]> git.proxmox.com Git - mirror_qemu.git/blob - accel/tcg/cputlb.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180626' into...
[mirror_qemu.git] / accel / tcg / cputlb.c
1 /*
2 * Common CPU TLB handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "qemu/osdep.h"
21 #include "qemu/main-loop.h"
22 #include "cpu.h"
23 #include "exec/exec-all.h"
24 #include "exec/memory.h"
25 #include "exec/address-spaces.h"
26 #include "exec/cpu_ldst.h"
27 #include "exec/cputlb.h"
28 #include "exec/memory-internal.h"
29 #include "exec/ram_addr.h"
30 #include "tcg/tcg.h"
31 #include "qemu/error-report.h"
32 #include "exec/log.h"
33 #include "exec/helper-proto.h"
34 #include "qemu/atomic.h"
35
36 /* DEBUG defines, enable DEBUG_TLB_LOG to log to the CPU_LOG_MMU target */
37 /* #define DEBUG_TLB */
38 /* #define DEBUG_TLB_LOG */
39
40 #ifdef DEBUG_TLB
41 # define DEBUG_TLB_GATE 1
42 # ifdef DEBUG_TLB_LOG
43 # define DEBUG_TLB_LOG_GATE 1
44 # else
45 # define DEBUG_TLB_LOG_GATE 0
46 # endif
47 #else
48 # define DEBUG_TLB_GATE 0
49 # define DEBUG_TLB_LOG_GATE 0
50 #endif
51
52 #define tlb_debug(fmt, ...) do { \
53 if (DEBUG_TLB_LOG_GATE) { \
54 qemu_log_mask(CPU_LOG_MMU, "%s: " fmt, __func__, \
55 ## __VA_ARGS__); \
56 } else if (DEBUG_TLB_GATE) { \
57 fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
58 } \
59 } while (0)
60
61 #define assert_cpu_is_self(this_cpu) do { \
62 if (DEBUG_TLB_GATE) { \
63 g_assert(!cpu->created || qemu_cpu_is_self(cpu)); \
64 } \
65 } while (0)
66
67 /* run_on_cpu_data.target_ptr should always be big enough for a
68 * target_ulong even on 32 bit builds */
69 QEMU_BUILD_BUG_ON(sizeof(target_ulong) > sizeof(run_on_cpu_data));
70
71 /* We currently can't handle more than 16 bits in the MMUIDX bitmask.
72 */
73 QEMU_BUILD_BUG_ON(NB_MMU_MODES > 16);
74 #define ALL_MMUIDX_BITS ((1 << NB_MMU_MODES) - 1)
75
76 /* flush_all_helper: run fn across all cpus
77 *
78 * If the wait flag is set then the src cpu's helper will be queued as
79 * "safe" work and the loop exited creating a synchronisation point
80 * where all queued work will be finished before execution starts
81 * again.
82 */
83 static void flush_all_helper(CPUState *src, run_on_cpu_func fn,
84 run_on_cpu_data d)
85 {
86 CPUState *cpu;
87
88 CPU_FOREACH(cpu) {
89 if (cpu != src) {
90 async_run_on_cpu(cpu, fn, d);
91 }
92 }
93 }
94
95 size_t tlb_flush_count(void)
96 {
97 CPUState *cpu;
98 size_t count = 0;
99
100 CPU_FOREACH(cpu) {
101 CPUArchState *env = cpu->env_ptr;
102
103 count += atomic_read(&env->tlb_flush_count);
104 }
105 return count;
106 }
107
108 /* This is OK because CPU architectures generally permit an
109 * implementation to drop entries from the TLB at any time, so
110 * flushing more entries than required is only an efficiency issue,
111 * not a correctness issue.
112 */
113 static void tlb_flush_nocheck(CPUState *cpu)
114 {
115 CPUArchState *env = cpu->env_ptr;
116
117 /* The QOM tests will trigger tlb_flushes without setting up TCG
118 * so we bug out here in that case.
119 */
120 if (!tcg_enabled()) {
121 return;
122 }
123
124 assert_cpu_is_self(cpu);
125 atomic_set(&env->tlb_flush_count, env->tlb_flush_count + 1);
126 tlb_debug("(count: %zu)\n", tlb_flush_count());
127
128 memset(env->tlb_table, -1, sizeof(env->tlb_table));
129 memset(env->tlb_v_table, -1, sizeof(env->tlb_v_table));
130 cpu_tb_jmp_cache_clear(cpu);
131
132 env->vtlb_index = 0;
133 env->tlb_flush_addr = -1;
134 env->tlb_flush_mask = 0;
135
136 atomic_mb_set(&cpu->pending_tlb_flush, 0);
137 }
138
139 static void tlb_flush_global_async_work(CPUState *cpu, run_on_cpu_data data)
140 {
141 tlb_flush_nocheck(cpu);
142 }
143
144 void tlb_flush(CPUState *cpu)
145 {
146 if (cpu->created && !qemu_cpu_is_self(cpu)) {
147 if (atomic_mb_read(&cpu->pending_tlb_flush) != ALL_MMUIDX_BITS) {
148 atomic_mb_set(&cpu->pending_tlb_flush, ALL_MMUIDX_BITS);
149 async_run_on_cpu(cpu, tlb_flush_global_async_work,
150 RUN_ON_CPU_NULL);
151 }
152 } else {
153 tlb_flush_nocheck(cpu);
154 }
155 }
156
157 void tlb_flush_all_cpus(CPUState *src_cpu)
158 {
159 const run_on_cpu_func fn = tlb_flush_global_async_work;
160 flush_all_helper(src_cpu, fn, RUN_ON_CPU_NULL);
161 fn(src_cpu, RUN_ON_CPU_NULL);
162 }
163
164 void tlb_flush_all_cpus_synced(CPUState *src_cpu)
165 {
166 const run_on_cpu_func fn = tlb_flush_global_async_work;
167 flush_all_helper(src_cpu, fn, RUN_ON_CPU_NULL);
168 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_NULL);
169 }
170
171 static void tlb_flush_by_mmuidx_async_work(CPUState *cpu, run_on_cpu_data data)
172 {
173 CPUArchState *env = cpu->env_ptr;
174 unsigned long mmu_idx_bitmask = data.host_int;
175 int mmu_idx;
176
177 assert_cpu_is_self(cpu);
178
179 tlb_debug("start: mmu_idx:0x%04lx\n", mmu_idx_bitmask);
180
181 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
182
183 if (test_bit(mmu_idx, &mmu_idx_bitmask)) {
184 tlb_debug("%d\n", mmu_idx);
185
186 memset(env->tlb_table[mmu_idx], -1, sizeof(env->tlb_table[0]));
187 memset(env->tlb_v_table[mmu_idx], -1, sizeof(env->tlb_v_table[0]));
188 }
189 }
190
191 cpu_tb_jmp_cache_clear(cpu);
192
193 tlb_debug("done\n");
194 }
195
196 void tlb_flush_by_mmuidx(CPUState *cpu, uint16_t idxmap)
197 {
198 tlb_debug("mmu_idx: 0x%" PRIx16 "\n", idxmap);
199
200 if (!qemu_cpu_is_self(cpu)) {
201 uint16_t pending_flushes = idxmap;
202 pending_flushes &= ~atomic_mb_read(&cpu->pending_tlb_flush);
203
204 if (pending_flushes) {
205 tlb_debug("reduced mmu_idx: 0x%" PRIx16 "\n", pending_flushes);
206
207 atomic_or(&cpu->pending_tlb_flush, pending_flushes);
208 async_run_on_cpu(cpu, tlb_flush_by_mmuidx_async_work,
209 RUN_ON_CPU_HOST_INT(pending_flushes));
210 }
211 } else {
212 tlb_flush_by_mmuidx_async_work(cpu,
213 RUN_ON_CPU_HOST_INT(idxmap));
214 }
215 }
216
217 void tlb_flush_by_mmuidx_all_cpus(CPUState *src_cpu, uint16_t idxmap)
218 {
219 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
220
221 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
222
223 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
224 fn(src_cpu, RUN_ON_CPU_HOST_INT(idxmap));
225 }
226
227 void tlb_flush_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
228 uint16_t idxmap)
229 {
230 const run_on_cpu_func fn = tlb_flush_by_mmuidx_async_work;
231
232 tlb_debug("mmu_idx: 0x%"PRIx16"\n", idxmap);
233
234 flush_all_helper(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
235 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_HOST_INT(idxmap));
236 }
237
238
239
240 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
241 {
242 if (addr == (tlb_entry->addr_read &
243 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
244 addr == (tlb_entry->addr_write &
245 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
246 addr == (tlb_entry->addr_code &
247 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
248 memset(tlb_entry, -1, sizeof(*tlb_entry));
249 }
250 }
251
252 static void tlb_flush_page_async_work(CPUState *cpu, run_on_cpu_data data)
253 {
254 CPUArchState *env = cpu->env_ptr;
255 target_ulong addr = (target_ulong) data.target_ptr;
256 int i;
257 int mmu_idx;
258
259 assert_cpu_is_self(cpu);
260
261 tlb_debug("page :" TARGET_FMT_lx "\n", addr);
262
263 /* Check if we need to flush due to large pages. */
264 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
265 tlb_debug("forcing full flush ("
266 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
267 env->tlb_flush_addr, env->tlb_flush_mask);
268
269 tlb_flush(cpu);
270 return;
271 }
272
273 addr &= TARGET_PAGE_MASK;
274 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
275 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
276 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
277 }
278
279 /* check whether there are entries that need to be flushed in the vtlb */
280 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
281 int k;
282 for (k = 0; k < CPU_VTLB_SIZE; k++) {
283 tlb_flush_entry(&env->tlb_v_table[mmu_idx][k], addr);
284 }
285 }
286
287 tb_flush_jmp_cache(cpu, addr);
288 }
289
290 void tlb_flush_page(CPUState *cpu, target_ulong addr)
291 {
292 tlb_debug("page :" TARGET_FMT_lx "\n", addr);
293
294 if (!qemu_cpu_is_self(cpu)) {
295 async_run_on_cpu(cpu, tlb_flush_page_async_work,
296 RUN_ON_CPU_TARGET_PTR(addr));
297 } else {
298 tlb_flush_page_async_work(cpu, RUN_ON_CPU_TARGET_PTR(addr));
299 }
300 }
301
302 /* As we are going to hijack the bottom bits of the page address for a
303 * mmuidx bit mask we need to fail to build if we can't do that
304 */
305 QEMU_BUILD_BUG_ON(NB_MMU_MODES > TARGET_PAGE_BITS_MIN);
306
307 static void tlb_flush_page_by_mmuidx_async_work(CPUState *cpu,
308 run_on_cpu_data data)
309 {
310 CPUArchState *env = cpu->env_ptr;
311 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
312 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
313 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
314 int page = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
315 int mmu_idx;
316 int i;
317
318 assert_cpu_is_self(cpu);
319
320 tlb_debug("page:%d addr:"TARGET_FMT_lx" mmu_idx:0x%lx\n",
321 page, addr, mmu_idx_bitmap);
322
323 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
324 if (test_bit(mmu_idx, &mmu_idx_bitmap)) {
325 tlb_flush_entry(&env->tlb_table[mmu_idx][page], addr);
326
327 /* check whether there are vltb entries that need to be flushed */
328 for (i = 0; i < CPU_VTLB_SIZE; i++) {
329 tlb_flush_entry(&env->tlb_v_table[mmu_idx][i], addr);
330 }
331 }
332 }
333
334 tb_flush_jmp_cache(cpu, addr);
335 }
336
337 static void tlb_check_page_and_flush_by_mmuidx_async_work(CPUState *cpu,
338 run_on_cpu_data data)
339 {
340 CPUArchState *env = cpu->env_ptr;
341 target_ulong addr_and_mmuidx = (target_ulong) data.target_ptr;
342 target_ulong addr = addr_and_mmuidx & TARGET_PAGE_MASK;
343 unsigned long mmu_idx_bitmap = addr_and_mmuidx & ALL_MMUIDX_BITS;
344
345 tlb_debug("addr:"TARGET_FMT_lx" mmu_idx: %04lx\n", addr, mmu_idx_bitmap);
346
347 /* Check if we need to flush due to large pages. */
348 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
349 tlb_debug("forced full flush ("
350 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
351 env->tlb_flush_addr, env->tlb_flush_mask);
352
353 tlb_flush_by_mmuidx_async_work(cpu,
354 RUN_ON_CPU_HOST_INT(mmu_idx_bitmap));
355 } else {
356 tlb_flush_page_by_mmuidx_async_work(cpu, data);
357 }
358 }
359
360 void tlb_flush_page_by_mmuidx(CPUState *cpu, target_ulong addr, uint16_t idxmap)
361 {
362 target_ulong addr_and_mmu_idx;
363
364 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%" PRIx16 "\n", addr, idxmap);
365
366 /* This should already be page aligned */
367 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
368 addr_and_mmu_idx |= idxmap;
369
370 if (!qemu_cpu_is_self(cpu)) {
371 async_run_on_cpu(cpu, tlb_check_page_and_flush_by_mmuidx_async_work,
372 RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
373 } else {
374 tlb_check_page_and_flush_by_mmuidx_async_work(
375 cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
376 }
377 }
378
379 void tlb_flush_page_by_mmuidx_all_cpus(CPUState *src_cpu, target_ulong addr,
380 uint16_t idxmap)
381 {
382 const run_on_cpu_func fn = tlb_check_page_and_flush_by_mmuidx_async_work;
383 target_ulong addr_and_mmu_idx;
384
385 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
386
387 /* This should already be page aligned */
388 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
389 addr_and_mmu_idx |= idxmap;
390
391 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
392 fn(src_cpu, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
393 }
394
395 void tlb_flush_page_by_mmuidx_all_cpus_synced(CPUState *src_cpu,
396 target_ulong addr,
397 uint16_t idxmap)
398 {
399 const run_on_cpu_func fn = tlb_check_page_and_flush_by_mmuidx_async_work;
400 target_ulong addr_and_mmu_idx;
401
402 tlb_debug("addr: "TARGET_FMT_lx" mmu_idx:%"PRIx16"\n", addr, idxmap);
403
404 /* This should already be page aligned */
405 addr_and_mmu_idx = addr & TARGET_PAGE_MASK;
406 addr_and_mmu_idx |= idxmap;
407
408 flush_all_helper(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
409 async_safe_run_on_cpu(src_cpu, fn, RUN_ON_CPU_TARGET_PTR(addr_and_mmu_idx));
410 }
411
412 void tlb_flush_page_all_cpus(CPUState *src, target_ulong addr)
413 {
414 const run_on_cpu_func fn = tlb_flush_page_async_work;
415
416 flush_all_helper(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
417 fn(src, RUN_ON_CPU_TARGET_PTR(addr));
418 }
419
420 void tlb_flush_page_all_cpus_synced(CPUState *src,
421 target_ulong addr)
422 {
423 const run_on_cpu_func fn = tlb_flush_page_async_work;
424
425 flush_all_helper(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
426 async_safe_run_on_cpu(src, fn, RUN_ON_CPU_TARGET_PTR(addr));
427 }
428
429 /* update the TLBs so that writes to code in the virtual page 'addr'
430 can be detected */
431 void tlb_protect_code(ram_addr_t ram_addr)
432 {
433 cpu_physical_memory_test_and_clear_dirty(ram_addr, TARGET_PAGE_SIZE,
434 DIRTY_MEMORY_CODE);
435 }
436
437 /* update the TLB so that writes in physical page 'phys_addr' are no longer
438 tested for self modifying code */
439 void tlb_unprotect_code(ram_addr_t ram_addr)
440 {
441 cpu_physical_memory_set_dirty_flag(ram_addr, DIRTY_MEMORY_CODE);
442 }
443
444
445 /*
446 * Dirty write flag handling
447 *
448 * When the TCG code writes to a location it looks up the address in
449 * the TLB and uses that data to compute the final address. If any of
450 * the lower bits of the address are set then the slow path is forced.
451 * There are a number of reasons to do this but for normal RAM the
452 * most usual is detecting writes to code regions which may invalidate
453 * generated code.
454 *
455 * Because we want other vCPUs to respond to changes straight away we
456 * update the te->addr_write field atomically. If the TLB entry has
457 * been changed by the vCPU in the mean time we skip the update.
458 *
459 * As this function uses atomic accesses we also need to ensure
460 * updates to tlb_entries follow the same access rules. We don't need
461 * to worry about this for oversized guests as MTTCG is disabled for
462 * them.
463 */
464
465 static void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry, uintptr_t start,
466 uintptr_t length)
467 {
468 #if TCG_OVERSIZED_GUEST
469 uintptr_t addr = tlb_entry->addr_write;
470
471 if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
472 addr &= TARGET_PAGE_MASK;
473 addr += tlb_entry->addend;
474 if ((addr - start) < length) {
475 tlb_entry->addr_write |= TLB_NOTDIRTY;
476 }
477 }
478 #else
479 /* paired with atomic_mb_set in tlb_set_page_with_attrs */
480 uintptr_t orig_addr = atomic_mb_read(&tlb_entry->addr_write);
481 uintptr_t addr = orig_addr;
482
483 if ((addr & (TLB_INVALID_MASK | TLB_MMIO | TLB_NOTDIRTY)) == 0) {
484 addr &= TARGET_PAGE_MASK;
485 addr += atomic_read(&tlb_entry->addend);
486 if ((addr - start) < length) {
487 uintptr_t notdirty_addr = orig_addr | TLB_NOTDIRTY;
488 atomic_cmpxchg(&tlb_entry->addr_write, orig_addr, notdirty_addr);
489 }
490 }
491 #endif
492 }
493
494 /* For atomic correctness when running MTTCG we need to use the right
495 * primitives when copying entries */
496 static inline void copy_tlb_helper(CPUTLBEntry *d, CPUTLBEntry *s,
497 bool atomic_set)
498 {
499 #if TCG_OVERSIZED_GUEST
500 *d = *s;
501 #else
502 if (atomic_set) {
503 d->addr_read = s->addr_read;
504 d->addr_code = s->addr_code;
505 atomic_set(&d->addend, atomic_read(&s->addend));
506 /* Pairs with flag setting in tlb_reset_dirty_range */
507 atomic_mb_set(&d->addr_write, atomic_read(&s->addr_write));
508 } else {
509 d->addr_read = s->addr_read;
510 d->addr_write = atomic_read(&s->addr_write);
511 d->addr_code = s->addr_code;
512 d->addend = atomic_read(&s->addend);
513 }
514 #endif
515 }
516
517 /* This is a cross vCPU call (i.e. another vCPU resetting the flags of
518 * the target vCPU). As such care needs to be taken that we don't
519 * dangerously race with another vCPU update. The only thing actually
520 * updated is the target TLB entry ->addr_write flags.
521 */
522 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length)
523 {
524 CPUArchState *env;
525
526 int mmu_idx;
527
528 env = cpu->env_ptr;
529 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
530 unsigned int i;
531
532 for (i = 0; i < CPU_TLB_SIZE; i++) {
533 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
534 start1, length);
535 }
536
537 for (i = 0; i < CPU_VTLB_SIZE; i++) {
538 tlb_reset_dirty_range(&env->tlb_v_table[mmu_idx][i],
539 start1, length);
540 }
541 }
542 }
543
544 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
545 {
546 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY)) {
547 tlb_entry->addr_write = vaddr;
548 }
549 }
550
551 /* update the TLB corresponding to virtual page vaddr
552 so that it is no longer dirty */
553 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr)
554 {
555 CPUArchState *env = cpu->env_ptr;
556 int i;
557 int mmu_idx;
558
559 assert_cpu_is_self(cpu);
560
561 vaddr &= TARGET_PAGE_MASK;
562 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
563 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
564 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
565 }
566
567 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
568 int k;
569 for (k = 0; k < CPU_VTLB_SIZE; k++) {
570 tlb_set_dirty1(&env->tlb_v_table[mmu_idx][k], vaddr);
571 }
572 }
573 }
574
575 /* Our TLB does not support large pages, so remember the area covered by
576 large pages and trigger a full TLB flush if these are invalidated. */
577 static void tlb_add_large_page(CPUArchState *env, target_ulong vaddr,
578 target_ulong size)
579 {
580 target_ulong mask = ~(size - 1);
581
582 if (env->tlb_flush_addr == (target_ulong)-1) {
583 env->tlb_flush_addr = vaddr & mask;
584 env->tlb_flush_mask = mask;
585 return;
586 }
587 /* Extend the existing region to include the new page.
588 This is a compromise between unnecessary flushes and the cost
589 of maintaining a full variable size TLB. */
590 mask &= env->tlb_flush_mask;
591 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
592 mask <<= 1;
593 }
594 env->tlb_flush_addr &= mask;
595 env->tlb_flush_mask = mask;
596 }
597
598 /* Add a new TLB entry. At most one entry for a given virtual address
599 * is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
600 * supplied size is only used by tlb_flush_page.
601 *
602 * Called from TCG-generated code, which is under an RCU read-side
603 * critical section.
604 */
605 void tlb_set_page_with_attrs(CPUState *cpu, target_ulong vaddr,
606 hwaddr paddr, MemTxAttrs attrs, int prot,
607 int mmu_idx, target_ulong size)
608 {
609 CPUArchState *env = cpu->env_ptr;
610 MemoryRegionSection *section;
611 unsigned int index;
612 target_ulong address;
613 target_ulong code_address;
614 uintptr_t addend;
615 CPUTLBEntry *te, *tv, tn;
616 hwaddr iotlb, xlat, sz, paddr_page;
617 target_ulong vaddr_page;
618 unsigned vidx = env->vtlb_index++ % CPU_VTLB_SIZE;
619 int asidx = cpu_asidx_from_attrs(cpu, attrs);
620
621 assert_cpu_is_self(cpu);
622
623 if (size < TARGET_PAGE_SIZE) {
624 sz = TARGET_PAGE_SIZE;
625 } else {
626 if (size > TARGET_PAGE_SIZE) {
627 tlb_add_large_page(env, vaddr, size);
628 }
629 sz = size;
630 }
631 vaddr_page = vaddr & TARGET_PAGE_MASK;
632 paddr_page = paddr & TARGET_PAGE_MASK;
633
634 section = address_space_translate_for_iotlb(cpu, asidx, paddr_page,
635 &xlat, &sz, attrs, &prot);
636 assert(sz >= TARGET_PAGE_SIZE);
637
638 tlb_debug("vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
639 " prot=%x idx=%d\n",
640 vaddr, paddr, prot, mmu_idx);
641
642 address = vaddr_page;
643 if (size < TARGET_PAGE_SIZE) {
644 /*
645 * Slow-path the TLB entries; we will repeat the MMU check and TLB
646 * fill on every access.
647 */
648 address |= TLB_RECHECK;
649 }
650 if (!memory_region_is_ram(section->mr) &&
651 !memory_region_is_romd(section->mr)) {
652 /* IO memory case */
653 address |= TLB_MMIO;
654 addend = 0;
655 } else {
656 /* TLB_MMIO for rom/romd handled below */
657 addend = (uintptr_t)memory_region_get_ram_ptr(section->mr) + xlat;
658 }
659
660 code_address = address;
661 iotlb = memory_region_section_get_iotlb(cpu, section, vaddr_page,
662 paddr_page, xlat, prot, &address);
663
664 index = (vaddr_page >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
665 te = &env->tlb_table[mmu_idx][index];
666 /* do not discard the translation in te, evict it into a victim tlb */
667 tv = &env->tlb_v_table[mmu_idx][vidx];
668
669 /* addr_write can race with tlb_reset_dirty_range */
670 copy_tlb_helper(tv, te, true);
671
672 env->iotlb_v[mmu_idx][vidx] = env->iotlb[mmu_idx][index];
673
674 /* refill the tlb */
675 /*
676 * At this point iotlb contains a physical section number in the lower
677 * TARGET_PAGE_BITS, and either
678 * + the ram_addr_t of the page base of the target RAM (if NOTDIRTY or ROM)
679 * + the offset within section->mr of the page base (otherwise)
680 * We subtract the vaddr_page (which is page aligned and thus won't
681 * disturb the low bits) to give an offset which can be added to the
682 * (non-page-aligned) vaddr of the eventual memory access to get
683 * the MemoryRegion offset for the access. Note that the vaddr we
684 * subtract here is that of the page base, and not the same as the
685 * vaddr we add back in io_readx()/io_writex()/get_page_addr_code().
686 */
687 env->iotlb[mmu_idx][index].addr = iotlb - vaddr_page;
688 env->iotlb[mmu_idx][index].attrs = attrs;
689
690 /* Now calculate the new entry */
691 tn.addend = addend - vaddr_page;
692 if (prot & PAGE_READ) {
693 tn.addr_read = address;
694 } else {
695 tn.addr_read = -1;
696 }
697
698 if (prot & PAGE_EXEC) {
699 tn.addr_code = code_address;
700 } else {
701 tn.addr_code = -1;
702 }
703
704 tn.addr_write = -1;
705 if (prot & PAGE_WRITE) {
706 if ((memory_region_is_ram(section->mr) && section->readonly)
707 || memory_region_is_romd(section->mr)) {
708 /* Write access calls the I/O callback. */
709 tn.addr_write = address | TLB_MMIO;
710 } else if (memory_region_is_ram(section->mr)
711 && cpu_physical_memory_is_clean(
712 memory_region_get_ram_addr(section->mr) + xlat)) {
713 tn.addr_write = address | TLB_NOTDIRTY;
714 } else {
715 tn.addr_write = address;
716 }
717 if (prot & PAGE_WRITE_INV) {
718 tn.addr_write |= TLB_INVALID_MASK;
719 }
720 }
721
722 /* Pairs with flag setting in tlb_reset_dirty_range */
723 copy_tlb_helper(te, &tn, true);
724 /* atomic_mb_set(&te->addr_write, write_address); */
725 }
726
727 /* Add a new TLB entry, but without specifying the memory
728 * transaction attributes to be used.
729 */
730 void tlb_set_page(CPUState *cpu, target_ulong vaddr,
731 hwaddr paddr, int prot,
732 int mmu_idx, target_ulong size)
733 {
734 tlb_set_page_with_attrs(cpu, vaddr, paddr, MEMTXATTRS_UNSPECIFIED,
735 prot, mmu_idx, size);
736 }
737
738 static void report_bad_exec(CPUState *cpu, target_ulong addr)
739 {
740 /* Accidentally executing outside RAM or ROM is quite common for
741 * several user-error situations, so report it in a way that
742 * makes it clear that this isn't a QEMU bug and provide suggestions
743 * about what a user could do to fix things.
744 */
745 error_report("Trying to execute code outside RAM or ROM at 0x"
746 TARGET_FMT_lx, addr);
747 error_printf("This usually means one of the following happened:\n\n"
748 "(1) You told QEMU to execute a kernel for the wrong machine "
749 "type, and it crashed on startup (eg trying to run a "
750 "raspberry pi kernel on a versatilepb QEMU machine)\n"
751 "(2) You didn't give QEMU a kernel or BIOS filename at all, "
752 "and QEMU executed a ROM full of no-op instructions until "
753 "it fell off the end\n"
754 "(3) Your guest kernel has a bug and crashed by jumping "
755 "off into nowhere\n\n"
756 "This is almost always one of the first two, so check your "
757 "command line and that you are using the right type of kernel "
758 "for this machine.\n"
759 "If you think option (3) is likely then you can try debugging "
760 "your guest with the -d debug options; in particular "
761 "-d guest_errors will cause the log to include a dump of the "
762 "guest register state at this point.\n\n"
763 "Execution cannot continue; stopping here.\n\n");
764
765 /* Report also to the logs, with more detail including register dump */
766 qemu_log_mask(LOG_GUEST_ERROR, "qemu: fatal: Trying to execute code "
767 "outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
768 log_cpu_state_mask(LOG_GUEST_ERROR, cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
769 }
770
771 static inline ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
772 {
773 ram_addr_t ram_addr;
774
775 ram_addr = qemu_ram_addr_from_host(ptr);
776 if (ram_addr == RAM_ADDR_INVALID) {
777 error_report("Bad ram pointer %p", ptr);
778 abort();
779 }
780 return ram_addr;
781 }
782
783 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
784 int mmu_idx,
785 target_ulong addr, uintptr_t retaddr,
786 bool recheck, int size)
787 {
788 CPUState *cpu = ENV_GET_CPU(env);
789 hwaddr mr_offset;
790 MemoryRegionSection *section;
791 MemoryRegion *mr;
792 uint64_t val;
793 bool locked = false;
794 MemTxResult r;
795
796 if (recheck) {
797 /*
798 * This is a TLB_RECHECK access, where the MMU protection
799 * covers a smaller range than a target page, and we must
800 * repeat the MMU check here. This tlb_fill() call might
801 * longjump out if this access should cause a guest exception.
802 */
803 int index;
804 target_ulong tlb_addr;
805
806 tlb_fill(cpu, addr, size, MMU_DATA_LOAD, mmu_idx, retaddr);
807
808 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
809 tlb_addr = env->tlb_table[mmu_idx][index].addr_read;
810 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
811 /* RAM access */
812 uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
813
814 return ldn_p((void *)haddr, size);
815 }
816 /* Fall through for handling IO accesses */
817 }
818
819 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
820 mr = section->mr;
821 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
822 cpu->mem_io_pc = retaddr;
823 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
824 cpu_io_recompile(cpu, retaddr);
825 }
826
827 cpu->mem_io_vaddr = addr;
828
829 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
830 qemu_mutex_lock_iothread();
831 locked = true;
832 }
833 r = memory_region_dispatch_read(mr, mr_offset,
834 &val, size, iotlbentry->attrs);
835 if (r != MEMTX_OK) {
836 hwaddr physaddr = mr_offset +
837 section->offset_within_address_space -
838 section->offset_within_region;
839
840 cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_LOAD,
841 mmu_idx, iotlbentry->attrs, r, retaddr);
842 }
843 if (locked) {
844 qemu_mutex_unlock_iothread();
845 }
846
847 return val;
848 }
849
850 static void io_writex(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
851 int mmu_idx,
852 uint64_t val, target_ulong addr,
853 uintptr_t retaddr, bool recheck, int size)
854 {
855 CPUState *cpu = ENV_GET_CPU(env);
856 hwaddr mr_offset;
857 MemoryRegionSection *section;
858 MemoryRegion *mr;
859 bool locked = false;
860 MemTxResult r;
861
862 if (recheck) {
863 /*
864 * This is a TLB_RECHECK access, where the MMU protection
865 * covers a smaller range than a target page, and we must
866 * repeat the MMU check here. This tlb_fill() call might
867 * longjump out if this access should cause a guest exception.
868 */
869 int index;
870 target_ulong tlb_addr;
871
872 tlb_fill(cpu, addr, size, MMU_DATA_STORE, mmu_idx, retaddr);
873
874 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
875 tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
876 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
877 /* RAM access */
878 uintptr_t haddr = addr + env->tlb_table[mmu_idx][index].addend;
879
880 stn_p((void *)haddr, size, val);
881 return;
882 }
883 /* Fall through for handling IO accesses */
884 }
885
886 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
887 mr = section->mr;
888 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
889 if (mr != &io_mem_rom && mr != &io_mem_notdirty && !cpu->can_do_io) {
890 cpu_io_recompile(cpu, retaddr);
891 }
892 cpu->mem_io_vaddr = addr;
893 cpu->mem_io_pc = retaddr;
894
895 if (mr->global_locking && !qemu_mutex_iothread_locked()) {
896 qemu_mutex_lock_iothread();
897 locked = true;
898 }
899 r = memory_region_dispatch_write(mr, mr_offset,
900 val, size, iotlbentry->attrs);
901 if (r != MEMTX_OK) {
902 hwaddr physaddr = mr_offset +
903 section->offset_within_address_space -
904 section->offset_within_region;
905
906 cpu_transaction_failed(cpu, physaddr, addr, size, MMU_DATA_STORE,
907 mmu_idx, iotlbentry->attrs, r, retaddr);
908 }
909 if (locked) {
910 qemu_mutex_unlock_iothread();
911 }
912 }
913
914 /* Return true if ADDR is present in the victim tlb, and has been copied
915 back to the main tlb. */
916 static bool victim_tlb_hit(CPUArchState *env, size_t mmu_idx, size_t index,
917 size_t elt_ofs, target_ulong page)
918 {
919 size_t vidx;
920 for (vidx = 0; vidx < CPU_VTLB_SIZE; ++vidx) {
921 CPUTLBEntry *vtlb = &env->tlb_v_table[mmu_idx][vidx];
922 target_ulong cmp = *(target_ulong *)((uintptr_t)vtlb + elt_ofs);
923
924 if (cmp == page) {
925 /* Found entry in victim tlb, swap tlb and iotlb. */
926 CPUTLBEntry tmptlb, *tlb = &env->tlb_table[mmu_idx][index];
927
928 copy_tlb_helper(&tmptlb, tlb, false);
929 copy_tlb_helper(tlb, vtlb, true);
930 copy_tlb_helper(vtlb, &tmptlb, true);
931
932 CPUIOTLBEntry tmpio, *io = &env->iotlb[mmu_idx][index];
933 CPUIOTLBEntry *vio = &env->iotlb_v[mmu_idx][vidx];
934 tmpio = *io; *io = *vio; *vio = tmpio;
935 return true;
936 }
937 }
938 return false;
939 }
940
941 /* Macro to call the above, with local variables from the use context. */
942 #define VICTIM_TLB_HIT(TY, ADDR) \
943 victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
944 (ADDR) & TARGET_PAGE_MASK)
945
946 /* NOTE: this function can trigger an exception */
947 /* NOTE2: the returned address is not exactly the physical address: it
948 * is actually a ram_addr_t (in system mode; the user mode emulation
949 * version of this function returns a guest virtual address).
950 */
951 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
952 {
953 int mmu_idx, index;
954 void *p;
955 MemoryRegion *mr;
956 MemoryRegionSection *section;
957 CPUState *cpu = ENV_GET_CPU(env);
958 CPUIOTLBEntry *iotlbentry;
959 hwaddr physaddr, mr_offset;
960
961 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
962 mmu_idx = cpu_mmu_index(env, true);
963 if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
964 (addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK)))) {
965 if (!VICTIM_TLB_HIT(addr_read, addr)) {
966 tlb_fill(ENV_GET_CPU(env), addr, 0, MMU_INST_FETCH, mmu_idx, 0);
967 }
968 }
969
970 if (unlikely(env->tlb_table[mmu_idx][index].addr_code & TLB_RECHECK)) {
971 /*
972 * This is a TLB_RECHECK access, where the MMU protection
973 * covers a smaller range than a target page, and we must
974 * repeat the MMU check here. This tlb_fill() call might
975 * longjump out if this access should cause a guest exception.
976 */
977 int index;
978 target_ulong tlb_addr;
979
980 tlb_fill(cpu, addr, 0, MMU_INST_FETCH, mmu_idx, 0);
981
982 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
983 tlb_addr = env->tlb_table[mmu_idx][index].addr_code;
984 if (!(tlb_addr & ~(TARGET_PAGE_MASK | TLB_RECHECK))) {
985 /* RAM access. We can't handle this, so for now just stop */
986 cpu_abort(cpu, "Unable to handle guest executing from RAM within "
987 "a small MPU region at 0x" TARGET_FMT_lx, addr);
988 }
989 /*
990 * Fall through to handle IO accesses (which will almost certainly
991 * also result in failure)
992 */
993 }
994
995 iotlbentry = &env->iotlb[mmu_idx][index];
996 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
997 mr = section->mr;
998 if (memory_region_is_unassigned(mr)) {
999 qemu_mutex_lock_iothread();
1000 if (memory_region_request_mmio_ptr(mr, addr)) {
1001 qemu_mutex_unlock_iothread();
1002 /* A MemoryRegion is potentially added so re-run the
1003 * get_page_addr_code.
1004 */
1005 return get_page_addr_code(env, addr);
1006 }
1007 qemu_mutex_unlock_iothread();
1008
1009 /* Give the new-style cpu_transaction_failed() hook first chance
1010 * to handle this.
1011 * This is not the ideal place to detect and generate CPU
1012 * exceptions for instruction fetch failure (for instance
1013 * we don't know the length of the access that the CPU would
1014 * use, and it would be better to go ahead and try the access
1015 * and use the MemTXResult it produced). However it is the
1016 * simplest place we have currently available for the check.
1017 */
1018 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
1019 physaddr = mr_offset +
1020 section->offset_within_address_space -
1021 section->offset_within_region;
1022 cpu_transaction_failed(cpu, physaddr, addr, 0, MMU_INST_FETCH, mmu_idx,
1023 iotlbentry->attrs, MEMTX_DECODE_ERROR, 0);
1024
1025 cpu_unassigned_access(cpu, addr, false, true, 0, 4);
1026 /* The CPU's unassigned access hook might have longjumped out
1027 * with an exception. If it didn't (or there was no hook) then
1028 * we can't proceed further.
1029 */
1030 report_bad_exec(cpu, addr);
1031 exit(1);
1032 }
1033 p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
1034 return qemu_ram_addr_from_host_nofail(p);
1035 }
1036
1037 /* Probe for whether the specified guest write access is permitted.
1038 * If it is not permitted then an exception will be taken in the same
1039 * way as if this were a real write access (and we will not return).
1040 * Otherwise the function will return, and there will be a valid
1041 * entry in the TLB for this access.
1042 */
1043 void probe_write(CPUArchState *env, target_ulong addr, int size, int mmu_idx,
1044 uintptr_t retaddr)
1045 {
1046 int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1047 target_ulong tlb_addr = env->tlb_table[mmu_idx][index].addr_write;
1048
1049 if ((addr & TARGET_PAGE_MASK)
1050 != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1051 /* TLB entry is for a different page */
1052 if (!VICTIM_TLB_HIT(addr_write, addr)) {
1053 tlb_fill(ENV_GET_CPU(env), addr, size, MMU_DATA_STORE,
1054 mmu_idx, retaddr);
1055 }
1056 }
1057 }
1058
1059 /* Probe for a read-modify-write atomic operation. Do not allow unaligned
1060 * operations, or io operations to proceed. Return the host address. */
1061 static void *atomic_mmu_lookup(CPUArchState *env, target_ulong addr,
1062 TCGMemOpIdx oi, uintptr_t retaddr,
1063 NotDirtyInfo *ndi)
1064 {
1065 size_t mmu_idx = get_mmuidx(oi);
1066 size_t index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1067 CPUTLBEntry *tlbe = &env->tlb_table[mmu_idx][index];
1068 target_ulong tlb_addr = tlbe->addr_write;
1069 TCGMemOp mop = get_memop(oi);
1070 int a_bits = get_alignment_bits(mop);
1071 int s_bits = mop & MO_SIZE;
1072 void *hostaddr;
1073
1074 /* Adjust the given return address. */
1075 retaddr -= GETPC_ADJ;
1076
1077 /* Enforce guest required alignment. */
1078 if (unlikely(a_bits > 0 && (addr & ((1 << a_bits) - 1)))) {
1079 /* ??? Maybe indicate atomic op to cpu_unaligned_access */
1080 cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
1081 mmu_idx, retaddr);
1082 }
1083
1084 /* Enforce qemu required alignment. */
1085 if (unlikely(addr & ((1 << s_bits) - 1))) {
1086 /* We get here if guest alignment was not requested,
1087 or was not enforced by cpu_unaligned_access above.
1088 We might widen the access and emulate, but for now
1089 mark an exception and exit the cpu loop. */
1090 goto stop_the_world;
1091 }
1092
1093 /* Check TLB entry and enforce page permissions. */
1094 if ((addr & TARGET_PAGE_MASK)
1095 != (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1096 if (!VICTIM_TLB_HIT(addr_write, addr)) {
1097 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_STORE,
1098 mmu_idx, retaddr);
1099 }
1100 tlb_addr = tlbe->addr_write & ~TLB_INVALID_MASK;
1101 }
1102
1103 /* Notice an IO access or a needs-MMU-lookup access */
1104 if (unlikely(tlb_addr & (TLB_MMIO | TLB_RECHECK))) {
1105 /* There's really nothing that can be done to
1106 support this apart from stop-the-world. */
1107 goto stop_the_world;
1108 }
1109
1110 /* Let the guest notice RMW on a write-only page. */
1111 if (unlikely(tlbe->addr_read != (tlb_addr & ~TLB_NOTDIRTY))) {
1112 tlb_fill(ENV_GET_CPU(env), addr, 1 << s_bits, MMU_DATA_LOAD,
1113 mmu_idx, retaddr);
1114 /* Since we don't support reads and writes to different addresses,
1115 and we do have the proper page loaded for write, this shouldn't
1116 ever return. But just in case, handle via stop-the-world. */
1117 goto stop_the_world;
1118 }
1119
1120 hostaddr = (void *)((uintptr_t)addr + tlbe->addend);
1121
1122 ndi->active = false;
1123 if (unlikely(tlb_addr & TLB_NOTDIRTY)) {
1124 ndi->active = true;
1125 memory_notdirty_write_prepare(ndi, ENV_GET_CPU(env), addr,
1126 qemu_ram_addr_from_host_nofail(hostaddr),
1127 1 << s_bits);
1128 }
1129
1130 return hostaddr;
1131
1132 stop_the_world:
1133 cpu_loop_exit_atomic(ENV_GET_CPU(env), retaddr);
1134 }
1135
1136 #ifdef TARGET_WORDS_BIGENDIAN
1137 # define TGT_BE(X) (X)
1138 # define TGT_LE(X) BSWAP(X)
1139 #else
1140 # define TGT_BE(X) BSWAP(X)
1141 # define TGT_LE(X) (X)
1142 #endif
1143
1144 #define MMUSUFFIX _mmu
1145
1146 #define DATA_SIZE 1
1147 #include "softmmu_template.h"
1148
1149 #define DATA_SIZE 2
1150 #include "softmmu_template.h"
1151
1152 #define DATA_SIZE 4
1153 #include "softmmu_template.h"
1154
1155 #define DATA_SIZE 8
1156 #include "softmmu_template.h"
1157
1158 /* First set of helpers allows passing in of OI and RETADDR. This makes
1159 them callable from other helpers. */
1160
1161 #define EXTRA_ARGS , TCGMemOpIdx oi, uintptr_t retaddr
1162 #define ATOMIC_NAME(X) \
1163 HELPER(glue(glue(glue(atomic_ ## X, SUFFIX), END), _mmu))
1164 #define ATOMIC_MMU_DECLS NotDirtyInfo ndi
1165 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, retaddr, &ndi)
1166 #define ATOMIC_MMU_CLEANUP \
1167 do { \
1168 if (unlikely(ndi.active)) { \
1169 memory_notdirty_write_complete(&ndi); \
1170 } \
1171 } while (0)
1172
1173 #define DATA_SIZE 1
1174 #include "atomic_template.h"
1175
1176 #define DATA_SIZE 2
1177 #include "atomic_template.h"
1178
1179 #define DATA_SIZE 4
1180 #include "atomic_template.h"
1181
1182 #ifdef CONFIG_ATOMIC64
1183 #define DATA_SIZE 8
1184 #include "atomic_template.h"
1185 #endif
1186
1187 #ifdef CONFIG_ATOMIC128
1188 #define DATA_SIZE 16
1189 #include "atomic_template.h"
1190 #endif
1191
1192 /* Second set of helpers are directly callable from TCG as helpers. */
1193
1194 #undef EXTRA_ARGS
1195 #undef ATOMIC_NAME
1196 #undef ATOMIC_MMU_LOOKUP
1197 #define EXTRA_ARGS , TCGMemOpIdx oi
1198 #define ATOMIC_NAME(X) HELPER(glue(glue(atomic_ ## X, SUFFIX), END))
1199 #define ATOMIC_MMU_LOOKUP atomic_mmu_lookup(env, addr, oi, GETPC(), &ndi)
1200
1201 #define DATA_SIZE 1
1202 #include "atomic_template.h"
1203
1204 #define DATA_SIZE 2
1205 #include "atomic_template.h"
1206
1207 #define DATA_SIZE 4
1208 #include "atomic_template.h"
1209
1210 #ifdef CONFIG_ATOMIC64
1211 #define DATA_SIZE 8
1212 #include "atomic_template.h"
1213 #endif
1214
1215 /* Code access functions. */
1216
1217 #undef MMUSUFFIX
1218 #define MMUSUFFIX _cmmu
1219 #undef GETPC
1220 #define GETPC() ((uintptr_t)0)
1221 #define SOFTMMU_CODE_ACCESS
1222
1223 #define DATA_SIZE 1
1224 #include "softmmu_template.h"
1225
1226 #define DATA_SIZE 2
1227 #include "softmmu_template.h"
1228
1229 #define DATA_SIZE 4
1230 #include "softmmu_template.h"
1231
1232 #define DATA_SIZE 8
1233 #include "softmmu_template.h"
QEMU mirror