]> git.proxmox.com Git - qemu.git/blob - exec.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
-no-fd-bootchk option (Lonnie Mendez)
[qemu.git] / exec.c
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20 #include "config.h"
21 #ifdef _WIN32
22 #include <windows.h>
23 #else
24 #include <sys/types.h>
25 #include <sys/mman.h>
26 #endif
27 #include <stdlib.h>
28 #include <stdio.h>
29 #include <stdarg.h>
30 #include <string.h>
31 #include <errno.h>
32 #include <unistd.h>
33 #include <inttypes.h>
34
35 #include "cpu.h"
36 #include "exec-all.h"
37 #if defined(CONFIG_USER_ONLY)
38 #include <qemu.h>
39 #endif
40
41 //#define DEBUG_TB_INVALIDATE
42 //#define DEBUG_FLUSH
43 //#define DEBUG_TLB
44
45 /* make various TB consistency checks */
46 //#define DEBUG_TB_CHECK
47 //#define DEBUG_TLB_CHECK
48
49 #if !defined(CONFIG_USER_ONLY)
50 /* TB consistency checks only implemented for usermode emulation. */
51 #undef DEBUG_TB_CHECK
52 #endif
53
54 /* threshold to flush the translated code buffer */
55 #define CODE_GEN_BUFFER_MAX_SIZE (CODE_GEN_BUFFER_SIZE - CODE_GEN_MAX_SIZE)
56
57 #define SMC_BITMAP_USE_THRESHOLD 10
58
59 #define MMAP_AREA_START 0x00000000
60 #define MMAP_AREA_END 0xa8000000
61
62 #if defined(TARGET_SPARC64)
63 #define TARGET_PHYS_ADDR_SPACE_BITS 41
64 #elif defined(TARGET_PPC64)
65 #define TARGET_PHYS_ADDR_SPACE_BITS 42
66 #else
67 /* Note: for compatibility with kqemu, we use 32 bits for x86_64 */
68 #define TARGET_PHYS_ADDR_SPACE_BITS 32
69 #endif
70
71 TranslationBlock tbs[CODE_GEN_MAX_BLOCKS];
72 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
73 int nb_tbs;
74 /* any access to the tbs or the page table must use this lock */
75 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
76
77 uint8_t code_gen_buffer[CODE_GEN_BUFFER_SIZE] __attribute__((aligned (32)));
78 uint8_t *code_gen_ptr;
79
80 int phys_ram_size;
81 int phys_ram_fd;
82 uint8_t *phys_ram_base;
83 uint8_t *phys_ram_dirty;
84
85 CPUState *first_cpu;
86 /* current CPU in the current thread. It is only valid inside
87 cpu_exec() */
88 CPUState *cpu_single_env;
89
90 typedef struct PageDesc {
91 /* list of TBs intersecting this ram page */
92 TranslationBlock *first_tb;
93 /* in order to optimize self modifying code, we count the number
94 of lookups we do to a given page to use a bitmap */
95 unsigned int code_write_count;
96 uint8_t *code_bitmap;
97 #if defined(CONFIG_USER_ONLY)
98 unsigned long flags;
99 #endif
100 } PageDesc;
101
102 typedef struct PhysPageDesc {
103 /* offset in host memory of the page + io_index in the low 12 bits */
104 uint32_t phys_offset;
105 } PhysPageDesc;
106
107 #define L2_BITS 10
108 #define L1_BITS (32 - L2_BITS - TARGET_PAGE_BITS)
109
110 #define L1_SIZE (1 << L1_BITS)
111 #define L2_SIZE (1 << L2_BITS)
112
113 static void io_mem_init(void);
114
115 unsigned long qemu_real_host_page_size;
116 unsigned long qemu_host_page_bits;
117 unsigned long qemu_host_page_size;
118 unsigned long qemu_host_page_mask;
119
120 /* XXX: for system emulation, it could just be an array */
121 static PageDesc *l1_map[L1_SIZE];
122 PhysPageDesc **l1_phys_map;
123
124 /* io memory support */
125 CPUWriteMemoryFunc *io_mem_write[IO_MEM_NB_ENTRIES][4];
126 CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
127 void *io_mem_opaque[IO_MEM_NB_ENTRIES];
128 static int io_mem_nb;
129
130 /* log support */
131 char *logfilename = "/tmp/qemu.log";
132 FILE *logfile;
133 int loglevel;
134
135 /* statistics */
136 static int tlb_flush_count;
137 static int tb_flush_count;
138 static int tb_phys_invalidate_count;
139
140 static void page_init(void)
141 {
142 /* NOTE: we can always suppose that qemu_host_page_size >=
143 TARGET_PAGE_SIZE */
144 #ifdef _WIN32
145 {
146 SYSTEM_INFO system_info;
147 DWORD old_protect;
148
149 GetSystemInfo(&system_info);
150 qemu_real_host_page_size = system_info.dwPageSize;
151
152 VirtualProtect(code_gen_buffer, sizeof(code_gen_buffer),
153 PAGE_EXECUTE_READWRITE, &old_protect);
154 }
155 #else
156 qemu_real_host_page_size = getpagesize();
157 {
158 unsigned long start, end;
159
160 start = (unsigned long)code_gen_buffer;
161 start &= ~(qemu_real_host_page_size - 1);
162
163 end = (unsigned long)code_gen_buffer + sizeof(code_gen_buffer);
164 end += qemu_real_host_page_size - 1;
165 end &= ~(qemu_real_host_page_size - 1);
166
167 mprotect((void *)start, end - start,
168 PROT_READ | PROT_WRITE | PROT_EXEC);
169 }
170 #endif
171
172 if (qemu_host_page_size == 0)
173 qemu_host_page_size = qemu_real_host_page_size;
174 if (qemu_host_page_size < TARGET_PAGE_SIZE)
175 qemu_host_page_size = TARGET_PAGE_SIZE;
176 qemu_host_page_bits = 0;
177 while ((1 << qemu_host_page_bits) < qemu_host_page_size)
178 qemu_host_page_bits++;
179 qemu_host_page_mask = ~(qemu_host_page_size - 1);
180 l1_phys_map = qemu_vmalloc(L1_SIZE * sizeof(void *));
181 memset(l1_phys_map, 0, L1_SIZE * sizeof(void *));
182 }
183
184 static inline PageDesc *page_find_alloc(unsigned int index)
185 {
186 PageDesc **lp, *p;
187
188 lp = &l1_map[index >> L2_BITS];
189 p = *lp;
190 if (!p) {
191 /* allocate if not found */
192 p = qemu_malloc(sizeof(PageDesc) * L2_SIZE);
193 memset(p, 0, sizeof(PageDesc) * L2_SIZE);
194 *lp = p;
195 }
196 return p + (index & (L2_SIZE - 1));
197 }
198
199 static inline PageDesc *page_find(unsigned int index)
200 {
201 PageDesc *p;
202
203 p = l1_map[index >> L2_BITS];
204 if (!p)
205 return 0;
206 return p + (index & (L2_SIZE - 1));
207 }
208
209 static PhysPageDesc *phys_page_find_alloc(target_phys_addr_t index, int alloc)
210 {
211 void **lp, **p;
212 PhysPageDesc *pd;
213
214 p = (void **)l1_phys_map;
215 #if TARGET_PHYS_ADDR_SPACE_BITS > 32
216
217 #if TARGET_PHYS_ADDR_SPACE_BITS > (32 + L1_BITS)
218 #error unsupported TARGET_PHYS_ADDR_SPACE_BITS
219 #endif
220 lp = p + ((index >> (L1_BITS + L2_BITS)) & (L1_SIZE - 1));
221 p = *lp;
222 if (!p) {
223 /* allocate if not found */
224 if (!alloc)
225 return NULL;
226 p = qemu_vmalloc(sizeof(void *) * L1_SIZE);
227 memset(p, 0, sizeof(void *) * L1_SIZE);
228 *lp = p;
229 }
230 #endif
231 lp = p + ((index >> L2_BITS) & (L1_SIZE - 1));
232 pd = *lp;
233 if (!pd) {
234 int i;
235 /* allocate if not found */
236 if (!alloc)
237 return NULL;
238 pd = qemu_vmalloc(sizeof(PhysPageDesc) * L2_SIZE);
239 *lp = pd;
240 for (i = 0; i < L2_SIZE; i++)
241 pd[i].phys_offset = IO_MEM_UNASSIGNED;
242 }
243 return ((PhysPageDesc *)pd) + (index & (L2_SIZE - 1));
244 }
245
246 static inline PhysPageDesc *phys_page_find(target_phys_addr_t index)
247 {
248 return phys_page_find_alloc(index, 0);
249 }
250
251 #if !defined(CONFIG_USER_ONLY)
252 static void tlb_protect_code(ram_addr_t ram_addr);
253 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
254 target_ulong vaddr);
255 #endif
256
257 void cpu_exec_init(CPUState *env)
258 {
259 CPUState **penv;
260 int cpu_index;
261
262 if (!code_gen_ptr) {
263 code_gen_ptr = code_gen_buffer;
264 page_init();
265 io_mem_init();
266 }
267 env->next_cpu = NULL;
268 penv = &first_cpu;
269 cpu_index = 0;
270 while (*penv != NULL) {
271 penv = (CPUState **)&(*penv)->next_cpu;
272 cpu_index++;
273 }
274 env->cpu_index = cpu_index;
275 *penv = env;
276 }
277
278 static inline void invalidate_page_bitmap(PageDesc *p)
279 {
280 if (p->code_bitmap) {
281 qemu_free(p->code_bitmap);
282 p->code_bitmap = NULL;
283 }
284 p->code_write_count = 0;
285 }
286
287 /* set to NULL all the 'first_tb' fields in all PageDescs */
288 static void page_flush_tb(void)
289 {
290 int i, j;
291 PageDesc *p;
292
293 for(i = 0; i < L1_SIZE; i++) {
294 p = l1_map[i];
295 if (p) {
296 for(j = 0; j < L2_SIZE; j++) {
297 p->first_tb = NULL;
298 invalidate_page_bitmap(p);
299 p++;
300 }
301 }
302 }
303 }
304
305 /* flush all the translation blocks */
306 /* XXX: tb_flush is currently not thread safe */
307 void tb_flush(CPUState *env1)
308 {
309 CPUState *env;
310 #if defined(DEBUG_FLUSH)
311 printf("qemu: flush code_size=%d nb_tbs=%d avg_tb_size=%d\n",
312 code_gen_ptr - code_gen_buffer,
313 nb_tbs,
314 nb_tbs > 0 ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0);
315 #endif
316 nb_tbs = 0;
317
318 for(env = first_cpu; env != NULL; env = env->next_cpu) {
319 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
320 }
321
322 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
323 page_flush_tb();
324
325 code_gen_ptr = code_gen_buffer;
326 /* XXX: flush processor icache at this point if cache flush is
327 expensive */
328 tb_flush_count++;
329 }
330
331 #ifdef DEBUG_TB_CHECK
332
333 static void tb_invalidate_check(unsigned long address)
334 {
335 TranslationBlock *tb;
336 int i;
337 address &= TARGET_PAGE_MASK;
338 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
339 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
340 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
341 address >= tb->pc + tb->size)) {
342 printf("ERROR invalidate: address=%08lx PC=%08lx size=%04x\n",
343 address, (long)tb->pc, tb->size);
344 }
345 }
346 }
347 }
348
349 /* verify that all the pages have correct rights for code */
350 static void tb_page_check(void)
351 {
352 TranslationBlock *tb;
353 int i, flags1, flags2;
354
355 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
356 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
357 flags1 = page_get_flags(tb->pc);
358 flags2 = page_get_flags(tb->pc + tb->size - 1);
359 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
360 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
361 (long)tb->pc, tb->size, flags1, flags2);
362 }
363 }
364 }
365 }
366
367 void tb_jmp_check(TranslationBlock *tb)
368 {
369 TranslationBlock *tb1;
370 unsigned int n1;
371
372 /* suppress any remaining jumps to this TB */
373 tb1 = tb->jmp_first;
374 for(;;) {
375 n1 = (long)tb1 & 3;
376 tb1 = (TranslationBlock *)((long)tb1 & ~3);
377 if (n1 == 2)
378 break;
379 tb1 = tb1->jmp_next[n1];
380 }
381 /* check end of list */
382 if (tb1 != tb) {
383 printf("ERROR: jmp_list from 0x%08lx\n", (long)tb);
384 }
385 }
386
387 #endif
388
389 /* invalidate one TB */
390 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
391 int next_offset)
392 {
393 TranslationBlock *tb1;
394 for(;;) {
395 tb1 = *ptb;
396 if (tb1 == tb) {
397 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
398 break;
399 }
400 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
401 }
402 }
403
404 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
405 {
406 TranslationBlock *tb1;
407 unsigned int n1;
408
409 for(;;) {
410 tb1 = *ptb;
411 n1 = (long)tb1 & 3;
412 tb1 = (TranslationBlock *)((long)tb1 & ~3);
413 if (tb1 == tb) {
414 *ptb = tb1->page_next[n1];
415 break;
416 }
417 ptb = &tb1->page_next[n1];
418 }
419 }
420
421 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
422 {
423 TranslationBlock *tb1, **ptb;
424 unsigned int n1;
425
426 ptb = &tb->jmp_next[n];
427 tb1 = *ptb;
428 if (tb1) {
429 /* find tb(n) in circular list */
430 for(;;) {
431 tb1 = *ptb;
432 n1 = (long)tb1 & 3;
433 tb1 = (TranslationBlock *)((long)tb1 & ~3);
434 if (n1 == n && tb1 == tb)
435 break;
436 if (n1 == 2) {
437 ptb = &tb1->jmp_first;
438 } else {
439 ptb = &tb1->jmp_next[n1];
440 }
441 }
442 /* now we can suppress tb(n) from the list */
443 *ptb = tb->jmp_next[n];
444
445 tb->jmp_next[n] = NULL;
446 }
447 }
448
449 /* reset the jump entry 'n' of a TB so that it is not chained to
450 another TB */
451 static inline void tb_reset_jump(TranslationBlock *tb, int n)
452 {
453 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
454 }
455
456 static inline void tb_phys_invalidate(TranslationBlock *tb, unsigned int page_addr)
457 {
458 CPUState *env;
459 PageDesc *p;
460 unsigned int h, n1;
461 target_ulong phys_pc;
462 TranslationBlock *tb1, *tb2;
463
464 /* remove the TB from the hash list */
465 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
466 h = tb_phys_hash_func(phys_pc);
467 tb_remove(&tb_phys_hash[h], tb,
468 offsetof(TranslationBlock, phys_hash_next));
469
470 /* remove the TB from the page list */
471 if (tb->page_addr[0] != page_addr) {
472 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
473 tb_page_remove(&p->first_tb, tb);
474 invalidate_page_bitmap(p);
475 }
476 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
477 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
478 tb_page_remove(&p->first_tb, tb);
479 invalidate_page_bitmap(p);
480 }
481
482 tb_invalidated_flag = 1;
483
484 /* remove the TB from the hash list */
485 h = tb_jmp_cache_hash_func(tb->pc);
486 for(env = first_cpu; env != NULL; env = env->next_cpu) {
487 if (env->tb_jmp_cache[h] == tb)
488 env->tb_jmp_cache[h] = NULL;
489 }
490
491 /* suppress this TB from the two jump lists */
492 tb_jmp_remove(tb, 0);
493 tb_jmp_remove(tb, 1);
494
495 /* suppress any remaining jumps to this TB */
496 tb1 = tb->jmp_first;
497 for(;;) {
498 n1 = (long)tb1 & 3;
499 if (n1 == 2)
500 break;
501 tb1 = (TranslationBlock *)((long)tb1 & ~3);
502 tb2 = tb1->jmp_next[n1];
503 tb_reset_jump(tb1, n1);
504 tb1->jmp_next[n1] = NULL;
505 tb1 = tb2;
506 }
507 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
508
509 tb_phys_invalidate_count++;
510 }
511
512 static inline void set_bits(uint8_t *tab, int start, int len)
513 {
514 int end, mask, end1;
515
516 end = start + len;
517 tab += start >> 3;
518 mask = 0xff << (start & 7);
519 if ((start & ~7) == (end & ~7)) {
520 if (start < end) {
521 mask &= ~(0xff << (end & 7));
522 *tab |= mask;
523 }
524 } else {
525 *tab++ |= mask;
526 start = (start + 8) & ~7;
527 end1 = end & ~7;
528 while (start < end1) {
529 *tab++ = 0xff;
530 start += 8;
531 }
532 if (start < end) {
533 mask = ~(0xff << (end & 7));
534 *tab |= mask;
535 }
536 }
537 }
538
539 static void build_page_bitmap(PageDesc *p)
540 {
541 int n, tb_start, tb_end;
542 TranslationBlock *tb;
543
544 p->code_bitmap = qemu_malloc(TARGET_PAGE_SIZE / 8);
545 if (!p->code_bitmap)
546 return;
547 memset(p->code_bitmap, 0, TARGET_PAGE_SIZE / 8);
548
549 tb = p->first_tb;
550 while (tb != NULL) {
551 n = (long)tb & 3;
552 tb = (TranslationBlock *)((long)tb & ~3);
553 /* NOTE: this is subtle as a TB may span two physical pages */
554 if (n == 0) {
555 /* NOTE: tb_end may be after the end of the page, but
556 it is not a problem */
557 tb_start = tb->pc & ~TARGET_PAGE_MASK;
558 tb_end = tb_start + tb->size;
559 if (tb_end > TARGET_PAGE_SIZE)
560 tb_end = TARGET_PAGE_SIZE;
561 } else {
562 tb_start = 0;
563 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
564 }
565 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
566 tb = tb->page_next[n];
567 }
568 }
569
570 #ifdef TARGET_HAS_PRECISE_SMC
571
572 static void tb_gen_code(CPUState *env,
573 target_ulong pc, target_ulong cs_base, int flags,
574 int cflags)
575 {
576 TranslationBlock *tb;
577 uint8_t *tc_ptr;
578 target_ulong phys_pc, phys_page2, virt_page2;
579 int code_gen_size;
580
581 phys_pc = get_phys_addr_code(env, pc);
582 tb = tb_alloc(pc);
583 if (!tb) {
584 /* flush must be done */
585 tb_flush(env);
586 /* cannot fail at this point */
587 tb = tb_alloc(pc);
588 }
589 tc_ptr = code_gen_ptr;
590 tb->tc_ptr = tc_ptr;
591 tb->cs_base = cs_base;
592 tb->flags = flags;
593 tb->cflags = cflags;
594 cpu_gen_code(env, tb, CODE_GEN_MAX_SIZE, &code_gen_size);
595 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
596
597 /* check next page if needed */
598 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
599 phys_page2 = -1;
600 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
601 phys_page2 = get_phys_addr_code(env, virt_page2);
602 }
603 tb_link_phys(tb, phys_pc, phys_page2);
604 }
605 #endif
606
607 /* invalidate all TBs which intersect with the target physical page
608 starting in range [start;end[. NOTE: start and end must refer to
609 the same physical page. 'is_cpu_write_access' should be true if called
610 from a real cpu write access: the virtual CPU will exit the current
611 TB if code is modified inside this TB. */
612 void tb_invalidate_phys_page_range(target_ulong start, target_ulong end,
613 int is_cpu_write_access)
614 {
615 int n, current_tb_modified, current_tb_not_found, current_flags;
616 CPUState *env = cpu_single_env;
617 PageDesc *p;
618 TranslationBlock *tb, *tb_next, *current_tb, *saved_tb;
619 target_ulong tb_start, tb_end;
620 target_ulong current_pc, current_cs_base;
621
622 p = page_find(start >> TARGET_PAGE_BITS);
623 if (!p)
624 return;
625 if (!p->code_bitmap &&
626 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
627 is_cpu_write_access) {
628 /* build code bitmap */
629 build_page_bitmap(p);
630 }
631
632 /* we remove all the TBs in the range [start, end[ */
633 /* XXX: see if in some cases it could be faster to invalidate all the code */
634 current_tb_not_found = is_cpu_write_access;
635 current_tb_modified = 0;
636 current_tb = NULL; /* avoid warning */
637 current_pc = 0; /* avoid warning */
638 current_cs_base = 0; /* avoid warning */
639 current_flags = 0; /* avoid warning */
640 tb = p->first_tb;
641 while (tb != NULL) {
642 n = (long)tb & 3;
643 tb = (TranslationBlock *)((long)tb & ~3);
644 tb_next = tb->page_next[n];
645 /* NOTE: this is subtle as a TB may span two physical pages */
646 if (n == 0) {
647 /* NOTE: tb_end may be after the end of the page, but
648 it is not a problem */
649 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
650 tb_end = tb_start + tb->size;
651 } else {
652 tb_start = tb->page_addr[1];
653 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
654 }
655 if (!(tb_end <= start || tb_start >= end)) {
656 #ifdef TARGET_HAS_PRECISE_SMC
657 if (current_tb_not_found) {
658 current_tb_not_found = 0;
659 current_tb = NULL;
660 if (env->mem_write_pc) {
661 /* now we have a real cpu fault */
662 current_tb = tb_find_pc(env->mem_write_pc);
663 }
664 }
665 if (current_tb == tb &&
666 !(current_tb->cflags & CF_SINGLE_INSN)) {
667 /* If we are modifying the current TB, we must stop
668 its execution. We could be more precise by checking
669 that the modification is after the current PC, but it
670 would require a specialized function to partially
671 restore the CPU state */
672
673 current_tb_modified = 1;
674 cpu_restore_state(current_tb, env,
675 env->mem_write_pc, NULL);
676 #if defined(TARGET_I386)
677 current_flags = env->hflags;
678 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
679 current_cs_base = (target_ulong)env->segs[R_CS].base;
680 current_pc = current_cs_base + env->eip;
681 #else
682 #error unsupported CPU
683 #endif
684 }
685 #endif /* TARGET_HAS_PRECISE_SMC */
686 /* we need to do that to handle the case where a signal
687 occurs while doing tb_phys_invalidate() */
688 saved_tb = NULL;
689 if (env) {
690 saved_tb = env->current_tb;
691 env->current_tb = NULL;
692 }
693 tb_phys_invalidate(tb, -1);
694 if (env) {
695 env->current_tb = saved_tb;
696 if (env->interrupt_request && env->current_tb)
697 cpu_interrupt(env, env->interrupt_request);
698 }
699 }
700 tb = tb_next;
701 }
702 #if !defined(CONFIG_USER_ONLY)
703 /* if no code remaining, no need to continue to use slow writes */
704 if (!p->first_tb) {
705 invalidate_page_bitmap(p);
706 if (is_cpu_write_access) {
707 tlb_unprotect_code_phys(env, start, env->mem_write_vaddr);
708 }
709 }
710 #endif
711 #ifdef TARGET_HAS_PRECISE_SMC
712 if (current_tb_modified) {
713 /* we generate a block containing just the instruction
714 modifying the memory. It will ensure that it cannot modify
715 itself */
716 env->current_tb = NULL;
717 tb_gen_code(env, current_pc, current_cs_base, current_flags,
718 CF_SINGLE_INSN);
719 cpu_resume_from_signal(env, NULL);
720 }
721 #endif
722 }
723
724 /* len must be <= 8 and start must be a multiple of len */
725 static inline void tb_invalidate_phys_page_fast(target_ulong start, int len)
726 {
727 PageDesc *p;
728 int offset, b;
729 #if 0
730 if (1) {
731 if (loglevel) {
732 fprintf(logfile, "modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
733 cpu_single_env->mem_write_vaddr, len,
734 cpu_single_env->eip,
735 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
736 }
737 }
738 #endif
739 p = page_find(start >> TARGET_PAGE_BITS);
740 if (!p)
741 return;
742 if (p->code_bitmap) {
743 offset = start & ~TARGET_PAGE_MASK;
744 b = p->code_bitmap[offset >> 3] >> (offset & 7);
745 if (b & ((1 << len) - 1))
746 goto do_invalidate;
747 } else {
748 do_invalidate:
749 tb_invalidate_phys_page_range(start, start + len, 1);
750 }
751 }
752
753 #if !defined(CONFIG_SOFTMMU)
754 static void tb_invalidate_phys_page(target_ulong addr,
755 unsigned long pc, void *puc)
756 {
757 int n, current_flags, current_tb_modified;
758 target_ulong current_pc, current_cs_base;
759 PageDesc *p;
760 TranslationBlock *tb, *current_tb;
761 #ifdef TARGET_HAS_PRECISE_SMC
762 CPUState *env = cpu_single_env;
763 #endif
764
765 addr &= TARGET_PAGE_MASK;
766 p = page_find(addr >> TARGET_PAGE_BITS);
767 if (!p)
768 return;
769 tb = p->first_tb;
770 current_tb_modified = 0;
771 current_tb = NULL;
772 current_pc = 0; /* avoid warning */
773 current_cs_base = 0; /* avoid warning */
774 current_flags = 0; /* avoid warning */
775 #ifdef TARGET_HAS_PRECISE_SMC
776 if (tb && pc != 0) {
777 current_tb = tb_find_pc(pc);
778 }
779 #endif
780 while (tb != NULL) {
781 n = (long)tb & 3;
782 tb = (TranslationBlock *)((long)tb & ~3);
783 #ifdef TARGET_HAS_PRECISE_SMC
784 if (current_tb == tb &&
785 !(current_tb->cflags & CF_SINGLE_INSN)) {
786 /* If we are modifying the current TB, we must stop
787 its execution. We could be more precise by checking
788 that the modification is after the current PC, but it
789 would require a specialized function to partially
790 restore the CPU state */
791
792 current_tb_modified = 1;
793 cpu_restore_state(current_tb, env, pc, puc);
794 #if defined(TARGET_I386)
795 current_flags = env->hflags;
796 current_flags |= (env->eflags & (IOPL_MASK | TF_MASK | VM_MASK));
797 current_cs_base = (target_ulong)env->segs[R_CS].base;
798 current_pc = current_cs_base + env->eip;
799 #else
800 #error unsupported CPU
801 #endif
802 }
803 #endif /* TARGET_HAS_PRECISE_SMC */
804 tb_phys_invalidate(tb, addr);
805 tb = tb->page_next[n];
806 }
807 p->first_tb = NULL;
808 #ifdef TARGET_HAS_PRECISE_SMC
809 if (current_tb_modified) {
810 /* we generate a block containing just the instruction
811 modifying the memory. It will ensure that it cannot modify
812 itself */
813 env->current_tb = NULL;
814 tb_gen_code(env, current_pc, current_cs_base, current_flags,
815 CF_SINGLE_INSN);
816 cpu_resume_from_signal(env, puc);
817 }
818 #endif
819 }
820 #endif
821
822 /* add the tb in the target page and protect it if necessary */
823 static inline void tb_alloc_page(TranslationBlock *tb,
824 unsigned int n, target_ulong page_addr)
825 {
826 PageDesc *p;
827 TranslationBlock *last_first_tb;
828
829 tb->page_addr[n] = page_addr;
830 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS);
831 tb->page_next[n] = p->first_tb;
832 last_first_tb = p->first_tb;
833 p->first_tb = (TranslationBlock *)((long)tb | n);
834 invalidate_page_bitmap(p);
835
836 #if defined(TARGET_HAS_SMC) || 1
837
838 #if defined(CONFIG_USER_ONLY)
839 if (p->flags & PAGE_WRITE) {
840 target_ulong addr;
841 PageDesc *p2;
842 int prot;
843
844 /* force the host page as non writable (writes will have a
845 page fault + mprotect overhead) */
846 page_addr &= qemu_host_page_mask;
847 prot = 0;
848 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
849 addr += TARGET_PAGE_SIZE) {
850
851 p2 = page_find (addr >> TARGET_PAGE_BITS);
852 if (!p2)
853 continue;
854 prot |= p2->flags;
855 p2->flags &= ~PAGE_WRITE;
856 page_get_flags(addr);
857 }
858 mprotect(g2h(page_addr), qemu_host_page_size,
859 (prot & PAGE_BITS) & ~PAGE_WRITE);
860 #ifdef DEBUG_TB_INVALIDATE
861 printf("protecting code page: 0x%08lx\n",
862 page_addr);
863 #endif
864 }
865 #else
866 /* if some code is already present, then the pages are already
867 protected. So we handle the case where only the first TB is
868 allocated in a physical page */
869 if (!last_first_tb) {
870 tlb_protect_code(page_addr);
871 }
872 #endif
873
874 #endif /* TARGET_HAS_SMC */
875 }
876
877 /* Allocate a new translation block. Flush the translation buffer if
878 too many translation blocks or too much generated code. */
879 TranslationBlock *tb_alloc(target_ulong pc)
880 {
881 TranslationBlock *tb;
882
883 if (nb_tbs >= CODE_GEN_MAX_BLOCKS ||
884 (code_gen_ptr - code_gen_buffer) >= CODE_GEN_BUFFER_MAX_SIZE)
885 return NULL;
886 tb = &tbs[nb_tbs++];
887 tb->pc = pc;
888 tb->cflags = 0;
889 return tb;
890 }
891
892 /* add a new TB and link it to the physical page tables. phys_page2 is
893 (-1) to indicate that only one page contains the TB. */
894 void tb_link_phys(TranslationBlock *tb,
895 target_ulong phys_pc, target_ulong phys_page2)
896 {
897 unsigned int h;
898 TranslationBlock **ptb;
899
900 /* add in the physical hash table */
901 h = tb_phys_hash_func(phys_pc);
902 ptb = &tb_phys_hash[h];
903 tb->phys_hash_next = *ptb;
904 *ptb = tb;
905
906 /* add in the page list */
907 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
908 if (phys_page2 != -1)
909 tb_alloc_page(tb, 1, phys_page2);
910 else
911 tb->page_addr[1] = -1;
912
913 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
914 tb->jmp_next[0] = NULL;
915 tb->jmp_next[1] = NULL;
916 #ifdef USE_CODE_COPY
917 tb->cflags &= ~CF_FP_USED;
918 if (tb->cflags & CF_TB_FP_USED)
919 tb->cflags |= CF_FP_USED;
920 #endif
921
922 /* init original jump addresses */
923 if (tb->tb_next_offset[0] != 0xffff)
924 tb_reset_jump(tb, 0);
925 if (tb->tb_next_offset[1] != 0xffff)
926 tb_reset_jump(tb, 1);
927
928 #ifdef DEBUG_TB_CHECK
929 tb_page_check();
930 #endif
931 }
932
933 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
934 tb[1].tc_ptr. Return NULL if not found */
935 TranslationBlock *tb_find_pc(unsigned long tc_ptr)
936 {
937 int m_min, m_max, m;
938 unsigned long v;
939 TranslationBlock *tb;
940
941 if (nb_tbs <= 0)
942 return NULL;
943 if (tc_ptr < (unsigned long)code_gen_buffer ||
944 tc_ptr >= (unsigned long)code_gen_ptr)
945 return NULL;
946 /* binary search (cf Knuth) */
947 m_min = 0;
948 m_max = nb_tbs - 1;
949 while (m_min <= m_max) {
950 m = (m_min + m_max) >> 1;
951 tb = &tbs[m];
952 v = (unsigned long)tb->tc_ptr;
953 if (v == tc_ptr)
954 return tb;
955 else if (tc_ptr < v) {
956 m_max = m - 1;
957 } else {
958 m_min = m + 1;
959 }
960 }
961 return &tbs[m_max];
962 }
963
964 static void tb_reset_jump_recursive(TranslationBlock *tb);
965
966 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
967 {
968 TranslationBlock *tb1, *tb_next, **ptb;
969 unsigned int n1;
970
971 tb1 = tb->jmp_next[n];
972 if (tb1 != NULL) {
973 /* find head of list */
974 for(;;) {
975 n1 = (long)tb1 & 3;
976 tb1 = (TranslationBlock *)((long)tb1 & ~3);
977 if (n1 == 2)
978 break;
979 tb1 = tb1->jmp_next[n1];
980 }
981 /* we are now sure now that tb jumps to tb1 */
982 tb_next = tb1;
983
984 /* remove tb from the jmp_first list */
985 ptb = &tb_next->jmp_first;
986 for(;;) {
987 tb1 = *ptb;
988 n1 = (long)tb1 & 3;
989 tb1 = (TranslationBlock *)((long)tb1 & ~3);
990 if (n1 == n && tb1 == tb)
991 break;
992 ptb = &tb1->jmp_next[n1];
993 }
994 *ptb = tb->jmp_next[n];
995 tb->jmp_next[n] = NULL;
996
997 /* suppress the jump to next tb in generated code */
998 tb_reset_jump(tb, n);
999
1000 /* suppress jumps in the tb on which we could have jumped */
1001 tb_reset_jump_recursive(tb_next);
1002 }
1003 }
1004
1005 static void tb_reset_jump_recursive(TranslationBlock *tb)
1006 {
1007 tb_reset_jump_recursive2(tb, 0);
1008 tb_reset_jump_recursive2(tb, 1);
1009 }
1010
1011 #if defined(TARGET_HAS_ICE)
1012 static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1013 {
1014 target_ulong addr, pd;
1015 ram_addr_t ram_addr;
1016 PhysPageDesc *p;
1017
1018 addr = cpu_get_phys_page_debug(env, pc);
1019 p = phys_page_find(addr >> TARGET_PAGE_BITS);
1020 if (!p) {
1021 pd = IO_MEM_UNASSIGNED;
1022 } else {
1023 pd = p->phys_offset;
1024 }
1025 ram_addr = (pd & TARGET_PAGE_MASK) | (pc & ~TARGET_PAGE_MASK);
1026 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1027 }
1028 #endif
1029
1030 /* add a breakpoint. EXCP_DEBUG is returned by the CPU loop if a
1031 breakpoint is reached */
1032 int cpu_breakpoint_insert(CPUState *env, target_ulong pc)
1033 {
1034 #if defined(TARGET_HAS_ICE)
1035 int i;
1036
1037 for(i = 0; i < env->nb_breakpoints; i++) {
1038 if (env->breakpoints[i] == pc)
1039 return 0;
1040 }
1041
1042 if (env->nb_breakpoints >= MAX_BREAKPOINTS)
1043 return -1;
1044 env->breakpoints[env->nb_breakpoints++] = pc;
1045
1046 breakpoint_invalidate(env, pc);
1047 return 0;
1048 #else
1049 return -1;
1050 #endif
1051 }
1052
1053 /* remove a breakpoint */
1054 int cpu_breakpoint_remove(CPUState *env, target_ulong pc)
1055 {
1056 #if defined(TARGET_HAS_ICE)
1057 int i;
1058 for(i = 0; i < env->nb_breakpoints; i++) {
1059 if (env->breakpoints[i] == pc)
1060 goto found;
1061 }
1062 return -1;
1063 found:
1064 env->nb_breakpoints--;
1065 if (i < env->nb_breakpoints)
1066 env->breakpoints[i] = env->breakpoints[env->nb_breakpoints];
1067
1068 breakpoint_invalidate(env, pc);
1069 return 0;
1070 #else
1071 return -1;
1072 #endif
1073 }
1074
1075 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1076 CPU loop after each instruction */
1077 void cpu_single_step(CPUState *env, int enabled)
1078 {
1079 #if defined(TARGET_HAS_ICE)
1080 if (env->singlestep_enabled != enabled) {
1081 env->singlestep_enabled = enabled;
1082 /* must flush all the translated code to avoid inconsistancies */
1083 /* XXX: only flush what is necessary */
1084 tb_flush(env);
1085 }
1086 #endif
1087 }
1088
1089 /* enable or disable low levels log */
1090 void cpu_set_log(int log_flags)
1091 {
1092 loglevel = log_flags;
1093 if (loglevel && !logfile) {
1094 logfile = fopen(logfilename, "w");
1095 if (!logfile) {
1096 perror(logfilename);
1097 _exit(1);
1098 }
1099 #if !defined(CONFIG_SOFTMMU)
1100 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1101 {
1102 static uint8_t logfile_buf[4096];
1103 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1104 }
1105 #else
1106 setvbuf(logfile, NULL, _IOLBF, 0);
1107 #endif
1108 }
1109 }
1110
1111 void cpu_set_log_filename(const char *filename)
1112 {
1113 logfilename = strdup(filename);
1114 }
1115
1116 /* mask must never be zero, except for A20 change call */
1117 void cpu_interrupt(CPUState *env, int mask)
1118 {
1119 TranslationBlock *tb;
1120 static int interrupt_lock;
1121
1122 env->interrupt_request |= mask;
1123 /* if the cpu is currently executing code, we must unlink it and
1124 all the potentially executing TB */
1125 tb = env->current_tb;
1126 if (tb && !testandset(&interrupt_lock)) {
1127 env->current_tb = NULL;
1128 tb_reset_jump_recursive(tb);
1129 interrupt_lock = 0;
1130 }
1131 }
1132
1133 void cpu_reset_interrupt(CPUState *env, int mask)
1134 {
1135 env->interrupt_request &= ~mask;
1136 }
1137
1138 CPULogItem cpu_log_items[] = {
1139 { CPU_LOG_TB_OUT_ASM, "out_asm",
1140 "show generated host assembly code for each compiled TB" },
1141 { CPU_LOG_TB_IN_ASM, "in_asm",
1142 "show target assembly code for each compiled TB" },
1143 { CPU_LOG_TB_OP, "op",
1144 "show micro ops for each compiled TB (only usable if 'in_asm' used)" },
1145 #ifdef TARGET_I386
1146 { CPU_LOG_TB_OP_OPT, "op_opt",
1147 "show micro ops after optimization for each compiled TB" },
1148 #endif
1149 { CPU_LOG_INT, "int",
1150 "show interrupts/exceptions in short format" },
1151 { CPU_LOG_EXEC, "exec",
1152 "show trace before each executed TB (lots of logs)" },
1153 { CPU_LOG_TB_CPU, "cpu",
1154 "show CPU state before bloc translation" },
1155 #ifdef TARGET_I386
1156 { CPU_LOG_PCALL, "pcall",
1157 "show protected mode far calls/returns/exceptions" },
1158 #endif
1159 #ifdef DEBUG_IOPORT
1160 { CPU_LOG_IOPORT, "ioport",
1161 "show all i/o ports accesses" },
1162 #endif
1163 { 0, NULL, NULL },
1164 };
1165
1166 static int cmp1(const char *s1, int n, const char *s2)
1167 {
1168 if (strlen(s2) != n)
1169 return 0;
1170 return memcmp(s1, s2, n) == 0;
1171 }
1172
1173 /* takes a comma separated list of log masks. Return 0 if error. */
1174 int cpu_str_to_log_mask(const char *str)
1175 {
1176 CPULogItem *item;
1177 int mask;
1178 const char *p, *p1;
1179
1180 p = str;
1181 mask = 0;
1182 for(;;) {
1183 p1 = strchr(p, ',');
1184 if (!p1)
1185 p1 = p + strlen(p);
1186 if(cmp1(p,p1-p,"all")) {
1187 for(item = cpu_log_items; item->mask != 0; item++) {
1188 mask |= item->mask;
1189 }
1190 } else {
1191 for(item = cpu_log_items; item->mask != 0; item++) {
1192 if (cmp1(p, p1 - p, item->name))
1193 goto found;
1194 }
1195 return 0;
1196 }
1197 found:
1198 mask |= item->mask;
1199 if (*p1 != ',')
1200 break;
1201 p = p1 + 1;
1202 }
1203 return mask;
1204 }
1205
1206 void cpu_abort(CPUState *env, const char *fmt, ...)
1207 {
1208 va_list ap;
1209
1210 va_start(ap, fmt);
1211 fprintf(stderr, "qemu: fatal: ");
1212 vfprintf(stderr, fmt, ap);
1213 fprintf(stderr, "\n");
1214 #ifdef TARGET_I386
1215 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1216 #else
1217 cpu_dump_state(env, stderr, fprintf, 0);
1218 #endif
1219 va_end(ap);
1220 abort();
1221 }
1222
1223 #if !defined(CONFIG_USER_ONLY)
1224
1225 /* NOTE: if flush_global is true, also flush global entries (not
1226 implemented yet) */
1227 void tlb_flush(CPUState *env, int flush_global)
1228 {
1229 int i;
1230
1231 #if defined(DEBUG_TLB)
1232 printf("tlb_flush:\n");
1233 #endif
1234 /* must reset current TB so that interrupts cannot modify the
1235 links while we are modifying them */
1236 env->current_tb = NULL;
1237
1238 for(i = 0; i < CPU_TLB_SIZE; i++) {
1239 env->tlb_table[0][i].addr_read = -1;
1240 env->tlb_table[0][i].addr_write = -1;
1241 env->tlb_table[0][i].addr_code = -1;
1242 env->tlb_table[1][i].addr_read = -1;
1243 env->tlb_table[1][i].addr_write = -1;
1244 env->tlb_table[1][i].addr_code = -1;
1245 }
1246
1247 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
1248
1249 #if !defined(CONFIG_SOFTMMU)
1250 munmap((void *)MMAP_AREA_START, MMAP_AREA_END - MMAP_AREA_START);
1251 #endif
1252 #ifdef USE_KQEMU
1253 if (env->kqemu_enabled) {
1254 kqemu_flush(env, flush_global);
1255 }
1256 #endif
1257 tlb_flush_count++;
1258 }
1259
1260 static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
1261 {
1262 if (addr == (tlb_entry->addr_read &
1263 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1264 addr == (tlb_entry->addr_write &
1265 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
1266 addr == (tlb_entry->addr_code &
1267 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
1268 tlb_entry->addr_read = -1;
1269 tlb_entry->addr_write = -1;
1270 tlb_entry->addr_code = -1;
1271 }
1272 }
1273
1274 void tlb_flush_page(CPUState *env, target_ulong addr)
1275 {
1276 int i;
1277 TranslationBlock *tb;
1278
1279 #if defined(DEBUG_TLB)
1280 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
1281 #endif
1282 /* must reset current TB so that interrupts cannot modify the
1283 links while we are modifying them */
1284 env->current_tb = NULL;
1285
1286 addr &= TARGET_PAGE_MASK;
1287 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1288 tlb_flush_entry(&env->tlb_table[0][i], addr);
1289 tlb_flush_entry(&env->tlb_table[1][i], addr);
1290
1291 for(i = 0; i < TB_JMP_CACHE_SIZE; i++) {
1292 tb = env->tb_jmp_cache[i];
1293 if (tb &&
1294 ((tb->pc & TARGET_PAGE_MASK) == addr ||
1295 ((tb->pc + tb->size - 1) & TARGET_PAGE_MASK) == addr)) {
1296 env->tb_jmp_cache[i] = NULL;
1297 }
1298 }
1299
1300 #if !defined(CONFIG_SOFTMMU)
1301 if (addr < MMAP_AREA_END)
1302 munmap((void *)addr, TARGET_PAGE_SIZE);
1303 #endif
1304 #ifdef USE_KQEMU
1305 if (env->kqemu_enabled) {
1306 kqemu_flush_page(env, addr);
1307 }
1308 #endif
1309 }
1310
1311 /* update the TLBs so that writes to code in the virtual page 'addr'
1312 can be detected */
1313 static void tlb_protect_code(ram_addr_t ram_addr)
1314 {
1315 cpu_physical_memory_reset_dirty(ram_addr,
1316 ram_addr + TARGET_PAGE_SIZE,
1317 CODE_DIRTY_FLAG);
1318 }
1319
1320 /* update the TLB so that writes in physical page 'phys_addr' are no longer
1321 tested for self modifying code */
1322 static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
1323 target_ulong vaddr)
1324 {
1325 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] |= CODE_DIRTY_FLAG;
1326 }
1327
1328 static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1329 unsigned long start, unsigned long length)
1330 {
1331 unsigned long addr;
1332 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1333 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1334 if ((addr - start) < length) {
1335 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | IO_MEM_NOTDIRTY;
1336 }
1337 }
1338 }
1339
1340 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1341 int dirty_flags)
1342 {
1343 CPUState *env;
1344 unsigned long length, start1;
1345 int i, mask, len;
1346 uint8_t *p;
1347
1348 start &= TARGET_PAGE_MASK;
1349 end = TARGET_PAGE_ALIGN(end);
1350
1351 length = end - start;
1352 if (length == 0)
1353 return;
1354 len = length >> TARGET_PAGE_BITS;
1355 #ifdef USE_KQEMU
1356 /* XXX: should not depend on cpu context */
1357 env = first_cpu;
1358 if (env->kqemu_enabled) {
1359 ram_addr_t addr;
1360 addr = start;
1361 for(i = 0; i < len; i++) {
1362 kqemu_set_notdirty(env, addr);
1363 addr += TARGET_PAGE_SIZE;
1364 }
1365 }
1366 #endif
1367 mask = ~dirty_flags;
1368 p = phys_ram_dirty + (start >> TARGET_PAGE_BITS);
1369 for(i = 0; i < len; i++)
1370 p[i] &= mask;
1371
1372 /* we modify the TLB cache so that the dirty bit will be set again
1373 when accessing the range */
1374 start1 = start + (unsigned long)phys_ram_base;
1375 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1376 for(i = 0; i < CPU_TLB_SIZE; i++)
1377 tlb_reset_dirty_range(&env->tlb_table[0][i], start1, length);
1378 for(i = 0; i < CPU_TLB_SIZE; i++)
1379 tlb_reset_dirty_range(&env->tlb_table[1][i], start1, length);
1380 }
1381
1382 #if !defined(CONFIG_SOFTMMU)
1383 /* XXX: this is expensive */
1384 {
1385 VirtPageDesc *p;
1386 int j;
1387 target_ulong addr;
1388
1389 for(i = 0; i < L1_SIZE; i++) {
1390 p = l1_virt_map[i];
1391 if (p) {
1392 addr = i << (TARGET_PAGE_BITS + L2_BITS);
1393 for(j = 0; j < L2_SIZE; j++) {
1394 if (p->valid_tag == virt_valid_tag &&
1395 p->phys_addr >= start && p->phys_addr < end &&
1396 (p->prot & PROT_WRITE)) {
1397 if (addr < MMAP_AREA_END) {
1398 mprotect((void *)addr, TARGET_PAGE_SIZE,
1399 p->prot & ~PROT_WRITE);
1400 }
1401 }
1402 addr += TARGET_PAGE_SIZE;
1403 p++;
1404 }
1405 }
1406 }
1407 }
1408 #endif
1409 }
1410
1411 static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
1412 {
1413 ram_addr_t ram_addr;
1414
1415 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
1416 ram_addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) +
1417 tlb_entry->addend - (unsigned long)phys_ram_base;
1418 if (!cpu_physical_memory_is_dirty(ram_addr)) {
1419 tlb_entry->addr_write |= IO_MEM_NOTDIRTY;
1420 }
1421 }
1422 }
1423
1424 /* update the TLB according to the current state of the dirty bits */
1425 void cpu_tlb_update_dirty(CPUState *env)
1426 {
1427 int i;
1428 for(i = 0; i < CPU_TLB_SIZE; i++)
1429 tlb_update_dirty(&env->tlb_table[0][i]);
1430 for(i = 0; i < CPU_TLB_SIZE; i++)
1431 tlb_update_dirty(&env->tlb_table[1][i]);
1432 }
1433
1434 static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry,
1435 unsigned long start)
1436 {
1437 unsigned long addr;
1438 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == IO_MEM_NOTDIRTY) {
1439 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1440 if (addr == start) {
1441 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | IO_MEM_RAM;
1442 }
1443 }
1444 }
1445
1446 /* update the TLB corresponding to virtual page vaddr and phys addr
1447 addr so that it is no longer dirty */
1448 static inline void tlb_set_dirty(CPUState *env,
1449 unsigned long addr, target_ulong vaddr)
1450 {
1451 int i;
1452
1453 addr &= TARGET_PAGE_MASK;
1454 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1455 tlb_set_dirty1(&env->tlb_table[0][i], addr);
1456 tlb_set_dirty1(&env->tlb_table[1][i], addr);
1457 }
1458
1459 /* add a new TLB entry. At most one entry for a given virtual address
1460 is permitted. Return 0 if OK or 2 if the page could not be mapped
1461 (can only happen in non SOFTMMU mode for I/O pages or pages
1462 conflicting with the host address space). */
1463 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1464 target_phys_addr_t paddr, int prot,
1465 int is_user, int is_softmmu)
1466 {
1467 PhysPageDesc *p;
1468 unsigned long pd;
1469 unsigned int index;
1470 target_ulong address;
1471 target_phys_addr_t addend;
1472 int ret;
1473 CPUTLBEntry *te;
1474
1475 p = phys_page_find(paddr >> TARGET_PAGE_BITS);
1476 if (!p) {
1477 pd = IO_MEM_UNASSIGNED;
1478 } else {
1479 pd = p->phys_offset;
1480 }
1481 #if defined(DEBUG_TLB)
1482 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x%08x prot=%x u=%d smmu=%d pd=0x%08lx\n",
1483 vaddr, (int)paddr, prot, is_user, is_softmmu, pd);
1484 #endif
1485
1486 ret = 0;
1487 #if !defined(CONFIG_SOFTMMU)
1488 if (is_softmmu)
1489 #endif
1490 {
1491 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM) {
1492 /* IO memory case */
1493 address = vaddr | pd;
1494 addend = paddr;
1495 } else {
1496 /* standard memory */
1497 address = vaddr;
1498 addend = (unsigned long)phys_ram_base + (pd & TARGET_PAGE_MASK);
1499 }
1500
1501 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
1502 addend -= vaddr;
1503 te = &env->tlb_table[is_user][index];
1504 te->addend = addend;
1505 if (prot & PAGE_READ) {
1506 te->addr_read = address;
1507 } else {
1508 te->addr_read = -1;
1509 }
1510 if (prot & PAGE_EXEC) {
1511 te->addr_code = address;
1512 } else {
1513 te->addr_code = -1;
1514 }
1515 if (prot & PAGE_WRITE) {
1516 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM) {
1517 /* ROM: access is ignored (same as unassigned) */
1518 te->addr_write = vaddr | IO_MEM_ROM;
1519 } else if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
1520 !cpu_physical_memory_is_dirty(pd)) {
1521 te->addr_write = vaddr | IO_MEM_NOTDIRTY;
1522 } else {
1523 te->addr_write = address;
1524 }
1525 } else {
1526 te->addr_write = -1;
1527 }
1528 }
1529 #if !defined(CONFIG_SOFTMMU)
1530 else {
1531 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM) {
1532 /* IO access: no mapping is done as it will be handled by the
1533 soft MMU */
1534 if (!(env->hflags & HF_SOFTMMU_MASK))
1535 ret = 2;
1536 } else {
1537 void *map_addr;
1538
1539 if (vaddr >= MMAP_AREA_END) {
1540 ret = 2;
1541 } else {
1542 if (prot & PROT_WRITE) {
1543 if ((pd & ~TARGET_PAGE_MASK) == IO_MEM_ROM ||
1544 #if defined(TARGET_HAS_SMC) || 1
1545 first_tb ||
1546 #endif
1547 ((pd & ~TARGET_PAGE_MASK) == IO_MEM_RAM &&
1548 !cpu_physical_memory_is_dirty(pd))) {
1549 /* ROM: we do as if code was inside */
1550 /* if code is present, we only map as read only and save the
1551 original mapping */
1552 VirtPageDesc *vp;
1553
1554 vp = virt_page_find_alloc(vaddr >> TARGET_PAGE_BITS, 1);
1555 vp->phys_addr = pd;
1556 vp->prot = prot;
1557 vp->valid_tag = virt_valid_tag;
1558 prot &= ~PAGE_WRITE;
1559 }
1560 }
1561 map_addr = mmap((void *)vaddr, TARGET_PAGE_SIZE, prot,
1562 MAP_SHARED | MAP_FIXED, phys_ram_fd, (pd & TARGET_PAGE_MASK));
1563 if (map_addr == MAP_FAILED) {
1564 cpu_abort(env, "mmap failed when mapped physical address 0x%08x to virtual address 0x%08x\n",
1565 paddr, vaddr);
1566 }
1567 }
1568 }
1569 }
1570 #endif
1571 return ret;
1572 }
1573
1574 /* called from signal handler: invalidate the code and unprotect the
1575 page. Return TRUE if the fault was succesfully handled. */
1576 int page_unprotect(target_ulong addr, unsigned long pc, void *puc)
1577 {
1578 #if !defined(CONFIG_SOFTMMU)
1579 VirtPageDesc *vp;
1580
1581 #if defined(DEBUG_TLB)
1582 printf("page_unprotect: addr=0x%08x\n", addr);
1583 #endif
1584 addr &= TARGET_PAGE_MASK;
1585
1586 /* if it is not mapped, no need to worry here */
1587 if (addr >= MMAP_AREA_END)
1588 return 0;
1589 vp = virt_page_find(addr >> TARGET_PAGE_BITS);
1590 if (!vp)
1591 return 0;
1592 /* NOTE: in this case, validate_tag is _not_ tested as it
1593 validates only the code TLB */
1594 if (vp->valid_tag != virt_valid_tag)
1595 return 0;
1596 if (!(vp->prot & PAGE_WRITE))
1597 return 0;
1598 #if defined(DEBUG_TLB)
1599 printf("page_unprotect: addr=0x%08x phys_addr=0x%08x prot=%x\n",
1600 addr, vp->phys_addr, vp->prot);
1601 #endif
1602 if (mprotect((void *)addr, TARGET_PAGE_SIZE, vp->prot) < 0)
1603 cpu_abort(cpu_single_env, "error mprotect addr=0x%lx prot=%d\n",
1604 (unsigned long)addr, vp->prot);
1605 /* set the dirty bit */
1606 phys_ram_dirty[vp->phys_addr >> TARGET_PAGE_BITS] = 0xff;
1607 /* flush the code inside */
1608 tb_invalidate_phys_page(vp->phys_addr, pc, puc);
1609 return 1;
1610 #else
1611 return 0;
1612 #endif
1613 }
1614
1615 #else
1616
1617 void tlb_flush(CPUState *env, int flush_global)
1618 {
1619 }
1620
1621 void tlb_flush_page(CPUState *env, target_ulong addr)
1622 {
1623 }
1624
1625 int tlb_set_page_exec(CPUState *env, target_ulong vaddr,
1626 target_phys_addr_t paddr, int prot,
1627 int is_user, int is_softmmu)
1628 {
1629 return 0;
1630 }
1631
1632 /* dump memory mappings */
1633 void page_dump(FILE *f)
1634 {
1635 unsigned long start, end;
1636 int i, j, prot, prot1;
1637 PageDesc *p;
1638
1639 fprintf(f, "%-8s %-8s %-8s %s\n",
1640 "start", "end", "size", "prot");
1641 start = -1;
1642 end = -1;
1643 prot = 0;
1644 for(i = 0; i <= L1_SIZE; i++) {
1645 if (i < L1_SIZE)
1646 p = l1_map[i];
1647 else
1648 p = NULL;
1649 for(j = 0;j < L2_SIZE; j++) {
1650 if (!p)
1651 prot1 = 0;
1652 else
1653 prot1 = p[j].flags;
1654 if (prot1 != prot) {
1655 end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS);
1656 if (start != -1) {
1657 fprintf(f, "%08lx-%08lx %08lx %c%c%c\n",
1658 start, end, end - start,
1659 prot & PAGE_READ ? 'r' : '-',
1660 prot & PAGE_WRITE ? 'w' : '-',
1661 prot & PAGE_EXEC ? 'x' : '-');
1662 }
1663 if (prot1 != 0)
1664 start = end;
1665 else
1666 start = -1;
1667 prot = prot1;
1668 }
1669 if (!p)
1670 break;
1671 }
1672 }
1673 }
1674
1675 int page_get_flags(target_ulong address)
1676 {
1677 PageDesc *p;
1678
1679 p = page_find(address >> TARGET_PAGE_BITS);
1680 if (!p)
1681 return 0;
1682 return p->flags;
1683 }
1684
1685 /* modify the flags of a page and invalidate the code if
1686 necessary. The flag PAGE_WRITE_ORG is positionned automatically
1687 depending on PAGE_WRITE */
1688 void page_set_flags(target_ulong start, target_ulong end, int flags)
1689 {
1690 PageDesc *p;
1691 target_ulong addr;
1692
1693 start = start & TARGET_PAGE_MASK;
1694 end = TARGET_PAGE_ALIGN(end);
1695 if (flags & PAGE_WRITE)
1696 flags |= PAGE_WRITE_ORG;
1697 spin_lock(&tb_lock);
1698 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
1699 p = page_find_alloc(addr >> TARGET_PAGE_BITS);
1700 /* if the write protection is set, then we invalidate the code
1701 inside */
1702 if (!(p->flags & PAGE_WRITE) &&
1703 (flags & PAGE_WRITE) &&
1704 p->first_tb) {
1705 tb_invalidate_phys_page(addr, 0, NULL);
1706 }
1707 p->flags = flags;
1708 }
1709 spin_unlock(&tb_lock);
1710 }
1711
1712 /* called from signal handler: invalidate the code and unprotect the
1713 page. Return TRUE if the fault was succesfully handled. */
1714 int page_unprotect(target_ulong address, unsigned long pc, void *puc)
1715 {
1716 unsigned int page_index, prot, pindex;
1717 PageDesc *p, *p1;
1718 target_ulong host_start, host_end, addr;
1719
1720 host_start = address & qemu_host_page_mask;
1721 page_index = host_start >> TARGET_PAGE_BITS;
1722 p1 = page_find(page_index);
1723 if (!p1)
1724 return 0;
1725 host_end = host_start + qemu_host_page_size;
1726 p = p1;
1727 prot = 0;
1728 for(addr = host_start;addr < host_end; addr += TARGET_PAGE_SIZE) {
1729 prot |= p->flags;
1730 p++;
1731 }
1732 /* if the page was really writable, then we change its
1733 protection back to writable */
1734 if (prot & PAGE_WRITE_ORG) {
1735 pindex = (address - host_start) >> TARGET_PAGE_BITS;
1736 if (!(p1[pindex].flags & PAGE_WRITE)) {
1737 mprotect((void *)g2h(host_start), qemu_host_page_size,
1738 (prot & PAGE_BITS) | PAGE_WRITE);
1739 p1[pindex].flags |= PAGE_WRITE;
1740 /* and since the content will be modified, we must invalidate
1741 the corresponding translated code. */
1742 tb_invalidate_phys_page(address, pc, puc);
1743 #ifdef DEBUG_TB_CHECK
1744 tb_invalidate_check(address);
1745 #endif
1746 return 1;
1747 }
1748 }
1749 return 0;
1750 }
1751
1752 /* call this function when system calls directly modify a memory area */
1753 /* ??? This should be redundant now we have lock_user. */
1754 void page_unprotect_range(target_ulong data, target_ulong data_size)
1755 {
1756 target_ulong start, end, addr;
1757
1758 start = data;
1759 end = start + data_size;
1760 start &= TARGET_PAGE_MASK;
1761 end = TARGET_PAGE_ALIGN(end);
1762 for(addr = start; addr < end; addr += TARGET_PAGE_SIZE) {
1763 page_unprotect(addr, 0, NULL);
1764 }
1765 }
1766
1767 static inline void tlb_set_dirty(CPUState *env,
1768 unsigned long addr, target_ulong vaddr)
1769 {
1770 }
1771 #endif /* defined(CONFIG_USER_ONLY) */
1772
1773 /* register physical memory. 'size' must be a multiple of the target
1774 page size. If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
1775 io memory page */
1776 void cpu_register_physical_memory(target_phys_addr_t start_addr,
1777 unsigned long size,
1778 unsigned long phys_offset)
1779 {
1780 target_phys_addr_t addr, end_addr;
1781 PhysPageDesc *p;
1782
1783 size = (size + TARGET_PAGE_SIZE - 1) & TARGET_PAGE_MASK;
1784 end_addr = start_addr + size;
1785 for(addr = start_addr; addr != end_addr; addr += TARGET_PAGE_SIZE) {
1786 p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
1787 p->phys_offset = phys_offset;
1788 if ((phys_offset & ~TARGET_PAGE_MASK) <= IO_MEM_ROM)
1789 phys_offset += TARGET_PAGE_SIZE;
1790 }
1791 }
1792
1793 static uint32_t unassigned_mem_readb(void *opaque, target_phys_addr_t addr)
1794 {
1795 return 0;
1796 }
1797
1798 static void unassigned_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1799 {
1800 }
1801
1802 static CPUReadMemoryFunc *unassigned_mem_read[3] = {
1803 unassigned_mem_readb,
1804 unassigned_mem_readb,
1805 unassigned_mem_readb,
1806 };
1807
1808 static CPUWriteMemoryFunc *unassigned_mem_write[3] = {
1809 unassigned_mem_writeb,
1810 unassigned_mem_writeb,
1811 unassigned_mem_writeb,
1812 };
1813
1814 static void notdirty_mem_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1815 {
1816 unsigned long ram_addr;
1817 int dirty_flags;
1818 ram_addr = addr - (unsigned long)phys_ram_base;
1819 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
1820 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1821 #if !defined(CONFIG_USER_ONLY)
1822 tb_invalidate_phys_page_fast(ram_addr, 1);
1823 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
1824 #endif
1825 }
1826 stb_p((uint8_t *)(long)addr, val);
1827 #ifdef USE_KQEMU
1828 if (cpu_single_env->kqemu_enabled &&
1829 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
1830 kqemu_modify_page(cpu_single_env, ram_addr);
1831 #endif
1832 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1833 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
1834 /* we remove the notdirty callback only if the code has been
1835 flushed */
1836 if (dirty_flags == 0xff)
1837 tlb_set_dirty(cpu_single_env, addr, cpu_single_env->mem_write_vaddr);
1838 }
1839
1840 static void notdirty_mem_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1841 {
1842 unsigned long ram_addr;
1843 int dirty_flags;
1844 ram_addr = addr - (unsigned long)phys_ram_base;
1845 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
1846 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1847 #if !defined(CONFIG_USER_ONLY)
1848 tb_invalidate_phys_page_fast(ram_addr, 2);
1849 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
1850 #endif
1851 }
1852 stw_p((uint8_t *)(long)addr, val);
1853 #ifdef USE_KQEMU
1854 if (cpu_single_env->kqemu_enabled &&
1855 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
1856 kqemu_modify_page(cpu_single_env, ram_addr);
1857 #endif
1858 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1859 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
1860 /* we remove the notdirty callback only if the code has been
1861 flushed */
1862 if (dirty_flags == 0xff)
1863 tlb_set_dirty(cpu_single_env, addr, cpu_single_env->mem_write_vaddr);
1864 }
1865
1866 static void notdirty_mem_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1867 {
1868 unsigned long ram_addr;
1869 int dirty_flags;
1870 ram_addr = addr - (unsigned long)phys_ram_base;
1871 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
1872 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1873 #if !defined(CONFIG_USER_ONLY)
1874 tb_invalidate_phys_page_fast(ram_addr, 4);
1875 dirty_flags = phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS];
1876 #endif
1877 }
1878 stl_p((uint8_t *)(long)addr, val);
1879 #ifdef USE_KQEMU
1880 if (cpu_single_env->kqemu_enabled &&
1881 (dirty_flags & KQEMU_MODIFY_PAGE_MASK) != KQEMU_MODIFY_PAGE_MASK)
1882 kqemu_modify_page(cpu_single_env, ram_addr);
1883 #endif
1884 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1885 phys_ram_dirty[ram_addr >> TARGET_PAGE_BITS] = dirty_flags;
1886 /* we remove the notdirty callback only if the code has been
1887 flushed */
1888 if (dirty_flags == 0xff)
1889 tlb_set_dirty(cpu_single_env, addr, cpu_single_env->mem_write_vaddr);
1890 }
1891
1892 static CPUReadMemoryFunc *error_mem_read[3] = {
1893 NULL, /* never used */
1894 NULL, /* never used */
1895 NULL, /* never used */
1896 };
1897
1898 static CPUWriteMemoryFunc *notdirty_mem_write[3] = {
1899 notdirty_mem_writeb,
1900 notdirty_mem_writew,
1901 notdirty_mem_writel,
1902 };
1903
1904 static void io_mem_init(void)
1905 {
1906 cpu_register_io_memory(IO_MEM_ROM >> IO_MEM_SHIFT, error_mem_read, unassigned_mem_write, NULL);
1907 cpu_register_io_memory(IO_MEM_UNASSIGNED >> IO_MEM_SHIFT, unassigned_mem_read, unassigned_mem_write, NULL);
1908 cpu_register_io_memory(IO_MEM_NOTDIRTY >> IO_MEM_SHIFT, error_mem_read, notdirty_mem_write, NULL);
1909 io_mem_nb = 5;
1910
1911 /* alloc dirty bits array */
1912 phys_ram_dirty = qemu_vmalloc(phys_ram_size >> TARGET_PAGE_BITS);
1913 memset(phys_ram_dirty, 0xff, phys_ram_size >> TARGET_PAGE_BITS);
1914 }
1915
1916 /* mem_read and mem_write are arrays of functions containing the
1917 function to access byte (index 0), word (index 1) and dword (index
1918 2). All functions must be supplied. If io_index is non zero, the
1919 corresponding io zone is modified. If it is zero, a new io zone is
1920 allocated. The return value can be used with
1921 cpu_register_physical_memory(). (-1) is returned if error. */
1922 int cpu_register_io_memory(int io_index,
1923 CPUReadMemoryFunc **mem_read,
1924 CPUWriteMemoryFunc **mem_write,
1925 void *opaque)
1926 {
1927 int i;
1928
1929 if (io_index <= 0) {
1930 if (io_mem_nb >= IO_MEM_NB_ENTRIES)
1931 return -1;
1932 io_index = io_mem_nb++;
1933 } else {
1934 if (io_index >= IO_MEM_NB_ENTRIES)
1935 return -1;
1936 }
1937
1938 for(i = 0;i < 3; i++) {
1939 io_mem_read[io_index][i] = mem_read[i];
1940 io_mem_write[io_index][i] = mem_write[i];
1941 }
1942 io_mem_opaque[io_index] = opaque;
1943 return io_index << IO_MEM_SHIFT;
1944 }
1945
1946 CPUWriteMemoryFunc **cpu_get_io_memory_write(int io_index)
1947 {
1948 return io_mem_write[io_index >> IO_MEM_SHIFT];
1949 }
1950
1951 CPUReadMemoryFunc **cpu_get_io_memory_read(int io_index)
1952 {
1953 return io_mem_read[io_index >> IO_MEM_SHIFT];
1954 }
1955
1956 /* physical memory access (slow version, mainly for debug) */
1957 #if defined(CONFIG_USER_ONLY)
1958 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
1959 int len, int is_write)
1960 {
1961 int l, flags;
1962 target_ulong page;
1963 void * p;
1964
1965 while (len > 0) {
1966 page = addr & TARGET_PAGE_MASK;
1967 l = (page + TARGET_PAGE_SIZE) - addr;
1968 if (l > len)
1969 l = len;
1970 flags = page_get_flags(page);
1971 if (!(flags & PAGE_VALID))
1972 return;
1973 if (is_write) {
1974 if (!(flags & PAGE_WRITE))
1975 return;
1976 p = lock_user(addr, len, 0);
1977 memcpy(p, buf, len);
1978 unlock_user(p, addr, len);
1979 } else {
1980 if (!(flags & PAGE_READ))
1981 return;
1982 p = lock_user(addr, len, 1);
1983 memcpy(buf, p, len);
1984 unlock_user(p, addr, 0);
1985 }
1986 len -= l;
1987 buf += l;
1988 addr += l;
1989 }
1990 }
1991
1992 #else
1993 void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
1994 int len, int is_write)
1995 {
1996 int l, io_index;
1997 uint8_t *ptr;
1998 uint32_t val;
1999 target_phys_addr_t page;
2000 unsigned long pd;
2001 PhysPageDesc *p;
2002
2003 while (len > 0) {
2004 page = addr & TARGET_PAGE_MASK;
2005 l = (page + TARGET_PAGE_SIZE) - addr;
2006 if (l > len)
2007 l = len;
2008 p = phys_page_find(page >> TARGET_PAGE_BITS);
2009 if (!p) {
2010 pd = IO_MEM_UNASSIGNED;
2011 } else {
2012 pd = p->phys_offset;
2013 }
2014
2015 if (is_write) {
2016 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2017 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2018 /* XXX: could force cpu_single_env to NULL to avoid
2019 potential bugs */
2020 if (l >= 4 && ((addr & 3) == 0)) {
2021 /* 32 bit write access */
2022 val = ldl_p(buf);
2023 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2024 l = 4;
2025 } else if (l >= 2 && ((addr & 1) == 0)) {
2026 /* 16 bit write access */
2027 val = lduw_p(buf);
2028 io_mem_write[io_index][1](io_mem_opaque[io_index], addr, val);
2029 l = 2;
2030 } else {
2031 /* 8 bit write access */
2032 val = ldub_p(buf);
2033 io_mem_write[io_index][0](io_mem_opaque[io_index], addr, val);
2034 l = 1;
2035 }
2036 } else {
2037 unsigned long addr1;
2038 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2039 /* RAM case */
2040 ptr = phys_ram_base + addr1;
2041 memcpy(ptr, buf, l);
2042 if (!cpu_physical_memory_is_dirty(addr1)) {
2043 /* invalidate code */
2044 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
2045 /* set dirty bit */
2046 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2047 (0xff & ~CODE_DIRTY_FLAG);
2048 }
2049 }
2050 } else {
2051 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM) {
2052 /* I/O case */
2053 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2054 if (l >= 4 && ((addr & 3) == 0)) {
2055 /* 32 bit read access */
2056 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2057 stl_p(buf, val);
2058 l = 4;
2059 } else if (l >= 2 && ((addr & 1) == 0)) {
2060 /* 16 bit read access */
2061 val = io_mem_read[io_index][1](io_mem_opaque[io_index], addr);
2062 stw_p(buf, val);
2063 l = 2;
2064 } else {
2065 /* 8 bit read access */
2066 val = io_mem_read[io_index][0](io_mem_opaque[io_index], addr);
2067 stb_p(buf, val);
2068 l = 1;
2069 }
2070 } else {
2071 /* RAM case */
2072 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2073 (addr & ~TARGET_PAGE_MASK);
2074 memcpy(buf, ptr, l);
2075 }
2076 }
2077 len -= l;
2078 buf += l;
2079 addr += l;
2080 }
2081 }
2082
2083 /* used for ROM loading : can write in RAM and ROM */
2084 void cpu_physical_memory_write_rom(target_phys_addr_t addr,
2085 const uint8_t *buf, int len)
2086 {
2087 int l;
2088 uint8_t *ptr;
2089 target_phys_addr_t page;
2090 unsigned long pd;
2091 PhysPageDesc *p;
2092
2093 while (len > 0) {
2094 page = addr & TARGET_PAGE_MASK;
2095 l = (page + TARGET_PAGE_SIZE) - addr;
2096 if (l > len)
2097 l = len;
2098 p = phys_page_find(page >> TARGET_PAGE_BITS);
2099 if (!p) {
2100 pd = IO_MEM_UNASSIGNED;
2101 } else {
2102 pd = p->phys_offset;
2103 }
2104
2105 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM &&
2106 (pd & ~TARGET_PAGE_MASK) != IO_MEM_ROM) {
2107 /* do nothing */
2108 } else {
2109 unsigned long addr1;
2110 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2111 /* ROM/RAM case */
2112 ptr = phys_ram_base + addr1;
2113 memcpy(ptr, buf, l);
2114 }
2115 len -= l;
2116 buf += l;
2117 addr += l;
2118 }
2119 }
2120
2121
2122 /* warning: addr must be aligned */
2123 uint32_t ldl_phys(target_phys_addr_t addr)
2124 {
2125 int io_index;
2126 uint8_t *ptr;
2127 uint32_t val;
2128 unsigned long pd;
2129 PhysPageDesc *p;
2130
2131 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2132 if (!p) {
2133 pd = IO_MEM_UNASSIGNED;
2134 } else {
2135 pd = p->phys_offset;
2136 }
2137
2138 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM) {
2139 /* I/O case */
2140 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2141 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2142 } else {
2143 /* RAM case */
2144 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2145 (addr & ~TARGET_PAGE_MASK);
2146 val = ldl_p(ptr);
2147 }
2148 return val;
2149 }
2150
2151 /* warning: addr must be aligned */
2152 uint64_t ldq_phys(target_phys_addr_t addr)
2153 {
2154 int io_index;
2155 uint8_t *ptr;
2156 uint64_t val;
2157 unsigned long pd;
2158 PhysPageDesc *p;
2159
2160 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2161 if (!p) {
2162 pd = IO_MEM_UNASSIGNED;
2163 } else {
2164 pd = p->phys_offset;
2165 }
2166
2167 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM) {
2168 /* I/O case */
2169 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2170 #ifdef TARGET_WORDS_BIGENDIAN
2171 val = (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr) << 32;
2172 val |= io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4);
2173 #else
2174 val = io_mem_read[io_index][2](io_mem_opaque[io_index], addr);
2175 val |= (uint64_t)io_mem_read[io_index][2](io_mem_opaque[io_index], addr + 4) << 32;
2176 #endif
2177 } else {
2178 /* RAM case */
2179 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2180 (addr & ~TARGET_PAGE_MASK);
2181 val = ldq_p(ptr);
2182 }
2183 return val;
2184 }
2185
2186 /* XXX: optimize */
2187 uint32_t ldub_phys(target_phys_addr_t addr)
2188 {
2189 uint8_t val;
2190 cpu_physical_memory_read(addr, &val, 1);
2191 return val;
2192 }
2193
2194 /* XXX: optimize */
2195 uint32_t lduw_phys(target_phys_addr_t addr)
2196 {
2197 uint16_t val;
2198 cpu_physical_memory_read(addr, (uint8_t *)&val, 2);
2199 return tswap16(val);
2200 }
2201
2202 /* warning: addr must be aligned. The ram page is not masked as dirty
2203 and the code inside is not invalidated. It is useful if the dirty
2204 bits are used to track modified PTEs */
2205 void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
2206 {
2207 int io_index;
2208 uint8_t *ptr;
2209 unsigned long pd;
2210 PhysPageDesc *p;
2211
2212 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2213 if (!p) {
2214 pd = IO_MEM_UNASSIGNED;
2215 } else {
2216 pd = p->phys_offset;
2217 }
2218
2219 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2220 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2221 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2222 } else {
2223 ptr = phys_ram_base + (pd & TARGET_PAGE_MASK) +
2224 (addr & ~TARGET_PAGE_MASK);
2225 stl_p(ptr, val);
2226 }
2227 }
2228
2229 /* warning: addr must be aligned */
2230 void stl_phys(target_phys_addr_t addr, uint32_t val)
2231 {
2232 int io_index;
2233 uint8_t *ptr;
2234 unsigned long pd;
2235 PhysPageDesc *p;
2236
2237 p = phys_page_find(addr >> TARGET_PAGE_BITS);
2238 if (!p) {
2239 pd = IO_MEM_UNASSIGNED;
2240 } else {
2241 pd = p->phys_offset;
2242 }
2243
2244 if ((pd & ~TARGET_PAGE_MASK) != IO_MEM_RAM) {
2245 io_index = (pd >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
2246 io_mem_write[io_index][2](io_mem_opaque[io_index], addr, val);
2247 } else {
2248 unsigned long addr1;
2249 addr1 = (pd & TARGET_PAGE_MASK) + (addr & ~TARGET_PAGE_MASK);
2250 /* RAM case */
2251 ptr = phys_ram_base + addr1;
2252 stl_p(ptr, val);
2253 if (!cpu_physical_memory_is_dirty(addr1)) {
2254 /* invalidate code */
2255 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2256 /* set dirty bit */
2257 phys_ram_dirty[addr1 >> TARGET_PAGE_BITS] |=
2258 (0xff & ~CODE_DIRTY_FLAG);
2259 }
2260 }
2261 }
2262
2263 /* XXX: optimize */
2264 void stb_phys(target_phys_addr_t addr, uint32_t val)
2265 {
2266 uint8_t v = val;
2267 cpu_physical_memory_write(addr, &v, 1);
2268 }
2269
2270 /* XXX: optimize */
2271 void stw_phys(target_phys_addr_t addr, uint32_t val)
2272 {
2273 uint16_t v = tswap16(val);
2274 cpu_physical_memory_write(addr, (const uint8_t *)&v, 2);
2275 }
2276
2277 /* XXX: optimize */
2278 void stq_phys(target_phys_addr_t addr, uint64_t val)
2279 {
2280 val = tswap64(val);
2281 cpu_physical_memory_write(addr, (const uint8_t *)&val, 8);
2282 }
2283
2284 #endif
2285
2286 /* virtual memory access for debug */
2287 int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
2288 uint8_t *buf, int len, int is_write)
2289 {
2290 int l;
2291 target_ulong page, phys_addr;
2292
2293 while (len > 0) {
2294 page = addr & TARGET_PAGE_MASK;
2295 phys_addr = cpu_get_phys_page_debug(env, page);
2296 /* if no physical page mapped, return an error */
2297 if (phys_addr == -1)
2298 return -1;
2299 l = (page + TARGET_PAGE_SIZE) - addr;
2300 if (l > len)
2301 l = len;
2302 cpu_physical_memory_rw(phys_addr + (addr & ~TARGET_PAGE_MASK),
2303 buf, l, is_write);
2304 len -= l;
2305 buf += l;
2306 addr += l;
2307 }
2308 return 0;
2309 }
2310
2311 void dump_exec_info(FILE *f,
2312 int (*cpu_fprintf)(FILE *f, const char *fmt, ...))
2313 {
2314 int i, target_code_size, max_target_code_size;
2315 int direct_jmp_count, direct_jmp2_count, cross_page;
2316 TranslationBlock *tb;
2317
2318 target_code_size = 0;
2319 max_target_code_size = 0;
2320 cross_page = 0;
2321 direct_jmp_count = 0;
2322 direct_jmp2_count = 0;
2323 for(i = 0; i < nb_tbs; i++) {
2324 tb = &tbs[i];
2325 target_code_size += tb->size;
2326 if (tb->size > max_target_code_size)
2327 max_target_code_size = tb->size;
2328 if (tb->page_addr[1] != -1)
2329 cross_page++;
2330 if (tb->tb_next_offset[0] != 0xffff) {
2331 direct_jmp_count++;
2332 if (tb->tb_next_offset[1] != 0xffff) {
2333 direct_jmp2_count++;
2334 }
2335 }
2336 }
2337 /* XXX: avoid using doubles ? */
2338 cpu_fprintf(f, "TB count %d\n", nb_tbs);
2339 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
2340 nb_tbs ? target_code_size / nb_tbs : 0,
2341 max_target_code_size);
2342 cpu_fprintf(f, "TB avg host size %d bytes (expansion ratio: %0.1f)\n",
2343 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
2344 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
2345 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
2346 cross_page,
2347 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
2348 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
2349 direct_jmp_count,
2350 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
2351 direct_jmp2_count,
2352 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
2353 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
2354 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
2355 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
2356 }
2357
2358 #if !defined(CONFIG_USER_ONLY)
2359
2360 #define MMUSUFFIX _cmmu
2361 #define GETPC() NULL
2362 #define env cpu_single_env
2363 #define SOFTMMU_CODE_ACCESS
2364
2365 #define SHIFT 0
2366 #include "softmmu_template.h"
2367
2368 #define SHIFT 1
2369 #include "softmmu_template.h"
2370
2371 #define SHIFT 2
2372 #include "softmmu_template.h"
2373
2374 #define SHIFT 3
2375 #include "softmmu_template.h"
2376
2377 #undef env
2378
2379 #endif
Qemu copy for testing