]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
exec.c: Add cpu_get_address_space()
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 #endif
92
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100 int use_icount;
101
102 #if !defined(CONFIG_USER_ONLY)
103
104 typedef struct PhysPageEntry PhysPageEntry;
105
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111 };
112
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
117
118 #define P_L2_BITS 9
119 #define P_L2_SIZE (1 << P_L2_BITS)
120
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123 typedef PhysPageEntry Node[P_L2_SIZE];
124
125 typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134 } PhysPageMap;
135
136 struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145 };
146
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153 } subpage_t;
154
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
159
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
163
164 static MemoryRegion io_mem_watch;
165
166 /**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173 struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178 };
179
180 #endif
181
182 #if !defined(CONFIG_USER_ONLY)
183
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185 {
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191 }
192
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194 {
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211 }
212
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216 {
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237 }
238
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242 {
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247 }
248
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253 {
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300 }
301
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303 {
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309 }
310
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313 {
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333 }
334
335 bool memory_region_is_unassigned(MemoryRegion *mr)
336 {
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339 }
340
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345 {
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355 }
356
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361 {
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391 }
392
393 /* Called from RCU critical section */
394 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
397 {
398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
401
402 for (;;) {
403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
425 *plen = MIN(page, *plen);
426 }
427
428 *xlat = addr;
429 return mr;
430 }
431
432 /* Called from RCU critical section */
433 MemoryRegionSection *
434 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
436 {
437 MemoryRegionSection *section;
438 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
439
440 section = address_space_translate_internal(d, addr, xlat, plen, false);
441
442 assert(!section->mr->iommu_ops);
443 return section;
444 }
445 #endif
446
447 #if !defined(CONFIG_USER_ONLY)
448
449 static int cpu_common_post_load(void *opaque, int version_id)
450 {
451 CPUState *cpu = opaque;
452
453 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
454 version_id is increased. */
455 cpu->interrupt_request &= ~0x01;
456 tlb_flush(cpu, 1);
457
458 return 0;
459 }
460
461 static int cpu_common_pre_load(void *opaque)
462 {
463 CPUState *cpu = opaque;
464
465 cpu->exception_index = -1;
466
467 return 0;
468 }
469
470 static bool cpu_common_exception_index_needed(void *opaque)
471 {
472 CPUState *cpu = opaque;
473
474 return tcg_enabled() && cpu->exception_index != -1;
475 }
476
477 static const VMStateDescription vmstate_cpu_common_exception_index = {
478 .name = "cpu_common/exception_index",
479 .version_id = 1,
480 .minimum_version_id = 1,
481 .needed = cpu_common_exception_index_needed,
482 .fields = (VMStateField[]) {
483 VMSTATE_INT32(exception_index, CPUState),
484 VMSTATE_END_OF_LIST()
485 }
486 };
487
488 static bool cpu_common_crash_occurred_needed(void *opaque)
489 {
490 CPUState *cpu = opaque;
491
492 return cpu->crash_occurred;
493 }
494
495 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
496 .name = "cpu_common/crash_occurred",
497 .version_id = 1,
498 .minimum_version_id = 1,
499 .needed = cpu_common_crash_occurred_needed,
500 .fields = (VMStateField[]) {
501 VMSTATE_BOOL(crash_occurred, CPUState),
502 VMSTATE_END_OF_LIST()
503 }
504 };
505
506 const VMStateDescription vmstate_cpu_common = {
507 .name = "cpu_common",
508 .version_id = 1,
509 .minimum_version_id = 1,
510 .pre_load = cpu_common_pre_load,
511 .post_load = cpu_common_post_load,
512 .fields = (VMStateField[]) {
513 VMSTATE_UINT32(halted, CPUState),
514 VMSTATE_UINT32(interrupt_request, CPUState),
515 VMSTATE_END_OF_LIST()
516 },
517 .subsections = (const VMStateDescription*[]) {
518 &vmstate_cpu_common_exception_index,
519 &vmstate_cpu_common_crash_occurred,
520 NULL
521 }
522 };
523
524 #endif
525
526 CPUState *qemu_get_cpu(int index)
527 {
528 CPUState *cpu;
529
530 CPU_FOREACH(cpu) {
531 if (cpu->cpu_index == index) {
532 return cpu;
533 }
534 }
535
536 return NULL;
537 }
538
539 #if !defined(CONFIG_USER_ONLY)
540 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
541 {
542 CPUAddressSpace *newas;
543
544 /* Target code should have set num_ases before calling us */
545 assert(asidx < cpu->num_ases);
546
547 if (asidx == 0) {
548 /* address space 0 gets the convenience alias */
549 cpu->as = as;
550 }
551
552 /* KVM cannot currently support multiple address spaces. */
553 assert(asidx == 0 || !kvm_enabled());
554
555 if (!cpu->cpu_ases) {
556 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
557 }
558
559 newas = &cpu->cpu_ases[asidx];
560 newas->cpu = cpu;
561 newas->as = as;
562 if (tcg_enabled()) {
563 newas->tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&newas->tcg_as_listener, as);
565 }
566 }
567
568 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
569 {
570 /* Return the AddressSpace corresponding to the specified index */
571 return cpu->cpu_ases[asidx].as;
572 }
573 #endif
574
575 #ifndef CONFIG_USER_ONLY
576 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
577
578 static int cpu_get_free_index(Error **errp)
579 {
580 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
581
582 if (cpu >= MAX_CPUMASK_BITS) {
583 error_setg(errp, "Trying to use more CPUs than max of %d",
584 MAX_CPUMASK_BITS);
585 return -1;
586 }
587
588 bitmap_set(cpu_index_map, cpu, 1);
589 return cpu;
590 }
591
592 void cpu_exec_exit(CPUState *cpu)
593 {
594 if (cpu->cpu_index == -1) {
595 /* cpu_index was never allocated by this @cpu or was already freed. */
596 return;
597 }
598
599 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
600 cpu->cpu_index = -1;
601 }
602 #else
603
604 static int cpu_get_free_index(Error **errp)
605 {
606 CPUState *some_cpu;
607 int cpu_index = 0;
608
609 CPU_FOREACH(some_cpu) {
610 cpu_index++;
611 }
612 return cpu_index;
613 }
614
615 void cpu_exec_exit(CPUState *cpu)
616 {
617 }
618 #endif
619
620 void cpu_exec_init(CPUState *cpu, Error **errp)
621 {
622 CPUClass *cc = CPU_GET_CLASS(cpu);
623 int cpu_index;
624 Error *local_err = NULL;
625
626 cpu->as = NULL;
627 cpu->num_ases = 0;
628
629 #ifndef CONFIG_USER_ONLY
630 cpu->thread_id = qemu_get_thread_id();
631 #endif
632
633 #if defined(CONFIG_USER_ONLY)
634 cpu_list_lock();
635 #endif
636 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
637 if (local_err) {
638 error_propagate(errp, local_err);
639 #if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641 #endif
642 return;
643 }
644 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
645 #if defined(CONFIG_USER_ONLY)
646 cpu_list_unlock();
647 #endif
648 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
649 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
650 }
651 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
652 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
653 cpu_save, cpu_load, cpu->env_ptr);
654 assert(cc->vmsd == NULL);
655 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
656 #endif
657 if (cc->vmsd != NULL) {
658 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
659 }
660 }
661
662 #if defined(CONFIG_USER_ONLY)
663 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
664 {
665 tb_invalidate_phys_page_range(pc, pc + 1, 0);
666 }
667 #else
668 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
669 {
670 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
671 if (phys != -1) {
672 tb_invalidate_phys_addr(cpu->as,
673 phys | (pc & ~TARGET_PAGE_MASK));
674 }
675 }
676 #endif
677
678 #if defined(CONFIG_USER_ONLY)
679 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
680
681 {
682 }
683
684 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
685 int flags)
686 {
687 return -ENOSYS;
688 }
689
690 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
691 {
692 }
693
694 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
695 int flags, CPUWatchpoint **watchpoint)
696 {
697 return -ENOSYS;
698 }
699 #else
700 /* Add a watchpoint. */
701 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
702 int flags, CPUWatchpoint **watchpoint)
703 {
704 CPUWatchpoint *wp;
705
706 /* forbid ranges which are empty or run off the end of the address space */
707 if (len == 0 || (addr + len - 1) < addr) {
708 error_report("tried to set invalid watchpoint at %"
709 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
710 return -EINVAL;
711 }
712 wp = g_malloc(sizeof(*wp));
713
714 wp->vaddr = addr;
715 wp->len = len;
716 wp->flags = flags;
717
718 /* keep all GDB-injected watchpoints in front */
719 if (flags & BP_GDB) {
720 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
721 } else {
722 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
723 }
724
725 tlb_flush_page(cpu, addr);
726
727 if (watchpoint)
728 *watchpoint = wp;
729 return 0;
730 }
731
732 /* Remove a specific watchpoint. */
733 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
734 int flags)
735 {
736 CPUWatchpoint *wp;
737
738 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
739 if (addr == wp->vaddr && len == wp->len
740 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
741 cpu_watchpoint_remove_by_ref(cpu, wp);
742 return 0;
743 }
744 }
745 return -ENOENT;
746 }
747
748 /* Remove a specific watchpoint by reference. */
749 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
750 {
751 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
752
753 tlb_flush_page(cpu, watchpoint->vaddr);
754
755 g_free(watchpoint);
756 }
757
758 /* Remove all matching watchpoints. */
759 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
760 {
761 CPUWatchpoint *wp, *next;
762
763 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
764 if (wp->flags & mask) {
765 cpu_watchpoint_remove_by_ref(cpu, wp);
766 }
767 }
768 }
769
770 /* Return true if this watchpoint address matches the specified
771 * access (ie the address range covered by the watchpoint overlaps
772 * partially or completely with the address range covered by the
773 * access).
774 */
775 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
776 vaddr addr,
777 vaddr len)
778 {
779 /* We know the lengths are non-zero, but a little caution is
780 * required to avoid errors in the case where the range ends
781 * exactly at the top of the address space and so addr + len
782 * wraps round to zero.
783 */
784 vaddr wpend = wp->vaddr + wp->len - 1;
785 vaddr addrend = addr + len - 1;
786
787 return !(addr > wpend || wp->vaddr > addrend);
788 }
789
790 #endif
791
792 /* Add a breakpoint. */
793 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
794 CPUBreakpoint **breakpoint)
795 {
796 CPUBreakpoint *bp;
797
798 bp = g_malloc(sizeof(*bp));
799
800 bp->pc = pc;
801 bp->flags = flags;
802
803 /* keep all GDB-injected breakpoints in front */
804 if (flags & BP_GDB) {
805 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
806 } else {
807 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
808 }
809
810 breakpoint_invalidate(cpu, pc);
811
812 if (breakpoint) {
813 *breakpoint = bp;
814 }
815 return 0;
816 }
817
818 /* Remove a specific breakpoint. */
819 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
820 {
821 CPUBreakpoint *bp;
822
823 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
824 if (bp->pc == pc && bp->flags == flags) {
825 cpu_breakpoint_remove_by_ref(cpu, bp);
826 return 0;
827 }
828 }
829 return -ENOENT;
830 }
831
832 /* Remove a specific breakpoint by reference. */
833 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
834 {
835 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
836
837 breakpoint_invalidate(cpu, breakpoint->pc);
838
839 g_free(breakpoint);
840 }
841
842 /* Remove all matching breakpoints. */
843 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
844 {
845 CPUBreakpoint *bp, *next;
846
847 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
848 if (bp->flags & mask) {
849 cpu_breakpoint_remove_by_ref(cpu, bp);
850 }
851 }
852 }
853
854 /* enable or disable single step mode. EXCP_DEBUG is returned by the
855 CPU loop after each instruction */
856 void cpu_single_step(CPUState *cpu, int enabled)
857 {
858 if (cpu->singlestep_enabled != enabled) {
859 cpu->singlestep_enabled = enabled;
860 if (kvm_enabled()) {
861 kvm_update_guest_debug(cpu, 0);
862 } else {
863 /* must flush all the translated code to avoid inconsistencies */
864 /* XXX: only flush what is necessary */
865 tb_flush(cpu);
866 }
867 }
868 }
869
870 void cpu_abort(CPUState *cpu, const char *fmt, ...)
871 {
872 va_list ap;
873 va_list ap2;
874
875 va_start(ap, fmt);
876 va_copy(ap2, ap);
877 fprintf(stderr, "qemu: fatal: ");
878 vfprintf(stderr, fmt, ap);
879 fprintf(stderr, "\n");
880 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
881 if (qemu_log_separate()) {
882 qemu_log("qemu: fatal: ");
883 qemu_log_vprintf(fmt, ap2);
884 qemu_log("\n");
885 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
886 qemu_log_flush();
887 qemu_log_close();
888 }
889 va_end(ap2);
890 va_end(ap);
891 replay_finish();
892 #if defined(CONFIG_USER_ONLY)
893 {
894 struct sigaction act;
895 sigfillset(&act.sa_mask);
896 act.sa_handler = SIG_DFL;
897 sigaction(SIGABRT, &act, NULL);
898 }
899 #endif
900 abort();
901 }
902
903 #if !defined(CONFIG_USER_ONLY)
904 /* Called from RCU critical section */
905 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
906 {
907 RAMBlock *block;
908
909 block = atomic_rcu_read(&ram_list.mru_block);
910 if (block && addr - block->offset < block->max_length) {
911 return block;
912 }
913 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
914 if (addr - block->offset < block->max_length) {
915 goto found;
916 }
917 }
918
919 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
920 abort();
921
922 found:
923 /* It is safe to write mru_block outside the iothread lock. This
924 * is what happens:
925 *
926 * mru_block = xxx
927 * rcu_read_unlock()
928 * xxx removed from list
929 * rcu_read_lock()
930 * read mru_block
931 * mru_block = NULL;
932 * call_rcu(reclaim_ramblock, xxx);
933 * rcu_read_unlock()
934 *
935 * atomic_rcu_set is not needed here. The block was already published
936 * when it was placed into the list. Here we're just making an extra
937 * copy of the pointer.
938 */
939 ram_list.mru_block = block;
940 return block;
941 }
942
943 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
944 {
945 CPUState *cpu;
946 ram_addr_t start1;
947 RAMBlock *block;
948 ram_addr_t end;
949
950 end = TARGET_PAGE_ALIGN(start + length);
951 start &= TARGET_PAGE_MASK;
952
953 rcu_read_lock();
954 block = qemu_get_ram_block(start);
955 assert(block == qemu_get_ram_block(end - 1));
956 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
957 CPU_FOREACH(cpu) {
958 tlb_reset_dirty(cpu, start1, length);
959 }
960 rcu_read_unlock();
961 }
962
963 /* Note: start and end must be within the same ram block. */
964 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
965 ram_addr_t length,
966 unsigned client)
967 {
968 unsigned long end, page;
969 bool dirty;
970
971 if (length == 0) {
972 return false;
973 }
974
975 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
976 page = start >> TARGET_PAGE_BITS;
977 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
978 page, end - page);
979
980 if (dirty && tcg_enabled()) {
981 tlb_reset_dirty_range_all(start, length);
982 }
983
984 return dirty;
985 }
986
987 /* Called from RCU critical section */
988 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
989 MemoryRegionSection *section,
990 target_ulong vaddr,
991 hwaddr paddr, hwaddr xlat,
992 int prot,
993 target_ulong *address)
994 {
995 hwaddr iotlb;
996 CPUWatchpoint *wp;
997
998 if (memory_region_is_ram(section->mr)) {
999 /* Normal RAM. */
1000 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1001 + xlat;
1002 if (!section->readonly) {
1003 iotlb |= PHYS_SECTION_NOTDIRTY;
1004 } else {
1005 iotlb |= PHYS_SECTION_ROM;
1006 }
1007 } else {
1008 AddressSpaceDispatch *d;
1009
1010 d = atomic_rcu_read(&section->address_space->dispatch);
1011 iotlb = section - d->map.sections;
1012 iotlb += xlat;
1013 }
1014
1015 /* Make accesses to pages with watchpoints go via the
1016 watchpoint trap routines. */
1017 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1018 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1019 /* Avoid trapping reads of pages with a write breakpoint. */
1020 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1021 iotlb = PHYS_SECTION_WATCH + paddr;
1022 *address |= TLB_MMIO;
1023 break;
1024 }
1025 }
1026 }
1027
1028 return iotlb;
1029 }
1030 #endif /* defined(CONFIG_USER_ONLY) */
1031
1032 #if !defined(CONFIG_USER_ONLY)
1033
1034 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1035 uint16_t section);
1036 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1037
1038 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1039 qemu_anon_ram_alloc;
1040
1041 /*
1042 * Set a custom physical guest memory alloator.
1043 * Accelerators with unusual needs may need this. Hopefully, we can
1044 * get rid of it eventually.
1045 */
1046 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1047 {
1048 phys_mem_alloc = alloc;
1049 }
1050
1051 static uint16_t phys_section_add(PhysPageMap *map,
1052 MemoryRegionSection *section)
1053 {
1054 /* The physical section number is ORed with a page-aligned
1055 * pointer to produce the iotlb entries. Thus it should
1056 * never overflow into the page-aligned value.
1057 */
1058 assert(map->sections_nb < TARGET_PAGE_SIZE);
1059
1060 if (map->sections_nb == map->sections_nb_alloc) {
1061 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1062 map->sections = g_renew(MemoryRegionSection, map->sections,
1063 map->sections_nb_alloc);
1064 }
1065 map->sections[map->sections_nb] = *section;
1066 memory_region_ref(section->mr);
1067 return map->sections_nb++;
1068 }
1069
1070 static void phys_section_destroy(MemoryRegion *mr)
1071 {
1072 bool have_sub_page = mr->subpage;
1073
1074 memory_region_unref(mr);
1075
1076 if (have_sub_page) {
1077 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1078 object_unref(OBJECT(&subpage->iomem));
1079 g_free(subpage);
1080 }
1081 }
1082
1083 static void phys_sections_free(PhysPageMap *map)
1084 {
1085 while (map->sections_nb > 0) {
1086 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1087 phys_section_destroy(section->mr);
1088 }
1089 g_free(map->sections);
1090 g_free(map->nodes);
1091 }
1092
1093 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1094 {
1095 subpage_t *subpage;
1096 hwaddr base = section->offset_within_address_space
1097 & TARGET_PAGE_MASK;
1098 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1099 d->map.nodes, d->map.sections);
1100 MemoryRegionSection subsection = {
1101 .offset_within_address_space = base,
1102 .size = int128_make64(TARGET_PAGE_SIZE),
1103 };
1104 hwaddr start, end;
1105
1106 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1107
1108 if (!(existing->mr->subpage)) {
1109 subpage = subpage_init(d->as, base);
1110 subsection.address_space = d->as;
1111 subsection.mr = &subpage->iomem;
1112 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1113 phys_section_add(&d->map, &subsection));
1114 } else {
1115 subpage = container_of(existing->mr, subpage_t, iomem);
1116 }
1117 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1118 end = start + int128_get64(section->size) - 1;
1119 subpage_register(subpage, start, end,
1120 phys_section_add(&d->map, section));
1121 }
1122
1123
1124 static void register_multipage(AddressSpaceDispatch *d,
1125 MemoryRegionSection *section)
1126 {
1127 hwaddr start_addr = section->offset_within_address_space;
1128 uint16_t section_index = phys_section_add(&d->map, section);
1129 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1130 TARGET_PAGE_BITS));
1131
1132 assert(num_pages);
1133 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1134 }
1135
1136 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1137 {
1138 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1139 AddressSpaceDispatch *d = as->next_dispatch;
1140 MemoryRegionSection now = *section, remain = *section;
1141 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1142
1143 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1144 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1145 - now.offset_within_address_space;
1146
1147 now.size = int128_min(int128_make64(left), now.size);
1148 register_subpage(d, &now);
1149 } else {
1150 now.size = int128_zero();
1151 }
1152 while (int128_ne(remain.size, now.size)) {
1153 remain.size = int128_sub(remain.size, now.size);
1154 remain.offset_within_address_space += int128_get64(now.size);
1155 remain.offset_within_region += int128_get64(now.size);
1156 now = remain;
1157 if (int128_lt(remain.size, page_size)) {
1158 register_subpage(d, &now);
1159 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1160 now.size = page_size;
1161 register_subpage(d, &now);
1162 } else {
1163 now.size = int128_and(now.size, int128_neg(page_size));
1164 register_multipage(d, &now);
1165 }
1166 }
1167 }
1168
1169 void qemu_flush_coalesced_mmio_buffer(void)
1170 {
1171 if (kvm_enabled())
1172 kvm_flush_coalesced_mmio_buffer();
1173 }
1174
1175 void qemu_mutex_lock_ramlist(void)
1176 {
1177 qemu_mutex_lock(&ram_list.mutex);
1178 }
1179
1180 void qemu_mutex_unlock_ramlist(void)
1181 {
1182 qemu_mutex_unlock(&ram_list.mutex);
1183 }
1184
1185 #ifdef __linux__
1186
1187 #include <sys/vfs.h>
1188
1189 #define HUGETLBFS_MAGIC 0x958458f6
1190
1191 static long gethugepagesize(const char *path, Error **errp)
1192 {
1193 struct statfs fs;
1194 int ret;
1195
1196 do {
1197 ret = statfs(path, &fs);
1198 } while (ret != 0 && errno == EINTR);
1199
1200 if (ret != 0) {
1201 error_setg_errno(errp, errno, "failed to get page size of file %s",
1202 path);
1203 return 0;
1204 }
1205
1206 return fs.f_bsize;
1207 }
1208
1209 static void *file_ram_alloc(RAMBlock *block,
1210 ram_addr_t memory,
1211 const char *path,
1212 Error **errp)
1213 {
1214 struct stat st;
1215 char *filename;
1216 char *sanitized_name;
1217 char *c;
1218 void *area;
1219 int fd;
1220 uint64_t hpagesize;
1221 Error *local_err = NULL;
1222
1223 hpagesize = gethugepagesize(path, &local_err);
1224 if (local_err) {
1225 error_propagate(errp, local_err);
1226 goto error;
1227 }
1228 block->mr->align = hpagesize;
1229
1230 if (memory < hpagesize) {
1231 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1232 "or larger than huge page size 0x%" PRIx64,
1233 memory, hpagesize);
1234 goto error;
1235 }
1236
1237 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1238 error_setg(errp,
1239 "host lacks kvm mmu notifiers, -mem-path unsupported");
1240 goto error;
1241 }
1242
1243 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1244 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1245 sanitized_name = g_strdup(memory_region_name(block->mr));
1246 for (c = sanitized_name; *c != '\0'; c++) {
1247 if (*c == '/') {
1248 *c = '_';
1249 }
1250 }
1251
1252 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1253 sanitized_name);
1254 g_free(sanitized_name);
1255
1256 fd = mkstemp(filename);
1257 if (fd >= 0) {
1258 unlink(filename);
1259 }
1260 g_free(filename);
1261 } else {
1262 fd = open(path, O_RDWR | O_CREAT, 0644);
1263 }
1264
1265 if (fd < 0) {
1266 error_setg_errno(errp, errno,
1267 "unable to create backing store for hugepages");
1268 goto error;
1269 }
1270
1271 memory = ROUND_UP(memory, hpagesize);
1272
1273 /*
1274 * ftruncate is not supported by hugetlbfs in older
1275 * hosts, so don't bother bailing out on errors.
1276 * If anything goes wrong with it under other filesystems,
1277 * mmap will fail.
1278 */
1279 if (ftruncate(fd, memory)) {
1280 perror("ftruncate");
1281 }
1282
1283 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1284 if (area == MAP_FAILED) {
1285 error_setg_errno(errp, errno,
1286 "unable to map backing store for hugepages");
1287 close(fd);
1288 goto error;
1289 }
1290
1291 if (mem_prealloc) {
1292 os_mem_prealloc(fd, area, memory);
1293 }
1294
1295 block->fd = fd;
1296 return area;
1297
1298 error:
1299 return NULL;
1300 }
1301 #endif
1302
1303 /* Called with the ramlist lock held. */
1304 static ram_addr_t find_ram_offset(ram_addr_t size)
1305 {
1306 RAMBlock *block, *next_block;
1307 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1308
1309 assert(size != 0); /* it would hand out same offset multiple times */
1310
1311 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1312 return 0;
1313 }
1314
1315 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1316 ram_addr_t end, next = RAM_ADDR_MAX;
1317
1318 end = block->offset + block->max_length;
1319
1320 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1321 if (next_block->offset >= end) {
1322 next = MIN(next, next_block->offset);
1323 }
1324 }
1325 if (next - end >= size && next - end < mingap) {
1326 offset = end;
1327 mingap = next - end;
1328 }
1329 }
1330
1331 if (offset == RAM_ADDR_MAX) {
1332 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1333 (uint64_t)size);
1334 abort();
1335 }
1336
1337 return offset;
1338 }
1339
1340 ram_addr_t last_ram_offset(void)
1341 {
1342 RAMBlock *block;
1343 ram_addr_t last = 0;
1344
1345 rcu_read_lock();
1346 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1347 last = MAX(last, block->offset + block->max_length);
1348 }
1349 rcu_read_unlock();
1350 return last;
1351 }
1352
1353 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1354 {
1355 int ret;
1356
1357 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1358 if (!machine_dump_guest_core(current_machine)) {
1359 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1360 if (ret) {
1361 perror("qemu_madvise");
1362 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1363 "but dump_guest_core=off specified\n");
1364 }
1365 }
1366 }
1367
1368 /* Called within an RCU critical section, or while the ramlist lock
1369 * is held.
1370 */
1371 static RAMBlock *find_ram_block(ram_addr_t addr)
1372 {
1373 RAMBlock *block;
1374
1375 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1376 if (block->offset == addr) {
1377 return block;
1378 }
1379 }
1380
1381 return NULL;
1382 }
1383
1384 const char *qemu_ram_get_idstr(RAMBlock *rb)
1385 {
1386 return rb->idstr;
1387 }
1388
1389 /* Called with iothread lock held. */
1390 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1391 {
1392 RAMBlock *new_block, *block;
1393
1394 rcu_read_lock();
1395 new_block = find_ram_block(addr);
1396 assert(new_block);
1397 assert(!new_block->idstr[0]);
1398
1399 if (dev) {
1400 char *id = qdev_get_dev_path(dev);
1401 if (id) {
1402 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1403 g_free(id);
1404 }
1405 }
1406 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1407
1408 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1409 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1410 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1411 new_block->idstr);
1412 abort();
1413 }
1414 }
1415 rcu_read_unlock();
1416 }
1417
1418 /* Called with iothread lock held. */
1419 void qemu_ram_unset_idstr(ram_addr_t addr)
1420 {
1421 RAMBlock *block;
1422
1423 /* FIXME: arch_init.c assumes that this is not called throughout
1424 * migration. Ignore the problem since hot-unplug during migration
1425 * does not work anyway.
1426 */
1427
1428 rcu_read_lock();
1429 block = find_ram_block(addr);
1430 if (block) {
1431 memset(block->idstr, 0, sizeof(block->idstr));
1432 }
1433 rcu_read_unlock();
1434 }
1435
1436 static int memory_try_enable_merging(void *addr, size_t len)
1437 {
1438 if (!machine_mem_merge(current_machine)) {
1439 /* disabled by the user */
1440 return 0;
1441 }
1442
1443 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1444 }
1445
1446 /* Only legal before guest might have detected the memory size: e.g. on
1447 * incoming migration, or right after reset.
1448 *
1449 * As memory core doesn't know how is memory accessed, it is up to
1450 * resize callback to update device state and/or add assertions to detect
1451 * misuse, if necessary.
1452 */
1453 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1454 {
1455 RAMBlock *block = find_ram_block(base);
1456
1457 assert(block);
1458
1459 newsize = HOST_PAGE_ALIGN(newsize);
1460
1461 if (block->used_length == newsize) {
1462 return 0;
1463 }
1464
1465 if (!(block->flags & RAM_RESIZEABLE)) {
1466 error_setg_errno(errp, EINVAL,
1467 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1468 " in != 0x" RAM_ADDR_FMT, block->idstr,
1469 newsize, block->used_length);
1470 return -EINVAL;
1471 }
1472
1473 if (block->max_length < newsize) {
1474 error_setg_errno(errp, EINVAL,
1475 "Length too large: %s: 0x" RAM_ADDR_FMT
1476 " > 0x" RAM_ADDR_FMT, block->idstr,
1477 newsize, block->max_length);
1478 return -EINVAL;
1479 }
1480
1481 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1482 block->used_length = newsize;
1483 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1484 DIRTY_CLIENTS_ALL);
1485 memory_region_set_size(block->mr, newsize);
1486 if (block->resized) {
1487 block->resized(block->idstr, newsize, block->host);
1488 }
1489 return 0;
1490 }
1491
1492 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1493 {
1494 RAMBlock *block;
1495 RAMBlock *last_block = NULL;
1496 ram_addr_t old_ram_size, new_ram_size;
1497
1498 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1499
1500 qemu_mutex_lock_ramlist();
1501 new_block->offset = find_ram_offset(new_block->max_length);
1502
1503 if (!new_block->host) {
1504 if (xen_enabled()) {
1505 xen_ram_alloc(new_block->offset, new_block->max_length,
1506 new_block->mr);
1507 } else {
1508 new_block->host = phys_mem_alloc(new_block->max_length,
1509 &new_block->mr->align);
1510 if (!new_block->host) {
1511 error_setg_errno(errp, errno,
1512 "cannot set up guest memory '%s'",
1513 memory_region_name(new_block->mr));
1514 qemu_mutex_unlock_ramlist();
1515 return -1;
1516 }
1517 memory_try_enable_merging(new_block->host, new_block->max_length);
1518 }
1519 }
1520
1521 new_ram_size = MAX(old_ram_size,
1522 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1523 if (new_ram_size > old_ram_size) {
1524 migration_bitmap_extend(old_ram_size, new_ram_size);
1525 }
1526 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1527 * QLIST (which has an RCU-friendly variant) does not have insertion at
1528 * tail, so save the last element in last_block.
1529 */
1530 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1531 last_block = block;
1532 if (block->max_length < new_block->max_length) {
1533 break;
1534 }
1535 }
1536 if (block) {
1537 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1538 } else if (last_block) {
1539 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1540 } else { /* list is empty */
1541 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1542 }
1543 ram_list.mru_block = NULL;
1544
1545 /* Write list before version */
1546 smp_wmb();
1547 ram_list.version++;
1548 qemu_mutex_unlock_ramlist();
1549
1550 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1551
1552 if (new_ram_size > old_ram_size) {
1553 int i;
1554
1555 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1556 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1557 ram_list.dirty_memory[i] =
1558 bitmap_zero_extend(ram_list.dirty_memory[i],
1559 old_ram_size, new_ram_size);
1560 }
1561 }
1562 cpu_physical_memory_set_dirty_range(new_block->offset,
1563 new_block->used_length,
1564 DIRTY_CLIENTS_ALL);
1565
1566 if (new_block->host) {
1567 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1568 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1569 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1570 if (kvm_enabled()) {
1571 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1572 }
1573 }
1574
1575 return new_block->offset;
1576 }
1577
1578 #ifdef __linux__
1579 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1580 bool share, const char *mem_path,
1581 Error **errp)
1582 {
1583 RAMBlock *new_block;
1584 ram_addr_t addr;
1585 Error *local_err = NULL;
1586
1587 if (xen_enabled()) {
1588 error_setg(errp, "-mem-path not supported with Xen");
1589 return -1;
1590 }
1591
1592 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1593 /*
1594 * file_ram_alloc() needs to allocate just like
1595 * phys_mem_alloc, but we haven't bothered to provide
1596 * a hook there.
1597 */
1598 error_setg(errp,
1599 "-mem-path not supported with this accelerator");
1600 return -1;
1601 }
1602
1603 size = HOST_PAGE_ALIGN(size);
1604 new_block = g_malloc0(sizeof(*new_block));
1605 new_block->mr = mr;
1606 new_block->used_length = size;
1607 new_block->max_length = size;
1608 new_block->flags = share ? RAM_SHARED : 0;
1609 new_block->host = file_ram_alloc(new_block, size,
1610 mem_path, errp);
1611 if (!new_block->host) {
1612 g_free(new_block);
1613 return -1;
1614 }
1615
1616 addr = ram_block_add(new_block, &local_err);
1617 if (local_err) {
1618 g_free(new_block);
1619 error_propagate(errp, local_err);
1620 return -1;
1621 }
1622 return addr;
1623 }
1624 #endif
1625
1626 static
1627 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1628 void (*resized)(const char*,
1629 uint64_t length,
1630 void *host),
1631 void *host, bool resizeable,
1632 MemoryRegion *mr, Error **errp)
1633 {
1634 RAMBlock *new_block;
1635 ram_addr_t addr;
1636 Error *local_err = NULL;
1637
1638 size = HOST_PAGE_ALIGN(size);
1639 max_size = HOST_PAGE_ALIGN(max_size);
1640 new_block = g_malloc0(sizeof(*new_block));
1641 new_block->mr = mr;
1642 new_block->resized = resized;
1643 new_block->used_length = size;
1644 new_block->max_length = max_size;
1645 assert(max_size >= size);
1646 new_block->fd = -1;
1647 new_block->host = host;
1648 if (host) {
1649 new_block->flags |= RAM_PREALLOC;
1650 }
1651 if (resizeable) {
1652 new_block->flags |= RAM_RESIZEABLE;
1653 }
1654 addr = ram_block_add(new_block, &local_err);
1655 if (local_err) {
1656 g_free(new_block);
1657 error_propagate(errp, local_err);
1658 return -1;
1659 }
1660 return addr;
1661 }
1662
1663 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1664 MemoryRegion *mr, Error **errp)
1665 {
1666 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1667 }
1668
1669 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1670 {
1671 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1672 }
1673
1674 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1675 void (*resized)(const char*,
1676 uint64_t length,
1677 void *host),
1678 MemoryRegion *mr, Error **errp)
1679 {
1680 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1681 }
1682
1683 static void reclaim_ramblock(RAMBlock *block)
1684 {
1685 if (block->flags & RAM_PREALLOC) {
1686 ;
1687 } else if (xen_enabled()) {
1688 xen_invalidate_map_cache_entry(block->host);
1689 #ifndef _WIN32
1690 } else if (block->fd >= 0) {
1691 qemu_ram_munmap(block->host, block->max_length);
1692 close(block->fd);
1693 #endif
1694 } else {
1695 qemu_anon_ram_free(block->host, block->max_length);
1696 }
1697 g_free(block);
1698 }
1699
1700 void qemu_ram_free(ram_addr_t addr)
1701 {
1702 RAMBlock *block;
1703
1704 qemu_mutex_lock_ramlist();
1705 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1706 if (addr == block->offset) {
1707 QLIST_REMOVE_RCU(block, next);
1708 ram_list.mru_block = NULL;
1709 /* Write list before version */
1710 smp_wmb();
1711 ram_list.version++;
1712 call_rcu(block, reclaim_ramblock, rcu);
1713 break;
1714 }
1715 }
1716 qemu_mutex_unlock_ramlist();
1717 }
1718
1719 #ifndef _WIN32
1720 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1721 {
1722 RAMBlock *block;
1723 ram_addr_t offset;
1724 int flags;
1725 void *area, *vaddr;
1726
1727 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1728 offset = addr - block->offset;
1729 if (offset < block->max_length) {
1730 vaddr = ramblock_ptr(block, offset);
1731 if (block->flags & RAM_PREALLOC) {
1732 ;
1733 } else if (xen_enabled()) {
1734 abort();
1735 } else {
1736 flags = MAP_FIXED;
1737 if (block->fd >= 0) {
1738 flags |= (block->flags & RAM_SHARED ?
1739 MAP_SHARED : MAP_PRIVATE);
1740 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1741 flags, block->fd, offset);
1742 } else {
1743 /*
1744 * Remap needs to match alloc. Accelerators that
1745 * set phys_mem_alloc never remap. If they did,
1746 * we'd need a remap hook here.
1747 */
1748 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1749
1750 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1751 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1752 flags, -1, 0);
1753 }
1754 if (area != vaddr) {
1755 fprintf(stderr, "Could not remap addr: "
1756 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1757 length, addr);
1758 exit(1);
1759 }
1760 memory_try_enable_merging(vaddr, length);
1761 qemu_ram_setup_dump(vaddr, length);
1762 }
1763 }
1764 }
1765 }
1766 #endif /* !_WIN32 */
1767
1768 int qemu_get_ram_fd(ram_addr_t addr)
1769 {
1770 RAMBlock *block;
1771 int fd;
1772
1773 rcu_read_lock();
1774 block = qemu_get_ram_block(addr);
1775 fd = block->fd;
1776 rcu_read_unlock();
1777 return fd;
1778 }
1779
1780 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1781 {
1782 RAMBlock *block;
1783
1784 rcu_read_lock();
1785 block = qemu_get_ram_block(addr);
1786 block->fd = fd;
1787 rcu_read_unlock();
1788 }
1789
1790 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1791 {
1792 RAMBlock *block;
1793 void *ptr;
1794
1795 rcu_read_lock();
1796 block = qemu_get_ram_block(addr);
1797 ptr = ramblock_ptr(block, 0);
1798 rcu_read_unlock();
1799 return ptr;
1800 }
1801
1802 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1803 * This should not be used for general purpose DMA. Use address_space_map
1804 * or address_space_rw instead. For local memory (e.g. video ram) that the
1805 * device owns, use memory_region_get_ram_ptr.
1806 *
1807 * Called within RCU critical section.
1808 */
1809 void *qemu_get_ram_ptr(ram_addr_t addr)
1810 {
1811 RAMBlock *block = qemu_get_ram_block(addr);
1812
1813 if (xen_enabled() && block->host == NULL) {
1814 /* We need to check if the requested address is in the RAM
1815 * because we don't want to map the entire memory in QEMU.
1816 * In that case just map until the end of the page.
1817 */
1818 if (block->offset == 0) {
1819 return xen_map_cache(addr, 0, 0);
1820 }
1821
1822 block->host = xen_map_cache(block->offset, block->max_length, 1);
1823 }
1824 return ramblock_ptr(block, addr - block->offset);
1825 }
1826
1827 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1828 * but takes a size argument.
1829 *
1830 * Called within RCU critical section.
1831 */
1832 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1833 {
1834 RAMBlock *block;
1835 ram_addr_t offset_inside_block;
1836 if (*size == 0) {
1837 return NULL;
1838 }
1839
1840 block = qemu_get_ram_block(addr);
1841 offset_inside_block = addr - block->offset;
1842 *size = MIN(*size, block->max_length - offset_inside_block);
1843
1844 if (xen_enabled() && block->host == NULL) {
1845 /* We need to check if the requested address is in the RAM
1846 * because we don't want to map the entire memory in QEMU.
1847 * In that case just map the requested area.
1848 */
1849 if (block->offset == 0) {
1850 return xen_map_cache(addr, *size, 1);
1851 }
1852
1853 block->host = xen_map_cache(block->offset, block->max_length, 1);
1854 }
1855
1856 return ramblock_ptr(block, offset_inside_block);
1857 }
1858
1859 /*
1860 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1861 * in that RAMBlock.
1862 *
1863 * ptr: Host pointer to look up
1864 * round_offset: If true round the result offset down to a page boundary
1865 * *ram_addr: set to result ram_addr
1866 * *offset: set to result offset within the RAMBlock
1867 *
1868 * Returns: RAMBlock (or NULL if not found)
1869 *
1870 * By the time this function returns, the returned pointer is not protected
1871 * by RCU anymore. If the caller is not within an RCU critical section and
1872 * does not hold the iothread lock, it must have other means of protecting the
1873 * pointer, such as a reference to the region that includes the incoming
1874 * ram_addr_t.
1875 */
1876 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1877 ram_addr_t *ram_addr,
1878 ram_addr_t *offset)
1879 {
1880 RAMBlock *block;
1881 uint8_t *host = ptr;
1882
1883 if (xen_enabled()) {
1884 rcu_read_lock();
1885 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1886 block = qemu_get_ram_block(*ram_addr);
1887 if (block) {
1888 *offset = (host - block->host);
1889 }
1890 rcu_read_unlock();
1891 return block;
1892 }
1893
1894 rcu_read_lock();
1895 block = atomic_rcu_read(&ram_list.mru_block);
1896 if (block && block->host && host - block->host < block->max_length) {
1897 goto found;
1898 }
1899
1900 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1901 /* This case append when the block is not mapped. */
1902 if (block->host == NULL) {
1903 continue;
1904 }
1905 if (host - block->host < block->max_length) {
1906 goto found;
1907 }
1908 }
1909
1910 rcu_read_unlock();
1911 return NULL;
1912
1913 found:
1914 *offset = (host - block->host);
1915 if (round_offset) {
1916 *offset &= TARGET_PAGE_MASK;
1917 }
1918 *ram_addr = block->offset + *offset;
1919 rcu_read_unlock();
1920 return block;
1921 }
1922
1923 /*
1924 * Finds the named RAMBlock
1925 *
1926 * name: The name of RAMBlock to find
1927 *
1928 * Returns: RAMBlock (or NULL if not found)
1929 */
1930 RAMBlock *qemu_ram_block_by_name(const char *name)
1931 {
1932 RAMBlock *block;
1933
1934 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1935 if (!strcmp(name, block->idstr)) {
1936 return block;
1937 }
1938 }
1939
1940 return NULL;
1941 }
1942
1943 /* Some of the softmmu routines need to translate from a host pointer
1944 (typically a TLB entry) back to a ram offset. */
1945 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1946 {
1947 RAMBlock *block;
1948 ram_addr_t offset; /* Not used */
1949
1950 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1951
1952 if (!block) {
1953 return NULL;
1954 }
1955
1956 return block->mr;
1957 }
1958
1959 /* Called within RCU critical section. */
1960 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1961 uint64_t val, unsigned size)
1962 {
1963 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1964 tb_invalidate_phys_page_fast(ram_addr, size);
1965 }
1966 switch (size) {
1967 case 1:
1968 stb_p(qemu_get_ram_ptr(ram_addr), val);
1969 break;
1970 case 2:
1971 stw_p(qemu_get_ram_ptr(ram_addr), val);
1972 break;
1973 case 4:
1974 stl_p(qemu_get_ram_ptr(ram_addr), val);
1975 break;
1976 default:
1977 abort();
1978 }
1979 /* Set both VGA and migration bits for simplicity and to remove
1980 * the notdirty callback faster.
1981 */
1982 cpu_physical_memory_set_dirty_range(ram_addr, size,
1983 DIRTY_CLIENTS_NOCODE);
1984 /* we remove the notdirty callback only if the code has been
1985 flushed */
1986 if (!cpu_physical_memory_is_clean(ram_addr)) {
1987 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1988 }
1989 }
1990
1991 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1992 unsigned size, bool is_write)
1993 {
1994 return is_write;
1995 }
1996
1997 static const MemoryRegionOps notdirty_mem_ops = {
1998 .write = notdirty_mem_write,
1999 .valid.accepts = notdirty_mem_accepts,
2000 .endianness = DEVICE_NATIVE_ENDIAN,
2001 };
2002
2003 /* Generate a debug exception if a watchpoint has been hit. */
2004 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2005 {
2006 CPUState *cpu = current_cpu;
2007 CPUArchState *env = cpu->env_ptr;
2008 target_ulong pc, cs_base;
2009 target_ulong vaddr;
2010 CPUWatchpoint *wp;
2011 int cpu_flags;
2012
2013 if (cpu->watchpoint_hit) {
2014 /* We re-entered the check after replacing the TB. Now raise
2015 * the debug interrupt so that is will trigger after the
2016 * current instruction. */
2017 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2018 return;
2019 }
2020 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2021 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2022 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2023 && (wp->flags & flags)) {
2024 if (flags == BP_MEM_READ) {
2025 wp->flags |= BP_WATCHPOINT_HIT_READ;
2026 } else {
2027 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2028 }
2029 wp->hitaddr = vaddr;
2030 wp->hitattrs = attrs;
2031 if (!cpu->watchpoint_hit) {
2032 cpu->watchpoint_hit = wp;
2033 tb_check_watchpoint(cpu);
2034 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2035 cpu->exception_index = EXCP_DEBUG;
2036 cpu_loop_exit(cpu);
2037 } else {
2038 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2039 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2040 cpu_resume_from_signal(cpu, NULL);
2041 }
2042 }
2043 } else {
2044 wp->flags &= ~BP_WATCHPOINT_HIT;
2045 }
2046 }
2047 }
2048
2049 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2050 so these check for a hit then pass through to the normal out-of-line
2051 phys routines. */
2052 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2053 unsigned size, MemTxAttrs attrs)
2054 {
2055 MemTxResult res;
2056 uint64_t data;
2057
2058 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2059 switch (size) {
2060 case 1:
2061 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2062 break;
2063 case 2:
2064 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2065 break;
2066 case 4:
2067 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2068 break;
2069 default: abort();
2070 }
2071 *pdata = data;
2072 return res;
2073 }
2074
2075 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2076 uint64_t val, unsigned size,
2077 MemTxAttrs attrs)
2078 {
2079 MemTxResult res;
2080
2081 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2082 switch (size) {
2083 case 1:
2084 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2085 break;
2086 case 2:
2087 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2088 break;
2089 case 4:
2090 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2091 break;
2092 default: abort();
2093 }
2094 return res;
2095 }
2096
2097 static const MemoryRegionOps watch_mem_ops = {
2098 .read_with_attrs = watch_mem_read,
2099 .write_with_attrs = watch_mem_write,
2100 .endianness = DEVICE_NATIVE_ENDIAN,
2101 };
2102
2103 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2104 unsigned len, MemTxAttrs attrs)
2105 {
2106 subpage_t *subpage = opaque;
2107 uint8_t buf[8];
2108 MemTxResult res;
2109
2110 #if defined(DEBUG_SUBPAGE)
2111 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2112 subpage, len, addr);
2113 #endif
2114 res = address_space_read(subpage->as, addr + subpage->base,
2115 attrs, buf, len);
2116 if (res) {
2117 return res;
2118 }
2119 switch (len) {
2120 case 1:
2121 *data = ldub_p(buf);
2122 return MEMTX_OK;
2123 case 2:
2124 *data = lduw_p(buf);
2125 return MEMTX_OK;
2126 case 4:
2127 *data = ldl_p(buf);
2128 return MEMTX_OK;
2129 case 8:
2130 *data = ldq_p(buf);
2131 return MEMTX_OK;
2132 default:
2133 abort();
2134 }
2135 }
2136
2137 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2138 uint64_t value, unsigned len, MemTxAttrs attrs)
2139 {
2140 subpage_t *subpage = opaque;
2141 uint8_t buf[8];
2142
2143 #if defined(DEBUG_SUBPAGE)
2144 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2145 " value %"PRIx64"\n",
2146 __func__, subpage, len, addr, value);
2147 #endif
2148 switch (len) {
2149 case 1:
2150 stb_p(buf, value);
2151 break;
2152 case 2:
2153 stw_p(buf, value);
2154 break;
2155 case 4:
2156 stl_p(buf, value);
2157 break;
2158 case 8:
2159 stq_p(buf, value);
2160 break;
2161 default:
2162 abort();
2163 }
2164 return address_space_write(subpage->as, addr + subpage->base,
2165 attrs, buf, len);
2166 }
2167
2168 static bool subpage_accepts(void *opaque, hwaddr addr,
2169 unsigned len, bool is_write)
2170 {
2171 subpage_t *subpage = opaque;
2172 #if defined(DEBUG_SUBPAGE)
2173 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2174 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2175 #endif
2176
2177 return address_space_access_valid(subpage->as, addr + subpage->base,
2178 len, is_write);
2179 }
2180
2181 static const MemoryRegionOps subpage_ops = {
2182 .read_with_attrs = subpage_read,
2183 .write_with_attrs = subpage_write,
2184 .impl.min_access_size = 1,
2185 .impl.max_access_size = 8,
2186 .valid.min_access_size = 1,
2187 .valid.max_access_size = 8,
2188 .valid.accepts = subpage_accepts,
2189 .endianness = DEVICE_NATIVE_ENDIAN,
2190 };
2191
2192 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2193 uint16_t section)
2194 {
2195 int idx, eidx;
2196
2197 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2198 return -1;
2199 idx = SUBPAGE_IDX(start);
2200 eidx = SUBPAGE_IDX(end);
2201 #if defined(DEBUG_SUBPAGE)
2202 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2203 __func__, mmio, start, end, idx, eidx, section);
2204 #endif
2205 for (; idx <= eidx; idx++) {
2206 mmio->sub_section[idx] = section;
2207 }
2208
2209 return 0;
2210 }
2211
2212 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2213 {
2214 subpage_t *mmio;
2215
2216 mmio = g_malloc0(sizeof(subpage_t));
2217
2218 mmio->as = as;
2219 mmio->base = base;
2220 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2221 NULL, TARGET_PAGE_SIZE);
2222 mmio->iomem.subpage = true;
2223 #if defined(DEBUG_SUBPAGE)
2224 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2225 mmio, base, TARGET_PAGE_SIZE);
2226 #endif
2227 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2228
2229 return mmio;
2230 }
2231
2232 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2233 MemoryRegion *mr)
2234 {
2235 assert(as);
2236 MemoryRegionSection section = {
2237 .address_space = as,
2238 .mr = mr,
2239 .offset_within_address_space = 0,
2240 .offset_within_region = 0,
2241 .size = int128_2_64(),
2242 };
2243
2244 return phys_section_add(map, &section);
2245 }
2246
2247 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2248 {
2249 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2250 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2251 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2252 MemoryRegionSection *sections = d->map.sections;
2253
2254 return sections[index & ~TARGET_PAGE_MASK].mr;
2255 }
2256
2257 static void io_mem_init(void)
2258 {
2259 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2260 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2261 NULL, UINT64_MAX);
2262 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2263 NULL, UINT64_MAX);
2264 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2265 NULL, UINT64_MAX);
2266 }
2267
2268 static void mem_begin(MemoryListener *listener)
2269 {
2270 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2271 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2272 uint16_t n;
2273
2274 n = dummy_section(&d->map, as, &io_mem_unassigned);
2275 assert(n == PHYS_SECTION_UNASSIGNED);
2276 n = dummy_section(&d->map, as, &io_mem_notdirty);
2277 assert(n == PHYS_SECTION_NOTDIRTY);
2278 n = dummy_section(&d->map, as, &io_mem_rom);
2279 assert(n == PHYS_SECTION_ROM);
2280 n = dummy_section(&d->map, as, &io_mem_watch);
2281 assert(n == PHYS_SECTION_WATCH);
2282
2283 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2284 d->as = as;
2285 as->next_dispatch = d;
2286 }
2287
2288 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2289 {
2290 phys_sections_free(&d->map);
2291 g_free(d);
2292 }
2293
2294 static void mem_commit(MemoryListener *listener)
2295 {
2296 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2297 AddressSpaceDispatch *cur = as->dispatch;
2298 AddressSpaceDispatch *next = as->next_dispatch;
2299
2300 phys_page_compact_all(next, next->map.nodes_nb);
2301
2302 atomic_rcu_set(&as->dispatch, next);
2303 if (cur) {
2304 call_rcu(cur, address_space_dispatch_free, rcu);
2305 }
2306 }
2307
2308 static void tcg_commit(MemoryListener *listener)
2309 {
2310 CPUAddressSpace *cpuas;
2311 AddressSpaceDispatch *d;
2312
2313 /* since each CPU stores ram addresses in its TLB cache, we must
2314 reset the modified entries */
2315 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2316 cpu_reloading_memory_map();
2317 /* The CPU and TLB are protected by the iothread lock.
2318 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2319 * may have split the RCU critical section.
2320 */
2321 d = atomic_rcu_read(&cpuas->as->dispatch);
2322 cpuas->memory_dispatch = d;
2323 tlb_flush(cpuas->cpu, 1);
2324 }
2325
2326 void address_space_init_dispatch(AddressSpace *as)
2327 {
2328 as->dispatch = NULL;
2329 as->dispatch_listener = (MemoryListener) {
2330 .begin = mem_begin,
2331 .commit = mem_commit,
2332 .region_add = mem_add,
2333 .region_nop = mem_add,
2334 .priority = 0,
2335 };
2336 memory_listener_register(&as->dispatch_listener, as);
2337 }
2338
2339 void address_space_unregister(AddressSpace *as)
2340 {
2341 memory_listener_unregister(&as->dispatch_listener);
2342 }
2343
2344 void address_space_destroy_dispatch(AddressSpace *as)
2345 {
2346 AddressSpaceDispatch *d = as->dispatch;
2347
2348 atomic_rcu_set(&as->dispatch, NULL);
2349 if (d) {
2350 call_rcu(d, address_space_dispatch_free, rcu);
2351 }
2352 }
2353
2354 static void memory_map_init(void)
2355 {
2356 system_memory = g_malloc(sizeof(*system_memory));
2357
2358 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2359 address_space_init(&address_space_memory, system_memory, "memory");
2360
2361 system_io = g_malloc(sizeof(*system_io));
2362 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2363 65536);
2364 address_space_init(&address_space_io, system_io, "I/O");
2365 }
2366
2367 MemoryRegion *get_system_memory(void)
2368 {
2369 return system_memory;
2370 }
2371
2372 MemoryRegion *get_system_io(void)
2373 {
2374 return system_io;
2375 }
2376
2377 #endif /* !defined(CONFIG_USER_ONLY) */
2378
2379 /* physical memory access (slow version, mainly for debug) */
2380 #if defined(CONFIG_USER_ONLY)
2381 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2382 uint8_t *buf, int len, int is_write)
2383 {
2384 int l, flags;
2385 target_ulong page;
2386 void * p;
2387
2388 while (len > 0) {
2389 page = addr & TARGET_PAGE_MASK;
2390 l = (page + TARGET_PAGE_SIZE) - addr;
2391 if (l > len)
2392 l = len;
2393 flags = page_get_flags(page);
2394 if (!(flags & PAGE_VALID))
2395 return -1;
2396 if (is_write) {
2397 if (!(flags & PAGE_WRITE))
2398 return -1;
2399 /* XXX: this code should not depend on lock_user */
2400 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2401 return -1;
2402 memcpy(p, buf, l);
2403 unlock_user(p, addr, l);
2404 } else {
2405 if (!(flags & PAGE_READ))
2406 return -1;
2407 /* XXX: this code should not depend on lock_user */
2408 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2409 return -1;
2410 memcpy(buf, p, l);
2411 unlock_user(p, addr, 0);
2412 }
2413 len -= l;
2414 buf += l;
2415 addr += l;
2416 }
2417 return 0;
2418 }
2419
2420 #else
2421
2422 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2423 hwaddr length)
2424 {
2425 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2426 /* No early return if dirty_log_mask is or becomes 0, because
2427 * cpu_physical_memory_set_dirty_range will still call
2428 * xen_modified_memory.
2429 */
2430 if (dirty_log_mask) {
2431 dirty_log_mask =
2432 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2433 }
2434 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2435 tb_invalidate_phys_range(addr, addr + length);
2436 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2437 }
2438 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2439 }
2440
2441 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2442 {
2443 unsigned access_size_max = mr->ops->valid.max_access_size;
2444
2445 /* Regions are assumed to support 1-4 byte accesses unless
2446 otherwise specified. */
2447 if (access_size_max == 0) {
2448 access_size_max = 4;
2449 }
2450
2451 /* Bound the maximum access by the alignment of the address. */
2452 if (!mr->ops->impl.unaligned) {
2453 unsigned align_size_max = addr & -addr;
2454 if (align_size_max != 0 && align_size_max < access_size_max) {
2455 access_size_max = align_size_max;
2456 }
2457 }
2458
2459 /* Don't attempt accesses larger than the maximum. */
2460 if (l > access_size_max) {
2461 l = access_size_max;
2462 }
2463 l = pow2floor(l);
2464
2465 return l;
2466 }
2467
2468 static bool prepare_mmio_access(MemoryRegion *mr)
2469 {
2470 bool unlocked = !qemu_mutex_iothread_locked();
2471 bool release_lock = false;
2472
2473 if (unlocked && mr->global_locking) {
2474 qemu_mutex_lock_iothread();
2475 unlocked = false;
2476 release_lock = true;
2477 }
2478 if (mr->flush_coalesced_mmio) {
2479 if (unlocked) {
2480 qemu_mutex_lock_iothread();
2481 }
2482 qemu_flush_coalesced_mmio_buffer();
2483 if (unlocked) {
2484 qemu_mutex_unlock_iothread();
2485 }
2486 }
2487
2488 return release_lock;
2489 }
2490
2491 /* Called within RCU critical section. */
2492 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2493 MemTxAttrs attrs,
2494 const uint8_t *buf,
2495 int len, hwaddr addr1,
2496 hwaddr l, MemoryRegion *mr)
2497 {
2498 uint8_t *ptr;
2499 uint64_t val;
2500 MemTxResult result = MEMTX_OK;
2501 bool release_lock = false;
2502
2503 for (;;) {
2504 if (!memory_access_is_direct(mr, true)) {
2505 release_lock |= prepare_mmio_access(mr);
2506 l = memory_access_size(mr, l, addr1);
2507 /* XXX: could force current_cpu to NULL to avoid
2508 potential bugs */
2509 switch (l) {
2510 case 8:
2511 /* 64 bit write access */
2512 val = ldq_p(buf);
2513 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2514 attrs);
2515 break;
2516 case 4:
2517 /* 32 bit write access */
2518 val = ldl_p(buf);
2519 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2520 attrs);
2521 break;
2522 case 2:
2523 /* 16 bit write access */
2524 val = lduw_p(buf);
2525 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2526 attrs);
2527 break;
2528 case 1:
2529 /* 8 bit write access */
2530 val = ldub_p(buf);
2531 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2532 attrs);
2533 break;
2534 default:
2535 abort();
2536 }
2537 } else {
2538 addr1 += memory_region_get_ram_addr(mr);
2539 /* RAM case */
2540 ptr = qemu_get_ram_ptr(addr1);
2541 memcpy(ptr, buf, l);
2542 invalidate_and_set_dirty(mr, addr1, l);
2543 }
2544
2545 if (release_lock) {
2546 qemu_mutex_unlock_iothread();
2547 release_lock = false;
2548 }
2549
2550 len -= l;
2551 buf += l;
2552 addr += l;
2553
2554 if (!len) {
2555 break;
2556 }
2557
2558 l = len;
2559 mr = address_space_translate(as, addr, &addr1, &l, true);
2560 }
2561
2562 return result;
2563 }
2564
2565 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2566 const uint8_t *buf, int len)
2567 {
2568 hwaddr l;
2569 hwaddr addr1;
2570 MemoryRegion *mr;
2571 MemTxResult result = MEMTX_OK;
2572
2573 if (len > 0) {
2574 rcu_read_lock();
2575 l = len;
2576 mr = address_space_translate(as, addr, &addr1, &l, true);
2577 result = address_space_write_continue(as, addr, attrs, buf, len,
2578 addr1, l, mr);
2579 rcu_read_unlock();
2580 }
2581
2582 return result;
2583 }
2584
2585 /* Called within RCU critical section. */
2586 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2587 MemTxAttrs attrs, uint8_t *buf,
2588 int len, hwaddr addr1, hwaddr l,
2589 MemoryRegion *mr)
2590 {
2591 uint8_t *ptr;
2592 uint64_t val;
2593 MemTxResult result = MEMTX_OK;
2594 bool release_lock = false;
2595
2596 for (;;) {
2597 if (!memory_access_is_direct(mr, false)) {
2598 /* I/O case */
2599 release_lock |= prepare_mmio_access(mr);
2600 l = memory_access_size(mr, l, addr1);
2601 switch (l) {
2602 case 8:
2603 /* 64 bit read access */
2604 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2605 attrs);
2606 stq_p(buf, val);
2607 break;
2608 case 4:
2609 /* 32 bit read access */
2610 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2611 attrs);
2612 stl_p(buf, val);
2613 break;
2614 case 2:
2615 /* 16 bit read access */
2616 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2617 attrs);
2618 stw_p(buf, val);
2619 break;
2620 case 1:
2621 /* 8 bit read access */
2622 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2623 attrs);
2624 stb_p(buf, val);
2625 break;
2626 default:
2627 abort();
2628 }
2629 } else {
2630 /* RAM case */
2631 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2632 memcpy(buf, ptr, l);
2633 }
2634
2635 if (release_lock) {
2636 qemu_mutex_unlock_iothread();
2637 release_lock = false;
2638 }
2639
2640 len -= l;
2641 buf += l;
2642 addr += l;
2643
2644 if (!len) {
2645 break;
2646 }
2647
2648 l = len;
2649 mr = address_space_translate(as, addr, &addr1, &l, false);
2650 }
2651
2652 return result;
2653 }
2654
2655 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2656 MemTxAttrs attrs, uint8_t *buf, int len)
2657 {
2658 hwaddr l;
2659 hwaddr addr1;
2660 MemoryRegion *mr;
2661 MemTxResult result = MEMTX_OK;
2662
2663 if (len > 0) {
2664 rcu_read_lock();
2665 l = len;
2666 mr = address_space_translate(as, addr, &addr1, &l, false);
2667 result = address_space_read_continue(as, addr, attrs, buf, len,
2668 addr1, l, mr);
2669 rcu_read_unlock();
2670 }
2671
2672 return result;
2673 }
2674
2675 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2676 uint8_t *buf, int len, bool is_write)
2677 {
2678 if (is_write) {
2679 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2680 } else {
2681 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2682 }
2683 }
2684
2685 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2686 int len, int is_write)
2687 {
2688 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2689 buf, len, is_write);
2690 }
2691
2692 enum write_rom_type {
2693 WRITE_DATA,
2694 FLUSH_CACHE,
2695 };
2696
2697 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2698 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2699 {
2700 hwaddr l;
2701 uint8_t *ptr;
2702 hwaddr addr1;
2703 MemoryRegion *mr;
2704
2705 rcu_read_lock();
2706 while (len > 0) {
2707 l = len;
2708 mr = address_space_translate(as, addr, &addr1, &l, true);
2709
2710 if (!(memory_region_is_ram(mr) ||
2711 memory_region_is_romd(mr))) {
2712 l = memory_access_size(mr, l, addr1);
2713 } else {
2714 addr1 += memory_region_get_ram_addr(mr);
2715 /* ROM/RAM case */
2716 ptr = qemu_get_ram_ptr(addr1);
2717 switch (type) {
2718 case WRITE_DATA:
2719 memcpy(ptr, buf, l);
2720 invalidate_and_set_dirty(mr, addr1, l);
2721 break;
2722 case FLUSH_CACHE:
2723 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2724 break;
2725 }
2726 }
2727 len -= l;
2728 buf += l;
2729 addr += l;
2730 }
2731 rcu_read_unlock();
2732 }
2733
2734 /* used for ROM loading : can write in RAM and ROM */
2735 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2736 const uint8_t *buf, int len)
2737 {
2738 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2739 }
2740
2741 void cpu_flush_icache_range(hwaddr start, int len)
2742 {
2743 /*
2744 * This function should do the same thing as an icache flush that was
2745 * triggered from within the guest. For TCG we are always cache coherent,
2746 * so there is no need to flush anything. For KVM / Xen we need to flush
2747 * the host's instruction cache at least.
2748 */
2749 if (tcg_enabled()) {
2750 return;
2751 }
2752
2753 cpu_physical_memory_write_rom_internal(&address_space_memory,
2754 start, NULL, len, FLUSH_CACHE);
2755 }
2756
2757 typedef struct {
2758 MemoryRegion *mr;
2759 void *buffer;
2760 hwaddr addr;
2761 hwaddr len;
2762 bool in_use;
2763 } BounceBuffer;
2764
2765 static BounceBuffer bounce;
2766
2767 typedef struct MapClient {
2768 QEMUBH *bh;
2769 QLIST_ENTRY(MapClient) link;
2770 } MapClient;
2771
2772 QemuMutex map_client_list_lock;
2773 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2774 = QLIST_HEAD_INITIALIZER(map_client_list);
2775
2776 static void cpu_unregister_map_client_do(MapClient *client)
2777 {
2778 QLIST_REMOVE(client, link);
2779 g_free(client);
2780 }
2781
2782 static void cpu_notify_map_clients_locked(void)
2783 {
2784 MapClient *client;
2785
2786 while (!QLIST_EMPTY(&map_client_list)) {
2787 client = QLIST_FIRST(&map_client_list);
2788 qemu_bh_schedule(client->bh);
2789 cpu_unregister_map_client_do(client);
2790 }
2791 }
2792
2793 void cpu_register_map_client(QEMUBH *bh)
2794 {
2795 MapClient *client = g_malloc(sizeof(*client));
2796
2797 qemu_mutex_lock(&map_client_list_lock);
2798 client->bh = bh;
2799 QLIST_INSERT_HEAD(&map_client_list, client, link);
2800 if (!atomic_read(&bounce.in_use)) {
2801 cpu_notify_map_clients_locked();
2802 }
2803 qemu_mutex_unlock(&map_client_list_lock);
2804 }
2805
2806 void cpu_exec_init_all(void)
2807 {
2808 qemu_mutex_init(&ram_list.mutex);
2809 io_mem_init();
2810 memory_map_init();
2811 qemu_mutex_init(&map_client_list_lock);
2812 }
2813
2814 void cpu_unregister_map_client(QEMUBH *bh)
2815 {
2816 MapClient *client;
2817
2818 qemu_mutex_lock(&map_client_list_lock);
2819 QLIST_FOREACH(client, &map_client_list, link) {
2820 if (client->bh == bh) {
2821 cpu_unregister_map_client_do(client);
2822 break;
2823 }
2824 }
2825 qemu_mutex_unlock(&map_client_list_lock);
2826 }
2827
2828 static void cpu_notify_map_clients(void)
2829 {
2830 qemu_mutex_lock(&map_client_list_lock);
2831 cpu_notify_map_clients_locked();
2832 qemu_mutex_unlock(&map_client_list_lock);
2833 }
2834
2835 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2836 {
2837 MemoryRegion *mr;
2838 hwaddr l, xlat;
2839
2840 rcu_read_lock();
2841 while (len > 0) {
2842 l = len;
2843 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2844 if (!memory_access_is_direct(mr, is_write)) {
2845 l = memory_access_size(mr, l, addr);
2846 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2847 return false;
2848 }
2849 }
2850
2851 len -= l;
2852 addr += l;
2853 }
2854 rcu_read_unlock();
2855 return true;
2856 }
2857
2858 /* Map a physical memory region into a host virtual address.
2859 * May map a subset of the requested range, given by and returned in *plen.
2860 * May return NULL if resources needed to perform the mapping are exhausted.
2861 * Use only for reads OR writes - not for read-modify-write operations.
2862 * Use cpu_register_map_client() to know when retrying the map operation is
2863 * likely to succeed.
2864 */
2865 void *address_space_map(AddressSpace *as,
2866 hwaddr addr,
2867 hwaddr *plen,
2868 bool is_write)
2869 {
2870 hwaddr len = *plen;
2871 hwaddr done = 0;
2872 hwaddr l, xlat, base;
2873 MemoryRegion *mr, *this_mr;
2874 ram_addr_t raddr;
2875 void *ptr;
2876
2877 if (len == 0) {
2878 return NULL;
2879 }
2880
2881 l = len;
2882 rcu_read_lock();
2883 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2884
2885 if (!memory_access_is_direct(mr, is_write)) {
2886 if (atomic_xchg(&bounce.in_use, true)) {
2887 rcu_read_unlock();
2888 return NULL;
2889 }
2890 /* Avoid unbounded allocations */
2891 l = MIN(l, TARGET_PAGE_SIZE);
2892 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2893 bounce.addr = addr;
2894 bounce.len = l;
2895
2896 memory_region_ref(mr);
2897 bounce.mr = mr;
2898 if (!is_write) {
2899 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2900 bounce.buffer, l);
2901 }
2902
2903 rcu_read_unlock();
2904 *plen = l;
2905 return bounce.buffer;
2906 }
2907
2908 base = xlat;
2909 raddr = memory_region_get_ram_addr(mr);
2910
2911 for (;;) {
2912 len -= l;
2913 addr += l;
2914 done += l;
2915 if (len == 0) {
2916 break;
2917 }
2918
2919 l = len;
2920 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2921 if (this_mr != mr || xlat != base + done) {
2922 break;
2923 }
2924 }
2925
2926 memory_region_ref(mr);
2927 *plen = done;
2928 ptr = qemu_ram_ptr_length(raddr + base, plen);
2929 rcu_read_unlock();
2930
2931 return ptr;
2932 }
2933
2934 /* Unmaps a memory region previously mapped by address_space_map().
2935 * Will also mark the memory as dirty if is_write == 1. access_len gives
2936 * the amount of memory that was actually read or written by the caller.
2937 */
2938 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2939 int is_write, hwaddr access_len)
2940 {
2941 if (buffer != bounce.buffer) {
2942 MemoryRegion *mr;
2943 ram_addr_t addr1;
2944
2945 mr = qemu_ram_addr_from_host(buffer, &addr1);
2946 assert(mr != NULL);
2947 if (is_write) {
2948 invalidate_and_set_dirty(mr, addr1, access_len);
2949 }
2950 if (xen_enabled()) {
2951 xen_invalidate_map_cache_entry(buffer);
2952 }
2953 memory_region_unref(mr);
2954 return;
2955 }
2956 if (is_write) {
2957 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2958 bounce.buffer, access_len);
2959 }
2960 qemu_vfree(bounce.buffer);
2961 bounce.buffer = NULL;
2962 memory_region_unref(bounce.mr);
2963 atomic_mb_set(&bounce.in_use, false);
2964 cpu_notify_map_clients();
2965 }
2966
2967 void *cpu_physical_memory_map(hwaddr addr,
2968 hwaddr *plen,
2969 int is_write)
2970 {
2971 return address_space_map(&address_space_memory, addr, plen, is_write);
2972 }
2973
2974 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2975 int is_write, hwaddr access_len)
2976 {
2977 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2978 }
2979
2980 /* warning: addr must be aligned */
2981 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2982 MemTxAttrs attrs,
2983 MemTxResult *result,
2984 enum device_endian endian)
2985 {
2986 uint8_t *ptr;
2987 uint64_t val;
2988 MemoryRegion *mr;
2989 hwaddr l = 4;
2990 hwaddr addr1;
2991 MemTxResult r;
2992 bool release_lock = false;
2993
2994 rcu_read_lock();
2995 mr = address_space_translate(as, addr, &addr1, &l, false);
2996 if (l < 4 || !memory_access_is_direct(mr, false)) {
2997 release_lock |= prepare_mmio_access(mr);
2998
2999 /* I/O case */
3000 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3001 #if defined(TARGET_WORDS_BIGENDIAN)
3002 if (endian == DEVICE_LITTLE_ENDIAN) {
3003 val = bswap32(val);
3004 }
3005 #else
3006 if (endian == DEVICE_BIG_ENDIAN) {
3007 val = bswap32(val);
3008 }
3009 #endif
3010 } else {
3011 /* RAM case */
3012 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3013 & TARGET_PAGE_MASK)
3014 + addr1);
3015 switch (endian) {
3016 case DEVICE_LITTLE_ENDIAN:
3017 val = ldl_le_p(ptr);
3018 break;
3019 case DEVICE_BIG_ENDIAN:
3020 val = ldl_be_p(ptr);
3021 break;
3022 default:
3023 val = ldl_p(ptr);
3024 break;
3025 }
3026 r = MEMTX_OK;
3027 }
3028 if (result) {
3029 *result = r;
3030 }
3031 if (release_lock) {
3032 qemu_mutex_unlock_iothread();
3033 }
3034 rcu_read_unlock();
3035 return val;
3036 }
3037
3038 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3039 MemTxAttrs attrs, MemTxResult *result)
3040 {
3041 return address_space_ldl_internal(as, addr, attrs, result,
3042 DEVICE_NATIVE_ENDIAN);
3043 }
3044
3045 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3046 MemTxAttrs attrs, MemTxResult *result)
3047 {
3048 return address_space_ldl_internal(as, addr, attrs, result,
3049 DEVICE_LITTLE_ENDIAN);
3050 }
3051
3052 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3053 MemTxAttrs attrs, MemTxResult *result)
3054 {
3055 return address_space_ldl_internal(as, addr, attrs, result,
3056 DEVICE_BIG_ENDIAN);
3057 }
3058
3059 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3060 {
3061 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3062 }
3063
3064 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3065 {
3066 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3067 }
3068
3069 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3070 {
3071 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3072 }
3073
3074 /* warning: addr must be aligned */
3075 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3076 MemTxAttrs attrs,
3077 MemTxResult *result,
3078 enum device_endian endian)
3079 {
3080 uint8_t *ptr;
3081 uint64_t val;
3082 MemoryRegion *mr;
3083 hwaddr l = 8;
3084 hwaddr addr1;
3085 MemTxResult r;
3086 bool release_lock = false;
3087
3088 rcu_read_lock();
3089 mr = address_space_translate(as, addr, &addr1, &l,
3090 false);
3091 if (l < 8 || !memory_access_is_direct(mr, false)) {
3092 release_lock |= prepare_mmio_access(mr);
3093
3094 /* I/O case */
3095 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3096 #if defined(TARGET_WORDS_BIGENDIAN)
3097 if (endian == DEVICE_LITTLE_ENDIAN) {
3098 val = bswap64(val);
3099 }
3100 #else
3101 if (endian == DEVICE_BIG_ENDIAN) {
3102 val = bswap64(val);
3103 }
3104 #endif
3105 } else {
3106 /* RAM case */
3107 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3108 & TARGET_PAGE_MASK)
3109 + addr1);
3110 switch (endian) {
3111 case DEVICE_LITTLE_ENDIAN:
3112 val = ldq_le_p(ptr);
3113 break;
3114 case DEVICE_BIG_ENDIAN:
3115 val = ldq_be_p(ptr);
3116 break;
3117 default:
3118 val = ldq_p(ptr);
3119 break;
3120 }
3121 r = MEMTX_OK;
3122 }
3123 if (result) {
3124 *result = r;
3125 }
3126 if (release_lock) {
3127 qemu_mutex_unlock_iothread();
3128 }
3129 rcu_read_unlock();
3130 return val;
3131 }
3132
3133 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3134 MemTxAttrs attrs, MemTxResult *result)
3135 {
3136 return address_space_ldq_internal(as, addr, attrs, result,
3137 DEVICE_NATIVE_ENDIAN);
3138 }
3139
3140 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3141 MemTxAttrs attrs, MemTxResult *result)
3142 {
3143 return address_space_ldq_internal(as, addr, attrs, result,
3144 DEVICE_LITTLE_ENDIAN);
3145 }
3146
3147 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3148 MemTxAttrs attrs, MemTxResult *result)
3149 {
3150 return address_space_ldq_internal(as, addr, attrs, result,
3151 DEVICE_BIG_ENDIAN);
3152 }
3153
3154 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3155 {
3156 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3157 }
3158
3159 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3160 {
3161 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3162 }
3163
3164 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3165 {
3166 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3167 }
3168
3169 /* XXX: optimize */
3170 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3171 MemTxAttrs attrs, MemTxResult *result)
3172 {
3173 uint8_t val;
3174 MemTxResult r;
3175
3176 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3177 if (result) {
3178 *result = r;
3179 }
3180 return val;
3181 }
3182
3183 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3184 {
3185 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3186 }
3187
3188 /* warning: addr must be aligned */
3189 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3190 hwaddr addr,
3191 MemTxAttrs attrs,
3192 MemTxResult *result,
3193 enum device_endian endian)
3194 {
3195 uint8_t *ptr;
3196 uint64_t val;
3197 MemoryRegion *mr;
3198 hwaddr l = 2;
3199 hwaddr addr1;
3200 MemTxResult r;
3201 bool release_lock = false;
3202
3203 rcu_read_lock();
3204 mr = address_space_translate(as, addr, &addr1, &l,
3205 false);
3206 if (l < 2 || !memory_access_is_direct(mr, false)) {
3207 release_lock |= prepare_mmio_access(mr);
3208
3209 /* I/O case */
3210 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3211 #if defined(TARGET_WORDS_BIGENDIAN)
3212 if (endian == DEVICE_LITTLE_ENDIAN) {
3213 val = bswap16(val);
3214 }
3215 #else
3216 if (endian == DEVICE_BIG_ENDIAN) {
3217 val = bswap16(val);
3218 }
3219 #endif
3220 } else {
3221 /* RAM case */
3222 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3223 & TARGET_PAGE_MASK)
3224 + addr1);
3225 switch (endian) {
3226 case DEVICE_LITTLE_ENDIAN:
3227 val = lduw_le_p(ptr);
3228 break;
3229 case DEVICE_BIG_ENDIAN:
3230 val = lduw_be_p(ptr);
3231 break;
3232 default:
3233 val = lduw_p(ptr);
3234 break;
3235 }
3236 r = MEMTX_OK;
3237 }
3238 if (result) {
3239 *result = r;
3240 }
3241 if (release_lock) {
3242 qemu_mutex_unlock_iothread();
3243 }
3244 rcu_read_unlock();
3245 return val;
3246 }
3247
3248 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3249 MemTxAttrs attrs, MemTxResult *result)
3250 {
3251 return address_space_lduw_internal(as, addr, attrs, result,
3252 DEVICE_NATIVE_ENDIAN);
3253 }
3254
3255 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3256 MemTxAttrs attrs, MemTxResult *result)
3257 {
3258 return address_space_lduw_internal(as, addr, attrs, result,
3259 DEVICE_LITTLE_ENDIAN);
3260 }
3261
3262 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3263 MemTxAttrs attrs, MemTxResult *result)
3264 {
3265 return address_space_lduw_internal(as, addr, attrs, result,
3266 DEVICE_BIG_ENDIAN);
3267 }
3268
3269 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3270 {
3271 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3272 }
3273
3274 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3275 {
3276 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3277 }
3278
3279 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3280 {
3281 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3282 }
3283
3284 /* warning: addr must be aligned. The ram page is not masked as dirty
3285 and the code inside is not invalidated. It is useful if the dirty
3286 bits are used to track modified PTEs */
3287 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3288 MemTxAttrs attrs, MemTxResult *result)
3289 {
3290 uint8_t *ptr;
3291 MemoryRegion *mr;
3292 hwaddr l = 4;
3293 hwaddr addr1;
3294 MemTxResult r;
3295 uint8_t dirty_log_mask;
3296 bool release_lock = false;
3297
3298 rcu_read_lock();
3299 mr = address_space_translate(as, addr, &addr1, &l,
3300 true);
3301 if (l < 4 || !memory_access_is_direct(mr, true)) {
3302 release_lock |= prepare_mmio_access(mr);
3303
3304 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3305 } else {
3306 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3307 ptr = qemu_get_ram_ptr(addr1);
3308 stl_p(ptr, val);
3309
3310 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3311 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3312 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3313 r = MEMTX_OK;
3314 }
3315 if (result) {
3316 *result = r;
3317 }
3318 if (release_lock) {
3319 qemu_mutex_unlock_iothread();
3320 }
3321 rcu_read_unlock();
3322 }
3323
3324 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3325 {
3326 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3327 }
3328
3329 /* warning: addr must be aligned */
3330 static inline void address_space_stl_internal(AddressSpace *as,
3331 hwaddr addr, uint32_t val,
3332 MemTxAttrs attrs,
3333 MemTxResult *result,
3334 enum device_endian endian)
3335 {
3336 uint8_t *ptr;
3337 MemoryRegion *mr;
3338 hwaddr l = 4;
3339 hwaddr addr1;
3340 MemTxResult r;
3341 bool release_lock = false;
3342
3343 rcu_read_lock();
3344 mr = address_space_translate(as, addr, &addr1, &l,
3345 true);
3346 if (l < 4 || !memory_access_is_direct(mr, true)) {
3347 release_lock |= prepare_mmio_access(mr);
3348
3349 #if defined(TARGET_WORDS_BIGENDIAN)
3350 if (endian == DEVICE_LITTLE_ENDIAN) {
3351 val = bswap32(val);
3352 }
3353 #else
3354 if (endian == DEVICE_BIG_ENDIAN) {
3355 val = bswap32(val);
3356 }
3357 #endif
3358 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3359 } else {
3360 /* RAM case */
3361 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3362 ptr = qemu_get_ram_ptr(addr1);
3363 switch (endian) {
3364 case DEVICE_LITTLE_ENDIAN:
3365 stl_le_p(ptr, val);
3366 break;
3367 case DEVICE_BIG_ENDIAN:
3368 stl_be_p(ptr, val);
3369 break;
3370 default:
3371 stl_p(ptr, val);
3372 break;
3373 }
3374 invalidate_and_set_dirty(mr, addr1, 4);
3375 r = MEMTX_OK;
3376 }
3377 if (result) {
3378 *result = r;
3379 }
3380 if (release_lock) {
3381 qemu_mutex_unlock_iothread();
3382 }
3383 rcu_read_unlock();
3384 }
3385
3386 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3387 MemTxAttrs attrs, MemTxResult *result)
3388 {
3389 address_space_stl_internal(as, addr, val, attrs, result,
3390 DEVICE_NATIVE_ENDIAN);
3391 }
3392
3393 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3395 {
3396 address_space_stl_internal(as, addr, val, attrs, result,
3397 DEVICE_LITTLE_ENDIAN);
3398 }
3399
3400 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3401 MemTxAttrs attrs, MemTxResult *result)
3402 {
3403 address_space_stl_internal(as, addr, val, attrs, result,
3404 DEVICE_BIG_ENDIAN);
3405 }
3406
3407 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3408 {
3409 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3410 }
3411
3412 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3413 {
3414 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3415 }
3416
3417 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3418 {
3419 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3420 }
3421
3422 /* XXX: optimize */
3423 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3424 MemTxAttrs attrs, MemTxResult *result)
3425 {
3426 uint8_t v = val;
3427 MemTxResult r;
3428
3429 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3430 if (result) {
3431 *result = r;
3432 }
3433 }
3434
3435 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3436 {
3437 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3438 }
3439
3440 /* warning: addr must be aligned */
3441 static inline void address_space_stw_internal(AddressSpace *as,
3442 hwaddr addr, uint32_t val,
3443 MemTxAttrs attrs,
3444 MemTxResult *result,
3445 enum device_endian endian)
3446 {
3447 uint8_t *ptr;
3448 MemoryRegion *mr;
3449 hwaddr l = 2;
3450 hwaddr addr1;
3451 MemTxResult r;
3452 bool release_lock = false;
3453
3454 rcu_read_lock();
3455 mr = address_space_translate(as, addr, &addr1, &l, true);
3456 if (l < 2 || !memory_access_is_direct(mr, true)) {
3457 release_lock |= prepare_mmio_access(mr);
3458
3459 #if defined(TARGET_WORDS_BIGENDIAN)
3460 if (endian == DEVICE_LITTLE_ENDIAN) {
3461 val = bswap16(val);
3462 }
3463 #else
3464 if (endian == DEVICE_BIG_ENDIAN) {
3465 val = bswap16(val);
3466 }
3467 #endif
3468 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3469 } else {
3470 /* RAM case */
3471 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3472 ptr = qemu_get_ram_ptr(addr1);
3473 switch (endian) {
3474 case DEVICE_LITTLE_ENDIAN:
3475 stw_le_p(ptr, val);
3476 break;
3477 case DEVICE_BIG_ENDIAN:
3478 stw_be_p(ptr, val);
3479 break;
3480 default:
3481 stw_p(ptr, val);
3482 break;
3483 }
3484 invalidate_and_set_dirty(mr, addr1, 2);
3485 r = MEMTX_OK;
3486 }
3487 if (result) {
3488 *result = r;
3489 }
3490 if (release_lock) {
3491 qemu_mutex_unlock_iothread();
3492 }
3493 rcu_read_unlock();
3494 }
3495
3496 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3497 MemTxAttrs attrs, MemTxResult *result)
3498 {
3499 address_space_stw_internal(as, addr, val, attrs, result,
3500 DEVICE_NATIVE_ENDIAN);
3501 }
3502
3503 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3504 MemTxAttrs attrs, MemTxResult *result)
3505 {
3506 address_space_stw_internal(as, addr, val, attrs, result,
3507 DEVICE_LITTLE_ENDIAN);
3508 }
3509
3510 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3511 MemTxAttrs attrs, MemTxResult *result)
3512 {
3513 address_space_stw_internal(as, addr, val, attrs, result,
3514 DEVICE_BIG_ENDIAN);
3515 }
3516
3517 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3518 {
3519 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3520 }
3521
3522 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3523 {
3524 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3525 }
3526
3527 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3528 {
3529 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3530 }
3531
3532 /* XXX: optimize */
3533 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3534 MemTxAttrs attrs, MemTxResult *result)
3535 {
3536 MemTxResult r;
3537 val = tswap64(val);
3538 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3539 if (result) {
3540 *result = r;
3541 }
3542 }
3543
3544 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3545 MemTxAttrs attrs, MemTxResult *result)
3546 {
3547 MemTxResult r;
3548 val = cpu_to_le64(val);
3549 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3550 if (result) {
3551 *result = r;
3552 }
3553 }
3554 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3555 MemTxAttrs attrs, MemTxResult *result)
3556 {
3557 MemTxResult r;
3558 val = cpu_to_be64(val);
3559 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3560 if (result) {
3561 *result = r;
3562 }
3563 }
3564
3565 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3566 {
3567 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3568 }
3569
3570 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3571 {
3572 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3573 }
3574
3575 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3576 {
3577 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3578 }
3579
3580 /* virtual memory access for debug (includes writing to ROM) */
3581 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3582 uint8_t *buf, int len, int is_write)
3583 {
3584 int l;
3585 hwaddr phys_addr;
3586 target_ulong page;
3587
3588 while (len > 0) {
3589 page = addr & TARGET_PAGE_MASK;
3590 phys_addr = cpu_get_phys_page_debug(cpu, page);
3591 /* if no physical page mapped, return an error */
3592 if (phys_addr == -1)
3593 return -1;
3594 l = (page + TARGET_PAGE_SIZE) - addr;
3595 if (l > len)
3596 l = len;
3597 phys_addr += (addr & ~TARGET_PAGE_MASK);
3598 if (is_write) {
3599 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3600 } else {
3601 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3602 buf, l, 0);
3603 }
3604 len -= l;
3605 buf += l;
3606 addr += l;
3607 }
3608 return 0;
3609 }
3610
3611 /*
3612 * Allows code that needs to deal with migration bitmaps etc to still be built
3613 * target independent.
3614 */
3615 size_t qemu_target_page_bits(void)
3616 {
3617 return TARGET_PAGE_BITS;
3618 }
3619
3620 #endif
3621
3622 /*
3623 * A helper function for the _utterly broken_ virtio device model to find out if
3624 * it's running on a big endian machine. Don't do this at home kids!
3625 */
3626 bool target_words_bigendian(void);
3627 bool target_words_bigendian(void)
3628 {
3629 #if defined(TARGET_WORDS_BIGENDIAN)
3630 return true;
3631 #else
3632 return false;
3633 #endif
3634 }
3635
3636 #ifndef CONFIG_USER_ONLY
3637 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3638 {
3639 MemoryRegion*mr;
3640 hwaddr l = 1;
3641 bool res;
3642
3643 rcu_read_lock();
3644 mr = address_space_translate(&address_space_memory,
3645 phys_addr, &phys_addr, &l, false);
3646
3647 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3648 rcu_read_unlock();
3649 return res;
3650 }
3651
3652 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3653 {
3654 RAMBlock *block;
3655 int ret = 0;
3656
3657 rcu_read_lock();
3658 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3659 ret = func(block->idstr, block->host, block->offset,
3660 block->used_length, opaque);
3661 if (ret) {
3662 break;
3663 }
3664 }
3665 rcu_read_unlock();
3666 return ret;
3667 }
3668 #endif
QEMU mirror