]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cpu: move exec-all.h inclusion out of cpu.h
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #ifndef _WIN32
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu/cutils.h"
26 #include "cpu.h"
27 #include "exec/exec-all.h"
28 #include "tcg.h"
29 #include "hw/qdev-core.h"
30 #if !defined(CONFIG_USER_ONLY)
31 #include "hw/boards.h"
32 #include "hw/xen/xen.h"
33 #endif
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "qemu/error-report.h"
39 #if defined(CONFIG_USER_ONLY)
40 #include <qemu.h>
41 #else /* !CONFIG_USER_ONLY */
42 #include "hw/hw.h"
43 #include "exec/memory.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57 #include "exec/log.h"
58
59 #include "qemu/range.h"
60 #ifndef _WIN32
61 #include "qemu/mmap-alloc.h"
62 #endif
63
64 //#define DEBUG_SUBPAGE
65
66 #if !defined(CONFIG_USER_ONLY)
67 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
68 * are protected by the ramlist lock.
69 */
70 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
71
72 static MemoryRegion *system_memory;
73 static MemoryRegion *system_io;
74
75 AddressSpace address_space_io;
76 AddressSpace address_space_memory;
77
78 MemoryRegion io_mem_rom, io_mem_notdirty;
79 static MemoryRegion io_mem_unassigned;
80
81 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
82 #define RAM_PREALLOC (1 << 0)
83
84 /* RAM is mmap-ed with MAP_SHARED */
85 #define RAM_SHARED (1 << 1)
86
87 /* Only a portion of RAM (used_length) is actually used, and migrated.
88 * This used_length size can change across reboots.
89 */
90 #define RAM_RESIZEABLE (1 << 2)
91
92 #endif
93
94 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
95 /* current CPU in the current thread. It is only valid inside
96 cpu_exec() */
97 __thread CPUState *current_cpu;
98 /* 0 = Do not count executed instructions.
99 1 = Precise instruction counting.
100 2 = Adaptive rate instruction counting. */
101 int use_icount;
102
103 #if !defined(CONFIG_USER_ONLY)
104
105 typedef struct PhysPageEntry PhysPageEntry;
106
107 struct PhysPageEntry {
108 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
109 uint32_t skip : 6;
110 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
111 uint32_t ptr : 26;
112 };
113
114 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
115
116 /* Size of the L2 (and L3, etc) page tables. */
117 #define ADDR_SPACE_BITS 64
118
119 #define P_L2_BITS 9
120 #define P_L2_SIZE (1 << P_L2_BITS)
121
122 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
123
124 typedef PhysPageEntry Node[P_L2_SIZE];
125
126 typedef struct PhysPageMap {
127 struct rcu_head rcu;
128
129 unsigned sections_nb;
130 unsigned sections_nb_alloc;
131 unsigned nodes_nb;
132 unsigned nodes_nb_alloc;
133 Node *nodes;
134 MemoryRegionSection *sections;
135 } PhysPageMap;
136
137 struct AddressSpaceDispatch {
138 struct rcu_head rcu;
139
140 MemoryRegionSection *mru_section;
141 /* This is a multi-level map on the physical address space.
142 * The bottom level has pointers to MemoryRegionSections.
143 */
144 PhysPageEntry phys_map;
145 PhysPageMap map;
146 AddressSpace *as;
147 };
148
149 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
150 typedef struct subpage_t {
151 MemoryRegion iomem;
152 AddressSpace *as;
153 hwaddr base;
154 uint16_t sub_section[TARGET_PAGE_SIZE];
155 } subpage_t;
156
157 #define PHYS_SECTION_UNASSIGNED 0
158 #define PHYS_SECTION_NOTDIRTY 1
159 #define PHYS_SECTION_ROM 2
160 #define PHYS_SECTION_WATCH 3
161
162 static void io_mem_init(void);
163 static void memory_map_init(void);
164 static void tcg_commit(MemoryListener *listener);
165
166 static MemoryRegion io_mem_watch;
167
168 /**
169 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
170 * @cpu: the CPU whose AddressSpace this is
171 * @as: the AddressSpace itself
172 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
173 * @tcg_as_listener: listener for tracking changes to the AddressSpace
174 */
175 struct CPUAddressSpace {
176 CPUState *cpu;
177 AddressSpace *as;
178 struct AddressSpaceDispatch *memory_dispatch;
179 MemoryListener tcg_as_listener;
180 };
181
182 #endif
183
184 #if !defined(CONFIG_USER_ONLY)
185
186 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
187 {
188 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
189 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
191 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
192 }
193 }
194
195 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
196 {
197 unsigned i;
198 uint32_t ret;
199 PhysPageEntry e;
200 PhysPageEntry *p;
201
202 ret = map->nodes_nb++;
203 p = map->nodes[ret];
204 assert(ret != PHYS_MAP_NODE_NIL);
205 assert(ret != map->nodes_nb_alloc);
206
207 e.skip = leaf ? 0 : 1;
208 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
209 for (i = 0; i < P_L2_SIZE; ++i) {
210 memcpy(&p[i], &e, sizeof(e));
211 }
212 return ret;
213 }
214
215 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
216 hwaddr *index, hwaddr *nb, uint16_t leaf,
217 int level)
218 {
219 PhysPageEntry *p;
220 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
221
222 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
223 lp->ptr = phys_map_node_alloc(map, level == 0);
224 }
225 p = map->nodes[lp->ptr];
226 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
227
228 while (*nb && lp < &p[P_L2_SIZE]) {
229 if ((*index & (step - 1)) == 0 && *nb >= step) {
230 lp->skip = 0;
231 lp->ptr = leaf;
232 *index += step;
233 *nb -= step;
234 } else {
235 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
236 }
237 ++lp;
238 }
239 }
240
241 static void phys_page_set(AddressSpaceDispatch *d,
242 hwaddr index, hwaddr nb,
243 uint16_t leaf)
244 {
245 /* Wildly overreserve - it doesn't matter much. */
246 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
247
248 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
249 }
250
251 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
252 * and update our entry so we can skip it and go directly to the destination.
253 */
254 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
255 {
256 unsigned valid_ptr = P_L2_SIZE;
257 int valid = 0;
258 PhysPageEntry *p;
259 int i;
260
261 if (lp->ptr == PHYS_MAP_NODE_NIL) {
262 return;
263 }
264
265 p = nodes[lp->ptr];
266 for (i = 0; i < P_L2_SIZE; i++) {
267 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
268 continue;
269 }
270
271 valid_ptr = i;
272 valid++;
273 if (p[i].skip) {
274 phys_page_compact(&p[i], nodes, compacted);
275 }
276 }
277
278 /* We can only compress if there's only one child. */
279 if (valid != 1) {
280 return;
281 }
282
283 assert(valid_ptr < P_L2_SIZE);
284
285 /* Don't compress if it won't fit in the # of bits we have. */
286 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
287 return;
288 }
289
290 lp->ptr = p[valid_ptr].ptr;
291 if (!p[valid_ptr].skip) {
292 /* If our only child is a leaf, make this a leaf. */
293 /* By design, we should have made this node a leaf to begin with so we
294 * should never reach here.
295 * But since it's so simple to handle this, let's do it just in case we
296 * change this rule.
297 */
298 lp->skip = 0;
299 } else {
300 lp->skip += p[valid_ptr].skip;
301 }
302 }
303
304 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
305 {
306 DECLARE_BITMAP(compacted, nodes_nb);
307
308 if (d->phys_map.skip) {
309 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
310 }
311 }
312
313 static inline bool section_covers_addr(const MemoryRegionSection *section,
314 hwaddr addr)
315 {
316 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
317 * the section must cover the entire address space.
318 */
319 return section->size.hi ||
320 range_covers_byte(section->offset_within_address_space,
321 section->size.lo, addr);
322 }
323
324 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
325 Node *nodes, MemoryRegionSection *sections)
326 {
327 PhysPageEntry *p;
328 hwaddr index = addr >> TARGET_PAGE_BITS;
329 int i;
330
331 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
332 if (lp.ptr == PHYS_MAP_NODE_NIL) {
333 return &sections[PHYS_SECTION_UNASSIGNED];
334 }
335 p = nodes[lp.ptr];
336 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
337 }
338
339 if (section_covers_addr(&sections[lp.ptr], addr)) {
340 return &sections[lp.ptr];
341 } else {
342 return &sections[PHYS_SECTION_UNASSIGNED];
343 }
344 }
345
346 bool memory_region_is_unassigned(MemoryRegion *mr)
347 {
348 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
349 && mr != &io_mem_watch;
350 }
351
352 /* Called from RCU critical section */
353 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
354 hwaddr addr,
355 bool resolve_subpage)
356 {
357 MemoryRegionSection *section = atomic_read(&d->mru_section);
358 subpage_t *subpage;
359 bool update;
360
361 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
362 section_covers_addr(section, addr)) {
363 update = false;
364 } else {
365 section = phys_page_find(d->phys_map, addr, d->map.nodes,
366 d->map.sections);
367 update = true;
368 }
369 if (resolve_subpage && section->mr->subpage) {
370 subpage = container_of(section->mr, subpage_t, iomem);
371 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
372 }
373 if (update) {
374 atomic_set(&d->mru_section, section);
375 }
376 return section;
377 }
378
379 /* Called from RCU critical section */
380 static MemoryRegionSection *
381 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
382 hwaddr *plen, bool resolve_subpage)
383 {
384 MemoryRegionSection *section;
385 MemoryRegion *mr;
386 Int128 diff;
387
388 section = address_space_lookup_region(d, addr, resolve_subpage);
389 /* Compute offset within MemoryRegionSection */
390 addr -= section->offset_within_address_space;
391
392 /* Compute offset within MemoryRegion */
393 *xlat = addr + section->offset_within_region;
394
395 mr = section->mr;
396
397 /* MMIO registers can be expected to perform full-width accesses based only
398 * on their address, without considering adjacent registers that could
399 * decode to completely different MemoryRegions. When such registers
400 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
401 * regions overlap wildly. For this reason we cannot clamp the accesses
402 * here.
403 *
404 * If the length is small (as is the case for address_space_ldl/stl),
405 * everything works fine. If the incoming length is large, however,
406 * the caller really has to do the clamping through memory_access_size.
407 */
408 if (memory_region_is_ram(mr)) {
409 diff = int128_sub(section->size, int128_make64(addr));
410 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
411 }
412 return section;
413 }
414
415 /* Called from RCU critical section */
416 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
417 hwaddr *xlat, hwaddr *plen,
418 bool is_write)
419 {
420 IOMMUTLBEntry iotlb;
421 MemoryRegionSection *section;
422 MemoryRegion *mr;
423
424 for (;;) {
425 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
426 section = address_space_translate_internal(d, addr, &addr, plen, true);
427 mr = section->mr;
428
429 if (!mr->iommu_ops) {
430 break;
431 }
432
433 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
434 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
435 | (addr & iotlb.addr_mask));
436 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
437 if (!(iotlb.perm & (1 << is_write))) {
438 mr = &io_mem_unassigned;
439 break;
440 }
441
442 as = iotlb.target_as;
443 }
444
445 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
446 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
447 *plen = MIN(page, *plen);
448 }
449
450 *xlat = addr;
451 return mr;
452 }
453
454 /* Called from RCU critical section */
455 MemoryRegionSection *
456 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
457 hwaddr *xlat, hwaddr *plen)
458 {
459 MemoryRegionSection *section;
460 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
461
462 section = address_space_translate_internal(d, addr, xlat, plen, false);
463
464 assert(!section->mr->iommu_ops);
465 return section;
466 }
467 #endif
468
469 #if !defined(CONFIG_USER_ONLY)
470
471 static int cpu_common_post_load(void *opaque, int version_id)
472 {
473 CPUState *cpu = opaque;
474
475 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
476 version_id is increased. */
477 cpu->interrupt_request &= ~0x01;
478 tlb_flush(cpu, 1);
479
480 return 0;
481 }
482
483 static int cpu_common_pre_load(void *opaque)
484 {
485 CPUState *cpu = opaque;
486
487 cpu->exception_index = -1;
488
489 return 0;
490 }
491
492 static bool cpu_common_exception_index_needed(void *opaque)
493 {
494 CPUState *cpu = opaque;
495
496 return tcg_enabled() && cpu->exception_index != -1;
497 }
498
499 static const VMStateDescription vmstate_cpu_common_exception_index = {
500 .name = "cpu_common/exception_index",
501 .version_id = 1,
502 .minimum_version_id = 1,
503 .needed = cpu_common_exception_index_needed,
504 .fields = (VMStateField[]) {
505 VMSTATE_INT32(exception_index, CPUState),
506 VMSTATE_END_OF_LIST()
507 }
508 };
509
510 static bool cpu_common_crash_occurred_needed(void *opaque)
511 {
512 CPUState *cpu = opaque;
513
514 return cpu->crash_occurred;
515 }
516
517 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
518 .name = "cpu_common/crash_occurred",
519 .version_id = 1,
520 .minimum_version_id = 1,
521 .needed = cpu_common_crash_occurred_needed,
522 .fields = (VMStateField[]) {
523 VMSTATE_BOOL(crash_occurred, CPUState),
524 VMSTATE_END_OF_LIST()
525 }
526 };
527
528 const VMStateDescription vmstate_cpu_common = {
529 .name = "cpu_common",
530 .version_id = 1,
531 .minimum_version_id = 1,
532 .pre_load = cpu_common_pre_load,
533 .post_load = cpu_common_post_load,
534 .fields = (VMStateField[]) {
535 VMSTATE_UINT32(halted, CPUState),
536 VMSTATE_UINT32(interrupt_request, CPUState),
537 VMSTATE_END_OF_LIST()
538 },
539 .subsections = (const VMStateDescription*[]) {
540 &vmstate_cpu_common_exception_index,
541 &vmstate_cpu_common_crash_occurred,
542 NULL
543 }
544 };
545
546 #endif
547
548 CPUState *qemu_get_cpu(int index)
549 {
550 CPUState *cpu;
551
552 CPU_FOREACH(cpu) {
553 if (cpu->cpu_index == index) {
554 return cpu;
555 }
556 }
557
558 return NULL;
559 }
560
561 #if !defined(CONFIG_USER_ONLY)
562 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
563 {
564 CPUAddressSpace *newas;
565
566 /* Target code should have set num_ases before calling us */
567 assert(asidx < cpu->num_ases);
568
569 if (asidx == 0) {
570 /* address space 0 gets the convenience alias */
571 cpu->as = as;
572 }
573
574 /* KVM cannot currently support multiple address spaces. */
575 assert(asidx == 0 || !kvm_enabled());
576
577 if (!cpu->cpu_ases) {
578 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
579 }
580
581 newas = &cpu->cpu_ases[asidx];
582 newas->cpu = cpu;
583 newas->as = as;
584 if (tcg_enabled()) {
585 newas->tcg_as_listener.commit = tcg_commit;
586 memory_listener_register(&newas->tcg_as_listener, as);
587 }
588 }
589
590 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
591 {
592 /* Return the AddressSpace corresponding to the specified index */
593 return cpu->cpu_ases[asidx].as;
594 }
595 #endif
596
597 #ifndef CONFIG_USER_ONLY
598 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
599
600 static int cpu_get_free_index(Error **errp)
601 {
602 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
603
604 if (cpu >= MAX_CPUMASK_BITS) {
605 error_setg(errp, "Trying to use more CPUs than max of %d",
606 MAX_CPUMASK_BITS);
607 return -1;
608 }
609
610 bitmap_set(cpu_index_map, cpu, 1);
611 return cpu;
612 }
613
614 void cpu_exec_exit(CPUState *cpu)
615 {
616 if (cpu->cpu_index == -1) {
617 /* cpu_index was never allocated by this @cpu or was already freed. */
618 return;
619 }
620
621 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
622 cpu->cpu_index = -1;
623 }
624 #else
625
626 static int cpu_get_free_index(Error **errp)
627 {
628 CPUState *some_cpu;
629 int cpu_index = 0;
630
631 CPU_FOREACH(some_cpu) {
632 cpu_index++;
633 }
634 return cpu_index;
635 }
636
637 void cpu_exec_exit(CPUState *cpu)
638 {
639 }
640 #endif
641
642 void cpu_exec_init(CPUState *cpu, Error **errp)
643 {
644 CPUClass *cc = CPU_GET_CLASS(cpu);
645 Error *local_err = NULL;
646
647 cpu->as = NULL;
648 cpu->num_ases = 0;
649
650 #ifndef CONFIG_USER_ONLY
651 cpu->thread_id = qemu_get_thread_id();
652
653 /* This is a softmmu CPU object, so create a property for it
654 * so users can wire up its memory. (This can't go in qom/cpu.c
655 * because that file is compiled only once for both user-mode
656 * and system builds.) The default if no link is set up is to use
657 * the system address space.
658 */
659 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
660 (Object **)&cpu->memory,
661 qdev_prop_allow_set_link_before_realize,
662 OBJ_PROP_LINK_UNREF_ON_RELEASE,
663 &error_abort);
664 cpu->memory = system_memory;
665 object_ref(OBJECT(cpu->memory));
666 #endif
667
668 #if defined(CONFIG_USER_ONLY)
669 cpu_list_lock();
670 #endif
671 cpu->cpu_index = cpu_get_free_index(&local_err);
672 if (local_err) {
673 error_propagate(errp, local_err);
674 #if defined(CONFIG_USER_ONLY)
675 cpu_list_unlock();
676 #endif
677 return;
678 }
679 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
680 #if defined(CONFIG_USER_ONLY)
681 (void) cc;
682 cpu_list_unlock();
683 #else
684 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
685 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
686 }
687 if (cc->vmsd != NULL) {
688 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
689 }
690 #endif
691 }
692
693 #if defined(CONFIG_USER_ONLY)
694 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
695 {
696 tb_invalidate_phys_page_range(pc, pc + 1, 0);
697 }
698 #else
699 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
700 {
701 MemTxAttrs attrs;
702 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
703 int asidx = cpu_asidx_from_attrs(cpu, attrs);
704 if (phys != -1) {
705 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
706 phys | (pc & ~TARGET_PAGE_MASK));
707 }
708 }
709 #endif
710
711 #if defined(CONFIG_USER_ONLY)
712 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
713
714 {
715 }
716
717 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
718 int flags)
719 {
720 return -ENOSYS;
721 }
722
723 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
724 {
725 }
726
727 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
728 int flags, CPUWatchpoint **watchpoint)
729 {
730 return -ENOSYS;
731 }
732 #else
733 /* Add a watchpoint. */
734 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
735 int flags, CPUWatchpoint **watchpoint)
736 {
737 CPUWatchpoint *wp;
738
739 /* forbid ranges which are empty or run off the end of the address space */
740 if (len == 0 || (addr + len - 1) < addr) {
741 error_report("tried to set invalid watchpoint at %"
742 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
743 return -EINVAL;
744 }
745 wp = g_malloc(sizeof(*wp));
746
747 wp->vaddr = addr;
748 wp->len = len;
749 wp->flags = flags;
750
751 /* keep all GDB-injected watchpoints in front */
752 if (flags & BP_GDB) {
753 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
754 } else {
755 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
756 }
757
758 tlb_flush_page(cpu, addr);
759
760 if (watchpoint)
761 *watchpoint = wp;
762 return 0;
763 }
764
765 /* Remove a specific watchpoint. */
766 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
767 int flags)
768 {
769 CPUWatchpoint *wp;
770
771 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
772 if (addr == wp->vaddr && len == wp->len
773 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
774 cpu_watchpoint_remove_by_ref(cpu, wp);
775 return 0;
776 }
777 }
778 return -ENOENT;
779 }
780
781 /* Remove a specific watchpoint by reference. */
782 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
783 {
784 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
785
786 tlb_flush_page(cpu, watchpoint->vaddr);
787
788 g_free(watchpoint);
789 }
790
791 /* Remove all matching watchpoints. */
792 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
793 {
794 CPUWatchpoint *wp, *next;
795
796 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
797 if (wp->flags & mask) {
798 cpu_watchpoint_remove_by_ref(cpu, wp);
799 }
800 }
801 }
802
803 /* Return true if this watchpoint address matches the specified
804 * access (ie the address range covered by the watchpoint overlaps
805 * partially or completely with the address range covered by the
806 * access).
807 */
808 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
809 vaddr addr,
810 vaddr len)
811 {
812 /* We know the lengths are non-zero, but a little caution is
813 * required to avoid errors in the case where the range ends
814 * exactly at the top of the address space and so addr + len
815 * wraps round to zero.
816 */
817 vaddr wpend = wp->vaddr + wp->len - 1;
818 vaddr addrend = addr + len - 1;
819
820 return !(addr > wpend || wp->vaddr > addrend);
821 }
822
823 #endif
824
825 /* Add a breakpoint. */
826 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
827 CPUBreakpoint **breakpoint)
828 {
829 CPUBreakpoint *bp;
830
831 bp = g_malloc(sizeof(*bp));
832
833 bp->pc = pc;
834 bp->flags = flags;
835
836 /* keep all GDB-injected breakpoints in front */
837 if (flags & BP_GDB) {
838 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
839 } else {
840 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
841 }
842
843 breakpoint_invalidate(cpu, pc);
844
845 if (breakpoint) {
846 *breakpoint = bp;
847 }
848 return 0;
849 }
850
851 /* Remove a specific breakpoint. */
852 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
853 {
854 CPUBreakpoint *bp;
855
856 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
857 if (bp->pc == pc && bp->flags == flags) {
858 cpu_breakpoint_remove_by_ref(cpu, bp);
859 return 0;
860 }
861 }
862 return -ENOENT;
863 }
864
865 /* Remove a specific breakpoint by reference. */
866 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
867 {
868 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
869
870 breakpoint_invalidate(cpu, breakpoint->pc);
871
872 g_free(breakpoint);
873 }
874
875 /* Remove all matching breakpoints. */
876 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
877 {
878 CPUBreakpoint *bp, *next;
879
880 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
881 if (bp->flags & mask) {
882 cpu_breakpoint_remove_by_ref(cpu, bp);
883 }
884 }
885 }
886
887 /* enable or disable single step mode. EXCP_DEBUG is returned by the
888 CPU loop after each instruction */
889 void cpu_single_step(CPUState *cpu, int enabled)
890 {
891 if (cpu->singlestep_enabled != enabled) {
892 cpu->singlestep_enabled = enabled;
893 if (kvm_enabled()) {
894 kvm_update_guest_debug(cpu, 0);
895 } else {
896 /* must flush all the translated code to avoid inconsistencies */
897 /* XXX: only flush what is necessary */
898 tb_flush(cpu);
899 }
900 }
901 }
902
903 void cpu_abort(CPUState *cpu, const char *fmt, ...)
904 {
905 va_list ap;
906 va_list ap2;
907
908 va_start(ap, fmt);
909 va_copy(ap2, ap);
910 fprintf(stderr, "qemu: fatal: ");
911 vfprintf(stderr, fmt, ap);
912 fprintf(stderr, "\n");
913 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
914 if (qemu_log_separate()) {
915 qemu_log("qemu: fatal: ");
916 qemu_log_vprintf(fmt, ap2);
917 qemu_log("\n");
918 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
919 qemu_log_flush();
920 qemu_log_close();
921 }
922 va_end(ap2);
923 va_end(ap);
924 replay_finish();
925 #if defined(CONFIG_USER_ONLY)
926 {
927 struct sigaction act;
928 sigfillset(&act.sa_mask);
929 act.sa_handler = SIG_DFL;
930 sigaction(SIGABRT, &act, NULL);
931 }
932 #endif
933 abort();
934 }
935
936 #if !defined(CONFIG_USER_ONLY)
937 /* Called from RCU critical section */
938 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
939 {
940 RAMBlock *block;
941
942 block = atomic_rcu_read(&ram_list.mru_block);
943 if (block && addr - block->offset < block->max_length) {
944 return block;
945 }
946 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
947 if (addr - block->offset < block->max_length) {
948 goto found;
949 }
950 }
951
952 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
953 abort();
954
955 found:
956 /* It is safe to write mru_block outside the iothread lock. This
957 * is what happens:
958 *
959 * mru_block = xxx
960 * rcu_read_unlock()
961 * xxx removed from list
962 * rcu_read_lock()
963 * read mru_block
964 * mru_block = NULL;
965 * call_rcu(reclaim_ramblock, xxx);
966 * rcu_read_unlock()
967 *
968 * atomic_rcu_set is not needed here. The block was already published
969 * when it was placed into the list. Here we're just making an extra
970 * copy of the pointer.
971 */
972 ram_list.mru_block = block;
973 return block;
974 }
975
976 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
977 {
978 CPUState *cpu;
979 ram_addr_t start1;
980 RAMBlock *block;
981 ram_addr_t end;
982
983 end = TARGET_PAGE_ALIGN(start + length);
984 start &= TARGET_PAGE_MASK;
985
986 rcu_read_lock();
987 block = qemu_get_ram_block(start);
988 assert(block == qemu_get_ram_block(end - 1));
989 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
990 CPU_FOREACH(cpu) {
991 tlb_reset_dirty(cpu, start1, length);
992 }
993 rcu_read_unlock();
994 }
995
996 /* Note: start and end must be within the same ram block. */
997 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
998 ram_addr_t length,
999 unsigned client)
1000 {
1001 DirtyMemoryBlocks *blocks;
1002 unsigned long end, page;
1003 bool dirty = false;
1004
1005 if (length == 0) {
1006 return false;
1007 }
1008
1009 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
1010 page = start >> TARGET_PAGE_BITS;
1011
1012 rcu_read_lock();
1013
1014 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1015
1016 while (page < end) {
1017 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1018 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1019 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1020
1021 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1022 offset, num);
1023 page += num;
1024 }
1025
1026 rcu_read_unlock();
1027
1028 if (dirty && tcg_enabled()) {
1029 tlb_reset_dirty_range_all(start, length);
1030 }
1031
1032 return dirty;
1033 }
1034
1035 /* Called from RCU critical section */
1036 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1037 MemoryRegionSection *section,
1038 target_ulong vaddr,
1039 hwaddr paddr, hwaddr xlat,
1040 int prot,
1041 target_ulong *address)
1042 {
1043 hwaddr iotlb;
1044 CPUWatchpoint *wp;
1045
1046 if (memory_region_is_ram(section->mr)) {
1047 /* Normal RAM. */
1048 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1049 + xlat;
1050 if (!section->readonly) {
1051 iotlb |= PHYS_SECTION_NOTDIRTY;
1052 } else {
1053 iotlb |= PHYS_SECTION_ROM;
1054 }
1055 } else {
1056 AddressSpaceDispatch *d;
1057
1058 d = atomic_rcu_read(&section->address_space->dispatch);
1059 iotlb = section - d->map.sections;
1060 iotlb += xlat;
1061 }
1062
1063 /* Make accesses to pages with watchpoints go via the
1064 watchpoint trap routines. */
1065 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1066 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1067 /* Avoid trapping reads of pages with a write breakpoint. */
1068 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1069 iotlb = PHYS_SECTION_WATCH + paddr;
1070 *address |= TLB_MMIO;
1071 break;
1072 }
1073 }
1074 }
1075
1076 return iotlb;
1077 }
1078 #endif /* defined(CONFIG_USER_ONLY) */
1079
1080 #if !defined(CONFIG_USER_ONLY)
1081
1082 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1083 uint16_t section);
1084 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1085
1086 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1087 qemu_anon_ram_alloc;
1088
1089 /*
1090 * Set a custom physical guest memory alloator.
1091 * Accelerators with unusual needs may need this. Hopefully, we can
1092 * get rid of it eventually.
1093 */
1094 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1095 {
1096 phys_mem_alloc = alloc;
1097 }
1098
1099 static uint16_t phys_section_add(PhysPageMap *map,
1100 MemoryRegionSection *section)
1101 {
1102 /* The physical section number is ORed with a page-aligned
1103 * pointer to produce the iotlb entries. Thus it should
1104 * never overflow into the page-aligned value.
1105 */
1106 assert(map->sections_nb < TARGET_PAGE_SIZE);
1107
1108 if (map->sections_nb == map->sections_nb_alloc) {
1109 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1110 map->sections = g_renew(MemoryRegionSection, map->sections,
1111 map->sections_nb_alloc);
1112 }
1113 map->sections[map->sections_nb] = *section;
1114 memory_region_ref(section->mr);
1115 return map->sections_nb++;
1116 }
1117
1118 static void phys_section_destroy(MemoryRegion *mr)
1119 {
1120 bool have_sub_page = mr->subpage;
1121
1122 memory_region_unref(mr);
1123
1124 if (have_sub_page) {
1125 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1126 object_unref(OBJECT(&subpage->iomem));
1127 g_free(subpage);
1128 }
1129 }
1130
1131 static void phys_sections_free(PhysPageMap *map)
1132 {
1133 while (map->sections_nb > 0) {
1134 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1135 phys_section_destroy(section->mr);
1136 }
1137 g_free(map->sections);
1138 g_free(map->nodes);
1139 }
1140
1141 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1142 {
1143 subpage_t *subpage;
1144 hwaddr base = section->offset_within_address_space
1145 & TARGET_PAGE_MASK;
1146 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1147 d->map.nodes, d->map.sections);
1148 MemoryRegionSection subsection = {
1149 .offset_within_address_space = base,
1150 .size = int128_make64(TARGET_PAGE_SIZE),
1151 };
1152 hwaddr start, end;
1153
1154 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1155
1156 if (!(existing->mr->subpage)) {
1157 subpage = subpage_init(d->as, base);
1158 subsection.address_space = d->as;
1159 subsection.mr = &subpage->iomem;
1160 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1161 phys_section_add(&d->map, &subsection));
1162 } else {
1163 subpage = container_of(existing->mr, subpage_t, iomem);
1164 }
1165 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1166 end = start + int128_get64(section->size) - 1;
1167 subpage_register(subpage, start, end,
1168 phys_section_add(&d->map, section));
1169 }
1170
1171
1172 static void register_multipage(AddressSpaceDispatch *d,
1173 MemoryRegionSection *section)
1174 {
1175 hwaddr start_addr = section->offset_within_address_space;
1176 uint16_t section_index = phys_section_add(&d->map, section);
1177 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1178 TARGET_PAGE_BITS));
1179
1180 assert(num_pages);
1181 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1182 }
1183
1184 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1185 {
1186 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1187 AddressSpaceDispatch *d = as->next_dispatch;
1188 MemoryRegionSection now = *section, remain = *section;
1189 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1190
1191 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1192 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1193 - now.offset_within_address_space;
1194
1195 now.size = int128_min(int128_make64(left), now.size);
1196 register_subpage(d, &now);
1197 } else {
1198 now.size = int128_zero();
1199 }
1200 while (int128_ne(remain.size, now.size)) {
1201 remain.size = int128_sub(remain.size, now.size);
1202 remain.offset_within_address_space += int128_get64(now.size);
1203 remain.offset_within_region += int128_get64(now.size);
1204 now = remain;
1205 if (int128_lt(remain.size, page_size)) {
1206 register_subpage(d, &now);
1207 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1208 now.size = page_size;
1209 register_subpage(d, &now);
1210 } else {
1211 now.size = int128_and(now.size, int128_neg(page_size));
1212 register_multipage(d, &now);
1213 }
1214 }
1215 }
1216
1217 void qemu_flush_coalesced_mmio_buffer(void)
1218 {
1219 if (kvm_enabled())
1220 kvm_flush_coalesced_mmio_buffer();
1221 }
1222
1223 void qemu_mutex_lock_ramlist(void)
1224 {
1225 qemu_mutex_lock(&ram_list.mutex);
1226 }
1227
1228 void qemu_mutex_unlock_ramlist(void)
1229 {
1230 qemu_mutex_unlock(&ram_list.mutex);
1231 }
1232
1233 #ifdef __linux__
1234 static void *file_ram_alloc(RAMBlock *block,
1235 ram_addr_t memory,
1236 const char *path,
1237 Error **errp)
1238 {
1239 bool unlink_on_error = false;
1240 char *filename;
1241 char *sanitized_name;
1242 char *c;
1243 void *area;
1244 int fd = -1;
1245 int64_t page_size;
1246
1247 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1248 error_setg(errp,
1249 "host lacks kvm mmu notifiers, -mem-path unsupported");
1250 return NULL;
1251 }
1252
1253 for (;;) {
1254 fd = open(path, O_RDWR);
1255 if (fd >= 0) {
1256 /* @path names an existing file, use it */
1257 break;
1258 }
1259 if (errno == ENOENT) {
1260 /* @path names a file that doesn't exist, create it */
1261 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1262 if (fd >= 0) {
1263 unlink_on_error = true;
1264 break;
1265 }
1266 } else if (errno == EISDIR) {
1267 /* @path names a directory, create a file there */
1268 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1269 sanitized_name = g_strdup(memory_region_name(block->mr));
1270 for (c = sanitized_name; *c != '\0'; c++) {
1271 if (*c == '/') {
1272 *c = '_';
1273 }
1274 }
1275
1276 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1277 sanitized_name);
1278 g_free(sanitized_name);
1279
1280 fd = mkstemp(filename);
1281 if (fd >= 0) {
1282 unlink(filename);
1283 g_free(filename);
1284 break;
1285 }
1286 g_free(filename);
1287 }
1288 if (errno != EEXIST && errno != EINTR) {
1289 error_setg_errno(errp, errno,
1290 "can't open backing store %s for guest RAM",
1291 path);
1292 goto error;
1293 }
1294 /*
1295 * Try again on EINTR and EEXIST. The latter happens when
1296 * something else creates the file between our two open().
1297 */
1298 }
1299
1300 page_size = qemu_fd_getpagesize(fd);
1301 block->mr->align = page_size;
1302
1303 if (memory < page_size) {
1304 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1305 "or larger than page size 0x%" PRIx64,
1306 memory, page_size);
1307 goto error;
1308 }
1309
1310 memory = ROUND_UP(memory, page_size);
1311
1312 /*
1313 * ftruncate is not supported by hugetlbfs in older
1314 * hosts, so don't bother bailing out on errors.
1315 * If anything goes wrong with it under other filesystems,
1316 * mmap will fail.
1317 */
1318 if (ftruncate(fd, memory)) {
1319 perror("ftruncate");
1320 }
1321
1322 area = qemu_ram_mmap(fd, memory, page_size, block->flags & RAM_SHARED);
1323 if (area == MAP_FAILED) {
1324 error_setg_errno(errp, errno,
1325 "unable to map backing store for guest RAM");
1326 goto error;
1327 }
1328
1329 if (mem_prealloc) {
1330 os_mem_prealloc(fd, area, memory);
1331 }
1332
1333 block->fd = fd;
1334 return area;
1335
1336 error:
1337 if (unlink_on_error) {
1338 unlink(path);
1339 }
1340 if (fd != -1) {
1341 close(fd);
1342 }
1343 return NULL;
1344 }
1345 #endif
1346
1347 /* Called with the ramlist lock held. */
1348 static ram_addr_t find_ram_offset(ram_addr_t size)
1349 {
1350 RAMBlock *block, *next_block;
1351 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1352
1353 assert(size != 0); /* it would hand out same offset multiple times */
1354
1355 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1356 return 0;
1357 }
1358
1359 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1360 ram_addr_t end, next = RAM_ADDR_MAX;
1361
1362 end = block->offset + block->max_length;
1363
1364 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1365 if (next_block->offset >= end) {
1366 next = MIN(next, next_block->offset);
1367 }
1368 }
1369 if (next - end >= size && next - end < mingap) {
1370 offset = end;
1371 mingap = next - end;
1372 }
1373 }
1374
1375 if (offset == RAM_ADDR_MAX) {
1376 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1377 (uint64_t)size);
1378 abort();
1379 }
1380
1381 return offset;
1382 }
1383
1384 ram_addr_t last_ram_offset(void)
1385 {
1386 RAMBlock *block;
1387 ram_addr_t last = 0;
1388
1389 rcu_read_lock();
1390 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1391 last = MAX(last, block->offset + block->max_length);
1392 }
1393 rcu_read_unlock();
1394 return last;
1395 }
1396
1397 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1398 {
1399 int ret;
1400
1401 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1402 if (!machine_dump_guest_core(current_machine)) {
1403 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1404 if (ret) {
1405 perror("qemu_madvise");
1406 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1407 "but dump_guest_core=off specified\n");
1408 }
1409 }
1410 }
1411
1412 /* Called within an RCU critical section, or while the ramlist lock
1413 * is held.
1414 */
1415 static RAMBlock *find_ram_block(ram_addr_t addr)
1416 {
1417 RAMBlock *block;
1418
1419 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1420 if (block->offset == addr) {
1421 return block;
1422 }
1423 }
1424
1425 return NULL;
1426 }
1427
1428 const char *qemu_ram_get_idstr(RAMBlock *rb)
1429 {
1430 return rb->idstr;
1431 }
1432
1433 /* Called with iothread lock held. */
1434 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1435 {
1436 RAMBlock *new_block, *block;
1437
1438 rcu_read_lock();
1439 new_block = find_ram_block(addr);
1440 assert(new_block);
1441 assert(!new_block->idstr[0]);
1442
1443 if (dev) {
1444 char *id = qdev_get_dev_path(dev);
1445 if (id) {
1446 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1447 g_free(id);
1448 }
1449 }
1450 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1451
1452 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1453 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1454 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1455 new_block->idstr);
1456 abort();
1457 }
1458 }
1459 rcu_read_unlock();
1460 }
1461
1462 /* Called with iothread lock held. */
1463 void qemu_ram_unset_idstr(ram_addr_t addr)
1464 {
1465 RAMBlock *block;
1466
1467 /* FIXME: arch_init.c assumes that this is not called throughout
1468 * migration. Ignore the problem since hot-unplug during migration
1469 * does not work anyway.
1470 */
1471
1472 rcu_read_lock();
1473 block = find_ram_block(addr);
1474 if (block) {
1475 memset(block->idstr, 0, sizeof(block->idstr));
1476 }
1477 rcu_read_unlock();
1478 }
1479
1480 static int memory_try_enable_merging(void *addr, size_t len)
1481 {
1482 if (!machine_mem_merge(current_machine)) {
1483 /* disabled by the user */
1484 return 0;
1485 }
1486
1487 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1488 }
1489
1490 /* Only legal before guest might have detected the memory size: e.g. on
1491 * incoming migration, or right after reset.
1492 *
1493 * As memory core doesn't know how is memory accessed, it is up to
1494 * resize callback to update device state and/or add assertions to detect
1495 * misuse, if necessary.
1496 */
1497 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1498 {
1499 RAMBlock *block = find_ram_block(base);
1500
1501 assert(block);
1502
1503 newsize = HOST_PAGE_ALIGN(newsize);
1504
1505 if (block->used_length == newsize) {
1506 return 0;
1507 }
1508
1509 if (!(block->flags & RAM_RESIZEABLE)) {
1510 error_setg_errno(errp, EINVAL,
1511 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1512 " in != 0x" RAM_ADDR_FMT, block->idstr,
1513 newsize, block->used_length);
1514 return -EINVAL;
1515 }
1516
1517 if (block->max_length < newsize) {
1518 error_setg_errno(errp, EINVAL,
1519 "Length too large: %s: 0x" RAM_ADDR_FMT
1520 " > 0x" RAM_ADDR_FMT, block->idstr,
1521 newsize, block->max_length);
1522 return -EINVAL;
1523 }
1524
1525 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1526 block->used_length = newsize;
1527 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1528 DIRTY_CLIENTS_ALL);
1529 memory_region_set_size(block->mr, newsize);
1530 if (block->resized) {
1531 block->resized(block->idstr, newsize, block->host);
1532 }
1533 return 0;
1534 }
1535
1536 /* Called with ram_list.mutex held */
1537 static void dirty_memory_extend(ram_addr_t old_ram_size,
1538 ram_addr_t new_ram_size)
1539 {
1540 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1541 DIRTY_MEMORY_BLOCK_SIZE);
1542 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1543 DIRTY_MEMORY_BLOCK_SIZE);
1544 int i;
1545
1546 /* Only need to extend if block count increased */
1547 if (new_num_blocks <= old_num_blocks) {
1548 return;
1549 }
1550
1551 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1552 DirtyMemoryBlocks *old_blocks;
1553 DirtyMemoryBlocks *new_blocks;
1554 int j;
1555
1556 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1557 new_blocks = g_malloc(sizeof(*new_blocks) +
1558 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1559
1560 if (old_num_blocks) {
1561 memcpy(new_blocks->blocks, old_blocks->blocks,
1562 old_num_blocks * sizeof(old_blocks->blocks[0]));
1563 }
1564
1565 for (j = old_num_blocks; j < new_num_blocks; j++) {
1566 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1567 }
1568
1569 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1570
1571 if (old_blocks) {
1572 g_free_rcu(old_blocks, rcu);
1573 }
1574 }
1575 }
1576
1577 static void ram_block_add(RAMBlock *new_block, Error **errp)
1578 {
1579 RAMBlock *block;
1580 RAMBlock *last_block = NULL;
1581 ram_addr_t old_ram_size, new_ram_size;
1582 Error *err = NULL;
1583
1584 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1585
1586 qemu_mutex_lock_ramlist();
1587 new_block->offset = find_ram_offset(new_block->max_length);
1588
1589 if (!new_block->host) {
1590 if (xen_enabled()) {
1591 xen_ram_alloc(new_block->offset, new_block->max_length,
1592 new_block->mr, &err);
1593 if (err) {
1594 error_propagate(errp, err);
1595 qemu_mutex_unlock_ramlist();
1596 return;
1597 }
1598 } else {
1599 new_block->host = phys_mem_alloc(new_block->max_length,
1600 &new_block->mr->align);
1601 if (!new_block->host) {
1602 error_setg_errno(errp, errno,
1603 "cannot set up guest memory '%s'",
1604 memory_region_name(new_block->mr));
1605 qemu_mutex_unlock_ramlist();
1606 return;
1607 }
1608 memory_try_enable_merging(new_block->host, new_block->max_length);
1609 }
1610 }
1611
1612 new_ram_size = MAX(old_ram_size,
1613 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1614 if (new_ram_size > old_ram_size) {
1615 migration_bitmap_extend(old_ram_size, new_ram_size);
1616 dirty_memory_extend(old_ram_size, new_ram_size);
1617 }
1618 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1619 * QLIST (which has an RCU-friendly variant) does not have insertion at
1620 * tail, so save the last element in last_block.
1621 */
1622 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1623 last_block = block;
1624 if (block->max_length < new_block->max_length) {
1625 break;
1626 }
1627 }
1628 if (block) {
1629 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1630 } else if (last_block) {
1631 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1632 } else { /* list is empty */
1633 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1634 }
1635 ram_list.mru_block = NULL;
1636
1637 /* Write list before version */
1638 smp_wmb();
1639 ram_list.version++;
1640 qemu_mutex_unlock_ramlist();
1641
1642 cpu_physical_memory_set_dirty_range(new_block->offset,
1643 new_block->used_length,
1644 DIRTY_CLIENTS_ALL);
1645
1646 if (new_block->host) {
1647 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1648 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1649 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1650 if (kvm_enabled()) {
1651 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1652 }
1653 }
1654 }
1655
1656 #ifdef __linux__
1657 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1658 bool share, const char *mem_path,
1659 Error **errp)
1660 {
1661 RAMBlock *new_block;
1662 Error *local_err = NULL;
1663
1664 if (xen_enabled()) {
1665 error_setg(errp, "-mem-path not supported with Xen");
1666 return NULL;
1667 }
1668
1669 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1670 /*
1671 * file_ram_alloc() needs to allocate just like
1672 * phys_mem_alloc, but we haven't bothered to provide
1673 * a hook there.
1674 */
1675 error_setg(errp,
1676 "-mem-path not supported with this accelerator");
1677 return NULL;
1678 }
1679
1680 size = HOST_PAGE_ALIGN(size);
1681 new_block = g_malloc0(sizeof(*new_block));
1682 new_block->mr = mr;
1683 new_block->used_length = size;
1684 new_block->max_length = size;
1685 new_block->flags = share ? RAM_SHARED : 0;
1686 new_block->host = file_ram_alloc(new_block, size,
1687 mem_path, errp);
1688 if (!new_block->host) {
1689 g_free(new_block);
1690 return NULL;
1691 }
1692
1693 ram_block_add(new_block, &local_err);
1694 if (local_err) {
1695 g_free(new_block);
1696 error_propagate(errp, local_err);
1697 return NULL;
1698 }
1699 return new_block;
1700 }
1701 #endif
1702
1703 static
1704 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1705 void (*resized)(const char*,
1706 uint64_t length,
1707 void *host),
1708 void *host, bool resizeable,
1709 MemoryRegion *mr, Error **errp)
1710 {
1711 RAMBlock *new_block;
1712 Error *local_err = NULL;
1713
1714 size = HOST_PAGE_ALIGN(size);
1715 max_size = HOST_PAGE_ALIGN(max_size);
1716 new_block = g_malloc0(sizeof(*new_block));
1717 new_block->mr = mr;
1718 new_block->resized = resized;
1719 new_block->used_length = size;
1720 new_block->max_length = max_size;
1721 assert(max_size >= size);
1722 new_block->fd = -1;
1723 new_block->host = host;
1724 if (host) {
1725 new_block->flags |= RAM_PREALLOC;
1726 }
1727 if (resizeable) {
1728 new_block->flags |= RAM_RESIZEABLE;
1729 }
1730 ram_block_add(new_block, &local_err);
1731 if (local_err) {
1732 g_free(new_block);
1733 error_propagate(errp, local_err);
1734 return NULL;
1735 }
1736 return new_block;
1737 }
1738
1739 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1740 MemoryRegion *mr, Error **errp)
1741 {
1742 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1743 }
1744
1745 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1746 {
1747 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1748 }
1749
1750 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1751 void (*resized)(const char*,
1752 uint64_t length,
1753 void *host),
1754 MemoryRegion *mr, Error **errp)
1755 {
1756 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1757 }
1758
1759 static void reclaim_ramblock(RAMBlock *block)
1760 {
1761 if (block->flags & RAM_PREALLOC) {
1762 ;
1763 } else if (xen_enabled()) {
1764 xen_invalidate_map_cache_entry(block->host);
1765 #ifndef _WIN32
1766 } else if (block->fd >= 0) {
1767 qemu_ram_munmap(block->host, block->max_length);
1768 close(block->fd);
1769 #endif
1770 } else {
1771 qemu_anon_ram_free(block->host, block->max_length);
1772 }
1773 g_free(block);
1774 }
1775
1776 void qemu_ram_free(RAMBlock *block)
1777 {
1778 if (!block) {
1779 return;
1780 }
1781
1782 qemu_mutex_lock_ramlist();
1783 QLIST_REMOVE_RCU(block, next);
1784 ram_list.mru_block = NULL;
1785 /* Write list before version */
1786 smp_wmb();
1787 ram_list.version++;
1788 call_rcu(block, reclaim_ramblock, rcu);
1789 qemu_mutex_unlock_ramlist();
1790 }
1791
1792 #ifndef _WIN32
1793 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1794 {
1795 RAMBlock *block;
1796 ram_addr_t offset;
1797 int flags;
1798 void *area, *vaddr;
1799
1800 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1801 offset = addr - block->offset;
1802 if (offset < block->max_length) {
1803 vaddr = ramblock_ptr(block, offset);
1804 if (block->flags & RAM_PREALLOC) {
1805 ;
1806 } else if (xen_enabled()) {
1807 abort();
1808 } else {
1809 flags = MAP_FIXED;
1810 if (block->fd >= 0) {
1811 flags |= (block->flags & RAM_SHARED ?
1812 MAP_SHARED : MAP_PRIVATE);
1813 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1814 flags, block->fd, offset);
1815 } else {
1816 /*
1817 * Remap needs to match alloc. Accelerators that
1818 * set phys_mem_alloc never remap. If they did,
1819 * we'd need a remap hook here.
1820 */
1821 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1822
1823 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1824 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1825 flags, -1, 0);
1826 }
1827 if (area != vaddr) {
1828 fprintf(stderr, "Could not remap addr: "
1829 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1830 length, addr);
1831 exit(1);
1832 }
1833 memory_try_enable_merging(vaddr, length);
1834 qemu_ram_setup_dump(vaddr, length);
1835 }
1836 }
1837 }
1838 }
1839 #endif /* !_WIN32 */
1840
1841 int qemu_get_ram_fd(ram_addr_t addr)
1842 {
1843 RAMBlock *block;
1844 int fd;
1845
1846 rcu_read_lock();
1847 block = qemu_get_ram_block(addr);
1848 fd = block->fd;
1849 rcu_read_unlock();
1850 return fd;
1851 }
1852
1853 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1854 {
1855 RAMBlock *block;
1856
1857 rcu_read_lock();
1858 block = qemu_get_ram_block(addr);
1859 block->fd = fd;
1860 rcu_read_unlock();
1861 }
1862
1863 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1864 {
1865 RAMBlock *block;
1866 void *ptr;
1867
1868 rcu_read_lock();
1869 block = qemu_get_ram_block(addr);
1870 ptr = ramblock_ptr(block, 0);
1871 rcu_read_unlock();
1872 return ptr;
1873 }
1874
1875 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1876 * This should not be used for general purpose DMA. Use address_space_map
1877 * or address_space_rw instead. For local memory (e.g. video ram) that the
1878 * device owns, use memory_region_get_ram_ptr.
1879 *
1880 * Called within RCU critical section.
1881 */
1882 void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1883 {
1884 RAMBlock *block = ram_block;
1885
1886 if (block == NULL) {
1887 block = qemu_get_ram_block(addr);
1888 }
1889
1890 if (xen_enabled() && block->host == NULL) {
1891 /* We need to check if the requested address is in the RAM
1892 * because we don't want to map the entire memory in QEMU.
1893 * In that case just map until the end of the page.
1894 */
1895 if (block->offset == 0) {
1896 return xen_map_cache(addr, 0, 0);
1897 }
1898
1899 block->host = xen_map_cache(block->offset, block->max_length, 1);
1900 }
1901 return ramblock_ptr(block, addr - block->offset);
1902 }
1903
1904 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1905 * but takes a size argument.
1906 *
1907 * Called within RCU critical section.
1908 */
1909 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1910 hwaddr *size)
1911 {
1912 RAMBlock *block = ram_block;
1913 ram_addr_t offset_inside_block;
1914 if (*size == 0) {
1915 return NULL;
1916 }
1917
1918 if (block == NULL) {
1919 block = qemu_get_ram_block(addr);
1920 }
1921 offset_inside_block = addr - block->offset;
1922 *size = MIN(*size, block->max_length - offset_inside_block);
1923
1924 if (xen_enabled() && block->host == NULL) {
1925 /* We need to check if the requested address is in the RAM
1926 * because we don't want to map the entire memory in QEMU.
1927 * In that case just map the requested area.
1928 */
1929 if (block->offset == 0) {
1930 return xen_map_cache(addr, *size, 1);
1931 }
1932
1933 block->host = xen_map_cache(block->offset, block->max_length, 1);
1934 }
1935
1936 return ramblock_ptr(block, offset_inside_block);
1937 }
1938
1939 /*
1940 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1941 * in that RAMBlock.
1942 *
1943 * ptr: Host pointer to look up
1944 * round_offset: If true round the result offset down to a page boundary
1945 * *ram_addr: set to result ram_addr
1946 * *offset: set to result offset within the RAMBlock
1947 *
1948 * Returns: RAMBlock (or NULL if not found)
1949 *
1950 * By the time this function returns, the returned pointer is not protected
1951 * by RCU anymore. If the caller is not within an RCU critical section and
1952 * does not hold the iothread lock, it must have other means of protecting the
1953 * pointer, such as a reference to the region that includes the incoming
1954 * ram_addr_t.
1955 */
1956 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1957 ram_addr_t *ram_addr,
1958 ram_addr_t *offset)
1959 {
1960 RAMBlock *block;
1961 uint8_t *host = ptr;
1962
1963 if (xen_enabled()) {
1964 rcu_read_lock();
1965 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1966 block = qemu_get_ram_block(*ram_addr);
1967 if (block) {
1968 *offset = (host - block->host);
1969 }
1970 rcu_read_unlock();
1971 return block;
1972 }
1973
1974 rcu_read_lock();
1975 block = atomic_rcu_read(&ram_list.mru_block);
1976 if (block && block->host && host - block->host < block->max_length) {
1977 goto found;
1978 }
1979
1980 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1981 /* This case append when the block is not mapped. */
1982 if (block->host == NULL) {
1983 continue;
1984 }
1985 if (host - block->host < block->max_length) {
1986 goto found;
1987 }
1988 }
1989
1990 rcu_read_unlock();
1991 return NULL;
1992
1993 found:
1994 *offset = (host - block->host);
1995 if (round_offset) {
1996 *offset &= TARGET_PAGE_MASK;
1997 }
1998 *ram_addr = block->offset + *offset;
1999 rcu_read_unlock();
2000 return block;
2001 }
2002
2003 /*
2004 * Finds the named RAMBlock
2005 *
2006 * name: The name of RAMBlock to find
2007 *
2008 * Returns: RAMBlock (or NULL if not found)
2009 */
2010 RAMBlock *qemu_ram_block_by_name(const char *name)
2011 {
2012 RAMBlock *block;
2013
2014 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
2015 if (!strcmp(name, block->idstr)) {
2016 return block;
2017 }
2018 }
2019
2020 return NULL;
2021 }
2022
2023 /* Some of the softmmu routines need to translate from a host pointer
2024 (typically a TLB entry) back to a ram offset. */
2025 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2026 {
2027 RAMBlock *block;
2028 ram_addr_t offset; /* Not used */
2029
2030 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
2031
2032 if (!block) {
2033 return NULL;
2034 }
2035
2036 return block->mr;
2037 }
2038
2039 /* Called within RCU critical section. */
2040 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
2041 uint64_t val, unsigned size)
2042 {
2043 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
2044 tb_invalidate_phys_page_fast(ram_addr, size);
2045 }
2046 switch (size) {
2047 case 1:
2048 stb_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2049 break;
2050 case 2:
2051 stw_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2052 break;
2053 case 4:
2054 stl_p(qemu_get_ram_ptr(NULL, ram_addr), val);
2055 break;
2056 default:
2057 abort();
2058 }
2059 /* Set both VGA and migration bits for simplicity and to remove
2060 * the notdirty callback faster.
2061 */
2062 cpu_physical_memory_set_dirty_range(ram_addr, size,
2063 DIRTY_CLIENTS_NOCODE);
2064 /* we remove the notdirty callback only if the code has been
2065 flushed */
2066 if (!cpu_physical_memory_is_clean(ram_addr)) {
2067 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2068 }
2069 }
2070
2071 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2072 unsigned size, bool is_write)
2073 {
2074 return is_write;
2075 }
2076
2077 static const MemoryRegionOps notdirty_mem_ops = {
2078 .write = notdirty_mem_write,
2079 .valid.accepts = notdirty_mem_accepts,
2080 .endianness = DEVICE_NATIVE_ENDIAN,
2081 };
2082
2083 /* Generate a debug exception if a watchpoint has been hit. */
2084 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2085 {
2086 CPUState *cpu = current_cpu;
2087 CPUClass *cc = CPU_GET_CLASS(cpu);
2088 CPUArchState *env = cpu->env_ptr;
2089 target_ulong pc, cs_base;
2090 target_ulong vaddr;
2091 CPUWatchpoint *wp;
2092 uint32_t cpu_flags;
2093
2094 if (cpu->watchpoint_hit) {
2095 /* We re-entered the check after replacing the TB. Now raise
2096 * the debug interrupt so that is will trigger after the
2097 * current instruction. */
2098 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2099 return;
2100 }
2101 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2102 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2103 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2104 && (wp->flags & flags)) {
2105 if (flags == BP_MEM_READ) {
2106 wp->flags |= BP_WATCHPOINT_HIT_READ;
2107 } else {
2108 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2109 }
2110 wp->hitaddr = vaddr;
2111 wp->hitattrs = attrs;
2112 if (!cpu->watchpoint_hit) {
2113 if (wp->flags & BP_CPU &&
2114 !cc->debug_check_watchpoint(cpu, wp)) {
2115 wp->flags &= ~BP_WATCHPOINT_HIT;
2116 continue;
2117 }
2118 cpu->watchpoint_hit = wp;
2119 tb_check_watchpoint(cpu);
2120 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2121 cpu->exception_index = EXCP_DEBUG;
2122 cpu_loop_exit(cpu);
2123 } else {
2124 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2125 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2126 cpu_resume_from_signal(cpu, NULL);
2127 }
2128 }
2129 } else {
2130 wp->flags &= ~BP_WATCHPOINT_HIT;
2131 }
2132 }
2133 }
2134
2135 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2136 so these check for a hit then pass through to the normal out-of-line
2137 phys routines. */
2138 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2139 unsigned size, MemTxAttrs attrs)
2140 {
2141 MemTxResult res;
2142 uint64_t data;
2143 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2144 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2145
2146 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2147 switch (size) {
2148 case 1:
2149 data = address_space_ldub(as, addr, attrs, &res);
2150 break;
2151 case 2:
2152 data = address_space_lduw(as, addr, attrs, &res);
2153 break;
2154 case 4:
2155 data = address_space_ldl(as, addr, attrs, &res);
2156 break;
2157 default: abort();
2158 }
2159 *pdata = data;
2160 return res;
2161 }
2162
2163 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2164 uint64_t val, unsigned size,
2165 MemTxAttrs attrs)
2166 {
2167 MemTxResult res;
2168 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2169 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2170
2171 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2172 switch (size) {
2173 case 1:
2174 address_space_stb(as, addr, val, attrs, &res);
2175 break;
2176 case 2:
2177 address_space_stw(as, addr, val, attrs, &res);
2178 break;
2179 case 4:
2180 address_space_stl(as, addr, val, attrs, &res);
2181 break;
2182 default: abort();
2183 }
2184 return res;
2185 }
2186
2187 static const MemoryRegionOps watch_mem_ops = {
2188 .read_with_attrs = watch_mem_read,
2189 .write_with_attrs = watch_mem_write,
2190 .endianness = DEVICE_NATIVE_ENDIAN,
2191 };
2192
2193 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2194 unsigned len, MemTxAttrs attrs)
2195 {
2196 subpage_t *subpage = opaque;
2197 uint8_t buf[8];
2198 MemTxResult res;
2199
2200 #if defined(DEBUG_SUBPAGE)
2201 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2202 subpage, len, addr);
2203 #endif
2204 res = address_space_read(subpage->as, addr + subpage->base,
2205 attrs, buf, len);
2206 if (res) {
2207 return res;
2208 }
2209 switch (len) {
2210 case 1:
2211 *data = ldub_p(buf);
2212 return MEMTX_OK;
2213 case 2:
2214 *data = lduw_p(buf);
2215 return MEMTX_OK;
2216 case 4:
2217 *data = ldl_p(buf);
2218 return MEMTX_OK;
2219 case 8:
2220 *data = ldq_p(buf);
2221 return MEMTX_OK;
2222 default:
2223 abort();
2224 }
2225 }
2226
2227 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2228 uint64_t value, unsigned len, MemTxAttrs attrs)
2229 {
2230 subpage_t *subpage = opaque;
2231 uint8_t buf[8];
2232
2233 #if defined(DEBUG_SUBPAGE)
2234 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2235 " value %"PRIx64"\n",
2236 __func__, subpage, len, addr, value);
2237 #endif
2238 switch (len) {
2239 case 1:
2240 stb_p(buf, value);
2241 break;
2242 case 2:
2243 stw_p(buf, value);
2244 break;
2245 case 4:
2246 stl_p(buf, value);
2247 break;
2248 case 8:
2249 stq_p(buf, value);
2250 break;
2251 default:
2252 abort();
2253 }
2254 return address_space_write(subpage->as, addr + subpage->base,
2255 attrs, buf, len);
2256 }
2257
2258 static bool subpage_accepts(void *opaque, hwaddr addr,
2259 unsigned len, bool is_write)
2260 {
2261 subpage_t *subpage = opaque;
2262 #if defined(DEBUG_SUBPAGE)
2263 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2264 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2265 #endif
2266
2267 return address_space_access_valid(subpage->as, addr + subpage->base,
2268 len, is_write);
2269 }
2270
2271 static const MemoryRegionOps subpage_ops = {
2272 .read_with_attrs = subpage_read,
2273 .write_with_attrs = subpage_write,
2274 .impl.min_access_size = 1,
2275 .impl.max_access_size = 8,
2276 .valid.min_access_size = 1,
2277 .valid.max_access_size = 8,
2278 .valid.accepts = subpage_accepts,
2279 .endianness = DEVICE_NATIVE_ENDIAN,
2280 };
2281
2282 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2283 uint16_t section)
2284 {
2285 int idx, eidx;
2286
2287 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2288 return -1;
2289 idx = SUBPAGE_IDX(start);
2290 eidx = SUBPAGE_IDX(end);
2291 #if defined(DEBUG_SUBPAGE)
2292 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2293 __func__, mmio, start, end, idx, eidx, section);
2294 #endif
2295 for (; idx <= eidx; idx++) {
2296 mmio->sub_section[idx] = section;
2297 }
2298
2299 return 0;
2300 }
2301
2302 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2303 {
2304 subpage_t *mmio;
2305
2306 mmio = g_malloc0(sizeof(subpage_t));
2307
2308 mmio->as = as;
2309 mmio->base = base;
2310 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2311 NULL, TARGET_PAGE_SIZE);
2312 mmio->iomem.subpage = true;
2313 #if defined(DEBUG_SUBPAGE)
2314 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2315 mmio, base, TARGET_PAGE_SIZE);
2316 #endif
2317 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2318
2319 return mmio;
2320 }
2321
2322 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2323 MemoryRegion *mr)
2324 {
2325 assert(as);
2326 MemoryRegionSection section = {
2327 .address_space = as,
2328 .mr = mr,
2329 .offset_within_address_space = 0,
2330 .offset_within_region = 0,
2331 .size = int128_2_64(),
2332 };
2333
2334 return phys_section_add(map, &section);
2335 }
2336
2337 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2338 {
2339 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2340 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2341 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2342 MemoryRegionSection *sections = d->map.sections;
2343
2344 return sections[index & ~TARGET_PAGE_MASK].mr;
2345 }
2346
2347 static void io_mem_init(void)
2348 {
2349 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2350 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2351 NULL, UINT64_MAX);
2352 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2353 NULL, UINT64_MAX);
2354 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2355 NULL, UINT64_MAX);
2356 }
2357
2358 static void mem_begin(MemoryListener *listener)
2359 {
2360 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2361 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2362 uint16_t n;
2363
2364 n = dummy_section(&d->map, as, &io_mem_unassigned);
2365 assert(n == PHYS_SECTION_UNASSIGNED);
2366 n = dummy_section(&d->map, as, &io_mem_notdirty);
2367 assert(n == PHYS_SECTION_NOTDIRTY);
2368 n = dummy_section(&d->map, as, &io_mem_rom);
2369 assert(n == PHYS_SECTION_ROM);
2370 n = dummy_section(&d->map, as, &io_mem_watch);
2371 assert(n == PHYS_SECTION_WATCH);
2372
2373 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2374 d->as = as;
2375 as->next_dispatch = d;
2376 }
2377
2378 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2379 {
2380 phys_sections_free(&d->map);
2381 g_free(d);
2382 }
2383
2384 static void mem_commit(MemoryListener *listener)
2385 {
2386 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2387 AddressSpaceDispatch *cur = as->dispatch;
2388 AddressSpaceDispatch *next = as->next_dispatch;
2389
2390 phys_page_compact_all(next, next->map.nodes_nb);
2391
2392 atomic_rcu_set(&as->dispatch, next);
2393 if (cur) {
2394 call_rcu(cur, address_space_dispatch_free, rcu);
2395 }
2396 }
2397
2398 static void tcg_commit(MemoryListener *listener)
2399 {
2400 CPUAddressSpace *cpuas;
2401 AddressSpaceDispatch *d;
2402
2403 /* since each CPU stores ram addresses in its TLB cache, we must
2404 reset the modified entries */
2405 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2406 cpu_reloading_memory_map();
2407 /* The CPU and TLB are protected by the iothread lock.
2408 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2409 * may have split the RCU critical section.
2410 */
2411 d = atomic_rcu_read(&cpuas->as->dispatch);
2412 cpuas->memory_dispatch = d;
2413 tlb_flush(cpuas->cpu, 1);
2414 }
2415
2416 void address_space_init_dispatch(AddressSpace *as)
2417 {
2418 as->dispatch = NULL;
2419 as->dispatch_listener = (MemoryListener) {
2420 .begin = mem_begin,
2421 .commit = mem_commit,
2422 .region_add = mem_add,
2423 .region_nop = mem_add,
2424 .priority = 0,
2425 };
2426 memory_listener_register(&as->dispatch_listener, as);
2427 }
2428
2429 void address_space_unregister(AddressSpace *as)
2430 {
2431 memory_listener_unregister(&as->dispatch_listener);
2432 }
2433
2434 void address_space_destroy_dispatch(AddressSpace *as)
2435 {
2436 AddressSpaceDispatch *d = as->dispatch;
2437
2438 atomic_rcu_set(&as->dispatch, NULL);
2439 if (d) {
2440 call_rcu(d, address_space_dispatch_free, rcu);
2441 }
2442 }
2443
2444 static void memory_map_init(void)
2445 {
2446 system_memory = g_malloc(sizeof(*system_memory));
2447
2448 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2449 address_space_init(&address_space_memory, system_memory, "memory");
2450
2451 system_io = g_malloc(sizeof(*system_io));
2452 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2453 65536);
2454 address_space_init(&address_space_io, system_io, "I/O");
2455 }
2456
2457 MemoryRegion *get_system_memory(void)
2458 {
2459 return system_memory;
2460 }
2461
2462 MemoryRegion *get_system_io(void)
2463 {
2464 return system_io;
2465 }
2466
2467 #endif /* !defined(CONFIG_USER_ONLY) */
2468
2469 /* physical memory access (slow version, mainly for debug) */
2470 #if defined(CONFIG_USER_ONLY)
2471 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2472 uint8_t *buf, int len, int is_write)
2473 {
2474 int l, flags;
2475 target_ulong page;
2476 void * p;
2477
2478 while (len > 0) {
2479 page = addr & TARGET_PAGE_MASK;
2480 l = (page + TARGET_PAGE_SIZE) - addr;
2481 if (l > len)
2482 l = len;
2483 flags = page_get_flags(page);
2484 if (!(flags & PAGE_VALID))
2485 return -1;
2486 if (is_write) {
2487 if (!(flags & PAGE_WRITE))
2488 return -1;
2489 /* XXX: this code should not depend on lock_user */
2490 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2491 return -1;
2492 memcpy(p, buf, l);
2493 unlock_user(p, addr, l);
2494 } else {
2495 if (!(flags & PAGE_READ))
2496 return -1;
2497 /* XXX: this code should not depend on lock_user */
2498 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2499 return -1;
2500 memcpy(buf, p, l);
2501 unlock_user(p, addr, 0);
2502 }
2503 len -= l;
2504 buf += l;
2505 addr += l;
2506 }
2507 return 0;
2508 }
2509
2510 #else
2511
2512 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2513 hwaddr length)
2514 {
2515 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2516 /* No early return if dirty_log_mask is or becomes 0, because
2517 * cpu_physical_memory_set_dirty_range will still call
2518 * xen_modified_memory.
2519 */
2520 if (dirty_log_mask) {
2521 dirty_log_mask =
2522 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2523 }
2524 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2525 tb_invalidate_phys_range(addr, addr + length);
2526 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2527 }
2528 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2529 }
2530
2531 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2532 {
2533 unsigned access_size_max = mr->ops->valid.max_access_size;
2534
2535 /* Regions are assumed to support 1-4 byte accesses unless
2536 otherwise specified. */
2537 if (access_size_max == 0) {
2538 access_size_max = 4;
2539 }
2540
2541 /* Bound the maximum access by the alignment of the address. */
2542 if (!mr->ops->impl.unaligned) {
2543 unsigned align_size_max = addr & -addr;
2544 if (align_size_max != 0 && align_size_max < access_size_max) {
2545 access_size_max = align_size_max;
2546 }
2547 }
2548
2549 /* Don't attempt accesses larger than the maximum. */
2550 if (l > access_size_max) {
2551 l = access_size_max;
2552 }
2553 l = pow2floor(l);
2554
2555 return l;
2556 }
2557
2558 static bool prepare_mmio_access(MemoryRegion *mr)
2559 {
2560 bool unlocked = !qemu_mutex_iothread_locked();
2561 bool release_lock = false;
2562
2563 if (unlocked && mr->global_locking) {
2564 qemu_mutex_lock_iothread();
2565 unlocked = false;
2566 release_lock = true;
2567 }
2568 if (mr->flush_coalesced_mmio) {
2569 if (unlocked) {
2570 qemu_mutex_lock_iothread();
2571 }
2572 qemu_flush_coalesced_mmio_buffer();
2573 if (unlocked) {
2574 qemu_mutex_unlock_iothread();
2575 }
2576 }
2577
2578 return release_lock;
2579 }
2580
2581 /* Called within RCU critical section. */
2582 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2583 MemTxAttrs attrs,
2584 const uint8_t *buf,
2585 int len, hwaddr addr1,
2586 hwaddr l, MemoryRegion *mr)
2587 {
2588 uint8_t *ptr;
2589 uint64_t val;
2590 MemTxResult result = MEMTX_OK;
2591 bool release_lock = false;
2592
2593 for (;;) {
2594 if (!memory_access_is_direct(mr, true)) {
2595 release_lock |= prepare_mmio_access(mr);
2596 l = memory_access_size(mr, l, addr1);
2597 /* XXX: could force current_cpu to NULL to avoid
2598 potential bugs */
2599 switch (l) {
2600 case 8:
2601 /* 64 bit write access */
2602 val = ldq_p(buf);
2603 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2604 attrs);
2605 break;
2606 case 4:
2607 /* 32 bit write access */
2608 val = ldl_p(buf);
2609 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2610 attrs);
2611 break;
2612 case 2:
2613 /* 16 bit write access */
2614 val = lduw_p(buf);
2615 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2616 attrs);
2617 break;
2618 case 1:
2619 /* 8 bit write access */
2620 val = ldub_p(buf);
2621 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2622 attrs);
2623 break;
2624 default:
2625 abort();
2626 }
2627 } else {
2628 addr1 += memory_region_get_ram_addr(mr);
2629 /* RAM case */
2630 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2631 memcpy(ptr, buf, l);
2632 invalidate_and_set_dirty(mr, addr1, l);
2633 }
2634
2635 if (release_lock) {
2636 qemu_mutex_unlock_iothread();
2637 release_lock = false;
2638 }
2639
2640 len -= l;
2641 buf += l;
2642 addr += l;
2643
2644 if (!len) {
2645 break;
2646 }
2647
2648 l = len;
2649 mr = address_space_translate(as, addr, &addr1, &l, true);
2650 }
2651
2652 return result;
2653 }
2654
2655 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2656 const uint8_t *buf, int len)
2657 {
2658 hwaddr l;
2659 hwaddr addr1;
2660 MemoryRegion *mr;
2661 MemTxResult result = MEMTX_OK;
2662
2663 if (len > 0) {
2664 rcu_read_lock();
2665 l = len;
2666 mr = address_space_translate(as, addr, &addr1, &l, true);
2667 result = address_space_write_continue(as, addr, attrs, buf, len,
2668 addr1, l, mr);
2669 rcu_read_unlock();
2670 }
2671
2672 return result;
2673 }
2674
2675 /* Called within RCU critical section. */
2676 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2677 MemTxAttrs attrs, uint8_t *buf,
2678 int len, hwaddr addr1, hwaddr l,
2679 MemoryRegion *mr)
2680 {
2681 uint8_t *ptr;
2682 uint64_t val;
2683 MemTxResult result = MEMTX_OK;
2684 bool release_lock = false;
2685
2686 for (;;) {
2687 if (!memory_access_is_direct(mr, false)) {
2688 /* I/O case */
2689 release_lock |= prepare_mmio_access(mr);
2690 l = memory_access_size(mr, l, addr1);
2691 switch (l) {
2692 case 8:
2693 /* 64 bit read access */
2694 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2695 attrs);
2696 stq_p(buf, val);
2697 break;
2698 case 4:
2699 /* 32 bit read access */
2700 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2701 attrs);
2702 stl_p(buf, val);
2703 break;
2704 case 2:
2705 /* 16 bit read access */
2706 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2707 attrs);
2708 stw_p(buf, val);
2709 break;
2710 case 1:
2711 /* 8 bit read access */
2712 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2713 attrs);
2714 stb_p(buf, val);
2715 break;
2716 default:
2717 abort();
2718 }
2719 } else {
2720 /* RAM case */
2721 ptr = qemu_get_ram_ptr(mr->ram_block,
2722 memory_region_get_ram_addr(mr) + addr1);
2723 memcpy(buf, ptr, l);
2724 }
2725
2726 if (release_lock) {
2727 qemu_mutex_unlock_iothread();
2728 release_lock = false;
2729 }
2730
2731 len -= l;
2732 buf += l;
2733 addr += l;
2734
2735 if (!len) {
2736 break;
2737 }
2738
2739 l = len;
2740 mr = address_space_translate(as, addr, &addr1, &l, false);
2741 }
2742
2743 return result;
2744 }
2745
2746 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2747 MemTxAttrs attrs, uint8_t *buf, int len)
2748 {
2749 hwaddr l;
2750 hwaddr addr1;
2751 MemoryRegion *mr;
2752 MemTxResult result = MEMTX_OK;
2753
2754 if (len > 0) {
2755 rcu_read_lock();
2756 l = len;
2757 mr = address_space_translate(as, addr, &addr1, &l, false);
2758 result = address_space_read_continue(as, addr, attrs, buf, len,
2759 addr1, l, mr);
2760 rcu_read_unlock();
2761 }
2762
2763 return result;
2764 }
2765
2766 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2767 uint8_t *buf, int len, bool is_write)
2768 {
2769 if (is_write) {
2770 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2771 } else {
2772 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2773 }
2774 }
2775
2776 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2777 int len, int is_write)
2778 {
2779 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2780 buf, len, is_write);
2781 }
2782
2783 enum write_rom_type {
2784 WRITE_DATA,
2785 FLUSH_CACHE,
2786 };
2787
2788 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2789 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2790 {
2791 hwaddr l;
2792 uint8_t *ptr;
2793 hwaddr addr1;
2794 MemoryRegion *mr;
2795
2796 rcu_read_lock();
2797 while (len > 0) {
2798 l = len;
2799 mr = address_space_translate(as, addr, &addr1, &l, true);
2800
2801 if (!(memory_region_is_ram(mr) ||
2802 memory_region_is_romd(mr))) {
2803 l = memory_access_size(mr, l, addr1);
2804 } else {
2805 addr1 += memory_region_get_ram_addr(mr);
2806 /* ROM/RAM case */
2807 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
2808 switch (type) {
2809 case WRITE_DATA:
2810 memcpy(ptr, buf, l);
2811 invalidate_and_set_dirty(mr, addr1, l);
2812 break;
2813 case FLUSH_CACHE:
2814 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2815 break;
2816 }
2817 }
2818 len -= l;
2819 buf += l;
2820 addr += l;
2821 }
2822 rcu_read_unlock();
2823 }
2824
2825 /* used for ROM loading : can write in RAM and ROM */
2826 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2827 const uint8_t *buf, int len)
2828 {
2829 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2830 }
2831
2832 void cpu_flush_icache_range(hwaddr start, int len)
2833 {
2834 /*
2835 * This function should do the same thing as an icache flush that was
2836 * triggered from within the guest. For TCG we are always cache coherent,
2837 * so there is no need to flush anything. For KVM / Xen we need to flush
2838 * the host's instruction cache at least.
2839 */
2840 if (tcg_enabled()) {
2841 return;
2842 }
2843
2844 cpu_physical_memory_write_rom_internal(&address_space_memory,
2845 start, NULL, len, FLUSH_CACHE);
2846 }
2847
2848 typedef struct {
2849 MemoryRegion *mr;
2850 void *buffer;
2851 hwaddr addr;
2852 hwaddr len;
2853 bool in_use;
2854 } BounceBuffer;
2855
2856 static BounceBuffer bounce;
2857
2858 typedef struct MapClient {
2859 QEMUBH *bh;
2860 QLIST_ENTRY(MapClient) link;
2861 } MapClient;
2862
2863 QemuMutex map_client_list_lock;
2864 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2865 = QLIST_HEAD_INITIALIZER(map_client_list);
2866
2867 static void cpu_unregister_map_client_do(MapClient *client)
2868 {
2869 QLIST_REMOVE(client, link);
2870 g_free(client);
2871 }
2872
2873 static void cpu_notify_map_clients_locked(void)
2874 {
2875 MapClient *client;
2876
2877 while (!QLIST_EMPTY(&map_client_list)) {
2878 client = QLIST_FIRST(&map_client_list);
2879 qemu_bh_schedule(client->bh);
2880 cpu_unregister_map_client_do(client);
2881 }
2882 }
2883
2884 void cpu_register_map_client(QEMUBH *bh)
2885 {
2886 MapClient *client = g_malloc(sizeof(*client));
2887
2888 qemu_mutex_lock(&map_client_list_lock);
2889 client->bh = bh;
2890 QLIST_INSERT_HEAD(&map_client_list, client, link);
2891 if (!atomic_read(&bounce.in_use)) {
2892 cpu_notify_map_clients_locked();
2893 }
2894 qemu_mutex_unlock(&map_client_list_lock);
2895 }
2896
2897 void cpu_exec_init_all(void)
2898 {
2899 qemu_mutex_init(&ram_list.mutex);
2900 io_mem_init();
2901 memory_map_init();
2902 qemu_mutex_init(&map_client_list_lock);
2903 }
2904
2905 void cpu_unregister_map_client(QEMUBH *bh)
2906 {
2907 MapClient *client;
2908
2909 qemu_mutex_lock(&map_client_list_lock);
2910 QLIST_FOREACH(client, &map_client_list, link) {
2911 if (client->bh == bh) {
2912 cpu_unregister_map_client_do(client);
2913 break;
2914 }
2915 }
2916 qemu_mutex_unlock(&map_client_list_lock);
2917 }
2918
2919 static void cpu_notify_map_clients(void)
2920 {
2921 qemu_mutex_lock(&map_client_list_lock);
2922 cpu_notify_map_clients_locked();
2923 qemu_mutex_unlock(&map_client_list_lock);
2924 }
2925
2926 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2927 {
2928 MemoryRegion *mr;
2929 hwaddr l, xlat;
2930
2931 rcu_read_lock();
2932 while (len > 0) {
2933 l = len;
2934 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2935 if (!memory_access_is_direct(mr, is_write)) {
2936 l = memory_access_size(mr, l, addr);
2937 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2938 return false;
2939 }
2940 }
2941
2942 len -= l;
2943 addr += l;
2944 }
2945 rcu_read_unlock();
2946 return true;
2947 }
2948
2949 /* Map a physical memory region into a host virtual address.
2950 * May map a subset of the requested range, given by and returned in *plen.
2951 * May return NULL if resources needed to perform the mapping are exhausted.
2952 * Use only for reads OR writes - not for read-modify-write operations.
2953 * Use cpu_register_map_client() to know when retrying the map operation is
2954 * likely to succeed.
2955 */
2956 void *address_space_map(AddressSpace *as,
2957 hwaddr addr,
2958 hwaddr *plen,
2959 bool is_write)
2960 {
2961 hwaddr len = *plen;
2962 hwaddr done = 0;
2963 hwaddr l, xlat, base;
2964 MemoryRegion *mr, *this_mr;
2965 ram_addr_t raddr;
2966 void *ptr;
2967
2968 if (len == 0) {
2969 return NULL;
2970 }
2971
2972 l = len;
2973 rcu_read_lock();
2974 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2975
2976 if (!memory_access_is_direct(mr, is_write)) {
2977 if (atomic_xchg(&bounce.in_use, true)) {
2978 rcu_read_unlock();
2979 return NULL;
2980 }
2981 /* Avoid unbounded allocations */
2982 l = MIN(l, TARGET_PAGE_SIZE);
2983 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2984 bounce.addr = addr;
2985 bounce.len = l;
2986
2987 memory_region_ref(mr);
2988 bounce.mr = mr;
2989 if (!is_write) {
2990 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2991 bounce.buffer, l);
2992 }
2993
2994 rcu_read_unlock();
2995 *plen = l;
2996 return bounce.buffer;
2997 }
2998
2999 base = xlat;
3000 raddr = memory_region_get_ram_addr(mr);
3001
3002 for (;;) {
3003 len -= l;
3004 addr += l;
3005 done += l;
3006 if (len == 0) {
3007 break;
3008 }
3009
3010 l = len;
3011 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
3012 if (this_mr != mr || xlat != base + done) {
3013 break;
3014 }
3015 }
3016
3017 memory_region_ref(mr);
3018 *plen = done;
3019 ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
3020 rcu_read_unlock();
3021
3022 return ptr;
3023 }
3024
3025 /* Unmaps a memory region previously mapped by address_space_map().
3026 * Will also mark the memory as dirty if is_write == 1. access_len gives
3027 * the amount of memory that was actually read or written by the caller.
3028 */
3029 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3030 int is_write, hwaddr access_len)
3031 {
3032 if (buffer != bounce.buffer) {
3033 MemoryRegion *mr;
3034 ram_addr_t addr1;
3035
3036 mr = qemu_ram_addr_from_host(buffer, &addr1);
3037 assert(mr != NULL);
3038 if (is_write) {
3039 invalidate_and_set_dirty(mr, addr1, access_len);
3040 }
3041 if (xen_enabled()) {
3042 xen_invalidate_map_cache_entry(buffer);
3043 }
3044 memory_region_unref(mr);
3045 return;
3046 }
3047 if (is_write) {
3048 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
3049 bounce.buffer, access_len);
3050 }
3051 qemu_vfree(bounce.buffer);
3052 bounce.buffer = NULL;
3053 memory_region_unref(bounce.mr);
3054 atomic_mb_set(&bounce.in_use, false);
3055 cpu_notify_map_clients();
3056 }
3057
3058 void *cpu_physical_memory_map(hwaddr addr,
3059 hwaddr *plen,
3060 int is_write)
3061 {
3062 return address_space_map(&address_space_memory, addr, plen, is_write);
3063 }
3064
3065 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3066 int is_write, hwaddr access_len)
3067 {
3068 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3069 }
3070
3071 /* warning: addr must be aligned */
3072 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3073 MemTxAttrs attrs,
3074 MemTxResult *result,
3075 enum device_endian endian)
3076 {
3077 uint8_t *ptr;
3078 uint64_t val;
3079 MemoryRegion *mr;
3080 hwaddr l = 4;
3081 hwaddr addr1;
3082 MemTxResult r;
3083 bool release_lock = false;
3084
3085 rcu_read_lock();
3086 mr = address_space_translate(as, addr, &addr1, &l, false);
3087 if (l < 4 || !memory_access_is_direct(mr, false)) {
3088 release_lock |= prepare_mmio_access(mr);
3089
3090 /* I/O case */
3091 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3092 #if defined(TARGET_WORDS_BIGENDIAN)
3093 if (endian == DEVICE_LITTLE_ENDIAN) {
3094 val = bswap32(val);
3095 }
3096 #else
3097 if (endian == DEVICE_BIG_ENDIAN) {
3098 val = bswap32(val);
3099 }
3100 #endif
3101 } else {
3102 /* RAM case */
3103 ptr = qemu_get_ram_ptr(mr->ram_block,
3104 (memory_region_get_ram_addr(mr)
3105 & TARGET_PAGE_MASK)
3106 + addr1);
3107 switch (endian) {
3108 case DEVICE_LITTLE_ENDIAN:
3109 val = ldl_le_p(ptr);
3110 break;
3111 case DEVICE_BIG_ENDIAN:
3112 val = ldl_be_p(ptr);
3113 break;
3114 default:
3115 val = ldl_p(ptr);
3116 break;
3117 }
3118 r = MEMTX_OK;
3119 }
3120 if (result) {
3121 *result = r;
3122 }
3123 if (release_lock) {
3124 qemu_mutex_unlock_iothread();
3125 }
3126 rcu_read_unlock();
3127 return val;
3128 }
3129
3130 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3131 MemTxAttrs attrs, MemTxResult *result)
3132 {
3133 return address_space_ldl_internal(as, addr, attrs, result,
3134 DEVICE_NATIVE_ENDIAN);
3135 }
3136
3137 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3138 MemTxAttrs attrs, MemTxResult *result)
3139 {
3140 return address_space_ldl_internal(as, addr, attrs, result,
3141 DEVICE_LITTLE_ENDIAN);
3142 }
3143
3144 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3145 MemTxAttrs attrs, MemTxResult *result)
3146 {
3147 return address_space_ldl_internal(as, addr, attrs, result,
3148 DEVICE_BIG_ENDIAN);
3149 }
3150
3151 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3152 {
3153 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3154 }
3155
3156 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3157 {
3158 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3159 }
3160
3161 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3162 {
3163 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3164 }
3165
3166 /* warning: addr must be aligned */
3167 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3168 MemTxAttrs attrs,
3169 MemTxResult *result,
3170 enum device_endian endian)
3171 {
3172 uint8_t *ptr;
3173 uint64_t val;
3174 MemoryRegion *mr;
3175 hwaddr l = 8;
3176 hwaddr addr1;
3177 MemTxResult r;
3178 bool release_lock = false;
3179
3180 rcu_read_lock();
3181 mr = address_space_translate(as, addr, &addr1, &l,
3182 false);
3183 if (l < 8 || !memory_access_is_direct(mr, false)) {
3184 release_lock |= prepare_mmio_access(mr);
3185
3186 /* I/O case */
3187 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3188 #if defined(TARGET_WORDS_BIGENDIAN)
3189 if (endian == DEVICE_LITTLE_ENDIAN) {
3190 val = bswap64(val);
3191 }
3192 #else
3193 if (endian == DEVICE_BIG_ENDIAN) {
3194 val = bswap64(val);
3195 }
3196 #endif
3197 } else {
3198 /* RAM case */
3199 ptr = qemu_get_ram_ptr(mr->ram_block,
3200 (memory_region_get_ram_addr(mr)
3201 & TARGET_PAGE_MASK)
3202 + addr1);
3203 switch (endian) {
3204 case DEVICE_LITTLE_ENDIAN:
3205 val = ldq_le_p(ptr);
3206 break;
3207 case DEVICE_BIG_ENDIAN:
3208 val = ldq_be_p(ptr);
3209 break;
3210 default:
3211 val = ldq_p(ptr);
3212 break;
3213 }
3214 r = MEMTX_OK;
3215 }
3216 if (result) {
3217 *result = r;
3218 }
3219 if (release_lock) {
3220 qemu_mutex_unlock_iothread();
3221 }
3222 rcu_read_unlock();
3223 return val;
3224 }
3225
3226 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3227 MemTxAttrs attrs, MemTxResult *result)
3228 {
3229 return address_space_ldq_internal(as, addr, attrs, result,
3230 DEVICE_NATIVE_ENDIAN);
3231 }
3232
3233 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3234 MemTxAttrs attrs, MemTxResult *result)
3235 {
3236 return address_space_ldq_internal(as, addr, attrs, result,
3237 DEVICE_LITTLE_ENDIAN);
3238 }
3239
3240 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3241 MemTxAttrs attrs, MemTxResult *result)
3242 {
3243 return address_space_ldq_internal(as, addr, attrs, result,
3244 DEVICE_BIG_ENDIAN);
3245 }
3246
3247 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3248 {
3249 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3250 }
3251
3252 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3253 {
3254 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3255 }
3256
3257 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3258 {
3259 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3260 }
3261
3262 /* XXX: optimize */
3263 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3264 MemTxAttrs attrs, MemTxResult *result)
3265 {
3266 uint8_t val;
3267 MemTxResult r;
3268
3269 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3270 if (result) {
3271 *result = r;
3272 }
3273 return val;
3274 }
3275
3276 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3277 {
3278 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3279 }
3280
3281 /* warning: addr must be aligned */
3282 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3283 hwaddr addr,
3284 MemTxAttrs attrs,
3285 MemTxResult *result,
3286 enum device_endian endian)
3287 {
3288 uint8_t *ptr;
3289 uint64_t val;
3290 MemoryRegion *mr;
3291 hwaddr l = 2;
3292 hwaddr addr1;
3293 MemTxResult r;
3294 bool release_lock = false;
3295
3296 rcu_read_lock();
3297 mr = address_space_translate(as, addr, &addr1, &l,
3298 false);
3299 if (l < 2 || !memory_access_is_direct(mr, false)) {
3300 release_lock |= prepare_mmio_access(mr);
3301
3302 /* I/O case */
3303 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3304 #if defined(TARGET_WORDS_BIGENDIAN)
3305 if (endian == DEVICE_LITTLE_ENDIAN) {
3306 val = bswap16(val);
3307 }
3308 #else
3309 if (endian == DEVICE_BIG_ENDIAN) {
3310 val = bswap16(val);
3311 }
3312 #endif
3313 } else {
3314 /* RAM case */
3315 ptr = qemu_get_ram_ptr(mr->ram_block,
3316 (memory_region_get_ram_addr(mr)
3317 & TARGET_PAGE_MASK)
3318 + addr1);
3319 switch (endian) {
3320 case DEVICE_LITTLE_ENDIAN:
3321 val = lduw_le_p(ptr);
3322 break;
3323 case DEVICE_BIG_ENDIAN:
3324 val = lduw_be_p(ptr);
3325 break;
3326 default:
3327 val = lduw_p(ptr);
3328 break;
3329 }
3330 r = MEMTX_OK;
3331 }
3332 if (result) {
3333 *result = r;
3334 }
3335 if (release_lock) {
3336 qemu_mutex_unlock_iothread();
3337 }
3338 rcu_read_unlock();
3339 return val;
3340 }
3341
3342 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3343 MemTxAttrs attrs, MemTxResult *result)
3344 {
3345 return address_space_lduw_internal(as, addr, attrs, result,
3346 DEVICE_NATIVE_ENDIAN);
3347 }
3348
3349 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3350 MemTxAttrs attrs, MemTxResult *result)
3351 {
3352 return address_space_lduw_internal(as, addr, attrs, result,
3353 DEVICE_LITTLE_ENDIAN);
3354 }
3355
3356 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3357 MemTxAttrs attrs, MemTxResult *result)
3358 {
3359 return address_space_lduw_internal(as, addr, attrs, result,
3360 DEVICE_BIG_ENDIAN);
3361 }
3362
3363 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3364 {
3365 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3366 }
3367
3368 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3369 {
3370 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3371 }
3372
3373 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3374 {
3375 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3376 }
3377
3378 /* warning: addr must be aligned. The ram page is not masked as dirty
3379 and the code inside is not invalidated. It is useful if the dirty
3380 bits are used to track modified PTEs */
3381 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3382 MemTxAttrs attrs, MemTxResult *result)
3383 {
3384 uint8_t *ptr;
3385 MemoryRegion *mr;
3386 hwaddr l = 4;
3387 hwaddr addr1;
3388 MemTxResult r;
3389 uint8_t dirty_log_mask;
3390 bool release_lock = false;
3391
3392 rcu_read_lock();
3393 mr = address_space_translate(as, addr, &addr1, &l,
3394 true);
3395 if (l < 4 || !memory_access_is_direct(mr, true)) {
3396 release_lock |= prepare_mmio_access(mr);
3397
3398 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3399 } else {
3400 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3401 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3402 stl_p(ptr, val);
3403
3404 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3405 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3406 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3407 r = MEMTX_OK;
3408 }
3409 if (result) {
3410 *result = r;
3411 }
3412 if (release_lock) {
3413 qemu_mutex_unlock_iothread();
3414 }
3415 rcu_read_unlock();
3416 }
3417
3418 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3419 {
3420 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3421 }
3422
3423 /* warning: addr must be aligned */
3424 static inline void address_space_stl_internal(AddressSpace *as,
3425 hwaddr addr, uint32_t val,
3426 MemTxAttrs attrs,
3427 MemTxResult *result,
3428 enum device_endian endian)
3429 {
3430 uint8_t *ptr;
3431 MemoryRegion *mr;
3432 hwaddr l = 4;
3433 hwaddr addr1;
3434 MemTxResult r;
3435 bool release_lock = false;
3436
3437 rcu_read_lock();
3438 mr = address_space_translate(as, addr, &addr1, &l,
3439 true);
3440 if (l < 4 || !memory_access_is_direct(mr, true)) {
3441 release_lock |= prepare_mmio_access(mr);
3442
3443 #if defined(TARGET_WORDS_BIGENDIAN)
3444 if (endian == DEVICE_LITTLE_ENDIAN) {
3445 val = bswap32(val);
3446 }
3447 #else
3448 if (endian == DEVICE_BIG_ENDIAN) {
3449 val = bswap32(val);
3450 }
3451 #endif
3452 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3453 } else {
3454 /* RAM case */
3455 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3456 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3457 switch (endian) {
3458 case DEVICE_LITTLE_ENDIAN:
3459 stl_le_p(ptr, val);
3460 break;
3461 case DEVICE_BIG_ENDIAN:
3462 stl_be_p(ptr, val);
3463 break;
3464 default:
3465 stl_p(ptr, val);
3466 break;
3467 }
3468 invalidate_and_set_dirty(mr, addr1, 4);
3469 r = MEMTX_OK;
3470 }
3471 if (result) {
3472 *result = r;
3473 }
3474 if (release_lock) {
3475 qemu_mutex_unlock_iothread();
3476 }
3477 rcu_read_unlock();
3478 }
3479
3480 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3481 MemTxAttrs attrs, MemTxResult *result)
3482 {
3483 address_space_stl_internal(as, addr, val, attrs, result,
3484 DEVICE_NATIVE_ENDIAN);
3485 }
3486
3487 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3488 MemTxAttrs attrs, MemTxResult *result)
3489 {
3490 address_space_stl_internal(as, addr, val, attrs, result,
3491 DEVICE_LITTLE_ENDIAN);
3492 }
3493
3494 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3495 MemTxAttrs attrs, MemTxResult *result)
3496 {
3497 address_space_stl_internal(as, addr, val, attrs, result,
3498 DEVICE_BIG_ENDIAN);
3499 }
3500
3501 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3502 {
3503 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3504 }
3505
3506 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3507 {
3508 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3509 }
3510
3511 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3512 {
3513 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3514 }
3515
3516 /* XXX: optimize */
3517 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3518 MemTxAttrs attrs, MemTxResult *result)
3519 {
3520 uint8_t v = val;
3521 MemTxResult r;
3522
3523 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3524 if (result) {
3525 *result = r;
3526 }
3527 }
3528
3529 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3530 {
3531 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3532 }
3533
3534 /* warning: addr must be aligned */
3535 static inline void address_space_stw_internal(AddressSpace *as,
3536 hwaddr addr, uint32_t val,
3537 MemTxAttrs attrs,
3538 MemTxResult *result,
3539 enum device_endian endian)
3540 {
3541 uint8_t *ptr;
3542 MemoryRegion *mr;
3543 hwaddr l = 2;
3544 hwaddr addr1;
3545 MemTxResult r;
3546 bool release_lock = false;
3547
3548 rcu_read_lock();
3549 mr = address_space_translate(as, addr, &addr1, &l, true);
3550 if (l < 2 || !memory_access_is_direct(mr, true)) {
3551 release_lock |= prepare_mmio_access(mr);
3552
3553 #if defined(TARGET_WORDS_BIGENDIAN)
3554 if (endian == DEVICE_LITTLE_ENDIAN) {
3555 val = bswap16(val);
3556 }
3557 #else
3558 if (endian == DEVICE_BIG_ENDIAN) {
3559 val = bswap16(val);
3560 }
3561 #endif
3562 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3563 } else {
3564 /* RAM case */
3565 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3566 ptr = qemu_get_ram_ptr(mr->ram_block, addr1);
3567 switch (endian) {
3568 case DEVICE_LITTLE_ENDIAN:
3569 stw_le_p(ptr, val);
3570 break;
3571 case DEVICE_BIG_ENDIAN:
3572 stw_be_p(ptr, val);
3573 break;
3574 default:
3575 stw_p(ptr, val);
3576 break;
3577 }
3578 invalidate_and_set_dirty(mr, addr1, 2);
3579 r = MEMTX_OK;
3580 }
3581 if (result) {
3582 *result = r;
3583 }
3584 if (release_lock) {
3585 qemu_mutex_unlock_iothread();
3586 }
3587 rcu_read_unlock();
3588 }
3589
3590 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3591 MemTxAttrs attrs, MemTxResult *result)
3592 {
3593 address_space_stw_internal(as, addr, val, attrs, result,
3594 DEVICE_NATIVE_ENDIAN);
3595 }
3596
3597 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3598 MemTxAttrs attrs, MemTxResult *result)
3599 {
3600 address_space_stw_internal(as, addr, val, attrs, result,
3601 DEVICE_LITTLE_ENDIAN);
3602 }
3603
3604 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3605 MemTxAttrs attrs, MemTxResult *result)
3606 {
3607 address_space_stw_internal(as, addr, val, attrs, result,
3608 DEVICE_BIG_ENDIAN);
3609 }
3610
3611 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3612 {
3613 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3614 }
3615
3616 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3617 {
3618 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3619 }
3620
3621 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3622 {
3623 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3624 }
3625
3626 /* XXX: optimize */
3627 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3628 MemTxAttrs attrs, MemTxResult *result)
3629 {
3630 MemTxResult r;
3631 val = tswap64(val);
3632 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3633 if (result) {
3634 *result = r;
3635 }
3636 }
3637
3638 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3639 MemTxAttrs attrs, MemTxResult *result)
3640 {
3641 MemTxResult r;
3642 val = cpu_to_le64(val);
3643 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3644 if (result) {
3645 *result = r;
3646 }
3647 }
3648 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3649 MemTxAttrs attrs, MemTxResult *result)
3650 {
3651 MemTxResult r;
3652 val = cpu_to_be64(val);
3653 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3654 if (result) {
3655 *result = r;
3656 }
3657 }
3658
3659 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3660 {
3661 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3662 }
3663
3664 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3665 {
3666 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3667 }
3668
3669 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3670 {
3671 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3672 }
3673
3674 /* virtual memory access for debug (includes writing to ROM) */
3675 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3676 uint8_t *buf, int len, int is_write)
3677 {
3678 int l;
3679 hwaddr phys_addr;
3680 target_ulong page;
3681
3682 while (len > 0) {
3683 int asidx;
3684 MemTxAttrs attrs;
3685
3686 page = addr & TARGET_PAGE_MASK;
3687 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3688 asidx = cpu_asidx_from_attrs(cpu, attrs);
3689 /* if no physical page mapped, return an error */
3690 if (phys_addr == -1)
3691 return -1;
3692 l = (page + TARGET_PAGE_SIZE) - addr;
3693 if (l > len)
3694 l = len;
3695 phys_addr += (addr & ~TARGET_PAGE_MASK);
3696 if (is_write) {
3697 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3698 phys_addr, buf, l);
3699 } else {
3700 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3701 MEMTXATTRS_UNSPECIFIED,
3702 buf, l, 0);
3703 }
3704 len -= l;
3705 buf += l;
3706 addr += l;
3707 }
3708 return 0;
3709 }
3710
3711 /*
3712 * Allows code that needs to deal with migration bitmaps etc to still be built
3713 * target independent.
3714 */
3715 size_t qemu_target_page_bits(void)
3716 {
3717 return TARGET_PAGE_BITS;
3718 }
3719
3720 #endif
3721
3722 /*
3723 * A helper function for the _utterly broken_ virtio device model to find out if
3724 * it's running on a big endian machine. Don't do this at home kids!
3725 */
3726 bool target_words_bigendian(void);
3727 bool target_words_bigendian(void)
3728 {
3729 #if defined(TARGET_WORDS_BIGENDIAN)
3730 return true;
3731 #else
3732 return false;
3733 #endif
3734 }
3735
3736 #ifndef CONFIG_USER_ONLY
3737 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3738 {
3739 MemoryRegion*mr;
3740 hwaddr l = 1;
3741 bool res;
3742
3743 rcu_read_lock();
3744 mr = address_space_translate(&address_space_memory,
3745 phys_addr, &phys_addr, &l, false);
3746
3747 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3748 rcu_read_unlock();
3749 return res;
3750 }
3751
3752 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3753 {
3754 RAMBlock *block;
3755 int ret = 0;
3756
3757 rcu_read_lock();
3758 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3759 ret = func(block->idstr, block->host, block->offset,
3760 block->used_length, opaque);
3761 if (ret) {
3762 break;
3763 }
3764 }
3765 rcu_read_unlock();
3766 return ret;
3767 }
3768 #endif
QEMU mirror