]> git.proxmox.com Git - mirror_qemu.git/blame - translate-all.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tcg: allocate TB structs before the corresponding translated code
[mirror_qemu.git] / translate-all.c
CommitLineData
d19893da
FB		 1/*
2 * Host code generation
5fafdf24 3 *
d19893da
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
d19893da 18 */
5b6dd868
BS		 19#ifdef _WIN32
20#include <windows.h>
5b6dd868 21#endif
7b31bbc2 22#include "qemu/osdep.h"
d19893da 23
2054396a 24
5b6dd868 25#include "qemu-common.h"
af5ad107 26#define NO_CPU_IO_DEFS
d3eead2e 27#include "cpu.h"
0ab8ed18 28#include "trace-root.h"
76cad711 29#include "disas/disas.h"
63c91552 30#include "exec/exec-all.h"
57fec1fe 31#include "tcg.h"
5b6dd868
BS		 32#if defined(CONFIG_USER_ONLY)
33#include "qemu.h"
301e40ed 34#include "exec/exec-all.h"
5b6dd868
BS		 35#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
36#include <sys/param.h>
37#if __FreeBSD_version >= 700104
38#define HAVE_KINFO_GETVMMAP
39#define sigqueue sigqueue_freebsd /* avoid redefinition */
5b6dd868
BS		 40#include <sys/proc.h>
41#include <machine/profile.h>
42#define _KERNEL
43#include <sys/user.h>
44#undef _KERNEL
45#undef sigqueue
46#include <libutil.h>
47#endif
48#endif
0bc3cd62
PB		 49#else
50#include "exec/address-spaces.h"
5b6dd868
BS		 51#endif
52
022c62cb 53#include "exec/cputlb.h"
e1b89321 54#include "exec/tb-hash.h"
5b6dd868 55#include "translate-all.h"
510a647f 56#include "qemu/bitmap.h"
0aa09897 57#include "qemu/timer.h"
8d04fb55 58#include "qemu/main-loop.h"
508127e2 59#include "exec/log.h"
d2528bdc 60#include "sysemu/cpus.h"
5b6dd868 61
955939a2
AB		 62/* #define DEBUG_TB_INVALIDATE */
63/* #define DEBUG_TB_FLUSH */
5b6dd868 64/* make various TB consistency checks */
955939a2 65/* #define DEBUG_TB_CHECK */
5b6dd868
BS		 66
67#if !defined(CONFIG_USER_ONLY)
68/* TB consistency checks only implemented for usermode emulation. */
69#undef DEBUG_TB_CHECK
70#endif
71
301e40ed
AB		 72/* Access to the various translations structures need to be serialised via locks
73 * for consistency. This is automatic for SoftMMU based system
74 * emulation due to its single threaded nature. In user-mode emulation
75 * access to the memory related structures are protected with the
76 * mmap_lock.
77 */
301e40ed 78#ifdef CONFIG_SOFTMMU
2f169606 79#define assert_memory_lock() tcg_debug_assert(have_tb_lock)
301e40ed 80#else
6ac3d7e8 81#define assert_memory_lock() tcg_debug_assert(have_mmap_lock())
301e40ed
AB		 82#endif
83
5b6dd868
BS		 84#define SMC_BITMAP_USE_THRESHOLD 10
85
5b6dd868
BS		 86typedef struct PageDesc {
87 /* list of TBs intersecting this ram page */
88 TranslationBlock *first_tb;
6fad459c 89#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 90 /* in order to optimize self modifying code, we count the number
91 of lookups we do to a given page to use a bitmap */
92 unsigned int code_write_count;
510a647f 93 unsigned long *code_bitmap;
6fad459c 94#else
5b6dd868
BS		 95 unsigned long flags;
96#endif
97} PageDesc;
98
99/* In system mode we want L1_MAP to be based on ram offsets,
100 while in user mode we want it to be based on virtual addresses. */
101#if !defined(CONFIG_USER_ONLY)
102#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
103# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
104#else
105# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
106#endif
107#else
108# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
109#endif
110
03f49957
PB		 111/* Size of the L2 (and L3, etc) page tables. */
112#define V_L2_BITS 10
113#define V_L2_SIZE (1 << V_L2_BITS)
114
5b6dd868 115uintptr_t qemu_host_page_size;
0c2d70c4 116intptr_t qemu_host_page_mask;
5b6dd868 117
66ec9f49
VK		 118/*
119 * L1 Mapping properties
120 */
121static int v_l1_size;
122static int v_l1_shift;
123static int v_l2_levels;
124
125/* The bottom level has pointers to PageDesc, and is indexed by
126 * anything from 4 to (V_L2_BITS + 3) bits, depending on target page size.
127 */
128#define V_L1_MIN_BITS 4
129#define V_L1_MAX_BITS (V_L2_BITS + 3)
130#define V_L1_MAX_SIZE (1 << V_L1_MAX_BITS)
131
132static void *l1_map[V_L1_MAX_SIZE];
5b6dd868 133
57fec1fe
FB		 134/* code generation context */
135TCGContext tcg_ctx;
fdbc2b57 136bool parallel_cpus;
d19893da 137
677ef623 138/* translation block context */
677ef623 139__thread int have_tb_lock;
677ef623 140
66ec9f49
VK		 141static void page_table_config_init(void)
142{
143 uint32_t v_l1_bits;
144
145 assert(TARGET_PAGE_BITS);
146 /* The bits remaining after N lower levels of page tables. */
147 v_l1_bits = (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS;
148 if (v_l1_bits < V_L1_MIN_BITS) {
149 v_l1_bits += V_L2_BITS;
150 }
151
152 v_l1_size = 1 << v_l1_bits;
153 v_l1_shift = L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - v_l1_bits;
154 v_l2_levels = v_l1_shift / V_L2_BITS - 1;
155
156 assert(v_l1_bits <= V_L1_MAX_BITS);
157 assert(v_l1_shift % V_L2_BITS == 0);
158 assert(v_l2_levels >= 0);
159}
160
6ac3d7e8
PK		 161#define assert_tb_locked() tcg_debug_assert(have_tb_lock)
162#define assert_tb_unlocked() tcg_debug_assert(!have_tb_lock)
6ac3d7e8 163
677ef623
FK		 164void tb_lock(void)
165{
6ac3d7e8 166 assert_tb_unlocked();
677ef623
FK		 167 qemu_mutex_lock(&tcg_ctx.tb_ctx.tb_lock);
168 have_tb_lock++;
677ef623
FK		 169}
170
171void tb_unlock(void)
172{
6ac3d7e8 173 assert_tb_locked();
677ef623
FK		 174 have_tb_lock--;
175 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
677ef623
FK		 176}
177
178void tb_lock_reset(void)
179{
677ef623
FK		 180 if (have_tb_lock) {
181 qemu_mutex_unlock(&tcg_ctx.tb_ctx.tb_lock);
182 have_tb_lock = 0;
183 }
677ef623
FK		 184}
185
a8a826a3 186static TranslationBlock *tb_find_pc(uintptr_t tc_ptr);
5b6dd868 187
57fec1fe
FB		 188void cpu_gen_init(void)
189{
190 tcg_context_init(&tcg_ctx);
57fec1fe
FB		 191}
192
fca8a500
RH		 193/* Encode VAL as a signed leb128 sequence at P.
194 Return P incremented past the encoded value. */
195static uint8_t *encode_sleb128(uint8_t *p, target_long val)
196{
197 int more, byte;
198
199 do {
200 byte = val & 0x7f;
201 val >>= 7;
202 more = !((val == 0 && (byte & 0x40) == 0)
203 || (val == -1 && (byte & 0x40) != 0));
204 if (more) {
205 byte |= 0x80;
206 }
207 *p++ = byte;
208 } while (more);
209
210 return p;
211}
212
213/* Decode a signed leb128 sequence at *PP; increment *PP past the
214 decoded value. Return the decoded value. */
215static target_long decode_sleb128(uint8_t **pp)
216{
217 uint8_t *p = *pp;
218 target_long val = 0;
219 int byte, shift = 0;
220
221 do {
222 byte = *p++;
223 val |= (target_ulong)(byte & 0x7f) << shift;
224 shift += 7;
225 } while (byte & 0x80);
226 if (shift < TARGET_LONG_BITS && (byte & 0x40)) {
227 val |= -(target_ulong)1 << shift;
228 }
229
230 *pp = p;
231 return val;
232}
233
234/* Encode the data collected about the instructions while compiling TB.
235 Place the data at BLOCK, and return the number of bytes consumed.
236
237 The logical table consisits of TARGET_INSN_START_WORDS target_ulong's,
238 which come from the target's insn_start data, followed by a uintptr_t
239 which comes from the host pc of the end of the code implementing the insn.
240
241 Each line of the table is encoded as sleb128 deltas from the previous
242 line. The seed for the first line is { tb->pc, 0..., tb->tc_ptr }.
243 That is, the first column is seeded with the guest pc, the last column
244 with the host pc, and the middle columns with zeros. */
245
246static int encode_search(TranslationBlock *tb, uint8_t *block)
247{
b125f9dc 248 uint8_t *highwater = tcg_ctx.code_gen_highwater;
fca8a500
RH		 249 uint8_t *p = block;
250 int i, j, n;
251
252 tb->tc_search = block;
253
254 for (i = 0, n = tb->icount; i < n; ++i) {
255 target_ulong prev;
256
257 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
258 if (i == 0) {
259 prev = (j == 0 ? tb->pc : 0);
260 } else {
261 prev = tcg_ctx.gen_insn_data[i - 1][j];
262 }
263 p = encode_sleb128(p, tcg_ctx.gen_insn_data[i][j] - prev);
264 }
265 prev = (i == 0 ? 0 : tcg_ctx.gen_insn_end_off[i - 1]);
266 p = encode_sleb128(p, tcg_ctx.gen_insn_end_off[i] - prev);
b125f9dc
RH		 267
268 /* Test for (pending) buffer overflow. The assumption is that any
269 one row beginning below the high water mark cannot overrun
270 the buffer completely. Thus we can test for overflow after
271 encoding a row without having to check during encoding. */
272 if (unlikely(p > highwater)) {
273 return -1;
274 }
fca8a500
RH		 275 }
276
277 return p - block;
278}
279
7d7500d9
PB		 280/* The cpu state corresponding to 'searched_pc' is restored.
281 * Called with tb_lock held.
282 */
74f10515 283static int cpu_restore_state_from_tb(CPUState *cpu, TranslationBlock *tb,
a8a826a3 284 uintptr_t searched_pc)
d19893da 285{
fca8a500
RH		 286 target_ulong data[TARGET_INSN_START_WORDS] = { tb->pc };
287 uintptr_t host_pc = (uintptr_t)tb->tc_ptr;
74f10515 288 CPUArchState *env = cpu->env_ptr;
fca8a500
RH		 289 uint8_t *p = tb->tc_search;
290 int i, j, num_insns = tb->icount;
57fec1fe 291#ifdef CONFIG_PROFILER
fca8a500 292 int64_t ti = profile_getclock();
57fec1fe
FB		 293#endif
294
01ecaf43
RH		 295 searched_pc -= GETPC_ADJ;
296
fca8a500
RH		 297 if (searched_pc < host_pc) {
298 return -1;
299 }
d19893da 300
fca8a500
RH		 301 /* Reconstruct the stored insn data while looking for the point at
302 which the end of the insn exceeds the searched_pc. */
303 for (i = 0; i < num_insns; ++i) {
304 for (j = 0; j < TARGET_INSN_START_WORDS; ++j) {
305 data[j] += decode_sleb128(&p);
306 }
307 host_pc += decode_sleb128(&p);
308 if (host_pc > searched_pc) {
309 goto found;
310 }
311 }
312 return -1;
3b46e624 313
fca8a500 314 found:
bd79255d 315 if (tb->cflags & CF_USE_ICOUNT) {
414b15c9 316 assert(use_icount);
2e70f6ef 317 /* Reset the cycle counter to the start of the block. */
fca8a500 318 cpu->icount_decr.u16.low += num_insns;
2e70f6ef 319 /* Clear the IO flag. */
99df7dce 320 cpu->can_do_io = 0;
2e70f6ef 321 }
fca8a500
RH		 322 cpu->icount_decr.u16.low -= i;
323 restore_state_to_opc(env, tb, data);
57fec1fe
FB		 324
325#ifdef CONFIG_PROFILER
fca8a500
RH		 326 tcg_ctx.restore_time += profile_getclock() - ti;
327 tcg_ctx.restore_count++;
57fec1fe 328#endif
d19893da
FB		 329 return 0;
330}
5b6dd868 331
3f38f309 332bool cpu_restore_state(CPUState *cpu, uintptr_t retaddr)
a8a826a3
BS		 333{
334 TranslationBlock *tb;
a5e99826 335 bool r = false;
a8a826a3 336
d8b2239b
AB		 337 /* A retaddr of zero is invalid so we really shouldn't have ended
338 * up here. The target code has likely forgotten to check retaddr
339 * != 0 before attempting to restore state. We return early to
340 * avoid blowing up on a recursive tb_lock(). The target must have
341 * previously survived a failed cpu_restore_state because
342 * tb_find_pc(0) would have failed anyway. It still should be
343 * fixed though.
344 */
345
346 if (!retaddr) {
347 return r;
348 }
349
a5e99826 350 tb_lock();
a8a826a3
BS		 351 tb = tb_find_pc(retaddr);
352 if (tb) {
74f10515 353 cpu_restore_state_from_tb(cpu, tb, retaddr);
d8a499f1
PD		 354 if (tb->cflags & CF_NOCACHE) {
355 /* one-shot translation, invalidate it immediately */
d8a499f1
PD		 356 tb_phys_invalidate(tb, -1);
357 tb_free(tb);
358 }
a5e99826 359 r = true;
a8a826a3 360 }
a5e99826
FK		 361 tb_unlock();
362
363 return r;
a8a826a3
BS		 364}
365
47c16ed5 366void page_size_init(void)
5b6dd868
BS		 367{
368 /* NOTE: we can always suppose that qemu_host_page_size >=
369 TARGET_PAGE_SIZE */
5b6dd868 370 qemu_real_host_page_size = getpagesize();
0c2d70c4 371 qemu_real_host_page_mask = -(intptr_t)qemu_real_host_page_size;
5b6dd868
BS		 372 if (qemu_host_page_size == 0) {
373 qemu_host_page_size = qemu_real_host_page_size;
374 }
375 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
376 qemu_host_page_size = TARGET_PAGE_SIZE;
377 }
0c2d70c4 378 qemu_host_page_mask = -(intptr_t)qemu_host_page_size;
47c16ed5 379}
5b6dd868 380
47c16ed5
AK		 381static void page_init(void)
382{
383 page_size_init();
66ec9f49
VK		 384 page_table_config_init();
385
5b6dd868
BS		 386#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
387 {
388#ifdef HAVE_KINFO_GETVMMAP
389 struct kinfo_vmentry *freep;
390 int i, cnt;
391
392 freep = kinfo_getvmmap(getpid(), &cnt);
393 if (freep) {
394 mmap_lock();
395 for (i = 0; i < cnt; i++) {
396 unsigned long startaddr, endaddr;
397
398 startaddr = freep[i].kve_start;
399 endaddr = freep[i].kve_end;
400 if (h2g_valid(startaddr)) {
401 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
402
403 if (h2g_valid(endaddr)) {
404 endaddr = h2g(endaddr);
405 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
406 } else {
407#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
408 endaddr = ~0ul;
409 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
410#endif
411 }
412 }
413 }
414 free(freep);
415 mmap_unlock();
416 }
417#else
418 FILE *f;
419
420 last_brk = (unsigned long)sbrk(0);
421
422 f = fopen("/compat/linux/proc/self/maps", "r");
423 if (f) {
424 mmap_lock();
425
426 do {
427 unsigned long startaddr, endaddr;
428 int n;
429
430 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
431
432 if (n == 2 && h2g_valid(startaddr)) {
433 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
434
435 if (h2g_valid(endaddr)) {
436 endaddr = h2g(endaddr);
437 } else {
438 endaddr = ~0ul;
439 }
440 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
441 }
442 } while (!feof(f));
443
444 fclose(f);
445 mmap_unlock();
446 }
447#endif
448 }
449#endif
450}
451
75692087 452/* If alloc=1:
7d7500d9 453 * Called with tb_lock held for system emulation.
75692087
PB		 454 * Called with mmap_lock held for user-mode emulation.
455 */
5b6dd868
BS		 456static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
457{
458 PageDesc *pd;
459 void **lp;
460 int i;
461
e505a063
AB		 462 if (alloc) {
463 assert_memory_lock();
464 }
465
5b6dd868 466 /* Level 1. Always allocated. */
66ec9f49 467 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
5b6dd868
BS		 468
469 /* Level 2..N-1. */
66ec9f49 470 for (i = v_l2_levels; i > 0; i--) {
6940fab8 471 void **p = atomic_rcu_read(lp);
5b6dd868
BS		 472
473 if (p == NULL) {
474 if (!alloc) {
475 return NULL;
476 }
e3a0abfd 477 p = g_new0(void *, V_L2_SIZE);
6940fab8 478 atomic_rcu_set(lp, p);
5b6dd868
BS		 479 }
480
03f49957 481 lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1));
5b6dd868
BS		 482 }
483
6940fab8 484 pd = atomic_rcu_read(lp);
5b6dd868
BS		 485 if (pd == NULL) {
486 if (!alloc) {
487 return NULL;
488 }
e3a0abfd 489 pd = g_new0(PageDesc, V_L2_SIZE);
6940fab8 490 atomic_rcu_set(lp, pd);
5b6dd868
BS		 491 }
492
03f49957 493 return pd + (index & (V_L2_SIZE - 1));
5b6dd868
BS		 494}
495
496static inline PageDesc *page_find(tb_page_addr_t index)
497{
498 return page_find_alloc(index, 0);
499}
500
5b6dd868
BS		 501#if defined(CONFIG_USER_ONLY)
502/* Currently it is not recommended to allocate big chunks of data in
503 user mode. It will change when a dedicated libc will be used. */
504/* ??? 64-bit hosts ought to have no problem mmaping data outside the
505 region in which the guest needs to run. Revisit this. */
506#define USE_STATIC_CODE_GEN_BUFFER
507#endif
508
5b6dd868
BS		 509/* Minimum size of the code gen buffer. This number is randomly chosen,
510 but not so small that we can't have a fair number of TB's live. */
511#define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
512
513/* Maximum size of the code gen buffer we'd like to use. Unless otherwise
514 indicated, this is constrained by the range of direct branches on the
515 host cpu, as used by the TCG implementation of goto_tb. */
516#if defined(__x86_64__)
517# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
518#elif defined(__sparc__)
519# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
5bfd75a3
RH		 520#elif defined(__powerpc64__)
521# define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
399f1648
SF		 522#elif defined(__powerpc__)
523# define MAX_CODE_GEN_BUFFER_SIZE (32u * 1024 * 1024)
4a136e0a
CF		 524#elif defined(__aarch64__)
525# define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
5b6dd868
BS		 526#elif defined(__arm__)
527# define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
528#elif defined(__s390x__)
529 /* We have a +- 4GB range on the branches; leave some slop. */
530# define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
479eb121
RH		 531#elif defined(__mips__)
532 /* We have a 256MB branch region, but leave room to make sure the
533 main executable is also within that region. */
534# define MAX_CODE_GEN_BUFFER_SIZE (128ul * 1024 * 1024)
5b6dd868
BS		 535#else
536# define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
537#endif
538
539#define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
540
541#define DEFAULT_CODE_GEN_BUFFER_SIZE \
542 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
543 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
544
545static inline size_t size_code_gen_buffer(size_t tb_size)
546{
547 /* Size the buffer. */
548 if (tb_size == 0) {
549#ifdef USE_STATIC_CODE_GEN_BUFFER
550 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
551#else
552 /* ??? Needs adjustments. */
553 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
554 static buffer, we could size this on RESERVED_VA, on the text
555 segment size of the executable, or continue to use the default. */
556 tb_size = (unsigned long)(ram_size / 4);
557#endif
558 }
559 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
560 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
561 }
562 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
563 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
564 }
5b6dd868
BS		 565 return tb_size;
566}
567
483c76e1
RH		 568#ifdef __mips__
569/* In order to use J and JAL within the code_gen_buffer, we require
570 that the buffer not cross a 256MB boundary. */
571static inline bool cross_256mb(void *addr, size_t size)
572{
7ba6a512 573 return ((uintptr_t)addr ^ ((uintptr_t)addr + size)) & ~0x0ffffffful;
483c76e1
RH		 574}
575
576/* We weren't able to allocate a buffer without crossing that boundary,
577 so make do with the larger portion of the buffer that doesn't cross.
578 Returns the new base of the buffer, and adjusts code_gen_buffer_size. */
579static inline void *split_cross_256mb(void *buf1, size_t size1)
580{
7ba6a512 581 void *buf2 = (void *)(((uintptr_t)buf1 + size1) & ~0x0ffffffful);
483c76e1
RH		 582 size_t size2 = buf1 + size1 - buf2;
583
584 size1 = buf2 - buf1;
585 if (size1 < size2) {
586 size1 = size2;
587 buf1 = buf2;
588 }
589
590 tcg_ctx.code_gen_buffer_size = size1;
591 return buf1;
592}
593#endif
594
5b6dd868
BS		 595#ifdef USE_STATIC_CODE_GEN_BUFFER
596static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
597 __attribute__((aligned(CODE_GEN_ALIGN)));
598
f293709c
RH		 599# ifdef _WIN32
600static inline void do_protect(void *addr, long size, int prot)
601{
602 DWORD old_protect;
603 VirtualProtect(addr, size, prot, &old_protect);
604}
605
606static inline void map_exec(void *addr, long size)
607{
608 do_protect(addr, size, PAGE_EXECUTE_READWRITE);
609}
610
611static inline void map_none(void *addr, long size)
612{
613 do_protect(addr, size, PAGE_NOACCESS);
614}
615# else
616static inline void do_protect(void *addr, long size, int prot)
617{
618 uintptr_t start, end;
619
620 start = (uintptr_t)addr;
621 start &= qemu_real_host_page_mask;
622
623 end = (uintptr_t)addr + size;
624 end = ROUND_UP(end, qemu_real_host_page_size);
625
626 mprotect((void *)start, end - start, prot);
627}
628
629static inline void map_exec(void *addr, long size)
630{
631 do_protect(addr, size, PROT_READ | PROT_WRITE | PROT_EXEC);
632}
633
634static inline void map_none(void *addr, long size)
635{
636 do_protect(addr, size, PROT_NONE);
637}
638# endif /* WIN32 */
639
5b6dd868
BS		 640static inline void *alloc_code_gen_buffer(void)
641{
483c76e1 642 void *buf = static_code_gen_buffer;
f293709c
RH		 643 size_t full_size, size;
644
645 /* The size of the buffer, rounded down to end on a page boundary. */
646 full_size = (((uintptr_t)buf + sizeof(static_code_gen_buffer))
647 & qemu_real_host_page_mask) - (uintptr_t)buf;
648
649 /* Reserve a guard page. */
650 size = full_size - qemu_real_host_page_size;
651
652 /* Honor a command-line option limiting the size of the buffer. */
653 if (size > tcg_ctx.code_gen_buffer_size) {
654 size = (((uintptr_t)buf + tcg_ctx.code_gen_buffer_size)
655 & qemu_real_host_page_mask) - (uintptr_t)buf;
656 }
657 tcg_ctx.code_gen_buffer_size = size;
658
483c76e1 659#ifdef __mips__
f293709c
RH		 660 if (cross_256mb(buf, size)) {
661 buf = split_cross_256mb(buf, size);
662 size = tcg_ctx.code_gen_buffer_size;
483c76e1
RH		 663 }
664#endif
f293709c
RH		 665
666 map_exec(buf, size);
667 map_none(buf + size, qemu_real_host_page_size);
668 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
669
483c76e1 670 return buf;
5b6dd868 671}
f293709c
RH		 672#elif defined(_WIN32)
673static inline void *alloc_code_gen_buffer(void)
674{
675 size_t size = tcg_ctx.code_gen_buffer_size;
676 void *buf1, *buf2;
677
678 /* Perform the allocation in two steps, so that the guard page
679 is reserved but uncommitted. */
680 buf1 = VirtualAlloc(NULL, size + qemu_real_host_page_size,
681 MEM_RESERVE, PAGE_NOACCESS);
682 if (buf1 != NULL) {
683 buf2 = VirtualAlloc(buf1, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
684 assert(buf1 == buf2);
685 }
686
687 return buf1;
688}
689#else
5b6dd868
BS		 690static inline void *alloc_code_gen_buffer(void)
691{
692 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
693 uintptr_t start = 0;
f293709c 694 size_t size = tcg_ctx.code_gen_buffer_size;
5b6dd868
BS		 695 void *buf;
696
697 /* Constrain the position of the buffer based on the host cpu.
698 Note that these addresses are chosen in concert with the
699 addresses assigned in the relevant linker script file. */
700# if defined(__PIE__) || defined(__PIC__)
701 /* Don't bother setting a preferred location if we're building
702 a position-independent executable. We're more likely to get
703 an address near the main executable if we let the kernel
704 choose the address. */
705# elif defined(__x86_64__) && defined(MAP_32BIT)
706 /* Force the memory down into low memory with the executable.
707 Leave the choice of exact location with the kernel. */
708 flags |= MAP_32BIT;
709 /* Cannot expect to map more than 800MB in low memory. */
f293709c
RH		 710 if (size > 800u * 1024 * 1024) {
711 tcg_ctx.code_gen_buffer_size = size = 800u * 1024 * 1024;
5b6dd868
BS		 712 }
713# elif defined(__sparc__)
714 start = 0x40000000ul;
715# elif defined(__s390x__)
716 start = 0x90000000ul;
479eb121 717# elif defined(__mips__)
f293709c 718# if _MIPS_SIM == _ABI64
479eb121
RH		 719 start = 0x128000000ul;
720# else
721 start = 0x08000000ul;
722# endif
5b6dd868
BS		 723# endif
724
f293709c
RH		 725 buf = mmap((void *)start, size + qemu_real_host_page_size,
726 PROT_NONE, flags, -1, 0);
483c76e1
RH		 727 if (buf == MAP_FAILED) {
728 return NULL;
729 }
730
731#ifdef __mips__
f293709c 732 if (cross_256mb(buf, size)) {
5d831be2 733 /* Try again, with the original still mapped, to avoid re-acquiring
483c76e1 734 that 256mb crossing. This time don't specify an address. */
f293709c
RH		 735 size_t size2;
736 void *buf2 = mmap(NULL, size + qemu_real_host_page_size,
737 PROT_NONE, flags, -1, 0);
f68808c7 738 switch ((int)(buf2 != MAP_FAILED)) {
f293709c
RH		 739 case 1:
740 if (!cross_256mb(buf2, size)) {
483c76e1 741 /* Success! Use the new buffer. */
8bdf4997 742 munmap(buf, size + qemu_real_host_page_size);
f293709c 743 break;
483c76e1
RH		 744 }
745 /* Failure. Work with what we had. */
8bdf4997 746 munmap(buf2, size + qemu_real_host_page_size);
f293709c
RH		 747 /* fallthru */
748 default:
749 /* Split the original buffer. Free the smaller half. */
750 buf2 = split_cross_256mb(buf, size);
751 size2 = tcg_ctx.code_gen_buffer_size;
752 if (buf == buf2) {
753 munmap(buf + size2 + qemu_real_host_page_size, size - size2);
754 } else {
755 munmap(buf, size - size2);
756 }
757 size = size2;
758 break;
483c76e1 759 }
f293709c 760 buf = buf2;
483c76e1
RH		 761 }
762#endif
763
f293709c
RH		 764 /* Make the final buffer accessible. The guard page at the end
765 will remain inaccessible with PROT_NONE. */
766 mprotect(buf, size, PROT_WRITE | PROT_READ | PROT_EXEC);
483c76e1 767
f293709c
RH		 768 /* Request large pages for the buffer. */
769 qemu_madvise(buf, size, QEMU_MADV_HUGEPAGE);
483c76e1 770
5b6dd868
BS		 771 return buf;
772}
f293709c 773#endif /* USE_STATIC_CODE_GEN_BUFFER, WIN32, POSIX */
5b6dd868
BS		 774
775static inline void code_gen_alloc(size_t tb_size)
776{
0b0d3320
EV		 777 tcg_ctx.code_gen_buffer_size = size_code_gen_buffer(tb_size);
778 tcg_ctx.code_gen_buffer = alloc_code_gen_buffer();
779 if (tcg_ctx.code_gen_buffer == NULL) {
5b6dd868
BS		 780 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
781 exit(1);
782 }
783
6e3b2bfd
EC		 784 /* size this conservatively -- realloc later if needed */
785 tcg_ctx.tb_ctx.tbs_size =
786 tcg_ctx.code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE / 8;
787 if (unlikely(!tcg_ctx.tb_ctx.tbs_size)) {
788 tcg_ctx.tb_ctx.tbs_size = 64 * 1024;
789 }
790 tcg_ctx.tb_ctx.tbs = g_new(TranslationBlock *, tcg_ctx.tb_ctx.tbs_size);
8163b749 791
677ef623 792 qemu_mutex_init(&tcg_ctx.tb_ctx.tb_lock);
5b6dd868
BS		 793}
794
909eaac9
EC		 795static void tb_htable_init(void)
796{
797 unsigned int mode = QHT_MODE_AUTO_RESIZE;
798
799 qht_init(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE, mode);
800}
801
5b6dd868
BS		 802/* Must be called before using the QEMU cpus. 'tb_size' is the size
803 (in bytes) allocated to the translation buffer. Zero means default
804 size. */
805void tcg_exec_init(unsigned long tb_size)
806{
807 cpu_gen_init();
5b6dd868 808 page_init();
909eaac9 809 tb_htable_init();
f293709c 810 code_gen_alloc(tb_size);
4cbea598 811#if defined(CONFIG_SOFTMMU)
5b6dd868
BS		 812 /* There's no guest base to take into account, so go ahead and
813 initialize the prologue now. */
814 tcg_prologue_init(&tcg_ctx);
815#endif
816}
817
818bool tcg_enabled(void)
819{
0b0d3320 820 return tcg_ctx.code_gen_buffer != NULL;
5b6dd868
BS		 821}
822
7d7500d9
PB		 823/*
824 * Allocate a new translation block. Flush the translation buffer if
825 * too many translation blocks or too much generated code.
826 *
827 * Called with tb_lock held.
828 */
5b6dd868
BS		 829static TranslationBlock *tb_alloc(target_ulong pc)
830{
831 TranslationBlock *tb;
6e3b2bfd 832 TBContext *ctx;
5b6dd868 833
6ac3d7e8 834 assert_tb_locked();
e505a063 835
6e3b2bfd
EC		 836 tb = tcg_tb_alloc(&tcg_ctx);
837 if (unlikely(tb == NULL)) {
5b6dd868
BS		 838 return NULL;
839 }
6e3b2bfd
EC		 840 ctx = &tcg_ctx.tb_ctx;
841 if (unlikely(ctx->nb_tbs == ctx->tbs_size)) {
842 ctx->tbs_size *= 2;
843 ctx->tbs = g_renew(TranslationBlock *, ctx->tbs, ctx->tbs_size);
844 }
845 ctx->tbs[ctx->nb_tbs++] = tb;
5b6dd868
BS		 846 tb->pc = pc;
847 tb->cflags = 0;
6d21e420 848 tb->invalid = false;
5b6dd868
BS		 849 return tb;
850}
851
7d7500d9 852/* Called with tb_lock held. */
5b6dd868
BS		 853void tb_free(TranslationBlock *tb)
854{
6ac3d7e8 855 assert_tb_locked();
e505a063 856
5b6dd868
BS		 857 /* In practice this is mostly used for single use temporary TB
858 Ignore the hard cases and just back up if this TB happens to
859 be the last one generated. */
5e5f07e0 860 if (tcg_ctx.tb_ctx.nb_tbs > 0 &&
6e3b2bfd
EC		 861 tb == tcg_ctx.tb_ctx.tbs[tcg_ctx.tb_ctx.nb_tbs - 1]) {
862 size_t struct_size = ROUND_UP(sizeof(*tb), qemu_icache_linesize);
863
864 tcg_ctx.code_gen_ptr = tb->tc_ptr - struct_size;
5e5f07e0 865 tcg_ctx.tb_ctx.nb_tbs--;
5b6dd868
BS		 866 }
867}
868
869static inline void invalidate_page_bitmap(PageDesc *p)
870{
6fad459c 871#ifdef CONFIG_SOFTMMU
012aef07
MA		 872 g_free(p->code_bitmap);
873 p->code_bitmap = NULL;
5b6dd868 874 p->code_write_count = 0;
6fad459c 875#endif
5b6dd868
BS		 876}
877
878/* Set to NULL all the 'first_tb' fields in all PageDescs. */
879static void page_flush_tb_1(int level, void **lp)
880{
881 int i;
882
883 if (*lp == NULL) {
884 return;
885 }
886 if (level == 0) {
887 PageDesc *pd = *lp;
888
03f49957 889 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 890 pd[i].first_tb = NULL;
891 invalidate_page_bitmap(pd + i);
892 }
893 } else {
894 void **pp = *lp;
895
03f49957 896 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 897 page_flush_tb_1(level - 1, pp + i);
898 }
899 }
900}
901
902static void page_flush_tb(void)
903{
66ec9f49 904 int i, l1_sz = v_l1_size;
5b6dd868 905
66ec9f49
VK		 906 for (i = 0; i < l1_sz; i++) {
907 page_flush_tb_1(v_l2_levels, l1_map + i);
5b6dd868
BS		 908 }
909}
910
911/* flush all the translation blocks */
14e6fe12 912static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
5b6dd868 913{
3359baad
SF		 914 tb_lock();
915
14e6fe12 916 /* If it is already been done on request of another CPU,
3359baad
SF		 917 * just retry.
918 */
14e6fe12 919 if (tcg_ctx.tb_ctx.tb_flush_count != tb_flush_count.host_int) {
3359baad 920 goto done;
135a972b 921 }
3359baad 922
955939a2 923#if defined(DEBUG_TB_FLUSH)
5b6dd868 924 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
0b0d3320 925 (unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer),
5e5f07e0 926 tcg_ctx.tb_ctx.nb_tbs, tcg_ctx.tb_ctx.nb_tbs > 0 ?
0b0d3320 927 ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)) /
5e5f07e0 928 tcg_ctx.tb_ctx.nb_tbs : 0);
5b6dd868 929#endif
0b0d3320
EV		 930 if ((unsigned long)(tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer)
931 > tcg_ctx.code_gen_buffer_size) {
a47dddd7 932 cpu_abort(cpu, "Internal error: code buffer overflow\n");
5b6dd868 933 }
5b6dd868 934
bdc44640 935 CPU_FOREACH(cpu) {
89a16b1e
SF		 936 int i;
937
938 for (i = 0; i < TB_JMP_CACHE_SIZE; ++i) {
939 atomic_set(&cpu->tb_jmp_cache[i], NULL);
940 }
5b6dd868
BS		 941 }
942
118b0730 943 tcg_ctx.tb_ctx.nb_tbs = 0;
909eaac9 944 qht_reset_size(&tcg_ctx.tb_ctx.htable, CODE_GEN_HTABLE_SIZE);
5b6dd868
BS		 945 page_flush_tb();
946
0b0d3320 947 tcg_ctx.code_gen_ptr = tcg_ctx.code_gen_buffer;
5b6dd868
BS		 948 /* XXX: flush processor icache at this point if cache flush is
949 expensive */
3359baad
SF		 950 atomic_mb_set(&tcg_ctx.tb_ctx.tb_flush_count,
951 tcg_ctx.tb_ctx.tb_flush_count + 1);
952
953done:
954 tb_unlock();
955}
956
957void tb_flush(CPUState *cpu)
958{
959 if (tcg_enabled()) {
14e6fe12
PB		 960 unsigned tb_flush_count = atomic_mb_read(&tcg_ctx.tb_ctx.tb_flush_count);
961 async_safe_run_on_cpu(cpu, do_tb_flush,
962 RUN_ON_CPU_HOST_INT(tb_flush_count));
3359baad 963 }
5b6dd868
BS		 964}
965
966#ifdef DEBUG_TB_CHECK
967
909eaac9
EC		 968static void
969do_tb_invalidate_check(struct qht *ht, void *p, uint32_t hash, void *userp)
5b6dd868 970{
909eaac9
EC		 971 TranslationBlock *tb = p;
972 target_ulong addr = *(target_ulong *)userp;
973
974 if (!(addr + TARGET_PAGE_SIZE <= tb->pc || addr >= tb->pc + tb->size)) {
975 printf("ERROR invalidate: address=" TARGET_FMT_lx
976 " PC=%08lx size=%04x\n", addr, (long)tb->pc, tb->size);
977 }
978}
5b6dd868 979
7d7500d9
PB		 980/* verify that all the pages have correct rights for code
981 *
982 * Called with tb_lock held.
983 */
909eaac9
EC		 984static void tb_invalidate_check(target_ulong address)
985{
5b6dd868 986 address &= TARGET_PAGE_MASK;
909eaac9
EC		 987 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_invalidate_check, &address);
988}
989
990static void
991do_tb_page_check(struct qht *ht, void *p, uint32_t hash, void *userp)
992{
993 TranslationBlock *tb = p;
994 int flags1, flags2;
995
996 flags1 = page_get_flags(tb->pc);
997 flags2 = page_get_flags(tb->pc + tb->size - 1);
998 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
999 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
1000 (long)tb->pc, tb->size, flags1, flags2);
5b6dd868
BS		 1001 }
1002}
1003
1004/* verify that all the pages have correct rights for code */
1005static void tb_page_check(void)
1006{
909eaac9 1007 qht_iter(&tcg_ctx.tb_ctx.htable, do_tb_page_check, NULL);
5b6dd868
BS		 1008}
1009
1010#endif
1011
5b6dd868
BS		 1012static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
1013{
1014 TranslationBlock *tb1;
1015 unsigned int n1;
1016
1017 for (;;) {
1018 tb1 = *ptb;
1019 n1 = (uintptr_t)tb1 & 3;
1020 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1021 if (tb1 == tb) {
1022 *ptb = tb1->page_next[n1];
1023 break;
1024 }
1025 ptb = &tb1->page_next[n1];
1026 }
1027}
1028
13362678
SF		 1029/* remove the TB from a list of TBs jumping to the n-th jump target of the TB */
1030static inline void tb_remove_from_jmp_list(TranslationBlock *tb, int n)
5b6dd868 1031{
c37e6d7e
SF		 1032 TranslationBlock *tb1;
1033 uintptr_t *ptb, ntb;
5b6dd868
BS		 1034 unsigned int n1;
1035
f309101c 1036 ptb = &tb->jmp_list_next[n];
c37e6d7e 1037 if (*ptb) {
5b6dd868
BS		 1038 /* find tb(n) in circular list */
1039 for (;;) {
c37e6d7e
SF		 1040 ntb = *ptb;
1041 n1 = ntb & 3;
1042 tb1 = (TranslationBlock *)(ntb & ~3);
5b6dd868
BS		 1043 if (n1 == n && tb1 == tb) {
1044 break;
1045 }
1046 if (n1 == 2) {
f309101c 1047 ptb = &tb1->jmp_list_first;
5b6dd868 1048 } else {
f309101c 1049 ptb = &tb1->jmp_list_next[n1];
5b6dd868
BS		 1050 }
1051 }
1052 /* now we can suppress tb(n) from the list */
f309101c 1053 *ptb = tb->jmp_list_next[n];
5b6dd868 1054
c37e6d7e 1055 tb->jmp_list_next[n] = (uintptr_t)NULL;
5b6dd868
BS		 1056 }
1057}
1058
1059/* reset the jump entry 'n' of a TB so that it is not chained to
1060 another TB */
1061static inline void tb_reset_jump(TranslationBlock *tb, int n)
1062{
f309101c
SF		 1063 uintptr_t addr = (uintptr_t)(tb->tc_ptr + tb->jmp_reset_offset[n]);
1064 tb_set_jmp_target(tb, n, addr);
5b6dd868
BS		 1065}
1066
89bba496
SF		 1067/* remove any jumps to the TB */
1068static inline void tb_jmp_unlink(TranslationBlock *tb)
1069{
f9c5b66f
SF		 1070 TranslationBlock *tb1;
1071 uintptr_t *ptb, ntb;
89bba496
SF		 1072 unsigned int n1;
1073
f9c5b66f 1074 ptb = &tb->jmp_list_first;
89bba496 1075 for (;;) {
f9c5b66f
SF		 1076 ntb = *ptb;
1077 n1 = ntb & 3;
1078 tb1 = (TranslationBlock *)(ntb & ~3);
89bba496
SF		 1079 if (n1 == 2) {
1080 break;
1081 }
f9c5b66f
SF		 1082 tb_reset_jump(tb1, n1);
1083 *ptb = tb1->jmp_list_next[n1];
1084 tb1->jmp_list_next[n1] = (uintptr_t)NULL;
89bba496 1085 }
89bba496
SF		 1086}
1087
7d7500d9
PB		 1088/* invalidate one TB
1089 *
1090 * Called with tb_lock held.
1091 */
5b6dd868
BS		 1092void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
1093{
182735ef 1094 CPUState *cpu;
5b6dd868 1095 PageDesc *p;
42bd3228 1096 uint32_t h;
5b6dd868 1097 tb_page_addr_t phys_pc;
5b6dd868 1098
6ac3d7e8 1099 assert_tb_locked();
e505a063 1100
6d21e420
PB		 1101 atomic_set(&tb->invalid, true);
1102
5b6dd868
BS		 1103 /* remove the TB from the hash list */
1104 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
42bd3228 1105 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
909eaac9 1106 qht_remove(&tcg_ctx.tb_ctx.htable, tb, h);
5b6dd868
BS		 1107
1108 /* remove the TB from the page list */
1109 if (tb->page_addr[0] != page_addr) {
1110 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
1111 tb_page_remove(&p->first_tb, tb);
1112 invalidate_page_bitmap(p);
1113 }
1114 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
1115 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
1116 tb_page_remove(&p->first_tb, tb);
1117 invalidate_page_bitmap(p);
1118 }
1119
5b6dd868
BS		 1120 /* remove the TB from the hash list */
1121 h = tb_jmp_cache_hash_func(tb->pc);
bdc44640 1122 CPU_FOREACH(cpu) {
89a16b1e
SF		 1123 if (atomic_read(&cpu->tb_jmp_cache[h]) == tb) {
1124 atomic_set(&cpu->tb_jmp_cache[h], NULL);
5b6dd868
BS		 1125 }
1126 }
1127
1128 /* suppress this TB from the two jump lists */
13362678
SF		 1129 tb_remove_from_jmp_list(tb, 0);
1130 tb_remove_from_jmp_list(tb, 1);
5b6dd868
BS		 1131
1132 /* suppress any remaining jumps to this TB */
89bba496 1133 tb_jmp_unlink(tb);
5b6dd868 1134
5e5f07e0 1135 tcg_ctx.tb_ctx.tb_phys_invalidate_count++;
5b6dd868
BS		 1136}
1137
6fad459c 1138#ifdef CONFIG_SOFTMMU
5b6dd868
BS		 1139static void build_page_bitmap(PageDesc *p)
1140{
1141 int n, tb_start, tb_end;
1142 TranslationBlock *tb;
1143
510a647f 1144 p->code_bitmap = bitmap_new(TARGET_PAGE_SIZE);
5b6dd868
BS		 1145
1146 tb = p->first_tb;
1147 while (tb != NULL) {
1148 n = (uintptr_t)tb & 3;
1149 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1150 /* NOTE: this is subtle as a TB may span two physical pages */
1151 if (n == 0) {
1152 /* NOTE: tb_end may be after the end of the page, but
1153 it is not a problem */
1154 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1155 tb_end = tb_start + tb->size;
1156 if (tb_end > TARGET_PAGE_SIZE) {
1157 tb_end = TARGET_PAGE_SIZE;
e505a063 1158 }
5b6dd868
BS		 1159 } else {
1160 tb_start = 0;
1161 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1162 }
510a647f 1163 bitmap_set(p->code_bitmap, tb_start, tb_end - tb_start);
5b6dd868
BS		 1164 tb = tb->page_next[n];
1165 }
1166}
6fad459c 1167#endif
5b6dd868 1168
e90d96b1
SF		 1169/* add the tb in the target page and protect it if necessary
1170 *
1171 * Called with mmap_lock held for user-mode emulation.
1172 */
1173static inline void tb_alloc_page(TranslationBlock *tb,
1174 unsigned int n, tb_page_addr_t page_addr)
1175{
1176 PageDesc *p;
1177#ifndef CONFIG_USER_ONLY
1178 bool page_already_protected;
1179#endif
1180
e505a063
AB		 1181 assert_memory_lock();
1182
e90d96b1
SF		 1183 tb->page_addr[n] = page_addr;
1184 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1185 tb->page_next[n] = p->first_tb;
1186#ifndef CONFIG_USER_ONLY
1187 page_already_protected = p->first_tb != NULL;
1188#endif
1189 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1190 invalidate_page_bitmap(p);
1191
1192#if defined(CONFIG_USER_ONLY)
1193 if (p->flags & PAGE_WRITE) {
1194 target_ulong addr;
1195 PageDesc *p2;
1196 int prot;
1197
1198 /* force the host page as non writable (writes will have a
1199 page fault + mprotect overhead) */
1200 page_addr &= qemu_host_page_mask;
1201 prot = 0;
1202 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1203 addr += TARGET_PAGE_SIZE) {
1204
1205 p2 = page_find(addr >> TARGET_PAGE_BITS);
1206 if (!p2) {
1207 continue;
1208 }
1209 prot |= p2->flags;
1210 p2->flags &= ~PAGE_WRITE;
1211 }
1212 mprotect(g2h(page_addr), qemu_host_page_size,
1213 (prot & PAGE_BITS) & ~PAGE_WRITE);
1214#ifdef DEBUG_TB_INVALIDATE
1215 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1216 page_addr);
1217#endif
1218 }
1219#else
1220 /* if some code is already present, then the pages are already
1221 protected. So we handle the case where only the first TB is
1222 allocated in a physical page */
1223 if (!page_already_protected) {
1224 tlb_protect_code(page_addr);
1225 }
1226#endif
1227}
1228
1229/* add a new TB and link it to the physical page tables. phys_page2 is
1230 * (-1) to indicate that only one page contains the TB.
1231 *
1232 * Called with mmap_lock held for user-mode emulation.
1233 */
1234static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1235 tb_page_addr_t phys_page2)
1236{
42bd3228 1237 uint32_t h;
e90d96b1 1238
e505a063
AB		 1239 assert_memory_lock();
1240
e90d96b1
SF		 1241 /* add in the page list */
1242 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1243 if (phys_page2 != -1) {
1244 tb_alloc_page(tb, 1, phys_page2);
1245 } else {
1246 tb->page_addr[1] = -1;
1247 }
1248
2e1ae44a
AB		 1249 /* add in the hash table */
1250 h = tb_hash_func(phys_pc, tb->pc, tb->flags);
1251 qht_insert(&tcg_ctx.tb_ctx.htable, tb, h);
1252
e90d96b1
SF		 1253#ifdef DEBUG_TB_CHECK
1254 tb_page_check();
1255#endif
1256}
1257
75692087 1258/* Called with mmap_lock held for user mode emulation. */
648f034c 1259TranslationBlock *tb_gen_code(CPUState *cpu,
5b6dd868 1260 target_ulong pc, target_ulong cs_base,
89fee74a 1261 uint32_t flags, int cflags)
5b6dd868 1262{
648f034c 1263 CPUArchState *env = cpu->env_ptr;
5b6dd868 1264 TranslationBlock *tb;
5b6dd868
BS		 1265 tb_page_addr_t phys_pc, phys_page2;
1266 target_ulong virt_page2;
fec88f64 1267 tcg_insn_unit *gen_code_buf;
fca8a500 1268 int gen_code_size, search_size;
fec88f64
RH		 1269#ifdef CONFIG_PROFILER
1270 int64_t ti;
1271#endif
e505a063 1272 assert_memory_lock();
5b6dd868
BS		 1273
1274 phys_pc = get_page_addr_code(env, pc);
56c0269a 1275 if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
0266359e
PB		 1276 cflags |= CF_USE_ICOUNT;
1277 }
b125f9dc 1278
5b6dd868 1279 tb = tb_alloc(pc);
b125f9dc
RH		 1280 if (unlikely(!tb)) {
1281 buffer_overflow:
5b6dd868 1282 /* flush must be done */
bbd77c18 1283 tb_flush(cpu);
3359baad 1284 mmap_unlock();
8499c8fc
PD		 1285 /* Make the execution loop process the flush as soon as possible. */
1286 cpu->exception_index = EXCP_INTERRUPT;
3359baad 1287 cpu_loop_exit(cpu);
5b6dd868 1288 }
fec88f64
RH		 1289
1290 gen_code_buf = tcg_ctx.code_gen_ptr;
1291 tb->tc_ptr = gen_code_buf;
5b6dd868
BS		 1292 tb->cs_base = cs_base;
1293 tb->flags = flags;
1294 tb->cflags = cflags;
fec88f64
RH		 1295
1296#ifdef CONFIG_PROFILER
1297 tcg_ctx.tb_count1++; /* includes aborted translations because of
1298 exceptions */
1299 ti = profile_getclock();
1300#endif
1301
1302 tcg_func_start(&tcg_ctx);
1303
7c255043 1304 tcg_ctx.cpu = ENV_GET_CPU(env);
fec88f64 1305 gen_intermediate_code(env, tb);
7c255043 1306 tcg_ctx.cpu = NULL;
fec88f64
RH		 1307
1308 trace_translate_block(tb, tb->pc, tb->tc_ptr);
1309
1310 /* generate machine code */
f309101c
SF		 1311 tb->jmp_reset_offset[0] = TB_JMP_RESET_OFFSET_INVALID;
1312 tb->jmp_reset_offset[1] = TB_JMP_RESET_OFFSET_INVALID;
1313 tcg_ctx.tb_jmp_reset_offset = tb->jmp_reset_offset;
fec88f64 1314#ifdef USE_DIRECT_JUMP
f309101c
SF		 1315 tcg_ctx.tb_jmp_insn_offset = tb->jmp_insn_offset;
1316 tcg_ctx.tb_jmp_target_addr = NULL;
fec88f64 1317#else
f309101c
SF		 1318 tcg_ctx.tb_jmp_insn_offset = NULL;
1319 tcg_ctx.tb_jmp_target_addr = tb->jmp_target_addr;
fec88f64
RH		 1320#endif
1321
1322#ifdef CONFIG_PROFILER
1323 tcg_ctx.tb_count++;
1324 tcg_ctx.interm_time += profile_getclock() - ti;
1325 tcg_ctx.code_time -= profile_getclock();
1326#endif
1327
b125f9dc
RH		 1328 /* ??? Overflow could be handled better here. In particular, we
1329 don't need to re-do gen_intermediate_code, nor should we re-do
1330 the tcg optimization currently hidden inside tcg_gen_code. All
1331 that should be required is to flush the TBs, allocate a new TB,
1332 re-initialize it per above, and re-do the actual code generation. */
5bd2ec3d 1333 gen_code_size = tcg_gen_code(&tcg_ctx, tb);
b125f9dc
RH		 1334 if (unlikely(gen_code_size < 0)) {
1335 goto buffer_overflow;
1336 }
fca8a500 1337 search_size = encode_search(tb, (void *)gen_code_buf + gen_code_size);
b125f9dc
RH		 1338 if (unlikely(search_size < 0)) {
1339 goto buffer_overflow;
1340 }
fec88f64
RH		 1341
1342#ifdef CONFIG_PROFILER
1343 tcg_ctx.code_time += profile_getclock();
1344 tcg_ctx.code_in_len += tb->size;
1345 tcg_ctx.code_out_len += gen_code_size;
fca8a500 1346 tcg_ctx.search_out_len += search_size;
fec88f64
RH		 1347#endif
1348
1349#ifdef DEBUG_DISAS
d977e1c2
AB		 1350 if (qemu_loglevel_mask(CPU_LOG_TB_OUT_ASM) &&
1351 qemu_log_in_addr_range(tb->pc)) {
1ee73216 1352 qemu_log_lock();
fec88f64
RH		 1353 qemu_log("OUT: [size=%d]\n", gen_code_size);
1354 log_disas(tb->tc_ptr, gen_code_size);
1355 qemu_log("\n");
1356 qemu_log_flush();
1ee73216 1357 qemu_log_unlock();
fec88f64
RH		 1358 }
1359#endif
1360
fca8a500
RH		 1361 tcg_ctx.code_gen_ptr = (void *)
1362 ROUND_UP((uintptr_t)gen_code_buf + gen_code_size + search_size,
1363 CODE_GEN_ALIGN);
5b6dd868 1364
901bc3de
SF		 1365 /* init jump list */
1366 assert(((uintptr_t)tb & 3) == 0);
1367 tb->jmp_list_first = (uintptr_t)tb | 2;
1368 tb->jmp_list_next[0] = (uintptr_t)NULL;
1369 tb->jmp_list_next[1] = (uintptr_t)NULL;
1370
1371 /* init original jump addresses wich has been set during tcg_gen_code() */
1372 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
1373 tb_reset_jump(tb, 0);
1374 }
1375 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
1376 tb_reset_jump(tb, 1);
1377 }
1378
5b6dd868
BS		 1379 /* check next page if needed */
1380 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1381 phys_page2 = -1;
1382 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1383 phys_page2 = get_page_addr_code(env, virt_page2);
1384 }
901bc3de
SF		 1385 /* As long as consistency of the TB stuff is provided by tb_lock in user
1386 * mode and is implicit in single-threaded softmmu emulation, no explicit
1387 * memory barrier is required before tb_link_page() makes the TB visible
1388 * through the physical hash table and physical page list.
1389 */
5b6dd868
BS		 1390 tb_link_page(tb, phys_pc, phys_page2);
1391 return tb;
1392}
1393
1394/*
1395 * Invalidate all TBs which intersect with the target physical address range
1396 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1397 * 'is_cpu_write_access' should be true if called from a real cpu write
1398 * access: the virtual CPU will exit the current TB if code is modified inside
1399 * this TB.
75692087 1400 *
ba051fb5
AB		 1401 * Called with mmap_lock held for user-mode emulation, grabs tb_lock
1402 * Called with tb_lock held for system-mode emulation
5b6dd868 1403 */
ba051fb5 1404static void tb_invalidate_phys_range_1(tb_page_addr_t start, tb_page_addr_t end)
5b6dd868
BS		 1405{
1406 while (start < end) {
35865339 1407 tb_invalidate_phys_page_range(start, end, 0);
5b6dd868
BS		 1408 start &= TARGET_PAGE_MASK;
1409 start += TARGET_PAGE_SIZE;
1410 }
1411}
1412
ba051fb5
AB		 1413#ifdef CONFIG_SOFTMMU
1414void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1415{
6ac3d7e8 1416 assert_tb_locked();
ba051fb5
AB		 1417 tb_invalidate_phys_range_1(start, end);
1418}
1419#else
1420void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end)
1421{
1422 assert_memory_lock();
1423 tb_lock();
1424 tb_invalidate_phys_range_1(start, end);
1425 tb_unlock();
1426}
1427#endif
5b6dd868
BS		 1428/*
1429 * Invalidate all TBs which intersect with the target physical address range
1430 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1431 * 'is_cpu_write_access' should be true if called from a real cpu write
1432 * access: the virtual CPU will exit the current TB if code is modified inside
1433 * this TB.
75692087 1434 *
ba051fb5
AB		 1435 * Called with tb_lock/mmap_lock held for user-mode emulation
1436 * Called with tb_lock held for system-mode emulation
5b6dd868
BS		 1437 */
1438void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1439 int is_cpu_write_access)
1440{
3213525f 1441 TranslationBlock *tb, *tb_next;
baea4fae 1442#if defined(TARGET_HAS_PRECISE_SMC)
3213525f 1443 CPUState *cpu = current_cpu;
4917cf44
AF		 1444 CPUArchState *env = NULL;
1445#endif
5b6dd868
BS		 1446 tb_page_addr_t tb_start, tb_end;
1447 PageDesc *p;
1448 int n;
1449#ifdef TARGET_HAS_PRECISE_SMC
1450 int current_tb_not_found = is_cpu_write_access;
1451 TranslationBlock *current_tb = NULL;
1452 int current_tb_modified = 0;
1453 target_ulong current_pc = 0;
1454 target_ulong current_cs_base = 0;
89fee74a 1455 uint32_t current_flags = 0;
5b6dd868
BS		 1456#endif /* TARGET_HAS_PRECISE_SMC */
1457
e505a063 1458 assert_memory_lock();
6ac3d7e8 1459 assert_tb_locked();
e505a063 1460
5b6dd868
BS		 1461 p = page_find(start >> TARGET_PAGE_BITS);
1462 if (!p) {
1463 return;
1464 }
baea4fae 1465#if defined(TARGET_HAS_PRECISE_SMC)
4917cf44
AF		 1466 if (cpu != NULL) {
1467 env = cpu->env_ptr;
d77953b9 1468 }
4917cf44 1469#endif
5b6dd868
BS		 1470
1471 /* we remove all the TBs in the range [start, end[ */
1472 /* XXX: see if in some cases it could be faster to invalidate all
1473 the code */
1474 tb = p->first_tb;
1475 while (tb != NULL) {
1476 n = (uintptr_t)tb & 3;
1477 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1478 tb_next = tb->page_next[n];
1479 /* NOTE: this is subtle as a TB may span two physical pages */
1480 if (n == 0) {
1481 /* NOTE: tb_end may be after the end of the page, but
1482 it is not a problem */
1483 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1484 tb_end = tb_start + tb->size;
1485 } else {
1486 tb_start = tb->page_addr[1];
1487 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1488 }
1489 if (!(tb_end <= start || tb_start >= end)) {
1490#ifdef TARGET_HAS_PRECISE_SMC
1491 if (current_tb_not_found) {
1492 current_tb_not_found = 0;
1493 current_tb = NULL;
93afeade 1494 if (cpu->mem_io_pc) {
5b6dd868 1495 /* now we have a real cpu fault */
93afeade 1496 current_tb = tb_find_pc(cpu->mem_io_pc);
5b6dd868
BS		 1497 }
1498 }
1499 if (current_tb == tb &&
1500 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1501 /* If we are modifying the current TB, we must stop
1502 its execution. We could be more precise by checking
1503 that the modification is after the current PC, but it
1504 would require a specialized function to partially
1505 restore the CPU state */
1506
1507 current_tb_modified = 1;
74f10515 1508 cpu_restore_state_from_tb(cpu, current_tb, cpu->mem_io_pc);
5b6dd868
BS		 1509 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1510 &current_flags);
1511 }
1512#endif /* TARGET_HAS_PRECISE_SMC */
5b6dd868 1513 tb_phys_invalidate(tb, -1);
5b6dd868
BS		 1514 }
1515 tb = tb_next;
1516 }
1517#if !defined(CONFIG_USER_ONLY)
1518 /* if no code remaining, no need to continue to use slow writes */
1519 if (!p->first_tb) {
1520 invalidate_page_bitmap(p);
fc377bcf 1521 tlb_unprotect_code(start);
5b6dd868
BS		 1522 }
1523#endif
1524#ifdef TARGET_HAS_PRECISE_SMC
1525 if (current_tb_modified) {
1526 /* we generate a block containing just the instruction
1527 modifying the memory. It will ensure that it cannot modify
1528 itself */
648f034c 1529 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
6886b980 1530 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 1531 }
1532#endif
1533}
1534
6fad459c 1535#ifdef CONFIG_SOFTMMU
ba051fb5
AB		 1536/* len must be <= 8 and start must be a multiple of len.
1537 * Called via softmmu_template.h when code areas are written to with
8d04fb55 1538 * iothread mutex not held.
ba051fb5 1539 */
5b6dd868
BS		 1540void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1541{
1542 PageDesc *p;
5b6dd868
BS		 1543
1544#if 0
1545 if (1) {
1546 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1547 cpu_single_env->mem_io_vaddr, len,
1548 cpu_single_env->eip,
1549 cpu_single_env->eip +
1550 (intptr_t)cpu_single_env->segs[R_CS].base);
1551 }
1552#endif
ba051fb5
AB		 1553 assert_memory_lock();
1554
5b6dd868
BS		 1555 p = page_find(start >> TARGET_PAGE_BITS);
1556 if (!p) {
1557 return;
1558 }
fc377bcf
PB		 1559 if (!p->code_bitmap &&
1560 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD) {
7d7500d9
PB		 1561 /* build code bitmap. FIXME: writes should be protected by
1562 * tb_lock, reads by tb_lock or RCU.
1563 */
fc377bcf
PB		 1564 build_page_bitmap(p);
1565 }
5b6dd868 1566 if (p->code_bitmap) {
510a647f
EC		 1567 unsigned int nr;
1568 unsigned long b;
1569
1570 nr = start & ~TARGET_PAGE_MASK;
1571 b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1));
5b6dd868
BS		 1572 if (b & ((1 << len) - 1)) {
1573 goto do_invalidate;
1574 }
1575 } else {
1576 do_invalidate:
1577 tb_invalidate_phys_page_range(start, start + len, 1);
1578 }
1579}
6fad459c 1580#else
75809229
PM		 1581/* Called with mmap_lock held. If pc is not 0 then it indicates the
1582 * host PC of the faulting store instruction that caused this invalidate.
1583 * Returns true if the caller needs to abort execution of the current
1584 * TB (because it was modified by this store and the guest CPU has
1585 * precise-SMC semantics).
1586 */
1587static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
5b6dd868
BS		 1588{
1589 TranslationBlock *tb;
1590 PageDesc *p;
1591 int n;
1592#ifdef TARGET_HAS_PRECISE_SMC
1593 TranslationBlock *current_tb = NULL;
4917cf44
AF		 1594 CPUState *cpu = current_cpu;
1595 CPUArchState *env = NULL;
5b6dd868
BS		 1596 int current_tb_modified = 0;
1597 target_ulong current_pc = 0;
1598 target_ulong current_cs_base = 0;
89fee74a 1599 uint32_t current_flags = 0;
5b6dd868
BS		 1600#endif
1601
ba051fb5
AB		 1602 assert_memory_lock();
1603
5b6dd868
BS		 1604 addr &= TARGET_PAGE_MASK;
1605 p = page_find(addr >> TARGET_PAGE_BITS);
1606 if (!p) {
75809229 1607 return false;
5b6dd868 1608 }
a5e99826
FK		 1609
1610 tb_lock();
5b6dd868
BS		 1611 tb = p->first_tb;
1612#ifdef TARGET_HAS_PRECISE_SMC
1613 if (tb && pc != 0) {
1614 current_tb = tb_find_pc(pc);
1615 }
4917cf44
AF		 1616 if (cpu != NULL) {
1617 env = cpu->env_ptr;
d77953b9 1618 }
5b6dd868
BS		 1619#endif
1620 while (tb != NULL) {
1621 n = (uintptr_t)tb & 3;
1622 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1623#ifdef TARGET_HAS_PRECISE_SMC
1624 if (current_tb == tb &&
1625 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1626 /* If we are modifying the current TB, we must stop
1627 its execution. We could be more precise by checking
1628 that the modification is after the current PC, but it
1629 would require a specialized function to partially
1630 restore the CPU state */
1631
1632 current_tb_modified = 1;
74f10515 1633 cpu_restore_state_from_tb(cpu, current_tb, pc);
5b6dd868
BS		 1634 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1635 &current_flags);
1636 }
1637#endif /* TARGET_HAS_PRECISE_SMC */
1638 tb_phys_invalidate(tb, addr);
1639 tb = tb->page_next[n];
1640 }
1641 p->first_tb = NULL;
1642#ifdef TARGET_HAS_PRECISE_SMC
1643 if (current_tb_modified) {
1644 /* we generate a block containing just the instruction
1645 modifying the memory. It will ensure that it cannot modify
1646 itself */
648f034c 1647 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
a5e99826
FK		 1648 /* tb_lock will be reset after cpu_loop_exit_noexc longjmps
1649 * back into the cpu_exec loop. */
75809229 1650 return true;
5b6dd868
BS		 1651 }
1652#endif
a5e99826
FK		 1653 tb_unlock();
1654
75809229 1655 return false;
5b6dd868
BS		 1656}
1657#endif
1658
5b6dd868
BS		 1659/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1660 tb[1].tc_ptr. Return NULL if not found */
a8a826a3 1661static TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
5b6dd868
BS		 1662{
1663 int m_min, m_max, m;
1664 uintptr_t v;
1665 TranslationBlock *tb;
1666
5e5f07e0 1667 if (tcg_ctx.tb_ctx.nb_tbs <= 0) {
5b6dd868
BS		 1668 return NULL;
1669 }
0b0d3320
EV		 1670 if (tc_ptr < (uintptr_t)tcg_ctx.code_gen_buffer ||
1671 tc_ptr >= (uintptr_t)tcg_ctx.code_gen_ptr) {
5b6dd868
BS		 1672 return NULL;
1673 }
1674 /* binary search (cf Knuth) */
1675 m_min = 0;
5e5f07e0 1676 m_max = tcg_ctx.tb_ctx.nb_tbs - 1;
5b6dd868
BS		 1677 while (m_min <= m_max) {
1678 m = (m_min + m_max) >> 1;
6e3b2bfd 1679 tb = tcg_ctx.tb_ctx.tbs[m];
5b6dd868
BS		 1680 v = (uintptr_t)tb->tc_ptr;
1681 if (v == tc_ptr) {
1682 return tb;
1683 } else if (tc_ptr < v) {
1684 m_max = m - 1;
1685 } else {
1686 m_min = m + 1;
1687 }
1688 }
6e3b2bfd 1689 return tcg_ctx.tb_ctx.tbs[m_max];
5b6dd868
BS		 1690}
1691
ec53b45b 1692#if !defined(CONFIG_USER_ONLY)
29d8ec7b 1693void tb_invalidate_phys_addr(AddressSpace *as, hwaddr addr)
5b6dd868
BS		 1694{
1695 ram_addr_t ram_addr;
5c8a00ce 1696 MemoryRegion *mr;
149f54b5 1697 hwaddr l = 1;
5b6dd868 1698
41063e1e 1699 rcu_read_lock();
29d8ec7b 1700 mr = address_space_translate(as, addr, &addr, &l, false);
5c8a00ce
PB		 1701 if (!(memory_region_is_ram(mr)
1702 || memory_region_is_romd(mr))) {
41063e1e 1703 rcu_read_unlock();
5b6dd868
BS		 1704 return;
1705 }
e4e69794 1706 ram_addr = memory_region_get_ram_addr(mr) + addr;
ba051fb5 1707 tb_lock();
5b6dd868 1708 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
ba051fb5 1709 tb_unlock();
41063e1e 1710 rcu_read_unlock();
5b6dd868 1711}
ec53b45b 1712#endif /* !defined(CONFIG_USER_ONLY) */
5b6dd868 1713
7d7500d9 1714/* Called with tb_lock held. */
239c51a5 1715void tb_check_watchpoint(CPUState *cpu)
5b6dd868
BS		 1716{
1717 TranslationBlock *tb;
1718
93afeade 1719 tb = tb_find_pc(cpu->mem_io_pc);
8d302e76
AJ		 1720 if (tb) {
1721 /* We can use retranslation to find the PC. */
1722 cpu_restore_state_from_tb(cpu, tb, cpu->mem_io_pc);
1723 tb_phys_invalidate(tb, -1);
1724 } else {
1725 /* The exception probably happened in a helper. The CPU state should
1726 have been saved before calling it. Fetch the PC from there. */
1727 CPUArchState *env = cpu->env_ptr;
1728 target_ulong pc, cs_base;
1729 tb_page_addr_t addr;
89fee74a 1730 uint32_t flags;
8d302e76
AJ		 1731
1732 cpu_get_tb_cpu_state(env, &pc, &cs_base, &flags);
1733 addr = get_page_addr_code(env, pc);
1734 tb_invalidate_phys_range(addr, addr + 1);
5b6dd868 1735 }
5b6dd868
BS		 1736}
1737
1738#ifndef CONFIG_USER_ONLY
5b6dd868 1739/* in deterministic execution mode, instructions doing device I/Os
8d04fb55
JK		 1740 * must be at the end of the TB.
1741 *
1742 * Called by softmmu_template.h, with iothread mutex not held.
1743 */
90b40a69 1744void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
5b6dd868 1745{
a47dddd7 1746#if defined(TARGET_MIPS) || defined(TARGET_SH4)
90b40a69 1747 CPUArchState *env = cpu->env_ptr;
a47dddd7 1748#endif
5b6dd868
BS		 1749 TranslationBlock *tb;
1750 uint32_t n, cflags;
1751 target_ulong pc, cs_base;
89fee74a 1752 uint32_t flags;
5b6dd868 1753
a5e99826 1754 tb_lock();
5b6dd868
BS		 1755 tb = tb_find_pc(retaddr);
1756 if (!tb) {
a47dddd7 1757 cpu_abort(cpu, "cpu_io_recompile: could not find TB for pc=%p",
5b6dd868
BS		 1758 (void *)retaddr);
1759 }
28ecfd7a 1760 n = cpu->icount_decr.u16.low + tb->icount;
74f10515 1761 cpu_restore_state_from_tb(cpu, tb, retaddr);
5b6dd868
BS		 1762 /* Calculate how many instructions had been executed before the fault
1763 occurred. */
28ecfd7a 1764 n = n - cpu->icount_decr.u16.low;
5b6dd868
BS		 1765 /* Generate a new TB ending on the I/O insn. */
1766 n++;
1767 /* On MIPS and SH, delay slot instructions can only be restarted if
1768 they were already the first instruction in the TB. If this is not
1769 the first instruction in a TB then re-execute the preceding
1770 branch. */
1771#if defined(TARGET_MIPS)
1772 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
c3577479 1773 env->active_tc.PC -= (env->hflags & MIPS_HFLAG_B16 ? 2 : 4);
28ecfd7a 1774 cpu->icount_decr.u16.low++;
5b6dd868
BS		 1775 env->hflags &= ~MIPS_HFLAG_BMASK;
1776 }
1777#elif defined(TARGET_SH4)
1778 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
1779 && n > 1) {
1780 env->pc -= 2;
28ecfd7a 1781 cpu->icount_decr.u16.low++;
5b6dd868
BS		 1782 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
1783 }
1784#endif
1785 /* This should never happen. */
1786 if (n > CF_COUNT_MASK) {
a47dddd7 1787 cpu_abort(cpu, "TB too big during recompile");
5b6dd868
BS		 1788 }
1789
1790 cflags = n | CF_LAST_IO;
1791 pc = tb->pc;
1792 cs_base = tb->cs_base;
1793 flags = tb->flags;
1794 tb_phys_invalidate(tb, -1);
02d57ea1
SF		 1795 if (tb->cflags & CF_NOCACHE) {
1796 if (tb->orig_tb) {
1797 /* Invalidate original TB if this TB was generated in
1798 * cpu_exec_nocache() */
1799 tb_phys_invalidate(tb->orig_tb, -1);
1800 }
1801 tb_free(tb);
1802 }
5b6dd868
BS		 1803 /* FIXME: In theory this could raise an exception. In practice
1804 we have already translated the block once so it's probably ok. */
648f034c 1805 tb_gen_code(cpu, pc, cs_base, flags, cflags);
a5e99826 1806
5b6dd868 1807 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
a5e99826
FK		 1808 * the first in the TB) then we end up generating a whole new TB and
1809 * repeating the fault, which is horribly inefficient.
1810 * Better would be to execute just this insn uncached, or generate a
1811 * second new TB.
1812 *
1813 * cpu_loop_exit_noexc will longjmp back to cpu_exec where the
1814 * tb_lock gets reset.
1815 */
6886b980 1816 cpu_loop_exit_noexc(cpu);
5b6dd868
BS		 1817}
1818
611d4f99 1819void tb_flush_jmp_cache(CPUState *cpu, target_ulong addr)
5b6dd868
BS		 1820{
1821 unsigned int i;
1822
1823 /* Discard jump cache entries for any tb which might potentially
1824 overlap the flushed page. */
1825 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
8cd70437 1826 memset(&cpu->tb_jmp_cache[i], 0,
5b6dd868
BS		 1827 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1828
1829 i = tb_jmp_cache_hash_page(addr);
8cd70437 1830 memset(&cpu->tb_jmp_cache[i], 0,
5b6dd868
BS		 1831 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1832}
1833
7266ae91
EC		 1834static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf,
1835 struct qht_stats hst)
1836{
1837 uint32_t hgram_opts;
1838 size_t hgram_bins;
1839 char *hgram;
1840
1841 if (!hst.head_buckets) {
1842 return;
1843 }
1844 cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
1845 hst.used_head_buckets, hst.head_buckets,
1846 (double)hst.used_head_buckets / hst.head_buckets * 100);
1847
1848 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1849 hgram_opts |= QDIST_PR_100X | QDIST_PR_PERCENT;
1850 if (qdist_xmax(&hst.occupancy) - qdist_xmin(&hst.occupancy) == 1) {
1851 hgram_opts |= QDIST_PR_NODECIMAL;
1852 }
1853 hgram = qdist_pr(&hst.occupancy, 10, hgram_opts);
1854 cpu_fprintf(f, "TB hash occupancy %0.2f%% avg chain occ. Histogram: %s\n",
1855 qdist_avg(&hst.occupancy) * 100, hgram);
1856 g_free(hgram);
1857
1858 hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
1859 hgram_bins = qdist_xmax(&hst.chain) - qdist_xmin(&hst.chain);
1860 if (hgram_bins > 10) {
1861 hgram_bins = 10;
1862 } else {
1863 hgram_bins = 0;
1864 hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE;
1865 }
1866 hgram = qdist_pr(&hst.chain, hgram_bins, hgram_opts);
1867 cpu_fprintf(f, "TB hash avg chain %0.3f buckets. Histogram: %s\n",
1868 qdist_avg(&hst.chain), hgram);
1869 g_free(hgram);
1870}
1871
5b6dd868
BS		 1872void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
1873{
1874 int i, target_code_size, max_target_code_size;
1875 int direct_jmp_count, direct_jmp2_count, cross_page;
1876 TranslationBlock *tb;
329844d4 1877 struct qht_stats hst;
5b6dd868 1878
a5e99826
FK		 1879 tb_lock();
1880
5b6dd868
BS		 1881 target_code_size = 0;
1882 max_target_code_size = 0;
1883 cross_page = 0;
1884 direct_jmp_count = 0;
1885 direct_jmp2_count = 0;
5e5f07e0 1886 for (i = 0; i < tcg_ctx.tb_ctx.nb_tbs; i++) {
6e3b2bfd 1887 tb = tcg_ctx.tb_ctx.tbs[i];
5b6dd868
BS		 1888 target_code_size += tb->size;
1889 if (tb->size > max_target_code_size) {
1890 max_target_code_size = tb->size;
1891 }
1892 if (tb->page_addr[1] != -1) {
1893 cross_page++;
1894 }
f309101c 1895 if (tb->jmp_reset_offset[0] != TB_JMP_RESET_OFFSET_INVALID) {
5b6dd868 1896 direct_jmp_count++;
f309101c 1897 if (tb->jmp_reset_offset[1] != TB_JMP_RESET_OFFSET_INVALID) {
5b6dd868
BS		 1898 direct_jmp2_count++;
1899 }
1900 }
1901 }
1902 /* XXX: avoid using doubles ? */
1903 cpu_fprintf(f, "Translation buffer state:\n");
1904 cpu_fprintf(f, "gen code size %td/%zd\n",
0b0d3320 1905 tcg_ctx.code_gen_ptr - tcg_ctx.code_gen_buffer,
b125f9dc 1906 tcg_ctx.code_gen_highwater - tcg_ctx.code_gen_buffer);
6e3b2bfd 1907 cpu_fprintf(f, "TB count %d\n", tcg_ctx.tb_ctx.nb_tbs);
5b6dd868 1908 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
5e5f07e0
EV		 1909 tcg_ctx.tb_ctx.nb_tbs ? target_code_size /
1910 tcg_ctx.tb_ctx.nb_tbs : 0,
1911 max_target_code_size);
5b6dd868 1912 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
5e5f07e0
EV		 1913 tcg_ctx.tb_ctx.nb_tbs ? (tcg_ctx.code_gen_ptr -
1914 tcg_ctx.code_gen_buffer) /
1915 tcg_ctx.tb_ctx.nb_tbs : 0,
1916 target_code_size ? (double) (tcg_ctx.code_gen_ptr -
1917 tcg_ctx.code_gen_buffer) /
1918 target_code_size : 0);
1919 cpu_fprintf(f, "cross page TB count %d (%d%%)\n", cross_page,
1920 tcg_ctx.tb_ctx.nb_tbs ? (cross_page * 100) /
1921 tcg_ctx.tb_ctx.nb_tbs : 0);
5b6dd868
BS		 1922 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
1923 direct_jmp_count,
5e5f07e0
EV		 1924 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp_count * 100) /
1925 tcg_ctx.tb_ctx.nb_tbs : 0,
5b6dd868 1926 direct_jmp2_count,
5e5f07e0
EV		 1927 tcg_ctx.tb_ctx.nb_tbs ? (direct_jmp2_count * 100) /
1928 tcg_ctx.tb_ctx.nb_tbs : 0);
329844d4
EC		 1929
1930 qht_statistics_init(&tcg_ctx.tb_ctx.htable, &hst);
7266ae91 1931 print_qht_statistics(f, cpu_fprintf, hst);
329844d4
EC		 1932 qht_statistics_destroy(&hst);
1933
5b6dd868 1934 cpu_fprintf(f, "\nStatistics:\n");
3359baad
SF		 1935 cpu_fprintf(f, "TB flush count %u\n",
1936 atomic_read(&tcg_ctx.tb_ctx.tb_flush_count));
5e5f07e0
EV		 1937 cpu_fprintf(f, "TB invalidate count %d\n",
1938 tcg_ctx.tb_ctx.tb_phys_invalidate_count);
5b6dd868
BS		 1939 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
1940 tcg_dump_info(f, cpu_fprintf);
a5e99826
FK		 1941
1942 tb_unlock();
5b6dd868
BS		 1943}
1944
246ae24d
MF		 1945void dump_opcount_info(FILE *f, fprintf_function cpu_fprintf)
1946{
1947 tcg_dump_op_count(f, cpu_fprintf);
1948}
1949
5b6dd868
BS		 1950#else /* CONFIG_USER_ONLY */
1951
c3affe56 1952void cpu_interrupt(CPUState *cpu, int mask)
5b6dd868 1953{
8d04fb55 1954 g_assert(qemu_mutex_iothread_locked());
259186a7 1955 cpu->interrupt_request |= mask;
1aab16c2 1956 cpu->icount_decr.u16.high = -1;
5b6dd868
BS		 1957}
1958
1959/*
1960 * Walks guest process memory "regions" one by one
1961 * and calls callback function 'fn' for each region.
1962 */
1963struct walk_memory_regions_data {
1964 walk_memory_regions_fn fn;
1965 void *priv;
1a1c4db9 1966 target_ulong start;
5b6dd868
BS		 1967 int prot;
1968};
1969
1970static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1a1c4db9 1971 target_ulong end, int new_prot)
5b6dd868 1972{
1a1c4db9 1973 if (data->start != -1u) {
5b6dd868
BS		 1974 int rc = data->fn(data->priv, data->start, end, data->prot);
1975 if (rc != 0) {
1976 return rc;
1977 }
1978 }
1979
1a1c4db9 1980 data->start = (new_prot ? end : -1u);
5b6dd868
BS		 1981 data->prot = new_prot;
1982
1983 return 0;
1984}
1985
1986static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1a1c4db9 1987 target_ulong base, int level, void **lp)
5b6dd868 1988{
1a1c4db9 1989 target_ulong pa;
5b6dd868
BS		 1990 int i, rc;
1991
1992 if (*lp == NULL) {
1993 return walk_memory_regions_end(data, base, 0);
1994 }
1995
1996 if (level == 0) {
1997 PageDesc *pd = *lp;
1998
03f49957 1999 for (i = 0; i < V_L2_SIZE; ++i) {
5b6dd868
BS		 2000 int prot = pd[i].flags;
2001
2002 pa = base | (i << TARGET_PAGE_BITS);
2003 if (prot != data->prot) {
2004 rc = walk_memory_regions_end(data, pa, prot);
2005 if (rc != 0) {
2006 return rc;
2007 }
2008 }
2009 }
2010 } else {
2011 void **pp = *lp;
2012
03f49957 2013 for (i = 0; i < V_L2_SIZE; ++i) {
1a1c4db9 2014 pa = base | ((target_ulong)i <<
03f49957 2015 (TARGET_PAGE_BITS + V_L2_BITS * level));
5b6dd868
BS		 2016 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2017 if (rc != 0) {
2018 return rc;
2019 }
2020 }
2021 }
2022
2023 return 0;
2024}
2025
2026int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2027{
2028 struct walk_memory_regions_data data;
66ec9f49 2029 uintptr_t i, l1_sz = v_l1_size;
5b6dd868
BS		 2030
2031 data.fn = fn;
2032 data.priv = priv;
1a1c4db9 2033 data.start = -1u;
5b6dd868
BS		 2034 data.prot = 0;
2035
66ec9f49
VK		 2036 for (i = 0; i < l1_sz; i++) {
2037 target_ulong base = i << (v_l1_shift + TARGET_PAGE_BITS);
2038 int rc = walk_memory_regions_1(&data, base, v_l2_levels, l1_map + i);
5b6dd868
BS		 2039 if (rc != 0) {
2040 return rc;
2041 }
2042 }
2043
2044 return walk_memory_regions_end(&data, 0, 0);
2045}
2046
1a1c4db9
MI		 2047static int dump_region(void *priv, target_ulong start,
2048 target_ulong end, unsigned long prot)
5b6dd868
BS		 2049{
2050 FILE *f = (FILE *)priv;
2051
1a1c4db9
MI		 2052 (void) fprintf(f, TARGET_FMT_lx"-"TARGET_FMT_lx
2053 " "TARGET_FMT_lx" %c%c%c\n",
5b6dd868
BS		 2054 start, end, end - start,
2055 ((prot & PAGE_READ) ? 'r' : '-'),
2056 ((prot & PAGE_WRITE) ? 'w' : '-'),
2057 ((prot & PAGE_EXEC) ? 'x' : '-'));
2058
2059 return 0;
2060}
2061
2062/* dump memory mappings */
2063void page_dump(FILE *f)
2064{
1a1c4db9 2065 const int length = sizeof(target_ulong) * 2;
227b8175
SW		 2066 (void) fprintf(f, "%-*s %-*s %-*s %s\n",
2067 length, "start", length, "end", length, "size", "prot");
5b6dd868
BS		 2068 walk_memory_regions(f, dump_region);
2069}
2070
2071int page_get_flags(target_ulong address)
2072{
2073 PageDesc *p;
2074
2075 p = page_find(address >> TARGET_PAGE_BITS);
2076 if (!p) {
2077 return 0;
2078 }
2079 return p->flags;
2080}
2081
2082/* Modify the flags of a page and invalidate the code if necessary.
2083 The flag PAGE_WRITE_ORG is positioned automatically depending
2084 on PAGE_WRITE. The mmap_lock should already be held. */
2085void page_set_flags(target_ulong start, target_ulong end, int flags)
2086{
2087 target_ulong addr, len;
2088
2089 /* This function should never be called with addresses outside the
2090 guest address space. If this assert fires, it probably indicates
2091 a missing call to h2g_valid. */
2092#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1a1c4db9 2093 assert(end < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
5b6dd868
BS		 2094#endif
2095 assert(start < end);
e505a063 2096 assert_memory_lock();
5b6dd868
BS		 2097
2098 start = start & TARGET_PAGE_MASK;
2099 end = TARGET_PAGE_ALIGN(end);
2100
2101 if (flags & PAGE_WRITE) {
2102 flags |= PAGE_WRITE_ORG;
2103 }
2104
2105 for (addr = start, len = end - start;
2106 len != 0;
2107 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2108 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2109
2110 /* If the write protection bit is set, then we invalidate
2111 the code inside. */
2112 if (!(p->flags & PAGE_WRITE) &&
2113 (flags & PAGE_WRITE) &&
2114 p->first_tb) {
75809229 2115 tb_invalidate_phys_page(addr, 0);
5b6dd868
BS		 2116 }
2117 p->flags = flags;
2118 }
2119}
2120
2121int page_check_range(target_ulong start, target_ulong len, int flags)
2122{
2123 PageDesc *p;
2124 target_ulong end;
2125 target_ulong addr;
2126
2127 /* This function should never be called with addresses outside the
2128 guest address space. If this assert fires, it probably indicates
2129 a missing call to h2g_valid. */
2130#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
1a1c4db9 2131 assert(start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
5b6dd868
BS		 2132#endif
2133
2134 if (len == 0) {
2135 return 0;
2136 }
2137 if (start + len - 1 < start) {
2138 /* We've wrapped around. */
2139 return -1;
2140 }
2141
2142 /* must do before we loose bits in the next step */
2143 end = TARGET_PAGE_ALIGN(start + len);
2144 start = start & TARGET_PAGE_MASK;
2145
2146 for (addr = start, len = end - start;
2147 len != 0;
2148 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2149 p = page_find(addr >> TARGET_PAGE_BITS);
2150 if (!p) {
2151 return -1;
2152 }
2153 if (!(p->flags & PAGE_VALID)) {
2154 return -1;
2155 }
2156
2157 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
2158 return -1;
2159 }
2160 if (flags & PAGE_WRITE) {
2161 if (!(p->flags & PAGE_WRITE_ORG)) {
2162 return -1;
2163 }
2164 /* unprotect the page if it was put read-only because it
2165 contains translated code */
2166 if (!(p->flags & PAGE_WRITE)) {
f213e72f 2167 if (!page_unprotect(addr, 0)) {
5b6dd868
BS		 2168 return -1;
2169 }
2170 }
5b6dd868
BS		 2171 }
2172 }
2173 return 0;
2174}
2175
2176/* called from signal handler: invalidate the code and unprotect the
f213e72f
PM		 2177 * page. Return 0 if the fault was not handled, 1 if it was handled,
2178 * and 2 if it was handled but the caller must cause the TB to be
2179 * immediately exited. (We can only return 2 if the 'pc' argument is
2180 * non-zero.)
2181 */
2182int page_unprotect(target_ulong address, uintptr_t pc)
5b6dd868
BS		 2183{
2184 unsigned int prot;
7399a337 2185 bool current_tb_invalidated;
5b6dd868
BS		 2186 PageDesc *p;
2187 target_ulong host_start, host_end, addr;
2188
2189 /* Technically this isn't safe inside a signal handler. However we
2190 know this only ever happens in a synchronous SEGV handler, so in
2191 practice it seems to be ok. */
2192 mmap_lock();
2193
2194 p = page_find(address >> TARGET_PAGE_BITS);
2195 if (!p) {
2196 mmap_unlock();
2197 return 0;
2198 }
2199
2200 /* if the page was really writable, then we change its
2201 protection back to writable */
2202 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2203 host_start = address & qemu_host_page_mask;
2204 host_end = host_start + qemu_host_page_size;
2205
2206 prot = 0;
7399a337 2207 current_tb_invalidated = false;
5b6dd868
BS		 2208 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2209 p = page_find(addr >> TARGET_PAGE_BITS);
2210 p->flags |= PAGE_WRITE;
2211 prot |= p->flags;
2212
2213 /* and since the content will be modified, we must invalidate
2214 the corresponding translated code. */
7399a337 2215 current_tb_invalidated |= tb_invalidate_phys_page(addr, pc);
5b6dd868
BS		 2216#ifdef DEBUG_TB_CHECK
2217 tb_invalidate_check(addr);
2218#endif
2219 }
2220 mprotect((void *)g2h(host_start), qemu_host_page_size,
2221 prot & PAGE_BITS);
2222
2223 mmap_unlock();
7399a337
SS		 2224 /* If current TB was invalidated return to main loop */
2225 return current_tb_invalidated ? 2 : 1;
5b6dd868
BS		 2226 }
2227 mmap_unlock();
2228 return 0;
2229}
2230#endif /* CONFIG_USER_ONLY */
QEMU mirror