]> git.proxmox.com Git - qemu.git/blob - exec.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
exec: eliminate io_mem_ram
[qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52
53 //#define DEBUG_UNASSIGNED
54 //#define DEBUG_SUBPAGE
55
56 #if !defined(CONFIG_USER_ONLY)
57 int phys_ram_fd;
58 static int in_migration;
59
60 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
61
62 static MemoryRegion *system_memory;
63 static MemoryRegion *system_io;
64
65 AddressSpace address_space_io;
66 AddressSpace address_space_memory;
67 DMAContext dma_context_memory;
68
69 MemoryRegion io_mem_rom, io_mem_unassigned, io_mem_notdirty;
70 static MemoryRegion io_mem_subpage_ram;
71
72 #endif
73
74 CPUArchState *first_cpu;
75 /* current CPU in the current thread. It is only valid inside
76 cpu_exec() */
77 DEFINE_TLS(CPUArchState *,cpu_single_env);
78 /* 0 = Do not count executed instructions.
79 1 = Precise instruction counting.
80 2 = Adaptive rate instruction counting. */
81 int use_icount;
82
83 #if !defined(CONFIG_USER_ONLY)
84
85 static MemoryRegionSection *phys_sections;
86 static unsigned phys_sections_nb, phys_sections_nb_alloc;
87 static uint16_t phys_section_unassigned;
88 static uint16_t phys_section_notdirty;
89 static uint16_t phys_section_rom;
90 static uint16_t phys_section_watch;
91
92 /* Simple allocator for PhysPageEntry nodes */
93 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
94 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
95
96 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
97
98 static void io_mem_init(void);
99 static void memory_map_init(void);
100 static void *qemu_safe_ram_ptr(ram_addr_t addr);
101
102 static MemoryRegion io_mem_watch;
103 #endif
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 static void phys_map_node_reserve(unsigned nodes)
108 {
109 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
110 typedef PhysPageEntry Node[L2_SIZE];
111 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
112 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
113 phys_map_nodes_nb + nodes);
114 phys_map_nodes = g_renew(Node, phys_map_nodes,
115 phys_map_nodes_nb_alloc);
116 }
117 }
118
119 static uint16_t phys_map_node_alloc(void)
120 {
121 unsigned i;
122 uint16_t ret;
123
124 ret = phys_map_nodes_nb++;
125 assert(ret != PHYS_MAP_NODE_NIL);
126 assert(ret != phys_map_nodes_nb_alloc);
127 for (i = 0; i < L2_SIZE; ++i) {
128 phys_map_nodes[ret][i].is_leaf = 0;
129 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
130 }
131 return ret;
132 }
133
134 static void phys_map_nodes_reset(void)
135 {
136 phys_map_nodes_nb = 0;
137 }
138
139
140 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
141 hwaddr *nb, uint16_t leaf,
142 int level)
143 {
144 PhysPageEntry *p;
145 int i;
146 hwaddr step = (hwaddr)1 << (level * L2_BITS);
147
148 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
149 lp->ptr = phys_map_node_alloc();
150 p = phys_map_nodes[lp->ptr];
151 if (level == 0) {
152 for (i = 0; i < L2_SIZE; i++) {
153 p[i].is_leaf = 1;
154 p[i].ptr = phys_section_unassigned;
155 }
156 }
157 } else {
158 p = phys_map_nodes[lp->ptr];
159 }
160 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
161
162 while (*nb && lp < &p[L2_SIZE]) {
163 if ((*index & (step - 1)) == 0 && *nb >= step) {
164 lp->is_leaf = true;
165 lp->ptr = leaf;
166 *index += step;
167 *nb -= step;
168 } else {
169 phys_page_set_level(lp, index, nb, leaf, level - 1);
170 }
171 ++lp;
172 }
173 }
174
175 static void phys_page_set(AddressSpaceDispatch *d,
176 hwaddr index, hwaddr nb,
177 uint16_t leaf)
178 {
179 /* Wildly overreserve - it doesn't matter much. */
180 phys_map_node_reserve(3 * P_L2_LEVELS);
181
182 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
183 }
184
185 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
186 {
187 PhysPageEntry lp = d->phys_map;
188 PhysPageEntry *p;
189 int i;
190
191 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
192 if (lp.ptr == PHYS_MAP_NODE_NIL) {
193 return &phys_sections[phys_section_unassigned];
194 }
195 p = phys_map_nodes[lp.ptr];
196 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
197 }
198 return &phys_sections[lp.ptr];
199 }
200
201 bool memory_region_is_unassigned(MemoryRegion *mr)
202 {
203 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
204 && mr != &io_mem_watch;
205 }
206 #endif
207
208 void cpu_exec_init_all(void)
209 {
210 #if !defined(CONFIG_USER_ONLY)
211 qemu_mutex_init(&ram_list.mutex);
212 memory_map_init();
213 io_mem_init();
214 #endif
215 }
216
217 #if !defined(CONFIG_USER_ONLY)
218
219 static int cpu_common_post_load(void *opaque, int version_id)
220 {
221 CPUState *cpu = opaque;
222
223 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
224 version_id is increased. */
225 cpu->interrupt_request &= ~0x01;
226 tlb_flush(cpu->env_ptr, 1);
227
228 return 0;
229 }
230
231 static const VMStateDescription vmstate_cpu_common = {
232 .name = "cpu_common",
233 .version_id = 1,
234 .minimum_version_id = 1,
235 .minimum_version_id_old = 1,
236 .post_load = cpu_common_post_load,
237 .fields = (VMStateField []) {
238 VMSTATE_UINT32(halted, CPUState),
239 VMSTATE_UINT32(interrupt_request, CPUState),
240 VMSTATE_END_OF_LIST()
241 }
242 };
243 #else
244 #define vmstate_cpu_common vmstate_dummy
245 #endif
246
247 CPUState *qemu_get_cpu(int index)
248 {
249 CPUArchState *env = first_cpu;
250 CPUState *cpu = NULL;
251
252 while (env) {
253 cpu = ENV_GET_CPU(env);
254 if (cpu->cpu_index == index) {
255 break;
256 }
257 env = env->next_cpu;
258 }
259
260 return env ? cpu : NULL;
261 }
262
263 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
264 {
265 CPUArchState *env = first_cpu;
266
267 while (env) {
268 func(ENV_GET_CPU(env), data);
269 env = env->next_cpu;
270 }
271 }
272
273 void cpu_exec_init(CPUArchState *env)
274 {
275 CPUState *cpu = ENV_GET_CPU(env);
276 CPUClass *cc = CPU_GET_CLASS(cpu);
277 CPUArchState **penv;
278 int cpu_index;
279
280 #if defined(CONFIG_USER_ONLY)
281 cpu_list_lock();
282 #endif
283 env->next_cpu = NULL;
284 penv = &first_cpu;
285 cpu_index = 0;
286 while (*penv != NULL) {
287 penv = &(*penv)->next_cpu;
288 cpu_index++;
289 }
290 cpu->cpu_index = cpu_index;
291 cpu->numa_node = 0;
292 QTAILQ_INIT(&env->breakpoints);
293 QTAILQ_INIT(&env->watchpoints);
294 #ifndef CONFIG_USER_ONLY
295 cpu->thread_id = qemu_get_thread_id();
296 #endif
297 *penv = env;
298 #if defined(CONFIG_USER_ONLY)
299 cpu_list_unlock();
300 #endif
301 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
302 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
303 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
304 cpu_save, cpu_load, env);
305 assert(cc->vmsd == NULL);
306 #endif
307 if (cc->vmsd != NULL) {
308 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
309 }
310 }
311
312 #if defined(TARGET_HAS_ICE)
313 #if defined(CONFIG_USER_ONLY)
314 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
315 {
316 tb_invalidate_phys_page_range(pc, pc + 1, 0);
317 }
318 #else
319 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
320 {
321 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
322 (pc & ~TARGET_PAGE_MASK));
323 }
324 #endif
325 #endif /* TARGET_HAS_ICE */
326
327 #if defined(CONFIG_USER_ONLY)
328 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
329
330 {
331 }
332
333 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
334 int flags, CPUWatchpoint **watchpoint)
335 {
336 return -ENOSYS;
337 }
338 #else
339 /* Add a watchpoint. */
340 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
341 int flags, CPUWatchpoint **watchpoint)
342 {
343 target_ulong len_mask = ~(len - 1);
344 CPUWatchpoint *wp;
345
346 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
347 if ((len & (len - 1)) || (addr & ~len_mask) ||
348 len == 0 || len > TARGET_PAGE_SIZE) {
349 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
350 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
351 return -EINVAL;
352 }
353 wp = g_malloc(sizeof(*wp));
354
355 wp->vaddr = addr;
356 wp->len_mask = len_mask;
357 wp->flags = flags;
358
359 /* keep all GDB-injected watchpoints in front */
360 if (flags & BP_GDB)
361 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
362 else
363 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
364
365 tlb_flush_page(env, addr);
366
367 if (watchpoint)
368 *watchpoint = wp;
369 return 0;
370 }
371
372 /* Remove a specific watchpoint. */
373 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
374 int flags)
375 {
376 target_ulong len_mask = ~(len - 1);
377 CPUWatchpoint *wp;
378
379 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
380 if (addr == wp->vaddr && len_mask == wp->len_mask
381 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
382 cpu_watchpoint_remove_by_ref(env, wp);
383 return 0;
384 }
385 }
386 return -ENOENT;
387 }
388
389 /* Remove a specific watchpoint by reference. */
390 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
391 {
392 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
393
394 tlb_flush_page(env, watchpoint->vaddr);
395
396 g_free(watchpoint);
397 }
398
399 /* Remove all matching watchpoints. */
400 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
401 {
402 CPUWatchpoint *wp, *next;
403
404 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
405 if (wp->flags & mask)
406 cpu_watchpoint_remove_by_ref(env, wp);
407 }
408 }
409 #endif
410
411 /* Add a breakpoint. */
412 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
413 CPUBreakpoint **breakpoint)
414 {
415 #if defined(TARGET_HAS_ICE)
416 CPUBreakpoint *bp;
417
418 bp = g_malloc(sizeof(*bp));
419
420 bp->pc = pc;
421 bp->flags = flags;
422
423 /* keep all GDB-injected breakpoints in front */
424 if (flags & BP_GDB)
425 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
426 else
427 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
428
429 breakpoint_invalidate(env, pc);
430
431 if (breakpoint)
432 *breakpoint = bp;
433 return 0;
434 #else
435 return -ENOSYS;
436 #endif
437 }
438
439 /* Remove a specific breakpoint. */
440 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
441 {
442 #if defined(TARGET_HAS_ICE)
443 CPUBreakpoint *bp;
444
445 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
446 if (bp->pc == pc && bp->flags == flags) {
447 cpu_breakpoint_remove_by_ref(env, bp);
448 return 0;
449 }
450 }
451 return -ENOENT;
452 #else
453 return -ENOSYS;
454 #endif
455 }
456
457 /* Remove a specific breakpoint by reference. */
458 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
459 {
460 #if defined(TARGET_HAS_ICE)
461 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
462
463 breakpoint_invalidate(env, breakpoint->pc);
464
465 g_free(breakpoint);
466 #endif
467 }
468
469 /* Remove all matching breakpoints. */
470 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
471 {
472 #if defined(TARGET_HAS_ICE)
473 CPUBreakpoint *bp, *next;
474
475 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
476 if (bp->flags & mask)
477 cpu_breakpoint_remove_by_ref(env, bp);
478 }
479 #endif
480 }
481
482 /* enable or disable single step mode. EXCP_DEBUG is returned by the
483 CPU loop after each instruction */
484 void cpu_single_step(CPUArchState *env, int enabled)
485 {
486 #if defined(TARGET_HAS_ICE)
487 if (env->singlestep_enabled != enabled) {
488 env->singlestep_enabled = enabled;
489 if (kvm_enabled())
490 kvm_update_guest_debug(env, 0);
491 else {
492 /* must flush all the translated code to avoid inconsistencies */
493 /* XXX: only flush what is necessary */
494 tb_flush(env);
495 }
496 }
497 #endif
498 }
499
500 void cpu_exit(CPUArchState *env)
501 {
502 CPUState *cpu = ENV_GET_CPU(env);
503
504 cpu->exit_request = 1;
505 cpu->tcg_exit_req = 1;
506 }
507
508 void cpu_abort(CPUArchState *env, const char *fmt, ...)
509 {
510 va_list ap;
511 va_list ap2;
512
513 va_start(ap, fmt);
514 va_copy(ap2, ap);
515 fprintf(stderr, "qemu: fatal: ");
516 vfprintf(stderr, fmt, ap);
517 fprintf(stderr, "\n");
518 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
519 if (qemu_log_enabled()) {
520 qemu_log("qemu: fatal: ");
521 qemu_log_vprintf(fmt, ap2);
522 qemu_log("\n");
523 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
524 qemu_log_flush();
525 qemu_log_close();
526 }
527 va_end(ap2);
528 va_end(ap);
529 #if defined(CONFIG_USER_ONLY)
530 {
531 struct sigaction act;
532 sigfillset(&act.sa_mask);
533 act.sa_handler = SIG_DFL;
534 sigaction(SIGABRT, &act, NULL);
535 }
536 #endif
537 abort();
538 }
539
540 CPUArchState *cpu_copy(CPUArchState *env)
541 {
542 CPUArchState *new_env = cpu_init(env->cpu_model_str);
543 CPUArchState *next_cpu = new_env->next_cpu;
544 #if defined(TARGET_HAS_ICE)
545 CPUBreakpoint *bp;
546 CPUWatchpoint *wp;
547 #endif
548
549 memcpy(new_env, env, sizeof(CPUArchState));
550
551 /* Preserve chaining. */
552 new_env->next_cpu = next_cpu;
553
554 /* Clone all break/watchpoints.
555 Note: Once we support ptrace with hw-debug register access, make sure
556 BP_CPU break/watchpoints are handled correctly on clone. */
557 QTAILQ_INIT(&env->breakpoints);
558 QTAILQ_INIT(&env->watchpoints);
559 #if defined(TARGET_HAS_ICE)
560 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
561 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
562 }
563 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
564 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
565 wp->flags, NULL);
566 }
567 #endif
568
569 return new_env;
570 }
571
572 #if !defined(CONFIG_USER_ONLY)
573 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
574 uintptr_t length)
575 {
576 uintptr_t start1;
577
578 /* we modify the TLB cache so that the dirty bit will be set again
579 when accessing the range */
580 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
581 /* Check that we don't span multiple blocks - this breaks the
582 address comparisons below. */
583 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
584 != (end - 1) - start) {
585 abort();
586 }
587 cpu_tlb_reset_dirty_all(start1, length);
588
589 }
590
591 /* Note: start and end must be within the same ram block. */
592 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
593 int dirty_flags)
594 {
595 uintptr_t length;
596
597 start &= TARGET_PAGE_MASK;
598 end = TARGET_PAGE_ALIGN(end);
599
600 length = end - start;
601 if (length == 0)
602 return;
603 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
604
605 if (tcg_enabled()) {
606 tlb_reset_dirty_range_all(start, end, length);
607 }
608 }
609
610 static int cpu_physical_memory_set_dirty_tracking(int enable)
611 {
612 int ret = 0;
613 in_migration = enable;
614 return ret;
615 }
616
617 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
618 MemoryRegionSection *section,
619 target_ulong vaddr,
620 hwaddr paddr,
621 int prot,
622 target_ulong *address)
623 {
624 hwaddr iotlb;
625 CPUWatchpoint *wp;
626
627 if (memory_region_is_ram(section->mr)) {
628 /* Normal RAM. */
629 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
630 + memory_region_section_addr(section, paddr);
631 if (!section->readonly) {
632 iotlb |= phys_section_notdirty;
633 } else {
634 iotlb |= phys_section_rom;
635 }
636 } else {
637 iotlb = section - phys_sections;
638 iotlb += memory_region_section_addr(section, paddr);
639 }
640
641 /* Make accesses to pages with watchpoints go via the
642 watchpoint trap routines. */
643 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
644 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
645 /* Avoid trapping reads of pages with a write breakpoint. */
646 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
647 iotlb = phys_section_watch + paddr;
648 *address |= TLB_MMIO;
649 break;
650 }
651 }
652 }
653
654 return iotlb;
655 }
656 #endif /* defined(CONFIG_USER_ONLY) */
657
658 #if !defined(CONFIG_USER_ONLY)
659
660 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
661 typedef struct subpage_t {
662 MemoryRegion iomem;
663 hwaddr base;
664 uint16_t sub_section[TARGET_PAGE_SIZE];
665 } subpage_t;
666
667 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
668 uint16_t section);
669 static subpage_t *subpage_init(hwaddr base);
670 static void destroy_page_desc(uint16_t section_index)
671 {
672 MemoryRegionSection *section = &phys_sections[section_index];
673 MemoryRegion *mr = section->mr;
674
675 if (mr->subpage) {
676 subpage_t *subpage = container_of(mr, subpage_t, iomem);
677 memory_region_destroy(&subpage->iomem);
678 g_free(subpage);
679 }
680 }
681
682 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
683 {
684 unsigned i;
685 PhysPageEntry *p;
686
687 if (lp->ptr == PHYS_MAP_NODE_NIL) {
688 return;
689 }
690
691 p = phys_map_nodes[lp->ptr];
692 for (i = 0; i < L2_SIZE; ++i) {
693 if (!p[i].is_leaf) {
694 destroy_l2_mapping(&p[i], level - 1);
695 } else {
696 destroy_page_desc(p[i].ptr);
697 }
698 }
699 lp->is_leaf = 0;
700 lp->ptr = PHYS_MAP_NODE_NIL;
701 }
702
703 static void destroy_all_mappings(AddressSpaceDispatch *d)
704 {
705 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
706 phys_map_nodes_reset();
707 }
708
709 static uint16_t phys_section_add(MemoryRegionSection *section)
710 {
711 /* The physical section number is ORed with a page-aligned
712 * pointer to produce the iotlb entries. Thus it should
713 * never overflow into the page-aligned value.
714 */
715 assert(phys_sections_nb < TARGET_PAGE_SIZE);
716
717 if (phys_sections_nb == phys_sections_nb_alloc) {
718 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
719 phys_sections = g_renew(MemoryRegionSection, phys_sections,
720 phys_sections_nb_alloc);
721 }
722 phys_sections[phys_sections_nb] = *section;
723 return phys_sections_nb++;
724 }
725
726 static void phys_sections_clear(void)
727 {
728 phys_sections_nb = 0;
729 }
730
731 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
732 {
733 subpage_t *subpage;
734 hwaddr base = section->offset_within_address_space
735 & TARGET_PAGE_MASK;
736 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
737 MemoryRegionSection subsection = {
738 .offset_within_address_space = base,
739 .size = TARGET_PAGE_SIZE,
740 };
741 hwaddr start, end;
742
743 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
744
745 if (!(existing->mr->subpage)) {
746 subpage = subpage_init(base);
747 subsection.mr = &subpage->iomem;
748 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
749 phys_section_add(&subsection));
750 } else {
751 subpage = container_of(existing->mr, subpage_t, iomem);
752 }
753 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
754 end = start + section->size - 1;
755 subpage_register(subpage, start, end, phys_section_add(section));
756 }
757
758
759 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
760 {
761 hwaddr start_addr = section->offset_within_address_space;
762 ram_addr_t size = section->size;
763 hwaddr addr;
764 uint16_t section_index = phys_section_add(section);
765
766 assert(size);
767
768 addr = start_addr;
769 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
770 section_index);
771 }
772
773 QEMU_BUILD_BUG_ON(TARGET_PHYS_ADDR_SPACE_BITS > MAX_PHYS_ADDR_SPACE_BITS)
774
775 static MemoryRegionSection limit(MemoryRegionSection section)
776 {
777 section.size = MIN(section.offset_within_address_space + section.size,
778 MAX_PHYS_ADDR + 1)
779 - section.offset_within_address_space;
780
781 return section;
782 }
783
784 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
785 {
786 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
787 MemoryRegionSection now = limit(*section), remain = limit(*section);
788
789 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
790 || (now.size < TARGET_PAGE_SIZE)) {
791 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
792 - now.offset_within_address_space,
793 now.size);
794 register_subpage(d, &now);
795 remain.size -= now.size;
796 remain.offset_within_address_space += now.size;
797 remain.offset_within_region += now.size;
798 }
799 while (remain.size >= TARGET_PAGE_SIZE) {
800 now = remain;
801 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
802 now.size = TARGET_PAGE_SIZE;
803 register_subpage(d, &now);
804 } else {
805 now.size &= TARGET_PAGE_MASK;
806 register_multipage(d, &now);
807 }
808 remain.size -= now.size;
809 remain.offset_within_address_space += now.size;
810 remain.offset_within_region += now.size;
811 }
812 now = remain;
813 if (now.size) {
814 register_subpage(d, &now);
815 }
816 }
817
818 void qemu_flush_coalesced_mmio_buffer(void)
819 {
820 if (kvm_enabled())
821 kvm_flush_coalesced_mmio_buffer();
822 }
823
824 void qemu_mutex_lock_ramlist(void)
825 {
826 qemu_mutex_lock(&ram_list.mutex);
827 }
828
829 void qemu_mutex_unlock_ramlist(void)
830 {
831 qemu_mutex_unlock(&ram_list.mutex);
832 }
833
834 #if defined(__linux__) && !defined(TARGET_S390X)
835
836 #include <sys/vfs.h>
837
838 #define HUGETLBFS_MAGIC 0x958458f6
839
840 static long gethugepagesize(const char *path)
841 {
842 struct statfs fs;
843 int ret;
844
845 do {
846 ret = statfs(path, &fs);
847 } while (ret != 0 && errno == EINTR);
848
849 if (ret != 0) {
850 perror(path);
851 return 0;
852 }
853
854 if (fs.f_type != HUGETLBFS_MAGIC)
855 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
856
857 return fs.f_bsize;
858 }
859
860 static void *file_ram_alloc(RAMBlock *block,
861 ram_addr_t memory,
862 const char *path)
863 {
864 char *filename;
865 char *sanitized_name;
866 char *c;
867 void *area;
868 int fd;
869 #ifdef MAP_POPULATE
870 int flags;
871 #endif
872 unsigned long hpagesize;
873
874 hpagesize = gethugepagesize(path);
875 if (!hpagesize) {
876 return NULL;
877 }
878
879 if (memory < hpagesize) {
880 return NULL;
881 }
882
883 if (kvm_enabled() && !kvm_has_sync_mmu()) {
884 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
885 return NULL;
886 }
887
888 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
889 sanitized_name = g_strdup(block->mr->name);
890 for (c = sanitized_name; *c != '\0'; c++) {
891 if (*c == '/')
892 *c = '_';
893 }
894
895 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
896 sanitized_name);
897 g_free(sanitized_name);
898
899 fd = mkstemp(filename);
900 if (fd < 0) {
901 perror("unable to create backing store for hugepages");
902 g_free(filename);
903 return NULL;
904 }
905 unlink(filename);
906 g_free(filename);
907
908 memory = (memory+hpagesize-1) & ~(hpagesize-1);
909
910 /*
911 * ftruncate is not supported by hugetlbfs in older
912 * hosts, so don't bother bailing out on errors.
913 * If anything goes wrong with it under other filesystems,
914 * mmap will fail.
915 */
916 if (ftruncate(fd, memory))
917 perror("ftruncate");
918
919 #ifdef MAP_POPULATE
920 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
921 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
922 * to sidestep this quirk.
923 */
924 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
925 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
926 #else
927 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
928 #endif
929 if (area == MAP_FAILED) {
930 perror("file_ram_alloc: can't mmap RAM pages");
931 close(fd);
932 return (NULL);
933 }
934 block->fd = fd;
935 return area;
936 }
937 #endif
938
939 static ram_addr_t find_ram_offset(ram_addr_t size)
940 {
941 RAMBlock *block, *next_block;
942 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
943
944 assert(size != 0); /* it would hand out same offset multiple times */
945
946 if (QTAILQ_EMPTY(&ram_list.blocks))
947 return 0;
948
949 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
950 ram_addr_t end, next = RAM_ADDR_MAX;
951
952 end = block->offset + block->length;
953
954 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
955 if (next_block->offset >= end) {
956 next = MIN(next, next_block->offset);
957 }
958 }
959 if (next - end >= size && next - end < mingap) {
960 offset = end;
961 mingap = next - end;
962 }
963 }
964
965 if (offset == RAM_ADDR_MAX) {
966 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
967 (uint64_t)size);
968 abort();
969 }
970
971 return offset;
972 }
973
974 ram_addr_t last_ram_offset(void)
975 {
976 RAMBlock *block;
977 ram_addr_t last = 0;
978
979 QTAILQ_FOREACH(block, &ram_list.blocks, next)
980 last = MAX(last, block->offset + block->length);
981
982 return last;
983 }
984
985 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
986 {
987 int ret;
988 QemuOpts *machine_opts;
989
990 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
991 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
992 if (machine_opts &&
993 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
994 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
995 if (ret) {
996 perror("qemu_madvise");
997 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
998 "but dump_guest_core=off specified\n");
999 }
1000 }
1001 }
1002
1003 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1004 {
1005 RAMBlock *new_block, *block;
1006
1007 new_block = NULL;
1008 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1009 if (block->offset == addr) {
1010 new_block = block;
1011 break;
1012 }
1013 }
1014 assert(new_block);
1015 assert(!new_block->idstr[0]);
1016
1017 if (dev) {
1018 char *id = qdev_get_dev_path(dev);
1019 if (id) {
1020 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1021 g_free(id);
1022 }
1023 }
1024 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1025
1026 /* This assumes the iothread lock is taken here too. */
1027 qemu_mutex_lock_ramlist();
1028 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1029 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1030 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1031 new_block->idstr);
1032 abort();
1033 }
1034 }
1035 qemu_mutex_unlock_ramlist();
1036 }
1037
1038 static int memory_try_enable_merging(void *addr, size_t len)
1039 {
1040 QemuOpts *opts;
1041
1042 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1043 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1044 /* disabled by the user */
1045 return 0;
1046 }
1047
1048 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1049 }
1050
1051 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1052 MemoryRegion *mr)
1053 {
1054 RAMBlock *block, *new_block;
1055
1056 size = TARGET_PAGE_ALIGN(size);
1057 new_block = g_malloc0(sizeof(*new_block));
1058
1059 /* This assumes the iothread lock is taken here too. */
1060 qemu_mutex_lock_ramlist();
1061 new_block->mr = mr;
1062 new_block->offset = find_ram_offset(size);
1063 if (host) {
1064 new_block->host = host;
1065 new_block->flags |= RAM_PREALLOC_MASK;
1066 } else {
1067 if (mem_path) {
1068 #if defined (__linux__) && !defined(TARGET_S390X)
1069 new_block->host = file_ram_alloc(new_block, size, mem_path);
1070 if (!new_block->host) {
1071 new_block->host = qemu_anon_ram_alloc(size);
1072 memory_try_enable_merging(new_block->host, size);
1073 }
1074 #else
1075 fprintf(stderr, "-mem-path option unsupported\n");
1076 exit(1);
1077 #endif
1078 } else {
1079 if (xen_enabled()) {
1080 xen_ram_alloc(new_block->offset, size, mr);
1081 } else if (kvm_enabled()) {
1082 /* some s390/kvm configurations have special constraints */
1083 new_block->host = kvm_ram_alloc(size);
1084 } else {
1085 new_block->host = qemu_anon_ram_alloc(size);
1086 }
1087 memory_try_enable_merging(new_block->host, size);
1088 }
1089 }
1090 new_block->length = size;
1091
1092 /* Keep the list sorted from biggest to smallest block. */
1093 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1094 if (block->length < new_block->length) {
1095 break;
1096 }
1097 }
1098 if (block) {
1099 QTAILQ_INSERT_BEFORE(block, new_block, next);
1100 } else {
1101 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1102 }
1103 ram_list.mru_block = NULL;
1104
1105 ram_list.version++;
1106 qemu_mutex_unlock_ramlist();
1107
1108 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1109 last_ram_offset() >> TARGET_PAGE_BITS);
1110 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1111 0, size >> TARGET_PAGE_BITS);
1112 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1113
1114 qemu_ram_setup_dump(new_block->host, size);
1115 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1116
1117 if (kvm_enabled())
1118 kvm_setup_guest_memory(new_block->host, size);
1119
1120 return new_block->offset;
1121 }
1122
1123 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1124 {
1125 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1126 }
1127
1128 void qemu_ram_free_from_ptr(ram_addr_t addr)
1129 {
1130 RAMBlock *block;
1131
1132 /* This assumes the iothread lock is taken here too. */
1133 qemu_mutex_lock_ramlist();
1134 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1135 if (addr == block->offset) {
1136 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1137 ram_list.mru_block = NULL;
1138 ram_list.version++;
1139 g_free(block);
1140 break;
1141 }
1142 }
1143 qemu_mutex_unlock_ramlist();
1144 }
1145
1146 void qemu_ram_free(ram_addr_t addr)
1147 {
1148 RAMBlock *block;
1149
1150 /* This assumes the iothread lock is taken here too. */
1151 qemu_mutex_lock_ramlist();
1152 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1153 if (addr == block->offset) {
1154 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1155 ram_list.mru_block = NULL;
1156 ram_list.version++;
1157 if (block->flags & RAM_PREALLOC_MASK) {
1158 ;
1159 } else if (mem_path) {
1160 #if defined (__linux__) && !defined(TARGET_S390X)
1161 if (block->fd) {
1162 munmap(block->host, block->length);
1163 close(block->fd);
1164 } else {
1165 qemu_anon_ram_free(block->host, block->length);
1166 }
1167 #else
1168 abort();
1169 #endif
1170 } else {
1171 if (xen_enabled()) {
1172 xen_invalidate_map_cache_entry(block->host);
1173 } else {
1174 qemu_anon_ram_free(block->host, block->length);
1175 }
1176 }
1177 g_free(block);
1178 break;
1179 }
1180 }
1181 qemu_mutex_unlock_ramlist();
1182
1183 }
1184
1185 #ifndef _WIN32
1186 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1187 {
1188 RAMBlock *block;
1189 ram_addr_t offset;
1190 int flags;
1191 void *area, *vaddr;
1192
1193 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1194 offset = addr - block->offset;
1195 if (offset < block->length) {
1196 vaddr = block->host + offset;
1197 if (block->flags & RAM_PREALLOC_MASK) {
1198 ;
1199 } else {
1200 flags = MAP_FIXED;
1201 munmap(vaddr, length);
1202 if (mem_path) {
1203 #if defined(__linux__) && !defined(TARGET_S390X)
1204 if (block->fd) {
1205 #ifdef MAP_POPULATE
1206 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1207 MAP_PRIVATE;
1208 #else
1209 flags |= MAP_PRIVATE;
1210 #endif
1211 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1212 flags, block->fd, offset);
1213 } else {
1214 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1215 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1216 flags, -1, 0);
1217 }
1218 #else
1219 abort();
1220 #endif
1221 } else {
1222 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1223 flags |= MAP_SHARED | MAP_ANONYMOUS;
1224 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1225 flags, -1, 0);
1226 #else
1227 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1228 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1229 flags, -1, 0);
1230 #endif
1231 }
1232 if (area != vaddr) {
1233 fprintf(stderr, "Could not remap addr: "
1234 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1235 length, addr);
1236 exit(1);
1237 }
1238 memory_try_enable_merging(vaddr, length);
1239 qemu_ram_setup_dump(vaddr, length);
1240 }
1241 return;
1242 }
1243 }
1244 }
1245 #endif /* !_WIN32 */
1246
1247 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1248 With the exception of the softmmu code in this file, this should
1249 only be used for local memory (e.g. video ram) that the device owns,
1250 and knows it isn't going to access beyond the end of the block.
1251
1252 It should not be used for general purpose DMA.
1253 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1254 */
1255 void *qemu_get_ram_ptr(ram_addr_t addr)
1256 {
1257 RAMBlock *block;
1258
1259 /* The list is protected by the iothread lock here. */
1260 block = ram_list.mru_block;
1261 if (block && addr - block->offset < block->length) {
1262 goto found;
1263 }
1264 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1265 if (addr - block->offset < block->length) {
1266 goto found;
1267 }
1268 }
1269
1270 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1271 abort();
1272
1273 found:
1274 ram_list.mru_block = block;
1275 if (xen_enabled()) {
1276 /* We need to check if the requested address is in the RAM
1277 * because we don't want to map the entire memory in QEMU.
1278 * In that case just map until the end of the page.
1279 */
1280 if (block->offset == 0) {
1281 return xen_map_cache(addr, 0, 0);
1282 } else if (block->host == NULL) {
1283 block->host =
1284 xen_map_cache(block->offset, block->length, 1);
1285 }
1286 }
1287 return block->host + (addr - block->offset);
1288 }
1289
1290 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1291 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1292 *
1293 * ??? Is this still necessary?
1294 */
1295 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1296 {
1297 RAMBlock *block;
1298
1299 /* The list is protected by the iothread lock here. */
1300 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1301 if (addr - block->offset < block->length) {
1302 if (xen_enabled()) {
1303 /* We need to check if the requested address is in the RAM
1304 * because we don't want to map the entire memory in QEMU.
1305 * In that case just map until the end of the page.
1306 */
1307 if (block->offset == 0) {
1308 return xen_map_cache(addr, 0, 0);
1309 } else if (block->host == NULL) {
1310 block->host =
1311 xen_map_cache(block->offset, block->length, 1);
1312 }
1313 }
1314 return block->host + (addr - block->offset);
1315 }
1316 }
1317
1318 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1319 abort();
1320
1321 return NULL;
1322 }
1323
1324 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1325 * but takes a size argument */
1326 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1327 {
1328 if (*size == 0) {
1329 return NULL;
1330 }
1331 if (xen_enabled()) {
1332 return xen_map_cache(addr, *size, 1);
1333 } else {
1334 RAMBlock *block;
1335
1336 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1337 if (addr - block->offset < block->length) {
1338 if (addr - block->offset + *size > block->length)
1339 *size = block->length - addr + block->offset;
1340 return block->host + (addr - block->offset);
1341 }
1342 }
1343
1344 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1345 abort();
1346 }
1347 }
1348
1349 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1350 {
1351 RAMBlock *block;
1352 uint8_t *host = ptr;
1353
1354 if (xen_enabled()) {
1355 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1356 return 0;
1357 }
1358
1359 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1360 /* This case append when the block is not mapped. */
1361 if (block->host == NULL) {
1362 continue;
1363 }
1364 if (host - block->host < block->length) {
1365 *ram_addr = block->offset + (host - block->host);
1366 return 0;
1367 }
1368 }
1369
1370 return -1;
1371 }
1372
1373 /* Some of the softmmu routines need to translate from a host pointer
1374 (typically a TLB entry) back to a ram offset. */
1375 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1376 {
1377 ram_addr_t ram_addr;
1378
1379 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1380 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1381 abort();
1382 }
1383 return ram_addr;
1384 }
1385
1386 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
1387 unsigned size)
1388 {
1389 #ifdef DEBUG_UNASSIGNED
1390 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
1391 #endif
1392 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1393 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
1394 #endif
1395 return 0;
1396 }
1397
1398 static void unassigned_mem_write(void *opaque, hwaddr addr,
1399 uint64_t val, unsigned size)
1400 {
1401 #ifdef DEBUG_UNASSIGNED
1402 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
1403 #endif
1404 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
1405 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
1406 #endif
1407 }
1408
1409 static const MemoryRegionOps unassigned_mem_ops = {
1410 .read = unassigned_mem_read,
1411 .write = unassigned_mem_write,
1412 .endianness = DEVICE_NATIVE_ENDIAN,
1413 };
1414
1415 static uint64_t error_mem_read(void *opaque, hwaddr addr,
1416 unsigned size)
1417 {
1418 abort();
1419 }
1420
1421 static const MemoryRegionOps rom_mem_ops = {
1422 .read = error_mem_read,
1423 .write = unassigned_mem_write,
1424 .endianness = DEVICE_NATIVE_ENDIAN,
1425 };
1426
1427 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1428 uint64_t val, unsigned size)
1429 {
1430 int dirty_flags;
1431 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1432 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1433 #if !defined(CONFIG_USER_ONLY)
1434 tb_invalidate_phys_page_fast(ram_addr, size);
1435 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1436 #endif
1437 }
1438 switch (size) {
1439 case 1:
1440 stb_p(qemu_get_ram_ptr(ram_addr), val);
1441 break;
1442 case 2:
1443 stw_p(qemu_get_ram_ptr(ram_addr), val);
1444 break;
1445 case 4:
1446 stl_p(qemu_get_ram_ptr(ram_addr), val);
1447 break;
1448 default:
1449 abort();
1450 }
1451 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1452 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1453 /* we remove the notdirty callback only if the code has been
1454 flushed */
1455 if (dirty_flags == 0xff)
1456 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1457 }
1458
1459 static const MemoryRegionOps notdirty_mem_ops = {
1460 .read = error_mem_read,
1461 .write = notdirty_mem_write,
1462 .endianness = DEVICE_NATIVE_ENDIAN,
1463 };
1464
1465 /* Generate a debug exception if a watchpoint has been hit. */
1466 static void check_watchpoint(int offset, int len_mask, int flags)
1467 {
1468 CPUArchState *env = cpu_single_env;
1469 target_ulong pc, cs_base;
1470 target_ulong vaddr;
1471 CPUWatchpoint *wp;
1472 int cpu_flags;
1473
1474 if (env->watchpoint_hit) {
1475 /* We re-entered the check after replacing the TB. Now raise
1476 * the debug interrupt so that is will trigger after the
1477 * current instruction. */
1478 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1479 return;
1480 }
1481 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1482 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1483 if ((vaddr == (wp->vaddr & len_mask) ||
1484 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1485 wp->flags |= BP_WATCHPOINT_HIT;
1486 if (!env->watchpoint_hit) {
1487 env->watchpoint_hit = wp;
1488 tb_check_watchpoint(env);
1489 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1490 env->exception_index = EXCP_DEBUG;
1491 cpu_loop_exit(env);
1492 } else {
1493 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1494 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1495 cpu_resume_from_signal(env, NULL);
1496 }
1497 }
1498 } else {
1499 wp->flags &= ~BP_WATCHPOINT_HIT;
1500 }
1501 }
1502 }
1503
1504 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1505 so these check for a hit then pass through to the normal out-of-line
1506 phys routines. */
1507 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1508 unsigned size)
1509 {
1510 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1511 switch (size) {
1512 case 1: return ldub_phys(addr);
1513 case 2: return lduw_phys(addr);
1514 case 4: return ldl_phys(addr);
1515 default: abort();
1516 }
1517 }
1518
1519 static void watch_mem_write(void *opaque, hwaddr addr,
1520 uint64_t val, unsigned size)
1521 {
1522 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1523 switch (size) {
1524 case 1:
1525 stb_phys(addr, val);
1526 break;
1527 case 2:
1528 stw_phys(addr, val);
1529 break;
1530 case 4:
1531 stl_phys(addr, val);
1532 break;
1533 default: abort();
1534 }
1535 }
1536
1537 static const MemoryRegionOps watch_mem_ops = {
1538 .read = watch_mem_read,
1539 .write = watch_mem_write,
1540 .endianness = DEVICE_NATIVE_ENDIAN,
1541 };
1542
1543 static uint64_t subpage_read(void *opaque, hwaddr addr,
1544 unsigned len)
1545 {
1546 subpage_t *mmio = opaque;
1547 unsigned int idx = SUBPAGE_IDX(addr);
1548 MemoryRegionSection *section;
1549 #if defined(DEBUG_SUBPAGE)
1550 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
1551 mmio, len, addr, idx);
1552 #endif
1553
1554 section = &phys_sections[mmio->sub_section[idx]];
1555 addr += mmio->base;
1556 addr -= section->offset_within_address_space;
1557 addr += section->offset_within_region;
1558 return io_mem_read(section->mr, addr, len);
1559 }
1560
1561 static void subpage_write(void *opaque, hwaddr addr,
1562 uint64_t value, unsigned len)
1563 {
1564 subpage_t *mmio = opaque;
1565 unsigned int idx = SUBPAGE_IDX(addr);
1566 MemoryRegionSection *section;
1567 #if defined(DEBUG_SUBPAGE)
1568 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1569 " idx %d value %"PRIx64"\n",
1570 __func__, mmio, len, addr, idx, value);
1571 #endif
1572
1573 section = &phys_sections[mmio->sub_section[idx]];
1574 addr += mmio->base;
1575 addr -= section->offset_within_address_space;
1576 addr += section->offset_within_region;
1577 io_mem_write(section->mr, addr, value, len);
1578 }
1579
1580 static const MemoryRegionOps subpage_ops = {
1581 .read = subpage_read,
1582 .write = subpage_write,
1583 .endianness = DEVICE_NATIVE_ENDIAN,
1584 };
1585
1586 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
1587 unsigned size)
1588 {
1589 ram_addr_t raddr = addr;
1590 void *ptr = qemu_get_ram_ptr(raddr);
1591 switch (size) {
1592 case 1: return ldub_p(ptr);
1593 case 2: return lduw_p(ptr);
1594 case 4: return ldl_p(ptr);
1595 default: abort();
1596 }
1597 }
1598
1599 static void subpage_ram_write(void *opaque, hwaddr addr,
1600 uint64_t value, unsigned size)
1601 {
1602 ram_addr_t raddr = addr;
1603 void *ptr = qemu_get_ram_ptr(raddr);
1604 switch (size) {
1605 case 1: return stb_p(ptr, value);
1606 case 2: return stw_p(ptr, value);
1607 case 4: return stl_p(ptr, value);
1608 default: abort();
1609 }
1610 }
1611
1612 static const MemoryRegionOps subpage_ram_ops = {
1613 .read = subpage_ram_read,
1614 .write = subpage_ram_write,
1615 .endianness = DEVICE_NATIVE_ENDIAN,
1616 };
1617
1618 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1619 uint16_t section)
1620 {
1621 int idx, eidx;
1622
1623 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1624 return -1;
1625 idx = SUBPAGE_IDX(start);
1626 eidx = SUBPAGE_IDX(end);
1627 #if defined(DEBUG_SUBPAGE)
1628 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1629 mmio, start, end, idx, eidx, memory);
1630 #endif
1631 if (memory_region_is_ram(phys_sections[section].mr)) {
1632 MemoryRegionSection new_section = phys_sections[section];
1633 new_section.mr = &io_mem_subpage_ram;
1634 section = phys_section_add(&new_section);
1635 }
1636 for (; idx <= eidx; idx++) {
1637 mmio->sub_section[idx] = section;
1638 }
1639
1640 return 0;
1641 }
1642
1643 static subpage_t *subpage_init(hwaddr base)
1644 {
1645 subpage_t *mmio;
1646
1647 mmio = g_malloc0(sizeof(subpage_t));
1648
1649 mmio->base = base;
1650 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1651 "subpage", TARGET_PAGE_SIZE);
1652 mmio->iomem.subpage = true;
1653 #if defined(DEBUG_SUBPAGE)
1654 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1655 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1656 #endif
1657 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1658
1659 return mmio;
1660 }
1661
1662 static uint16_t dummy_section(MemoryRegion *mr)
1663 {
1664 MemoryRegionSection section = {
1665 .mr = mr,
1666 .offset_within_address_space = 0,
1667 .offset_within_region = 0,
1668 .size = UINT64_MAX,
1669 };
1670
1671 return phys_section_add(&section);
1672 }
1673
1674 MemoryRegion *iotlb_to_region(hwaddr index)
1675 {
1676 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1677 }
1678
1679 static void io_mem_init(void)
1680 {
1681 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
1682 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1683 "unassigned", UINT64_MAX);
1684 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1685 "notdirty", UINT64_MAX);
1686 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
1687 "subpage-ram", UINT64_MAX);
1688 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1689 "watch", UINT64_MAX);
1690 }
1691
1692 static void mem_begin(MemoryListener *listener)
1693 {
1694 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1695
1696 destroy_all_mappings(d);
1697 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1698 }
1699
1700 static void core_begin(MemoryListener *listener)
1701 {
1702 phys_sections_clear();
1703 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1704 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1705 phys_section_rom = dummy_section(&io_mem_rom);
1706 phys_section_watch = dummy_section(&io_mem_watch);
1707 }
1708
1709 static void tcg_commit(MemoryListener *listener)
1710 {
1711 CPUArchState *env;
1712
1713 /* since each CPU stores ram addresses in its TLB cache, we must
1714 reset the modified entries */
1715 /* XXX: slow ! */
1716 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1717 tlb_flush(env, 1);
1718 }
1719 }
1720
1721 static void core_log_global_start(MemoryListener *listener)
1722 {
1723 cpu_physical_memory_set_dirty_tracking(1);
1724 }
1725
1726 static void core_log_global_stop(MemoryListener *listener)
1727 {
1728 cpu_physical_memory_set_dirty_tracking(0);
1729 }
1730
1731 static void io_region_add(MemoryListener *listener,
1732 MemoryRegionSection *section)
1733 {
1734 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1735
1736 mrio->mr = section->mr;
1737 mrio->offset = section->offset_within_region;
1738 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1739 section->offset_within_address_space, section->size);
1740 ioport_register(&mrio->iorange);
1741 }
1742
1743 static void io_region_del(MemoryListener *listener,
1744 MemoryRegionSection *section)
1745 {
1746 isa_unassign_ioport(section->offset_within_address_space, section->size);
1747 }
1748
1749 static MemoryListener core_memory_listener = {
1750 .begin = core_begin,
1751 .log_global_start = core_log_global_start,
1752 .log_global_stop = core_log_global_stop,
1753 .priority = 1,
1754 };
1755
1756 static MemoryListener io_memory_listener = {
1757 .region_add = io_region_add,
1758 .region_del = io_region_del,
1759 .priority = 0,
1760 };
1761
1762 static MemoryListener tcg_memory_listener = {
1763 .commit = tcg_commit,
1764 };
1765
1766 void address_space_init_dispatch(AddressSpace *as)
1767 {
1768 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1769
1770 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1771 d->listener = (MemoryListener) {
1772 .begin = mem_begin,
1773 .region_add = mem_add,
1774 .region_nop = mem_add,
1775 .priority = 0,
1776 };
1777 as->dispatch = d;
1778 memory_listener_register(&d->listener, as);
1779 }
1780
1781 void address_space_destroy_dispatch(AddressSpace *as)
1782 {
1783 AddressSpaceDispatch *d = as->dispatch;
1784
1785 memory_listener_unregister(&d->listener);
1786 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1787 g_free(d);
1788 as->dispatch = NULL;
1789 }
1790
1791 static void memory_map_init(void)
1792 {
1793 system_memory = g_malloc(sizeof(*system_memory));
1794 memory_region_init(system_memory, "system", INT64_MAX);
1795 address_space_init(&address_space_memory, system_memory);
1796 address_space_memory.name = "memory";
1797
1798 system_io = g_malloc(sizeof(*system_io));
1799 memory_region_init(system_io, "io", 65536);
1800 address_space_init(&address_space_io, system_io);
1801 address_space_io.name = "I/O";
1802
1803 memory_listener_register(&core_memory_listener, &address_space_memory);
1804 memory_listener_register(&io_memory_listener, &address_space_io);
1805 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1806
1807 dma_context_init(&dma_context_memory, &address_space_memory,
1808 NULL, NULL, NULL);
1809 }
1810
1811 MemoryRegion *get_system_memory(void)
1812 {
1813 return system_memory;
1814 }
1815
1816 MemoryRegion *get_system_io(void)
1817 {
1818 return system_io;
1819 }
1820
1821 #endif /* !defined(CONFIG_USER_ONLY) */
1822
1823 /* physical memory access (slow version, mainly for debug) */
1824 #if defined(CONFIG_USER_ONLY)
1825 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1826 uint8_t *buf, int len, int is_write)
1827 {
1828 int l, flags;
1829 target_ulong page;
1830 void * p;
1831
1832 while (len > 0) {
1833 page = addr & TARGET_PAGE_MASK;
1834 l = (page + TARGET_PAGE_SIZE) - addr;
1835 if (l > len)
1836 l = len;
1837 flags = page_get_flags(page);
1838 if (!(flags & PAGE_VALID))
1839 return -1;
1840 if (is_write) {
1841 if (!(flags & PAGE_WRITE))
1842 return -1;
1843 /* XXX: this code should not depend on lock_user */
1844 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1845 return -1;
1846 memcpy(p, buf, l);
1847 unlock_user(p, addr, l);
1848 } else {
1849 if (!(flags & PAGE_READ))
1850 return -1;
1851 /* XXX: this code should not depend on lock_user */
1852 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1853 return -1;
1854 memcpy(buf, p, l);
1855 unlock_user(p, addr, 0);
1856 }
1857 len -= l;
1858 buf += l;
1859 addr += l;
1860 }
1861 return 0;
1862 }
1863
1864 #else
1865
1866 static void invalidate_and_set_dirty(hwaddr addr,
1867 hwaddr length)
1868 {
1869 if (!cpu_physical_memory_is_dirty(addr)) {
1870 /* invalidate code */
1871 tb_invalidate_phys_page_range(addr, addr + length, 0);
1872 /* set dirty bit */
1873 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1874 }
1875 xen_modified_memory(addr, length);
1876 }
1877
1878 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1879 int len, bool is_write)
1880 {
1881 AddressSpaceDispatch *d = as->dispatch;
1882 int l;
1883 uint8_t *ptr;
1884 uint32_t val;
1885 hwaddr page;
1886 MemoryRegionSection *section;
1887
1888 while (len > 0) {
1889 page = addr & TARGET_PAGE_MASK;
1890 l = (page + TARGET_PAGE_SIZE) - addr;
1891 if (l > len)
1892 l = len;
1893 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
1894
1895 if (is_write) {
1896 if (!memory_region_is_ram(section->mr)) {
1897 hwaddr addr1;
1898 addr1 = memory_region_section_addr(section, addr);
1899 /* XXX: could force cpu_single_env to NULL to avoid
1900 potential bugs */
1901 if (l >= 4 && ((addr1 & 3) == 0)) {
1902 /* 32 bit write access */
1903 val = ldl_p(buf);
1904 io_mem_write(section->mr, addr1, val, 4);
1905 l = 4;
1906 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1907 /* 16 bit write access */
1908 val = lduw_p(buf);
1909 io_mem_write(section->mr, addr1, val, 2);
1910 l = 2;
1911 } else {
1912 /* 8 bit write access */
1913 val = ldub_p(buf);
1914 io_mem_write(section->mr, addr1, val, 1);
1915 l = 1;
1916 }
1917 } else if (!section->readonly) {
1918 ram_addr_t addr1;
1919 addr1 = memory_region_get_ram_addr(section->mr)
1920 + memory_region_section_addr(section, addr);
1921 /* RAM case */
1922 ptr = qemu_get_ram_ptr(addr1);
1923 memcpy(ptr, buf, l);
1924 invalidate_and_set_dirty(addr1, l);
1925 }
1926 } else {
1927 if (!(memory_region_is_ram(section->mr) ||
1928 memory_region_is_romd(section->mr))) {
1929 hwaddr addr1;
1930 /* I/O case */
1931 addr1 = memory_region_section_addr(section, addr);
1932 if (l >= 4 && ((addr1 & 3) == 0)) {
1933 /* 32 bit read access */
1934 val = io_mem_read(section->mr, addr1, 4);
1935 stl_p(buf, val);
1936 l = 4;
1937 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1938 /* 16 bit read access */
1939 val = io_mem_read(section->mr, addr1, 2);
1940 stw_p(buf, val);
1941 l = 2;
1942 } else {
1943 /* 8 bit read access */
1944 val = io_mem_read(section->mr, addr1, 1);
1945 stb_p(buf, val);
1946 l = 1;
1947 }
1948 } else {
1949 /* RAM case */
1950 ptr = qemu_get_ram_ptr(section->mr->ram_addr
1951 + memory_region_section_addr(section,
1952 addr));
1953 memcpy(buf, ptr, l);
1954 }
1955 }
1956 len -= l;
1957 buf += l;
1958 addr += l;
1959 }
1960 }
1961
1962 void address_space_write(AddressSpace *as, hwaddr addr,
1963 const uint8_t *buf, int len)
1964 {
1965 address_space_rw(as, addr, (uint8_t *)buf, len, true);
1966 }
1967
1968 /**
1969 * address_space_read: read from an address space.
1970 *
1971 * @as: #AddressSpace to be accessed
1972 * @addr: address within that address space
1973 * @buf: buffer with the data transferred
1974 */
1975 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1976 {
1977 address_space_rw(as, addr, buf, len, false);
1978 }
1979
1980
1981 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1982 int len, int is_write)
1983 {
1984 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
1985 }
1986
1987 /* used for ROM loading : can write in RAM and ROM */
1988 void cpu_physical_memory_write_rom(hwaddr addr,
1989 const uint8_t *buf, int len)
1990 {
1991 AddressSpaceDispatch *d = address_space_memory.dispatch;
1992 int l;
1993 uint8_t *ptr;
1994 hwaddr page;
1995 MemoryRegionSection *section;
1996
1997 while (len > 0) {
1998 page = addr & TARGET_PAGE_MASK;
1999 l = (page + TARGET_PAGE_SIZE) - addr;
2000 if (l > len)
2001 l = len;
2002 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2003
2004 if (!(memory_region_is_ram(section->mr) ||
2005 memory_region_is_romd(section->mr))) {
2006 /* do nothing */
2007 } else {
2008 unsigned long addr1;
2009 addr1 = memory_region_get_ram_addr(section->mr)
2010 + memory_region_section_addr(section, addr);
2011 /* ROM/RAM case */
2012 ptr = qemu_get_ram_ptr(addr1);
2013 memcpy(ptr, buf, l);
2014 invalidate_and_set_dirty(addr1, l);
2015 }
2016 len -= l;
2017 buf += l;
2018 addr += l;
2019 }
2020 }
2021
2022 typedef struct {
2023 void *buffer;
2024 hwaddr addr;
2025 hwaddr len;
2026 } BounceBuffer;
2027
2028 static BounceBuffer bounce;
2029
2030 typedef struct MapClient {
2031 void *opaque;
2032 void (*callback)(void *opaque);
2033 QLIST_ENTRY(MapClient) link;
2034 } MapClient;
2035
2036 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2037 = QLIST_HEAD_INITIALIZER(map_client_list);
2038
2039 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2040 {
2041 MapClient *client = g_malloc(sizeof(*client));
2042
2043 client->opaque = opaque;
2044 client->callback = callback;
2045 QLIST_INSERT_HEAD(&map_client_list, client, link);
2046 return client;
2047 }
2048
2049 static void cpu_unregister_map_client(void *_client)
2050 {
2051 MapClient *client = (MapClient *)_client;
2052
2053 QLIST_REMOVE(client, link);
2054 g_free(client);
2055 }
2056
2057 static void cpu_notify_map_clients(void)
2058 {
2059 MapClient *client;
2060
2061 while (!QLIST_EMPTY(&map_client_list)) {
2062 client = QLIST_FIRST(&map_client_list);
2063 client->callback(client->opaque);
2064 cpu_unregister_map_client(client);
2065 }
2066 }
2067
2068 /* Map a physical memory region into a host virtual address.
2069 * May map a subset of the requested range, given by and returned in *plen.
2070 * May return NULL if resources needed to perform the mapping are exhausted.
2071 * Use only for reads OR writes - not for read-modify-write operations.
2072 * Use cpu_register_map_client() to know when retrying the map operation is
2073 * likely to succeed.
2074 */
2075 void *address_space_map(AddressSpace *as,
2076 hwaddr addr,
2077 hwaddr *plen,
2078 bool is_write)
2079 {
2080 AddressSpaceDispatch *d = as->dispatch;
2081 hwaddr len = *plen;
2082 hwaddr todo = 0;
2083 int l;
2084 hwaddr page;
2085 MemoryRegionSection *section;
2086 ram_addr_t raddr = RAM_ADDR_MAX;
2087 ram_addr_t rlen;
2088 void *ret;
2089
2090 while (len > 0) {
2091 page = addr & TARGET_PAGE_MASK;
2092 l = (page + TARGET_PAGE_SIZE) - addr;
2093 if (l > len)
2094 l = len;
2095 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
2096
2097 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
2098 if (todo || bounce.buffer) {
2099 break;
2100 }
2101 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2102 bounce.addr = addr;
2103 bounce.len = l;
2104 if (!is_write) {
2105 address_space_read(as, addr, bounce.buffer, l);
2106 }
2107
2108 *plen = l;
2109 return bounce.buffer;
2110 }
2111 if (!todo) {
2112 raddr = memory_region_get_ram_addr(section->mr)
2113 + memory_region_section_addr(section, addr);
2114 }
2115
2116 len -= l;
2117 addr += l;
2118 todo += l;
2119 }
2120 rlen = todo;
2121 ret = qemu_ram_ptr_length(raddr, &rlen);
2122 *plen = rlen;
2123 return ret;
2124 }
2125
2126 /* Unmaps a memory region previously mapped by address_space_map().
2127 * Will also mark the memory as dirty if is_write == 1. access_len gives
2128 * the amount of memory that was actually read or written by the caller.
2129 */
2130 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2131 int is_write, hwaddr access_len)
2132 {
2133 if (buffer != bounce.buffer) {
2134 if (is_write) {
2135 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2136 while (access_len) {
2137 unsigned l;
2138 l = TARGET_PAGE_SIZE;
2139 if (l > access_len)
2140 l = access_len;
2141 invalidate_and_set_dirty(addr1, l);
2142 addr1 += l;
2143 access_len -= l;
2144 }
2145 }
2146 if (xen_enabled()) {
2147 xen_invalidate_map_cache_entry(buffer);
2148 }
2149 return;
2150 }
2151 if (is_write) {
2152 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2153 }
2154 qemu_vfree(bounce.buffer);
2155 bounce.buffer = NULL;
2156 cpu_notify_map_clients();
2157 }
2158
2159 void *cpu_physical_memory_map(hwaddr addr,
2160 hwaddr *plen,
2161 int is_write)
2162 {
2163 return address_space_map(&address_space_memory, addr, plen, is_write);
2164 }
2165
2166 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2167 int is_write, hwaddr access_len)
2168 {
2169 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2170 }
2171
2172 /* warning: addr must be aligned */
2173 static inline uint32_t ldl_phys_internal(hwaddr addr,
2174 enum device_endian endian)
2175 {
2176 uint8_t *ptr;
2177 uint32_t val;
2178 MemoryRegionSection *section;
2179
2180 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2181
2182 if (!(memory_region_is_ram(section->mr) ||
2183 memory_region_is_romd(section->mr))) {
2184 /* I/O case */
2185 addr = memory_region_section_addr(section, addr);
2186 val = io_mem_read(section->mr, addr, 4);
2187 #if defined(TARGET_WORDS_BIGENDIAN)
2188 if (endian == DEVICE_LITTLE_ENDIAN) {
2189 val = bswap32(val);
2190 }
2191 #else
2192 if (endian == DEVICE_BIG_ENDIAN) {
2193 val = bswap32(val);
2194 }
2195 #endif
2196 } else {
2197 /* RAM case */
2198 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2199 & TARGET_PAGE_MASK)
2200 + memory_region_section_addr(section, addr));
2201 switch (endian) {
2202 case DEVICE_LITTLE_ENDIAN:
2203 val = ldl_le_p(ptr);
2204 break;
2205 case DEVICE_BIG_ENDIAN:
2206 val = ldl_be_p(ptr);
2207 break;
2208 default:
2209 val = ldl_p(ptr);
2210 break;
2211 }
2212 }
2213 return val;
2214 }
2215
2216 uint32_t ldl_phys(hwaddr addr)
2217 {
2218 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2219 }
2220
2221 uint32_t ldl_le_phys(hwaddr addr)
2222 {
2223 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2224 }
2225
2226 uint32_t ldl_be_phys(hwaddr addr)
2227 {
2228 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2229 }
2230
2231 /* warning: addr must be aligned */
2232 static inline uint64_t ldq_phys_internal(hwaddr addr,
2233 enum device_endian endian)
2234 {
2235 uint8_t *ptr;
2236 uint64_t val;
2237 MemoryRegionSection *section;
2238
2239 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2240
2241 if (!(memory_region_is_ram(section->mr) ||
2242 memory_region_is_romd(section->mr))) {
2243 /* I/O case */
2244 addr = memory_region_section_addr(section, addr);
2245
2246 /* XXX This is broken when device endian != cpu endian.
2247 Fix and add "endian" variable check */
2248 #ifdef TARGET_WORDS_BIGENDIAN
2249 val = io_mem_read(section->mr, addr, 4) << 32;
2250 val |= io_mem_read(section->mr, addr + 4, 4);
2251 #else
2252 val = io_mem_read(section->mr, addr, 4);
2253 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
2254 #endif
2255 } else {
2256 /* RAM case */
2257 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2258 & TARGET_PAGE_MASK)
2259 + memory_region_section_addr(section, addr));
2260 switch (endian) {
2261 case DEVICE_LITTLE_ENDIAN:
2262 val = ldq_le_p(ptr);
2263 break;
2264 case DEVICE_BIG_ENDIAN:
2265 val = ldq_be_p(ptr);
2266 break;
2267 default:
2268 val = ldq_p(ptr);
2269 break;
2270 }
2271 }
2272 return val;
2273 }
2274
2275 uint64_t ldq_phys(hwaddr addr)
2276 {
2277 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2278 }
2279
2280 uint64_t ldq_le_phys(hwaddr addr)
2281 {
2282 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2283 }
2284
2285 uint64_t ldq_be_phys(hwaddr addr)
2286 {
2287 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2288 }
2289
2290 /* XXX: optimize */
2291 uint32_t ldub_phys(hwaddr addr)
2292 {
2293 uint8_t val;
2294 cpu_physical_memory_read(addr, &val, 1);
2295 return val;
2296 }
2297
2298 /* warning: addr must be aligned */
2299 static inline uint32_t lduw_phys_internal(hwaddr addr,
2300 enum device_endian endian)
2301 {
2302 uint8_t *ptr;
2303 uint64_t val;
2304 MemoryRegionSection *section;
2305
2306 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2307
2308 if (!(memory_region_is_ram(section->mr) ||
2309 memory_region_is_romd(section->mr))) {
2310 /* I/O case */
2311 addr = memory_region_section_addr(section, addr);
2312 val = io_mem_read(section->mr, addr, 2);
2313 #if defined(TARGET_WORDS_BIGENDIAN)
2314 if (endian == DEVICE_LITTLE_ENDIAN) {
2315 val = bswap16(val);
2316 }
2317 #else
2318 if (endian == DEVICE_BIG_ENDIAN) {
2319 val = bswap16(val);
2320 }
2321 #endif
2322 } else {
2323 /* RAM case */
2324 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
2325 & TARGET_PAGE_MASK)
2326 + memory_region_section_addr(section, addr));
2327 switch (endian) {
2328 case DEVICE_LITTLE_ENDIAN:
2329 val = lduw_le_p(ptr);
2330 break;
2331 case DEVICE_BIG_ENDIAN:
2332 val = lduw_be_p(ptr);
2333 break;
2334 default:
2335 val = lduw_p(ptr);
2336 break;
2337 }
2338 }
2339 return val;
2340 }
2341
2342 uint32_t lduw_phys(hwaddr addr)
2343 {
2344 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2345 }
2346
2347 uint32_t lduw_le_phys(hwaddr addr)
2348 {
2349 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2350 }
2351
2352 uint32_t lduw_be_phys(hwaddr addr)
2353 {
2354 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2355 }
2356
2357 /* warning: addr must be aligned. The ram page is not masked as dirty
2358 and the code inside is not invalidated. It is useful if the dirty
2359 bits are used to track modified PTEs */
2360 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2361 {
2362 uint8_t *ptr;
2363 MemoryRegionSection *section;
2364
2365 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2366
2367 if (!memory_region_is_ram(section->mr) || section->readonly) {
2368 addr = memory_region_section_addr(section, addr);
2369 if (memory_region_is_ram(section->mr)) {
2370 section = &phys_sections[phys_section_rom];
2371 }
2372 io_mem_write(section->mr, addr, val, 4);
2373 } else {
2374 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
2375 & TARGET_PAGE_MASK)
2376 + memory_region_section_addr(section, addr);
2377 ptr = qemu_get_ram_ptr(addr1);
2378 stl_p(ptr, val);
2379
2380 if (unlikely(in_migration)) {
2381 if (!cpu_physical_memory_is_dirty(addr1)) {
2382 /* invalidate code */
2383 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2384 /* set dirty bit */
2385 cpu_physical_memory_set_dirty_flags(
2386 addr1, (0xff & ~CODE_DIRTY_FLAG));
2387 }
2388 }
2389 }
2390 }
2391
2392 /* warning: addr must be aligned */
2393 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2394 enum device_endian endian)
2395 {
2396 uint8_t *ptr;
2397 MemoryRegionSection *section;
2398
2399 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2400
2401 if (!memory_region_is_ram(section->mr) || section->readonly) {
2402 addr = memory_region_section_addr(section, addr);
2403 if (memory_region_is_ram(section->mr)) {
2404 section = &phys_sections[phys_section_rom];
2405 }
2406 #if defined(TARGET_WORDS_BIGENDIAN)
2407 if (endian == DEVICE_LITTLE_ENDIAN) {
2408 val = bswap32(val);
2409 }
2410 #else
2411 if (endian == DEVICE_BIG_ENDIAN) {
2412 val = bswap32(val);
2413 }
2414 #endif
2415 io_mem_write(section->mr, addr, val, 4);
2416 } else {
2417 unsigned long addr1;
2418 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2419 + memory_region_section_addr(section, addr);
2420 /* RAM case */
2421 ptr = qemu_get_ram_ptr(addr1);
2422 switch (endian) {
2423 case DEVICE_LITTLE_ENDIAN:
2424 stl_le_p(ptr, val);
2425 break;
2426 case DEVICE_BIG_ENDIAN:
2427 stl_be_p(ptr, val);
2428 break;
2429 default:
2430 stl_p(ptr, val);
2431 break;
2432 }
2433 invalidate_and_set_dirty(addr1, 4);
2434 }
2435 }
2436
2437 void stl_phys(hwaddr addr, uint32_t val)
2438 {
2439 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2440 }
2441
2442 void stl_le_phys(hwaddr addr, uint32_t val)
2443 {
2444 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2445 }
2446
2447 void stl_be_phys(hwaddr addr, uint32_t val)
2448 {
2449 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2450 }
2451
2452 /* XXX: optimize */
2453 void stb_phys(hwaddr addr, uint32_t val)
2454 {
2455 uint8_t v = val;
2456 cpu_physical_memory_write(addr, &v, 1);
2457 }
2458
2459 /* warning: addr must be aligned */
2460 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2461 enum device_endian endian)
2462 {
2463 uint8_t *ptr;
2464 MemoryRegionSection *section;
2465
2466 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
2467
2468 if (!memory_region_is_ram(section->mr) || section->readonly) {
2469 addr = memory_region_section_addr(section, addr);
2470 if (memory_region_is_ram(section->mr)) {
2471 section = &phys_sections[phys_section_rom];
2472 }
2473 #if defined(TARGET_WORDS_BIGENDIAN)
2474 if (endian == DEVICE_LITTLE_ENDIAN) {
2475 val = bswap16(val);
2476 }
2477 #else
2478 if (endian == DEVICE_BIG_ENDIAN) {
2479 val = bswap16(val);
2480 }
2481 #endif
2482 io_mem_write(section->mr, addr, val, 2);
2483 } else {
2484 unsigned long addr1;
2485 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
2486 + memory_region_section_addr(section, addr);
2487 /* RAM case */
2488 ptr = qemu_get_ram_ptr(addr1);
2489 switch (endian) {
2490 case DEVICE_LITTLE_ENDIAN:
2491 stw_le_p(ptr, val);
2492 break;
2493 case DEVICE_BIG_ENDIAN:
2494 stw_be_p(ptr, val);
2495 break;
2496 default:
2497 stw_p(ptr, val);
2498 break;
2499 }
2500 invalidate_and_set_dirty(addr1, 2);
2501 }
2502 }
2503
2504 void stw_phys(hwaddr addr, uint32_t val)
2505 {
2506 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2507 }
2508
2509 void stw_le_phys(hwaddr addr, uint32_t val)
2510 {
2511 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2512 }
2513
2514 void stw_be_phys(hwaddr addr, uint32_t val)
2515 {
2516 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2517 }
2518
2519 /* XXX: optimize */
2520 void stq_phys(hwaddr addr, uint64_t val)
2521 {
2522 val = tswap64(val);
2523 cpu_physical_memory_write(addr, &val, 8);
2524 }
2525
2526 void stq_le_phys(hwaddr addr, uint64_t val)
2527 {
2528 val = cpu_to_le64(val);
2529 cpu_physical_memory_write(addr, &val, 8);
2530 }
2531
2532 void stq_be_phys(hwaddr addr, uint64_t val)
2533 {
2534 val = cpu_to_be64(val);
2535 cpu_physical_memory_write(addr, &val, 8);
2536 }
2537
2538 /* virtual memory access for debug (includes writing to ROM) */
2539 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2540 uint8_t *buf, int len, int is_write)
2541 {
2542 int l;
2543 hwaddr phys_addr;
2544 target_ulong page;
2545
2546 while (len > 0) {
2547 page = addr & TARGET_PAGE_MASK;
2548 phys_addr = cpu_get_phys_page_debug(env, page);
2549 /* if no physical page mapped, return an error */
2550 if (phys_addr == -1)
2551 return -1;
2552 l = (page + TARGET_PAGE_SIZE) - addr;
2553 if (l > len)
2554 l = len;
2555 phys_addr += (addr & ~TARGET_PAGE_MASK);
2556 if (is_write)
2557 cpu_physical_memory_write_rom(phys_addr, buf, l);
2558 else
2559 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2560 len -= l;
2561 buf += l;
2562 addr += l;
2563 }
2564 return 0;
2565 }
2566 #endif
2567
2568 #if !defined(CONFIG_USER_ONLY)
2569
2570 /*
2571 * A helper function for the _utterly broken_ virtio device model to find out if
2572 * it's running on a big endian machine. Don't do this at home kids!
2573 */
2574 bool virtio_is_big_endian(void);
2575 bool virtio_is_big_endian(void)
2576 {
2577 #if defined(TARGET_WORDS_BIGENDIAN)
2578 return true;
2579 #else
2580 return false;
2581 #endif
2582 }
2583
2584 #endif
2585
2586 #ifndef CONFIG_USER_ONLY
2587 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2588 {
2589 MemoryRegionSection *section;
2590
2591 section = phys_page_find(address_space_memory.dispatch,
2592 phys_addr >> TARGET_PAGE_BITS);
2593
2594 return !(memory_region_is_ram(section->mr) ||
2595 memory_region_is_romd(section->mr));
2596 }
2597 #endif
Qemu copy for testing