]> git.proxmox.com Git - mirror_qemu.git/blame - translate-all.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
9pfs: local: open2: don't follow symlinks
[mirror_qemu.git] / translate-all.c
CommitLineData
d19893da
FB		 1/*
2 * Host code generation
5fafdf24 3 *
d19893da
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
d19893da 18 */
5b6dd868
BS		 19#ifdef _WIN32
20#include <windows.h>
5b6dd868 21#endif
7b31bbc2 22#include "qemu/osdep.h"
d19893da 23
2054396a 24
5b6dd868 25#include "qemu-common.h"
af5ad107 26#define NO_CPU_IO_DEFS
d3eead2e 27#include "cpu.h"
0ab8ed18 28#include "trace-root.h"
76cad711 29#include "disas/disas.h"
63c91552 30#include "exec/exec-all.h"
57fec1fe 31#include "tcg.h"
5b6dd868
BS		 32#if defined(CONFIG_USER_ONLY)
33#include "qemu.h"
301e40ed 34#include "exec/exec-all.h"
5b6dd868
BS		 35#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
36#include <sys/param.h>
37#if __FreeBSD_version >= 700104
38#define HAVE_KINFO_GETVMMAP
39#define sigqueue sigqueue_freebsd /* avoid redefinition */
5b6dd868
BS		 40#include <sys/proc.h>
41#include <machine/profile.h>
42#define _KERNEL
43#include <sys/user.h>
44#undef _KERNEL
45#undef sigqueue
46#include <libutil.h>
47#endif
48#endif
0bc3cd62
PB		 49#else
50#include "exec/address-spaces.h"
5b6dd868
BS		 51#endif
52
022c62cb 53#include "exec/cputlb.h"
e1b89321 54#include "exec/tb-hash.h"
5b6dd868 55#include "translate-all.h"
510a647f 56#include "qemu/bitmap.h"
0aa09897 57#include "qemu/timer.h"
8d04fb55 58#include "qemu/main-loop.h"
508127e2 59#include "exec/log.h"
5b6dd868 60
955939a2
AB		 61/* #define DEBUG_TB_INVALIDATE */
62/* #define DEBUG_TB_FLUSH */
5b6dd868 63/* make various TB consistency checks */
955939a2 64/* #define DEBUG_TB_CHECK */
5b6dd868
BS		 65
66#if !defined(CONFIG_USER_ONLY)
67/* TB consistency checks only implemented for usermode emulation. */
68#undef DEBUG_TB_CHECK
69#endif
70
301e40ed
AB		 71/* Access to the various translations structures need to be serialised via locks
72 * for consistency. This is automatic for SoftMMU based system
73 * emulation due to its single threaded nature. In user-mode emulation
74 * access to the memory related structures are protected with the
75 * mmap_lock.
76 */
301e40ed 77#ifdef CONFIG_SOFTMMU
2f169606 78#define assert_memory_lock() tcg_debug_assert(have_tb_lock)
301e40ed 79#else
6ac3d7e8 80#define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
301e40ed
AB		 81#endif
82
5b6dd868
BS		 83#define SMC_BITMAP_USE_THRESHOLD 10
84
5b6dd868
BS		 85typedef struct PageDesc {
86 /* list of TBs intersecting this ram page */
87 TranslationBlock *first_tb;
6fad459c 88#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 89 /* in order to optimize self modifying code, we count the number
90 of lookups we do to a given page to use a bitmap */
91 unsigned int code_write_count;
510a647f 92 unsigned long *code_bitmap;
6fad459c 93#else
5b6dd868
BS		 94 unsigned long flags;
95#endif
96} PageDesc;
97
98/* In system mode we want L1_MAP to be based on ram offsets,
99 while in user mode we want it to be based on virtual addresses. */
100#if !defined(CONFIG_USER_ONLY)
101#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
102# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
103#else
104# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
105#endif
106#else
107# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
108#endif
109
03f49957
PB		 110/* Size of the L2 (and L3, etc) page tables. */
111#define V_L2_BITS 10
112#define V_L2_SIZE (1 << V_L2_BITS)
113
5b6dd868 114uintptr_t qemu_host_page_size;
0c2d70c4 115intptr_t qemu_host_page_mask;
5b6dd868 116
66ec9f49
VK		 117/*
118 * L1 Mapping properties
119 */
120static int v_l1_size;
121static int v_l1_shift;
122static int v_l2_levels;
123
124/* The bottom level has pointers to PageDesc, and is indexed by
125 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
126 */
127#define V_L1_MIN_BITS 4
128#define V_L1_MAX_BITS (V_L2_BITS + 3)
129#define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
130
131static void *l1_map[V_L1_MAX_SIZE];
5b6dd868 132
57fec1fe
FB		 133/* code generation context */
134TCGContext tcg_ctx;
fdbc2b57 135bool parallel_cpus;
d19893da 136
677ef623 137/* translation block context */
677ef623 138__thread int have_tb_lock;
677ef623 139
66ec9f49
VK		 140static void page_table_config_init(void)
141{
142 uint32_t v_l1_bits;
143
144 assert(TARGET_PAGE_BITS);
145 /* The bits remaining after N lower levels of page tables. */
146 v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS;
147 if (v_l1_bits < V_L1_MIN_BITS) {
148 v_l1_bits += V_L2_BITS;
149 }
150
151 v_l1_size = 1 << v_l1_bits;
152 v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits;
153 v_l2_levels = v_l1_shift / V_L2_BITS - 1;
154
155 assert(v_l1_bits <= V_L1_MAX_BITS);
156 assert(v_l1_shift % V_L2_BITS == 0);
157 assert(v_l2_levels >= 0);
158}
159
6ac3d7e8
PK		 160#define assert_tb_locked() tcg_debug_assert(have_tb_lock)
161#define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
6ac3d7e8 162
677ef623
FK		 163void tb_lock(void)
164{
6ac3d7e8 165 assert_tb_unlocked();
677ef623
FK		 166 qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
167 have_tb_lock++;
677ef623
FK		 168}
169
170void tb_unlock(void)
171{
6ac3d7e8 172 assert_tb_locked();
677ef623
FK		 173 have_tb_lock--;
174 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
677ef623
FK		 175}
176
177void tb_lock_reset(void)
178{
677ef623
FK		 179 if (have_tb_lock) {
180 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
181 have_tb_lock = 0;
182 }
677ef623
FK		 183}
184
a8a826a3 185static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
5b6dd868 186
57fec1fe
FB		 187void cpu_gen_init(void)
188{
189 tcg_context_init(&tcg_ctx);
57fec1fe
FB		 190}
191
fca8a500
RH		 192/* Encode VAL as a signed leb128 sequence at P.
193 Return P incremented past the encoded value. */
194static uint8_t *encode_sleb128(uint8_t *p, target_long val)
195{
196 int more, byte;
197
198 do {
199 byte = val & 0x7f;
200 val >>= 7;
201 more = !((val == 0 && (byte & 0x40) == 0)
202 || (val == -1 && (byte & 0x40) != 0));
203 if (more) {
204 byte |= 0x80;
205 }
206 *p++ = byte;
207 } while (more);
208
209 return p;
210}
211
212/* Decode a signed leb128 sequence at *PP; increment *PP past the
213 decoded value. Return the decoded value. */
214static target_long decode_sleb128(uint8_t **pp)
215{
216 uint8_t *p = *pp;
217 target_long val = 0;
218 int byte, shift = 0;
219
220 do {
221 byte = *p++;
222 val |= (target_ulong)(byte & 0x7f) << shift;
223 shift += 7;
224 } while (byte & 0x80);
225 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
226 val |= -(target_ulong)1 << shift;
227 }
228
229 *pp = p;
230 return val;
231}
232
233/* Encode the data collected about the instructions while compiling TB.
234 Place the data at BLOCK, and return the number of bytes consumed.
235
236 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
237 which come from the target's insn_start data, followed by a uintptr_t
238 which comes from the host pc of the end of the code implementing the insn.
239
240 Each line of the table is encoded as sleb128 deltas from the previous
241 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
242 That is, the first column is seeded with the guest pc, the last column
243 with the host pc, and the middle columns with zeros. */
244
245static int encode_search(TranslationBlock *tb, uint8_t *block)
246{
b125f9dc 247 uint8_t *highwater = tcg_ctx.code_gen_highwater;
fca8a500
RH		 248 uint8_t *p = block;
249 int i, j, n;
250
251 tb->tc_search = block;
252
253 for (i = 0, n = tb->icount; i < n; ++i) {
254 target_ulong prev;
255
256 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
257 if (i == 0) {
258 prev = (j == 0 ? tb->pc : 0);
259 } else {
260 prev = tcg_ctx.gen_insn_data[i - 1][j];
261 }
262 p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev);
263 }
264 prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]);
265 p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev);
b125f9dc
RH		 266
267 /* Test for (pending) buffer overflow. The assumption is that any
268 one row beginning below the high water mark cannot overrun
269 the buffer completely. Thus we can test for overflow after
270 encoding a row without having to check during encoding. */
271 if (unlikely(p > highwater)) {
272 return -1;
273 }
fca8a500
RH		 274 }
275
276 return p - block;
277}
278
7d7500d9
PB		 279/* The cpu state corresponding to 'searched_pc' is restored.
280 * Called with tb_lock held.
281 */
74f10515 282static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
a8a826a3 283 uintptr_t searched_pc)
d19893da 284{
fca8a500
RH		 285 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
286 uintptr_t host_pc = (uintptr_t)tb->tc_ptr;
74f10515 287 CPUArchState *env = cpu->env_ptr;
fca8a500
RH		 288 uint8_t *p = tb->tc_search;
289 int i, j, num_insns = tb->icount;
57fec1fe 290#ifdef CONFIG_PROFILER
fca8a500 291 int64_t ti = profile_getclock();
57fec1fe
FB		 292#endif
293
01ecaf43
RH		 294 searched_pc -= GETPC_ADJ;
295
fca8a500
RH		 296 if (searched_pc < host_pc) {
297 return -1;
298 }
d19893da 299
fca8a500
RH		 300 /* Reconstruct the stored insn data while looking for the point at
301 which the end of the insn exceeds the searched_pc. */
302 for (i = 0; i < num_insns; ++i) {
303 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
304 data[j] += decode_sleb128(&p);
305 }
306 host_pc += decode_sleb128(&p);
307 if (host_pc > searched_pc) {
308 goto found;
309 }
310 }
311 return -1;
3b46e624 312
fca8a500 313 found:
bd79255d 314 if (tb->cflags & CF_USE_ICOUNT) {
414b15c9 315 assert(use_icount);
2e70f6ef 316 /* Reset the cycle counter to the start of the block. */
fca8a500 317 cpu->icount_decr.u16.low += num_insns;
2e70f6ef 318 /* Clear the IO flag. */
99df7dce 319 cpu->can_do_io = 0;
2e70f6ef 320 }
fca8a500
RH		 321 cpu->icount_decr.u16.low -= i;
322 restore_state_to_opc(env, tb, data);
57fec1fe
FB		 323
324#ifdef CONFIG_PROFILER
fca8a500
RH		 325 tcg_ctx.restore_time += profile_getclock() - ti;
326 tcg_ctx.restore_count++;
57fec1fe 327#endif
d19893da
FB		 328 return 0;
329}
5b6dd868 330
3f38f309 331bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
a8a826a3
BS		 332{
333 TranslationBlock *tb;
a5e99826 334 bool r = false;
a8a826a3 335
a5e99826 336 tb_lock();
a8a826a3
BS		 337 tb = tb_find_pc(retaddr);
338 if (tb) {
74f10515 339 cpu_restore_state_from_tb(cpu, tb, retaddr);
d8a499f1
PD		 340 if (tb->cflags & CF_NOCACHE) {
341 /* one-shot translation, invalidate it immediately */
d8a499f1
PD		 342 tb_phys_invalidate(tb, -1);
343 tb_free(tb);
344 }
a5e99826 345 r = true;
a8a826a3 346 }
a5e99826
FK		 347 tb_unlock();
348
349 return r;
a8a826a3
BS		 350}
351
47c16ed5 352void page_size_init(void)
5b6dd868
BS		 353{
354 /* NOTE: we can always suppose that qemu_host_page_size >=
355 TARGET_PAGE_SIZE */
5b6dd868 356 qemu_real_host_page_size = getpagesize();
0c2d70c4 357 qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size;
5b6dd868
BS		 358 if (qemu_host_page_size == 0) {
359 qemu_host_page_size = qemu_real_host_page_size;
360 }
361 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
362 qemu_host_page_size = TARGET_PAGE_SIZE;
363 }
0c2d70c4 364 qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
47c16ed5 365}
5b6dd868 366
47c16ed5
AK		 367static void page_init(void)
368{
369 page_size_init();
66ec9f49
VK		 370 page_table_config_init();
371
5b6dd868
BS		 372#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
373 {
374#ifdef HAVE_KINFO_GETVMMAP
375 struct kinfo_vmentry *freep;
376 int i, cnt;
377
378 freep = kinfo_getvmmap(getpid(), &cnt);
379 if (freep) {
380 mmap_lock();
381 for (i = 0; i < cnt; i++) {
382 unsigned long startaddr, endaddr;
383
384 startaddr = freep[i].kve_start;
385 endaddr = freep[i].kve_end;
386 if (h2g_valid(startaddr)) {
387 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
388
389 if (h2g_valid(endaddr)) {
390 endaddr = h2g(endaddr);
391 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
392 } else {
393#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
394 endaddr = ~0ul;
395 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
396#endif
397 }
398 }
399 }
400 free(freep);
401 mmap_unlock();
402 }
403#else
404 FILE *f;
405
406 last_brk = (unsigned long)sbrk(0);
407
408 f = fopen("/compat/linux/proc/self/maps", "r");
409 if (f) {
410 mmap_lock();
411
412 do {
413 unsigned long startaddr, endaddr;
414 int n;
415
416 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
417
418 if (n == 2 && h2g_valid(startaddr)) {
419 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
420
421 if (h2g_valid(endaddr)) {
422 endaddr = h2g(endaddr);
423 } else {
424 endaddr = ~0ul;
425 }
426 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
427 }
428 } while (!feof(f));
429
430 fclose(f);
431 mmap_unlock();
432 }
433#endif
434 }
435#endif
436}
437
75692087 438/* If alloc=1:
7d7500d9 439 * Called with tb_lock held for system emulation.
75692087
PB		 440 * Called with mmap_lock held for user-mode emulation.
441 */
5b6dd868
BS		 442static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
443{
444 PageDesc *pd;
445 void **lp;
446 int i;
447
e505a063
AB		 448 if (alloc) {
449 assert_memory_lock();
450 }
451
5b6dd868 452 /* Level 1. Always allocated. */
66ec9f49 453 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
5b6dd868
BS		 454
455 /* Level 2..N-1. */
66ec9f49 456 for (i = v_l2_levels; i > 0; i--) {
6940fab8 457 void **p = atomic_rcu_read(lp);
5b6dd868
BS		 458
459 if (p == NULL) {
460 if (!alloc) {
461 return NULL;
462 }
e3a0abfd 463 p = g_new0(void *, V_L2_SIZE);
6940fab8 464 atomic_rcu_set(lp, p);
5b6dd868
BS		 465 }
466
03f49957 467 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
5b6dd868
BS		 468 }
469
6940fab8 470 pd = atomic_rcu_read(lp);
5b6dd868
BS		 471 if (pd == NULL) {
472 if (!alloc) {
473 return NULL;
474 }
e3a0abfd 475 pd = g_new0(PageDesc, V_L2_SIZE);
6940fab8 476 atomic_rcu_set(lp, pd);
5b6dd868
BS		 477 }
478
03f49957 479 return pd + (index & (V_L2_SIZE - 1));
5b6dd868
BS		 480}
481
482static inline PageDesc *page_find(tb_page_addr_t index)
483{
484 return page_find_alloc(index, 0);
485}
486
5b6dd868
BS		 487#if defined(CONFIG_USER_ONLY)
488/* Currently it is not recommended to allocate big chunks of data in
489 user mode. It will change when a dedicated libc will be used. */
490/* ??? 64-bit hosts ought to have no problem mmaping data outside the
491 region in which the guest needs to run. Revisit this. */
492#define USE_STATIC_CODE_GEN_BUFFER
493#endif
494
5b6dd868
BS		 495/* Minimum size of the code gen buffer. This number is randomly chosen,
496 but not so small that we can't have a fair number of TB's live. */
497#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
498
499/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
500 indicated, this is constrained by the range of direct branches on the
501 host cpu, as used by the TCG implementation of goto_tb. */
502#if defined(__x86_64__)
503# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
504#elif defined(__sparc__)
505# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
5bfd75a3
RH		 506#elif defined(__powerpc64__)
507# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
399f1648
SF		 508#elif defined(__powerpc__)
509# define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
4a136e0a
CF		 510#elif defined(__aarch64__)
511# define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
5b6dd868
BS		 512#elif defined(__arm__)
513# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
514#elif defined(__s390x__)
515 /* We have a +- 4GB range on the branches; leave some slop. */
516# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
479eb121
RH		 517#elif defined(__mips__)
518 /* We have a 256MB branch region, but leave room to make sure the
519 main executable is also within that region. */
520# define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
5b6dd868
BS		 521#else
522# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
523#endif
524
525#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
526
527#define DEFAULT_CODE_GEN_BUFFER_SIZE \
528 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
529 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
530
531static inline size_t size_code_gen_buffer(size_t tb_size)
532{
533 /* Size the buffer. */
534 if (tb_size == 0) {
535#ifdef USE_STATIC_CODE_GEN_BUFFER
536 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
537#else
538 /* ??? Needs adjustments. */
539 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
540 static buffer, we could size this on RESERVED_VA, on the text
541 segment size of the executable, or continue to use the default. */
542 tb_size = (unsigned long)(ram_size / 4);
543#endif
544 }
545 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
546 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
547 }
548 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
549 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
550 }
5b6dd868
BS		 551 return tb_size;
552}
553
483c76e1
RH		 554#ifdef __mips__
555/* In order to use J and JAL within the code_gen_buffer, we require
556 that the buffer not cross a 256MB boundary. */
557static inline bool cross_256mb(void *addr, size_t size)
558{
7ba6a512 559 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful;
483c76e1
RH		 560}
561
562/* We weren't able to allocate a buffer without crossing that boundary,
563 so make do with the larger portion of the buffer that doesn't cross.
564 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
565static inline void *split_cross_256mb(void *buf1, size_t size1)
566{
7ba6a512 567 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful);
483c76e1
RH		 568 size_t size2 = buf1 + size1 - buf2;
569
570 size1 = buf2 - buf1;
571 if (size1 < size2) {
572 size1 = size2;
573 buf1 = buf2;
574 }
575
576 tcg_ctx.code_gen_buffer_size = size1;
577 return buf1;
578}
579#endif
580
5b6dd868
BS		 581#ifdef USE_STATIC_CODE_GEN_BUFFER
582static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
583 __attribute__((aligned(CODE_GEN_ALIGN)));
584
f293709c
RH		 585# ifdef _WIN32
586static inline void do_protect(void *addr, long size, int prot)
587{
588 DWORD old_protect;
589 VirtualProtect(addr, size, prot, &old_protect);
590}
591
592static inline void map_exec(void *addr, long size)
593{
594 do_protect(addr, size, PAGE_EXECUTE_READWRITE);
595}
596
597static inline void map_none(void *addr, long size)
598{
599 do_protect(addr, size, PAGE_NOACCESS);
600}
601# else
602static inline void do_protect(void *addr, long size, int prot)
603{
604 uintptr_t start, end;
605
606 start = (uintptr_t)addr;
607 start &= qemu_real_host_page_mask;
608
609 end = (uintptr_t)addr + size;
610 end = ROUND_UP(end, qemu_real_host_page_size);
611
612 mprotect((void *)start, end - start, prot);
613}
614
615static inline void map_exec(void *addr, long size)
616{
617 do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC);
618}
619
620static inline void map_none(void *addr, long size)
621{
622 do_protect(addr, size, PROT_NONE);
623}
624# endif /* WIN32 */
625
5b6dd868
BS		 626static inline void *alloc_code_gen_buffer(void)
627{
483c76e1 628 void *buf = static_code_gen_buffer;
f293709c
RH		 629 size_t full_size, size;
630
631 /* The size of the buffer, rounded down to end on a page boundary. */
632 full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer))
633 & qemu_real_host_page_mask) - (uintptr_t)buf;
634
635 /* Reserve a guard page. */
636 size = full_size - qemu_real_host_page_size;
637
638 /* Honor a command-line option limiting the size of the buffer. */
639 if (size > tcg_ctx.code_gen_buffer_size) {
640 size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size)
641 & qemu_real_host_page_mask) - (uintptr_t)buf;
642 }
643 tcg_ctx.code_gen_buffer_size = size;
644
483c76e1 645#ifdef __mips__
f293709c
RH		 646 if (cross_256mb(buf, size)) {
647 buf = split_cross_256mb(buf, size);
648 size = tcg_ctx.code_gen_buffer_size;
483c76e1
RH		 649 }
650#endif
f293709c
RH		 651
652 map_exec(buf, size);
653 map_none(buf + size, qemu_real_host_page_size);
654 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
655
483c76e1 656 return buf;
5b6dd868 657}
f293709c
RH		 658#elif defined(_WIN32)
659static inline void *alloc_code_gen_buffer(void)
660{
661 size_t size = tcg_ctx.code_gen_buffer_size;
662 void *buf1, *buf2;
663
664 /* Perform the allocation in two steps, so that the guard page
665 is reserved but uncommitted. */
666 buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size,
667 MEM_RESERVE, PAGE_NOACCESS);
668 if (buf1 != NULL) {
669 buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
670 assert(buf1 == buf2);
671 }
672
673 return buf1;
674}
675#else
5b6dd868
BS		 676static inline void *alloc_code_gen_buffer(void)
677{
678 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
679 uintptr_t start = 0;
f293709c 680 size_t size = tcg_ctx.code_gen_buffer_size;
5b6dd868
BS		 681 void *buf;
682
683 /* Constrain the position of the buffer based on the host cpu.
684 Note that these addresses are chosen in concert with the
685 addresses assigned in the relevant linker script file. */
686# if defined(__PIE__) || defined(__PIC__)
687 /* Don't bother setting a preferred location if we're building
688 a position-independent executable. We're more likely to get
689 an address near the main executable if we let the kernel
690 choose the address. */
691# elif defined(__x86_64__) && defined(MAP_32BIT)
692 /* Force the memory down into low memory with the executable.
693 Leave the choice of exact location with the kernel. */
694 flags |= MAP_32BIT;
695 /* Cannot expect to map more than 800MB in low memory. */
f293709c
RH		 696 if (size > 800u * 1024 * 1024) {
697 tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024;
5b6dd868
BS		 698 }
699# elif defined(__sparc__)
700 start = 0x40000000ul;
701# elif defined(__s390x__)
702 start = 0x90000000ul;
479eb121 703# elif defined(__mips__)
f293709c 704# if _MIPS_SIM == _ABI64
479eb121
RH		 705 start = 0x128000000ul;
706# else
707 start = 0x08000000ul;
708# endif
5b6dd868
BS		 709# endif
710
f293709c
RH		 711 buf = mmap((void *)start, size + qemu_real_host_page_size,
712 PROT_NONE, flags, -1, 0);
483c76e1
RH		 713 if (buf == MAP_FAILED) {
714 return NULL;
715 }
716
717#ifdef __mips__
f293709c 718 if (cross_256mb(buf, size)) {
5d831be2 719 /* Try again, with the original still mapped, to avoid re-acquiring
483c76e1 720 that 256mb crossing. This time don't specify an address. */
f293709c
RH		 721 size_t size2;
722 void *buf2 = mmap(NULL, size + qemu_real_host_page_size,
723 PROT_NONE, flags, -1, 0);
f68808c7 724 switch ((int)(buf2 != MAP_FAILED)) {
f293709c
RH		 725 case 1:
726 if (!cross_256mb(buf2, size)) {
483c76e1 727 /* Success! Use the new buffer. */
8bdf4997 728 munmap(buf, size + qemu_real_host_page_size);
f293709c 729 break;
483c76e1
RH		 730 }
731 /* Failure. Work with what we had. */
8bdf4997 732 munmap(buf2, size + qemu_real_host_page_size);
f293709c
RH		 733 /* fallthru */
734 default:
735 /* Split the original buffer. Free the smaller half. */
736 buf2 = split_cross_256mb(buf, size);
737 size2 = tcg_ctx.code_gen_buffer_size;
738 if (buf == buf2) {
739 munmap(buf + size2 + qemu_real_host_page_size, size - size2);
740 } else {
741 munmap(buf, size - size2);
742 }
743 size = size2;
744 break;
483c76e1 745 }
f293709c 746 buf = buf2;
483c76e1
RH		 747 }
748#endif
749
f293709c
RH		 750 /* Make the final buffer accessible. The guard page at the end
751 will remain inaccessible with PROT_NONE. */
752 mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC);
483c76e1 753
f293709c
RH		 754 /* Request large pages for the buffer. */
755 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
483c76e1 756
5b6dd868
BS		 757 return buf;
758}
f293709c 759#endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
5b6dd868
BS		 760
761static inline void code_gen_alloc(size_t tb_size)
762{
0b0d3320
EV		 763 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
764 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
765 if (tcg_ctx.code_gen_buffer == NULL) {
5b6dd868
BS		 766 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
767 exit(1);
768 }
769
8163b749
RH		 770 /* Estimate a good size for the number of TBs we can support. We
771 still haven't deducted the prologue from the buffer size here,
772 but that's minimal and won't affect the estimate much. */
773 tcg_ctx.code_gen_max_blocks
774 = tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
775 tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock, tcg_ctx.code_gen_max_blocks);
776
677ef623 777 qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
5b6dd868
BS		 778}
779
909eaac9
EC		 780static void tb_htable_init(void)
781{
782 unsigned int mode = QHT_MODE_AUTO_RESIZE;
783
784 qht_init(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode);
785}
786
5b6dd868
BS		 787/* Must be called before using the QEMU cpus. 'tb_size' is the size
788 (in bytes) allocated to the translation buffer. Zero means default
789 size. */
790void tcg_exec_init(unsigned long tb_size)
791{
792 cpu_gen_init();
5b6dd868 793 page_init();
909eaac9 794 tb_htable_init();
f293709c 795 code_gen_alloc(tb_size);
4cbea598 796#if defined(CONFIG_SOFTMMU)
5b6dd868
BS		 797 /* There's no guest base to take into account, so go ahead and
798 initialize the prologue now. */
799 tcg_prologue_init(&tcg_ctx);
800#endif
801}
802
803bool tcg_enabled(void)
804{
0b0d3320 805 return tcg_ctx.code_gen_buffer != NULL;
5b6dd868
BS		 806}
807
7d7500d9
PB		 808/*
809 * Allocate a new translation block. Flush the translation buffer if
810 * too many translation blocks or too much generated code.
811 *
812 * Called with tb_lock held.
813 */
5b6dd868
BS		 814static TranslationBlock *tb_alloc(target_ulong pc)
815{
816 TranslationBlock *tb;
817
6ac3d7e8 818 assert_tb_locked();
e505a063 819
b125f9dc 820 if (tcg_ctx.tb_ctx.nb_tbs >= tcg_ctx.code_gen_max_blocks) {
5b6dd868
BS		 821 return NULL;
822 }
5e5f07e0 823 tb = &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs++];
5b6dd868
BS		 824 tb->pc = pc;
825 tb->cflags = 0;
6d21e420 826 tb->invalid = false;
5b6dd868
BS		 827 return tb;
828}
829
7d7500d9 830/* Called with tb_lock held. */
5b6dd868
BS		 831void tb_free(TranslationBlock *tb)
832{
6ac3d7e8 833 assert_tb_locked();
e505a063 834
5b6dd868
BS		 835 /* In practice this is mostly used for single use temporary TB
836 Ignore the hard cases and just back up if this TB happens to
837 be the last one generated. */
5e5f07e0
EV		 838 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
839 tb == &tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
0b0d3320 840 tcg_ctx.code_gen_ptr = tb->tc_ptr;
5e5f07e0 841 tcg_ctx.tb_ctx.nb_tbs--;
5b6dd868
BS		 842 }
843}
844
845static inline void invalidate_page_bitmap(PageDesc *p)
846{
6fad459c 847#ifdef CONFIG_SOFTMMU
012aef07
MA		 848 g_free(p->code_bitmap);
849 p->code_bitmap = NULL;
5b6dd868 850 p->code_write_count = 0;
6fad459c 851#endif
5b6dd868
BS		 852}
853
854/* Set to NULL all the 'first_tb' fields in all PageDescs. */
855static void page_flush_tb_1(int level, void **lp)
856{
857 int i;
858
859 if (*lp == NULL) {
860 return;
861 }
862 if (level == 0) {
863 PageDesc *pd = *lp;
864
03f49957 865 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 866 pd[i].first_tb = NULL;
867 invalidate_page_bitmap(pd + i);
868 }
869 } else {
870 void **pp = *lp;
871
03f49957 872 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 873 page_flush_tb_1(level - 1, pp + i);
874 }
875 }
876}
877
878static void page_flush_tb(void)
879{
66ec9f49 880 int i, l1_sz = v_l1_size;
5b6dd868 881
66ec9f49
VK		 882 for (i = 0; i < l1_sz; i++) {
883 page_flush_tb_1(v_l2_levels, l1_map + i);
5b6dd868
BS		 884 }
885}
886
887/* flush all the translation blocks */
14e6fe12 888static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
5b6dd868 889{
3359baad
SF		 890 tb_lock();
891
14e6fe12 892 /* If it is already been done on request of another CPU,
3359baad
SF		 893 * just retry.
894 */
14e6fe12 895 if (tcg_ctx.tb_ctx.tb_flush_count != tb_flush_count.host_int) {
3359baad 896 goto done;
135a972b 897 }
3359baad 898
955939a2 899#if defined(DEBUG_TB_FLUSH)
5b6dd868 900 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
0b0d3320 901 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
5e5f07e0 902 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
0b0d3320 903 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
5e5f07e0 904 tcg_ctx.tb_ctx.nb_tbs : 0);
5b6dd868 905#endif
0b0d3320
EV		 906 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
907 > tcg_ctx.code_gen_buffer_size) {
a47dddd7 908 cpu_abort(cpu, "Internal error: code buffer overflow\n");
5b6dd868 909 }
5b6dd868 910
bdc44640 911 CPU_FOREACH(cpu) {
89a16b1e
SF		 912 int i;
913
914 for (i = 0; i < TB_JMP_CACHE_SIZE; ++i) {
915 atomic_set(&cpu->tb_jmp_cache[i], NULL);
916 }
5b6dd868
BS		 917 }
918
118b0730 919 tcg_ctx.tb_ctx.nb_tbs = 0;
909eaac9 920 qht_reset_size(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
5b6dd868
BS		 921 page_flush_tb();
922
0b0d3320 923 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
5b6dd868
BS		 924 /* XXX: flush processor icache at this point if cache flush is
925 expensive */
3359baad
SF		 926 atomic_mb_set(&tcg_ctx.tb_ctx.tb_flush_count,
927 tcg_ctx.tb_ctx.tb_flush_count + 1);
928
929done:
930 tb_unlock();
931}
932
933void tb_flush(CPUState *cpu)
934{
935 if (tcg_enabled()) {
14e6fe12
PB		 936 unsigned tb_flush_count = atomic_mb_read(&tcg_ctx.tb_ctx.tb_flush_count);
937 async_safe_run_on_cpu(cpu, do_tb_flush,
938 RUN_ON_CPU_HOST_INT(tb_flush_count));
3359baad 939 }
5b6dd868
BS		 940}
941
942#ifdef DEBUG_TB_CHECK
943
909eaac9
EC		 944static void
945do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp)
5b6dd868 946{
909eaac9
EC		 947 TranslationBlock *tb = p;
948 target_ulong addr = *(target_ulong *)userp;
949
950 if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
951 printf("ERROR invalidate: address=" TARGET_FMT_lx
952 " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
953 }
954}
5b6dd868 955
7d7500d9
PB		 956/* verify that all the pages have correct rights for code
957 *
958 * Called with tb_lock held.
959 */
909eaac9
EC		 960static void tb_invalidate_check(target_ulong address)
961{
5b6dd868 962 address &= TARGET_PAGE_MASK;
909eaac9
EC		 963 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_invalidate_check, &address);
964}
965
966static void
967do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp)
968{
969 TranslationBlock *tb = p;
970 int flags1, flags2;
971
972 flags1 = page_get_flags(tb->pc);
973 flags2 = page_get_flags(tb->pc + tb->size - 1);
974 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
975 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
976 (long)tb->pc, tb->size, flags1, flags2);
5b6dd868
BS		 977 }
978}
979
980/* verify that all the pages have correct rights for code */
981static void tb_page_check(void)
982{
909eaac9 983 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_page_check, NULL);
5b6dd868
BS		 984}
985
986#endif
987
5b6dd868
BS		 988static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
989{
990 TranslationBlock *tb1;
991 unsigned int n1;
992
993 for (;;) {
994 tb1 = *ptb;
995 n1 = (uintptr_t)tb1 & 3;
996 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
997 if (tb1 == tb) {
998 *ptb = tb1->page_next[n1];
999 break;
1000 }
1001 ptb = &tb1->page_next[n1];
1002 }
1003}
1004
13362678
SF		 1005/* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1006static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n)
5b6dd868 1007{
c37e6d7e
SF		 1008 TranslationBlock *tb1;
1009 uintptr_t *ptb, ntb;
5b6dd868
BS		 1010 unsigned int n1;
1011
f309101c 1012 ptb = &tb->jmp_list_next[n];
c37e6d7e 1013 if (*ptb) {
5b6dd868
BS		 1014 /* find tb(n) in circular list */
1015 for (;;) {
c37e6d7e
SF		 1016 ntb = *ptb;
1017 n1 = ntb & 3;
1018 tb1 = (TranslationBlock *)(ntb & ~3);
5b6dd868
BS		 1019 if (n1 == n && tb1 == tb) {
1020 break;
1021 }
1022 if (n1 == 2) {
f309101c 1023 ptb = &tb1->jmp_list_first;
5b6dd868 1024 } else {
f309101c 1025 ptb = &tb1->jmp_list_next[n1];
5b6dd868
BS		 1026 }
1027 }
1028 /* now we can suppress tb(n) from the list */
f309101c 1029 *ptb = tb->jmp_list_next[n];
5b6dd868 1030
c37e6d7e 1031 tb->jmp_list_next[n] = (uintptr_t)NULL;
5b6dd868
BS		 1032 }
1033}
1034
1035/* reset the jump entry 'n' of a TB so that it is not chained to
1036 another TB */
1037static inline void tb_reset_jump(TranslationBlock *tb, int n)
1038{
f309101c
SF		 1039 uintptr_t addr = (uintptr_t)(tb->tc_ptr + tb->jmp_reset_offset[n]);
1040 tb_set_jmp_target(tb, n, addr);
5b6dd868
BS		 1041}
1042
89bba496
SF		 1043/* remove any jumps to the TB */
1044static inline void tb_jmp_unlink(TranslationBlock *tb)
1045{
f9c5b66f
SF		 1046 TranslationBlock *tb1;
1047 uintptr_t *ptb, ntb;
89bba496
SF		 1048 unsigned int n1;
1049
f9c5b66f 1050 ptb = &tb->jmp_list_first;
89bba496 1051 for (;;) {
f9c5b66f
SF		 1052 ntb = *ptb;
1053 n1 = ntb & 3;
1054 tb1 = (TranslationBlock *)(ntb & ~3);
89bba496
SF		 1055 if (n1 == 2) {
1056 break;
1057 }
f9c5b66f
SF		 1058 tb_reset_jump(tb1, n1);
1059 *ptb = tb1->jmp_list_next[n1];
1060 tb1->jmp_list_next[n1] = (uintptr_t)NULL;
89bba496 1061 }
89bba496
SF		 1062}
1063
7d7500d9
PB		 1064/* invalidate one TB
1065 *
1066 * Called with tb_lock held.
1067 */
5b6dd868
BS		 1068void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
1069{
182735ef 1070 CPUState *cpu;
5b6dd868 1071 PageDesc *p;
42bd3228 1072 uint32_t h;
5b6dd868 1073 tb_page_addr_t phys_pc;
5b6dd868 1074
6ac3d7e8 1075 assert_tb_locked();
e505a063 1076
6d21e420
PB		 1077 atomic_set(&tb->invalid, true);
1078
5b6dd868
BS		 1079 /* remove the TB from the hash list */
1080 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
42bd3228 1081 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
909eaac9 1082 qht_remove(&tcg_ctx.tb_ctx.htable, tb, h);
5b6dd868
BS		 1083
1084 /* remove the TB from the page list */
1085 if (tb->page_addr[0] != page_addr) {
1086 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
1087 tb_page_remove(&p->first_tb, tb);
1088 invalidate_page_bitmap(p);
1089 }
1090 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
1091 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
1092 tb_page_remove(&p->first_tb, tb);
1093 invalidate_page_bitmap(p);
1094 }
1095
5b6dd868
BS		 1096 /* remove the TB from the hash list */
1097 h = tb_jmp_cache_hash_func(tb->pc);
bdc44640 1098 CPU_FOREACH(cpu) {
89a16b1e
SF		 1099 if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) {
1100 atomic_set(&cpu->tb_jmp_cache[h], NULL);
5b6dd868
BS		 1101 }
1102 }
1103
1104 /* suppress this TB from the two jump lists */
13362678
SF		 1105 tb_remove_from_jmp_list(tb, 0);
1106 tb_remove_from_jmp_list(tb, 1);
5b6dd868
BS		 1107
1108 /* suppress any remaining jumps to this TB */
89bba496 1109 tb_jmp_unlink(tb);
5b6dd868 1110
5e5f07e0 1111 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
5b6dd868
BS		 1112}
1113
6fad459c 1114#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 1115static void build_page_bitmap(PageDesc *p)
1116{
1117 int n, tb_start, tb_end;
1118 TranslationBlock *tb;
1119
510a647f 1120 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
5b6dd868
BS		 1121
1122 tb = p->first_tb;
1123 while (tb != NULL) {
1124 n = (uintptr_t)tb & 3;
1125 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1126 /* NOTE: this is subtle as a TB may span two physical pages */
1127 if (n == 0) {
1128 /* NOTE: tb_end may be after the end of the page, but
1129 it is not a problem */
1130 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1131 tb_end = tb_start + tb->size;
1132 if (tb_end > TARGET_PAGE_SIZE) {
1133 tb_end = TARGET_PAGE_SIZE;
e505a063 1134 }
5b6dd868
BS		 1135 } else {
1136 tb_start = 0;
1137 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1138 }
510a647f 1139 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
5b6dd868
BS		 1140 tb = tb->page_next[n];
1141 }
1142}
6fad459c 1143#endif
5b6dd868 1144
e90d96b1
SF		 1145/* add the tb in the target page and protect it if necessary
1146 *
1147 * Called with mmap_lock held for user-mode emulation.
1148 */
1149static inline void tb_alloc_page(TranslationBlock *tb,
1150 unsigned int n, tb_page_addr_t page_addr)
1151{
1152 PageDesc *p;
1153#ifndef CONFIG_USER_ONLY
1154 bool page_already_protected;
1155#endif
1156
e505a063
AB		 1157 assert_memory_lock();
1158
e90d96b1
SF		 1159 tb->page_addr[n] = page_addr;
1160 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1161 tb->page_next[n] = p->first_tb;
1162#ifndef CONFIG_USER_ONLY
1163 page_already_protected = p->first_tb != NULL;
1164#endif
1165 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1166 invalidate_page_bitmap(p);
1167
1168#if defined(CONFIG_USER_ONLY)
1169 if (p->flags & PAGE_WRITE) {
1170 target_ulong addr;
1171 PageDesc *p2;
1172 int prot;
1173
1174 /* force the host page as non writable (writes will have a
1175 page fault + mprotect overhead) */
1176 page_addr &= qemu_host_page_mask;
1177 prot = 0;
1178 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1179 addr += TARGET_PAGE_SIZE) {
1180
1181 p2 = page_find(addr >> TARGET_PAGE_BITS);
1182 if (!p2) {
1183 continue;
1184 }
1185 prot |= p2->flags;
1186 p2->flags &= ~PAGE_WRITE;
1187 }
1188 mprotect(g2h(page_addr), qemu_host_page_size,
1189 (prot & PAGE_BITS) & ~PAGE_WRITE);
1190#ifdef DEBUG_TB_INVALIDATE
1191 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1192 page_addr);
1193#endif
1194 }
1195#else
1196 /* if some code is already present, then the pages are already
1197 protected. So we handle the case where only the first TB is
1198 allocated in a physical page */
1199 if (!page_already_protected) {
1200 tlb_protect_code(page_addr);
1201 }
1202#endif
1203}
1204
1205/* add a new TB and link it to the physical page tables. phys_page2 is
1206 * (-1) to indicate that only one page contains the TB.
1207 *
1208 * Called with mmap_lock held for user-mode emulation.
1209 */
1210static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1211 tb_page_addr_t phys_page2)
1212{
42bd3228 1213 uint32_t h;
e90d96b1 1214
e505a063
AB		 1215 assert_memory_lock();
1216
e90d96b1
SF		 1217 /* add in the page list */
1218 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1219 if (phys_page2 != -1) {
1220 tb_alloc_page(tb, 1, phys_page2);
1221 } else {
1222 tb->page_addr[1] = -1;
1223 }
1224
2e1ae44a
AB		 1225 /* add in the hash table */
1226 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
1227 qht_insert(&tcg_ctx.tb_ctx.htable, tb, h);
1228
e90d96b1
SF		 1229#ifdef DEBUG_TB_CHECK
1230 tb_page_check();
1231#endif
1232}
1233
75692087 1234/* Called with mmap_lock held for user mode emulation. */
648f034c 1235TranslationBlock *tb_gen_code(CPUState *cpu,
5b6dd868 1236 target_ulong pc, target_ulong cs_base,
89fee74a 1237 uint32_t flags, int cflags)
5b6dd868 1238{
648f034c 1239 CPUArchState *env = cpu->env_ptr;
5b6dd868 1240 TranslationBlock *tb;
5b6dd868
BS		 1241 tb_page_addr_t phys_pc, phys_page2;
1242 target_ulong virt_page2;
fec88f64 1243 tcg_insn_unit *gen_code_buf;
fca8a500 1244 int gen_code_size, search_size;
fec88f64
RH		 1245#ifdef CONFIG_PROFILER
1246 int64_t ti;
1247#endif
e505a063 1248 assert_memory_lock();
5b6dd868
BS		 1249
1250 phys_pc = get_page_addr_code(env, pc);
56c0269a 1251 if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
0266359e
PB		 1252 cflags |= CF_USE_ICOUNT;
1253 }
b125f9dc 1254
5b6dd868 1255 tb = tb_alloc(pc);
b125f9dc
RH		 1256 if (unlikely(!tb)) {
1257 buffer_overflow:
5b6dd868 1258 /* flush must be done */
bbd77c18 1259 tb_flush(cpu);
3359baad 1260 mmap_unlock();
8499c8fc
PD		 1261 /* Make the execution loop process the flush as soon as possible. */
1262 cpu->exception_index = EXCP_INTERRUPT;
3359baad 1263 cpu_loop_exit(cpu);
5b6dd868 1264 }
fec88f64
RH		 1265
1266 gen_code_buf = tcg_ctx.code_gen_ptr;
1267 tb->tc_ptr = gen_code_buf;
5b6dd868
BS		 1268 tb->cs_base = cs_base;
1269 tb->flags = flags;
1270 tb->cflags = cflags;
fec88f64
RH		 1271
1272#ifdef CONFIG_PROFILER
1273 tcg_ctx.tb_count1++; /* includes aborted translations because of
1274 exceptions */
1275 ti = profile_getclock();
1276#endif
1277
1278 tcg_func_start(&tcg_ctx);
1279
7c255043 1280 tcg_ctx.cpu = ENV_GET_CPU(env);
fec88f64 1281 gen_intermediate_code(env, tb);
7c255043 1282 tcg_ctx.cpu = NULL;
fec88f64
RH		 1283
1284 trace_translate_block(tb, tb->pc, tb->tc_ptr);
1285
1286 /* generate machine code */
f309101c
SF		 1287 tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
1288 tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID;
1289 tcg_ctx.tb_jmp_reset_offset = tb->jmp_reset_offset;
fec88f64 1290#ifdef USE_DIRECT_JUMP
f309101c
SF		 1291 tcg_ctx.tb_jmp_insn_offset = tb->jmp_insn_offset;
1292 tcg_ctx.tb_jmp_target_addr = NULL;
fec88f64 1293#else
f309101c
SF		 1294 tcg_ctx.tb_jmp_insn_offset = NULL;
1295 tcg_ctx.tb_jmp_target_addr = tb->jmp_target_addr;
fec88f64
RH		 1296#endif
1297
1298#ifdef CONFIG_PROFILER
1299 tcg_ctx.tb_count++;
1300 tcg_ctx.interm_time += profile_getclock() - ti;
1301 tcg_ctx.code_time -= profile_getclock();
1302#endif
1303
b125f9dc
RH		 1304 /* ??? Overflow could be handled better here. In particular, we
1305 don't need to re-do gen_intermediate_code, nor should we re-do
1306 the tcg optimization currently hidden inside tcg_gen_code. All
1307 that should be required is to flush the TBs, allocate a new TB,
1308 re-initialize it per above, and re-do the actual code generation. */
5bd2ec3d 1309 gen_code_size = tcg_gen_code(&tcg_ctx, tb);
b125f9dc
RH		 1310 if (unlikely(gen_code_size < 0)) {
1311 goto buffer_overflow;
1312 }
fca8a500 1313 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
b125f9dc
RH		 1314 if (unlikely(search_size < 0)) {
1315 goto buffer_overflow;
1316 }
fec88f64
RH		 1317
1318#ifdef CONFIG_PROFILER
1319 tcg_ctx.code_time += profile_getclock();
1320 tcg_ctx.code_in_len += tb->size;
1321 tcg_ctx.code_out_len += gen_code_size;
fca8a500 1322 tcg_ctx.search_out_len += search_size;
fec88f64
RH		 1323#endif
1324
1325#ifdef DEBUG_DISAS
d977e1c2
AB		 1326 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
1327 qemu_log_in_addr_range(tb->pc)) {
1ee73216 1328 qemu_log_lock();
fec88f64
RH		 1329 qemu_log("OUT: [size=%d]\n", gen_code_size);
1330 log_disas(tb->tc_ptr, gen_code_size);
1331 qemu_log("\n");
1332 qemu_log_flush();
1ee73216 1333 qemu_log_unlock();
fec88f64
RH		 1334 }
1335#endif
1336
fca8a500
RH		 1337 tcg_ctx.code_gen_ptr = (void *)
1338 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
1339 CODE_GEN_ALIGN);
5b6dd868 1340
901bc3de
SF		 1341 /* init jump list */
1342 assert(((uintptr_t)tb & 3) == 0);
1343 tb->jmp_list_first = (uintptr_t)tb | 2;
1344 tb->jmp_list_next[0] = (uintptr_t)NULL;
1345 tb->jmp_list_next[1] = (uintptr_t)NULL;
1346
1347 /* init original jump addresses wich has been set during tcg_gen_code() */
1348 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
1349 tb_reset_jump(tb, 0);
1350 }
1351 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
1352 tb_reset_jump(tb, 1);
1353 }
1354
5b6dd868
BS		 1355 /* check next page if needed */
1356 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1357 phys_page2 = -1;
1358 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1359 phys_page2 = get_page_addr_code(env, virt_page2);
1360 }
901bc3de
SF		 1361 /* As long as consistency of the TB stuff is provided by tb_lock in user
1362 * mode and is implicit in single-threaded softmmu emulation, no explicit
1363 * memory barrier is required before tb_link_page() makes the TB visible
1364 * through the physical hash table and physical page list.
1365 */
5b6dd868
BS		 1366 tb_link_page(tb, phys_pc, phys_page2);
1367 return tb;
1368}
1369
1370/*
1371 * Invalidate all TBs which intersect with the target physical address range
1372 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1373 * 'is_cpu_write_access' should be true if called from a real cpu write
1374 * access: the virtual CPU will exit the current TB if code is modified inside
1375 * this TB.
75692087 1376 *
ba051fb5
AB		 1377 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1378 * Called with tb_lock held for system-mode emulation
5b6dd868 1379 */
ba051fb5 1380static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end)
5b6dd868
BS		 1381{
1382 while (start < end) {
35865339 1383 tb_invalidate_phys_page_range(start, end, 0);
5b6dd868
BS		 1384 start &= TARGET_PAGE_MASK;
1385 start += TARGET_PAGE_SIZE;
1386 }
1387}
1388
ba051fb5
AB		 1389#ifdef CONFIG_SOFTMMU
1390void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1391{
6ac3d7e8 1392 assert_tb_locked();
ba051fb5
AB		 1393 tb_invalidate_phys_range_1(start, end);
1394}
1395#else
1396void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1397{
1398 assert_memory_lock();
1399 tb_lock();
1400 tb_invalidate_phys_range_1(start, end);
1401 tb_unlock();
1402}
1403#endif
5b6dd868
BS		 1404/*
1405 * Invalidate all TBs which intersect with the target physical address range
1406 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1407 * 'is_cpu_write_access' should be true if called from a real cpu write
1408 * access: the virtual CPU will exit the current TB if code is modified inside
1409 * this TB.
75692087 1410 *
ba051fb5
AB		 1411 * Called with tb_lock/mmap_lock held for user-mode emulation
1412 * Called with tb_lock held for system-mode emulation
5b6dd868
BS		 1413 */
1414void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1415 int is_cpu_write_access)
1416{
3213525f 1417 TranslationBlock *tb, *tb_next;
baea4fae 1418#if defined(TARGET_HAS_PRECISE_SMC)
3213525f 1419 CPUState *cpu = current_cpu;
4917cf44
AF		 1420 CPUArchState *env = NULL;
1421#endif
5b6dd868
BS		 1422 tb_page_addr_t tb_start, tb_end;
1423 PageDesc *p;
1424 int n;
1425#ifdef TARGET_HAS_PRECISE_SMC
1426 int current_tb_not_found = is_cpu_write_access;
1427 TranslationBlock *current_tb = NULL;
1428 int current_tb_modified = 0;
1429 target_ulong current_pc = 0;
1430 target_ulong current_cs_base = 0;
89fee74a 1431 uint32_t current_flags = 0;
5b6dd868
BS		 1432#endif /* TARGET_HAS_PRECISE_SMC */
1433
e505a063 1434 assert_memory_lock();
6ac3d7e8 1435 assert_tb_locked();
e505a063 1436
5b6dd868
BS		 1437 p = page_find(start >> TARGET_PAGE_BITS);
1438 if (!p) {
1439 return;
1440 }
baea4fae 1441#if defined(TARGET_HAS_PRECISE_SMC)
4917cf44
AF		 1442 if (cpu != NULL) {
1443 env = cpu->env_ptr;
d77953b9 1444 }
4917cf44 1445#endif
5b6dd868
BS		 1446
1447 /* we remove all the TBs in the range [start, end[ */
1448 /* XXX: see if in some cases it could be faster to invalidate all
1449 the code */
1450 tb = p->first_tb;
1451 while (tb != NULL) {
1452 n = (uintptr_t)tb & 3;
1453 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1454 tb_next = tb->page_next[n];
1455 /* NOTE: this is subtle as a TB may span two physical pages */
1456 if (n == 0) {
1457 /* NOTE: tb_end may be after the end of the page, but
1458 it is not a problem */
1459 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1460 tb_end = tb_start + tb->size;
1461 } else {
1462 tb_start = tb->page_addr[1];
1463 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1464 }
1465 if (!(tb_end <= start || tb_start >= end)) {
1466#ifdef TARGET_HAS_PRECISE_SMC
1467 if (current_tb_not_found) {
1468 current_tb_not_found = 0;
1469 current_tb = NULL;
93afeade 1470 if (cpu->mem_io_pc) {
5b6dd868 1471 /* now we have a real cpu fault */
93afeade 1472 current_tb = tb_find_pc(cpu->mem_io_pc);
5b6dd868
BS		 1473 }
1474 }
1475 if (current_tb == tb &&
1476 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1477 /* If we are modifying the current TB, we must stop
1478 its execution. We could be more precise by checking
1479 that the modification is after the current PC, but it
1480 would require a specialized function to partially
1481 restore the CPU state */
1482
1483 current_tb_modified = 1;
74f10515 1484 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
5b6dd868
BS		 1485 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1486 &current_flags);
1487 }
1488#endif /* TARGET_HAS_PRECISE_SMC */
5b6dd868 1489 tb_phys_invalidate(tb, -1);
5b6dd868
BS		 1490 }
1491 tb = tb_next;
1492 }
1493#if !defined(CONFIG_USER_ONLY)
1494 /* if no code remaining, no need to continue to use slow writes */
1495 if (!p->first_tb) {
1496 invalidate_page_bitmap(p);
fc377bcf 1497 tlb_unprotect_code(start);
5b6dd868
BS		 1498 }
1499#endif
1500#ifdef TARGET_HAS_PRECISE_SMC
1501 if (current_tb_modified) {
1502 /* we generate a block containing just the instruction
1503 modifying the memory. It will ensure that it cannot modify
1504 itself */
648f034c 1505 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
6886b980 1506 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 1507 }
1508#endif
1509}
1510
6fad459c 1511#ifdef CONFIG_SOFTMMU
ba051fb5
AB		 1512/* len must be <= 8 and start must be a multiple of len.
1513 * Called via softmmu_template.h when code areas are written to with
8d04fb55 1514 * iothread mutex not held.
ba051fb5 1515 */
5b6dd868
BS		 1516void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1517{
1518 PageDesc *p;
5b6dd868
BS		 1519
1520#if 0
1521 if (1) {
1522 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1523 cpu_single_env->mem_io_vaddr, len,
1524 cpu_single_env->eip,
1525 cpu_single_env->eip +
1526 (intptr_t)cpu_single_env->segs[R_CS].base);
1527 }
1528#endif
ba051fb5
AB		 1529 assert_memory_lock();
1530
5b6dd868
BS		 1531 p = page_find(start >> TARGET_PAGE_BITS);
1532 if (!p) {
1533 return;
1534 }
fc377bcf
PB		 1535 if (!p->code_bitmap &&
1536 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
7d7500d9
PB		 1537 /* build code bitmap. FIXME: writes should be protected by
1538 * tb_lock, reads by tb_lock or RCU.
1539 */
fc377bcf
PB		 1540 build_page_bitmap(p);
1541 }
5b6dd868 1542 if (p->code_bitmap) {
510a647f
EC		 1543 unsigned int nr;
1544 unsigned long b;
1545
1546 nr = start & ~TARGET_PAGE_MASK;
1547 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
5b6dd868
BS		 1548 if (b & ((1 << len) - 1)) {
1549 goto do_invalidate;
1550 }
1551 } else {
1552 do_invalidate:
1553 tb_invalidate_phys_page_range(start, start + len, 1);
1554 }
1555}
6fad459c 1556#else
75809229
PM		 1557/* Called with mmap_lock held. If pc is not 0 then it indicates the
1558 * host PC of the faulting store instruction that caused this invalidate.
1559 * Returns true if the caller needs to abort execution of the current
1560 * TB (because it was modified by this store and the guest CPU has
1561 * precise-SMC semantics).
1562 */
1563static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
5b6dd868
BS		 1564{
1565 TranslationBlock *tb;
1566 PageDesc *p;
1567 int n;
1568#ifdef TARGET_HAS_PRECISE_SMC
1569 TranslationBlock *current_tb = NULL;
4917cf44
AF		 1570 CPUState *cpu = current_cpu;
1571 CPUArchState *env = NULL;
5b6dd868
BS		 1572 int current_tb_modified = 0;
1573 target_ulong current_pc = 0;
1574 target_ulong current_cs_base = 0;
89fee74a 1575 uint32_t current_flags = 0;
5b6dd868
BS		 1576#endif
1577
ba051fb5
AB		 1578 assert_memory_lock();
1579
5b6dd868
BS		 1580 addr &= TARGET_PAGE_MASK;
1581 p = page_find(addr >> TARGET_PAGE_BITS);
1582 if (!p) {
75809229 1583 return false;
5b6dd868 1584 }
a5e99826
FK		 1585
1586 tb_lock();
5b6dd868
BS		 1587 tb = p->first_tb;
1588#ifdef TARGET_HAS_PRECISE_SMC
1589 if (tb && pc != 0) {
1590 current_tb = tb_find_pc(pc);
1591 }
4917cf44
AF		 1592 if (cpu != NULL) {
1593 env = cpu->env_ptr;
d77953b9 1594 }
5b6dd868
BS		 1595#endif
1596 while (tb != NULL) {
1597 n = (uintptr_t)tb & 3;
1598 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1599#ifdef TARGET_HAS_PRECISE_SMC
1600 if (current_tb == tb &&
1601 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1602 /* If we are modifying the current TB, we must stop
1603 its execution. We could be more precise by checking
1604 that the modification is after the current PC, but it
1605 would require a specialized function to partially
1606 restore the CPU state */
1607
1608 current_tb_modified = 1;
74f10515 1609 cpu_restore_state_from_tb(cpu, current_tb, pc);
5b6dd868
BS		 1610 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1611 &current_flags);
1612 }
1613#endif /* TARGET_HAS_PRECISE_SMC */
1614 tb_phys_invalidate(tb, addr);
1615 tb = tb->page_next[n];
1616 }
1617 p->first_tb = NULL;
1618#ifdef TARGET_HAS_PRECISE_SMC
1619 if (current_tb_modified) {
1620 /* we generate a block containing just the instruction
1621 modifying the memory. It will ensure that it cannot modify
1622 itself */
648f034c 1623 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
a5e99826
FK		 1624 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1625 * back into the cpu_exec loop. */
75809229 1626 return true;
5b6dd868
BS		 1627 }
1628#endif
a5e99826
FK		 1629 tb_unlock();
1630
75809229 1631 return false;
5b6dd868
BS		 1632}
1633#endif
1634
5b6dd868
BS		 1635/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1636 tb[1].tc_ptr. Return NULL if not found */
a8a826a3 1637static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
5b6dd868
BS		 1638{
1639 int m_min, m_max, m;
1640 uintptr_t v;
1641 TranslationBlock *tb;
1642
5e5f07e0 1643 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
5b6dd868
BS		 1644 return NULL;
1645 }
0b0d3320
EV		 1646 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1647 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
5b6dd868
BS		 1648 return NULL;
1649 }
1650 /* binary search (cf Knuth) */
1651 m_min = 0;
5e5f07e0 1652 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
5b6dd868
BS		 1653 while (m_min <= m_max) {
1654 m = (m_min + m_max) >> 1;
5e5f07e0 1655 tb = &tcg_ctx.tb_ctx.tbs[m];
5b6dd868
BS		 1656 v = (uintptr_t)tb->tc_ptr;
1657 if (v == tc_ptr) {
1658 return tb;
1659 } else if (tc_ptr < v) {
1660 m_max = m - 1;
1661 } else {
1662 m_min = m + 1;
1663 }
1664 }
5e5f07e0 1665 return &tcg_ctx.tb_ctx.tbs[m_max];
5b6dd868
BS		 1666}
1667
ec53b45b 1668#if !defined(CONFIG_USER_ONLY)
29d8ec7b 1669void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
5b6dd868
BS		 1670{
1671 ram_addr_t ram_addr;
5c8a00ce 1672 MemoryRegion *mr;
149f54b5 1673 hwaddr l = 1;
5b6dd868 1674
41063e1e 1675 rcu_read_lock();
29d8ec7b 1676 mr = address_space_translate(as, addr, &addr, &l, false);
5c8a00ce
PB		 1677 if (!(memory_region_is_ram(mr)
1678 || memory_region_is_romd(mr))) {
41063e1e 1679 rcu_read_unlock();
5b6dd868
BS		 1680 return;
1681 }
e4e69794 1682 ram_addr = memory_region_get_ram_addr(mr) + addr;
ba051fb5 1683 tb_lock();
5b6dd868 1684 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
ba051fb5 1685 tb_unlock();
41063e1e 1686 rcu_read_unlock();
5b6dd868 1687}
ec53b45b 1688#endif /* !defined(CONFIG_USER_ONLY) */
5b6dd868 1689
7d7500d9 1690/* Called with tb_lock held. */
239c51a5 1691void tb_check_watchpoint(CPUState *cpu)
5b6dd868
BS		 1692{
1693 TranslationBlock *tb;
1694
93afeade 1695 tb = tb_find_pc(cpu->mem_io_pc);
8d302e76
AJ		 1696 if (tb) {
1697 /* We can use retranslation to find the PC. */
1698 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1699 tb_phys_invalidate(tb, -1);
1700 } else {
1701 /* The exception probably happened in a helper. The CPU state should
1702 have been saved before calling it. Fetch the PC from there. */
1703 CPUArchState *env = cpu->env_ptr;
1704 target_ulong pc, cs_base;
1705 tb_page_addr_t addr;
89fee74a 1706 uint32_t flags;
8d302e76
AJ		 1707
1708 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
1709 addr = get_page_addr_code(env, pc);
1710 tb_invalidate_phys_range(addr, addr + 1);
5b6dd868 1711 }
5b6dd868
BS		 1712}
1713
1714#ifndef CONFIG_USER_ONLY
5b6dd868 1715/* in deterministic execution mode, instructions doing device I/Os
8d04fb55
JK		 1716 * must be at the end of the TB.
1717 *
1718 * Called by softmmu_template.h, with iothread mutex not held.
1719 */
90b40a69 1720void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
5b6dd868 1721{
a47dddd7 1722#if defined(TARGET_MIPS) || defined(TARGET_SH4)
90b40a69 1723 CPUArchState *env = cpu->env_ptr;
a47dddd7 1724#endif
5b6dd868
BS		 1725 TranslationBlock *tb;
1726 uint32_t n, cflags;
1727 target_ulong pc, cs_base;
89fee74a 1728 uint32_t flags;
5b6dd868 1729
a5e99826 1730 tb_lock();
5b6dd868
BS		 1731 tb = tb_find_pc(retaddr);
1732 if (!tb) {
a47dddd7 1733 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
5b6dd868
BS		 1734 (void *)retaddr);
1735 }
28ecfd7a 1736 n = cpu->icount_decr.u16.low + tb->icount;
74f10515 1737 cpu_restore_state_from_tb(cpu, tb, retaddr);
5b6dd868
BS		 1738 /* Calculate how many instructions had been executed before the fault
1739 occurred. */
28ecfd7a 1740 n = n - cpu->icount_decr.u16.low;
5b6dd868
BS		 1741 /* Generate a new TB ending on the I/O insn. */
1742 n++;
1743 /* On MIPS and SH, delay slot instructions can only be restarted if
1744 they were already the first instruction in the TB. If this is not
1745 the first instruction in a TB then re-execute the preceding
1746 branch. */
1747#if defined(TARGET_MIPS)
1748 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
c3577479 1749 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
28ecfd7a 1750 cpu->icount_decr.u16.low++;
5b6dd868
BS		 1751 env->hflags &= ~MIPS_HFLAG_BMASK;
1752 }
1753#elif defined(TARGET_SH4)
1754 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1755 && n > 1) {
1756 env->pc -= 2;
28ecfd7a 1757 cpu->icount_decr.u16.low++;
5b6dd868
BS		 1758 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1759 }
1760#endif
1761 /* This should never happen. */
1762 if (n > CF_COUNT_MASK) {
a47dddd7 1763 cpu_abort(cpu, "TB too big during recompile");
5b6dd868
BS		 1764 }
1765
1766 cflags = n | CF_LAST_IO;
1767 pc = tb->pc;
1768 cs_base = tb->cs_base;
1769 flags = tb->flags;
1770 tb_phys_invalidate(tb, -1);
02d57ea1
SF		 1771 if (tb->cflags & CF_NOCACHE) {
1772 if (tb->orig_tb) {
1773 /* Invalidate original TB if this TB was generated in
1774 * cpu_exec_nocache() */
1775 tb_phys_invalidate(tb->orig_tb, -1);
1776 }
1777 tb_free(tb);
1778 }
5b6dd868
BS		 1779 /* FIXME: In theory this could raise an exception. In practice
1780 we have already translated the block once so it's probably ok. */
648f034c 1781 tb_gen_code(cpu, pc, cs_base, flags, cflags);
a5e99826 1782
5b6dd868 1783 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
a5e99826
FK		 1784 * the first in the TB) then we end up generating a whole new TB and
1785 * repeating the fault, which is horribly inefficient.
1786 * Better would be to execute just this insn uncached, or generate a
1787 * second new TB.
1788 *
1789 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1790 * tb_lock gets reset.
1791 */
6886b980 1792 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 1793}
1794
611d4f99 1795void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
5b6dd868
BS		 1796{
1797 unsigned int i;
1798
1799 /* Discard jump cache entries for any tb which might potentially
1800 overlap the flushed page. */
1801 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
8cd70437 1802 memset(&cpu->tb_jmp_cache[i], 0,
5b6dd868
BS		 1803 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1804
1805 i = tb_jmp_cache_hash_page(addr);
8cd70437 1806 memset(&cpu->tb_jmp_cache[i], 0,
5b6dd868
BS		 1807 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1808}
1809
7266ae91
EC		 1810static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf,
1811 struct qht_stats hst)
1812{
1813 uint32_t hgram_opts;
1814 size_t hgram_bins;
1815 char *hgram;
1816
1817 if (!hst.head_buckets) {
1818 return;
1819 }
1820 cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
1821 hst.used_head_buckets, hst.head_buckets,
1822 (double)hst.used_head_buckets / hst.head_buckets * 100);
1823
1824 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1825 hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT;
1826 if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) {
1827 hgram_opts |= QDIST_PR_NODECIMAL;
1828 }
1829 hgram = qdist_pr(&hst.occupancy, 10, hgram_opts);
1830 cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n",
1831 qdist_avg(&hst.occupancy) * 100, hgram);
1832 g_free(hgram);
1833
1834 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1835 hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain);
1836 if (hgram_bins > 10) {
1837 hgram_bins = 10;
1838 } else {
1839 hgram_bins = 0;
1840 hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE;
1841 }
1842 hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts);
1843 cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n",
1844 qdist_avg(&hst.chain), hgram);
1845 g_free(hgram);
1846}
1847
5b6dd868
BS		 1848void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1849{
1850 int i, target_code_size, max_target_code_size;
1851 int direct_jmp_count, direct_jmp2_count, cross_page;
1852 TranslationBlock *tb;
329844d4 1853 struct qht_stats hst;
5b6dd868 1854
a5e99826
FK		 1855 tb_lock();
1856
5b6dd868
BS		 1857 target_code_size = 0;
1858 max_target_code_size = 0;
1859 cross_page = 0;
1860 direct_jmp_count = 0;
1861 direct_jmp2_count = 0;
5e5f07e0
EV		 1862 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
1863 tb = &tcg_ctx.tb_ctx.tbs[i];
5b6dd868
BS		 1864 target_code_size += tb->size;
1865 if (tb->size > max_target_code_size) {
1866 max_target_code_size = tb->size;
1867 }
1868 if (tb->page_addr[1] != -1) {
1869 cross_page++;
1870 }
f309101c 1871 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
5b6dd868 1872 direct_jmp_count++;
f309101c 1873 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
5b6dd868
BS		 1874 direct_jmp2_count++;
1875 }
1876 }
1877 }
1878 /* XXX: avoid using doubles ? */
1879 cpu_fprintf(f, "Translation buffer state:\n");
1880 cpu_fprintf(f, "gen code size %td/%zd\n",
0b0d3320 1881 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
b125f9dc 1882 tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer);
5b6dd868 1883 cpu_fprintf(f, "TB count %d/%d\n",
5e5f07e0 1884 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.code_gen_max_blocks);
5b6dd868 1885 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
5e5f07e0
EV		 1886 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1887 tcg_ctx.tb_ctx.nb_tbs : 0,
1888 max_target_code_size);
5b6dd868 1889 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
5e5f07e0
EV		 1890 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1891 tcg_ctx.code_gen_buffer) /
1892 tcg_ctx.tb_ctx.nb_tbs : 0,
1893 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1894 tcg_ctx.code_gen_buffer) /
1895 target_code_size : 0);
1896 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1897 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1898 tcg_ctx.tb_ctx.nb_tbs : 0);
5b6dd868
BS		 1899 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1900 direct_jmp_count,
5e5f07e0
EV		 1901 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1902 tcg_ctx.tb_ctx.nb_tbs : 0,
5b6dd868 1903 direct_jmp2_count,
5e5f07e0
EV		 1904 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1905 tcg_ctx.tb_ctx.nb_tbs : 0);
329844d4
EC		 1906
1907 qht_statistics_init(&tcg_ctx.tb_ctx.htable, &hst);
7266ae91 1908 print_qht_statistics(f, cpu_fprintf, hst);
329844d4
EC		 1909 qht_statistics_destroy(&hst);
1910
5b6dd868 1911 cpu_fprintf(f, "\nStatistics:\n");
3359baad
SF		 1912 cpu_fprintf(f, "TB flush count %u\n",
1913 atomic_read(&tcg_ctx.tb_ctx.tb_flush_count));
5e5f07e0
EV		 1914 cpu_fprintf(f, "TB invalidate count %d\n",
1915 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
5b6dd868
BS		 1916 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1917 tcg_dump_info(f, cpu_fprintf);
a5e99826
FK		 1918
1919 tb_unlock();
5b6dd868
BS		 1920}
1921
246ae24d
MF		 1922void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
1923{
1924 tcg_dump_op_count(f, cpu_fprintf);
1925}
1926
5b6dd868
BS		 1927#else /* CONFIG_USER_ONLY */
1928
c3affe56 1929void cpu_interrupt(CPUState *cpu, int mask)
5b6dd868 1930{
8d04fb55 1931 g_assert(qemu_mutex_iothread_locked());
259186a7 1932 cpu->interrupt_request |= mask;
378df4b2 1933 cpu->tcg_exit_req = 1;
5b6dd868
BS		 1934}
1935
1936/*
1937 * Walks guest process memory "regions" one by one
1938 * and calls callback function 'fn' for each region.
1939 */
1940struct walk_memory_regions_data {
1941 walk_memory_regions_fn fn;
1942 void *priv;
1a1c4db9 1943 target_ulong start;
5b6dd868
BS		 1944 int prot;
1945};
1946
1947static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1a1c4db9 1948 target_ulong end, int new_prot)
5b6dd868 1949{
1a1c4db9 1950 if (data->start != -1u) {
5b6dd868
BS		 1951 int rc = data->fn(data->priv, data->start, end, data->prot);
1952 if (rc != 0) {
1953 return rc;
1954 }
1955 }
1956
1a1c4db9 1957 data->start = (new_prot ? end : -1u);
5b6dd868
BS		 1958 data->prot = new_prot;
1959
1960 return 0;
1961}
1962
1963static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1a1c4db9 1964 target_ulong base, int level, void **lp)
5b6dd868 1965{
1a1c4db9 1966 target_ulong pa;
5b6dd868
BS		 1967 int i, rc;
1968
1969 if (*lp == NULL) {
1970 return walk_memory_regions_end(data, base, 0);
1971 }
1972
1973 if (level == 0) {
1974 PageDesc *pd = *lp;
1975
03f49957 1976 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 1977 int prot = pd[i].flags;
1978
1979 pa = base | (i << TARGET_PAGE_BITS);
1980 if (prot != data->prot) {
1981 rc = walk_memory_regions_end(data, pa, prot);
1982 if (rc != 0) {
1983 return rc;
1984 }
1985 }
1986 }
1987 } else {
1988 void **pp = *lp;
1989
03f49957 1990 for (i = 0; i < V_L2_SIZE; ++i) {
1a1c4db9 1991 pa = base | ((target_ulong)i <<
03f49957 1992 (TARGET_PAGE_BITS + V_L2_BITS * level));
5b6dd868
BS		 1993 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
1994 if (rc != 0) {
1995 return rc;
1996 }
1997 }
1998 }
1999
2000 return 0;
2001}
2002
2003int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2004{
2005 struct walk_memory_regions_data data;
66ec9f49 2006 uintptr_t i, l1_sz = v_l1_size;
5b6dd868
BS		 2007
2008 data.fn = fn;
2009 data.priv = priv;
1a1c4db9 2010 data.start = -1u;
5b6dd868
BS		 2011 data.prot = 0;
2012
66ec9f49
VK		 2013 for (i = 0; i < l1_sz; i++) {
2014 target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS);
2015 int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i);
5b6dd868
BS		 2016 if (rc != 0) {
2017 return rc;
2018 }
2019 }
2020
2021 return walk_memory_regions_end(&data, 0, 0);
2022}
2023
1a1c4db9
MI		 2024static int dump_region(void *priv, target_ulong start,
2025 target_ulong end, unsigned long prot)
5b6dd868
BS		 2026{
2027 FILE *f = (FILE *)priv;
2028
1a1c4db9
MI		 2029 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
2030 " "TARGET_FMT_lx" %c%c%c\n",
5b6dd868
BS		 2031 start, end, end - start,
2032 ((prot & PAGE_READ) ? 'r' : '-'),
2033 ((prot & PAGE_WRITE) ? 'w' : '-'),
2034 ((prot & PAGE_EXEC) ? 'x' : '-'));
2035
2036 return 0;
2037}
2038
2039/* dump memory mappings */
2040void page_dump(FILE *f)
2041{
1a1c4db9 2042 const int length = sizeof(target_ulong) * 2;
227b8175
SW		 2043 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
2044 length, "start", length, "end", length, "size", "prot");
5b6dd868
BS		 2045 walk_memory_regions(f, dump_region);
2046}
2047
2048int page_get_flags(target_ulong address)
2049{
2050 PageDesc *p;
2051
2052 p = page_find(address >> TARGET_PAGE_BITS);
2053 if (!p) {
2054 return 0;
2055 }
2056 return p->flags;
2057}
2058
2059/* Modify the flags of a page and invalidate the code if necessary.
2060 The flag PAGE_WRITE_ORG is positioned automatically depending
2061 on PAGE_WRITE. The mmap_lock should already be held. */
2062void page_set_flags(target_ulong start, target_ulong end, int flags)
2063{
2064 target_ulong addr, len;
2065
2066 /* This function should never be called with addresses outside the
2067 guest address space. If this assert fires, it probably indicates
2068 a missing call to h2g_valid. */
2069#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1a1c4db9 2070 assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
5b6dd868
BS		 2071#endif
2072 assert(start < end);
e505a063 2073 assert_memory_lock();
5b6dd868
BS		 2074
2075 start = start & TARGET_PAGE_MASK;
2076 end = TARGET_PAGE_ALIGN(end);
2077
2078 if (flags & PAGE_WRITE) {
2079 flags |= PAGE_WRITE_ORG;
2080 }
2081
2082 for (addr = start, len = end - start;
2083 len != 0;
2084 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2085 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2086
2087 /* If the write protection bit is set, then we invalidate
2088 the code inside. */
2089 if (!(p->flags & PAGE_WRITE) &&
2090 (flags & PAGE_WRITE) &&
2091 p->first_tb) {
75809229 2092 tb_invalidate_phys_page(addr, 0);
5b6dd868
BS		 2093 }
2094 p->flags = flags;
2095 }
2096}
2097
2098int page_check_range(target_ulong start, target_ulong len, int flags)
2099{
2100 PageDesc *p;
2101 target_ulong end;
2102 target_ulong addr;
2103
2104 /* This function should never be called with addresses outside the
2105 guest address space. If this assert fires, it probably indicates
2106 a missing call to h2g_valid. */
2107#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1a1c4db9 2108 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
5b6dd868
BS		 2109#endif
2110
2111 if (len == 0) {
2112 return 0;
2113 }
2114 if (start + len - 1 < start) {
2115 /* We've wrapped around. */
2116 return -1;
2117 }
2118
2119 /* must do before we loose bits in the next step */
2120 end = TARGET_PAGE_ALIGN(start + len);
2121 start = start & TARGET_PAGE_MASK;
2122
2123 for (addr = start, len = end - start;
2124 len != 0;
2125 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2126 p = page_find(addr >> TARGET_PAGE_BITS);
2127 if (!p) {
2128 return -1;
2129 }
2130 if (!(p->flags & PAGE_VALID)) {
2131 return -1;
2132 }
2133
2134 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
2135 return -1;
2136 }
2137 if (flags & PAGE_WRITE) {
2138 if (!(p->flags & PAGE_WRITE_ORG)) {
2139 return -1;
2140 }
2141 /* unprotect the page if it was put read-only because it
2142 contains translated code */
2143 if (!(p->flags & PAGE_WRITE)) {
f213e72f 2144 if (!page_unprotect(addr, 0)) {
5b6dd868
BS		 2145 return -1;
2146 }
2147 }
5b6dd868
BS		 2148 }
2149 }
2150 return 0;
2151}
2152
2153/* called from signal handler: invalidate the code and unprotect the
f213e72f
PM		 2154 * page. Return 0 if the fault was not handled, 1 if it was handled,
2155 * and 2 if it was handled but the caller must cause the TB to be
2156 * immediately exited. (We can only return 2 if the 'pc' argument is
2157 * non-zero.)
2158 */
2159int page_unprotect(target_ulong address, uintptr_t pc)
5b6dd868
BS		 2160{
2161 unsigned int prot;
7399a337 2162 bool current_tb_invalidated;
5b6dd868
BS		 2163 PageDesc *p;
2164 target_ulong host_start, host_end, addr;
2165
2166 /* Technically this isn't safe inside a signal handler. However we
2167 know this only ever happens in a synchronous SEGV handler, so in
2168 practice it seems to be ok. */
2169 mmap_lock();
2170
2171 p = page_find(address >> TARGET_PAGE_BITS);
2172 if (!p) {
2173 mmap_unlock();
2174 return 0;
2175 }
2176
2177 /* if the page was really writable, then we change its
2178 protection back to writable */
2179 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2180 host_start = address & qemu_host_page_mask;
2181 host_end = host_start + qemu_host_page_size;
2182
2183 prot = 0;
7399a337 2184 current_tb_invalidated = false;
5b6dd868
BS		 2185 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2186 p = page_find(addr >> TARGET_PAGE_BITS);
2187 p->flags |= PAGE_WRITE;
2188 prot |= p->flags;
2189
2190 /* and since the content will be modified, we must invalidate
2191 the corresponding translated code. */
7399a337 2192 current_tb_invalidated |= tb_invalidate_phys_page(addr, pc);
5b6dd868
BS		 2193#ifdef DEBUG_TB_CHECK
2194 tb_invalidate_check(addr);
2195#endif
2196 }
2197 mprotect((void *)g2h(host_start), qemu_host_page_size,
2198 prot & PAGE_BITS);
2199
2200 mmap_unlock();
7399a337
SS		 2201 /* If current TB was invalidated return to main loop */
2202 return current_tb_invalidated ? 2 : 1;
5b6dd868
BS		 2203 }
2204 mmap_unlock();
2205 return 0;
2206}
2207#endif /* CONFIG_USER_ONLY */
QEMU mirror