]> git.proxmox.com Git - mirror_qemu.git/blob - accel/tcg/cputlb.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cputlb: Remove cpu->mem_io_vaddr
[mirror_qemu.git] / accel / tcg / cputlb.c
1 /*
2 * Common CPU TLB handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu/main-loop.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/memory.h"
25 #include "exec/address-spaces.h"
26 #include "exec/cpu_ldst.h"
27 #include "exec/cputlb.h"
28 #include "exec/memory-internal.h"
29 #include "exec/ram_addr.h"
30 #include "tcg/tcg.h"
31 #include "qemu/error-report.h"
32 #include "exec/log.h"
33 #include "exec/helper-proto.h"
34 #include "qemu/atomic.h"
35 #include "qemu/atomic128.h"
36 #include "translate-all.h"
37
38 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
39 /* #define DEBUG_TLB */
40 /* #define DEBUG_TLB_LOG */
41
42 #ifdef DEBUG_TLB
43 # define DEBUG_TLB_GATE 1
44 # ifdef DEBUG_TLB_LOG
45 # define DEBUG_TLB_LOG_GATE 1
46 # else
47 # define DEBUG_TLB_LOG_GATE 0
48 # endif
49 #else
50 # define DEBUG_TLB_GATE 0
51 # define DEBUG_TLB_LOG_GATE 0
52 #endif
53
54 #define tlb_debug(fmt, ...) do { \
55 if (DEBUG_TLB_LOG_GATE) { \
56 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \
57 ## __VA_ARGS__); \
58 } else if (DEBUG_TLB_GATE) { \
59 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
60 } \
61 } while (0)
62
63 #define assert_cpu_is_self(cpu) do { \
64 if (DEBUG_TLB_GATE) { \
65 g_assert(!(cpu)->created || qemu_cpu_is_self(cpu)); \
66 } \
67 } while (0)
68
69 /* run_on_cpu_data.target_ptr should always be big enough for a
70 * target_ulong even on 32 bit builds */
71 QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
72
73 /* We currently can't handle more than 16 bits in the MMUIDX bitmask.
74 */
75 QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
76 #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
77
78 static inline size_t sizeof_tlb(CPUArchState *env, uintptr_t mmu_idx)
79 {
80 return env_tlb(env)->f[mmu_idx].mask + (1 << CPU_TLB_ENTRY_BITS);
81 }
82
83 static void tlb_window_reset(CPUTLBDesc *desc, int64_t ns,
84 size_t max_entries)
85 {
86 desc->window_begin_ns = ns;
87 desc->window_max_entries = max_entries;
88 }
89
90 static void tlb_dyn_init(CPUArchState *env)
91 {
92 int i;
93
94 for (i = 0; i < NB_MMU_MODES; i++) {
95 CPUTLBDesc *desc = &env_tlb(env)->d[i];
96 size_t n_entries = 1 << CPU_TLB_DYN_DEFAULT_BITS;
97
98 tlb_window_reset(desc, get_clock_realtime(), 0);
99 desc->n_used_entries = 0;
100 env_tlb(env)->f[i].mask = (n_entries - 1) << CPU_TLB_ENTRY_BITS;
101 env_tlb(env)->f[i].table = g_new(CPUTLBEntry, n_entries);
102 env_tlb(env)->d[i].iotlb = g_new(CPUIOTLBEntry, n_entries);
103 }
104 }
105
106 /**
107 * tlb_mmu_resize_locked() - perform TLB resize bookkeeping; resize if necessary
108 * @env: CPU that owns the TLB
109 * @mmu_idx: MMU index of the TLB
110 *
111 * Called with tlb_lock_held.
112 *
113 * We have two main constraints when resizing a TLB: (1) we only resize it
114 * on a TLB flush (otherwise we'd have to take a perf hit by either rehashing
115 * the array or unnecessarily flushing it), which means we do not control how
116 * frequently the resizing can occur; (2) we don't have access to the guest's
117 * future scheduling decisions, and therefore have to decide the magnitude of
118 * the resize based on past observations.
119 *
120 * In general, a memory-hungry process can benefit greatly from an appropriately
121 * sized TLB, since a guest TLB miss is very expensive. This doesn't mean that
122 * we just have to make the TLB as large as possible; while an oversized TLB
123 * results in minimal TLB miss rates, it also takes longer to be flushed
124 * (flushes can be _very_ frequent), and the reduced locality can also hurt
125 * performance.
126 *
127 * To achieve near-optimal performance for all kinds of workloads, we:
128 *
129 * 1. Aggressively increase the size of the TLB when the use rate of the
130 * TLB being flushed is high, since it is likely that in the near future this
131 * memory-hungry process will execute again, and its memory hungriness will
132 * probably be similar.
133 *
134 * 2. Slowly reduce the size of the TLB as the use rate declines over a
135 * reasonably large time window. The rationale is that if in such a time window
136 * we have not observed a high TLB use rate, it is likely that we won't observe
137 * it in the near future. In that case, once a time window expires we downsize
138 * the TLB to match the maximum use rate observed in the window.
139 *
140 * 3. Try to keep the maximum use rate in a time window in the 30-70% range,
141 * since in that range performance is likely near-optimal. Recall that the TLB
142 * is direct mapped, so we want the use rate to be low (or at least not too
143 * high), since otherwise we are likely to have a significant amount of
144 * conflict misses.
145 */
146 static void tlb_mmu_resize_locked(CPUArchState *env, int mmu_idx)
147 {
148 CPUTLBDesc *desc = &env_tlb(env)->d[mmu_idx];
149 size_t old_size = tlb_n_entries(env, mmu_idx);
150 size_t rate;
151 size_t new_size = old_size;
152 int64_t now = get_clock_realtime();
153 int64_t window_len_ms = 100;
154 int64_t window_len_ns = window_len_ms * 1000 * 1000;
155 bool window_expired = now > desc->window_begin_ns + window_len_ns;
156
157 if (desc->n_used_entries > desc->window_max_entries) {
158 desc->window_max_entries = desc->n_used_entries;
159 }
160 rate = desc->window_max_entries * 100 / old_size;
161
162 if (rate > 70) {
163 new_size = MIN(old_size << 1, 1 << CPU_TLB_DYN_MAX_BITS);
164 } else if (rate < 30 && window_expired) {
165 size_t ceil = pow2ceil(desc->window_max_entries);
166 size_t expected_rate = desc->window_max_entries * 100 / ceil;
167
168 /*
169 * Avoid undersizing when the max number of entries seen is just below
170 * a pow2. For instance, if max_entries == 1025, the expected use rate
171 * would be 1025/2048==50%. However, if max_entries == 1023, we'd get
172 * 1023/1024==99.9% use rate, so we'd likely end up doubling the size
173 * later. Thus, make sure that the expected use rate remains below 70%.
174 * (and since we double the size, that means the lowest rate we'd
175 * expect to get is 35%, which is still in the 30-70% range where
176 * we consider that the size is appropriate.)
177 */
178 if (expected_rate > 70) {
179 ceil *= 2;
180 }
181 new_size = MAX(ceil, 1 << CPU_TLB_DYN_MIN_BITS);
182 }
183
184 if (new_size == old_size) {
185 if (window_expired) {
186 tlb_window_reset(desc, now, desc->n_used_entries);
187 }
188 return;
189 }
190
191 g_free(env_tlb(env)->f[mmu_idx].table);
192 g_free(env_tlb(env)->d[mmu_idx].iotlb);
193
194 tlb_window_reset(desc, now, 0);
195 /* desc->n_used_entries is cleared by the caller */
196 env_tlb(env)->f[mmu_idx].mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
197 env_tlb(env)->f[mmu_idx].table = g_try_new(CPUTLBEntry, new_size);
198 env_tlb(env)->d[mmu_idx].iotlb = g_try_new(CPUIOTLBEntry, new_size);
199 /*
200 * If the allocations fail, try smaller sizes. We just freed some
201 * memory, so going back to half of new_size has a good chance of working.
202 * Increased memory pressure elsewhere in the system might cause the
203 * allocations to fail though, so we progressively reduce the allocation
204 * size, aborting if we cannot even allocate the smallest TLB we support.
205 */
206 while (env_tlb(env)->f[mmu_idx].table == NULL ||
207 env_tlb(env)->d[mmu_idx].iotlb == NULL) {
208 if (new_size == (1 << CPU_TLB_DYN_MIN_BITS)) {
209 error_report("%s: %s", __func__, strerror(errno));
210 abort();
211 }
212 new_size = MAX(new_size >> 1, 1 << CPU_TLB_DYN_MIN_BITS);
213 env_tlb(env)->f[mmu_idx].mask = (new_size - 1) << CPU_TLB_ENTRY_BITS;
214
215 g_free(env_tlb(env)->f[mmu_idx].table);
216 g_free(env_tlb(env)->d[mmu_idx].iotlb);
217 env_tlb(env)->f[mmu_idx].table = g_try_new(CPUTLBEntry, new_size);
218 env_tlb(env)->d[mmu_idx].iotlb = g_try_new(CPUIOTLBEntry, new_size);
219 }
220 }
221
222 static inline void tlb_table_flush_by_mmuidx(CPUArchState *env, int mmu_idx)
223 {
224 tlb_mmu_resize_locked(env, mmu_idx);
225 memset(env_tlb(env)->f[mmu_idx].table, -1, sizeof_tlb(env, mmu_idx));
226 env_tlb(env)->d[mmu_idx].n_used_entries = 0;
227 }
228
229 static inline void tlb_n_used_entries_inc(CPUArchState *env, uintptr_t mmu_idx)
230 {
231 env_tlb(env)->d[mmu_idx].n_used_entries++;
232 }
233
234 static inline void tlb_n_used_entries_dec(CPUArchState *env, uintptr_t mmu_idx)
235 {
236 env_tlb(env)->d[mmu_idx].n_used_entries--;
237 }
238
239 void tlb_init(CPUState *cpu)
240 {
241 CPUArchState *env = cpu->env_ptr;
242
243 qemu_spin_init(&env_tlb(env)->c.lock);
244
245 /* Ensure that cpu_reset performs a full flush. */
246 env_tlb(env)->c.dirty = ALL_MMUIDX_BITS;
247
248 tlb_dyn_init(env);
249 }
250
251 /* flush_all_helper: run fn across all cpus
252 *
253 * If the wait flag is set then the src cpu's helper will be queued as
254 * "safe" work and the loop exited creating a synchronisation point
255 * where all queued work will be finished before execution starts
256 * again.
257 */
258 static void flush_all_helper(CPUState *src, run_on_cpu_func fn,
259 run_on_cpu_data d)
260 {
261 CPUState *cpu;
262
263 CPU_FOREACH(cpu) {
264 if (cpu != src) {
265 async_run_on_cpu(cpu, fn, d);
266 }
267 }
268 }
269
270 void tlb_flush_counts(size_t *pfull, size_t *ppart, size_t *pelide)
271 {
272 CPUState *cpu;
273 size_t full = 0, part = 0, elide = 0;
274
275 CPU_FOREACH(cpu) {
276 CPUArchState *env = cpu->env_ptr;
277
278 full += atomic_read(&env_tlb(env)->c.full_flush_count);
279 part += atomic_read(&env_tlb(env)->c.part_flush_count);
280 elide += atomic_read(&env_tlb(env)->c.elide_flush_count);
281 }
282 *pfull = full;
283 *ppart = part;
284 *pelide = elide;
285 }
286
287 static void tlb_flush_one_mmuidx_locked(CPUArchState *env, int mmu_idx)
288 {
289 tlb_table_flush_by_mmuidx(env, mmu_idx);
290 env_tlb(env)->d[mmu_idx].large_page_addr = -1;
291 env_tlb(env)->d[mmu_idx].large_page_mask = -1;
292 env_tlb(env)->d[mmu_idx].vindex = 0;
293 memset(env_tlb(env)->d[mmu_idx].vtable, -1,
294 sizeof(env_tlb(env)->d[0].vtable));
295 }
296
297 static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
298 {
299 CPUArchState *env = cpu->env_ptr;
300 uint16_t asked = data.host_int;
301 uint16_t all_dirty, work, to_clean;
302
303 assert_cpu_is_self(cpu);
304
305 tlb_debug("mmu_idx:0x%04" PRIx16 "\n", asked);
306
307 qemu_spin_lock(&env_tlb(env)->c.lock);
308
309 all_dirty = env_tlb(env)->c.dirty;
310 to_clean = asked & all_dirty;
311 all_dirty &= ~to_clean;
312 env_tlb(env)->c.dirty = all_dirty;
313
314 for (work = to_clean; work != 0; work &= work - 1) {
315 int mmu_idx = ctz32(work);
316 tlb_flush_one_mmuidx_locked(env, mmu_idx);
317 }
318
319 qemu_spin_unlock(&env_tlb(env)->c.lock);
320
321 cpu_tb_jmp_cache_clear(cpu);
322
323 if (to_clean == ALL_MMUIDX_BITS) {
324 atomic_set(&env_tlb(env)->c.full_flush_count,
325 env_tlb(env)->c.full_flush_count + 1);
326 } else {
327 atomic_set(&env_tlb(env)->c.part_flush_count,
328 env_tlb(env)->c.part_flush_count + ctpop16(to_clean));
329 if (to_clean != asked) {
330 atomic_set(&env_tlb(env)->c.elide_flush_count,
331 env_tlb(env)->c.elide_flush_count +
332 ctpop16(asked & ~to_clean));
333 }
334 }
335 }
336
337 void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap)
338 {
339 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap);
340
341 if (cpu->created && !qemu_cpu_is_self(cpu)) {
342 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work,
343 RUN_ON_CPU_HOST_INT(idxmap));
344 } else {
345 tlb_flush_by_mmuidx_async_work(cpu, RUN_ON_CPU_HOST_INT(idxmap));
346 }
347 }
348
349 void tlb_flush(CPUState *cpu)
350 {
351 tlb_flush_by_mmuidx(cpu, ALL_MMUIDX_BITS);
352 }
353
354 void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap)
355 {
356 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
357
358 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
359
360 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
361 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap));
362 }
363
364 void tlb_flush_all_cpus(CPUState *src_cpu)
365 {
366 tlb_flush_by_mmuidx_all_cpus(src_cpu, ALL_MMUIDX_BITS);
367 }
368
369 void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu, uint16_t idxmap)
370 {
371 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
372
373 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
374
375 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
376 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
377 }
378
379 void tlb_flush_all_cpus_synced(CPUState *src_cpu)
380 {
381 tlb_flush_by_mmuidx_all_cpus_synced(src_cpu, ALL_MMUIDX_BITS);
382 }
383
384 static inline bool tlb_hit_page_anyprot(CPUTLBEntry *tlb_entry,
385 target_ulong page)
386 {
387 return tlb_hit_page(tlb_entry->addr_read, page) ||
388 tlb_hit_page(tlb_addr_write(tlb_entry), page) ||
389 tlb_hit_page(tlb_entry->addr_code, page);
390 }
391
392 /**
393 * tlb_entry_is_empty - return true if the entry is not in use
394 * @te: pointer to CPUTLBEntry
395 */
396 static inline bool tlb_entry_is_empty(const CPUTLBEntry *te)
397 {
398 return te->addr_read == -1 && te->addr_write == -1 && te->addr_code == -1;
399 }
400
401 /* Called with tlb_c.lock held */
402 static inline bool tlb_flush_entry_locked(CPUTLBEntry *tlb_entry,
403 target_ulong page)
404 {
405 if (tlb_hit_page_anyprot(tlb_entry, page)) {
406 memset(tlb_entry, -1, sizeof(*tlb_entry));
407 return true;
408 }
409 return false;
410 }
411
412 /* Called with tlb_c.lock held */
413 static inline void tlb_flush_vtlb_page_locked(CPUArchState *env, int mmu_idx,
414 target_ulong page)
415 {
416 CPUTLBDesc *d = &env_tlb(env)->d[mmu_idx];
417 int k;
418
419 assert_cpu_is_self(env_cpu(env));
420 for (k = 0; k < CPU_VTLB_SIZE; k++) {
421 if (tlb_flush_entry_locked(&d->vtable[k], page)) {
422 tlb_n_used_entries_dec(env, mmu_idx);
423 }
424 }
425 }
426
427 static void tlb_flush_page_locked(CPUArchState *env, int midx,
428 target_ulong page)
429 {
430 target_ulong lp_addr = env_tlb(env)->d[midx].large_page_addr;
431 target_ulong lp_mask = env_tlb(env)->d[midx].large_page_mask;
432
433 /* Check if we need to flush due to large pages. */
434 if ((page & lp_mask) == lp_addr) {
435 tlb_debug("forcing full flush midx %d ("
436 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
437 midx, lp_addr, lp_mask);
438 tlb_flush_one_mmuidx_locked(env, midx);
439 } else {
440 if (tlb_flush_entry_locked(tlb_entry(env, midx, page), page)) {
441 tlb_n_used_entries_dec(env, midx);
442 }
443 tlb_flush_vtlb_page_locked(env, midx, page);
444 }
445 }
446
447 /* As we are going to hijack the bottom bits of the page address for a
448 * mmuidx bit mask we need to fail to build if we can't do that
449 */
450 QEMU_BUILD_BUG_ON(NB_MMU_MODES > TARGET_PAGE_BITS_MIN);
451
452 static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
453 run_on_cpu_data data)
454 {
455 CPUArchState *env = cpu->env_ptr;
456 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
457 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
458 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
459 int mmu_idx;
460
461 assert_cpu_is_self(cpu);
462
463 tlb_debug("page addr:" TARGET_FMT_lx " mmu_map:0x%lx\n",
464 addr, mmu_idx_bitmap);
465
466 qemu_spin_lock(&env_tlb(env)->c.lock);
467 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
468 if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
469 tlb_flush_page_locked(env, mmu_idx, addr);
470 }
471 }
472 qemu_spin_unlock(&env_tlb(env)->c.lock);
473
474 tb_flush_jmp_cache(cpu, addr);
475 }
476
477 void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap)
478 {
479 target_ulong addr_and_mmu_idx;
480
481 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap);
482
483 /* This should already be page aligned */
484 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
485 addr_and_mmu_idx |= idxmap;
486
487 if (!qemu_cpu_is_self(cpu)) {
488 async_run_on_cpu(cpu, tlb_flush_page_by_mmuidx_async_work,
489 RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
490 } else {
491 tlb_flush_page_by_mmuidx_async_work(
492 cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
493 }
494 }
495
496 void tlb_flush_page(CPUState *cpu, target_ulong addr)
497 {
498 tlb_flush_page_by_mmuidx(cpu, addr, ALL_MMUIDX_BITS);
499 }
500
501 void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr,
502 uint16_t idxmap)
503 {
504 const run_on_cpu_func fn = tlb_flush_page_by_mmuidx_async_work;
505 target_ulong addr_and_mmu_idx;
506
507 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
508
509 /* This should already be page aligned */
510 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
511 addr_and_mmu_idx |= idxmap;
512
513 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
514 fn(src_cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
515 }
516
517 void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr)
518 {
519 tlb_flush_page_by_mmuidx_all_cpus(src, addr, ALL_MMUIDX_BITS);
520 }
521
522 void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
523 target_ulong addr,
524 uint16_t idxmap)
525 {
526 const run_on_cpu_func fn = tlb_flush_page_by_mmuidx_async_work;
527 target_ulong addr_and_mmu_idx;
528
529 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
530
531 /* This should already be page aligned */
532 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
533 addr_and_mmu_idx |= idxmap;
534
535 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
536 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
537 }
538
539 void tlb_flush_page_all_cpus_synced(CPUState *src, target_ulong addr)
540 {
541 tlb_flush_page_by_mmuidx_all_cpus_synced(src, addr, ALL_MMUIDX_BITS);
542 }
543
544 /* update the TLBs so that writes to code in the virtual page 'addr'
545 can be detected */
546 void tlb_protect_code(ram_addr_t ram_addr)
547 {
548 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
549 DIRTY_MEMORY_CODE);
550 }
551
552 /* update the TLB so that writes in physical page 'phys_addr' are no longer
553 tested for self modifying code */
554 void tlb_unprotect_code(ram_addr_t ram_addr)
555 {
556 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
557 }
558
559
560 /*
561 * Dirty write flag handling
562 *
563 * When the TCG code writes to a location it looks up the address in
564 * the TLB and uses that data to compute the final address. If any of
565 * the lower bits of the address are set then the slow path is forced.
566 * There are a number of reasons to do this but for normal RAM the
567 * most usual is detecting writes to code regions which may invalidate
568 * generated code.
569 *
570 * Other vCPUs might be reading their TLBs during guest execution, so we update
571 * te->addr_write with atomic_set. We don't need to worry about this for
572 * oversized guests as MTTCG is disabled for them.
573 *
574 * Called with tlb_c.lock held.
575 */
576 static void tlb_reset_dirty_range_locked(CPUTLBEntry *tlb_entry,
577 uintptr_t start, uintptr_t length)
578 {
579 uintptr_t addr = tlb_entry->addr_write;
580
581 if ((addr & (TLB_INVALID_MASK | TLB_MMIO |
582 TLB_DISCARD_WRITE | TLB_NOTDIRTY)) == 0) {
583 addr &= TARGET_PAGE_MASK;
584 addr += tlb_entry->addend;
585 if ((addr - start) < length) {
586 #if TCG_OVERSIZED_GUEST
587 tlb_entry->addr_write |= TLB_NOTDIRTY;
588 #else
589 atomic_set(&tlb_entry->addr_write,
590 tlb_entry->addr_write | TLB_NOTDIRTY);
591 #endif
592 }
593 }
594 }
595
596 /*
597 * Called with tlb_c.lock held.
598 * Called only from the vCPU context, i.e. the TLB's owner thread.
599 */
600 static inline void copy_tlb_helper_locked(CPUTLBEntry *d, const CPUTLBEntry *s)
601 {
602 *d = *s;
603 }
604
605 /* This is a cross vCPU call (i.e. another vCPU resetting the flags of
606 * the target vCPU).
607 * We must take tlb_c.lock to avoid racing with another vCPU update. The only
608 * thing actually updated is the target TLB entry ->addr_write flags.
609 */
610 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
611 {
612 CPUArchState *env;
613
614 int mmu_idx;
615
616 env = cpu->env_ptr;
617 qemu_spin_lock(&env_tlb(env)->c.lock);
618 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
619 unsigned int i;
620 unsigned int n = tlb_n_entries(env, mmu_idx);
621
622 for (i = 0; i < n; i++) {
623 tlb_reset_dirty_range_locked(&env_tlb(env)->f[mmu_idx].table[i],
624 start1, length);
625 }
626
627 for (i = 0; i < CPU_VTLB_SIZE; i++) {
628 tlb_reset_dirty_range_locked(&env_tlb(env)->d[mmu_idx].vtable[i],
629 start1, length);
630 }
631 }
632 qemu_spin_unlock(&env_tlb(env)->c.lock);
633 }
634
635 /* Called with tlb_c.lock held */
636 static inline void tlb_set_dirty1_locked(CPUTLBEntry *tlb_entry,
637 target_ulong vaddr)
638 {
639 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
640 tlb_entry->addr_write = vaddr;
641 }
642 }
643
644 /* update the TLB corresponding to virtual page vaddr
645 so that it is no longer dirty */
646 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
647 {
648 CPUArchState *env = cpu->env_ptr;
649 int mmu_idx;
650
651 assert_cpu_is_self(cpu);
652
653 vaddr &= TARGET_PAGE_MASK;
654 qemu_spin_lock(&env_tlb(env)->c.lock);
655 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
656 tlb_set_dirty1_locked(tlb_entry(env, mmu_idx, vaddr), vaddr);
657 }
658
659 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
660 int k;
661 for (k = 0; k < CPU_VTLB_SIZE; k++) {
662 tlb_set_dirty1_locked(&env_tlb(env)->d[mmu_idx].vtable[k], vaddr);
663 }
664 }
665 qemu_spin_unlock(&env_tlb(env)->c.lock);
666 }
667
668 /* Our TLB does not support large pages, so remember the area covered by
669 large pages and trigger a full TLB flush if these are invalidated. */
670 static void tlb_add_large_page(CPUArchState *env, int mmu_idx,
671 target_ulong vaddr, target_ulong size)
672 {
673 target_ulong lp_addr = env_tlb(env)->d[mmu_idx].large_page_addr;
674 target_ulong lp_mask = ~(size - 1);
675
676 if (lp_addr == (target_ulong)-1) {
677 /* No previous large page. */
678 lp_addr = vaddr;
679 } else {
680 /* Extend the existing region to include the new page.
681 This is a compromise between unnecessary flushes and
682 the cost of maintaining a full variable size TLB. */
683 lp_mask &= env_tlb(env)->d[mmu_idx].large_page_mask;
684 while (((lp_addr ^ vaddr) & lp_mask) != 0) {
685 lp_mask <<= 1;
686 }
687 }
688 env_tlb(env)->d[mmu_idx].large_page_addr = lp_addr & lp_mask;
689 env_tlb(env)->d[mmu_idx].large_page_mask = lp_mask;
690 }
691
692 /* Add a new TLB entry. At most one entry for a given virtual address
693 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
694 * supplied size is only used by tlb_flush_page.
695 *
696 * Called from TCG-generated code, which is under an RCU read-side
697 * critical section.
698 */
699 void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
700 hwaddr paddr, MemTxAttrs attrs, int prot,
701 int mmu_idx, target_ulong size)
702 {
703 CPUArchState *env = cpu->env_ptr;
704 CPUTLB *tlb = env_tlb(env);
705 CPUTLBDesc *desc = &tlb->d[mmu_idx];
706 MemoryRegionSection *section;
707 unsigned int index;
708 target_ulong address;
709 target_ulong write_address;
710 uintptr_t addend;
711 CPUTLBEntry *te, tn;
712 hwaddr iotlb, xlat, sz, paddr_page;
713 target_ulong vaddr_page;
714 int asidx = cpu_asidx_from_attrs(cpu, attrs);
715 int wp_flags;
716 bool is_ram, is_romd;
717
718 assert_cpu_is_self(cpu);
719
720 if (size <= TARGET_PAGE_SIZE) {
721 sz = TARGET_PAGE_SIZE;
722 } else {
723 tlb_add_large_page(env, mmu_idx, vaddr, size);
724 sz = size;
725 }
726 vaddr_page = vaddr & TARGET_PAGE_MASK;
727 paddr_page = paddr & TARGET_PAGE_MASK;
728
729 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
730 &xlat, &sz, attrs, &prot);
731 assert(sz >= TARGET_PAGE_SIZE);
732
733 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
734 " prot=%x idx=%d\n",
735 vaddr, paddr, prot, mmu_idx);
736
737 address = vaddr_page;
738 if (size < TARGET_PAGE_SIZE) {
739 /* Repeat the MMU check and TLB fill on every access. */
740 address |= TLB_INVALID_MASK;
741 }
742 if (attrs.byte_swap) {
743 address |= TLB_BSWAP;
744 }
745
746 is_ram = memory_region_is_ram(section->mr);
747 is_romd = memory_region_is_romd(section->mr);
748
749 if (is_ram || is_romd) {
750 /* RAM and ROMD both have associated host memory. */
751 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
752 } else {
753 /* I/O does not; force the host address to NULL. */
754 addend = 0;
755 }
756
757 write_address = address;
758 if (is_ram) {
759 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
760 /*
761 * Computing is_clean is expensive; avoid all that unless
762 * the page is actually writable.
763 */
764 if (prot & PAGE_WRITE) {
765 if (section->readonly) {
766 write_address |= TLB_DISCARD_WRITE;
767 } else if (cpu_physical_memory_is_clean(iotlb)) {
768 write_address |= TLB_NOTDIRTY;
769 }
770 }
771 } else {
772 /* I/O or ROMD */
773 iotlb = memory_region_section_get_iotlb(cpu, section) + xlat;
774 /*
775 * Writes to romd devices must go through MMIO to enable write.
776 * Reads to romd devices go through the ram_ptr found above,
777 * but of course reads to I/O must go through MMIO.
778 */
779 write_address |= TLB_MMIO;
780 if (!is_romd) {
781 address = write_address;
782 }
783 }
784
785 wp_flags = cpu_watchpoint_address_matches(cpu, vaddr_page,
786 TARGET_PAGE_SIZE);
787
788 index = tlb_index(env, mmu_idx, vaddr_page);
789 te = tlb_entry(env, mmu_idx, vaddr_page);
790
791 /*
792 * Hold the TLB lock for the rest of the function. We could acquire/release
793 * the lock several times in the function, but it is faster to amortize the
794 * acquisition cost by acquiring it just once. Note that this leads to
795 * a longer critical section, but this is not a concern since the TLB lock
796 * is unlikely to be contended.
797 */
798 qemu_spin_lock(&tlb->c.lock);
799
800 /* Note that the tlb is no longer clean. */
801 tlb->c.dirty |= 1 << mmu_idx;
802
803 /* Make sure there's no cached translation for the new page. */
804 tlb_flush_vtlb_page_locked(env, mmu_idx, vaddr_page);
805
806 /*
807 * Only evict the old entry to the victim tlb if it's for a
808 * different page; otherwise just overwrite the stale data.
809 */
810 if (!tlb_hit_page_anyprot(te, vaddr_page) && !tlb_entry_is_empty(te)) {
811 unsigned vidx = desc->vindex++ % CPU_VTLB_SIZE;
812 CPUTLBEntry *tv = &desc->vtable[vidx];
813
814 /* Evict the old entry into the victim tlb. */
815 copy_tlb_helper_locked(tv, te);
816 desc->viotlb[vidx] = desc->iotlb[index];
817 tlb_n_used_entries_dec(env, mmu_idx);
818 }
819
820 /* refill the tlb */
821 /*
822 * At this point iotlb contains a physical section number in the lower
823 * TARGET_PAGE_BITS, and either
824 * + the ram_addr_t of the page base of the target RAM (RAM)
825 * + the offset within section->mr of the page base (I/O, ROMD)
826 * We subtract the vaddr_page (which is page aligned and thus won't
827 * disturb the low bits) to give an offset which can be added to the
828 * (non-page-aligned) vaddr of the eventual memory access to get
829 * the MemoryRegion offset for the access. Note that the vaddr we
830 * subtract here is that of the page base, and not the same as the
831 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
832 */
833 desc->iotlb[index].addr = iotlb - vaddr_page;
834 desc->iotlb[index].attrs = attrs;
835
836 /* Now calculate the new entry */
837 tn.addend = addend - vaddr_page;
838 if (prot & PAGE_READ) {
839 tn.addr_read = address;
840 if (wp_flags & BP_MEM_READ) {
841 tn.addr_read |= TLB_WATCHPOINT;
842 }
843 } else {
844 tn.addr_read = -1;
845 }
846
847 if (prot & PAGE_EXEC) {
848 tn.addr_code = address;
849 } else {
850 tn.addr_code = -1;
851 }
852
853 tn.addr_write = -1;
854 if (prot & PAGE_WRITE) {
855 tn.addr_write = write_address;
856 if (prot & PAGE_WRITE_INV) {
857 tn.addr_write |= TLB_INVALID_MASK;
858 }
859 if (wp_flags & BP_MEM_WRITE) {
860 tn.addr_write |= TLB_WATCHPOINT;
861 }
862 }
863
864 copy_tlb_helper_locked(te, &tn);
865 tlb_n_used_entries_inc(env, mmu_idx);
866 qemu_spin_unlock(&tlb->c.lock);
867 }
868
869 /* Add a new TLB entry, but without specifying the memory
870 * transaction attributes to be used.
871 */
872 void tlb_set_page(CPUState *cpu, target_ulong vaddr,
873 hwaddr paddr, int prot,
874 int mmu_idx, target_ulong size)
875 {
876 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
877 prot, mmu_idx, size);
878 }
879
880 static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
881 {
882 ram_addr_t ram_addr;
883
884 ram_addr = qemu_ram_addr_from_host(ptr);
885 if (ram_addr == RAM_ADDR_INVALID) {
886 error_report("Bad ram pointer %p", ptr);
887 abort();
888 }
889 return ram_addr;
890 }
891
892 /*
893 * Note: tlb_fill() can trigger a resize of the TLB. This means that all of the
894 * caller's prior references to the TLB table (e.g. CPUTLBEntry pointers) must
895 * be discarded and looked up again (e.g. via tlb_entry()).
896 */
897 static void tlb_fill(CPUState *cpu, target_ulong addr, int size,
898 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
899 {
900 CPUClass *cc = CPU_GET_CLASS(cpu);
901 bool ok;
902
903 /*
904 * This is not a probe, so only valid return is success; failure
905 * should result in exception + longjmp to the cpu loop.
906 */
907 ok = cc->tlb_fill(cpu, addr, size, access_type, mmu_idx, false, retaddr);
908 assert(ok);
909 }
910
911 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
912 int mmu_idx, target_ulong addr, uintptr_t retaddr,
913 MMUAccessType access_type, MemOp op)
914 {
915 CPUState *cpu = env_cpu(env);
916 hwaddr mr_offset;
917 MemoryRegionSection *section;
918 MemoryRegion *mr;
919 uint64_t val;
920 bool locked = false;
921 MemTxResult r;
922
923 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
924 mr = section->mr;
925 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
926 cpu->mem_io_pc = retaddr;
927 if (!cpu->can_do_io) {
928 cpu_io_recompile(cpu, retaddr);
929 }
930
931 cpu->mem_io_access_type = access_type;
932
933 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
934 qemu_mutex_lock_iothread();
935 locked = true;
936 }
937 r = memory_region_dispatch_read(mr, mr_offset, &val, op, iotlbentry->attrs);
938 if (r != MEMTX_OK) {
939 hwaddr physaddr = mr_offset +
940 section->offset_within_address_space -
941 section->offset_within_region;
942
943 cpu_transaction_failed(cpu, physaddr, addr, memop_size(op), access_type,
944 mmu_idx, iotlbentry->attrs, r, retaddr);
945 }
946 if (locked) {
947 qemu_mutex_unlock_iothread();
948 }
949
950 return val;
951 }
952
953 static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
954 int mmu_idx, uint64_t val, target_ulong addr,
955 uintptr_t retaddr, MemOp op)
956 {
957 CPUState *cpu = env_cpu(env);
958 hwaddr mr_offset;
959 MemoryRegionSection *section;
960 MemoryRegion *mr;
961 bool locked = false;
962 MemTxResult r;
963
964 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
965 mr = section->mr;
966 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
967 if (!cpu->can_do_io) {
968 cpu_io_recompile(cpu, retaddr);
969 }
970 cpu->mem_io_pc = retaddr;
971
972 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
973 qemu_mutex_lock_iothread();
974 locked = true;
975 }
976 r = memory_region_dispatch_write(mr, mr_offset, val, op, iotlbentry->attrs);
977 if (r != MEMTX_OK) {
978 hwaddr physaddr = mr_offset +
979 section->offset_within_address_space -
980 section->offset_within_region;
981
982 cpu_transaction_failed(cpu, physaddr, addr, memop_size(op),
983 MMU_DATA_STORE, mmu_idx, iotlbentry->attrs, r,
984 retaddr);
985 }
986 if (locked) {
987 qemu_mutex_unlock_iothread();
988 }
989 }
990
991 static inline target_ulong tlb_read_ofs(CPUTLBEntry *entry, size_t ofs)
992 {
993 #if TCG_OVERSIZED_GUEST
994 return *(target_ulong *)((uintptr_t)entry + ofs);
995 #else
996 /* ofs might correspond to .addr_write, so use atomic_read */
997 return atomic_read((target_ulong *)((uintptr_t)entry + ofs));
998 #endif
999 }
1000
1001 /* Return true if ADDR is present in the victim tlb, and has been copied
1002 back to the main tlb. */
1003 static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
1004 size_t elt_ofs, target_ulong page)
1005 {
1006 size_t vidx;
1007
1008 assert_cpu_is_self(env_cpu(env));
1009 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
1010 CPUTLBEntry *vtlb = &env_tlb(env)->d[mmu_idx].vtable[vidx];
1011 target_ulong cmp;
1012
1013 /* elt_ofs might correspond to .addr_write, so use atomic_read */
1014 #if TCG_OVERSIZED_GUEST
1015 cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
1016 #else
1017 cmp = atomic_read((target_ulong *)((uintptr_t)vtlb + elt_ofs));
1018 #endif
1019
1020 if (cmp == page) {
1021 /* Found entry in victim tlb, swap tlb and iotlb. */
1022 CPUTLBEntry tmptlb, *tlb = &env_tlb(env)->f[mmu_idx].table[index];
1023
1024 qemu_spin_lock(&env_tlb(env)->c.lock);
1025 copy_tlb_helper_locked(&tmptlb, tlb);
1026 copy_tlb_helper_locked(tlb, vtlb);
1027 copy_tlb_helper_locked(vtlb, &tmptlb);
1028 qemu_spin_unlock(&env_tlb(env)->c.lock);
1029
1030 CPUIOTLBEntry tmpio, *io = &env_tlb(env)->d[mmu_idx].iotlb[index];
1031 CPUIOTLBEntry *vio = &env_tlb(env)->d[mmu_idx].viotlb[vidx];
1032 tmpio = *io; *io = *vio; *vio = tmpio;
1033 return true;
1034 }
1035 }
1036 return false;
1037 }
1038
1039 /* Macro to call the above, with local variables from the use context. */
1040 #define VICTIM_TLB_HIT(TY, ADDR) \
1041 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
1042 (ADDR) & TARGET_PAGE_MASK)
1043
1044 /*
1045 * Return a ram_addr_t for the virtual address for execution.
1046 *
1047 * Return -1 if we can't translate and execute from an entire page
1048 * of RAM. This will force us to execute by loading and translating
1049 * one insn at a time, without caching.
1050 *
1051 * NOTE: This function will trigger an exception if the page is
1052 * not executable.
1053 */
1054 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
1055 {
1056 uintptr_t mmu_idx = cpu_mmu_index(env, true);
1057 uintptr_t index = tlb_index(env, mmu_idx, addr);
1058 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1059 void *p;
1060
1061 if (unlikely(!tlb_hit(entry->addr_code, addr))) {
1062 if (!VICTIM_TLB_HIT(addr_code, addr)) {
1063 tlb_fill(env_cpu(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
1064 index = tlb_index(env, mmu_idx, addr);
1065 entry = tlb_entry(env, mmu_idx, addr);
1066
1067 if (unlikely(entry->addr_code & TLB_INVALID_MASK)) {
1068 /*
1069 * The MMU protection covers a smaller range than a target
1070 * page, so we must redo the MMU check for every insn.
1071 */
1072 return -1;
1073 }
1074 }
1075 assert(tlb_hit(entry->addr_code, addr));
1076 }
1077
1078 if (unlikely(entry->addr_code & TLB_MMIO)) {
1079 /* The region is not backed by RAM. */
1080 return -1;
1081 }
1082
1083 p = (void *)((uintptr_t)addr + entry->addend);
1084 return qemu_ram_addr_from_host_nofail(p);
1085 }
1086
1087 static void notdirty_write(CPUState *cpu, vaddr mem_vaddr, unsigned size,
1088 CPUIOTLBEntry *iotlbentry, uintptr_t retaddr)
1089 {
1090 ram_addr_t ram_addr = mem_vaddr + iotlbentry->addr;
1091
1092 trace_memory_notdirty_write_access(mem_vaddr, ram_addr, size);
1093
1094 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1095 struct page_collection *pages
1096 = page_collection_lock(ram_addr, ram_addr + size);
1097
1098 /* We require mem_io_pc in tb_invalidate_phys_page_range. */
1099 cpu->mem_io_pc = retaddr;
1100
1101 tb_invalidate_phys_page_fast(pages, ram_addr, size);
1102 page_collection_unlock(pages);
1103 }
1104
1105 /*
1106 * Set both VGA and migration bits for simplicity and to remove
1107 * the notdirty callback faster.
1108 */
1109 cpu_physical_memory_set_dirty_range(ram_addr, size, DIRTY_CLIENTS_NOCODE);
1110
1111 /* We remove the notdirty callback only if the code has been flushed. */
1112 if (!cpu_physical_memory_is_clean(ram_addr)) {
1113 trace_memory_notdirty_set_dirty(mem_vaddr);
1114 tlb_set_dirty(cpu, mem_vaddr);
1115 }
1116 }
1117
1118 /*
1119 * Probe for whether the specified guest access is permitted. If it is not
1120 * permitted then an exception will be taken in the same way as if this
1121 * were a real access (and we will not return).
1122 * If the size is 0 or the page requires I/O access, returns NULL; otherwise,
1123 * returns the address of the host page similar to tlb_vaddr_to_host().
1124 */
1125 void *probe_access(CPUArchState *env, target_ulong addr, int size,
1126 MMUAccessType access_type, int mmu_idx, uintptr_t retaddr)
1127 {
1128 uintptr_t index = tlb_index(env, mmu_idx, addr);
1129 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1130 target_ulong tlb_addr;
1131 size_t elt_ofs;
1132 int wp_access;
1133
1134 g_assert(-(addr | TARGET_PAGE_MASK) >= size);
1135
1136 switch (access_type) {
1137 case MMU_DATA_LOAD:
1138 elt_ofs = offsetof(CPUTLBEntry, addr_read);
1139 wp_access = BP_MEM_READ;
1140 break;
1141 case MMU_DATA_STORE:
1142 elt_ofs = offsetof(CPUTLBEntry, addr_write);
1143 wp_access = BP_MEM_WRITE;
1144 break;
1145 case MMU_INST_FETCH:
1146 elt_ofs = offsetof(CPUTLBEntry, addr_code);
1147 wp_access = BP_MEM_READ;
1148 break;
1149 default:
1150 g_assert_not_reached();
1151 }
1152 tlb_addr = tlb_read_ofs(entry, elt_ofs);
1153
1154 if (unlikely(!tlb_hit(tlb_addr, addr))) {
1155 if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs,
1156 addr & TARGET_PAGE_MASK)) {
1157 tlb_fill(env_cpu(env), addr, size, access_type, mmu_idx, retaddr);
1158 /* TLB resize via tlb_fill may have moved the entry. */
1159 index = tlb_index(env, mmu_idx, addr);
1160 entry = tlb_entry(env, mmu_idx, addr);
1161 }
1162 tlb_addr = tlb_read_ofs(entry, elt_ofs);
1163 }
1164
1165 if (!size) {
1166 return NULL;
1167 }
1168
1169 if (unlikely(tlb_addr & TLB_FLAGS_MASK)) {
1170 CPUIOTLBEntry *iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1171
1172 /* Reject I/O access, or other required slow-path. */
1173 if (tlb_addr & (TLB_MMIO | TLB_BSWAP | TLB_DISCARD_WRITE)) {
1174 return NULL;
1175 }
1176
1177 /* Handle watchpoints. */
1178 if (tlb_addr & TLB_WATCHPOINT) {
1179 cpu_check_watchpoint(env_cpu(env), addr, size,
1180 iotlbentry->attrs, wp_access, retaddr);
1181 }
1182
1183 /* Handle clean RAM pages. */
1184 if (tlb_addr & TLB_NOTDIRTY) {
1185 notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
1186 }
1187 }
1188
1189 return (void *)((uintptr_t)addr + entry->addend);
1190 }
1191
1192 void *tlb_vaddr_to_host(CPUArchState *env, abi_ptr addr,
1193 MMUAccessType access_type, int mmu_idx)
1194 {
1195 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1196 uintptr_t tlb_addr, page;
1197 size_t elt_ofs;
1198
1199 switch (access_type) {
1200 case MMU_DATA_LOAD:
1201 elt_ofs = offsetof(CPUTLBEntry, addr_read);
1202 break;
1203 case MMU_DATA_STORE:
1204 elt_ofs = offsetof(CPUTLBEntry, addr_write);
1205 break;
1206 case MMU_INST_FETCH:
1207 elt_ofs = offsetof(CPUTLBEntry, addr_code);
1208 break;
1209 default:
1210 g_assert_not_reached();
1211 }
1212
1213 page = addr & TARGET_PAGE_MASK;
1214 tlb_addr = tlb_read_ofs(entry, elt_ofs);
1215
1216 if (!tlb_hit_page(tlb_addr, page)) {
1217 uintptr_t index = tlb_index(env, mmu_idx, addr);
1218
1219 if (!victim_tlb_hit(env, mmu_idx, index, elt_ofs, page)) {
1220 CPUState *cs = env_cpu(env);
1221 CPUClass *cc = CPU_GET_CLASS(cs);
1222
1223 if (!cc->tlb_fill(cs, addr, 0, access_type, mmu_idx, true, 0)) {
1224 /* Non-faulting page table read failed. */
1225 return NULL;
1226 }
1227
1228 /* TLB resize via tlb_fill may have moved the entry. */
1229 entry = tlb_entry(env, mmu_idx, addr);
1230 }
1231 tlb_addr = tlb_read_ofs(entry, elt_ofs);
1232 }
1233
1234 if (tlb_addr & ~TARGET_PAGE_MASK) {
1235 /* IO access */
1236 return NULL;
1237 }
1238
1239 return (void *)((uintptr_t)addr + entry->addend);
1240 }
1241
1242 /* Probe for a read-modify-write atomic operation. Do not allow unaligned
1243 * operations, or io operations to proceed. Return the host address. */
1244 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
1245 TCGMemOpIdx oi, uintptr_t retaddr)
1246 {
1247 size_t mmu_idx = get_mmuidx(oi);
1248 uintptr_t index = tlb_index(env, mmu_idx, addr);
1249 CPUTLBEntry *tlbe = tlb_entry(env, mmu_idx, addr);
1250 target_ulong tlb_addr = tlb_addr_write(tlbe);
1251 MemOp mop = get_memop(oi);
1252 int a_bits = get_alignment_bits(mop);
1253 int s_bits = mop & MO_SIZE;
1254 void *hostaddr;
1255
1256 /* Adjust the given return address. */
1257 retaddr -= GETPC_ADJ;
1258
1259 /* Enforce guest required alignment. */
1260 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
1261 /* ??? Maybe indicate atomic op to cpu_unaligned_access */
1262 cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
1263 mmu_idx, retaddr);
1264 }
1265
1266 /* Enforce qemu required alignment. */
1267 if (unlikely(addr & ((1 << s_bits) - 1))) {
1268 /* We get here if guest alignment was not requested,
1269 or was not enforced by cpu_unaligned_access above.
1270 We might widen the access and emulate, but for now
1271 mark an exception and exit the cpu loop. */
1272 goto stop_the_world;
1273 }
1274
1275 /* Check TLB entry and enforce page permissions. */
1276 if (!tlb_hit(tlb_addr, addr)) {
1277 if (!VICTIM_TLB_HIT(addr_write, addr)) {
1278 tlb_fill(env_cpu(env), addr, 1 << s_bits, MMU_DATA_STORE,
1279 mmu_idx, retaddr);
1280 index = tlb_index(env, mmu_idx, addr);
1281 tlbe = tlb_entry(env, mmu_idx, addr);
1282 }
1283 tlb_addr = tlb_addr_write(tlbe) & ~TLB_INVALID_MASK;
1284 }
1285
1286 /* Notice an IO access or a needs-MMU-lookup access */
1287 if (unlikely(tlb_addr & TLB_MMIO)) {
1288 /* There's really nothing that can be done to
1289 support this apart from stop-the-world. */
1290 goto stop_the_world;
1291 }
1292
1293 /* Let the guest notice RMW on a write-only page. */
1294 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
1295 tlb_fill(env_cpu(env), addr, 1 << s_bits, MMU_DATA_LOAD,
1296 mmu_idx, retaddr);
1297 /* Since we don't support reads and writes to different addresses,
1298 and we do have the proper page loaded for write, this shouldn't
1299 ever return. But just in case, handle via stop-the-world. */
1300 goto stop_the_world;
1301 }
1302
1303 hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
1304
1305 if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
1306 notdirty_write(env_cpu(env), addr, 1 << s_bits,
1307 &env_tlb(env)->d[mmu_idx].iotlb[index], retaddr);
1308 }
1309
1310 return hostaddr;
1311
1312 stop_the_world:
1313 cpu_loop_exit_atomic(env_cpu(env), retaddr);
1314 }
1315
1316 /*
1317 * Load Helpers
1318 *
1319 * We support two different access types. SOFTMMU_CODE_ACCESS is
1320 * specifically for reading instructions from system memory. It is
1321 * called by the translation loop and in some helpers where the code
1322 * is disassembled. It shouldn't be called directly by guest code.
1323 */
1324
1325 typedef uint64_t FullLoadHelper(CPUArchState *env, target_ulong addr,
1326 TCGMemOpIdx oi, uintptr_t retaddr);
1327
1328 static inline uint64_t QEMU_ALWAYS_INLINE
1329 load_memop(const void *haddr, MemOp op)
1330 {
1331 switch (op) {
1332 case MO_UB:
1333 return ldub_p(haddr);
1334 case MO_BEUW:
1335 return lduw_be_p(haddr);
1336 case MO_LEUW:
1337 return lduw_le_p(haddr);
1338 case MO_BEUL:
1339 return (uint32_t)ldl_be_p(haddr);
1340 case MO_LEUL:
1341 return (uint32_t)ldl_le_p(haddr);
1342 case MO_BEQ:
1343 return ldq_be_p(haddr);
1344 case MO_LEQ:
1345 return ldq_le_p(haddr);
1346 default:
1347 qemu_build_not_reached();
1348 }
1349 }
1350
1351 static inline uint64_t QEMU_ALWAYS_INLINE
1352 load_helper(CPUArchState *env, target_ulong addr, TCGMemOpIdx oi,
1353 uintptr_t retaddr, MemOp op, bool code_read,
1354 FullLoadHelper *full_load)
1355 {
1356 uintptr_t mmu_idx = get_mmuidx(oi);
1357 uintptr_t index = tlb_index(env, mmu_idx, addr);
1358 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1359 target_ulong tlb_addr = code_read ? entry->addr_code : entry->addr_read;
1360 const size_t tlb_off = code_read ?
1361 offsetof(CPUTLBEntry, addr_code) : offsetof(CPUTLBEntry, addr_read);
1362 const MMUAccessType access_type =
1363 code_read ? MMU_INST_FETCH : MMU_DATA_LOAD;
1364 unsigned a_bits = get_alignment_bits(get_memop(oi));
1365 void *haddr;
1366 uint64_t res;
1367 size_t size = memop_size(op);
1368
1369 /* Handle CPU specific unaligned behaviour */
1370 if (addr & ((1 << a_bits) - 1)) {
1371 cpu_unaligned_access(env_cpu(env), addr, access_type,
1372 mmu_idx, retaddr);
1373 }
1374
1375 /* If the TLB entry is for a different page, reload and try again. */
1376 if (!tlb_hit(tlb_addr, addr)) {
1377 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
1378 addr & TARGET_PAGE_MASK)) {
1379 tlb_fill(env_cpu(env), addr, size,
1380 access_type, mmu_idx, retaddr);
1381 index = tlb_index(env, mmu_idx, addr);
1382 entry = tlb_entry(env, mmu_idx, addr);
1383 }
1384 tlb_addr = code_read ? entry->addr_code : entry->addr_read;
1385 tlb_addr &= ~TLB_INVALID_MASK;
1386 }
1387
1388 /* Handle anything that isn't just a straight memory access. */
1389 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
1390 CPUIOTLBEntry *iotlbentry;
1391 bool need_swap;
1392
1393 /* For anything that is unaligned, recurse through full_load. */
1394 if ((addr & (size - 1)) != 0) {
1395 goto do_unaligned_access;
1396 }
1397
1398 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1399
1400 /* Handle watchpoints. */
1401 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
1402 /* On watchpoint hit, this will longjmp out. */
1403 cpu_check_watchpoint(env_cpu(env), addr, size,
1404 iotlbentry->attrs, BP_MEM_READ, retaddr);
1405 }
1406
1407 need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
1408
1409 /* Handle I/O access. */
1410 if (likely(tlb_addr & TLB_MMIO)) {
1411 return io_readx(env, iotlbentry, mmu_idx, addr, retaddr,
1412 access_type, op ^ (need_swap * MO_BSWAP));
1413 }
1414
1415 haddr = (void *)((uintptr_t)addr + entry->addend);
1416
1417 /*
1418 * Keep these two load_memop separate to ensure that the compiler
1419 * is able to fold the entire function to a single instruction.
1420 * There is a build-time assert inside to remind you of this. ;-)
1421 */
1422 if (unlikely(need_swap)) {
1423 return load_memop(haddr, op ^ MO_BSWAP);
1424 }
1425 return load_memop(haddr, op);
1426 }
1427
1428 /* Handle slow unaligned access (it spans two pages or IO). */
1429 if (size > 1
1430 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
1431 >= TARGET_PAGE_SIZE)) {
1432 target_ulong addr1, addr2;
1433 uint64_t r1, r2;
1434 unsigned shift;
1435 do_unaligned_access:
1436 addr1 = addr & ~((target_ulong)size - 1);
1437 addr2 = addr1 + size;
1438 r1 = full_load(env, addr1, oi, retaddr);
1439 r2 = full_load(env, addr2, oi, retaddr);
1440 shift = (addr & (size - 1)) * 8;
1441
1442 if (memop_big_endian(op)) {
1443 /* Big-endian combine. */
1444 res = (r1 << shift) | (r2 >> ((size * 8) - shift));
1445 } else {
1446 /* Little-endian combine. */
1447 res = (r1 >> shift) | (r2 << ((size * 8) - shift));
1448 }
1449 return res & MAKE_64BIT_MASK(0, size * 8);
1450 }
1451
1452 haddr = (void *)((uintptr_t)addr + entry->addend);
1453 return load_memop(haddr, op);
1454 }
1455
1456 /*
1457 * For the benefit of TCG generated code, we want to avoid the
1458 * complication of ABI-specific return type promotion and always
1459 * return a value extended to the register size of the host. This is
1460 * tcg_target_long, except in the case of a 32-bit host and 64-bit
1461 * data, and for that we always have uint64_t.
1462 *
1463 * We don't bother with this widened value for SOFTMMU_CODE_ACCESS.
1464 */
1465
1466 static uint64_t full_ldub_mmu(CPUArchState *env, target_ulong addr,
1467 TCGMemOpIdx oi, uintptr_t retaddr)
1468 {
1469 return load_helper(env, addr, oi, retaddr, MO_UB, false, full_ldub_mmu);
1470 }
1471
1472 tcg_target_ulong helper_ret_ldub_mmu(CPUArchState *env, target_ulong addr,
1473 TCGMemOpIdx oi, uintptr_t retaddr)
1474 {
1475 return full_ldub_mmu(env, addr, oi, retaddr);
1476 }
1477
1478 static uint64_t full_le_lduw_mmu(CPUArchState *env, target_ulong addr,
1479 TCGMemOpIdx oi, uintptr_t retaddr)
1480 {
1481 return load_helper(env, addr, oi, retaddr, MO_LEUW, false,
1482 full_le_lduw_mmu);
1483 }
1484
1485 tcg_target_ulong helper_le_lduw_mmu(CPUArchState *env, target_ulong addr,
1486 TCGMemOpIdx oi, uintptr_t retaddr)
1487 {
1488 return full_le_lduw_mmu(env, addr, oi, retaddr);
1489 }
1490
1491 static uint64_t full_be_lduw_mmu(CPUArchState *env, target_ulong addr,
1492 TCGMemOpIdx oi, uintptr_t retaddr)
1493 {
1494 return load_helper(env, addr, oi, retaddr, MO_BEUW, false,
1495 full_be_lduw_mmu);
1496 }
1497
1498 tcg_target_ulong helper_be_lduw_mmu(CPUArchState *env, target_ulong addr,
1499 TCGMemOpIdx oi, uintptr_t retaddr)
1500 {
1501 return full_be_lduw_mmu(env, addr, oi, retaddr);
1502 }
1503
1504 static uint64_t full_le_ldul_mmu(CPUArchState *env, target_ulong addr,
1505 TCGMemOpIdx oi, uintptr_t retaddr)
1506 {
1507 return load_helper(env, addr, oi, retaddr, MO_LEUL, false,
1508 full_le_ldul_mmu);
1509 }
1510
1511 tcg_target_ulong helper_le_ldul_mmu(CPUArchState *env, target_ulong addr,
1512 TCGMemOpIdx oi, uintptr_t retaddr)
1513 {
1514 return full_le_ldul_mmu(env, addr, oi, retaddr);
1515 }
1516
1517 static uint64_t full_be_ldul_mmu(CPUArchState *env, target_ulong addr,
1518 TCGMemOpIdx oi, uintptr_t retaddr)
1519 {
1520 return load_helper(env, addr, oi, retaddr, MO_BEUL, false,
1521 full_be_ldul_mmu);
1522 }
1523
1524 tcg_target_ulong helper_be_ldul_mmu(CPUArchState *env, target_ulong addr,
1525 TCGMemOpIdx oi, uintptr_t retaddr)
1526 {
1527 return full_be_ldul_mmu(env, addr, oi, retaddr);
1528 }
1529
1530 uint64_t helper_le_ldq_mmu(CPUArchState *env, target_ulong addr,
1531 TCGMemOpIdx oi, uintptr_t retaddr)
1532 {
1533 return load_helper(env, addr, oi, retaddr, MO_LEQ, false,
1534 helper_le_ldq_mmu);
1535 }
1536
1537 uint64_t helper_be_ldq_mmu(CPUArchState *env, target_ulong addr,
1538 TCGMemOpIdx oi, uintptr_t retaddr)
1539 {
1540 return load_helper(env, addr, oi, retaddr, MO_BEQ, false,
1541 helper_be_ldq_mmu);
1542 }
1543
1544 /*
1545 * Provide signed versions of the load routines as well. We can of course
1546 * avoid this for 64-bit data, or for 32-bit data on 32-bit host.
1547 */
1548
1549
1550 tcg_target_ulong helper_ret_ldsb_mmu(CPUArchState *env, target_ulong addr,
1551 TCGMemOpIdx oi, uintptr_t retaddr)
1552 {
1553 return (int8_t)helper_ret_ldub_mmu(env, addr, oi, retaddr);
1554 }
1555
1556 tcg_target_ulong helper_le_ldsw_mmu(CPUArchState *env, target_ulong addr,
1557 TCGMemOpIdx oi, uintptr_t retaddr)
1558 {
1559 return (int16_t)helper_le_lduw_mmu(env, addr, oi, retaddr);
1560 }
1561
1562 tcg_target_ulong helper_be_ldsw_mmu(CPUArchState *env, target_ulong addr,
1563 TCGMemOpIdx oi, uintptr_t retaddr)
1564 {
1565 return (int16_t)helper_be_lduw_mmu(env, addr, oi, retaddr);
1566 }
1567
1568 tcg_target_ulong helper_le_ldsl_mmu(CPUArchState *env, target_ulong addr,
1569 TCGMemOpIdx oi, uintptr_t retaddr)
1570 {
1571 return (int32_t)helper_le_ldul_mmu(env, addr, oi, retaddr);
1572 }
1573
1574 tcg_target_ulong helper_be_ldsl_mmu(CPUArchState *env, target_ulong addr,
1575 TCGMemOpIdx oi, uintptr_t retaddr)
1576 {
1577 return (int32_t)helper_be_ldul_mmu(env, addr, oi, retaddr);
1578 }
1579
1580 /*
1581 * Store Helpers
1582 */
1583
1584 static inline void QEMU_ALWAYS_INLINE
1585 store_memop(void *haddr, uint64_t val, MemOp op)
1586 {
1587 switch (op) {
1588 case MO_UB:
1589 stb_p(haddr, val);
1590 break;
1591 case MO_BEUW:
1592 stw_be_p(haddr, val);
1593 break;
1594 case MO_LEUW:
1595 stw_le_p(haddr, val);
1596 break;
1597 case MO_BEUL:
1598 stl_be_p(haddr, val);
1599 break;
1600 case MO_LEUL:
1601 stl_le_p(haddr, val);
1602 break;
1603 case MO_BEQ:
1604 stq_be_p(haddr, val);
1605 break;
1606 case MO_LEQ:
1607 stq_le_p(haddr, val);
1608 break;
1609 default:
1610 qemu_build_not_reached();
1611 }
1612 }
1613
1614 static inline void QEMU_ALWAYS_INLINE
1615 store_helper(CPUArchState *env, target_ulong addr, uint64_t val,
1616 TCGMemOpIdx oi, uintptr_t retaddr, MemOp op)
1617 {
1618 uintptr_t mmu_idx = get_mmuidx(oi);
1619 uintptr_t index = tlb_index(env, mmu_idx, addr);
1620 CPUTLBEntry *entry = tlb_entry(env, mmu_idx, addr);
1621 target_ulong tlb_addr = tlb_addr_write(entry);
1622 const size_t tlb_off = offsetof(CPUTLBEntry, addr_write);
1623 unsigned a_bits = get_alignment_bits(get_memop(oi));
1624 void *haddr;
1625 size_t size = memop_size(op);
1626
1627 /* Handle CPU specific unaligned behaviour */
1628 if (addr & ((1 << a_bits) - 1)) {
1629 cpu_unaligned_access(env_cpu(env), addr, MMU_DATA_STORE,
1630 mmu_idx, retaddr);
1631 }
1632
1633 /* If the TLB entry is for a different page, reload and try again. */
1634 if (!tlb_hit(tlb_addr, addr)) {
1635 if (!victim_tlb_hit(env, mmu_idx, index, tlb_off,
1636 addr & TARGET_PAGE_MASK)) {
1637 tlb_fill(env_cpu(env), addr, size, MMU_DATA_STORE,
1638 mmu_idx, retaddr);
1639 index = tlb_index(env, mmu_idx, addr);
1640 entry = tlb_entry(env, mmu_idx, addr);
1641 }
1642 tlb_addr = tlb_addr_write(entry) & ~TLB_INVALID_MASK;
1643 }
1644
1645 /* Handle anything that isn't just a straight memory access. */
1646 if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
1647 CPUIOTLBEntry *iotlbentry;
1648 bool need_swap;
1649
1650 /* For anything that is unaligned, recurse through byte stores. */
1651 if ((addr & (size - 1)) != 0) {
1652 goto do_unaligned_access;
1653 }
1654
1655 iotlbentry = &env_tlb(env)->d[mmu_idx].iotlb[index];
1656
1657 /* Handle watchpoints. */
1658 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
1659 /* On watchpoint hit, this will longjmp out. */
1660 cpu_check_watchpoint(env_cpu(env), addr, size,
1661 iotlbentry->attrs, BP_MEM_WRITE, retaddr);
1662 }
1663
1664 need_swap = size > 1 && (tlb_addr & TLB_BSWAP);
1665
1666 /* Handle I/O access. */
1667 if (tlb_addr & TLB_MMIO) {
1668 io_writex(env, iotlbentry, mmu_idx, val, addr, retaddr,
1669 op ^ (need_swap * MO_BSWAP));
1670 return;
1671 }
1672
1673 /* Ignore writes to ROM. */
1674 if (unlikely(tlb_addr & TLB_DISCARD_WRITE)) {
1675 return;
1676 }
1677
1678 /* Handle clean RAM pages. */
1679 if (tlb_addr & TLB_NOTDIRTY) {
1680 notdirty_write(env_cpu(env), addr, size, iotlbentry, retaddr);
1681 }
1682
1683 haddr = (void *)((uintptr_t)addr + entry->addend);
1684
1685 /*
1686 * Keep these two store_memop separate to ensure that the compiler
1687 * is able to fold the entire function to a single instruction.
1688 * There is a build-time assert inside to remind you of this. ;-)
1689 */
1690 if (unlikely(need_swap)) {
1691 store_memop(haddr, val, op ^ MO_BSWAP);
1692 } else {
1693 store_memop(haddr, val, op);
1694 }
1695 return;
1696 }
1697
1698 /* Handle slow unaligned access (it spans two pages or IO). */
1699 if (size > 1
1700 && unlikely((addr & ~TARGET_PAGE_MASK) + size - 1
1701 >= TARGET_PAGE_SIZE)) {
1702 int i;
1703 uintptr_t index2;
1704 CPUTLBEntry *entry2;
1705 target_ulong page2, tlb_addr2;
1706 size_t size2;
1707
1708 do_unaligned_access:
1709 /*
1710 * Ensure the second page is in the TLB. Note that the first page
1711 * is already guaranteed to be filled, and that the second page
1712 * cannot evict the first.
1713 */
1714 page2 = (addr + size) & TARGET_PAGE_MASK;
1715 size2 = (addr + size) & ~TARGET_PAGE_MASK;
1716 index2 = tlb_index(env, mmu_idx, page2);
1717 entry2 = tlb_entry(env, mmu_idx, page2);
1718 tlb_addr2 = tlb_addr_write(entry2);
1719 if (!tlb_hit_page(tlb_addr2, page2)) {
1720 if (!victim_tlb_hit(env, mmu_idx, index2, tlb_off, page2)) {
1721 tlb_fill(env_cpu(env), page2, size2, MMU_DATA_STORE,
1722 mmu_idx, retaddr);
1723 index2 = tlb_index(env, mmu_idx, page2);
1724 entry2 = tlb_entry(env, mmu_idx, page2);
1725 }
1726 tlb_addr2 = tlb_addr_write(entry2);
1727 }
1728
1729 /*
1730 * Handle watchpoints. Since this may trap, all checks
1731 * must happen before any store.
1732 */
1733 if (unlikely(tlb_addr & TLB_WATCHPOINT)) {
1734 cpu_check_watchpoint(env_cpu(env), addr, size - size2,
1735 env_tlb(env)->d[mmu_idx].iotlb[index].attrs,
1736 BP_MEM_WRITE, retaddr);
1737 }
1738 if (unlikely(tlb_addr2 & TLB_WATCHPOINT)) {
1739 cpu_check_watchpoint(env_cpu(env), page2, size2,
1740 env_tlb(env)->d[mmu_idx].iotlb[index2].attrs,
1741 BP_MEM_WRITE, retaddr);
1742 }
1743
1744 /*
1745 * XXX: not efficient, but simple.
1746 * This loop must go in the forward direction to avoid issues
1747 * with self-modifying code in Windows 64-bit.
1748 */
1749 for (i = 0; i < size; ++i) {
1750 uint8_t val8;
1751 if (memop_big_endian(op)) {
1752 /* Big-endian extract. */
1753 val8 = val >> (((size - 1) * 8) - (i * 8));
1754 } else {
1755 /* Little-endian extract. */
1756 val8 = val >> (i * 8);
1757 }
1758 helper_ret_stb_mmu(env, addr + i, val8, oi, retaddr);
1759 }
1760 return;
1761 }
1762
1763 haddr = (void *)((uintptr_t)addr + entry->addend);
1764 store_memop(haddr, val, op);
1765 }
1766
1767 void helper_ret_stb_mmu(CPUArchState *env, target_ulong addr, uint8_t val,
1768 TCGMemOpIdx oi, uintptr_t retaddr)
1769 {
1770 store_helper(env, addr, val, oi, retaddr, MO_UB);
1771 }
1772
1773 void helper_le_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
1774 TCGMemOpIdx oi, uintptr_t retaddr)
1775 {
1776 store_helper(env, addr, val, oi, retaddr, MO_LEUW);
1777 }
1778
1779 void helper_be_stw_mmu(CPUArchState *env, target_ulong addr, uint16_t val,
1780 TCGMemOpIdx oi, uintptr_t retaddr)
1781 {
1782 store_helper(env, addr, val, oi, retaddr, MO_BEUW);
1783 }
1784
1785 void helper_le_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
1786 TCGMemOpIdx oi, uintptr_t retaddr)
1787 {
1788 store_helper(env, addr, val, oi, retaddr, MO_LEUL);
1789 }
1790
1791 void helper_be_stl_mmu(CPUArchState *env, target_ulong addr, uint32_t val,
1792 TCGMemOpIdx oi, uintptr_t retaddr)
1793 {
1794 store_helper(env, addr, val, oi, retaddr, MO_BEUL);
1795 }
1796
1797 void helper_le_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
1798 TCGMemOpIdx oi, uintptr_t retaddr)
1799 {
1800 store_helper(env, addr, val, oi, retaddr, MO_LEQ);
1801 }
1802
1803 void helper_be_stq_mmu(CPUArchState *env, target_ulong addr, uint64_t val,
1804 TCGMemOpIdx oi, uintptr_t retaddr)
1805 {
1806 store_helper(env, addr, val, oi, retaddr, MO_BEQ);
1807 }
1808
1809 /* First set of helpers allows passing in of OI and RETADDR. This makes
1810 them callable from other helpers. */
1811
1812 #define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr
1813 #define ATOMIC_NAME(X) \
1814 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu))
1815 #define ATOMIC_MMU_DECLS
1816 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr)
1817 #define ATOMIC_MMU_CLEANUP
1818
1819 #define DATA_SIZE 1
1820 #include "atomic_template.h"
1821
1822 #define DATA_SIZE 2
1823 #include "atomic_template.h"
1824
1825 #define DATA_SIZE 4
1826 #include "atomic_template.h"
1827
1828 #ifdef CONFIG_ATOMIC64
1829 #define DATA_SIZE 8
1830 #include "atomic_template.h"
1831 #endif
1832
1833 #if HAVE_CMPXCHG128 || HAVE_ATOMIC128
1834 #define DATA_SIZE 16
1835 #include "atomic_template.h"
1836 #endif
1837
1838 /* Second set of helpers are directly callable from TCG as helpers. */
1839
1840 #undef EXTRA_ARGS
1841 #undef ATOMIC_NAME
1842 #undef ATOMIC_MMU_LOOKUP
1843 #define EXTRA_ARGS , TCGMemOpIdx oi
1844 #define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
1845 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC())
1846
1847 #define DATA_SIZE 1
1848 #include "atomic_template.h"
1849
1850 #define DATA_SIZE 2
1851 #include "atomic_template.h"
1852
1853 #define DATA_SIZE 4
1854 #include "atomic_template.h"
1855
1856 #ifdef CONFIG_ATOMIC64
1857 #define DATA_SIZE 8
1858 #include "atomic_template.h"
1859 #endif
1860
1861 /* Code access functions. */
1862
1863 static uint64_t full_ldub_cmmu(CPUArchState *env, target_ulong addr,
1864 TCGMemOpIdx oi, uintptr_t retaddr)
1865 {
1866 return load_helper(env, addr, oi, retaddr, MO_8, true, full_ldub_cmmu);
1867 }
1868
1869 uint8_t helper_ret_ldb_cmmu(CPUArchState *env, target_ulong addr,
1870 TCGMemOpIdx oi, uintptr_t retaddr)
1871 {
1872 return full_ldub_cmmu(env, addr, oi, retaddr);
1873 }
1874
1875 static uint64_t full_le_lduw_cmmu(CPUArchState *env, target_ulong addr,
1876 TCGMemOpIdx oi, uintptr_t retaddr)
1877 {
1878 return load_helper(env, addr, oi, retaddr, MO_LEUW, true,
1879 full_le_lduw_cmmu);
1880 }
1881
1882 uint16_t helper_le_ldw_cmmu(CPUArchState *env, target_ulong addr,
1883 TCGMemOpIdx oi, uintptr_t retaddr)
1884 {
1885 return full_le_lduw_cmmu(env, addr, oi, retaddr);
1886 }
1887
1888 static uint64_t full_be_lduw_cmmu(CPUArchState *env, target_ulong addr,
1889 TCGMemOpIdx oi, uintptr_t retaddr)
1890 {
1891 return load_helper(env, addr, oi, retaddr, MO_BEUW, true,
1892 full_be_lduw_cmmu);
1893 }
1894
1895 uint16_t helper_be_ldw_cmmu(CPUArchState *env, target_ulong addr,
1896 TCGMemOpIdx oi, uintptr_t retaddr)
1897 {
1898 return full_be_lduw_cmmu(env, addr, oi, retaddr);
1899 }
1900
1901 static uint64_t full_le_ldul_cmmu(CPUArchState *env, target_ulong addr,
1902 TCGMemOpIdx oi, uintptr_t retaddr)
1903 {
1904 return load_helper(env, addr, oi, retaddr, MO_LEUL, true,
1905 full_le_ldul_cmmu);
1906 }
1907
1908 uint32_t helper_le_ldl_cmmu(CPUArchState *env, target_ulong addr,
1909 TCGMemOpIdx oi, uintptr_t retaddr)
1910 {
1911 return full_le_ldul_cmmu(env, addr, oi, retaddr);
1912 }
1913
1914 static uint64_t full_be_ldul_cmmu(CPUArchState *env, target_ulong addr,
1915 TCGMemOpIdx oi, uintptr_t retaddr)
1916 {
1917 return load_helper(env, addr, oi, retaddr, MO_BEUL, true,
1918 full_be_ldul_cmmu);
1919 }
1920
1921 uint32_t helper_be_ldl_cmmu(CPUArchState *env, target_ulong addr,
1922 TCGMemOpIdx oi, uintptr_t retaddr)
1923 {
1924 return full_be_ldul_cmmu(env, addr, oi, retaddr);
1925 }
1926
1927 uint64_t helper_le_ldq_cmmu(CPUArchState *env, target_ulong addr,
1928 TCGMemOpIdx oi, uintptr_t retaddr)
1929 {
1930 return load_helper(env, addr, oi, retaddr, MO_LEQ, true,
1931 helper_le_ldq_cmmu);
1932 }
1933
1934 uint64_t helper_be_ldq_cmmu(CPUArchState *env, target_ulong addr,
1935 TCGMemOpIdx oi, uintptr_t retaddr)
1936 {
1937 return load_helper(env, addr, oi, retaddr, MO_BEQ, true,
1938 helper_be_ldq_cmmu);
1939 }
QEMU mirror