]> git.proxmox.com Git - qemu.git/blob - exec.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
sun4u: give ISA bus to ISA methods
[qemu.git] / exec.c
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "osdep.h"
33 #include "kvm.h"
34 #include "hw/xen.h"
35 #include "qemu-timer.h"
36 #include "memory.h"
37 #include "exec-memory.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include <qemu.h>
40 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41 #include <sys/param.h>
42 #if __FreeBSD_version >= 700104
43 #define HAVE_KINFO_GETVMMAP
44 #define sigqueue sigqueue_freebsd /* avoid redefinition */
45 #include <sys/time.h>
46 #include <sys/proc.h>
47 #include <machine/profile.h>
48 #define _KERNEL
49 #include <sys/user.h>
50 #undef _KERNEL
51 #undef sigqueue
52 #include <libutil.h>
53 #endif
54 #endif
55 #else /* !CONFIG_USER_ONLY */
56 #include "xen-mapcache.h"
57 #include "trace.h"
58 #endif
59
60 #define WANT_EXEC_OBSOLETE
61 #include "exec-obsolete.h"
62
63 //#define DEBUG_TB_INVALIDATE
64 //#define DEBUG_FLUSH
65 //#define DEBUG_TLB
66 //#define DEBUG_UNASSIGNED
67
68 /* make various TB consistency checks */
69 //#define DEBUG_TB_CHECK
70 //#define DEBUG_TLB_CHECK
71
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
74
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
77 #undef DEBUG_TB_CHECK
78 #endif
79
80 #define SMC_BITMAP_USE_THRESHOLD 10
81
82 static TranslationBlock *tbs;
83 static int code_gen_max_blocks;
84 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
85 static int nb_tbs;
86 /* any access to the tbs or the page table must use this lock */
87 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
88
89 #if defined(__arm__) || defined(__sparc_v9__)
90 /* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
92 section close to code segment. */
93 #define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
96 #elif defined(_WIN32)
97 /* Maximum alignment for Win32 is 16. */
98 #define code_gen_section \
99 __attribute__((aligned (16)))
100 #else
101 #define code_gen_section \
102 __attribute__((aligned (32)))
103 #endif
104
105 uint8_t code_gen_prologue[1024] code_gen_section;
106 static uint8_t *code_gen_buffer;
107 static unsigned long code_gen_buffer_size;
108 /* threshold to flush the translated code buffer */
109 static unsigned long code_gen_buffer_max_size;
110 static uint8_t *code_gen_ptr;
111
112 #if !defined(CONFIG_USER_ONLY)
113 int phys_ram_fd;
114 static int in_migration;
115
116 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
117
118 static MemoryRegion *system_memory;
119 static MemoryRegion *system_io;
120
121 #endif
122
123 CPUState *first_cpu;
124 /* current CPU in the current thread. It is only valid inside
125 cpu_exec() */
126 DEFINE_TLS(CPUState *,cpu_single_env);
127 /* 0 = Do not count executed instructions.
128 1 = Precise instruction counting.
129 2 = Adaptive rate instruction counting. */
130 int use_icount = 0;
131
132 typedef struct PageDesc {
133 /* list of TBs intersecting this ram page */
134 TranslationBlock *first_tb;
135 /* in order to optimize self modifying code, we count the number
136 of lookups we do to a given page to use a bitmap */
137 unsigned int code_write_count;
138 uint8_t *code_bitmap;
139 #if defined(CONFIG_USER_ONLY)
140 unsigned long flags;
141 #endif
142 } PageDesc;
143
144 /* In system mode we want L1_MAP to be based on ram offsets,
145 while in user mode we want it to be based on virtual addresses. */
146 #if !defined(CONFIG_USER_ONLY)
147 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
148 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
149 #else
150 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
151 #endif
152 #else
153 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
154 #endif
155
156 /* Size of the L2 (and L3, etc) page tables. */
157 #define L2_BITS 10
158 #define L2_SIZE (1 << L2_BITS)
159
160 /* The bits remaining after N lower levels of page tables. */
161 #define P_L1_BITS_REM \
162 ((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
163 #define V_L1_BITS_REM \
164 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
165
166 /* Size of the L1 page table. Avoid silly small sizes. */
167 #if P_L1_BITS_REM < 4
168 #define P_L1_BITS (P_L1_BITS_REM + L2_BITS)
169 #else
170 #define P_L1_BITS P_L1_BITS_REM
171 #endif
172
173 #if V_L1_BITS_REM < 4
174 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
175 #else
176 #define V_L1_BITS V_L1_BITS_REM
177 #endif
178
179 #define P_L1_SIZE ((target_phys_addr_t)1 << P_L1_BITS)
180 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
181
182 #define P_L1_SHIFT (TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - P_L1_BITS)
183 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
184
185 unsigned long qemu_real_host_page_size;
186 unsigned long qemu_host_page_size;
187 unsigned long qemu_host_page_mask;
188
189 /* This is a multi-level map on the virtual address space.
190 The bottom level has pointers to PageDesc. */
191 static void *l1_map[V_L1_SIZE];
192
193 #if !defined(CONFIG_USER_ONLY)
194 typedef struct PhysPageDesc {
195 /* offset in host memory of the page + io_index in the low bits */
196 ram_addr_t phys_offset;
197 ram_addr_t region_offset;
198 } PhysPageDesc;
199
200 /* This is a multi-level map on the physical address space.
201 The bottom level has pointers to PhysPageDesc. */
202 static void *l1_phys_map[P_L1_SIZE];
203
204 static void io_mem_init(void);
205 static void memory_map_init(void);
206
207 /* io memory support */
208 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
209 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
210 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
211 static char io_mem_used[IO_MEM_NB_ENTRIES];
212 static int io_mem_watch;
213 #endif
214
215 /* log support */
216 #ifdef WIN32
217 static const char *logfilename = "qemu.log";
218 #else
219 static const char *logfilename = "/tmp/qemu.log";
220 #endif
221 FILE *logfile;
222 int loglevel;
223 static int log_append = 0;
224
225 /* statistics */
226 #if !defined(CONFIG_USER_ONLY)
227 static int tlb_flush_count;
228 #endif
229 static int tb_flush_count;
230 static int tb_phys_invalidate_count;
231
232 #ifdef _WIN32
233 static void map_exec(void *addr, long size)
234 {
235 DWORD old_protect;
236 VirtualProtect(addr, size,
237 PAGE_EXECUTE_READWRITE, &old_protect);
238
239 }
240 #else
241 static void map_exec(void *addr, long size)
242 {
243 unsigned long start, end, page_size;
244
245 page_size = getpagesize();
246 start = (unsigned long)addr;
247 start &= ~(page_size - 1);
248
249 end = (unsigned long)addr + size;
250 end += page_size - 1;
251 end &= ~(page_size - 1);
252
253 mprotect((void *)start, end - start,
254 PROT_READ | PROT_WRITE | PROT_EXEC);
255 }
256 #endif
257
258 static void page_init(void)
259 {
260 /* NOTE: we can always suppose that qemu_host_page_size >=
261 TARGET_PAGE_SIZE */
262 #ifdef _WIN32
263 {
264 SYSTEM_INFO system_info;
265
266 GetSystemInfo(&system_info);
267 qemu_real_host_page_size = system_info.dwPageSize;
268 }
269 #else
270 qemu_real_host_page_size = getpagesize();
271 #endif
272 if (qemu_host_page_size == 0)
273 qemu_host_page_size = qemu_real_host_page_size;
274 if (qemu_host_page_size < TARGET_PAGE_SIZE)
275 qemu_host_page_size = TARGET_PAGE_SIZE;
276 qemu_host_page_mask = ~(qemu_host_page_size - 1);
277
278 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
279 {
280 #ifdef HAVE_KINFO_GETVMMAP
281 struct kinfo_vmentry *freep;
282 int i, cnt;
283
284 freep = kinfo_getvmmap(getpid(), &cnt);
285 if (freep) {
286 mmap_lock();
287 for (i = 0; i < cnt; i++) {
288 unsigned long startaddr, endaddr;
289
290 startaddr = freep[i].kve_start;
291 endaddr = freep[i].kve_end;
292 if (h2g_valid(startaddr)) {
293 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
294
295 if (h2g_valid(endaddr)) {
296 endaddr = h2g(endaddr);
297 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
298 } else {
299 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
300 endaddr = ~0ul;
301 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
302 #endif
303 }
304 }
305 }
306 free(freep);
307 mmap_unlock();
308 }
309 #else
310 FILE *f;
311
312 last_brk = (unsigned long)sbrk(0);
313
314 f = fopen("/compat/linux/proc/self/maps", "r");
315 if (f) {
316 mmap_lock();
317
318 do {
319 unsigned long startaddr, endaddr;
320 int n;
321
322 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
323
324 if (n == 2 && h2g_valid(startaddr)) {
325 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
326
327 if (h2g_valid(endaddr)) {
328 endaddr = h2g(endaddr);
329 } else {
330 endaddr = ~0ul;
331 }
332 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
333 }
334 } while (!feof(f));
335
336 fclose(f);
337 mmap_unlock();
338 }
339 #endif
340 }
341 #endif
342 }
343
344 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
345 {
346 PageDesc *pd;
347 void **lp;
348 int i;
349
350 #if defined(CONFIG_USER_ONLY)
351 /* We can't use g_malloc because it may recurse into a locked mutex. */
352 # define ALLOC(P, SIZE) \
353 do { \
354 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
355 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
356 } while (0)
357 #else
358 # define ALLOC(P, SIZE) \
359 do { P = g_malloc0(SIZE); } while (0)
360 #endif
361
362 /* Level 1. Always allocated. */
363 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
364
365 /* Level 2..N-1. */
366 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
367 void **p = *lp;
368
369 if (p == NULL) {
370 if (!alloc) {
371 return NULL;
372 }
373 ALLOC(p, sizeof(void *) * L2_SIZE);
374 *lp = p;
375 }
376
377 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
378 }
379
380 pd = *lp;
381 if (pd == NULL) {
382 if (!alloc) {
383 return NULL;
384 }
385 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
386 *lp = pd;
387 }
388
389 #undef ALLOC
390
391 return pd + (index & (L2_SIZE - 1));
392 }
393
394 static inline PageDesc *page_find(tb_page_addr_t index)
395 {
396 return page_find_alloc(index, 0);
397 }
398
399 #if !defined(CONFIG_USER_ONLY)
400 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
401 {
402 PhysPageDesc *pd;
403 void **lp;
404 int i;
405
406 /* Level 1. Always allocated. */
407 lp = l1_phys_map + ((index >> P_L1_SHIFT) & (P_L1_SIZE - 1));
408
409 /* Level 2..N-1. */
410 for (i = P_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
411 void **p = *lp;
412 if (p == NULL) {
413 if (!alloc) {
414 return NULL;
415 }
416 *lp = p = g_malloc0(sizeof(void *) * L2_SIZE);
417 }
418 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
419 }
420
421 pd = *lp;
422 if (pd == NULL) {
423 int i;
424 int first_index = index & ~(L2_SIZE - 1);
425
426 if (!alloc) {
427 return NULL;
428 }
429
430 *lp = pd = g_malloc(sizeof(PhysPageDesc) * L2_SIZE);
431
432 for (i = 0; i < L2_SIZE; i++) {
433 pd[i].phys_offset = IO_MEM_UNASSIGNED;
434 pd[i].region_offset = (first_index + i) << TARGET_PAGE_BITS;
435 }
436 }
437
438 return pd + (index & (L2_SIZE - 1));
439 }
440
441 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
442 {
443 return phys_page_find_alloc(index, 0);
444 }
445
446 static void tlb_protect_code(ram_addr_t ram_addr);
447 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
448 target_ulong vaddr);
449 #define mmap_lock() do { } while(0)
450 #define mmap_unlock() do { } while(0)
451 #endif
452
453 #define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
454
455 #if defined(CONFIG_USER_ONLY)
456 /* Currently it is not recommended to allocate big chunks of data in
457 user mode. It will change when a dedicated libc will be used */
458 #define USE_STATIC_CODE_GEN_BUFFER
459 #endif
460
461 #ifdef USE_STATIC_CODE_GEN_BUFFER
462 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
463 __attribute__((aligned (CODE_GEN_ALIGN)));
464 #endif
465
466 static void code_gen_alloc(unsigned long tb_size)
467 {
468 #ifdef USE_STATIC_CODE_GEN_BUFFER
469 code_gen_buffer = static_code_gen_buffer;
470 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
471 map_exec(code_gen_buffer, code_gen_buffer_size);
472 #else
473 code_gen_buffer_size = tb_size;
474 if (code_gen_buffer_size == 0) {
475 #if defined(CONFIG_USER_ONLY)
476 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
477 #else
478 /* XXX: needs adjustments */
479 code_gen_buffer_size = (unsigned long)(ram_size / 4);
480 #endif
481 }
482 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
483 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
484 /* The code gen buffer location may have constraints depending on
485 the host cpu and OS */
486 #if defined(__linux__)
487 {
488 int flags;
489 void *start = NULL;
490
491 flags = MAP_PRIVATE | MAP_ANONYMOUS;
492 #if defined(__x86_64__)
493 flags |= MAP_32BIT;
494 /* Cannot map more than that */
495 if (code_gen_buffer_size > (800 * 1024 * 1024))
496 code_gen_buffer_size = (800 * 1024 * 1024);
497 #elif defined(__sparc_v9__)
498 // Map the buffer below 2G, so we can use direct calls and branches
499 flags |= MAP_FIXED;
500 start = (void *) 0x60000000UL;
501 if (code_gen_buffer_size > (512 * 1024 * 1024))
502 code_gen_buffer_size = (512 * 1024 * 1024);
503 #elif defined(__arm__)
504 /* Keep the buffer no bigger than 16GB to branch between blocks */
505 if (code_gen_buffer_size > 16 * 1024 * 1024)
506 code_gen_buffer_size = 16 * 1024 * 1024;
507 #elif defined(__s390x__)
508 /* Map the buffer so that we can use direct calls and branches. */
509 /* We have a +- 4GB range on the branches; leave some slop. */
510 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
511 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
512 }
513 start = (void *)0x90000000UL;
514 #endif
515 code_gen_buffer = mmap(start, code_gen_buffer_size,
516 PROT_WRITE | PROT_READ | PROT_EXEC,
517 flags, -1, 0);
518 if (code_gen_buffer == MAP_FAILED) {
519 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
520 exit(1);
521 }
522 }
523 #elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
524 || defined(__DragonFly__) || defined(__OpenBSD__) \
525 || defined(__NetBSD__)
526 {
527 int flags;
528 void *addr = NULL;
529 flags = MAP_PRIVATE | MAP_ANONYMOUS;
530 #if defined(__x86_64__)
531 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
532 * 0x40000000 is free */
533 flags |= MAP_FIXED;
534 addr = (void *)0x40000000;
535 /* Cannot map more than that */
536 if (code_gen_buffer_size > (800 * 1024 * 1024))
537 code_gen_buffer_size = (800 * 1024 * 1024);
538 #elif defined(__sparc_v9__)
539 // Map the buffer below 2G, so we can use direct calls and branches
540 flags |= MAP_FIXED;
541 addr = (void *) 0x60000000UL;
542 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
543 code_gen_buffer_size = (512 * 1024 * 1024);
544 }
545 #endif
546 code_gen_buffer = mmap(addr, code_gen_buffer_size,
547 PROT_WRITE | PROT_READ | PROT_EXEC,
548 flags, -1, 0);
549 if (code_gen_buffer == MAP_FAILED) {
550 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
551 exit(1);
552 }
553 }
554 #else
555 code_gen_buffer = g_malloc(code_gen_buffer_size);
556 map_exec(code_gen_buffer, code_gen_buffer_size);
557 #endif
558 #endif /* !USE_STATIC_CODE_GEN_BUFFER */
559 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
560 code_gen_buffer_max_size = code_gen_buffer_size -
561 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
562 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
563 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
564 }
565
566 /* Must be called before using the QEMU cpus. 'tb_size' is the size
567 (in bytes) allocated to the translation buffer. Zero means default
568 size. */
569 void tcg_exec_init(unsigned long tb_size)
570 {
571 cpu_gen_init();
572 code_gen_alloc(tb_size);
573 code_gen_ptr = code_gen_buffer;
574 page_init();
575 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
576 /* There's no guest base to take into account, so go ahead and
577 initialize the prologue now. */
578 tcg_prologue_init(&tcg_ctx);
579 #endif
580 }
581
582 bool tcg_enabled(void)
583 {
584 return code_gen_buffer != NULL;
585 }
586
587 void cpu_exec_init_all(void)
588 {
589 #if !defined(CONFIG_USER_ONLY)
590 memory_map_init();
591 io_mem_init();
592 #endif
593 }
594
595 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
596
597 static int cpu_common_post_load(void *opaque, int version_id)
598 {
599 CPUState *env = opaque;
600
601 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
602 version_id is increased. */
603 env->interrupt_request &= ~0x01;
604 tlb_flush(env, 1);
605
606 return 0;
607 }
608
609 static const VMStateDescription vmstate_cpu_common = {
610 .name = "cpu_common",
611 .version_id = 1,
612 .minimum_version_id = 1,
613 .minimum_version_id_old = 1,
614 .post_load = cpu_common_post_load,
615 .fields = (VMStateField []) {
616 VMSTATE_UINT32(halted, CPUState),
617 VMSTATE_UINT32(interrupt_request, CPUState),
618 VMSTATE_END_OF_LIST()
619 }
620 };
621 #endif
622
623 CPUState *qemu_get_cpu(int cpu)
624 {
625 CPUState *env = first_cpu;
626
627 while (env) {
628 if (env->cpu_index == cpu)
629 break;
630 env = env->next_cpu;
631 }
632
633 return env;
634 }
635
636 void cpu_exec_init(CPUState *env)
637 {
638 CPUState **penv;
639 int cpu_index;
640
641 #if defined(CONFIG_USER_ONLY)
642 cpu_list_lock();
643 #endif
644 env->next_cpu = NULL;
645 penv = &first_cpu;
646 cpu_index = 0;
647 while (*penv != NULL) {
648 penv = &(*penv)->next_cpu;
649 cpu_index++;
650 }
651 env->cpu_index = cpu_index;
652 env->numa_node = 0;
653 QTAILQ_INIT(&env->breakpoints);
654 QTAILQ_INIT(&env->watchpoints);
655 #ifndef CONFIG_USER_ONLY
656 env->thread_id = qemu_get_thread_id();
657 #endif
658 *penv = env;
659 #if defined(CONFIG_USER_ONLY)
660 cpu_list_unlock();
661 #endif
662 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
663 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
664 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
665 cpu_save, cpu_load, env);
666 #endif
667 }
668
669 /* Allocate a new translation block. Flush the translation buffer if
670 too many translation blocks or too much generated code. */
671 static TranslationBlock *tb_alloc(target_ulong pc)
672 {
673 TranslationBlock *tb;
674
675 if (nb_tbs >= code_gen_max_blocks ||
676 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
677 return NULL;
678 tb = &tbs[nb_tbs++];
679 tb->pc = pc;
680 tb->cflags = 0;
681 return tb;
682 }
683
684 void tb_free(TranslationBlock *tb)
685 {
686 /* In practice this is mostly used for single use temporary TB
687 Ignore the hard cases and just back up if this TB happens to
688 be the last one generated. */
689 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
690 code_gen_ptr = tb->tc_ptr;
691 nb_tbs--;
692 }
693 }
694
695 static inline void invalidate_page_bitmap(PageDesc *p)
696 {
697 if (p->code_bitmap) {
698 g_free(p->code_bitmap);
699 p->code_bitmap = NULL;
700 }
701 p->code_write_count = 0;
702 }
703
704 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
705
706 static void page_flush_tb_1 (int level, void **lp)
707 {
708 int i;
709
710 if (*lp == NULL) {
711 return;
712 }
713 if (level == 0) {
714 PageDesc *pd = *lp;
715 for (i = 0; i < L2_SIZE; ++i) {
716 pd[i].first_tb = NULL;
717 invalidate_page_bitmap(pd + i);
718 }
719 } else {
720 void **pp = *lp;
721 for (i = 0; i < L2_SIZE; ++i) {
722 page_flush_tb_1 (level - 1, pp + i);
723 }
724 }
725 }
726
727 static void page_flush_tb(void)
728 {
729 int i;
730 for (i = 0; i < V_L1_SIZE; i++) {
731 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
732 }
733 }
734
735 /* flush all the translation blocks */
736 /* XXX: tb_flush is currently not thread safe */
737 void tb_flush(CPUState *env1)
738 {
739 CPUState *env;
740 #if defined(DEBUG_FLUSH)
741 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
742 (unsigned long)(code_gen_ptr - code_gen_buffer),
743 nb_tbs, nb_tbs > 0 ?
744 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
745 #endif
746 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
747 cpu_abort(env1, "Internal error: code buffer overflow\n");
748
749 nb_tbs = 0;
750
751 for(env = first_cpu; env != NULL; env = env->next_cpu) {
752 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
753 }
754
755 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
756 page_flush_tb();
757
758 code_gen_ptr = code_gen_buffer;
759 /* XXX: flush processor icache at this point if cache flush is
760 expensive */
761 tb_flush_count++;
762 }
763
764 #ifdef DEBUG_TB_CHECK
765
766 static void tb_invalidate_check(target_ulong address)
767 {
768 TranslationBlock *tb;
769 int i;
770 address &= TARGET_PAGE_MASK;
771 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
772 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
773 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
774 address >= tb->pc + tb->size)) {
775 printf("ERROR invalidate: address=" TARGET_FMT_lx
776 " PC=%08lx size=%04x\n",
777 address, (long)tb->pc, tb->size);
778 }
779 }
780 }
781 }
782
783 /* verify that all the pages have correct rights for code */
784 static void tb_page_check(void)
785 {
786 TranslationBlock *tb;
787 int i, flags1, flags2;
788
789 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
790 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
791 flags1 = page_get_flags(tb->pc);
792 flags2 = page_get_flags(tb->pc + tb->size - 1);
793 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
794 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
795 (long)tb->pc, tb->size, flags1, flags2);
796 }
797 }
798 }
799 }
800
801 #endif
802
803 /* invalidate one TB */
804 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
805 int next_offset)
806 {
807 TranslationBlock *tb1;
808 for(;;) {
809 tb1 = *ptb;
810 if (tb1 == tb) {
811 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
812 break;
813 }
814 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
815 }
816 }
817
818 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
819 {
820 TranslationBlock *tb1;
821 unsigned int n1;
822
823 for(;;) {
824 tb1 = *ptb;
825 n1 = (long)tb1 & 3;
826 tb1 = (TranslationBlock *)((long)tb1 & ~3);
827 if (tb1 == tb) {
828 *ptb = tb1->page_next[n1];
829 break;
830 }
831 ptb = &tb1->page_next[n1];
832 }
833 }
834
835 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
836 {
837 TranslationBlock *tb1, **ptb;
838 unsigned int n1;
839
840 ptb = &tb->jmp_next[n];
841 tb1 = *ptb;
842 if (tb1) {
843 /* find tb(n) in circular list */
844 for(;;) {
845 tb1 = *ptb;
846 n1 = (long)tb1 & 3;
847 tb1 = (TranslationBlock *)((long)tb1 & ~3);
848 if (n1 == n && tb1 == tb)
849 break;
850 if (n1 == 2) {
851 ptb = &tb1->jmp_first;
852 } else {
853 ptb = &tb1->jmp_next[n1];
854 }
855 }
856 /* now we can suppress tb(n) from the list */
857 *ptb = tb->jmp_next[n];
858
859 tb->jmp_next[n] = NULL;
860 }
861 }
862
863 /* reset the jump entry 'n' of a TB so that it is not chained to
864 another TB */
865 static inline void tb_reset_jump(TranslationBlock *tb, int n)
866 {
867 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
868 }
869
870 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
871 {
872 CPUState *env;
873 PageDesc *p;
874 unsigned int h, n1;
875 tb_page_addr_t phys_pc;
876 TranslationBlock *tb1, *tb2;
877
878 /* remove the TB from the hash list */
879 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
880 h = tb_phys_hash_func(phys_pc);
881 tb_remove(&tb_phys_hash[h], tb,
882 offsetof(TranslationBlock, phys_hash_next));
883
884 /* remove the TB from the page list */
885 if (tb->page_addr[0] != page_addr) {
886 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
887 tb_page_remove(&p->first_tb, tb);
888 invalidate_page_bitmap(p);
889 }
890 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
891 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
892 tb_page_remove(&p->first_tb, tb);
893 invalidate_page_bitmap(p);
894 }
895
896 tb_invalidated_flag = 1;
897
898 /* remove the TB from the hash list */
899 h = tb_jmp_cache_hash_func(tb->pc);
900 for(env = first_cpu; env != NULL; env = env->next_cpu) {
901 if (env->tb_jmp_cache[h] == tb)
902 env->tb_jmp_cache[h] = NULL;
903 }
904
905 /* suppress this TB from the two jump lists */
906 tb_jmp_remove(tb, 0);
907 tb_jmp_remove(tb, 1);
908
909 /* suppress any remaining jumps to this TB */
910 tb1 = tb->jmp_first;
911 for(;;) {
912 n1 = (long)tb1 & 3;
913 if (n1 == 2)
914 break;
915 tb1 = (TranslationBlock *)((long)tb1 & ~3);
916 tb2 = tb1->jmp_next[n1];
917 tb_reset_jump(tb1, n1);
918 tb1->jmp_next[n1] = NULL;
919 tb1 = tb2;
920 }
921 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
922
923 tb_phys_invalidate_count++;
924 }
925
926 static inline void set_bits(uint8_t *tab, int start, int len)
927 {
928 int end, mask, end1;
929
930 end = start + len;
931 tab += start >> 3;
932 mask = 0xff << (start & 7);
933 if ((start & ~7) == (end & ~7)) {
934 if (start < end) {
935 mask &= ~(0xff << (end & 7));
936 *tab |= mask;
937 }
938 } else {
939 *tab++ |= mask;
940 start = (start + 8) & ~7;
941 end1 = end & ~7;
942 while (start < end1) {
943 *tab++ = 0xff;
944 start += 8;
945 }
946 if (start < end) {
947 mask = ~(0xff << (end & 7));
948 *tab |= mask;
949 }
950 }
951 }
952
953 static void build_page_bitmap(PageDesc *p)
954 {
955 int n, tb_start, tb_end;
956 TranslationBlock *tb;
957
958 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
959
960 tb = p->first_tb;
961 while (tb != NULL) {
962 n = (long)tb & 3;
963 tb = (TranslationBlock *)((long)tb & ~3);
964 /* NOTE: this is subtle as a TB may span two physical pages */
965 if (n == 0) {
966 /* NOTE: tb_end may be after the end of the page, but
967 it is not a problem */
968 tb_start = tb->pc & ~TARGET_PAGE_MASK;
969 tb_end = tb_start + tb->size;
970 if (tb_end > TARGET_PAGE_SIZE)
971 tb_end = TARGET_PAGE_SIZE;
972 } else {
973 tb_start = 0;
974 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
975 }
976 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
977 tb = tb->page_next[n];
978 }
979 }
980
981 TranslationBlock *tb_gen_code(CPUState *env,
982 target_ulong pc, target_ulong cs_base,
983 int flags, int cflags)
984 {
985 TranslationBlock *tb;
986 uint8_t *tc_ptr;
987 tb_page_addr_t phys_pc, phys_page2;
988 target_ulong virt_page2;
989 int code_gen_size;
990
991 phys_pc = get_page_addr_code(env, pc);
992 tb = tb_alloc(pc);
993 if (!tb) {
994 /* flush must be done */
995 tb_flush(env);
996 /* cannot fail at this point */
997 tb = tb_alloc(pc);
998 /* Don't forget to invalidate previous TB info. */
999 tb_invalidated_flag = 1;
1000 }
1001 tc_ptr = code_gen_ptr;
1002 tb->tc_ptr = tc_ptr;
1003 tb->cs_base = cs_base;
1004 tb->flags = flags;
1005 tb->cflags = cflags;
1006 cpu_gen_code(env, tb, &code_gen_size);
1007 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1008
1009 /* check next page if needed */
1010 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1011 phys_page2 = -1;
1012 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1013 phys_page2 = get_page_addr_code(env, virt_page2);
1014 }
1015 tb_link_page(tb, phys_pc, phys_page2);
1016 return tb;
1017 }
1018
1019 /* invalidate all TBs which intersect with the target physical page
1020 starting in range [start;end[. NOTE: start and end must refer to
1021 the same physical page. 'is_cpu_write_access' should be true if called
1022 from a real cpu write access: the virtual CPU will exit the current
1023 TB if code is modified inside this TB. */
1024 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1025 int is_cpu_write_access)
1026 {
1027 TranslationBlock *tb, *tb_next, *saved_tb;
1028 CPUState *env = cpu_single_env;
1029 tb_page_addr_t tb_start, tb_end;
1030 PageDesc *p;
1031 int n;
1032 #ifdef TARGET_HAS_PRECISE_SMC
1033 int current_tb_not_found = is_cpu_write_access;
1034 TranslationBlock *current_tb = NULL;
1035 int current_tb_modified = 0;
1036 target_ulong current_pc = 0;
1037 target_ulong current_cs_base = 0;
1038 int current_flags = 0;
1039 #endif /* TARGET_HAS_PRECISE_SMC */
1040
1041 p = page_find(start >> TARGET_PAGE_BITS);
1042 if (!p)
1043 return;
1044 if (!p->code_bitmap &&
1045 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1046 is_cpu_write_access) {
1047 /* build code bitmap */
1048 build_page_bitmap(p);
1049 }
1050
1051 /* we remove all the TBs in the range [start, end[ */
1052 /* XXX: see if in some cases it could be faster to invalidate all the code */
1053 tb = p->first_tb;
1054 while (tb != NULL) {
1055 n = (long)tb & 3;
1056 tb = (TranslationBlock *)((long)tb & ~3);
1057 tb_next = tb->page_next[n];
1058 /* NOTE: this is subtle as a TB may span two physical pages */
1059 if (n == 0) {
1060 /* NOTE: tb_end may be after the end of the page, but
1061 it is not a problem */
1062 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1063 tb_end = tb_start + tb->size;
1064 } else {
1065 tb_start = tb->page_addr[1];
1066 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1067 }
1068 if (!(tb_end <= start || tb_start >= end)) {
1069 #ifdef TARGET_HAS_PRECISE_SMC
1070 if (current_tb_not_found) {
1071 current_tb_not_found = 0;
1072 current_tb = NULL;
1073 if (env->mem_io_pc) {
1074 /* now we have a real cpu fault */
1075 current_tb = tb_find_pc(env->mem_io_pc);
1076 }
1077 }
1078 if (current_tb == tb &&
1079 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1080 /* If we are modifying the current TB, we must stop
1081 its execution. We could be more precise by checking
1082 that the modification is after the current PC, but it
1083 would require a specialized function to partially
1084 restore the CPU state */
1085
1086 current_tb_modified = 1;
1087 cpu_restore_state(current_tb, env, env->mem_io_pc);
1088 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1089 &current_flags);
1090 }
1091 #endif /* TARGET_HAS_PRECISE_SMC */
1092 /* we need to do that to handle the case where a signal
1093 occurs while doing tb_phys_invalidate() */
1094 saved_tb = NULL;
1095 if (env) {
1096 saved_tb = env->current_tb;
1097 env->current_tb = NULL;
1098 }
1099 tb_phys_invalidate(tb, -1);
1100 if (env) {
1101 env->current_tb = saved_tb;
1102 if (env->interrupt_request && env->current_tb)
1103 cpu_interrupt(env, env->interrupt_request);
1104 }
1105 }
1106 tb = tb_next;
1107 }
1108 #if !defined(CONFIG_USER_ONLY)
1109 /* if no code remaining, no need to continue to use slow writes */
1110 if (!p->first_tb) {
1111 invalidate_page_bitmap(p);
1112 if (is_cpu_write_access) {
1113 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1114 }
1115 }
1116 #endif
1117 #ifdef TARGET_HAS_PRECISE_SMC
1118 if (current_tb_modified) {
1119 /* we generate a block containing just the instruction
1120 modifying the memory. It will ensure that it cannot modify
1121 itself */
1122 env->current_tb = NULL;
1123 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1124 cpu_resume_from_signal(env, NULL);
1125 }
1126 #endif
1127 }
1128
1129 /* len must be <= 8 and start must be a multiple of len */
1130 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1131 {
1132 PageDesc *p;
1133 int offset, b;
1134 #if 0
1135 if (1) {
1136 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1137 cpu_single_env->mem_io_vaddr, len,
1138 cpu_single_env->eip,
1139 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
1140 }
1141 #endif
1142 p = page_find(start >> TARGET_PAGE_BITS);
1143 if (!p)
1144 return;
1145 if (p->code_bitmap) {
1146 offset = start & ~TARGET_PAGE_MASK;
1147 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1148 if (b & ((1 << len) - 1))
1149 goto do_invalidate;
1150 } else {
1151 do_invalidate:
1152 tb_invalidate_phys_page_range(start, start + len, 1);
1153 }
1154 }
1155
1156 #if !defined(CONFIG_SOFTMMU)
1157 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1158 unsigned long pc, void *puc)
1159 {
1160 TranslationBlock *tb;
1161 PageDesc *p;
1162 int n;
1163 #ifdef TARGET_HAS_PRECISE_SMC
1164 TranslationBlock *current_tb = NULL;
1165 CPUState *env = cpu_single_env;
1166 int current_tb_modified = 0;
1167 target_ulong current_pc = 0;
1168 target_ulong current_cs_base = 0;
1169 int current_flags = 0;
1170 #endif
1171
1172 addr &= TARGET_PAGE_MASK;
1173 p = page_find(addr >> TARGET_PAGE_BITS);
1174 if (!p)
1175 return;
1176 tb = p->first_tb;
1177 #ifdef TARGET_HAS_PRECISE_SMC
1178 if (tb && pc != 0) {
1179 current_tb = tb_find_pc(pc);
1180 }
1181 #endif
1182 while (tb != NULL) {
1183 n = (long)tb & 3;
1184 tb = (TranslationBlock *)((long)tb & ~3);
1185 #ifdef TARGET_HAS_PRECISE_SMC
1186 if (current_tb == tb &&
1187 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1188 /* If we are modifying the current TB, we must stop
1189 its execution. We could be more precise by checking
1190 that the modification is after the current PC, but it
1191 would require a specialized function to partially
1192 restore the CPU state */
1193
1194 current_tb_modified = 1;
1195 cpu_restore_state(current_tb, env, pc);
1196 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1197 &current_flags);
1198 }
1199 #endif /* TARGET_HAS_PRECISE_SMC */
1200 tb_phys_invalidate(tb, addr);
1201 tb = tb->page_next[n];
1202 }
1203 p->first_tb = NULL;
1204 #ifdef TARGET_HAS_PRECISE_SMC
1205 if (current_tb_modified) {
1206 /* we generate a block containing just the instruction
1207 modifying the memory. It will ensure that it cannot modify
1208 itself */
1209 env->current_tb = NULL;
1210 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1211 cpu_resume_from_signal(env, puc);
1212 }
1213 #endif
1214 }
1215 #endif
1216
1217 /* add the tb in the target page and protect it if necessary */
1218 static inline void tb_alloc_page(TranslationBlock *tb,
1219 unsigned int n, tb_page_addr_t page_addr)
1220 {
1221 PageDesc *p;
1222 #ifndef CONFIG_USER_ONLY
1223 bool page_already_protected;
1224 #endif
1225
1226 tb->page_addr[n] = page_addr;
1227 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1228 tb->page_next[n] = p->first_tb;
1229 #ifndef CONFIG_USER_ONLY
1230 page_already_protected = p->first_tb != NULL;
1231 #endif
1232 p->first_tb = (TranslationBlock *)((long)tb | n);
1233 invalidate_page_bitmap(p);
1234
1235 #if defined(TARGET_HAS_SMC) || 1
1236
1237 #if defined(CONFIG_USER_ONLY)
1238 if (p->flags & PAGE_WRITE) {
1239 target_ulong addr;
1240 PageDesc *p2;
1241 int prot;
1242
1243 /* force the host page as non writable (writes will have a
1244 page fault + mprotect overhead) */
1245 page_addr &= qemu_host_page_mask;
1246 prot = 0;
1247 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1248 addr += TARGET_PAGE_SIZE) {
1249
1250 p2 = page_find (addr >> TARGET_PAGE_BITS);
1251 if (!p2)
1252 continue;
1253 prot |= p2->flags;
1254 p2->flags &= ~PAGE_WRITE;
1255 }
1256 mprotect(g2h(page_addr), qemu_host_page_size,
1257 (prot & PAGE_BITS) & ~PAGE_WRITE);
1258 #ifdef DEBUG_TB_INVALIDATE
1259 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1260 page_addr);
1261 #endif
1262 }
1263 #else
1264 /* if some code is already present, then the pages are already
1265 protected. So we handle the case where only the first TB is
1266 allocated in a physical page */
1267 if (!page_already_protected) {
1268 tlb_protect_code(page_addr);
1269 }
1270 #endif
1271
1272 #endif /* TARGET_HAS_SMC */
1273 }
1274
1275 /* add a new TB and link it to the physical page tables. phys_page2 is
1276 (-1) to indicate that only one page contains the TB. */
1277 void tb_link_page(TranslationBlock *tb,
1278 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
1279 {
1280 unsigned int h;
1281 TranslationBlock **ptb;
1282
1283 /* Grab the mmap lock to stop another thread invalidating this TB
1284 before we are done. */
1285 mmap_lock();
1286 /* add in the physical hash table */
1287 h = tb_phys_hash_func(phys_pc);
1288 ptb = &tb_phys_hash[h];
1289 tb->phys_hash_next = *ptb;
1290 *ptb = tb;
1291
1292 /* add in the page list */
1293 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1294 if (phys_page2 != -1)
1295 tb_alloc_page(tb, 1, phys_page2);
1296 else
1297 tb->page_addr[1] = -1;
1298
1299 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1300 tb->jmp_next[0] = NULL;
1301 tb->jmp_next[1] = NULL;
1302
1303 /* init original jump addresses */
1304 if (tb->tb_next_offset[0] != 0xffff)
1305 tb_reset_jump(tb, 0);
1306 if (tb->tb_next_offset[1] != 0xffff)
1307 tb_reset_jump(tb, 1);
1308
1309 #ifdef DEBUG_TB_CHECK
1310 tb_page_check();
1311 #endif
1312 mmap_unlock();
1313 }
1314
1315 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1316 tb[1].tc_ptr. Return NULL if not found */
1317 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
1318 {
1319 int m_min, m_max, m;
1320 unsigned long v;
1321 TranslationBlock *tb;
1322
1323 if (nb_tbs <= 0)
1324 return NULL;
1325 if (tc_ptr < (unsigned long)code_gen_buffer ||
1326 tc_ptr >= (unsigned long)code_gen_ptr)
1327 return NULL;
1328 /* binary search (cf Knuth) */
1329 m_min = 0;
1330 m_max = nb_tbs - 1;
1331 while (m_min <= m_max) {
1332 m = (m_min + m_max) >> 1;
1333 tb = &tbs[m];
1334 v = (unsigned long)tb->tc_ptr;
1335 if (v == tc_ptr)
1336 return tb;
1337 else if (tc_ptr < v) {
1338 m_max = m - 1;
1339 } else {
1340 m_min = m + 1;
1341 }
1342 }
1343 return &tbs[m_max];
1344 }
1345
1346 static void tb_reset_jump_recursive(TranslationBlock *tb);
1347
1348 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1349 {
1350 TranslationBlock *tb1, *tb_next, **ptb;
1351 unsigned int n1;
1352
1353 tb1 = tb->jmp_next[n];
1354 if (tb1 != NULL) {
1355 /* find head of list */
1356 for(;;) {
1357 n1 = (long)tb1 & 3;
1358 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1359 if (n1 == 2)
1360 break;
1361 tb1 = tb1->jmp_next[n1];
1362 }
1363 /* we are now sure now that tb jumps to tb1 */
1364 tb_next = tb1;
1365
1366 /* remove tb from the jmp_first list */
1367 ptb = &tb_next->jmp_first;
1368 for(;;) {
1369 tb1 = *ptb;
1370 n1 = (long)tb1 & 3;
1371 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1372 if (n1 == n && tb1 == tb)
1373 break;
1374 ptb = &tb1->jmp_next[n1];
1375 }
1376 *ptb = tb->jmp_next[n];
1377 tb->jmp_next[n] = NULL;
1378
1379 /* suppress the jump to next tb in generated code */
1380 tb_reset_jump(tb, n);
1381
1382 /* suppress jumps in the tb on which we could have jumped */
1383 tb_reset_jump_recursive(tb_next);
1384 }
1385 }
1386
1387 static void tb_reset_jump_recursive(TranslationBlock *tb)
1388 {
1389 tb_reset_jump_recursive2(tb, 0);
1390 tb_reset_jump_recursive2(tb, 1);
1391 }
1392
1393 #if defined(TARGET_HAS_ICE)
1394 #if defined(CONFIG_USER_ONLY)
1395 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1396 {
1397 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1398 }
1399 #else
1400 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1401 {
1402 target_phys_addr_t addr;
1403 target_ulong pd;
1404 ram_addr_t ram_addr;
1405 PhysPageDesc *p;
1406
1407 addr = cpu_get_phys_page_debug(env, pc);
1408 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1409 if (!p) {
1410 pd = IO_MEM_UNASSIGNED;
1411 } else {
1412 pd = p->phys_offset;
1413 }
1414 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1415 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1416 }
1417 #endif
1418 #endif /* TARGET_HAS_ICE */
1419
1420 #if defined(CONFIG_USER_ONLY)
1421 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1422
1423 {
1424 }
1425
1426 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1427 int flags, CPUWatchpoint **watchpoint)
1428 {
1429 return -ENOSYS;
1430 }
1431 #else
1432 /* Add a watchpoint. */
1433 int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1434 int flags, CPUWatchpoint **watchpoint)
1435 {
1436 target_ulong len_mask = ~(len - 1);
1437 CPUWatchpoint *wp;
1438
1439 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1440 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1441 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1442 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1443 return -EINVAL;
1444 }
1445 wp = g_malloc(sizeof(*wp));
1446
1447 wp->vaddr = addr;
1448 wp->len_mask = len_mask;
1449 wp->flags = flags;
1450
1451 /* keep all GDB-injected watchpoints in front */
1452 if (flags & BP_GDB)
1453 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1454 else
1455 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1456
1457 tlb_flush_page(env, addr);
1458
1459 if (watchpoint)
1460 *watchpoint = wp;
1461 return 0;
1462 }
1463
1464 /* Remove a specific watchpoint. */
1465 int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1466 int flags)
1467 {
1468 target_ulong len_mask = ~(len - 1);
1469 CPUWatchpoint *wp;
1470
1471 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1472 if (addr == wp->vaddr && len_mask == wp->len_mask
1473 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1474 cpu_watchpoint_remove_by_ref(env, wp);
1475 return 0;
1476 }
1477 }
1478 return -ENOENT;
1479 }
1480
1481 /* Remove a specific watchpoint by reference. */
1482 void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1483 {
1484 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1485
1486 tlb_flush_page(env, watchpoint->vaddr);
1487
1488 g_free(watchpoint);
1489 }
1490
1491 /* Remove all matching watchpoints. */
1492 void cpu_watchpoint_remove_all(CPUState *env, int mask)
1493 {
1494 CPUWatchpoint *wp, *next;
1495
1496 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1497 if (wp->flags & mask)
1498 cpu_watchpoint_remove_by_ref(env, wp);
1499 }
1500 }
1501 #endif
1502
1503 /* Add a breakpoint. */
1504 int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1505 CPUBreakpoint **breakpoint)
1506 {
1507 #if defined(TARGET_HAS_ICE)
1508 CPUBreakpoint *bp;
1509
1510 bp = g_malloc(sizeof(*bp));
1511
1512 bp->pc = pc;
1513 bp->flags = flags;
1514
1515 /* keep all GDB-injected breakpoints in front */
1516 if (flags & BP_GDB)
1517 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1518 else
1519 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1520
1521 breakpoint_invalidate(env, pc);
1522
1523 if (breakpoint)
1524 *breakpoint = bp;
1525 return 0;
1526 #else
1527 return -ENOSYS;
1528 #endif
1529 }
1530
1531 /* Remove a specific breakpoint. */
1532 int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1533 {
1534 #if defined(TARGET_HAS_ICE)
1535 CPUBreakpoint *bp;
1536
1537 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1538 if (bp->pc == pc && bp->flags == flags) {
1539 cpu_breakpoint_remove_by_ref(env, bp);
1540 return 0;
1541 }
1542 }
1543 return -ENOENT;
1544 #else
1545 return -ENOSYS;
1546 #endif
1547 }
1548
1549 /* Remove a specific breakpoint by reference. */
1550 void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
1551 {
1552 #if defined(TARGET_HAS_ICE)
1553 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1554
1555 breakpoint_invalidate(env, breakpoint->pc);
1556
1557 g_free(breakpoint);
1558 #endif
1559 }
1560
1561 /* Remove all matching breakpoints. */
1562 void cpu_breakpoint_remove_all(CPUState *env, int mask)
1563 {
1564 #if defined(TARGET_HAS_ICE)
1565 CPUBreakpoint *bp, *next;
1566
1567 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1568 if (bp->flags & mask)
1569 cpu_breakpoint_remove_by_ref(env, bp);
1570 }
1571 #endif
1572 }
1573
1574 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1575 CPU loop after each instruction */
1576 void cpu_single_step(CPUState *env, int enabled)
1577 {
1578 #if defined(TARGET_HAS_ICE)
1579 if (env->singlestep_enabled != enabled) {
1580 env->singlestep_enabled = enabled;
1581 if (kvm_enabled())
1582 kvm_update_guest_debug(env, 0);
1583 else {
1584 /* must flush all the translated code to avoid inconsistencies */
1585 /* XXX: only flush what is necessary */
1586 tb_flush(env);
1587 }
1588 }
1589 #endif
1590 }
1591
1592 /* enable or disable low levels log */
1593 void cpu_set_log(int log_flags)
1594 {
1595 loglevel = log_flags;
1596 if (loglevel && !logfile) {
1597 logfile = fopen(logfilename, log_append ? "a" : "w");
1598 if (!logfile) {
1599 perror(logfilename);
1600 _exit(1);
1601 }
1602 #if !defined(CONFIG_SOFTMMU)
1603 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1604 {
1605 static char logfile_buf[4096];
1606 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1607 }
1608 #elif defined(_WIN32)
1609 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1610 setvbuf(logfile, NULL, _IONBF, 0);
1611 #else
1612 setvbuf(logfile, NULL, _IOLBF, 0);
1613 #endif
1614 log_append = 1;
1615 }
1616 if (!loglevel && logfile) {
1617 fclose(logfile);
1618 logfile = NULL;
1619 }
1620 }
1621
1622 void cpu_set_log_filename(const char *filename)
1623 {
1624 logfilename = strdup(filename);
1625 if (logfile) {
1626 fclose(logfile);
1627 logfile = NULL;
1628 }
1629 cpu_set_log(loglevel);
1630 }
1631
1632 static void cpu_unlink_tb(CPUState *env)
1633 {
1634 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1635 problem and hope the cpu will stop of its own accord. For userspace
1636 emulation this often isn't actually as bad as it sounds. Often
1637 signals are used primarily to interrupt blocking syscalls. */
1638 TranslationBlock *tb;
1639 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1640
1641 spin_lock(&interrupt_lock);
1642 tb = env->current_tb;
1643 /* if the cpu is currently executing code, we must unlink it and
1644 all the potentially executing TB */
1645 if (tb) {
1646 env->current_tb = NULL;
1647 tb_reset_jump_recursive(tb);
1648 }
1649 spin_unlock(&interrupt_lock);
1650 }
1651
1652 #ifndef CONFIG_USER_ONLY
1653 /* mask must never be zero, except for A20 change call */
1654 static void tcg_handle_interrupt(CPUState *env, int mask)
1655 {
1656 int old_mask;
1657
1658 old_mask = env->interrupt_request;
1659 env->interrupt_request |= mask;
1660
1661 /*
1662 * If called from iothread context, wake the target cpu in
1663 * case its halted.
1664 */
1665 if (!qemu_cpu_is_self(env)) {
1666 qemu_cpu_kick(env);
1667 return;
1668 }
1669
1670 if (use_icount) {
1671 env->icount_decr.u16.high = 0xffff;
1672 if (!can_do_io(env)
1673 && (mask & ~old_mask) != 0) {
1674 cpu_abort(env, "Raised interrupt while not in I/O function");
1675 }
1676 } else {
1677 cpu_unlink_tb(env);
1678 }
1679 }
1680
1681 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1682
1683 #else /* CONFIG_USER_ONLY */
1684
1685 void cpu_interrupt(CPUState *env, int mask)
1686 {
1687 env->interrupt_request |= mask;
1688 cpu_unlink_tb(env);
1689 }
1690 #endif /* CONFIG_USER_ONLY */
1691
1692 void cpu_reset_interrupt(CPUState *env, int mask)
1693 {
1694 env->interrupt_request &= ~mask;
1695 }
1696
1697 void cpu_exit(CPUState *env)
1698 {
1699 env->exit_request = 1;
1700 cpu_unlink_tb(env);
1701 }
1702
1703 const CPULogItem cpu_log_items[] = {
1704 { CPU_LOG_TB_OUT_ASM, "out_asm",
1705 "show generated host assembly code for each compiled TB" },
1706 { CPU_LOG_TB_IN_ASM, "in_asm",
1707 "show target assembly code for each compiled TB" },
1708 { CPU_LOG_TB_OP, "op",
1709 "show micro ops for each compiled TB" },
1710 { CPU_LOG_TB_OP_OPT, "op_opt",
1711 "show micro ops "
1712 #ifdef TARGET_I386
1713 "before eflags optimization and "
1714 #endif
1715 "after liveness analysis" },
1716 { CPU_LOG_INT, "int",
1717 "show interrupts/exceptions in short format" },
1718 { CPU_LOG_EXEC, "exec",
1719 "show trace before each executed TB (lots of logs)" },
1720 { CPU_LOG_TB_CPU, "cpu",
1721 "show CPU state before block translation" },
1722 #ifdef TARGET_I386
1723 { CPU_LOG_PCALL, "pcall",
1724 "show protected mode far calls/returns/exceptions" },
1725 { CPU_LOG_RESET, "cpu_reset",
1726 "show CPU state before CPU resets" },
1727 #endif
1728 #ifdef DEBUG_IOPORT
1729 { CPU_LOG_IOPORT, "ioport",
1730 "show all i/o ports accesses" },
1731 #endif
1732 { 0, NULL, NULL },
1733 };
1734
1735 #ifndef CONFIG_USER_ONLY
1736 static QLIST_HEAD(memory_client_list, CPUPhysMemoryClient) memory_client_list
1737 = QLIST_HEAD_INITIALIZER(memory_client_list);
1738
1739 static void cpu_notify_set_memory(target_phys_addr_t start_addr,
1740 ram_addr_t size,
1741 ram_addr_t phys_offset,
1742 bool log_dirty)
1743 {
1744 CPUPhysMemoryClient *client;
1745 QLIST_FOREACH(client, &memory_client_list, list) {
1746 client->set_memory(client, start_addr, size, phys_offset, log_dirty);
1747 }
1748 }
1749
1750 static int cpu_notify_sync_dirty_bitmap(target_phys_addr_t start,
1751 target_phys_addr_t end)
1752 {
1753 CPUPhysMemoryClient *client;
1754 QLIST_FOREACH(client, &memory_client_list, list) {
1755 int r = client->sync_dirty_bitmap(client, start, end);
1756 if (r < 0)
1757 return r;
1758 }
1759 return 0;
1760 }
1761
1762 static int cpu_notify_migration_log(int enable)
1763 {
1764 CPUPhysMemoryClient *client;
1765 QLIST_FOREACH(client, &memory_client_list, list) {
1766 int r = client->migration_log(client, enable);
1767 if (r < 0)
1768 return r;
1769 }
1770 return 0;
1771 }
1772
1773 struct last_map {
1774 target_phys_addr_t start_addr;
1775 ram_addr_t size;
1776 ram_addr_t phys_offset;
1777 };
1778
1779 /* The l1_phys_map provides the upper P_L1_BITs of the guest physical
1780 * address. Each intermediate table provides the next L2_BITs of guest
1781 * physical address space. The number of levels vary based on host and
1782 * guest configuration, making it efficient to build the final guest
1783 * physical address by seeding the L1 offset and shifting and adding in
1784 * each L2 offset as we recurse through them. */
1785 static void phys_page_for_each_1(CPUPhysMemoryClient *client, int level,
1786 void **lp, target_phys_addr_t addr,
1787 struct last_map *map)
1788 {
1789 int i;
1790
1791 if (*lp == NULL) {
1792 return;
1793 }
1794 if (level == 0) {
1795 PhysPageDesc *pd = *lp;
1796 addr <<= L2_BITS + TARGET_PAGE_BITS;
1797 for (i = 0; i < L2_SIZE; ++i) {
1798 if (pd[i].phys_offset != IO_MEM_UNASSIGNED) {
1799 target_phys_addr_t start_addr = addr | i << TARGET_PAGE_BITS;
1800
1801 if (map->size &&
1802 start_addr == map->start_addr + map->size &&
1803 pd[i].phys_offset == map->phys_offset + map->size) {
1804
1805 map->size += TARGET_PAGE_SIZE;
1806 continue;
1807 } else if (map->size) {
1808 client->set_memory(client, map->start_addr,
1809 map->size, map->phys_offset, false);
1810 }
1811
1812 map->start_addr = start_addr;
1813 map->size = TARGET_PAGE_SIZE;
1814 map->phys_offset = pd[i].phys_offset;
1815 }
1816 }
1817 } else {
1818 void **pp = *lp;
1819 for (i = 0; i < L2_SIZE; ++i) {
1820 phys_page_for_each_1(client, level - 1, pp + i,
1821 (addr << L2_BITS) | i, map);
1822 }
1823 }
1824 }
1825
1826 static void phys_page_for_each(CPUPhysMemoryClient *client)
1827 {
1828 int i;
1829 struct last_map map = { };
1830
1831 for (i = 0; i < P_L1_SIZE; ++i) {
1832 phys_page_for_each_1(client, P_L1_SHIFT / L2_BITS - 1,
1833 l1_phys_map + i, i, &map);
1834 }
1835 if (map.size) {
1836 client->set_memory(client, map.start_addr, map.size, map.phys_offset,
1837 false);
1838 }
1839 }
1840
1841 void cpu_register_phys_memory_client(CPUPhysMemoryClient *client)
1842 {
1843 QLIST_INSERT_HEAD(&memory_client_list, client, list);
1844 phys_page_for_each(client);
1845 }
1846
1847 void cpu_unregister_phys_memory_client(CPUPhysMemoryClient *client)
1848 {
1849 QLIST_REMOVE(client, list);
1850 }
1851 #endif
1852
1853 static int cmp1(const char *s1, int n, const char *s2)
1854 {
1855 if (strlen(s2) != n)
1856 return 0;
1857 return memcmp(s1, s2, n) == 0;
1858 }
1859
1860 /* takes a comma separated list of log masks. Return 0 if error. */
1861 int cpu_str_to_log_mask(const char *str)
1862 {
1863 const CPULogItem *item;
1864 int mask;
1865 const char *p, *p1;
1866
1867 p = str;
1868 mask = 0;
1869 for(;;) {
1870 p1 = strchr(p, ',');
1871 if (!p1)
1872 p1 = p + strlen(p);
1873 if(cmp1(p,p1-p,"all")) {
1874 for(item = cpu_log_items; item->mask != 0; item++) {
1875 mask |= item->mask;
1876 }
1877 } else {
1878 for(item = cpu_log_items; item->mask != 0; item++) {
1879 if (cmp1(p, p1 - p, item->name))
1880 goto found;
1881 }
1882 return 0;
1883 }
1884 found:
1885 mask |= item->mask;
1886 if (*p1 != ',')
1887 break;
1888 p = p1 + 1;
1889 }
1890 return mask;
1891 }
1892
1893 void cpu_abort(CPUState *env, const char *fmt, ...)
1894 {
1895 va_list ap;
1896 va_list ap2;
1897
1898 va_start(ap, fmt);
1899 va_copy(ap2, ap);
1900 fprintf(stderr, "qemu: fatal: ");
1901 vfprintf(stderr, fmt, ap);
1902 fprintf(stderr, "\n");
1903 #ifdef TARGET_I386
1904 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1905 #else
1906 cpu_dump_state(env, stderr, fprintf, 0);
1907 #endif
1908 if (qemu_log_enabled()) {
1909 qemu_log("qemu: fatal: ");
1910 qemu_log_vprintf(fmt, ap2);
1911 qemu_log("\n");
1912 #ifdef TARGET_I386
1913 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
1914 #else
1915 log_cpu_state(env, 0);
1916 #endif
1917 qemu_log_flush();
1918 qemu_log_close();
1919 }
1920 va_end(ap2);
1921 va_end(ap);
1922 #if defined(CONFIG_USER_ONLY)
1923 {
1924 struct sigaction act;
1925 sigfillset(&act.sa_mask);
1926 act.sa_handler = SIG_DFL;
1927 sigaction(SIGABRT, &act, NULL);
1928 }
1929 #endif
1930 abort();
1931 }
1932
1933 CPUState *cpu_copy(CPUState *env)
1934 {
1935 CPUState *new_env = cpu_init(env->cpu_model_str);
1936 CPUState *next_cpu = new_env->next_cpu;
1937 int cpu_index = new_env->cpu_index;
1938 #if defined(TARGET_HAS_ICE)
1939 CPUBreakpoint *bp;
1940 CPUWatchpoint *wp;
1941 #endif
1942
1943 memcpy(new_env, env, sizeof(CPUState));
1944
1945 /* Preserve chaining and index. */
1946 new_env->next_cpu = next_cpu;
1947 new_env->cpu_index = cpu_index;
1948
1949 /* Clone all break/watchpoints.
1950 Note: Once we support ptrace with hw-debug register access, make sure
1951 BP_CPU break/watchpoints are handled correctly on clone. */
1952 QTAILQ_INIT(&env->breakpoints);
1953 QTAILQ_INIT(&env->watchpoints);
1954 #if defined(TARGET_HAS_ICE)
1955 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1956 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1957 }
1958 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1959 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1960 wp->flags, NULL);
1961 }
1962 #endif
1963
1964 return new_env;
1965 }
1966
1967 #if !defined(CONFIG_USER_ONLY)
1968
1969 static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1970 {
1971 unsigned int i;
1972
1973 /* Discard jump cache entries for any tb which might potentially
1974 overlap the flushed page. */
1975 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1976 memset (&env->tb_jmp_cache[i], 0,
1977 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1978
1979 i = tb_jmp_cache_hash_page(addr);
1980 memset (&env->tb_jmp_cache[i], 0,
1981 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1982 }
1983
1984 static CPUTLBEntry s_cputlb_empty_entry = {
1985 .addr_read = -1,
1986 .addr_write = -1,
1987 .addr_code = -1,
1988 .addend = -1,
1989 };
1990
1991 /* NOTE: if flush_global is true, also flush global entries (not
1992 implemented yet) */
1993 void tlb_flush(CPUState *env, int flush_global)
1994 {
1995 int i;
1996
1997 #if defined(DEBUG_TLB)
1998 printf("tlb_flush:\n");
1999 #endif
2000 /* must reset current TB so that interrupts cannot modify the
2001 links while we are modifying them */
2002 env->current_tb = NULL;
2003
2004 for(i = 0; i < CPU_TLB_SIZE; i++) {
2005 int mmu_idx;
2006 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2007 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
2008 }
2009 }
2010
2011 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
2012
2013 env->tlb_flush_addr = -1;
2014 env->tlb_flush_mask = 0;
2015 tlb_flush_count++;
2016 }
2017
2018 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
2019 {
2020 if (addr == (tlb_entry->addr_read &
2021 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
2022 addr == (tlb_entry->addr_write &
2023 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
2024 addr == (tlb_entry->addr_code &
2025 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
2026 *tlb_entry = s_cputlb_empty_entry;
2027 }
2028 }
2029
2030 void tlb_flush_page(CPUState *env, target_ulong addr)
2031 {
2032 int i;
2033 int mmu_idx;
2034
2035 #if defined(DEBUG_TLB)
2036 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
2037 #endif
2038 /* Check if we need to flush due to large pages. */
2039 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
2040 #if defined(DEBUG_TLB)
2041 printf("tlb_flush_page: forced full flush ("
2042 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
2043 env->tlb_flush_addr, env->tlb_flush_mask);
2044 #endif
2045 tlb_flush(env, 1);
2046 return;
2047 }
2048 /* must reset current TB so that interrupts cannot modify the
2049 links while we are modifying them */
2050 env->current_tb = NULL;
2051
2052 addr &= TARGET_PAGE_MASK;
2053 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2054 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2055 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
2056
2057 tlb_flush_jmp_cache(env, addr);
2058 }
2059
2060 /* update the TLBs so that writes to code in the virtual page 'addr'
2061 can be detected */
2062 static void tlb_protect_code(ram_addr_t ram_addr)
2063 {
2064 cpu_physical_memory_reset_dirty(ram_addr,
2065 ram_addr + TARGET_PAGE_SIZE,
2066 CODE_DIRTY_FLAG);
2067 }
2068
2069 /* update the TLB so that writes in physical page 'phys_addr' are no longer
2070 tested for self modifying code */
2071 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
2072 target_ulong vaddr)
2073 {
2074 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
2075 }
2076
2077 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
2078 unsigned long start, unsigned long length)
2079 {
2080 unsigned long addr;
2081 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2082 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
2083 if ((addr - start) < length) {
2084 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
2085 }
2086 }
2087 }
2088
2089 /* Note: start and end must be within the same ram block. */
2090 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
2091 int dirty_flags)
2092 {
2093 CPUState *env;
2094 unsigned long length, start1;
2095 int i;
2096
2097 start &= TARGET_PAGE_MASK;
2098 end = TARGET_PAGE_ALIGN(end);
2099
2100 length = end - start;
2101 if (length == 0)
2102 return;
2103 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
2104
2105 /* we modify the TLB cache so that the dirty bit will be set again
2106 when accessing the range */
2107 start1 = (unsigned long)qemu_safe_ram_ptr(start);
2108 /* Check that we don't span multiple blocks - this breaks the
2109 address comparisons below. */
2110 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
2111 != (end - 1) - start) {
2112 abort();
2113 }
2114
2115 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2116 int mmu_idx;
2117 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2118 for(i = 0; i < CPU_TLB_SIZE; i++)
2119 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2120 start1, length);
2121 }
2122 }
2123 }
2124
2125 int cpu_physical_memory_set_dirty_tracking(int enable)
2126 {
2127 int ret = 0;
2128 in_migration = enable;
2129 ret = cpu_notify_migration_log(!!enable);
2130 return ret;
2131 }
2132
2133 int cpu_physical_memory_get_dirty_tracking(void)
2134 {
2135 return in_migration;
2136 }
2137
2138 int cpu_physical_sync_dirty_bitmap(target_phys_addr_t start_addr,
2139 target_phys_addr_t end_addr)
2140 {
2141 int ret;
2142
2143 ret = cpu_notify_sync_dirty_bitmap(start_addr, end_addr);
2144 return ret;
2145 }
2146
2147 int cpu_physical_log_start(target_phys_addr_t start_addr,
2148 ram_addr_t size)
2149 {
2150 CPUPhysMemoryClient *client;
2151 QLIST_FOREACH(client, &memory_client_list, list) {
2152 if (client->log_start) {
2153 int r = client->log_start(client, start_addr, size);
2154 if (r < 0) {
2155 return r;
2156 }
2157 }
2158 }
2159 return 0;
2160 }
2161
2162 int cpu_physical_log_stop(target_phys_addr_t start_addr,
2163 ram_addr_t size)
2164 {
2165 CPUPhysMemoryClient *client;
2166 QLIST_FOREACH(client, &memory_client_list, list) {
2167 if (client->log_stop) {
2168 int r = client->log_stop(client, start_addr, size);
2169 if (r < 0) {
2170 return r;
2171 }
2172 }
2173 }
2174 return 0;
2175 }
2176
2177 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2178 {
2179 ram_addr_t ram_addr;
2180 void *p;
2181
2182 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
2183 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2184 + tlb_entry->addend);
2185 ram_addr = qemu_ram_addr_from_host_nofail(p);
2186 if (!cpu_physical_memory_is_dirty(ram_addr)) {
2187 tlb_entry->addr_write |= TLB_NOTDIRTY;
2188 }
2189 }
2190 }
2191
2192 /* update the TLB according to the current state of the dirty bits */
2193 void cpu_tlb_update_dirty(CPUState *env)
2194 {
2195 int i;
2196 int mmu_idx;
2197 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2198 for(i = 0; i < CPU_TLB_SIZE; i++)
2199 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2200 }
2201 }
2202
2203 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
2204 {
2205 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2206 tlb_entry->addr_write = vaddr;
2207 }
2208
2209 /* update the TLB corresponding to virtual page vaddr
2210 so that it is no longer dirty */
2211 static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
2212 {
2213 int i;
2214 int mmu_idx;
2215
2216 vaddr &= TARGET_PAGE_MASK;
2217 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2218 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2219 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
2220 }
2221
2222 /* Our TLB does not support large pages, so remember the area covered by
2223 large pages and trigger a full TLB flush if these are invalidated. */
2224 static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2225 target_ulong size)
2226 {
2227 target_ulong mask = ~(size - 1);
2228
2229 if (env->tlb_flush_addr == (target_ulong)-1) {
2230 env->tlb_flush_addr = vaddr & mask;
2231 env->tlb_flush_mask = mask;
2232 return;
2233 }
2234 /* Extend the existing region to include the new page.
2235 This is a compromise between unnecessary flushes and the cost
2236 of maintaining a full variable size TLB. */
2237 mask &= env->tlb_flush_mask;
2238 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2239 mask <<= 1;
2240 }
2241 env->tlb_flush_addr &= mask;
2242 env->tlb_flush_mask = mask;
2243 }
2244
2245 /* Add a new TLB entry. At most one entry for a given virtual address
2246 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2247 supplied size is only used by tlb_flush_page. */
2248 void tlb_set_page(CPUState *env, target_ulong vaddr,
2249 target_phys_addr_t paddr, int prot,
2250 int mmu_idx, target_ulong size)
2251 {
2252 PhysPageDesc *p;
2253 unsigned long pd;
2254 unsigned int index;
2255 target_ulong address;
2256 target_ulong code_address;
2257 unsigned long addend;
2258 CPUTLBEntry *te;
2259 CPUWatchpoint *wp;
2260 target_phys_addr_t iotlb;
2261
2262 assert(size >= TARGET_PAGE_SIZE);
2263 if (size != TARGET_PAGE_SIZE) {
2264 tlb_add_large_page(env, vaddr, size);
2265 }
2266 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
2267 if (!p) {
2268 pd = IO_MEM_UNASSIGNED;
2269 } else {
2270 pd = p->phys_offset;
2271 }
2272 #if defined(DEBUG_TLB)
2273 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2274 " prot=%x idx=%d pd=0x%08lx\n",
2275 vaddr, paddr, prot, mmu_idx, pd);
2276 #endif
2277
2278 address = vaddr;
2279 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
2280 /* IO memory case (romd handled later) */
2281 address |= TLB_MMIO;
2282 }
2283 addend = (unsigned long)qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
2284 if ((pd & ~TARGET_PAGE_MASK) <= IO_MEM_ROM) {
2285 /* Normal RAM. */
2286 iotlb = pd & TARGET_PAGE_MASK;
2287 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM)
2288 iotlb |= IO_MEM_NOTDIRTY;
2289 else
2290 iotlb |= IO_MEM_ROM;
2291 } else {
2292 /* IO handlers are currently passed a physical address.
2293 It would be nice to pass an offset from the base address
2294 of that region. This would avoid having to special case RAM,
2295 and avoid full address decoding in every device.
2296 We can't use the high bits of pd for this because
2297 IO_MEM_ROMD uses these as a ram address. */
2298 iotlb = (pd & ~TARGET_PAGE_MASK);
2299 if (p) {
2300 iotlb += p->region_offset;
2301 } else {
2302 iotlb += paddr;
2303 }
2304 }
2305
2306 code_address = address;
2307 /* Make accesses to pages with watchpoints go via the
2308 watchpoint trap routines. */
2309 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
2310 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
2311 /* Avoid trapping reads of pages with a write breakpoint. */
2312 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
2313 iotlb = io_mem_watch + paddr;
2314 address |= TLB_MMIO;
2315 break;
2316 }
2317 }
2318 }
2319
2320 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2321 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2322 te = &env->tlb_table[mmu_idx][index];
2323 te->addend = addend - vaddr;
2324 if (prot & PAGE_READ) {
2325 te->addr_read = address;
2326 } else {
2327 te->addr_read = -1;
2328 }
2329
2330 if (prot & PAGE_EXEC) {
2331 te->addr_code = code_address;
2332 } else {
2333 te->addr_code = -1;
2334 }
2335 if (prot & PAGE_WRITE) {
2336 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
2337 (pd & IO_MEM_ROMD)) {
2338 /* Write access calls the I/O callback. */
2339 te->addr_write = address | TLB_MMIO;
2340 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
2341 !cpu_physical_memory_is_dirty(pd)) {
2342 te->addr_write = address | TLB_NOTDIRTY;
2343 } else {
2344 te->addr_write = address;
2345 }
2346 } else {
2347 te->addr_write = -1;
2348 }
2349 }
2350
2351 #else
2352
2353 void tlb_flush(CPUState *env, int flush_global)
2354 {
2355 }
2356
2357 void tlb_flush_page(CPUState *env, target_ulong addr)
2358 {
2359 }
2360
2361 /*
2362 * Walks guest process memory "regions" one by one
2363 * and calls callback function 'fn' for each region.
2364 */
2365
2366 struct walk_memory_regions_data
2367 {
2368 walk_memory_regions_fn fn;
2369 void *priv;
2370 unsigned long start;
2371 int prot;
2372 };
2373
2374 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
2375 abi_ulong end, int new_prot)
2376 {
2377 if (data->start != -1ul) {
2378 int rc = data->fn(data->priv, data->start, end, data->prot);
2379 if (rc != 0) {
2380 return rc;
2381 }
2382 }
2383
2384 data->start = (new_prot ? end : -1ul);
2385 data->prot = new_prot;
2386
2387 return 0;
2388 }
2389
2390 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
2391 abi_ulong base, int level, void **lp)
2392 {
2393 abi_ulong pa;
2394 int i, rc;
2395
2396 if (*lp == NULL) {
2397 return walk_memory_regions_end(data, base, 0);
2398 }
2399
2400 if (level == 0) {
2401 PageDesc *pd = *lp;
2402 for (i = 0; i < L2_SIZE; ++i) {
2403 int prot = pd[i].flags;
2404
2405 pa = base | (i << TARGET_PAGE_BITS);
2406 if (prot != data->prot) {
2407 rc = walk_memory_regions_end(data, pa, prot);
2408 if (rc != 0) {
2409 return rc;
2410 }
2411 }
2412 }
2413 } else {
2414 void **pp = *lp;
2415 for (i = 0; i < L2_SIZE; ++i) {
2416 pa = base | ((abi_ulong)i <<
2417 (TARGET_PAGE_BITS + L2_BITS * level));
2418 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2419 if (rc != 0) {
2420 return rc;
2421 }
2422 }
2423 }
2424
2425 return 0;
2426 }
2427
2428 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2429 {
2430 struct walk_memory_regions_data data;
2431 unsigned long i;
2432
2433 data.fn = fn;
2434 data.priv = priv;
2435 data.start = -1ul;
2436 data.prot = 0;
2437
2438 for (i = 0; i < V_L1_SIZE; i++) {
2439 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2440 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2441 if (rc != 0) {
2442 return rc;
2443 }
2444 }
2445
2446 return walk_memory_regions_end(&data, 0, 0);
2447 }
2448
2449 static int dump_region(void *priv, abi_ulong start,
2450 abi_ulong end, unsigned long prot)
2451 {
2452 FILE *f = (FILE *)priv;
2453
2454 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2455 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2456 start, end, end - start,
2457 ((prot & PAGE_READ) ? 'r' : '-'),
2458 ((prot & PAGE_WRITE) ? 'w' : '-'),
2459 ((prot & PAGE_EXEC) ? 'x' : '-'));
2460
2461 return (0);
2462 }
2463
2464 /* dump memory mappings */
2465 void page_dump(FILE *f)
2466 {
2467 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2468 "start", "end", "size", "prot");
2469 walk_memory_regions(f, dump_region);
2470 }
2471
2472 int page_get_flags(target_ulong address)
2473 {
2474 PageDesc *p;
2475
2476 p = page_find(address >> TARGET_PAGE_BITS);
2477 if (!p)
2478 return 0;
2479 return p->flags;
2480 }
2481
2482 /* Modify the flags of a page and invalidate the code if necessary.
2483 The flag PAGE_WRITE_ORG is positioned automatically depending
2484 on PAGE_WRITE. The mmap_lock should already be held. */
2485 void page_set_flags(target_ulong start, target_ulong end, int flags)
2486 {
2487 target_ulong addr, len;
2488
2489 /* This function should never be called with addresses outside the
2490 guest address space. If this assert fires, it probably indicates
2491 a missing call to h2g_valid. */
2492 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2493 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2494 #endif
2495 assert(start < end);
2496
2497 start = start & TARGET_PAGE_MASK;
2498 end = TARGET_PAGE_ALIGN(end);
2499
2500 if (flags & PAGE_WRITE) {
2501 flags |= PAGE_WRITE_ORG;
2502 }
2503
2504 for (addr = start, len = end - start;
2505 len != 0;
2506 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2507 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2508
2509 /* If the write protection bit is set, then we invalidate
2510 the code inside. */
2511 if (!(p->flags & PAGE_WRITE) &&
2512 (flags & PAGE_WRITE) &&
2513 p->first_tb) {
2514 tb_invalidate_phys_page(addr, 0, NULL);
2515 }
2516 p->flags = flags;
2517 }
2518 }
2519
2520 int page_check_range(target_ulong start, target_ulong len, int flags)
2521 {
2522 PageDesc *p;
2523 target_ulong end;
2524 target_ulong addr;
2525
2526 /* This function should never be called with addresses outside the
2527 guest address space. If this assert fires, it probably indicates
2528 a missing call to h2g_valid. */
2529 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2530 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2531 #endif
2532
2533 if (len == 0) {
2534 return 0;
2535 }
2536 if (start + len - 1 < start) {
2537 /* We've wrapped around. */
2538 return -1;
2539 }
2540
2541 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2542 start = start & TARGET_PAGE_MASK;
2543
2544 for (addr = start, len = end - start;
2545 len != 0;
2546 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2547 p = page_find(addr >> TARGET_PAGE_BITS);
2548 if( !p )
2549 return -1;
2550 if( !(p->flags & PAGE_VALID) )
2551 return -1;
2552
2553 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
2554 return -1;
2555 if (flags & PAGE_WRITE) {
2556 if (!(p->flags & PAGE_WRITE_ORG))
2557 return -1;
2558 /* unprotect the page if it was put read-only because it
2559 contains translated code */
2560 if (!(p->flags & PAGE_WRITE)) {
2561 if (!page_unprotect(addr, 0, NULL))
2562 return -1;
2563 }
2564 return 0;
2565 }
2566 }
2567 return 0;
2568 }
2569
2570 /* called from signal handler: invalidate the code and unprotect the
2571 page. Return TRUE if the fault was successfully handled. */
2572 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
2573 {
2574 unsigned int prot;
2575 PageDesc *p;
2576 target_ulong host_start, host_end, addr;
2577
2578 /* Technically this isn't safe inside a signal handler. However we
2579 know this only ever happens in a synchronous SEGV handler, so in
2580 practice it seems to be ok. */
2581 mmap_lock();
2582
2583 p = page_find(address >> TARGET_PAGE_BITS);
2584 if (!p) {
2585 mmap_unlock();
2586 return 0;
2587 }
2588
2589 /* if the page was really writable, then we change its
2590 protection back to writable */
2591 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2592 host_start = address & qemu_host_page_mask;
2593 host_end = host_start + qemu_host_page_size;
2594
2595 prot = 0;
2596 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2597 p = page_find(addr >> TARGET_PAGE_BITS);
2598 p->flags |= PAGE_WRITE;
2599 prot |= p->flags;
2600
2601 /* and since the content will be modified, we must invalidate
2602 the corresponding translated code. */
2603 tb_invalidate_phys_page(addr, pc, puc);
2604 #ifdef DEBUG_TB_CHECK
2605 tb_invalidate_check(addr);
2606 #endif
2607 }
2608 mprotect((void *)g2h(host_start), qemu_host_page_size,
2609 prot & PAGE_BITS);
2610
2611 mmap_unlock();
2612 return 1;
2613 }
2614 mmap_unlock();
2615 return 0;
2616 }
2617
2618 static inline void tlb_set_dirty(CPUState *env,
2619 unsigned long addr, target_ulong vaddr)
2620 {
2621 }
2622 #endif /* defined(CONFIG_USER_ONLY) */
2623
2624 #if !defined(CONFIG_USER_ONLY)
2625
2626 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2627 typedef struct subpage_t {
2628 target_phys_addr_t base;
2629 ram_addr_t sub_io_index[TARGET_PAGE_SIZE];
2630 ram_addr_t region_offset[TARGET_PAGE_SIZE];
2631 } subpage_t;
2632
2633 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2634 ram_addr_t memory, ram_addr_t region_offset);
2635 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
2636 ram_addr_t orig_memory,
2637 ram_addr_t region_offset);
2638 #define CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2, \
2639 need_subpage) \
2640 do { \
2641 if (addr > start_addr) \
2642 start_addr2 = 0; \
2643 else { \
2644 start_addr2 = start_addr & ~TARGET_PAGE_MASK; \
2645 if (start_addr2 > 0) \
2646 need_subpage = 1; \
2647 } \
2648 \
2649 if ((start_addr + orig_size) - addr >= TARGET_PAGE_SIZE) \
2650 end_addr2 = TARGET_PAGE_SIZE - 1; \
2651 else { \
2652 end_addr2 = (start_addr + orig_size - 1) & ~TARGET_PAGE_MASK; \
2653 if (end_addr2 < TARGET_PAGE_SIZE - 1) \
2654 need_subpage = 1; \
2655 } \
2656 } while (0)
2657
2658 /* register physical memory.
2659 For RAM, 'size' must be a multiple of the target page size.
2660 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
2661 io memory page. The address used when calling the IO function is
2662 the offset from the start of the region, plus region_offset. Both
2663 start_addr and region_offset are rounded down to a page boundary
2664 before calculating this offset. This should not be a problem unless
2665 the low bits of start_addr and region_offset differ. */
2666 void cpu_register_physical_memory_log(target_phys_addr_t start_addr,
2667 ram_addr_t size,
2668 ram_addr_t phys_offset,
2669 ram_addr_t region_offset,
2670 bool log_dirty)
2671 {
2672 target_phys_addr_t addr, end_addr;
2673 PhysPageDesc *p;
2674 CPUState *env;
2675 ram_addr_t orig_size = size;
2676 subpage_t *subpage;
2677
2678 assert(size);
2679 cpu_notify_set_memory(start_addr, size, phys_offset, log_dirty);
2680
2681 if (phys_offset == IO_MEM_UNASSIGNED) {
2682 region_offset = start_addr;
2683 }
2684 region_offset &= TARGET_PAGE_MASK;
2685 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
2686 end_addr = start_addr + (target_phys_addr_t)size;
2687
2688 addr = start_addr;
2689 do {
2690 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2691 if (p && p->phys_offset != IO_MEM_UNASSIGNED) {
2692 ram_addr_t orig_memory = p->phys_offset;
2693 target_phys_addr_t start_addr2, end_addr2;
2694 int need_subpage = 0;
2695
2696 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr, end_addr2,
2697 need_subpage);
2698 if (need_subpage) {
2699 if (!(orig_memory & IO_MEM_SUBPAGE)) {
2700 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2701 &p->phys_offset, orig_memory,
2702 p->region_offset);
2703 } else {
2704 subpage = io_mem_opaque[(orig_memory & ~TARGET_PAGE_MASK)
2705 >> IO_MEM_SHIFT];
2706 }
2707 subpage_register(subpage, start_addr2, end_addr2, phys_offset,
2708 region_offset);
2709 p->region_offset = 0;
2710 } else {
2711 p->phys_offset = phys_offset;
2712 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2713 (phys_offset & IO_MEM_ROMD))
2714 phys_offset += TARGET_PAGE_SIZE;
2715 }
2716 } else {
2717 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2718 p->phys_offset = phys_offset;
2719 p->region_offset = region_offset;
2720 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM ||
2721 (phys_offset & IO_MEM_ROMD)) {
2722 phys_offset += TARGET_PAGE_SIZE;
2723 } else {
2724 target_phys_addr_t start_addr2, end_addr2;
2725 int need_subpage = 0;
2726
2727 CHECK_SUBPAGE(addr, start_addr, start_addr2, end_addr,
2728 end_addr2, need_subpage);
2729
2730 if (need_subpage) {
2731 subpage = subpage_init((addr & TARGET_PAGE_MASK),
2732 &p->phys_offset, IO_MEM_UNASSIGNED,
2733 addr & TARGET_PAGE_MASK);
2734 subpage_register(subpage, start_addr2, end_addr2,
2735 phys_offset, region_offset);
2736 p->region_offset = 0;
2737 }
2738 }
2739 }
2740 region_offset += TARGET_PAGE_SIZE;
2741 addr += TARGET_PAGE_SIZE;
2742 } while (addr != end_addr);
2743
2744 /* since each CPU stores ram addresses in its TLB cache, we must
2745 reset the modified entries */
2746 /* XXX: slow ! */
2747 for(env = first_cpu; env != NULL; env = env->next_cpu) {
2748 tlb_flush(env, 1);
2749 }
2750 }
2751
2752 /* XXX: temporary until new memory mapping API */
2753 ram_addr_t cpu_get_physical_page_desc(target_phys_addr_t addr)
2754 {
2755 PhysPageDesc *p;
2756
2757 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2758 if (!p)
2759 return IO_MEM_UNASSIGNED;
2760 return p->phys_offset;
2761 }
2762
2763 void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2764 {
2765 if (kvm_enabled())
2766 kvm_coalesce_mmio_region(addr, size);
2767 }
2768
2769 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
2770 {
2771 if (kvm_enabled())
2772 kvm_uncoalesce_mmio_region(addr, size);
2773 }
2774
2775 void qemu_flush_coalesced_mmio_buffer(void)
2776 {
2777 if (kvm_enabled())
2778 kvm_flush_coalesced_mmio_buffer();
2779 }
2780
2781 #if defined(__linux__) && !defined(TARGET_S390X)
2782
2783 #include <sys/vfs.h>
2784
2785 #define HUGETLBFS_MAGIC 0x958458f6
2786
2787 static long gethugepagesize(const char *path)
2788 {
2789 struct statfs fs;
2790 int ret;
2791
2792 do {
2793 ret = statfs(path, &fs);
2794 } while (ret != 0 && errno == EINTR);
2795
2796 if (ret != 0) {
2797 perror(path);
2798 return 0;
2799 }
2800
2801 if (fs.f_type != HUGETLBFS_MAGIC)
2802 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2803
2804 return fs.f_bsize;
2805 }
2806
2807 static void *file_ram_alloc(RAMBlock *block,
2808 ram_addr_t memory,
2809 const char *path)
2810 {
2811 char *filename;
2812 void *area;
2813 int fd;
2814 #ifdef MAP_POPULATE
2815 int flags;
2816 #endif
2817 unsigned long hpagesize;
2818
2819 hpagesize = gethugepagesize(path);
2820 if (!hpagesize) {
2821 return NULL;
2822 }
2823
2824 if (memory < hpagesize) {
2825 return NULL;
2826 }
2827
2828 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2829 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2830 return NULL;
2831 }
2832
2833 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2834 return NULL;
2835 }
2836
2837 fd = mkstemp(filename);
2838 if (fd < 0) {
2839 perror("unable to create backing store for hugepages");
2840 free(filename);
2841 return NULL;
2842 }
2843 unlink(filename);
2844 free(filename);
2845
2846 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2847
2848 /*
2849 * ftruncate is not supported by hugetlbfs in older
2850 * hosts, so don't bother bailing out on errors.
2851 * If anything goes wrong with it under other filesystems,
2852 * mmap will fail.
2853 */
2854 if (ftruncate(fd, memory))
2855 perror("ftruncate");
2856
2857 #ifdef MAP_POPULATE
2858 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2859 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2860 * to sidestep this quirk.
2861 */
2862 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2863 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2864 #else
2865 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2866 #endif
2867 if (area == MAP_FAILED) {
2868 perror("file_ram_alloc: can't mmap RAM pages");
2869 close(fd);
2870 return (NULL);
2871 }
2872 block->fd = fd;
2873 return area;
2874 }
2875 #endif
2876
2877 static ram_addr_t find_ram_offset(ram_addr_t size)
2878 {
2879 RAMBlock *block, *next_block;
2880 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2881
2882 if (QLIST_EMPTY(&ram_list.blocks))
2883 return 0;
2884
2885 QLIST_FOREACH(block, &ram_list.blocks, next) {
2886 ram_addr_t end, next = RAM_ADDR_MAX;
2887
2888 end = block->offset + block->length;
2889
2890 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2891 if (next_block->offset >= end) {
2892 next = MIN(next, next_block->offset);
2893 }
2894 }
2895 if (next - end >= size && next - end < mingap) {
2896 offset = end;
2897 mingap = next - end;
2898 }
2899 }
2900
2901 if (offset == RAM_ADDR_MAX) {
2902 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2903 (uint64_t)size);
2904 abort();
2905 }
2906
2907 return offset;
2908 }
2909
2910 static ram_addr_t last_ram_offset(void)
2911 {
2912 RAMBlock *block;
2913 ram_addr_t last = 0;
2914
2915 QLIST_FOREACH(block, &ram_list.blocks, next)
2916 last = MAX(last, block->offset + block->length);
2917
2918 return last;
2919 }
2920
2921 ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, const char *name,
2922 ram_addr_t size, void *host,
2923 MemoryRegion *mr)
2924 {
2925 RAMBlock *new_block, *block;
2926
2927 size = TARGET_PAGE_ALIGN(size);
2928 new_block = g_malloc0(sizeof(*new_block));
2929
2930 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2931 char *id = dev->parent_bus->info->get_dev_path(dev);
2932 if (id) {
2933 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2934 g_free(id);
2935 }
2936 }
2937 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2938
2939 QLIST_FOREACH(block, &ram_list.blocks, next) {
2940 if (!strcmp(block->idstr, new_block->idstr)) {
2941 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2942 new_block->idstr);
2943 abort();
2944 }
2945 }
2946
2947 new_block->offset = find_ram_offset(size);
2948 if (host) {
2949 new_block->host = host;
2950 new_block->flags |= RAM_PREALLOC_MASK;
2951 } else {
2952 if (mem_path) {
2953 #if defined (__linux__) && !defined(TARGET_S390X)
2954 new_block->host = file_ram_alloc(new_block, size, mem_path);
2955 if (!new_block->host) {
2956 new_block->host = qemu_vmalloc(size);
2957 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2958 }
2959 #else
2960 fprintf(stderr, "-mem-path option unsupported\n");
2961 exit(1);
2962 #endif
2963 } else {
2964 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2965 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2966 an system defined value, which is at least 256GB. Larger systems
2967 have larger values. We put the guest between the end of data
2968 segment (system break) and this value. We use 32GB as a base to
2969 have enough room for the system break to grow. */
2970 new_block->host = mmap((void*)0x800000000, size,
2971 PROT_EXEC|PROT_READ|PROT_WRITE,
2972 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
2973 if (new_block->host == MAP_FAILED) {
2974 fprintf(stderr, "Allocating RAM failed\n");
2975 abort();
2976 }
2977 #else
2978 if (xen_enabled()) {
2979 xen_ram_alloc(new_block->offset, size, mr);
2980 } else {
2981 new_block->host = qemu_vmalloc(size);
2982 }
2983 #endif
2984 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
2985 }
2986 }
2987 new_block->length = size;
2988
2989 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2990
2991 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2992 last_ram_offset() >> TARGET_PAGE_BITS);
2993 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2994 0xff, size >> TARGET_PAGE_BITS);
2995
2996 if (kvm_enabled())
2997 kvm_setup_guest_memory(new_block->host, size);
2998
2999 return new_block->offset;
3000 }
3001
3002 ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, ram_addr_t size,
3003 MemoryRegion *mr)
3004 {
3005 return qemu_ram_alloc_from_ptr(dev, name, size, NULL, mr);
3006 }
3007
3008 void qemu_ram_free_from_ptr(ram_addr_t addr)
3009 {
3010 RAMBlock *block;
3011
3012 QLIST_FOREACH(block, &ram_list.blocks, next) {
3013 if (addr == block->offset) {
3014 QLIST_REMOVE(block, next);
3015 g_free(block);
3016 return;
3017 }
3018 }
3019 }
3020
3021 void qemu_ram_free(ram_addr_t addr)
3022 {
3023 RAMBlock *block;
3024
3025 QLIST_FOREACH(block, &ram_list.blocks, next) {
3026 if (addr == block->offset) {
3027 QLIST_REMOVE(block, next);
3028 if (block->flags & RAM_PREALLOC_MASK) {
3029 ;
3030 } else if (mem_path) {
3031 #if defined (__linux__) && !defined(TARGET_S390X)
3032 if (block->fd) {
3033 munmap(block->host, block->length);
3034 close(block->fd);
3035 } else {
3036 qemu_vfree(block->host);
3037 }
3038 #else
3039 abort();
3040 #endif
3041 } else {
3042 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
3043 munmap(block->host, block->length);
3044 #else
3045 if (xen_enabled()) {
3046 xen_invalidate_map_cache_entry(block->host);
3047 } else {
3048 qemu_vfree(block->host);
3049 }
3050 #endif
3051 }
3052 g_free(block);
3053 return;
3054 }
3055 }
3056
3057 }
3058
3059 #ifndef _WIN32
3060 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
3061 {
3062 RAMBlock *block;
3063 ram_addr_t offset;
3064 int flags;
3065 void *area, *vaddr;
3066
3067 QLIST_FOREACH(block, &ram_list.blocks, next) {
3068 offset = addr - block->offset;
3069 if (offset < block->length) {
3070 vaddr = block->host + offset;
3071 if (block->flags & RAM_PREALLOC_MASK) {
3072 ;
3073 } else {
3074 flags = MAP_FIXED;
3075 munmap(vaddr, length);
3076 if (mem_path) {
3077 #if defined(__linux__) && !defined(TARGET_S390X)
3078 if (block->fd) {
3079 #ifdef MAP_POPULATE
3080 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3081 MAP_PRIVATE;
3082 #else
3083 flags |= MAP_PRIVATE;
3084 #endif
3085 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3086 flags, block->fd, offset);
3087 } else {
3088 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3089 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3090 flags, -1, 0);
3091 }
3092 #else
3093 abort();
3094 #endif
3095 } else {
3096 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
3097 flags |= MAP_SHARED | MAP_ANONYMOUS;
3098 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3099 flags, -1, 0);
3100 #else
3101 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3102 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3103 flags, -1, 0);
3104 #endif
3105 }
3106 if (area != vaddr) {
3107 fprintf(stderr, "Could not remap addr: "
3108 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
3109 length, addr);
3110 exit(1);
3111 }
3112 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3113 }
3114 return;
3115 }
3116 }
3117 }
3118 #endif /* !_WIN32 */
3119
3120 /* Return a host pointer to ram allocated with qemu_ram_alloc.
3121 With the exception of the softmmu code in this file, this should
3122 only be used for local memory (e.g. video ram) that the device owns,
3123 and knows it isn't going to access beyond the end of the block.
3124
3125 It should not be used for general purpose DMA.
3126 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3127 */
3128 void *qemu_get_ram_ptr(ram_addr_t addr)
3129 {
3130 RAMBlock *block;
3131
3132 QLIST_FOREACH(block, &ram_list.blocks, next) {
3133 if (addr - block->offset < block->length) {
3134 /* Move this entry to to start of the list. */
3135 if (block != QLIST_FIRST(&ram_list.blocks)) {
3136 QLIST_REMOVE(block, next);
3137 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3138 }
3139 if (xen_enabled()) {
3140 /* We need to check if the requested address is in the RAM
3141 * because we don't want to map the entire memory in QEMU.
3142 * In that case just map until the end of the page.
3143 */
3144 if (block->offset == 0) {
3145 return xen_map_cache(addr, 0, 0);
3146 } else if (block->host == NULL) {
3147 block->host =
3148 xen_map_cache(block->offset, block->length, 1);
3149 }
3150 }
3151 return block->host + (addr - block->offset);
3152 }
3153 }
3154
3155 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3156 abort();
3157
3158 return NULL;
3159 }
3160
3161 /* Return a host pointer to ram allocated with qemu_ram_alloc.
3162 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3163 */
3164 void *qemu_safe_ram_ptr(ram_addr_t addr)
3165 {
3166 RAMBlock *block;
3167
3168 QLIST_FOREACH(block, &ram_list.blocks, next) {
3169 if (addr - block->offset < block->length) {
3170 if (xen_enabled()) {
3171 /* We need to check if the requested address is in the RAM
3172 * because we don't want to map the entire memory in QEMU.
3173 * In that case just map until the end of the page.
3174 */
3175 if (block->offset == 0) {
3176 return xen_map_cache(addr, 0, 0);
3177 } else if (block->host == NULL) {
3178 block->host =
3179 xen_map_cache(block->offset, block->length, 1);
3180 }
3181 }
3182 return block->host + (addr - block->offset);
3183 }
3184 }
3185
3186 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3187 abort();
3188
3189 return NULL;
3190 }
3191
3192 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3193 * but takes a size argument */
3194 void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
3195 {
3196 if (*size == 0) {
3197 return NULL;
3198 }
3199 if (xen_enabled()) {
3200 return xen_map_cache(addr, *size, 1);
3201 } else {
3202 RAMBlock *block;
3203
3204 QLIST_FOREACH(block, &ram_list.blocks, next) {
3205 if (addr - block->offset < block->length) {
3206 if (addr - block->offset + *size > block->length)
3207 *size = block->length - addr + block->offset;
3208 return block->host + (addr - block->offset);
3209 }
3210 }
3211
3212 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3213 abort();
3214 }
3215 }
3216
3217 void qemu_put_ram_ptr(void *addr)
3218 {
3219 trace_qemu_put_ram_ptr(addr);
3220 }
3221
3222 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
3223 {
3224 RAMBlock *block;
3225 uint8_t *host = ptr;
3226
3227 if (xen_enabled()) {
3228 *ram_addr = xen_ram_addr_from_mapcache(ptr);
3229 return 0;
3230 }
3231
3232 QLIST_FOREACH(block, &ram_list.blocks, next) {
3233 /* This case append when the block is not mapped. */
3234 if (block->host == NULL) {
3235 continue;
3236 }
3237 if (host - block->host < block->length) {
3238 *ram_addr = block->offset + (host - block->host);
3239 return 0;
3240 }
3241 }
3242
3243 return -1;
3244 }
3245
3246 /* Some of the softmmu routines need to translate from a host pointer
3247 (typically a TLB entry) back to a ram offset. */
3248 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3249 {
3250 ram_addr_t ram_addr;
3251
3252 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3253 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3254 abort();
3255 }
3256 return ram_addr;
3257 }
3258
3259 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
3260 {
3261 #ifdef DEBUG_UNASSIGNED
3262 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3263 #endif
3264 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3265 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 1);
3266 #endif
3267 return 0;
3268 }
3269
3270 static uint32_t unassigned_mem_readw(void *opaque, target_phys_addr_t addr)
3271 {
3272 #ifdef DEBUG_UNASSIGNED
3273 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3274 #endif
3275 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3276 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 2);
3277 #endif
3278 return 0;
3279 }
3280
3281 static uint32_t unassigned_mem_readl(void *opaque, target_phys_addr_t addr)
3282 {
3283 #ifdef DEBUG_UNASSIGNED
3284 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3285 #endif
3286 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3287 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, 4);
3288 #endif
3289 return 0;
3290 }
3291
3292 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
3293 {
3294 #ifdef DEBUG_UNASSIGNED
3295 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3296 #endif
3297 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3298 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 1);
3299 #endif
3300 }
3301
3302 static void unassigned_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
3303 {
3304 #ifdef DEBUG_UNASSIGNED
3305 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3306 #endif
3307 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3308 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 2);
3309 #endif
3310 }
3311
3312 static void unassigned_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
3313 {
3314 #ifdef DEBUG_UNASSIGNED
3315 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%x\n", addr, val);
3316 #endif
3317 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
3318 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, 4);
3319 #endif
3320 }
3321
3322 static CPUReadMemoryFunc * const unassigned_mem_read[3] = {
3323 unassigned_mem_readb,
3324 unassigned_mem_readw,
3325 unassigned_mem_readl,
3326 };
3327
3328 static CPUWriteMemoryFunc * const unassigned_mem_write[3] = {
3329 unassigned_mem_writeb,
3330 unassigned_mem_writew,
3331 unassigned_mem_writel,
3332 };
3333
3334 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t ram_addr,
3335 uint32_t val)
3336 {
3337 int dirty_flags;
3338 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3339 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3340 #if !defined(CONFIG_USER_ONLY)
3341 tb_invalidate_phys_page_fast(ram_addr, 1);
3342 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3343 #endif
3344 }
3345 stb_p(qemu_get_ram_ptr(ram_addr), val);
3346 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3347 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3348 /* we remove the notdirty callback only if the code has been
3349 flushed */
3350 if (dirty_flags == 0xff)
3351 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3352 }
3353
3354 static void notdirty_mem_writew(void *opaque, target_phys_addr_t ram_addr,
3355 uint32_t val)
3356 {
3357 int dirty_flags;
3358 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3359 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3360 #if !defined(CONFIG_USER_ONLY)
3361 tb_invalidate_phys_page_fast(ram_addr, 2);
3362 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3363 #endif
3364 }
3365 stw_p(qemu_get_ram_ptr(ram_addr), val);
3366 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3367 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3368 /* we remove the notdirty callback only if the code has been
3369 flushed */
3370 if (dirty_flags == 0xff)
3371 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3372 }
3373
3374 static void notdirty_mem_writel(void *opaque, target_phys_addr_t ram_addr,
3375 uint32_t val)
3376 {
3377 int dirty_flags;
3378 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3379 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
3380 #if !defined(CONFIG_USER_ONLY)
3381 tb_invalidate_phys_page_fast(ram_addr, 4);
3382 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3383 #endif
3384 }
3385 stl_p(qemu_get_ram_ptr(ram_addr), val);
3386 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
3387 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
3388 /* we remove the notdirty callback only if the code has been
3389 flushed */
3390 if (dirty_flags == 0xff)
3391 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
3392 }
3393
3394 static CPUReadMemoryFunc * const error_mem_read[3] = {
3395 NULL, /* never used */
3396 NULL, /* never used */
3397 NULL, /* never used */
3398 };
3399
3400 static CPUWriteMemoryFunc * const notdirty_mem_write[3] = {
3401 notdirty_mem_writeb,
3402 notdirty_mem_writew,
3403 notdirty_mem_writel,
3404 };
3405
3406 /* Generate a debug exception if a watchpoint has been hit. */
3407 static void check_watchpoint(int offset, int len_mask, int flags)
3408 {
3409 CPUState *env = cpu_single_env;
3410 target_ulong pc, cs_base;
3411 TranslationBlock *tb;
3412 target_ulong vaddr;
3413 CPUWatchpoint *wp;
3414 int cpu_flags;
3415
3416 if (env->watchpoint_hit) {
3417 /* We re-entered the check after replacing the TB. Now raise
3418 * the debug interrupt so that is will trigger after the
3419 * current instruction. */
3420 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3421 return;
3422 }
3423 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3424 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3425 if ((vaddr == (wp->vaddr & len_mask) ||
3426 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3427 wp->flags |= BP_WATCHPOINT_HIT;
3428 if (!env->watchpoint_hit) {
3429 env->watchpoint_hit = wp;
3430 tb = tb_find_pc(env->mem_io_pc);
3431 if (!tb) {
3432 cpu_abort(env, "check_watchpoint: could not find TB for "
3433 "pc=%p", (void *)env->mem_io_pc);
3434 }
3435 cpu_restore_state(tb, env, env->mem_io_pc);
3436 tb_phys_invalidate(tb, -1);
3437 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3438 env->exception_index = EXCP_DEBUG;
3439 } else {
3440 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3441 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3442 }
3443 cpu_resume_from_signal(env, NULL);
3444 }
3445 } else {
3446 wp->flags &= ~BP_WATCHPOINT_HIT;
3447 }
3448 }
3449 }
3450
3451 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3452 so these check for a hit then pass through to the normal out-of-line
3453 phys routines. */
3454 static uint32_t watch_mem_readb(void *opaque, target_phys_addr_t addr)
3455 {
3456 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_READ);
3457 return ldub_phys(addr);
3458 }
3459
3460 static uint32_t watch_mem_readw(void *opaque, target_phys_addr_t addr)
3461 {
3462 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_READ);
3463 return lduw_phys(addr);
3464 }
3465
3466 static uint32_t watch_mem_readl(void *opaque, target_phys_addr_t addr)
3467 {
3468 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_READ);
3469 return ldl_phys(addr);
3470 }
3471
3472 static void watch_mem_writeb(void *opaque, target_phys_addr_t addr,
3473 uint32_t val)
3474 {
3475 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x0, BP_MEM_WRITE);
3476 stb_phys(addr, val);
3477 }
3478
3479 static void watch_mem_writew(void *opaque, target_phys_addr_t addr,
3480 uint32_t val)
3481 {
3482 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x1, BP_MEM_WRITE);
3483 stw_phys(addr, val);
3484 }
3485
3486 static void watch_mem_writel(void *opaque, target_phys_addr_t addr,
3487 uint32_t val)
3488 {
3489 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~0x3, BP_MEM_WRITE);
3490 stl_phys(addr, val);
3491 }
3492
3493 static CPUReadMemoryFunc * const watch_mem_read[3] = {
3494 watch_mem_readb,
3495 watch_mem_readw,
3496 watch_mem_readl,
3497 };
3498
3499 static CPUWriteMemoryFunc * const watch_mem_write[3] = {
3500 watch_mem_writeb,
3501 watch_mem_writew,
3502 watch_mem_writel,
3503 };
3504
3505 static inline uint32_t subpage_readlen (subpage_t *mmio,
3506 target_phys_addr_t addr,
3507 unsigned int len)
3508 {
3509 unsigned int idx = SUBPAGE_IDX(addr);
3510 #if defined(DEBUG_SUBPAGE)
3511 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3512 mmio, len, addr, idx);
3513 #endif
3514
3515 addr += mmio->region_offset[idx];
3516 idx = mmio->sub_io_index[idx];
3517 return io_mem_read[idx][len](io_mem_opaque[idx], addr);
3518 }
3519
3520 static inline void subpage_writelen (subpage_t *mmio, target_phys_addr_t addr,
3521 uint32_t value, unsigned int len)
3522 {
3523 unsigned int idx = SUBPAGE_IDX(addr);
3524 #if defined(DEBUG_SUBPAGE)
3525 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d value %08x\n",
3526 __func__, mmio, len, addr, idx, value);
3527 #endif
3528
3529 addr += mmio->region_offset[idx];
3530 idx = mmio->sub_io_index[idx];
3531 io_mem_write[idx][len](io_mem_opaque[idx], addr, value);
3532 }
3533
3534 static uint32_t subpage_readb (void *opaque, target_phys_addr_t addr)
3535 {
3536 return subpage_readlen(opaque, addr, 0);
3537 }
3538
3539 static void subpage_writeb (void *opaque, target_phys_addr_t addr,
3540 uint32_t value)
3541 {
3542 subpage_writelen(opaque, addr, value, 0);
3543 }
3544
3545 static uint32_t subpage_readw (void *opaque, target_phys_addr_t addr)
3546 {
3547 return subpage_readlen(opaque, addr, 1);
3548 }
3549
3550 static void subpage_writew (void *opaque, target_phys_addr_t addr,
3551 uint32_t value)
3552 {
3553 subpage_writelen(opaque, addr, value, 1);
3554 }
3555
3556 static uint32_t subpage_readl (void *opaque, target_phys_addr_t addr)
3557 {
3558 return subpage_readlen(opaque, addr, 2);
3559 }
3560
3561 static void subpage_writel (void *opaque, target_phys_addr_t addr,
3562 uint32_t value)
3563 {
3564 subpage_writelen(opaque, addr, value, 2);
3565 }
3566
3567 static CPUReadMemoryFunc * const subpage_read[] = {
3568 &subpage_readb,
3569 &subpage_readw,
3570 &subpage_readl,
3571 };
3572
3573 static CPUWriteMemoryFunc * const subpage_write[] = {
3574 &subpage_writeb,
3575 &subpage_writew,
3576 &subpage_writel,
3577 };
3578
3579 static uint32_t subpage_ram_readb(void *opaque, target_phys_addr_t addr)
3580 {
3581 ram_addr_t raddr = addr;
3582 void *ptr = qemu_get_ram_ptr(raddr);
3583 return ldub_p(ptr);
3584 }
3585
3586 static void subpage_ram_writeb(void *opaque, target_phys_addr_t addr,
3587 uint32_t value)
3588 {
3589 ram_addr_t raddr = addr;
3590 void *ptr = qemu_get_ram_ptr(raddr);
3591 stb_p(ptr, value);
3592 }
3593
3594 static uint32_t subpage_ram_readw(void *opaque, target_phys_addr_t addr)
3595 {
3596 ram_addr_t raddr = addr;
3597 void *ptr = qemu_get_ram_ptr(raddr);
3598 return lduw_p(ptr);
3599 }
3600
3601 static void subpage_ram_writew(void *opaque, target_phys_addr_t addr,
3602 uint32_t value)
3603 {
3604 ram_addr_t raddr = addr;
3605 void *ptr = qemu_get_ram_ptr(raddr);
3606 stw_p(ptr, value);
3607 }
3608
3609 static uint32_t subpage_ram_readl(void *opaque, target_phys_addr_t addr)
3610 {
3611 ram_addr_t raddr = addr;
3612 void *ptr = qemu_get_ram_ptr(raddr);
3613 return ldl_p(ptr);
3614 }
3615
3616 static void subpage_ram_writel(void *opaque, target_phys_addr_t addr,
3617 uint32_t value)
3618 {
3619 ram_addr_t raddr = addr;
3620 void *ptr = qemu_get_ram_ptr(raddr);
3621 stl_p(ptr, value);
3622 }
3623
3624 static CPUReadMemoryFunc * const subpage_ram_read[] = {
3625 &subpage_ram_readb,
3626 &subpage_ram_readw,
3627 &subpage_ram_readl,
3628 };
3629
3630 static CPUWriteMemoryFunc * const subpage_ram_write[] = {
3631 &subpage_ram_writeb,
3632 &subpage_ram_writew,
3633 &subpage_ram_writel,
3634 };
3635
3636 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3637 ram_addr_t memory, ram_addr_t region_offset)
3638 {
3639 int idx, eidx;
3640
3641 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3642 return -1;
3643 idx = SUBPAGE_IDX(start);
3644 eidx = SUBPAGE_IDX(end);
3645 #if defined(DEBUG_SUBPAGE)
3646 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3647 mmio, start, end, idx, eidx, memory);
3648 #endif
3649 if ((memory & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
3650 memory = IO_MEM_SUBPAGE_RAM;
3651 }
3652 memory = (memory >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3653 for (; idx <= eidx; idx++) {
3654 mmio->sub_io_index[idx] = memory;
3655 mmio->region_offset[idx] = region_offset;
3656 }
3657
3658 return 0;
3659 }
3660
3661 static subpage_t *subpage_init (target_phys_addr_t base, ram_addr_t *phys,
3662 ram_addr_t orig_memory,
3663 ram_addr_t region_offset)
3664 {
3665 subpage_t *mmio;
3666 int subpage_memory;
3667
3668 mmio = g_malloc0(sizeof(subpage_t));
3669
3670 mmio->base = base;
3671 subpage_memory = cpu_register_io_memory(subpage_read, subpage_write, mmio,
3672 DEVICE_NATIVE_ENDIAN);
3673 #if defined(DEBUG_SUBPAGE)
3674 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3675 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3676 #endif
3677 *phys = subpage_memory | IO_MEM_SUBPAGE;
3678 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, orig_memory, region_offset);
3679
3680 return mmio;
3681 }
3682
3683 static int get_free_io_mem_idx(void)
3684 {
3685 int i;
3686
3687 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3688 if (!io_mem_used[i]) {
3689 io_mem_used[i] = 1;
3690 return i;
3691 }
3692 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
3693 return -1;
3694 }
3695
3696 /*
3697 * Usually, devices operate in little endian mode. There are devices out
3698 * there that operate in big endian too. Each device gets byte swapped
3699 * mmio if plugged onto a CPU that does the other endianness.
3700 *
3701 * CPU Device swap?
3702 *
3703 * little little no
3704 * little big yes
3705 * big little yes
3706 * big big no
3707 */
3708
3709 typedef struct SwapEndianContainer {
3710 CPUReadMemoryFunc *read[3];
3711 CPUWriteMemoryFunc *write[3];
3712 void *opaque;
3713 } SwapEndianContainer;
3714
3715 static uint32_t swapendian_mem_readb (void *opaque, target_phys_addr_t addr)
3716 {
3717 uint32_t val;
3718 SwapEndianContainer *c = opaque;
3719 val = c->read[0](c->opaque, addr);
3720 return val;
3721 }
3722
3723 static uint32_t swapendian_mem_readw(void *opaque, target_phys_addr_t addr)
3724 {
3725 uint32_t val;
3726 SwapEndianContainer *c = opaque;
3727 val = bswap16(c->read[1](c->opaque, addr));
3728 return val;
3729 }
3730
3731 static uint32_t swapendian_mem_readl(void *opaque, target_phys_addr_t addr)
3732 {
3733 uint32_t val;
3734 SwapEndianContainer *c = opaque;
3735 val = bswap32(c->read[2](c->opaque, addr));
3736 return val;
3737 }
3738
3739 static CPUReadMemoryFunc * const swapendian_readfn[3]={
3740 swapendian_mem_readb,
3741 swapendian_mem_readw,
3742 swapendian_mem_readl
3743 };
3744
3745 static void swapendian_mem_writeb(void *opaque, target_phys_addr_t addr,
3746 uint32_t val)
3747 {
3748 SwapEndianContainer *c = opaque;
3749 c->write[0](c->opaque, addr, val);
3750 }
3751
3752 static void swapendian_mem_writew(void *opaque, target_phys_addr_t addr,
3753 uint32_t val)
3754 {
3755 SwapEndianContainer *c = opaque;
3756 c->write[1](c->opaque, addr, bswap16(val));
3757 }
3758
3759 static void swapendian_mem_writel(void *opaque, target_phys_addr_t addr,
3760 uint32_t val)
3761 {
3762 SwapEndianContainer *c = opaque;
3763 c->write[2](c->opaque, addr, bswap32(val));
3764 }
3765
3766 static CPUWriteMemoryFunc * const swapendian_writefn[3]={
3767 swapendian_mem_writeb,
3768 swapendian_mem_writew,
3769 swapendian_mem_writel
3770 };
3771
3772 static void swapendian_init(int io_index)
3773 {
3774 SwapEndianContainer *c = g_malloc(sizeof(SwapEndianContainer));
3775 int i;
3776
3777 /* Swap mmio for big endian targets */
3778 c->opaque = io_mem_opaque[io_index];
3779 for (i = 0; i < 3; i++) {
3780 c->read[i] = io_mem_read[io_index][i];
3781 c->write[i] = io_mem_write[io_index][i];
3782
3783 io_mem_read[io_index][i] = swapendian_readfn[i];
3784 io_mem_write[io_index][i] = swapendian_writefn[i];
3785 }
3786 io_mem_opaque[io_index] = c;
3787 }
3788
3789 static void swapendian_del(int io_index)
3790 {
3791 if (io_mem_read[io_index][0] == swapendian_readfn[0]) {
3792 g_free(io_mem_opaque[io_index]);
3793 }
3794 }
3795
3796 /* mem_read and mem_write are arrays of functions containing the
3797 function to access byte (index 0), word (index 1) and dword (index
3798 2). Functions can be omitted with a NULL function pointer.
3799 If io_index is non zero, the corresponding io zone is
3800 modified. If it is zero, a new io zone is allocated. The return
3801 value can be used with cpu_register_physical_memory(). (-1) is
3802 returned if error. */
3803 static int cpu_register_io_memory_fixed(int io_index,
3804 CPUReadMemoryFunc * const *mem_read,
3805 CPUWriteMemoryFunc * const *mem_write,
3806 void *opaque, enum device_endian endian)
3807 {
3808 int i;
3809
3810 if (io_index <= 0) {
3811 io_index = get_free_io_mem_idx();
3812 if (io_index == -1)
3813 return io_index;
3814 } else {
3815 io_index >>= IO_MEM_SHIFT;
3816 if (io_index >= IO_MEM_NB_ENTRIES)
3817 return -1;
3818 }
3819
3820 for (i = 0; i < 3; ++i) {
3821 io_mem_read[io_index][i]
3822 = (mem_read[i] ? mem_read[i] : unassigned_mem_read[i]);
3823 }
3824 for (i = 0; i < 3; ++i) {
3825 io_mem_write[io_index][i]
3826 = (mem_write[i] ? mem_write[i] : unassigned_mem_write[i]);
3827 }
3828 io_mem_opaque[io_index] = opaque;
3829
3830 switch (endian) {
3831 case DEVICE_BIG_ENDIAN:
3832 #ifndef TARGET_WORDS_BIGENDIAN
3833 swapendian_init(io_index);
3834 #endif
3835 break;
3836 case DEVICE_LITTLE_ENDIAN:
3837 #ifdef TARGET_WORDS_BIGENDIAN
3838 swapendian_init(io_index);
3839 #endif
3840 break;
3841 case DEVICE_NATIVE_ENDIAN:
3842 default:
3843 break;
3844 }
3845
3846 return (io_index << IO_MEM_SHIFT);
3847 }
3848
3849 int cpu_register_io_memory(CPUReadMemoryFunc * const *mem_read,
3850 CPUWriteMemoryFunc * const *mem_write,
3851 void *opaque, enum device_endian endian)
3852 {
3853 return cpu_register_io_memory_fixed(0, mem_read, mem_write, opaque, endian);
3854 }
3855
3856 void cpu_unregister_io_memory(int io_table_address)
3857 {
3858 int i;
3859 int io_index = io_table_address >> IO_MEM_SHIFT;
3860
3861 swapendian_del(io_index);
3862
3863 for (i=0;i < 3; i++) {
3864 io_mem_read[io_index][i] = unassigned_mem_read[i];
3865 io_mem_write[io_index][i] = unassigned_mem_write[i];
3866 }
3867 io_mem_opaque[io_index] = NULL;
3868 io_mem_used[io_index] = 0;
3869 }
3870
3871 static void io_mem_init(void)
3872 {
3873 int i;
3874
3875 cpu_register_io_memory_fixed(IO_MEM_ROM, error_mem_read,
3876 unassigned_mem_write, NULL,
3877 DEVICE_NATIVE_ENDIAN);
3878 cpu_register_io_memory_fixed(IO_MEM_UNASSIGNED, unassigned_mem_read,
3879 unassigned_mem_write, NULL,
3880 DEVICE_NATIVE_ENDIAN);
3881 cpu_register_io_memory_fixed(IO_MEM_NOTDIRTY, error_mem_read,
3882 notdirty_mem_write, NULL,
3883 DEVICE_NATIVE_ENDIAN);
3884 cpu_register_io_memory_fixed(IO_MEM_SUBPAGE_RAM, subpage_ram_read,
3885 subpage_ram_write, NULL,
3886 DEVICE_NATIVE_ENDIAN);
3887 for (i=0; i<5; i++)
3888 io_mem_used[i] = 1;
3889
3890 io_mem_watch = cpu_register_io_memory(watch_mem_read,
3891 watch_mem_write, NULL,
3892 DEVICE_NATIVE_ENDIAN);
3893 }
3894
3895 static void memory_map_init(void)
3896 {
3897 system_memory = g_malloc(sizeof(*system_memory));
3898 memory_region_init(system_memory, "system", INT64_MAX);
3899 set_system_memory_map(system_memory);
3900
3901 system_io = g_malloc(sizeof(*system_io));
3902 memory_region_init(system_io, "io", 65536);
3903 set_system_io_map(system_io);
3904 }
3905
3906 MemoryRegion *get_system_memory(void)
3907 {
3908 return system_memory;
3909 }
3910
3911 MemoryRegion *get_system_io(void)
3912 {
3913 return system_io;
3914 }
3915
3916 #endif /* !defined(CONFIG_USER_ONLY) */
3917
3918 /* physical memory access (slow version, mainly for debug) */
3919 #if defined(CONFIG_USER_ONLY)
3920 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3921 uint8_t *buf, int len, int is_write)
3922 {
3923 int l, flags;
3924 target_ulong page;
3925 void * p;
3926
3927 while (len > 0) {
3928 page = addr & TARGET_PAGE_MASK;
3929 l = (page + TARGET_PAGE_SIZE) - addr;
3930 if (l > len)
3931 l = len;
3932 flags = page_get_flags(page);
3933 if (!(flags & PAGE_VALID))
3934 return -1;
3935 if (is_write) {
3936 if (!(flags & PAGE_WRITE))
3937 return -1;
3938 /* XXX: this code should not depend on lock_user */
3939 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3940 return -1;
3941 memcpy(p, buf, l);
3942 unlock_user(p, addr, l);
3943 } else {
3944 if (!(flags & PAGE_READ))
3945 return -1;
3946 /* XXX: this code should not depend on lock_user */
3947 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3948 return -1;
3949 memcpy(buf, p, l);
3950 unlock_user(p, addr, 0);
3951 }
3952 len -= l;
3953 buf += l;
3954 addr += l;
3955 }
3956 return 0;
3957 }
3958
3959 #else
3960 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
3961 int len, int is_write)
3962 {
3963 int l, io_index;
3964 uint8_t *ptr;
3965 uint32_t val;
3966 target_phys_addr_t page;
3967 ram_addr_t pd;
3968 PhysPageDesc *p;
3969
3970 while (len > 0) {
3971 page = addr & TARGET_PAGE_MASK;
3972 l = (page + TARGET_PAGE_SIZE) - addr;
3973 if (l > len)
3974 l = len;
3975 p = phys_page_find(page >> TARGET_PAGE_BITS);
3976 if (!p) {
3977 pd = IO_MEM_UNASSIGNED;
3978 } else {
3979 pd = p->phys_offset;
3980 }
3981
3982 if (is_write) {
3983 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
3984 target_phys_addr_t addr1 = addr;
3985 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
3986 if (p)
3987 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
3988 /* XXX: could force cpu_single_env to NULL to avoid
3989 potential bugs */
3990 if (l >= 4 && ((addr1 & 3) == 0)) {
3991 /* 32 bit write access */
3992 val = ldl_p(buf);
3993 io_mem_write[io_index][2](io_mem_opaque[io_index], addr1, val);
3994 l = 4;
3995 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3996 /* 16 bit write access */
3997 val = lduw_p(buf);
3998 io_mem_write[io_index][1](io_mem_opaque[io_index], addr1, val);
3999 l = 2;
4000 } else {
4001 /* 8 bit write access */
4002 val = ldub_p(buf);
4003 io_mem_write[io_index][0](io_mem_opaque[io_index], addr1, val);
4004 l = 1;
4005 }
4006 } else {
4007 ram_addr_t addr1;
4008 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4009 /* RAM case */
4010 ptr = qemu_get_ram_ptr(addr1);
4011 memcpy(ptr, buf, l);
4012 if (!cpu_physical_memory_is_dirty(addr1)) {
4013 /* invalidate code */
4014 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4015 /* set dirty bit */
4016 cpu_physical_memory_set_dirty_flags(
4017 addr1, (0xff & ~CODE_DIRTY_FLAG));
4018 }
4019 qemu_put_ram_ptr(ptr);
4020 }
4021 } else {
4022 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4023 !(pd & IO_MEM_ROMD)) {
4024 target_phys_addr_t addr1 = addr;
4025 /* I/O case */
4026 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4027 if (p)
4028 addr1 = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4029 if (l >= 4 && ((addr1 & 3) == 0)) {
4030 /* 32 bit read access */
4031 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr1);
4032 stl_p(buf, val);
4033 l = 4;
4034 } else if (l >= 2 && ((addr1 & 1) == 0)) {
4035 /* 16 bit read access */
4036 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr1);
4037 stw_p(buf, val);
4038 l = 2;
4039 } else {
4040 /* 8 bit read access */
4041 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr1);
4042 stb_p(buf, val);
4043 l = 1;
4044 }
4045 } else {
4046 /* RAM case */
4047 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK);
4048 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
4049 qemu_put_ram_ptr(ptr);
4050 }
4051 }
4052 len -= l;
4053 buf += l;
4054 addr += l;
4055 }
4056 }
4057
4058 /* used for ROM loading : can write in RAM and ROM */
4059 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
4060 const uint8_t *buf, int len)
4061 {
4062 int l;
4063 uint8_t *ptr;
4064 target_phys_addr_t page;
4065 unsigned long pd;
4066 PhysPageDesc *p;
4067
4068 while (len > 0) {
4069 page = addr & TARGET_PAGE_MASK;
4070 l = (page + TARGET_PAGE_SIZE) - addr;
4071 if (l > len)
4072 l = len;
4073 p = phys_page_find(page >> TARGET_PAGE_BITS);
4074 if (!p) {
4075 pd = IO_MEM_UNASSIGNED;
4076 } else {
4077 pd = p->phys_offset;
4078 }
4079
4080 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
4081 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM &&
4082 !(pd & IO_MEM_ROMD)) {
4083 /* do nothing */
4084 } else {
4085 unsigned long addr1;
4086 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4087 /* ROM/RAM case */
4088 ptr = qemu_get_ram_ptr(addr1);
4089 memcpy(ptr, buf, l);
4090 qemu_put_ram_ptr(ptr);
4091 }
4092 len -= l;
4093 buf += l;
4094 addr += l;
4095 }
4096 }
4097
4098 typedef struct {
4099 void *buffer;
4100 target_phys_addr_t addr;
4101 target_phys_addr_t len;
4102 } BounceBuffer;
4103
4104 static BounceBuffer bounce;
4105
4106 typedef struct MapClient {
4107 void *opaque;
4108 void (*callback)(void *opaque);
4109 QLIST_ENTRY(MapClient) link;
4110 } MapClient;
4111
4112 static QLIST_HEAD(map_client_list, MapClient) map_client_list
4113 = QLIST_HEAD_INITIALIZER(map_client_list);
4114
4115 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
4116 {
4117 MapClient *client = g_malloc(sizeof(*client));
4118
4119 client->opaque = opaque;
4120 client->callback = callback;
4121 QLIST_INSERT_HEAD(&map_client_list, client, link);
4122 return client;
4123 }
4124
4125 void cpu_unregister_map_client(void *_client)
4126 {
4127 MapClient *client = (MapClient *)_client;
4128
4129 QLIST_REMOVE(client, link);
4130 g_free(client);
4131 }
4132
4133 static void cpu_notify_map_clients(void)
4134 {
4135 MapClient *client;
4136
4137 while (!QLIST_EMPTY(&map_client_list)) {
4138 client = QLIST_FIRST(&map_client_list);
4139 client->callback(client->opaque);
4140 cpu_unregister_map_client(client);
4141 }
4142 }
4143
4144 /* Map a physical memory region into a host virtual address.
4145 * May map a subset of the requested range, given by and returned in *plen.
4146 * May return NULL if resources needed to perform the mapping are exhausted.
4147 * Use only for reads OR writes - not for read-modify-write operations.
4148 * Use cpu_register_map_client() to know when retrying the map operation is
4149 * likely to succeed.
4150 */
4151 void *cpu_physical_memory_map(target_phys_addr_t addr,
4152 target_phys_addr_t *plen,
4153 int is_write)
4154 {
4155 target_phys_addr_t len = *plen;
4156 target_phys_addr_t todo = 0;
4157 int l;
4158 target_phys_addr_t page;
4159 unsigned long pd;
4160 PhysPageDesc *p;
4161 ram_addr_t raddr = RAM_ADDR_MAX;
4162 ram_addr_t rlen;
4163 void *ret;
4164
4165 while (len > 0) {
4166 page = addr & TARGET_PAGE_MASK;
4167 l = (page + TARGET_PAGE_SIZE) - addr;
4168 if (l > len)
4169 l = len;
4170 p = phys_page_find(page >> TARGET_PAGE_BITS);
4171 if (!p) {
4172 pd = IO_MEM_UNASSIGNED;
4173 } else {
4174 pd = p->phys_offset;
4175 }
4176
4177 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4178 if (todo || bounce.buffer) {
4179 break;
4180 }
4181 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4182 bounce.addr = addr;
4183 bounce.len = l;
4184 if (!is_write) {
4185 cpu_physical_memory_read(addr, bounce.buffer, l);
4186 }
4187
4188 *plen = l;
4189 return bounce.buffer;
4190 }
4191 if (!todo) {
4192 raddr = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4193 }
4194
4195 len -= l;
4196 addr += l;
4197 todo += l;
4198 }
4199 rlen = todo;
4200 ret = qemu_ram_ptr_length(raddr, &rlen);
4201 *plen = rlen;
4202 return ret;
4203 }
4204
4205 /* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4206 * Will also mark the memory as dirty if is_write == 1. access_len gives
4207 * the amount of memory that was actually read or written by the caller.
4208 */
4209 void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4210 int is_write, target_phys_addr_t access_len)
4211 {
4212 if (buffer != bounce.buffer) {
4213 if (is_write) {
4214 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
4215 while (access_len) {
4216 unsigned l;
4217 l = TARGET_PAGE_SIZE;
4218 if (l > access_len)
4219 l = access_len;
4220 if (!cpu_physical_memory_is_dirty(addr1)) {
4221 /* invalidate code */
4222 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4223 /* set dirty bit */
4224 cpu_physical_memory_set_dirty_flags(
4225 addr1, (0xff & ~CODE_DIRTY_FLAG));
4226 }
4227 addr1 += l;
4228 access_len -= l;
4229 }
4230 }
4231 if (xen_enabled()) {
4232 xen_invalidate_map_cache_entry(buffer);
4233 }
4234 return;
4235 }
4236 if (is_write) {
4237 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4238 }
4239 qemu_vfree(bounce.buffer);
4240 bounce.buffer = NULL;
4241 cpu_notify_map_clients();
4242 }
4243
4244 /* warning: addr must be aligned */
4245 static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4246 enum device_endian endian)
4247 {
4248 int io_index;
4249 uint8_t *ptr;
4250 uint32_t val;
4251 unsigned long pd;
4252 PhysPageDesc *p;
4253
4254 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4255 if (!p) {
4256 pd = IO_MEM_UNASSIGNED;
4257 } else {
4258 pd = p->phys_offset;
4259 }
4260
4261 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4262 !(pd & IO_MEM_ROMD)) {
4263 /* I/O case */
4264 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4265 if (p)
4266 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4267 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4268 #if defined(TARGET_WORDS_BIGENDIAN)
4269 if (endian == DEVICE_LITTLE_ENDIAN) {
4270 val = bswap32(val);
4271 }
4272 #else
4273 if (endian == DEVICE_BIG_ENDIAN) {
4274 val = bswap32(val);
4275 }
4276 #endif
4277 } else {
4278 /* RAM case */
4279 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4280 (addr & ~TARGET_PAGE_MASK);
4281 switch (endian) {
4282 case DEVICE_LITTLE_ENDIAN:
4283 val = ldl_le_p(ptr);
4284 break;
4285 case DEVICE_BIG_ENDIAN:
4286 val = ldl_be_p(ptr);
4287 break;
4288 default:
4289 val = ldl_p(ptr);
4290 break;
4291 }
4292 }
4293 return val;
4294 }
4295
4296 uint32_t ldl_phys(target_phys_addr_t addr)
4297 {
4298 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4299 }
4300
4301 uint32_t ldl_le_phys(target_phys_addr_t addr)
4302 {
4303 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4304 }
4305
4306 uint32_t ldl_be_phys(target_phys_addr_t addr)
4307 {
4308 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4309 }
4310
4311 /* warning: addr must be aligned */
4312 static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4313 enum device_endian endian)
4314 {
4315 int io_index;
4316 uint8_t *ptr;
4317 uint64_t val;
4318 unsigned long pd;
4319 PhysPageDesc *p;
4320
4321 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4322 if (!p) {
4323 pd = IO_MEM_UNASSIGNED;
4324 } else {
4325 pd = p->phys_offset;
4326 }
4327
4328 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4329 !(pd & IO_MEM_ROMD)) {
4330 /* I/O case */
4331 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4332 if (p)
4333 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4334
4335 /* XXX This is broken when device endian != cpu endian.
4336 Fix and add "endian" variable check */
4337 #ifdef TARGET_WORDS_BIGENDIAN
4338 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
4339 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
4340 #else
4341 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
4342 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
4343 #endif
4344 } else {
4345 /* RAM case */
4346 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4347 (addr & ~TARGET_PAGE_MASK);
4348 switch (endian) {
4349 case DEVICE_LITTLE_ENDIAN:
4350 val = ldq_le_p(ptr);
4351 break;
4352 case DEVICE_BIG_ENDIAN:
4353 val = ldq_be_p(ptr);
4354 break;
4355 default:
4356 val = ldq_p(ptr);
4357 break;
4358 }
4359 }
4360 return val;
4361 }
4362
4363 uint64_t ldq_phys(target_phys_addr_t addr)
4364 {
4365 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4366 }
4367
4368 uint64_t ldq_le_phys(target_phys_addr_t addr)
4369 {
4370 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4371 }
4372
4373 uint64_t ldq_be_phys(target_phys_addr_t addr)
4374 {
4375 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4376 }
4377
4378 /* XXX: optimize */
4379 uint32_t ldub_phys(target_phys_addr_t addr)
4380 {
4381 uint8_t val;
4382 cpu_physical_memory_read(addr, &val, 1);
4383 return val;
4384 }
4385
4386 /* warning: addr must be aligned */
4387 static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4388 enum device_endian endian)
4389 {
4390 int io_index;
4391 uint8_t *ptr;
4392 uint64_t val;
4393 unsigned long pd;
4394 PhysPageDesc *p;
4395
4396 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4397 if (!p) {
4398 pd = IO_MEM_UNASSIGNED;
4399 } else {
4400 pd = p->phys_offset;
4401 }
4402
4403 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
4404 !(pd & IO_MEM_ROMD)) {
4405 /* I/O case */
4406 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4407 if (p)
4408 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4409 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
4410 #if defined(TARGET_WORDS_BIGENDIAN)
4411 if (endian == DEVICE_LITTLE_ENDIAN) {
4412 val = bswap16(val);
4413 }
4414 #else
4415 if (endian == DEVICE_BIG_ENDIAN) {
4416 val = bswap16(val);
4417 }
4418 #endif
4419 } else {
4420 /* RAM case */
4421 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4422 (addr & ~TARGET_PAGE_MASK);
4423 switch (endian) {
4424 case DEVICE_LITTLE_ENDIAN:
4425 val = lduw_le_p(ptr);
4426 break;
4427 case DEVICE_BIG_ENDIAN:
4428 val = lduw_be_p(ptr);
4429 break;
4430 default:
4431 val = lduw_p(ptr);
4432 break;
4433 }
4434 }
4435 return val;
4436 }
4437
4438 uint32_t lduw_phys(target_phys_addr_t addr)
4439 {
4440 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4441 }
4442
4443 uint32_t lduw_le_phys(target_phys_addr_t addr)
4444 {
4445 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4446 }
4447
4448 uint32_t lduw_be_phys(target_phys_addr_t addr)
4449 {
4450 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4451 }
4452
4453 /* warning: addr must be aligned. The ram page is not masked as dirty
4454 and the code inside is not invalidated. It is useful if the dirty
4455 bits are used to track modified PTEs */
4456 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
4457 {
4458 int io_index;
4459 uint8_t *ptr;
4460 unsigned long pd;
4461 PhysPageDesc *p;
4462
4463 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4464 if (!p) {
4465 pd = IO_MEM_UNASSIGNED;
4466 } else {
4467 pd = p->phys_offset;
4468 }
4469
4470 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4471 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4472 if (p)
4473 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4474 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4475 } else {
4476 unsigned long addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4477 ptr = qemu_get_ram_ptr(addr1);
4478 stl_p(ptr, val);
4479
4480 if (unlikely(in_migration)) {
4481 if (!cpu_physical_memory_is_dirty(addr1)) {
4482 /* invalidate code */
4483 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4484 /* set dirty bit */
4485 cpu_physical_memory_set_dirty_flags(
4486 addr1, (0xff & ~CODE_DIRTY_FLAG));
4487 }
4488 }
4489 }
4490 }
4491
4492 void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
4493 {
4494 int io_index;
4495 uint8_t *ptr;
4496 unsigned long pd;
4497 PhysPageDesc *p;
4498
4499 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4500 if (!p) {
4501 pd = IO_MEM_UNASSIGNED;
4502 } else {
4503 pd = p->phys_offset;
4504 }
4505
4506 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4507 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4508 if (p)
4509 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4510 #ifdef TARGET_WORDS_BIGENDIAN
4511 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val >> 32);
4512 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val);
4513 #else
4514 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4515 io_mem_write[io_index][2](io_mem_opaque[io_index], addr + 4, val >> 32);
4516 #endif
4517 } else {
4518 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
4519 (addr & ~TARGET_PAGE_MASK);
4520 stq_p(ptr, val);
4521 }
4522 }
4523
4524 /* warning: addr must be aligned */
4525 static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4526 enum device_endian endian)
4527 {
4528 int io_index;
4529 uint8_t *ptr;
4530 unsigned long pd;
4531 PhysPageDesc *p;
4532
4533 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4534 if (!p) {
4535 pd = IO_MEM_UNASSIGNED;
4536 } else {
4537 pd = p->phys_offset;
4538 }
4539
4540 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4541 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4542 if (p)
4543 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4544 #if defined(TARGET_WORDS_BIGENDIAN)
4545 if (endian == DEVICE_LITTLE_ENDIAN) {
4546 val = bswap32(val);
4547 }
4548 #else
4549 if (endian == DEVICE_BIG_ENDIAN) {
4550 val = bswap32(val);
4551 }
4552 #endif
4553 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
4554 } else {
4555 unsigned long addr1;
4556 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4557 /* RAM case */
4558 ptr = qemu_get_ram_ptr(addr1);
4559 switch (endian) {
4560 case DEVICE_LITTLE_ENDIAN:
4561 stl_le_p(ptr, val);
4562 break;
4563 case DEVICE_BIG_ENDIAN:
4564 stl_be_p(ptr, val);
4565 break;
4566 default:
4567 stl_p(ptr, val);
4568 break;
4569 }
4570 if (!cpu_physical_memory_is_dirty(addr1)) {
4571 /* invalidate code */
4572 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4573 /* set dirty bit */
4574 cpu_physical_memory_set_dirty_flags(addr1,
4575 (0xff & ~CODE_DIRTY_FLAG));
4576 }
4577 }
4578 }
4579
4580 void stl_phys(target_phys_addr_t addr, uint32_t val)
4581 {
4582 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4583 }
4584
4585 void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4586 {
4587 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4588 }
4589
4590 void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4591 {
4592 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4593 }
4594
4595 /* XXX: optimize */
4596 void stb_phys(target_phys_addr_t addr, uint32_t val)
4597 {
4598 uint8_t v = val;
4599 cpu_physical_memory_write(addr, &v, 1);
4600 }
4601
4602 /* warning: addr must be aligned */
4603 static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4604 enum device_endian endian)
4605 {
4606 int io_index;
4607 uint8_t *ptr;
4608 unsigned long pd;
4609 PhysPageDesc *p;
4610
4611 p = phys_page_find(addr >> TARGET_PAGE_BITS);
4612 if (!p) {
4613 pd = IO_MEM_UNASSIGNED;
4614 } else {
4615 pd = p->phys_offset;
4616 }
4617
4618 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
4619 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
4620 if (p)
4621 addr = (addr & ~TARGET_PAGE_MASK) + p->region_offset;
4622 #if defined(TARGET_WORDS_BIGENDIAN)
4623 if (endian == DEVICE_LITTLE_ENDIAN) {
4624 val = bswap16(val);
4625 }
4626 #else
4627 if (endian == DEVICE_BIG_ENDIAN) {
4628 val = bswap16(val);
4629 }
4630 #endif
4631 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
4632 } else {
4633 unsigned long addr1;
4634 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
4635 /* RAM case */
4636 ptr = qemu_get_ram_ptr(addr1);
4637 switch (endian) {
4638 case DEVICE_LITTLE_ENDIAN:
4639 stw_le_p(ptr, val);
4640 break;
4641 case DEVICE_BIG_ENDIAN:
4642 stw_be_p(ptr, val);
4643 break;
4644 default:
4645 stw_p(ptr, val);
4646 break;
4647 }
4648 if (!cpu_physical_memory_is_dirty(addr1)) {
4649 /* invalidate code */
4650 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4651 /* set dirty bit */
4652 cpu_physical_memory_set_dirty_flags(addr1,
4653 (0xff & ~CODE_DIRTY_FLAG));
4654 }
4655 }
4656 }
4657
4658 void stw_phys(target_phys_addr_t addr, uint32_t val)
4659 {
4660 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4661 }
4662
4663 void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4664 {
4665 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4666 }
4667
4668 void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4669 {
4670 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4671 }
4672
4673 /* XXX: optimize */
4674 void stq_phys(target_phys_addr_t addr, uint64_t val)
4675 {
4676 val = tswap64(val);
4677 cpu_physical_memory_write(addr, &val, 8);
4678 }
4679
4680 void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4681 {
4682 val = cpu_to_le64(val);
4683 cpu_physical_memory_write(addr, &val, 8);
4684 }
4685
4686 void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4687 {
4688 val = cpu_to_be64(val);
4689 cpu_physical_memory_write(addr, &val, 8);
4690 }
4691
4692 /* virtual memory access for debug (includes writing to ROM) */
4693 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
4694 uint8_t *buf, int len, int is_write)
4695 {
4696 int l;
4697 target_phys_addr_t phys_addr;
4698 target_ulong page;
4699
4700 while (len > 0) {
4701 page = addr & TARGET_PAGE_MASK;
4702 phys_addr = cpu_get_phys_page_debug(env, page);
4703 /* if no physical page mapped, return an error */
4704 if (phys_addr == -1)
4705 return -1;
4706 l = (page + TARGET_PAGE_SIZE) - addr;
4707 if (l > len)
4708 l = len;
4709 phys_addr += (addr & ~TARGET_PAGE_MASK);
4710 if (is_write)
4711 cpu_physical_memory_write_rom(phys_addr, buf, l);
4712 else
4713 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4714 len -= l;
4715 buf += l;
4716 addr += l;
4717 }
4718 return 0;
4719 }
4720 #endif
4721
4722 /* in deterministic execution mode, instructions doing device I/Os
4723 must be at the end of the TB */
4724 void cpu_io_recompile(CPUState *env, void *retaddr)
4725 {
4726 TranslationBlock *tb;
4727 uint32_t n, cflags;
4728 target_ulong pc, cs_base;
4729 uint64_t flags;
4730
4731 tb = tb_find_pc((unsigned long)retaddr);
4732 if (!tb) {
4733 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4734 retaddr);
4735 }
4736 n = env->icount_decr.u16.low + tb->icount;
4737 cpu_restore_state(tb, env, (unsigned long)retaddr);
4738 /* Calculate how many instructions had been executed before the fault
4739 occurred. */
4740 n = n - env->icount_decr.u16.low;
4741 /* Generate a new TB ending on the I/O insn. */
4742 n++;
4743 /* On MIPS and SH, delay slot instructions can only be restarted if
4744 they were already the first instruction in the TB. If this is not
4745 the first instruction in a TB then re-execute the preceding
4746 branch. */
4747 #if defined(TARGET_MIPS)
4748 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4749 env->active_tc.PC -= 4;
4750 env->icount_decr.u16.low++;
4751 env->hflags &= ~MIPS_HFLAG_BMASK;
4752 }
4753 #elif defined(TARGET_SH4)
4754 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4755 && n > 1) {
4756 env->pc -= 2;
4757 env->icount_decr.u16.low++;
4758 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4759 }
4760 #endif
4761 /* This should never happen. */
4762 if (n > CF_COUNT_MASK)
4763 cpu_abort(env, "TB too big during recompile");
4764
4765 cflags = n | CF_LAST_IO;
4766 pc = tb->pc;
4767 cs_base = tb->cs_base;
4768 flags = tb->flags;
4769 tb_phys_invalidate(tb, -1);
4770 /* FIXME: In theory this could raise an exception. In practice
4771 we have already translated the block once so it's probably ok. */
4772 tb_gen_code(env, pc, cs_base, flags, cflags);
4773 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4774 the first in the TB) then we end up generating a whole new TB and
4775 repeating the fault, which is horribly inefficient.
4776 Better would be to execute just this insn uncached, or generate a
4777 second new TB. */
4778 cpu_resume_from_signal(env, NULL);
4779 }
4780
4781 #if !defined(CONFIG_USER_ONLY)
4782
4783 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4784 {
4785 int i, target_code_size, max_target_code_size;
4786 int direct_jmp_count, direct_jmp2_count, cross_page;
4787 TranslationBlock *tb;
4788
4789 target_code_size = 0;
4790 max_target_code_size = 0;
4791 cross_page = 0;
4792 direct_jmp_count = 0;
4793 direct_jmp2_count = 0;
4794 for(i = 0; i < nb_tbs; i++) {
4795 tb = &tbs[i];
4796 target_code_size += tb->size;
4797 if (tb->size > max_target_code_size)
4798 max_target_code_size = tb->size;
4799 if (tb->page_addr[1] != -1)
4800 cross_page++;
4801 if (tb->tb_next_offset[0] != 0xffff) {
4802 direct_jmp_count++;
4803 if (tb->tb_next_offset[1] != 0xffff) {
4804 direct_jmp2_count++;
4805 }
4806 }
4807 }
4808 /* XXX: avoid using doubles ? */
4809 cpu_fprintf(f, "Translation buffer state:\n");
4810 cpu_fprintf(f, "gen code size %td/%ld\n",
4811 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4812 cpu_fprintf(f, "TB count %d/%d\n",
4813 nb_tbs, code_gen_max_blocks);
4814 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4815 nb_tbs ? target_code_size / nb_tbs : 0,
4816 max_target_code_size);
4817 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4818 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4819 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
4820 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4821 cross_page,
4822 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4823 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4824 direct_jmp_count,
4825 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4826 direct_jmp2_count,
4827 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4828 cpu_fprintf(f, "\nStatistics:\n");
4829 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4830 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4831 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4832 tcg_dump_info(f, cpu_fprintf);
4833 }
4834
4835 #define MMUSUFFIX _cmmu
4836 #undef GETPC
4837 #define GETPC() NULL
4838 #define env cpu_single_env
4839 #define SOFTMMU_CODE_ACCESS
4840
4841 #define SHIFT 0
4842 #include "softmmu_template.h"
4843
4844 #define SHIFT 1
4845 #include "softmmu_template.h"
4846
4847 #define SHIFT 2
4848 #include "softmmu_template.h"
4849
4850 #define SHIFT 3
4851 #include "softmmu_template.h"
4852
4853 #undef env
4854
4855 #endif
Qemu copy for testing