opaque = opaque;
3660 client->callback = callback;
72cf2d4f 3661 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3662 return client;
3663}
3664
3665void cpu_unregister_map_client(void *_client)
3666{
3667 MapClient *client = (MapClient *)_client;
3668
72cf2d4f 3669 QLIST_REMOVE(client, link);
7267c094 3670 g_free(client);
ba223c29
AL		 3671}
3672
3673static void cpu_notify_map_clients(void)
3674{
3675 MapClient *client;
3676
72cf2d4f
BS		 3677 while (!QLIST_EMPTY(&map_client_list)) {
3678 client = QLIST_FIRST(&map_client_list);
ba223c29 3679 client->callback(client->opaque);
34d5e948 3680 cpu_unregister_map_client(client);
ba223c29
AL		 3681 }
3682}
3683
6d16c2f8
AL		 3684/* Map a physical memory region into a host virtual address.
3685 * May map a subset of the requested range, given by and returned in *plen.
3686 * May return NULL if resources needed to perform the mapping are exhausted.
3687 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3688 * Use cpu_register_map_client() to know when retrying the map operation is
3689 * likely to succeed.
6d16c2f8 3690 */
c227f099
AL		 3691void *cpu_physical_memory_map(target_phys_addr_t addr,
3692 target_phys_addr_t *plen,
6d16c2f8
AL		 3693 int is_write)
3694{
c227f099 3695 target_phys_addr_t len = *plen;
38bee5dc 3696 target_phys_addr_t todo = 0;
6d16c2f8 3697 int l;
c227f099 3698 target_phys_addr_t page;
f3705d53 3699 MemoryRegionSection *section;
f15fbc4b 3700 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3701 ram_addr_t rlen;
3702 void *ret;
6d16c2f8
AL		 3703
3704 while (len > 0) {
3705 page = addr & TARGET_PAGE_MASK;
3706 l = (page + TARGET_PAGE_SIZE) - addr;
3707 if (l > len)
3708 l = len;
06ef3525 3709 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3710
f3705d53 3711 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
38bee5dc 3712 if (todo || bounce.buffer) {
6d16c2f8
AL		 3713 break;
3714 }
3715 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3716 bounce.addr = addr;
3717 bounce.len = l;
3718 if (!is_write) {
54f7b4a3 3719 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 3720 }
38bee5dc
SS		 3721
3722 *plen = l;
3723 return bounce.buffer;
6d16c2f8 3724 }
8ab934f9 3725 if (!todo) {
f3705d53 3726 raddr = memory_region_get_ram_addr(section->mr)
cc5bea60 3727 + memory_region_section_addr(section, addr);
8ab934f9 3728 }
6d16c2f8
AL		 3729
3730 len -= l;
3731 addr += l;
38bee5dc 3732 todo += l;
6d16c2f8 3733 }
8ab934f9
SS		 3734 rlen = todo;
3735 ret = qemu_ram_ptr_length(raddr, &rlen);
3736 *plen = rlen;
3737 return ret;
6d16c2f8
AL		 3738}
3739
3740/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
3741 * Will also mark the memory as dirty if is_write == 1. access_len gives
3742 * the amount of memory that was actually read or written by the caller.
3743 */
c227f099
AL		 3744void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
3745 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 3746{
3747 if (buffer != bounce.buffer) {
3748 if (is_write) {
e890261f 3749 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 3750 while (access_len) {
3751 unsigned l;
3752 l = TARGET_PAGE_SIZE;
3753 if (l > access_len)
3754 l = access_len;
3755 if (!cpu_physical_memory_is_dirty(addr1)) {
3756 /* invalidate code */
3757 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3758 /* set dirty bit */
f7c11b53
YT		 3759 cpu_physical_memory_set_dirty_flags(
3760 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 3761 }
3762 addr1 += l;
3763 access_len -= l;
3764 }
3765 }
868bb33f 3766 if (xen_enabled()) {
e41d7c69 3767 xen_invalidate_map_cache_entry(buffer);
050a0ddf 3768 }
6d16c2f8
AL		 3769 return;
3770 }
3771 if (is_write) {
3772 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
3773 }
f8a83245 3774 qemu_vfree(bounce.buffer);
6d16c2f8 3775 bounce.buffer = NULL;
ba223c29 3776 cpu_notify_map_clients();
6d16c2f8 3777}
d0ecd2aa 3778
8df1cd07 3779/* warning: addr must be aligned */
1e78bcc1
AG		 3780static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
3781 enum device_endian endian)
8df1cd07 3782{
8df1cd07
FB		 3783 uint8_t *ptr;
3784 uint32_t val;
f3705d53 3785 MemoryRegionSection *section;
8df1cd07 3786
06ef3525 3787 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3788
cc5bea60
BS		 3789 if (!(memory_region_is_ram(section->mr) ||
3790 memory_region_is_romd(section->mr))) {
8df1cd07 3791 /* I/O case */
cc5bea60 3792 addr = memory_region_section_addr(section, addr);
37ec01d4 3793 val = io_mem_read(section->mr, addr, 4);
1e78bcc1
AG		 3794#if defined(TARGET_WORDS_BIGENDIAN)
3795 if (endian == DEVICE_LITTLE_ENDIAN) {
3796 val = bswap32(val);
3797 }
3798#else
3799 if (endian == DEVICE_BIG_ENDIAN) {
3800 val = bswap32(val);
3801 }
3802#endif
8df1cd07
FB		 3803 } else {
3804 /* RAM case */
f3705d53 3805 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3806 & TARGET_PAGE_MASK)
cc5bea60 3807 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3808 switch (endian) {
3809 case DEVICE_LITTLE_ENDIAN:
3810 val = ldl_le_p(ptr);
3811 break;
3812 case DEVICE_BIG_ENDIAN:
3813 val = ldl_be_p(ptr);
3814 break;
3815 default:
3816 val = ldl_p(ptr);
3817 break;
3818 }
8df1cd07
FB		 3819 }
3820 return val;
3821}
3822
1e78bcc1
AG		 3823uint32_t ldl_phys(target_phys_addr_t addr)
3824{
3825 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3826}
3827
3828uint32_t ldl_le_phys(target_phys_addr_t addr)
3829{
3830 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3831}
3832
3833uint32_t ldl_be_phys(target_phys_addr_t addr)
3834{
3835 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3836}
3837
84b7b8e7 3838/* warning: addr must be aligned */
1e78bcc1
AG		 3839static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
3840 enum device_endian endian)
84b7b8e7 3841{
84b7b8e7
FB		 3842 uint8_t *ptr;
3843 uint64_t val;
f3705d53 3844 MemoryRegionSection *section;
84b7b8e7 3845
06ef3525 3846 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3847
cc5bea60
BS		 3848 if (!(memory_region_is_ram(section->mr) ||
3849 memory_region_is_romd(section->mr))) {
84b7b8e7 3850 /* I/O case */
cc5bea60 3851 addr = memory_region_section_addr(section, addr);
1e78bcc1
AG		 3852
3853 /* XXX This is broken when device endian != cpu endian.
3854 Fix and add "endian" variable check */
84b7b8e7 3855#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 3856 val = io_mem_read(section->mr, addr, 4) << 32;
3857 val |= io_mem_read(section->mr, addr + 4, 4);
84b7b8e7 3858#else
37ec01d4
AK		 3859 val = io_mem_read(section->mr, addr, 4);
3860 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
84b7b8e7
FB		 3861#endif
3862 } else {
3863 /* RAM case */
f3705d53 3864 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3865 & TARGET_PAGE_MASK)
cc5bea60 3866 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3867 switch (endian) {
3868 case DEVICE_LITTLE_ENDIAN:
3869 val = ldq_le_p(ptr);
3870 break;
3871 case DEVICE_BIG_ENDIAN:
3872 val = ldq_be_p(ptr);
3873 break;
3874 default:
3875 val = ldq_p(ptr);
3876 break;
3877 }
84b7b8e7
FB		 3878 }
3879 return val;
3880}
3881
1e78bcc1
AG		 3882uint64_t ldq_phys(target_phys_addr_t addr)
3883{
3884 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3885}
3886
3887uint64_t ldq_le_phys(target_phys_addr_t addr)
3888{
3889 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3890}
3891
3892uint64_t ldq_be_phys(target_phys_addr_t addr)
3893{
3894 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3895}
3896
aab33094 3897/* XXX: optimize */
c227f099 3898uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 3899{
3900 uint8_t val;
3901 cpu_physical_memory_read(addr, &val, 1);
3902 return val;
3903}
3904
733f0b02 3905/* warning: addr must be aligned */
1e78bcc1
AG		 3906static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
3907 enum device_endian endian)
aab33094 3908{
733f0b02
MT		 3909 uint8_t *ptr;
3910 uint64_t val;
f3705d53 3911 MemoryRegionSection *section;
733f0b02 3912
06ef3525 3913 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 3914
cc5bea60
BS		 3915 if (!(memory_region_is_ram(section->mr) ||
3916 memory_region_is_romd(section->mr))) {
733f0b02 3917 /* I/O case */
cc5bea60 3918 addr = memory_region_section_addr(section, addr);
37ec01d4 3919 val = io_mem_read(section->mr, addr, 2);
1e78bcc1
AG		 3920#if defined(TARGET_WORDS_BIGENDIAN)
3921 if (endian == DEVICE_LITTLE_ENDIAN) {
3922 val = bswap16(val);
3923 }
3924#else
3925 if (endian == DEVICE_BIG_ENDIAN) {
3926 val = bswap16(val);
3927 }
3928#endif
733f0b02
MT		 3929 } else {
3930 /* RAM case */
f3705d53 3931 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 3932 & TARGET_PAGE_MASK)
cc5bea60 3933 + memory_region_section_addr(section, addr));
1e78bcc1
AG		 3934 switch (endian) {
3935 case DEVICE_LITTLE_ENDIAN:
3936 val = lduw_le_p(ptr);
3937 break;
3938 case DEVICE_BIG_ENDIAN:
3939 val = lduw_be_p(ptr);
3940 break;
3941 default:
3942 val = lduw_p(ptr);
3943 break;
3944 }
733f0b02
MT		 3945 }
3946 return val;
aab33094
FB		 3947}
3948
1e78bcc1
AG		 3949uint32_t lduw_phys(target_phys_addr_t addr)
3950{
3951 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3952}
3953
3954uint32_t lduw_le_phys(target_phys_addr_t addr)
3955{
3956 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3957}
3958
3959uint32_t lduw_be_phys(target_phys_addr_t addr)
3960{
3961 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3962}
3963
8df1cd07
FB		 3964/* warning: addr must be aligned. The ram page is not masked as dirty
3965 and the code inside is not invalidated. It is useful if the dirty
3966 bits are used to track modified PTEs */
c227f099 3967void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07 3968{
8df1cd07 3969 uint8_t *ptr;
f3705d53 3970 MemoryRegionSection *section;
8df1cd07 3971
06ef3525 3972 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 3973
f3705d53 3974 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 3975 addr = memory_region_section_addr(section, addr);
f3705d53 3976 if (memory_region_is_ram(section->mr)) {
37ec01d4 3977 section = &phys_sections[phys_section_rom];
06ef3525 3978 }
37ec01d4 3979 io_mem_write(section->mr, addr, val, 4);
8df1cd07 3980 } else {
f3705d53 3981 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
06ef3525 3982 & TARGET_PAGE_MASK)
cc5bea60 3983 + memory_region_section_addr(section, addr);
5579c7f3 3984 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 3985 stl_p(ptr, val);
74576198
AL		 3986
3987 if (unlikely(in_migration)) {
3988 if (!cpu_physical_memory_is_dirty(addr1)) {
3989 /* invalidate code */
3990 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3991 /* set dirty bit */
f7c11b53
YT		 3992 cpu_physical_memory_set_dirty_flags(
3993 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 3994 }
3995 }
8df1cd07
FB		 3996 }
3997}
3998
c227f099 3999void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef 4000{
bc98a7ef 4001 uint8_t *ptr;
f3705d53 4002 MemoryRegionSection *section;
bc98a7ef 4003
06ef3525 4004 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4005
f3705d53 4006 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4007 addr = memory_region_section_addr(section, addr);
f3705d53 4008 if (memory_region_is_ram(section->mr)) {
37ec01d4 4009 section = &phys_sections[phys_section_rom];
06ef3525 4010 }
bc98a7ef 4011#ifdef TARGET_WORDS_BIGENDIAN
37ec01d4
AK		 4012 io_mem_write(section->mr, addr, val >> 32, 4);
4013 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
bc98a7ef 4014#else
37ec01d4
AK		 4015 io_mem_write(section->mr, addr, (uint32_t)val, 4);
4016 io_mem_write(section->mr, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4017#endif
4018 } else {
f3705d53 4019 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
06ef3525 4020 & TARGET_PAGE_MASK)
cc5bea60 4021 + memory_region_section_addr(section, addr));
bc98a7ef
JM		 4022 stq_p(ptr, val);
4023 }
4024}
4025
8df1cd07 4026/* warning: addr must be aligned */
1e78bcc1
AG		 4027static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4028 enum device_endian endian)
8df1cd07 4029{
8df1cd07 4030 uint8_t *ptr;
f3705d53 4031 MemoryRegionSection *section;
8df1cd07 4032
06ef3525 4033 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4034
f3705d53 4035 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4036 addr = memory_region_section_addr(section, addr);
f3705d53 4037 if (memory_region_is_ram(section->mr)) {
37ec01d4 4038 section = &phys_sections[phys_section_rom];
06ef3525 4039 }
1e78bcc1
AG		 4040#if defined(TARGET_WORDS_BIGENDIAN)
4041 if (endian == DEVICE_LITTLE_ENDIAN) {
4042 val = bswap32(val);
4043 }
4044#else
4045 if (endian == DEVICE_BIG_ENDIAN) {
4046 val = bswap32(val);
4047 }
4048#endif
37ec01d4 4049 io_mem_write(section->mr, addr, val, 4);
8df1cd07
FB		 4050 } else {
4051 unsigned long addr1;
f3705d53 4052 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4053 + memory_region_section_addr(section, addr);
8df1cd07 4054 /* RAM case */
5579c7f3 4055 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4056 switch (endian) {
4057 case DEVICE_LITTLE_ENDIAN:
4058 stl_le_p(ptr, val);
4059 break;
4060 case DEVICE_BIG_ENDIAN:
4061 stl_be_p(ptr, val);
4062 break;
4063 default:
4064 stl_p(ptr, val);
4065 break;
4066 }
3a7d929e
FB		 4067 if (!cpu_physical_memory_is_dirty(addr1)) {
4068 /* invalidate code */
4069 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4070 /* set dirty bit */
f7c11b53
YT		 4071 cpu_physical_memory_set_dirty_flags(addr1,
4072 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4073 }
8df1cd07
FB		 4074 }
4075}
4076
1e78bcc1
AG		 4077void stl_phys(target_phys_addr_t addr, uint32_t val)
4078{
4079 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4080}
4081
4082void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4083{
4084 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4085}
4086
4087void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4088{
4089 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4090}
4091
aab33094 4092/* XXX: optimize */
c227f099 4093void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4094{
4095 uint8_t v = val;
4096 cpu_physical_memory_write(addr, &v, 1);
4097}
4098
733f0b02 4099/* warning: addr must be aligned */
1e78bcc1
AG		 4100static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4101 enum device_endian endian)
aab33094 4102{
733f0b02 4103 uint8_t *ptr;
f3705d53 4104 MemoryRegionSection *section;
733f0b02 4105
06ef3525 4106 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4107
f3705d53 4108 if (!memory_region_is_ram(section->mr) || section->readonly) {
cc5bea60 4109 addr = memory_region_section_addr(section, addr);
f3705d53 4110 if (memory_region_is_ram(section->mr)) {
37ec01d4 4111 section = &phys_sections[phys_section_rom];
06ef3525 4112 }
1e78bcc1
AG		 4113#if defined(TARGET_WORDS_BIGENDIAN)
4114 if (endian == DEVICE_LITTLE_ENDIAN) {
4115 val = bswap16(val);
4116 }
4117#else
4118 if (endian == DEVICE_BIG_ENDIAN) {
4119 val = bswap16(val);
4120 }
4121#endif
37ec01d4 4122 io_mem_write(section->mr, addr, val, 2);
733f0b02
MT		 4123 } else {
4124 unsigned long addr1;
f3705d53 4125 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
cc5bea60 4126 + memory_region_section_addr(section, addr);
733f0b02
MT		 4127 /* RAM case */
4128 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4129 switch (endian) {
4130 case DEVICE_LITTLE_ENDIAN:
4131 stw_le_p(ptr, val);
4132 break;
4133 case DEVICE_BIG_ENDIAN:
4134 stw_be_p(ptr, val);
4135 break;
4136 default:
4137 stw_p(ptr, val);
4138 break;
4139 }
733f0b02
MT		 4140 if (!cpu_physical_memory_is_dirty(addr1)) {
4141 /* invalidate code */
4142 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4143 /* set dirty bit */
4144 cpu_physical_memory_set_dirty_flags(addr1,
4145 (0xff & ~CODE_DIRTY_FLAG));
4146 }
4147 }
aab33094
FB		 4148}
4149
1e78bcc1
AG		 4150void stw_phys(target_phys_addr_t addr, uint32_t val)
4151{
4152 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4153}
4154
4155void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4156{
4157 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4158}
4159
4160void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4161{
4162 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4163}
4164
aab33094 4165/* XXX: optimize */
c227f099 4166void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4167{
4168 val = tswap64(val);
71d2b725 4169 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4170}
4171
1e78bcc1
AG		 4172void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4173{
4174 val = cpu_to_le64(val);
4175 cpu_physical_memory_write(addr, &val, 8);
4176}
4177
4178void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4179{
4180 val = cpu_to_be64(val);
4181 cpu_physical_memory_write(addr, &val, 8);
4182}
4183
5e2972fd 4184/* virtual memory access for debug (includes writing to ROM) */
9349b4f9 4185int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
b448f2f3 4186 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4187{
4188 int l;
c227f099 4189 target_phys_addr_t phys_addr;
9b3c35e0 4190 target_ulong page;
13eb76e0
FB		 4191
4192 while (len > 0) {
4193 page = addr & TARGET_PAGE_MASK;
4194 phys_addr = cpu_get_phys_page_debug(env, page);
4195 /* if no physical page mapped, return an error */
4196 if (phys_addr == -1)
4197 return -1;
4198 l = (page + TARGET_PAGE_SIZE) - addr;
4199 if (l > len)
4200 l = len;
5e2972fd 4201 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4202 if (is_write)
4203 cpu_physical_memory_write_rom(phys_addr, buf, l);
4204 else
5e2972fd 4205 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4206 len -= l;
4207 buf += l;
4208 addr += l;
4209 }
4210 return 0;
4211}
a68fe89c 4212#endif
13eb76e0 4213
2e70f6ef
PB		 4214/* in deterministic execution mode, instructions doing device I/Os
4215 must be at the end of the TB */
20503968 4216void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
2e70f6ef
PB		 4217{
4218 TranslationBlock *tb;
4219 uint32_t n, cflags;
4220 target_ulong pc, cs_base;
4221 uint64_t flags;
4222
20503968 4223 tb = tb_find_pc(retaddr);
2e70f6ef
PB		 4224 if (!tb) {
4225 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
20503968 4226 (void *)retaddr);
2e70f6ef
PB		 4227 }
4228 n = env->icount_decr.u16.low + tb->icount;
20503968 4229 cpu_restore_state(tb, env, retaddr);
2e70f6ef 4230 /* Calculate how many instructions had been executed before the fault
bf20dc07 4231 occurred. */
2e70f6ef
PB		 4232 n = n - env->icount_decr.u16.low;
4233 /* Generate a new TB ending on the I/O insn. */
4234 n++;
4235 /* On MIPS and SH, delay slot instructions can only be restarted if
4236 they were already the first instruction in the TB. If this is not
bf20dc07 4237 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4238 branch. */
4239#if defined(TARGET_MIPS)
4240 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4241 env->active_tc.PC -= 4;
4242 env->icount_decr.u16.low++;
4243 env->hflags &= ~MIPS_HFLAG_BMASK;
4244 }
4245#elif defined(TARGET_SH4)
4246 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4247 && n > 1) {
4248 env->pc -= 2;
4249 env->icount_decr.u16.low++;
4250 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4251 }
4252#endif
4253 /* This should never happen. */
4254 if (n > CF_COUNT_MASK)
4255 cpu_abort(env, "TB too big during recompile");
4256
4257 cflags = n | CF_LAST_IO;
4258 pc = tb->pc;
4259 cs_base = tb->cs_base;
4260 flags = tb->flags;
4261 tb_phys_invalidate(tb, -1);
4262 /* FIXME: In theory this could raise an exception. In practice
4263 we have already translated the block once so it's probably ok. */
4264 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4265 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4266 the first in the TB) then we end up generating a whole new TB and
4267 repeating the fault, which is horribly inefficient.
4268 Better would be to execute just this insn uncached, or generate a
4269 second new TB. */
4270 cpu_resume_from_signal(env, NULL);
4271}
4272
b3755a91
PB		 4273#if !defined(CONFIG_USER_ONLY)
4274
055403b2 4275void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4276{
4277 int i, target_code_size, max_target_code_size;
4278 int direct_jmp_count, direct_jmp2_count, cross_page;
4279 TranslationBlock *tb;
3b46e624 4280
e3db7226
FB		 4281 target_code_size = 0;
4282 max_target_code_size = 0;
4283 cross_page = 0;
4284 direct_jmp_count = 0;
4285 direct_jmp2_count = 0;
4286 for(i = 0; i < nb_tbs; i++) {
4287 tb = &tbs[i];
4288 target_code_size += tb->size;
4289 if (tb->size > max_target_code_size)
4290 max_target_code_size = tb->size;
4291 if (tb->page_addr[1] != -1)
4292 cross_page++;
4293 if (tb->tb_next_offset[0] != 0xffff) {
4294 direct_jmp_count++;
4295 if (tb->tb_next_offset[1] != 0xffff) {
4296 direct_jmp2_count++;
4297 }
4298 }
4299 }
4300 /* XXX: avoid using doubles ? */
57fec1fe 4301 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4302 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4303 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4304 cpu_fprintf(f, "TB count %d/%d\n",
4305 nb_tbs, code_gen_max_blocks);
5fafdf24 4306 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4307 nb_tbs ? target_code_size / nb_tbs : 0,
4308 max_target_code_size);
055403b2 4309 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4310 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4311 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4312 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4313 cross_page,
e3db7226
FB		 4314 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4315 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4316 direct_jmp_count,
e3db7226
FB		 4317 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4318 direct_jmp2_count,
4319 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4320 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4321 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4322 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4323 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4324 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4325}
4326
82afa586
BH		 4327/*
4328 * A helper function for the _utterly broken_ virtio device model to find out if
4329 * it's running on a big endian machine. Don't do this at home kids!
4330 */
4331bool virtio_is_big_endian(void);
4332bool virtio_is_big_endian(void)
4333{
4334#if defined(TARGET_WORDS_BIGENDIAN)
4335 return true;
4336#else
4337 return false;
4338#endif
4339}
4340
61382a50 4341#endif
76f35538
WC		 4342
4343#ifndef CONFIG_USER_ONLY
4344bool cpu_physical_memory_is_io(target_phys_addr_t phys_addr)
4345{
4346 MemoryRegionSection *section;
4347
4348 section = phys_page_find(phys_addr >> TARGET_PAGE_BITS);
4349
4350 return !(memory_region_is_ram(section->mr) ||
4351 memory_region_is_romd(section->mr));
4352}
4353#endif
QEMU mirror