]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
memory: iommu support
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52
53 //#define DEBUG_SUBPAGE
54
55 #if !defined(CONFIG_USER_ONLY)
56 int phys_ram_fd;
57 static int in_migration;
58
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
60
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
63
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
67
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
70
71 #endif
72
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
75 cpu_exec() */
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
80 int use_icount;
81
82 #if !defined(CONFIG_USER_ONLY)
83
84 typedef struct PhysPageEntry PhysPageEntry;
85
86 struct PhysPageEntry {
87 uint16_t is_leaf : 1;
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
89 uint16_t ptr : 15;
90 };
91
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
95 */
96 PhysPageEntry phys_map;
97 MemoryListener listener;
98 AddressSpace *as;
99 };
100
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
103 MemoryRegion iomem;
104 AddressSpace *as;
105 hwaddr base;
106 uint16_t sub_section[TARGET_PAGE_SIZE];
107 } subpage_t;
108
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
115
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125
126 static MemoryRegion io_mem_watch;
127 #endif
128
129 #if !defined(CONFIG_USER_ONLY)
130
131 static void phys_map_node_reserve(unsigned nodes)
132 {
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
140 }
141 }
142
143 static uint16_t phys_map_node_alloc(void)
144 {
145 unsigned i;
146 uint16_t ret;
147
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
154 }
155 return ret;
156 }
157
158 static void phys_map_nodes_reset(void)
159 {
160 phys_map_nodes_nb = 0;
161 }
162
163
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
166 int level)
167 {
168 PhysPageEntry *p;
169 int i;
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
171
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
175 if (level == 0) {
176 for (i = 0; i < L2_SIZE; i++) {
177 p[i].is_leaf = 1;
178 p[i].ptr = phys_section_unassigned;
179 }
180 }
181 } else {
182 p = phys_map_nodes[lp->ptr];
183 }
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
185
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
188 lp->is_leaf = true;
189 lp->ptr = leaf;
190 *index += step;
191 *nb -= step;
192 } else {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
194 }
195 ++lp;
196 }
197 }
198
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
201 uint16_t leaf)
202 {
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
205
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
207 }
208
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
210 {
211 PhysPageEntry lp = d->phys_map;
212 PhysPageEntry *p;
213 int i;
214
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
218 }
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
221 }
222 return &phys_sections[lp.ptr];
223 }
224
225 bool memory_region_is_unassigned(MemoryRegion *mr)
226 {
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
229 }
230
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
232 hwaddr addr,
233 bool resolve_subpage)
234 {
235 MemoryRegionSection *section;
236 subpage_t *subpage;
237
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
242 }
243 return section;
244 }
245
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
249 {
250 MemoryRegionSection *section;
251 Int128 diff;
252
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
256
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
259
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
262 return section;
263 }
264
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
267 bool is_write)
268 {
269 IOMMUTLBEntry iotlb;
270 MemoryRegionSection *section;
271 MemoryRegion *mr;
272 hwaddr len = *plen;
273
274 for (;;) {
275 section = address_space_translate_internal(as, addr, &addr, plen, true);
276 mr = section->mr;
277
278 if (!mr->iommu_ops) {
279 break;
280 }
281
282 iotlb = mr->iommu_ops->translate(mr, addr);
283 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
284 | (addr & iotlb.addr_mask));
285 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
286 if (!(iotlb.perm & (1 << is_write))) {
287 mr = &io_mem_unassigned;
288 break;
289 }
290
291 as = iotlb.target_as;
292 }
293
294 *plen = len;
295 *xlat = addr;
296 return mr;
297 }
298
299 MemoryRegionSection *
300 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
301 hwaddr *plen)
302 {
303 MemoryRegionSection *section;
304 section = address_space_translate_internal(as, addr, xlat, plen, false);
305
306 assert(!section->mr->iommu_ops);
307 return section;
308 }
309 #endif
310
311 void cpu_exec_init_all(void)
312 {
313 #if !defined(CONFIG_USER_ONLY)
314 qemu_mutex_init(&ram_list.mutex);
315 memory_map_init();
316 io_mem_init();
317 #endif
318 }
319
320 #if !defined(CONFIG_USER_ONLY)
321
322 static int cpu_common_post_load(void *opaque, int version_id)
323 {
324 CPUState *cpu = opaque;
325
326 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
327 version_id is increased. */
328 cpu->interrupt_request &= ~0x01;
329 tlb_flush(cpu->env_ptr, 1);
330
331 return 0;
332 }
333
334 static const VMStateDescription vmstate_cpu_common = {
335 .name = "cpu_common",
336 .version_id = 1,
337 .minimum_version_id = 1,
338 .minimum_version_id_old = 1,
339 .post_load = cpu_common_post_load,
340 .fields = (VMStateField []) {
341 VMSTATE_UINT32(halted, CPUState),
342 VMSTATE_UINT32(interrupt_request, CPUState),
343 VMSTATE_END_OF_LIST()
344 }
345 };
346 #else
347 #define vmstate_cpu_common vmstate_dummy
348 #endif
349
350 CPUState *qemu_get_cpu(int index)
351 {
352 CPUArchState *env = first_cpu;
353 CPUState *cpu = NULL;
354
355 while (env) {
356 cpu = ENV_GET_CPU(env);
357 if (cpu->cpu_index == index) {
358 break;
359 }
360 env = env->next_cpu;
361 }
362
363 return env ? cpu : NULL;
364 }
365
366 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
367 {
368 CPUArchState *env = first_cpu;
369
370 while (env) {
371 func(ENV_GET_CPU(env), data);
372 env = env->next_cpu;
373 }
374 }
375
376 void cpu_exec_init(CPUArchState *env)
377 {
378 CPUState *cpu = ENV_GET_CPU(env);
379 CPUClass *cc = CPU_GET_CLASS(cpu);
380 CPUArchState **penv;
381 int cpu_index;
382
383 #if defined(CONFIG_USER_ONLY)
384 cpu_list_lock();
385 #endif
386 env->next_cpu = NULL;
387 penv = &first_cpu;
388 cpu_index = 0;
389 while (*penv != NULL) {
390 penv = &(*penv)->next_cpu;
391 cpu_index++;
392 }
393 cpu->cpu_index = cpu_index;
394 cpu->numa_node = 0;
395 QTAILQ_INIT(&env->breakpoints);
396 QTAILQ_INIT(&env->watchpoints);
397 #ifndef CONFIG_USER_ONLY
398 cpu->thread_id = qemu_get_thread_id();
399 #endif
400 *penv = env;
401 #if defined(CONFIG_USER_ONLY)
402 cpu_list_unlock();
403 #endif
404 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
405 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
406 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
407 cpu_save, cpu_load, env);
408 assert(cc->vmsd == NULL);
409 #endif
410 if (cc->vmsd != NULL) {
411 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
412 }
413 }
414
415 #if defined(TARGET_HAS_ICE)
416 #if defined(CONFIG_USER_ONLY)
417 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
418 {
419 tb_invalidate_phys_page_range(pc, pc + 1, 0);
420 }
421 #else
422 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
423 {
424 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
425 (pc & ~TARGET_PAGE_MASK));
426 }
427 #endif
428 #endif /* TARGET_HAS_ICE */
429
430 #if defined(CONFIG_USER_ONLY)
431 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
432
433 {
434 }
435
436 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
437 int flags, CPUWatchpoint **watchpoint)
438 {
439 return -ENOSYS;
440 }
441 #else
442 /* Add a watchpoint. */
443 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
444 int flags, CPUWatchpoint **watchpoint)
445 {
446 target_ulong len_mask = ~(len - 1);
447 CPUWatchpoint *wp;
448
449 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
450 if ((len & (len - 1)) || (addr & ~len_mask) ||
451 len == 0 || len > TARGET_PAGE_SIZE) {
452 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
453 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
454 return -EINVAL;
455 }
456 wp = g_malloc(sizeof(*wp));
457
458 wp->vaddr = addr;
459 wp->len_mask = len_mask;
460 wp->flags = flags;
461
462 /* keep all GDB-injected watchpoints in front */
463 if (flags & BP_GDB)
464 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
465 else
466 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
467
468 tlb_flush_page(env, addr);
469
470 if (watchpoint)
471 *watchpoint = wp;
472 return 0;
473 }
474
475 /* Remove a specific watchpoint. */
476 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
477 int flags)
478 {
479 target_ulong len_mask = ~(len - 1);
480 CPUWatchpoint *wp;
481
482 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
483 if (addr == wp->vaddr && len_mask == wp->len_mask
484 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
485 cpu_watchpoint_remove_by_ref(env, wp);
486 return 0;
487 }
488 }
489 return -ENOENT;
490 }
491
492 /* Remove a specific watchpoint by reference. */
493 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
494 {
495 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
496
497 tlb_flush_page(env, watchpoint->vaddr);
498
499 g_free(watchpoint);
500 }
501
502 /* Remove all matching watchpoints. */
503 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
504 {
505 CPUWatchpoint *wp, *next;
506
507 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
508 if (wp->flags & mask)
509 cpu_watchpoint_remove_by_ref(env, wp);
510 }
511 }
512 #endif
513
514 /* Add a breakpoint. */
515 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
516 CPUBreakpoint **breakpoint)
517 {
518 #if defined(TARGET_HAS_ICE)
519 CPUBreakpoint *bp;
520
521 bp = g_malloc(sizeof(*bp));
522
523 bp->pc = pc;
524 bp->flags = flags;
525
526 /* keep all GDB-injected breakpoints in front */
527 if (flags & BP_GDB)
528 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
529 else
530 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
531
532 breakpoint_invalidate(env, pc);
533
534 if (breakpoint)
535 *breakpoint = bp;
536 return 0;
537 #else
538 return -ENOSYS;
539 #endif
540 }
541
542 /* Remove a specific breakpoint. */
543 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
544 {
545 #if defined(TARGET_HAS_ICE)
546 CPUBreakpoint *bp;
547
548 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
549 if (bp->pc == pc && bp->flags == flags) {
550 cpu_breakpoint_remove_by_ref(env, bp);
551 return 0;
552 }
553 }
554 return -ENOENT;
555 #else
556 return -ENOSYS;
557 #endif
558 }
559
560 /* Remove a specific breakpoint by reference. */
561 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
562 {
563 #if defined(TARGET_HAS_ICE)
564 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
565
566 breakpoint_invalidate(env, breakpoint->pc);
567
568 g_free(breakpoint);
569 #endif
570 }
571
572 /* Remove all matching breakpoints. */
573 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
574 {
575 #if defined(TARGET_HAS_ICE)
576 CPUBreakpoint *bp, *next;
577
578 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
579 if (bp->flags & mask)
580 cpu_breakpoint_remove_by_ref(env, bp);
581 }
582 #endif
583 }
584
585 /* enable or disable single step mode. EXCP_DEBUG is returned by the
586 CPU loop after each instruction */
587 void cpu_single_step(CPUArchState *env, int enabled)
588 {
589 #if defined(TARGET_HAS_ICE)
590 if (env->singlestep_enabled != enabled) {
591 env->singlestep_enabled = enabled;
592 if (kvm_enabled())
593 kvm_update_guest_debug(env, 0);
594 else {
595 /* must flush all the translated code to avoid inconsistencies */
596 /* XXX: only flush what is necessary */
597 tb_flush(env);
598 }
599 }
600 #endif
601 }
602
603 void cpu_exit(CPUArchState *env)
604 {
605 CPUState *cpu = ENV_GET_CPU(env);
606
607 cpu->exit_request = 1;
608 cpu->tcg_exit_req = 1;
609 }
610
611 void cpu_abort(CPUArchState *env, const char *fmt, ...)
612 {
613 va_list ap;
614 va_list ap2;
615
616 va_start(ap, fmt);
617 va_copy(ap2, ap);
618 fprintf(stderr, "qemu: fatal: ");
619 vfprintf(stderr, fmt, ap);
620 fprintf(stderr, "\n");
621 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
622 if (qemu_log_enabled()) {
623 qemu_log("qemu: fatal: ");
624 qemu_log_vprintf(fmt, ap2);
625 qemu_log("\n");
626 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
627 qemu_log_flush();
628 qemu_log_close();
629 }
630 va_end(ap2);
631 va_end(ap);
632 #if defined(CONFIG_USER_ONLY)
633 {
634 struct sigaction act;
635 sigfillset(&act.sa_mask);
636 act.sa_handler = SIG_DFL;
637 sigaction(SIGABRT, &act, NULL);
638 }
639 #endif
640 abort();
641 }
642
643 CPUArchState *cpu_copy(CPUArchState *env)
644 {
645 CPUArchState *new_env = cpu_init(env->cpu_model_str);
646 CPUArchState *next_cpu = new_env->next_cpu;
647 #if defined(TARGET_HAS_ICE)
648 CPUBreakpoint *bp;
649 CPUWatchpoint *wp;
650 #endif
651
652 memcpy(new_env, env, sizeof(CPUArchState));
653
654 /* Preserve chaining. */
655 new_env->next_cpu = next_cpu;
656
657 /* Clone all break/watchpoints.
658 Note: Once we support ptrace with hw-debug register access, make sure
659 BP_CPU break/watchpoints are handled correctly on clone. */
660 QTAILQ_INIT(&env->breakpoints);
661 QTAILQ_INIT(&env->watchpoints);
662 #if defined(TARGET_HAS_ICE)
663 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
664 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
665 }
666 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
667 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
668 wp->flags, NULL);
669 }
670 #endif
671
672 return new_env;
673 }
674
675 #if !defined(CONFIG_USER_ONLY)
676 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
677 uintptr_t length)
678 {
679 uintptr_t start1;
680
681 /* we modify the TLB cache so that the dirty bit will be set again
682 when accessing the range */
683 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
684 /* Check that we don't span multiple blocks - this breaks the
685 address comparisons below. */
686 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
687 != (end - 1) - start) {
688 abort();
689 }
690 cpu_tlb_reset_dirty_all(start1, length);
691
692 }
693
694 /* Note: start and end must be within the same ram block. */
695 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
696 int dirty_flags)
697 {
698 uintptr_t length;
699
700 start &= TARGET_PAGE_MASK;
701 end = TARGET_PAGE_ALIGN(end);
702
703 length = end - start;
704 if (length == 0)
705 return;
706 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
707
708 if (tcg_enabled()) {
709 tlb_reset_dirty_range_all(start, end, length);
710 }
711 }
712
713 static int cpu_physical_memory_set_dirty_tracking(int enable)
714 {
715 int ret = 0;
716 in_migration = enable;
717 return ret;
718 }
719
720 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
721 MemoryRegionSection *section,
722 target_ulong vaddr,
723 hwaddr paddr, hwaddr xlat,
724 int prot,
725 target_ulong *address)
726 {
727 hwaddr iotlb;
728 CPUWatchpoint *wp;
729
730 if (memory_region_is_ram(section->mr)) {
731 /* Normal RAM. */
732 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
733 + xlat;
734 if (!section->readonly) {
735 iotlb |= phys_section_notdirty;
736 } else {
737 iotlb |= phys_section_rom;
738 }
739 } else {
740 iotlb = section - phys_sections;
741 iotlb += xlat;
742 }
743
744 /* Make accesses to pages with watchpoints go via the
745 watchpoint trap routines. */
746 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
747 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
748 /* Avoid trapping reads of pages with a write breakpoint. */
749 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
750 iotlb = phys_section_watch + paddr;
751 *address |= TLB_MMIO;
752 break;
753 }
754 }
755 }
756
757 return iotlb;
758 }
759 #endif /* defined(CONFIG_USER_ONLY) */
760
761 #if !defined(CONFIG_USER_ONLY)
762
763 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
764 uint16_t section);
765 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
766 static void destroy_page_desc(uint16_t section_index)
767 {
768 MemoryRegionSection *section = &phys_sections[section_index];
769 MemoryRegion *mr = section->mr;
770
771 if (mr->subpage) {
772 subpage_t *subpage = container_of(mr, subpage_t, iomem);
773 memory_region_destroy(&subpage->iomem);
774 g_free(subpage);
775 }
776 }
777
778 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
779 {
780 unsigned i;
781 PhysPageEntry *p;
782
783 if (lp->ptr == PHYS_MAP_NODE_NIL) {
784 return;
785 }
786
787 p = phys_map_nodes[lp->ptr];
788 for (i = 0; i < L2_SIZE; ++i) {
789 if (!p[i].is_leaf) {
790 destroy_l2_mapping(&p[i], level - 1);
791 } else {
792 destroy_page_desc(p[i].ptr);
793 }
794 }
795 lp->is_leaf = 0;
796 lp->ptr = PHYS_MAP_NODE_NIL;
797 }
798
799 static void destroy_all_mappings(AddressSpaceDispatch *d)
800 {
801 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
802 phys_map_nodes_reset();
803 }
804
805 static uint16_t phys_section_add(MemoryRegionSection *section)
806 {
807 /* The physical section number is ORed with a page-aligned
808 * pointer to produce the iotlb entries. Thus it should
809 * never overflow into the page-aligned value.
810 */
811 assert(phys_sections_nb < TARGET_PAGE_SIZE);
812
813 if (phys_sections_nb == phys_sections_nb_alloc) {
814 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
815 phys_sections = g_renew(MemoryRegionSection, phys_sections,
816 phys_sections_nb_alloc);
817 }
818 phys_sections[phys_sections_nb] = *section;
819 return phys_sections_nb++;
820 }
821
822 static void phys_sections_clear(void)
823 {
824 phys_sections_nb = 0;
825 }
826
827 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
828 {
829 subpage_t *subpage;
830 hwaddr base = section->offset_within_address_space
831 & TARGET_PAGE_MASK;
832 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
833 MemoryRegionSection subsection = {
834 .offset_within_address_space = base,
835 .size = int128_make64(TARGET_PAGE_SIZE),
836 };
837 hwaddr start, end;
838
839 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
840
841 if (!(existing->mr->subpage)) {
842 subpage = subpage_init(d->as, base);
843 subsection.mr = &subpage->iomem;
844 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
845 phys_section_add(&subsection));
846 } else {
847 subpage = container_of(existing->mr, subpage_t, iomem);
848 }
849 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
850 end = start + int128_get64(section->size) - 1;
851 subpage_register(subpage, start, end, phys_section_add(section));
852 }
853
854
855 static void register_multipage(AddressSpaceDispatch *d,
856 MemoryRegionSection *section)
857 {
858 hwaddr start_addr = section->offset_within_address_space;
859 uint16_t section_index = phys_section_add(section);
860 uint64_t num_pages = int128_get64(int128_rshift(section->size,
861 TARGET_PAGE_BITS));
862
863 assert(num_pages);
864 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
865 }
866
867 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
868 {
869 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
870 MemoryRegionSection now = *section, remain = *section;
871 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
872
873 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
874 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
875 - now.offset_within_address_space;
876
877 now.size = int128_min(int128_make64(left), now.size);
878 register_subpage(d, &now);
879 } else {
880 now.size = int128_zero();
881 }
882 while (int128_ne(remain.size, now.size)) {
883 remain.size = int128_sub(remain.size, now.size);
884 remain.offset_within_address_space += int128_get64(now.size);
885 remain.offset_within_region += int128_get64(now.size);
886 now = remain;
887 if (int128_lt(remain.size, page_size)) {
888 register_subpage(d, &now);
889 } else if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
890 now.size = page_size;
891 register_subpage(d, &now);
892 } else {
893 now.size = int128_and(now.size, int128_neg(page_size));
894 register_multipage(d, &now);
895 }
896 }
897 }
898
899 void qemu_flush_coalesced_mmio_buffer(void)
900 {
901 if (kvm_enabled())
902 kvm_flush_coalesced_mmio_buffer();
903 }
904
905 void qemu_mutex_lock_ramlist(void)
906 {
907 qemu_mutex_lock(&ram_list.mutex);
908 }
909
910 void qemu_mutex_unlock_ramlist(void)
911 {
912 qemu_mutex_unlock(&ram_list.mutex);
913 }
914
915 #if defined(__linux__) && !defined(TARGET_S390X)
916
917 #include <sys/vfs.h>
918
919 #define HUGETLBFS_MAGIC 0x958458f6
920
921 static long gethugepagesize(const char *path)
922 {
923 struct statfs fs;
924 int ret;
925
926 do {
927 ret = statfs(path, &fs);
928 } while (ret != 0 && errno == EINTR);
929
930 if (ret != 0) {
931 perror(path);
932 return 0;
933 }
934
935 if (fs.f_type != HUGETLBFS_MAGIC)
936 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
937
938 return fs.f_bsize;
939 }
940
941 static void *file_ram_alloc(RAMBlock *block,
942 ram_addr_t memory,
943 const char *path)
944 {
945 char *filename;
946 char *sanitized_name;
947 char *c;
948 void *area;
949 int fd;
950 #ifdef MAP_POPULATE
951 int flags;
952 #endif
953 unsigned long hpagesize;
954
955 hpagesize = gethugepagesize(path);
956 if (!hpagesize) {
957 return NULL;
958 }
959
960 if (memory < hpagesize) {
961 return NULL;
962 }
963
964 if (kvm_enabled() && !kvm_has_sync_mmu()) {
965 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
966 return NULL;
967 }
968
969 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
970 sanitized_name = g_strdup(block->mr->name);
971 for (c = sanitized_name; *c != '\0'; c++) {
972 if (*c == '/')
973 *c = '_';
974 }
975
976 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
977 sanitized_name);
978 g_free(sanitized_name);
979
980 fd = mkstemp(filename);
981 if (fd < 0) {
982 perror("unable to create backing store for hugepages");
983 g_free(filename);
984 return NULL;
985 }
986 unlink(filename);
987 g_free(filename);
988
989 memory = (memory+hpagesize-1) & ~(hpagesize-1);
990
991 /*
992 * ftruncate is not supported by hugetlbfs in older
993 * hosts, so don't bother bailing out on errors.
994 * If anything goes wrong with it under other filesystems,
995 * mmap will fail.
996 */
997 if (ftruncate(fd, memory))
998 perror("ftruncate");
999
1000 #ifdef MAP_POPULATE
1001 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
1002 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
1003 * to sidestep this quirk.
1004 */
1005 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
1006 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
1007 #else
1008 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
1009 #endif
1010 if (area == MAP_FAILED) {
1011 perror("file_ram_alloc: can't mmap RAM pages");
1012 close(fd);
1013 return (NULL);
1014 }
1015 block->fd = fd;
1016 return area;
1017 }
1018 #endif
1019
1020 static ram_addr_t find_ram_offset(ram_addr_t size)
1021 {
1022 RAMBlock *block, *next_block;
1023 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1024
1025 assert(size != 0); /* it would hand out same offset multiple times */
1026
1027 if (QTAILQ_EMPTY(&ram_list.blocks))
1028 return 0;
1029
1030 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1031 ram_addr_t end, next = RAM_ADDR_MAX;
1032
1033 end = block->offset + block->length;
1034
1035 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1036 if (next_block->offset >= end) {
1037 next = MIN(next, next_block->offset);
1038 }
1039 }
1040 if (next - end >= size && next - end < mingap) {
1041 offset = end;
1042 mingap = next - end;
1043 }
1044 }
1045
1046 if (offset == RAM_ADDR_MAX) {
1047 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1048 (uint64_t)size);
1049 abort();
1050 }
1051
1052 return offset;
1053 }
1054
1055 ram_addr_t last_ram_offset(void)
1056 {
1057 RAMBlock *block;
1058 ram_addr_t last = 0;
1059
1060 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1061 last = MAX(last, block->offset + block->length);
1062
1063 return last;
1064 }
1065
1066 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1067 {
1068 int ret;
1069 QemuOpts *machine_opts;
1070
1071 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1072 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1073 if (machine_opts &&
1074 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1075 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1076 if (ret) {
1077 perror("qemu_madvise");
1078 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1079 "but dump_guest_core=off specified\n");
1080 }
1081 }
1082 }
1083
1084 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1085 {
1086 RAMBlock *new_block, *block;
1087
1088 new_block = NULL;
1089 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1090 if (block->offset == addr) {
1091 new_block = block;
1092 break;
1093 }
1094 }
1095 assert(new_block);
1096 assert(!new_block->idstr[0]);
1097
1098 if (dev) {
1099 char *id = qdev_get_dev_path(dev);
1100 if (id) {
1101 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1102 g_free(id);
1103 }
1104 }
1105 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1106
1107 /* This assumes the iothread lock is taken here too. */
1108 qemu_mutex_lock_ramlist();
1109 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1110 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1111 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1112 new_block->idstr);
1113 abort();
1114 }
1115 }
1116 qemu_mutex_unlock_ramlist();
1117 }
1118
1119 static int memory_try_enable_merging(void *addr, size_t len)
1120 {
1121 QemuOpts *opts;
1122
1123 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1124 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1125 /* disabled by the user */
1126 return 0;
1127 }
1128
1129 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1130 }
1131
1132 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1133 MemoryRegion *mr)
1134 {
1135 RAMBlock *block, *new_block;
1136
1137 size = TARGET_PAGE_ALIGN(size);
1138 new_block = g_malloc0(sizeof(*new_block));
1139
1140 /* This assumes the iothread lock is taken here too. */
1141 qemu_mutex_lock_ramlist();
1142 new_block->mr = mr;
1143 new_block->offset = find_ram_offset(size);
1144 if (host) {
1145 new_block->host = host;
1146 new_block->flags |= RAM_PREALLOC_MASK;
1147 } else {
1148 if (mem_path) {
1149 #if defined (__linux__) && !defined(TARGET_S390X)
1150 new_block->host = file_ram_alloc(new_block, size, mem_path);
1151 if (!new_block->host) {
1152 new_block->host = qemu_anon_ram_alloc(size);
1153 memory_try_enable_merging(new_block->host, size);
1154 }
1155 #else
1156 fprintf(stderr, "-mem-path option unsupported\n");
1157 exit(1);
1158 #endif
1159 } else {
1160 if (xen_enabled()) {
1161 xen_ram_alloc(new_block->offset, size, mr);
1162 } else if (kvm_enabled()) {
1163 /* some s390/kvm configurations have special constraints */
1164 new_block->host = kvm_ram_alloc(size);
1165 } else {
1166 new_block->host = qemu_anon_ram_alloc(size);
1167 }
1168 memory_try_enable_merging(new_block->host, size);
1169 }
1170 }
1171 new_block->length = size;
1172
1173 /* Keep the list sorted from biggest to smallest block. */
1174 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1175 if (block->length < new_block->length) {
1176 break;
1177 }
1178 }
1179 if (block) {
1180 QTAILQ_INSERT_BEFORE(block, new_block, next);
1181 } else {
1182 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1183 }
1184 ram_list.mru_block = NULL;
1185
1186 ram_list.version++;
1187 qemu_mutex_unlock_ramlist();
1188
1189 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1190 last_ram_offset() >> TARGET_PAGE_BITS);
1191 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1192 0, size >> TARGET_PAGE_BITS);
1193 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1194
1195 qemu_ram_setup_dump(new_block->host, size);
1196 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1197
1198 if (kvm_enabled())
1199 kvm_setup_guest_memory(new_block->host, size);
1200
1201 return new_block->offset;
1202 }
1203
1204 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1205 {
1206 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1207 }
1208
1209 void qemu_ram_free_from_ptr(ram_addr_t addr)
1210 {
1211 RAMBlock *block;
1212
1213 /* This assumes the iothread lock is taken here too. */
1214 qemu_mutex_lock_ramlist();
1215 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1216 if (addr == block->offset) {
1217 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1218 ram_list.mru_block = NULL;
1219 ram_list.version++;
1220 g_free(block);
1221 break;
1222 }
1223 }
1224 qemu_mutex_unlock_ramlist();
1225 }
1226
1227 void qemu_ram_free(ram_addr_t addr)
1228 {
1229 RAMBlock *block;
1230
1231 /* This assumes the iothread lock is taken here too. */
1232 qemu_mutex_lock_ramlist();
1233 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1234 if (addr == block->offset) {
1235 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1236 ram_list.mru_block = NULL;
1237 ram_list.version++;
1238 if (block->flags & RAM_PREALLOC_MASK) {
1239 ;
1240 } else if (mem_path) {
1241 #if defined (__linux__) && !defined(TARGET_S390X)
1242 if (block->fd) {
1243 munmap(block->host, block->length);
1244 close(block->fd);
1245 } else {
1246 qemu_anon_ram_free(block->host, block->length);
1247 }
1248 #else
1249 abort();
1250 #endif
1251 } else {
1252 if (xen_enabled()) {
1253 xen_invalidate_map_cache_entry(block->host);
1254 } else {
1255 qemu_anon_ram_free(block->host, block->length);
1256 }
1257 }
1258 g_free(block);
1259 break;
1260 }
1261 }
1262 qemu_mutex_unlock_ramlist();
1263
1264 }
1265
1266 #ifndef _WIN32
1267 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1268 {
1269 RAMBlock *block;
1270 ram_addr_t offset;
1271 int flags;
1272 void *area, *vaddr;
1273
1274 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1275 offset = addr - block->offset;
1276 if (offset < block->length) {
1277 vaddr = block->host + offset;
1278 if (block->flags & RAM_PREALLOC_MASK) {
1279 ;
1280 } else {
1281 flags = MAP_FIXED;
1282 munmap(vaddr, length);
1283 if (mem_path) {
1284 #if defined(__linux__) && !defined(TARGET_S390X)
1285 if (block->fd) {
1286 #ifdef MAP_POPULATE
1287 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1288 MAP_PRIVATE;
1289 #else
1290 flags |= MAP_PRIVATE;
1291 #endif
1292 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1293 flags, block->fd, offset);
1294 } else {
1295 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1296 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1297 flags, -1, 0);
1298 }
1299 #else
1300 abort();
1301 #endif
1302 } else {
1303 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1304 flags |= MAP_SHARED | MAP_ANONYMOUS;
1305 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1306 flags, -1, 0);
1307 #else
1308 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1309 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1310 flags, -1, 0);
1311 #endif
1312 }
1313 if (area != vaddr) {
1314 fprintf(stderr, "Could not remap addr: "
1315 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1316 length, addr);
1317 exit(1);
1318 }
1319 memory_try_enable_merging(vaddr, length);
1320 qemu_ram_setup_dump(vaddr, length);
1321 }
1322 return;
1323 }
1324 }
1325 }
1326 #endif /* !_WIN32 */
1327
1328 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1329 With the exception of the softmmu code in this file, this should
1330 only be used for local memory (e.g. video ram) that the device owns,
1331 and knows it isn't going to access beyond the end of the block.
1332
1333 It should not be used for general purpose DMA.
1334 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1335 */
1336 void *qemu_get_ram_ptr(ram_addr_t addr)
1337 {
1338 RAMBlock *block;
1339
1340 /* The list is protected by the iothread lock here. */
1341 block = ram_list.mru_block;
1342 if (block && addr - block->offset < block->length) {
1343 goto found;
1344 }
1345 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1346 if (addr - block->offset < block->length) {
1347 goto found;
1348 }
1349 }
1350
1351 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1352 abort();
1353
1354 found:
1355 ram_list.mru_block = block;
1356 if (xen_enabled()) {
1357 /* We need to check if the requested address is in the RAM
1358 * because we don't want to map the entire memory in QEMU.
1359 * In that case just map until the end of the page.
1360 */
1361 if (block->offset == 0) {
1362 return xen_map_cache(addr, 0, 0);
1363 } else if (block->host == NULL) {
1364 block->host =
1365 xen_map_cache(block->offset, block->length, 1);
1366 }
1367 }
1368 return block->host + (addr - block->offset);
1369 }
1370
1371 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1372 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1373 *
1374 * ??? Is this still necessary?
1375 */
1376 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1377 {
1378 RAMBlock *block;
1379
1380 /* The list is protected by the iothread lock here. */
1381 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1382 if (addr - block->offset < block->length) {
1383 if (xen_enabled()) {
1384 /* We need to check if the requested address is in the RAM
1385 * because we don't want to map the entire memory in QEMU.
1386 * In that case just map until the end of the page.
1387 */
1388 if (block->offset == 0) {
1389 return xen_map_cache(addr, 0, 0);
1390 } else if (block->host == NULL) {
1391 block->host =
1392 xen_map_cache(block->offset, block->length, 1);
1393 }
1394 }
1395 return block->host + (addr - block->offset);
1396 }
1397 }
1398
1399 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1400 abort();
1401
1402 return NULL;
1403 }
1404
1405 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1406 * but takes a size argument */
1407 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1408 {
1409 if (*size == 0) {
1410 return NULL;
1411 }
1412 if (xen_enabled()) {
1413 return xen_map_cache(addr, *size, 1);
1414 } else {
1415 RAMBlock *block;
1416
1417 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1418 if (addr - block->offset < block->length) {
1419 if (addr - block->offset + *size > block->length)
1420 *size = block->length - addr + block->offset;
1421 return block->host + (addr - block->offset);
1422 }
1423 }
1424
1425 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1426 abort();
1427 }
1428 }
1429
1430 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1431 {
1432 RAMBlock *block;
1433 uint8_t *host = ptr;
1434
1435 if (xen_enabled()) {
1436 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1437 return 0;
1438 }
1439
1440 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1441 /* This case append when the block is not mapped. */
1442 if (block->host == NULL) {
1443 continue;
1444 }
1445 if (host - block->host < block->length) {
1446 *ram_addr = block->offset + (host - block->host);
1447 return 0;
1448 }
1449 }
1450
1451 return -1;
1452 }
1453
1454 /* Some of the softmmu routines need to translate from a host pointer
1455 (typically a TLB entry) back to a ram offset. */
1456 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1457 {
1458 ram_addr_t ram_addr;
1459
1460 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1461 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1462 abort();
1463 }
1464 return ram_addr;
1465 }
1466
1467 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1468 uint64_t val, unsigned size)
1469 {
1470 int dirty_flags;
1471 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1472 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1473 tb_invalidate_phys_page_fast(ram_addr, size);
1474 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1475 }
1476 switch (size) {
1477 case 1:
1478 stb_p(qemu_get_ram_ptr(ram_addr), val);
1479 break;
1480 case 2:
1481 stw_p(qemu_get_ram_ptr(ram_addr), val);
1482 break;
1483 case 4:
1484 stl_p(qemu_get_ram_ptr(ram_addr), val);
1485 break;
1486 default:
1487 abort();
1488 }
1489 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1490 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1491 /* we remove the notdirty callback only if the code has been
1492 flushed */
1493 if (dirty_flags == 0xff)
1494 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1495 }
1496
1497 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1498 unsigned size, bool is_write)
1499 {
1500 return is_write;
1501 }
1502
1503 static const MemoryRegionOps notdirty_mem_ops = {
1504 .write = notdirty_mem_write,
1505 .valid.accepts = notdirty_mem_accepts,
1506 .endianness = DEVICE_NATIVE_ENDIAN,
1507 };
1508
1509 /* Generate a debug exception if a watchpoint has been hit. */
1510 static void check_watchpoint(int offset, int len_mask, int flags)
1511 {
1512 CPUArchState *env = cpu_single_env;
1513 target_ulong pc, cs_base;
1514 target_ulong vaddr;
1515 CPUWatchpoint *wp;
1516 int cpu_flags;
1517
1518 if (env->watchpoint_hit) {
1519 /* We re-entered the check after replacing the TB. Now raise
1520 * the debug interrupt so that is will trigger after the
1521 * current instruction. */
1522 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1523 return;
1524 }
1525 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1526 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1527 if ((vaddr == (wp->vaddr & len_mask) ||
1528 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1529 wp->flags |= BP_WATCHPOINT_HIT;
1530 if (!env->watchpoint_hit) {
1531 env->watchpoint_hit = wp;
1532 tb_check_watchpoint(env);
1533 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1534 env->exception_index = EXCP_DEBUG;
1535 cpu_loop_exit(env);
1536 } else {
1537 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1538 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1539 cpu_resume_from_signal(env, NULL);
1540 }
1541 }
1542 } else {
1543 wp->flags &= ~BP_WATCHPOINT_HIT;
1544 }
1545 }
1546 }
1547
1548 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1549 so these check for a hit then pass through to the normal out-of-line
1550 phys routines. */
1551 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1552 unsigned size)
1553 {
1554 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1555 switch (size) {
1556 case 1: return ldub_phys(addr);
1557 case 2: return lduw_phys(addr);
1558 case 4: return ldl_phys(addr);
1559 default: abort();
1560 }
1561 }
1562
1563 static void watch_mem_write(void *opaque, hwaddr addr,
1564 uint64_t val, unsigned size)
1565 {
1566 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1567 switch (size) {
1568 case 1:
1569 stb_phys(addr, val);
1570 break;
1571 case 2:
1572 stw_phys(addr, val);
1573 break;
1574 case 4:
1575 stl_phys(addr, val);
1576 break;
1577 default: abort();
1578 }
1579 }
1580
1581 static const MemoryRegionOps watch_mem_ops = {
1582 .read = watch_mem_read,
1583 .write = watch_mem_write,
1584 .endianness = DEVICE_NATIVE_ENDIAN,
1585 };
1586
1587 static uint64_t subpage_read(void *opaque, hwaddr addr,
1588 unsigned len)
1589 {
1590 subpage_t *subpage = opaque;
1591 uint8_t buf[4];
1592
1593 #if defined(DEBUG_SUBPAGE)
1594 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1595 subpage, len, addr);
1596 #endif
1597 address_space_read(subpage->as, addr + subpage->base, buf, len);
1598 switch (len) {
1599 case 1:
1600 return ldub_p(buf);
1601 case 2:
1602 return lduw_p(buf);
1603 case 4:
1604 return ldl_p(buf);
1605 default:
1606 abort();
1607 }
1608 }
1609
1610 static void subpage_write(void *opaque, hwaddr addr,
1611 uint64_t value, unsigned len)
1612 {
1613 subpage_t *subpage = opaque;
1614 uint8_t buf[4];
1615
1616 #if defined(DEBUG_SUBPAGE)
1617 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1618 " value %"PRIx64"\n",
1619 __func__, subpage, len, addr, value);
1620 #endif
1621 switch (len) {
1622 case 1:
1623 stb_p(buf, value);
1624 break;
1625 case 2:
1626 stw_p(buf, value);
1627 break;
1628 case 4:
1629 stl_p(buf, value);
1630 break;
1631 default:
1632 abort();
1633 }
1634 address_space_write(subpage->as, addr + subpage->base, buf, len);
1635 }
1636
1637 static bool subpage_accepts(void *opaque, hwaddr addr,
1638 unsigned size, bool is_write)
1639 {
1640 subpage_t *subpage = opaque;
1641 #if defined(DEBUG_SUBPAGE)
1642 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1643 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1644 #endif
1645
1646 return address_space_access_valid(subpage->as, addr + subpage->base,
1647 size, is_write);
1648 }
1649
1650 static const MemoryRegionOps subpage_ops = {
1651 .read = subpage_read,
1652 .write = subpage_write,
1653 .valid.accepts = subpage_accepts,
1654 .endianness = DEVICE_NATIVE_ENDIAN,
1655 };
1656
1657 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1658 uint16_t section)
1659 {
1660 int idx, eidx;
1661
1662 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1663 return -1;
1664 idx = SUBPAGE_IDX(start);
1665 eidx = SUBPAGE_IDX(end);
1666 #if defined(DEBUG_SUBPAGE)
1667 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1668 mmio, start, end, idx, eidx, memory);
1669 #endif
1670 for (; idx <= eidx; idx++) {
1671 mmio->sub_section[idx] = section;
1672 }
1673
1674 return 0;
1675 }
1676
1677 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1678 {
1679 subpage_t *mmio;
1680
1681 mmio = g_malloc0(sizeof(subpage_t));
1682
1683 mmio->as = as;
1684 mmio->base = base;
1685 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1686 "subpage", TARGET_PAGE_SIZE);
1687 mmio->iomem.subpage = true;
1688 #if defined(DEBUG_SUBPAGE)
1689 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1690 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1691 #endif
1692 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1693
1694 return mmio;
1695 }
1696
1697 static uint16_t dummy_section(MemoryRegion *mr)
1698 {
1699 MemoryRegionSection section = {
1700 .mr = mr,
1701 .offset_within_address_space = 0,
1702 .offset_within_region = 0,
1703 .size = int128_2_64(),
1704 };
1705
1706 return phys_section_add(&section);
1707 }
1708
1709 MemoryRegion *iotlb_to_region(hwaddr index)
1710 {
1711 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1712 }
1713
1714 static void io_mem_init(void)
1715 {
1716 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1717 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1718 "unassigned", UINT64_MAX);
1719 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1720 "notdirty", UINT64_MAX);
1721 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1722 "watch", UINT64_MAX);
1723 }
1724
1725 static void mem_begin(MemoryListener *listener)
1726 {
1727 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1728
1729 destroy_all_mappings(d);
1730 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1731 }
1732
1733 static void core_begin(MemoryListener *listener)
1734 {
1735 phys_sections_clear();
1736 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1737 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1738 phys_section_rom = dummy_section(&io_mem_rom);
1739 phys_section_watch = dummy_section(&io_mem_watch);
1740 }
1741
1742 static void tcg_commit(MemoryListener *listener)
1743 {
1744 CPUArchState *env;
1745
1746 /* since each CPU stores ram addresses in its TLB cache, we must
1747 reset the modified entries */
1748 /* XXX: slow ! */
1749 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1750 tlb_flush(env, 1);
1751 }
1752 }
1753
1754 static void core_log_global_start(MemoryListener *listener)
1755 {
1756 cpu_physical_memory_set_dirty_tracking(1);
1757 }
1758
1759 static void core_log_global_stop(MemoryListener *listener)
1760 {
1761 cpu_physical_memory_set_dirty_tracking(0);
1762 }
1763
1764 static void io_region_add(MemoryListener *listener,
1765 MemoryRegionSection *section)
1766 {
1767 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1768
1769 mrio->mr = section->mr;
1770 mrio->offset = section->offset_within_region;
1771 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1772 section->offset_within_address_space,
1773 int128_get64(section->size));
1774 ioport_register(&mrio->iorange);
1775 }
1776
1777 static void io_region_del(MemoryListener *listener,
1778 MemoryRegionSection *section)
1779 {
1780 isa_unassign_ioport(section->offset_within_address_space,
1781 int128_get64(section->size));
1782 }
1783
1784 static MemoryListener core_memory_listener = {
1785 .begin = core_begin,
1786 .log_global_start = core_log_global_start,
1787 .log_global_stop = core_log_global_stop,
1788 .priority = 1,
1789 };
1790
1791 static MemoryListener io_memory_listener = {
1792 .region_add = io_region_add,
1793 .region_del = io_region_del,
1794 .priority = 0,
1795 };
1796
1797 static MemoryListener tcg_memory_listener = {
1798 .commit = tcg_commit,
1799 };
1800
1801 void address_space_init_dispatch(AddressSpace *as)
1802 {
1803 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1804
1805 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1806 d->listener = (MemoryListener) {
1807 .begin = mem_begin,
1808 .region_add = mem_add,
1809 .region_nop = mem_add,
1810 .priority = 0,
1811 };
1812 d->as = as;
1813 as->dispatch = d;
1814 memory_listener_register(&d->listener, as);
1815 }
1816
1817 void address_space_destroy_dispatch(AddressSpace *as)
1818 {
1819 AddressSpaceDispatch *d = as->dispatch;
1820
1821 memory_listener_unregister(&d->listener);
1822 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1823 g_free(d);
1824 as->dispatch = NULL;
1825 }
1826
1827 static void memory_map_init(void)
1828 {
1829 system_memory = g_malloc(sizeof(*system_memory));
1830 memory_region_init(system_memory, "system", INT64_MAX);
1831 address_space_init(&address_space_memory, system_memory);
1832 address_space_memory.name = "memory";
1833
1834 system_io = g_malloc(sizeof(*system_io));
1835 memory_region_init(system_io, "io", 65536);
1836 address_space_init(&address_space_io, system_io);
1837 address_space_io.name = "I/O";
1838
1839 memory_listener_register(&core_memory_listener, &address_space_memory);
1840 memory_listener_register(&io_memory_listener, &address_space_io);
1841 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1842
1843 dma_context_init(&dma_context_memory, &address_space_memory,
1844 NULL, NULL, NULL);
1845 }
1846
1847 MemoryRegion *get_system_memory(void)
1848 {
1849 return system_memory;
1850 }
1851
1852 MemoryRegion *get_system_io(void)
1853 {
1854 return system_io;
1855 }
1856
1857 #endif /* !defined(CONFIG_USER_ONLY) */
1858
1859 /* physical memory access (slow version, mainly for debug) */
1860 #if defined(CONFIG_USER_ONLY)
1861 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1862 uint8_t *buf, int len, int is_write)
1863 {
1864 int l, flags;
1865 target_ulong page;
1866 void * p;
1867
1868 while (len > 0) {
1869 page = addr & TARGET_PAGE_MASK;
1870 l = (page + TARGET_PAGE_SIZE) - addr;
1871 if (l > len)
1872 l = len;
1873 flags = page_get_flags(page);
1874 if (!(flags & PAGE_VALID))
1875 return -1;
1876 if (is_write) {
1877 if (!(flags & PAGE_WRITE))
1878 return -1;
1879 /* XXX: this code should not depend on lock_user */
1880 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1881 return -1;
1882 memcpy(p, buf, l);
1883 unlock_user(p, addr, l);
1884 } else {
1885 if (!(flags & PAGE_READ))
1886 return -1;
1887 /* XXX: this code should not depend on lock_user */
1888 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1889 return -1;
1890 memcpy(buf, p, l);
1891 unlock_user(p, addr, 0);
1892 }
1893 len -= l;
1894 buf += l;
1895 addr += l;
1896 }
1897 return 0;
1898 }
1899
1900 #else
1901
1902 static void invalidate_and_set_dirty(hwaddr addr,
1903 hwaddr length)
1904 {
1905 if (!cpu_physical_memory_is_dirty(addr)) {
1906 /* invalidate code */
1907 tb_invalidate_phys_page_range(addr, addr + length, 0);
1908 /* set dirty bit */
1909 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1910 }
1911 xen_modified_memory(addr, length);
1912 }
1913
1914 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1915 {
1916 if (memory_region_is_ram(mr)) {
1917 return !(is_write && mr->readonly);
1918 }
1919 if (memory_region_is_romd(mr)) {
1920 return !is_write;
1921 }
1922
1923 return false;
1924 }
1925
1926 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1927 {
1928 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1929 return 4;
1930 }
1931 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1932 return 2;
1933 }
1934 return 1;
1935 }
1936
1937 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1938 int len, bool is_write)
1939 {
1940 hwaddr l;
1941 uint8_t *ptr;
1942 uint64_t val;
1943 hwaddr addr1;
1944 MemoryRegion *mr;
1945 bool error = false;
1946
1947 while (len > 0) {
1948 l = len;
1949 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1950
1951 if (is_write) {
1952 if (!memory_access_is_direct(mr, is_write)) {
1953 l = memory_access_size(mr, l, addr1);
1954 /* XXX: could force cpu_single_env to NULL to avoid
1955 potential bugs */
1956 if (l == 4) {
1957 /* 32 bit write access */
1958 val = ldl_p(buf);
1959 error |= io_mem_write(mr, addr1, val, 4);
1960 } else if (l == 2) {
1961 /* 16 bit write access */
1962 val = lduw_p(buf);
1963 error |= io_mem_write(mr, addr1, val, 2);
1964 } else {
1965 /* 8 bit write access */
1966 val = ldub_p(buf);
1967 error |= io_mem_write(mr, addr1, val, 1);
1968 }
1969 } else {
1970 addr1 += memory_region_get_ram_addr(mr);
1971 /* RAM case */
1972 ptr = qemu_get_ram_ptr(addr1);
1973 memcpy(ptr, buf, l);
1974 invalidate_and_set_dirty(addr1, l);
1975 }
1976 } else {
1977 if (!memory_access_is_direct(mr, is_write)) {
1978 /* I/O case */
1979 l = memory_access_size(mr, l, addr1);
1980 if (l == 4) {
1981 /* 32 bit read access */
1982 error |= io_mem_read(mr, addr1, &val, 4);
1983 stl_p(buf, val);
1984 } else if (l == 2) {
1985 /* 16 bit read access */
1986 error |= io_mem_read(mr, addr1, &val, 2);
1987 stw_p(buf, val);
1988 } else {
1989 /* 8 bit read access */
1990 error |= io_mem_read(mr, addr1, &val, 1);
1991 stb_p(buf, val);
1992 }
1993 } else {
1994 /* RAM case */
1995 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1996 memcpy(buf, ptr, l);
1997 }
1998 }
1999 len -= l;
2000 buf += l;
2001 addr += l;
2002 }
2003
2004 return error;
2005 }
2006
2007 bool address_space_write(AddressSpace *as, hwaddr addr,
2008 const uint8_t *buf, int len)
2009 {
2010 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2011 }
2012
2013 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2014 {
2015 return address_space_rw(as, addr, buf, len, false);
2016 }
2017
2018
2019 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2020 int len, int is_write)
2021 {
2022 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2023 }
2024
2025 /* used for ROM loading : can write in RAM and ROM */
2026 void cpu_physical_memory_write_rom(hwaddr addr,
2027 const uint8_t *buf, int len)
2028 {
2029 hwaddr l;
2030 uint8_t *ptr;
2031 hwaddr addr1;
2032 MemoryRegion *mr;
2033
2034 while (len > 0) {
2035 l = len;
2036 mr = address_space_translate(&address_space_memory,
2037 addr, &addr1, &l, true);
2038
2039 if (!(memory_region_is_ram(mr) ||
2040 memory_region_is_romd(mr))) {
2041 /* do nothing */
2042 } else {
2043 addr1 += memory_region_get_ram_addr(mr);
2044 /* ROM/RAM case */
2045 ptr = qemu_get_ram_ptr(addr1);
2046 memcpy(ptr, buf, l);
2047 invalidate_and_set_dirty(addr1, l);
2048 }
2049 len -= l;
2050 buf += l;
2051 addr += l;
2052 }
2053 }
2054
2055 typedef struct {
2056 void *buffer;
2057 hwaddr addr;
2058 hwaddr len;
2059 } BounceBuffer;
2060
2061 static BounceBuffer bounce;
2062
2063 typedef struct MapClient {
2064 void *opaque;
2065 void (*callback)(void *opaque);
2066 QLIST_ENTRY(MapClient) link;
2067 } MapClient;
2068
2069 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2070 = QLIST_HEAD_INITIALIZER(map_client_list);
2071
2072 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2073 {
2074 MapClient *client = g_malloc(sizeof(*client));
2075
2076 client->opaque = opaque;
2077 client->callback = callback;
2078 QLIST_INSERT_HEAD(&map_client_list, client, link);
2079 return client;
2080 }
2081
2082 static void cpu_unregister_map_client(void *_client)
2083 {
2084 MapClient *client = (MapClient *)_client;
2085
2086 QLIST_REMOVE(client, link);
2087 g_free(client);
2088 }
2089
2090 static void cpu_notify_map_clients(void)
2091 {
2092 MapClient *client;
2093
2094 while (!QLIST_EMPTY(&map_client_list)) {
2095 client = QLIST_FIRST(&map_client_list);
2096 client->callback(client->opaque);
2097 cpu_unregister_map_client(client);
2098 }
2099 }
2100
2101 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2102 {
2103 MemoryRegion *mr;
2104 hwaddr l, xlat;
2105
2106 while (len > 0) {
2107 l = len;
2108 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2109 if (!memory_access_is_direct(mr, is_write)) {
2110 l = memory_access_size(mr, l, addr);
2111 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2112 return false;
2113 }
2114 }
2115
2116 len -= l;
2117 addr += l;
2118 }
2119 return true;
2120 }
2121
2122 /* Map a physical memory region into a host virtual address.
2123 * May map a subset of the requested range, given by and returned in *plen.
2124 * May return NULL if resources needed to perform the mapping are exhausted.
2125 * Use only for reads OR writes - not for read-modify-write operations.
2126 * Use cpu_register_map_client() to know when retrying the map operation is
2127 * likely to succeed.
2128 */
2129 void *address_space_map(AddressSpace *as,
2130 hwaddr addr,
2131 hwaddr *plen,
2132 bool is_write)
2133 {
2134 hwaddr len = *plen;
2135 hwaddr todo = 0;
2136 hwaddr l, xlat;
2137 MemoryRegion *mr;
2138 ram_addr_t raddr = RAM_ADDR_MAX;
2139 ram_addr_t rlen;
2140 void *ret;
2141
2142 while (len > 0) {
2143 l = len;
2144 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2145
2146 if (!memory_access_is_direct(mr, is_write)) {
2147 if (todo || bounce.buffer) {
2148 break;
2149 }
2150 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2151 bounce.addr = addr;
2152 bounce.len = l;
2153 if (!is_write) {
2154 address_space_read(as, addr, bounce.buffer, l);
2155 }
2156
2157 *plen = l;
2158 return bounce.buffer;
2159 }
2160 if (!todo) {
2161 raddr = memory_region_get_ram_addr(mr) + xlat;
2162 } else {
2163 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2164 break;
2165 }
2166 }
2167
2168 len -= l;
2169 addr += l;
2170 todo += l;
2171 }
2172 rlen = todo;
2173 ret = qemu_ram_ptr_length(raddr, &rlen);
2174 *plen = rlen;
2175 return ret;
2176 }
2177
2178 /* Unmaps a memory region previously mapped by address_space_map().
2179 * Will also mark the memory as dirty if is_write == 1. access_len gives
2180 * the amount of memory that was actually read or written by the caller.
2181 */
2182 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2183 int is_write, hwaddr access_len)
2184 {
2185 if (buffer != bounce.buffer) {
2186 if (is_write) {
2187 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2188 while (access_len) {
2189 unsigned l;
2190 l = TARGET_PAGE_SIZE;
2191 if (l > access_len)
2192 l = access_len;
2193 invalidate_and_set_dirty(addr1, l);
2194 addr1 += l;
2195 access_len -= l;
2196 }
2197 }
2198 if (xen_enabled()) {
2199 xen_invalidate_map_cache_entry(buffer);
2200 }
2201 return;
2202 }
2203 if (is_write) {
2204 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2205 }
2206 qemu_vfree(bounce.buffer);
2207 bounce.buffer = NULL;
2208 cpu_notify_map_clients();
2209 }
2210
2211 void *cpu_physical_memory_map(hwaddr addr,
2212 hwaddr *plen,
2213 int is_write)
2214 {
2215 return address_space_map(&address_space_memory, addr, plen, is_write);
2216 }
2217
2218 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2219 int is_write, hwaddr access_len)
2220 {
2221 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2222 }
2223
2224 /* warning: addr must be aligned */
2225 static inline uint32_t ldl_phys_internal(hwaddr addr,
2226 enum device_endian endian)
2227 {
2228 uint8_t *ptr;
2229 uint64_t val;
2230 MemoryRegion *mr;
2231 hwaddr l = 4;
2232 hwaddr addr1;
2233
2234 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2235 false);
2236 if (l < 4 || !memory_access_is_direct(mr, false)) {
2237 /* I/O case */
2238 io_mem_read(mr, addr1, &val, 4);
2239 #if defined(TARGET_WORDS_BIGENDIAN)
2240 if (endian == DEVICE_LITTLE_ENDIAN) {
2241 val = bswap32(val);
2242 }
2243 #else
2244 if (endian == DEVICE_BIG_ENDIAN) {
2245 val = bswap32(val);
2246 }
2247 #endif
2248 } else {
2249 /* RAM case */
2250 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2251 & TARGET_PAGE_MASK)
2252 + addr1);
2253 switch (endian) {
2254 case DEVICE_LITTLE_ENDIAN:
2255 val = ldl_le_p(ptr);
2256 break;
2257 case DEVICE_BIG_ENDIAN:
2258 val = ldl_be_p(ptr);
2259 break;
2260 default:
2261 val = ldl_p(ptr);
2262 break;
2263 }
2264 }
2265 return val;
2266 }
2267
2268 uint32_t ldl_phys(hwaddr addr)
2269 {
2270 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2271 }
2272
2273 uint32_t ldl_le_phys(hwaddr addr)
2274 {
2275 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2276 }
2277
2278 uint32_t ldl_be_phys(hwaddr addr)
2279 {
2280 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2281 }
2282
2283 /* warning: addr must be aligned */
2284 static inline uint64_t ldq_phys_internal(hwaddr addr,
2285 enum device_endian endian)
2286 {
2287 uint8_t *ptr;
2288 uint64_t val;
2289 MemoryRegion *mr;
2290 hwaddr l = 8;
2291 hwaddr addr1;
2292
2293 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2294 false);
2295 if (l < 8 || !memory_access_is_direct(mr, false)) {
2296 /* I/O case */
2297 io_mem_read(mr, addr1, &val, 8);
2298 #if defined(TARGET_WORDS_BIGENDIAN)
2299 if (endian == DEVICE_LITTLE_ENDIAN) {
2300 val = bswap64(val);
2301 }
2302 #else
2303 if (endian == DEVICE_BIG_ENDIAN) {
2304 val = bswap64(val);
2305 }
2306 #endif
2307 } else {
2308 /* RAM case */
2309 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2310 & TARGET_PAGE_MASK)
2311 + addr1);
2312 switch (endian) {
2313 case DEVICE_LITTLE_ENDIAN:
2314 val = ldq_le_p(ptr);
2315 break;
2316 case DEVICE_BIG_ENDIAN:
2317 val = ldq_be_p(ptr);
2318 break;
2319 default:
2320 val = ldq_p(ptr);
2321 break;
2322 }
2323 }
2324 return val;
2325 }
2326
2327 uint64_t ldq_phys(hwaddr addr)
2328 {
2329 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2330 }
2331
2332 uint64_t ldq_le_phys(hwaddr addr)
2333 {
2334 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2335 }
2336
2337 uint64_t ldq_be_phys(hwaddr addr)
2338 {
2339 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2340 }
2341
2342 /* XXX: optimize */
2343 uint32_t ldub_phys(hwaddr addr)
2344 {
2345 uint8_t val;
2346 cpu_physical_memory_read(addr, &val, 1);
2347 return val;
2348 }
2349
2350 /* warning: addr must be aligned */
2351 static inline uint32_t lduw_phys_internal(hwaddr addr,
2352 enum device_endian endian)
2353 {
2354 uint8_t *ptr;
2355 uint64_t val;
2356 MemoryRegion *mr;
2357 hwaddr l = 2;
2358 hwaddr addr1;
2359
2360 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2361 false);
2362 if (l < 2 || !memory_access_is_direct(mr, false)) {
2363 /* I/O case */
2364 io_mem_read(mr, addr1, &val, 2);
2365 #if defined(TARGET_WORDS_BIGENDIAN)
2366 if (endian == DEVICE_LITTLE_ENDIAN) {
2367 val = bswap16(val);
2368 }
2369 #else
2370 if (endian == DEVICE_BIG_ENDIAN) {
2371 val = bswap16(val);
2372 }
2373 #endif
2374 } else {
2375 /* RAM case */
2376 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2377 & TARGET_PAGE_MASK)
2378 + addr1);
2379 switch (endian) {
2380 case DEVICE_LITTLE_ENDIAN:
2381 val = lduw_le_p(ptr);
2382 break;
2383 case DEVICE_BIG_ENDIAN:
2384 val = lduw_be_p(ptr);
2385 break;
2386 default:
2387 val = lduw_p(ptr);
2388 break;
2389 }
2390 }
2391 return val;
2392 }
2393
2394 uint32_t lduw_phys(hwaddr addr)
2395 {
2396 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2397 }
2398
2399 uint32_t lduw_le_phys(hwaddr addr)
2400 {
2401 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2402 }
2403
2404 uint32_t lduw_be_phys(hwaddr addr)
2405 {
2406 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2407 }
2408
2409 /* warning: addr must be aligned. The ram page is not masked as dirty
2410 and the code inside is not invalidated. It is useful if the dirty
2411 bits are used to track modified PTEs */
2412 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2413 {
2414 uint8_t *ptr;
2415 MemoryRegion *mr;
2416 hwaddr l = 4;
2417 hwaddr addr1;
2418
2419 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2420 true);
2421 if (l < 4 || !memory_access_is_direct(mr, true)) {
2422 io_mem_write(mr, addr1, val, 4);
2423 } else {
2424 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2425 ptr = qemu_get_ram_ptr(addr1);
2426 stl_p(ptr, val);
2427
2428 if (unlikely(in_migration)) {
2429 if (!cpu_physical_memory_is_dirty(addr1)) {
2430 /* invalidate code */
2431 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2432 /* set dirty bit */
2433 cpu_physical_memory_set_dirty_flags(
2434 addr1, (0xff & ~CODE_DIRTY_FLAG));
2435 }
2436 }
2437 }
2438 }
2439
2440 /* warning: addr must be aligned */
2441 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2442 enum device_endian endian)
2443 {
2444 uint8_t *ptr;
2445 MemoryRegion *mr;
2446 hwaddr l = 4;
2447 hwaddr addr1;
2448
2449 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2450 true);
2451 if (l < 4 || !memory_access_is_direct(mr, true)) {
2452 #if defined(TARGET_WORDS_BIGENDIAN)
2453 if (endian == DEVICE_LITTLE_ENDIAN) {
2454 val = bswap32(val);
2455 }
2456 #else
2457 if (endian == DEVICE_BIG_ENDIAN) {
2458 val = bswap32(val);
2459 }
2460 #endif
2461 io_mem_write(mr, addr1, val, 4);
2462 } else {
2463 /* RAM case */
2464 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2465 ptr = qemu_get_ram_ptr(addr1);
2466 switch (endian) {
2467 case DEVICE_LITTLE_ENDIAN:
2468 stl_le_p(ptr, val);
2469 break;
2470 case DEVICE_BIG_ENDIAN:
2471 stl_be_p(ptr, val);
2472 break;
2473 default:
2474 stl_p(ptr, val);
2475 break;
2476 }
2477 invalidate_and_set_dirty(addr1, 4);
2478 }
2479 }
2480
2481 void stl_phys(hwaddr addr, uint32_t val)
2482 {
2483 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2484 }
2485
2486 void stl_le_phys(hwaddr addr, uint32_t val)
2487 {
2488 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2489 }
2490
2491 void stl_be_phys(hwaddr addr, uint32_t val)
2492 {
2493 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2494 }
2495
2496 /* XXX: optimize */
2497 void stb_phys(hwaddr addr, uint32_t val)
2498 {
2499 uint8_t v = val;
2500 cpu_physical_memory_write(addr, &v, 1);
2501 }
2502
2503 /* warning: addr must be aligned */
2504 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2505 enum device_endian endian)
2506 {
2507 uint8_t *ptr;
2508 MemoryRegion *mr;
2509 hwaddr l = 2;
2510 hwaddr addr1;
2511
2512 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2513 true);
2514 if (l < 2 || !memory_access_is_direct(mr, true)) {
2515 #if defined(TARGET_WORDS_BIGENDIAN)
2516 if (endian == DEVICE_LITTLE_ENDIAN) {
2517 val = bswap16(val);
2518 }
2519 #else
2520 if (endian == DEVICE_BIG_ENDIAN) {
2521 val = bswap16(val);
2522 }
2523 #endif
2524 io_mem_write(mr, addr1, val, 2);
2525 } else {
2526 /* RAM case */
2527 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2528 ptr = qemu_get_ram_ptr(addr1);
2529 switch (endian) {
2530 case DEVICE_LITTLE_ENDIAN:
2531 stw_le_p(ptr, val);
2532 break;
2533 case DEVICE_BIG_ENDIAN:
2534 stw_be_p(ptr, val);
2535 break;
2536 default:
2537 stw_p(ptr, val);
2538 break;
2539 }
2540 invalidate_and_set_dirty(addr1, 2);
2541 }
2542 }
2543
2544 void stw_phys(hwaddr addr, uint32_t val)
2545 {
2546 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2547 }
2548
2549 void stw_le_phys(hwaddr addr, uint32_t val)
2550 {
2551 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2552 }
2553
2554 void stw_be_phys(hwaddr addr, uint32_t val)
2555 {
2556 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2557 }
2558
2559 /* XXX: optimize */
2560 void stq_phys(hwaddr addr, uint64_t val)
2561 {
2562 val = tswap64(val);
2563 cpu_physical_memory_write(addr, &val, 8);
2564 }
2565
2566 void stq_le_phys(hwaddr addr, uint64_t val)
2567 {
2568 val = cpu_to_le64(val);
2569 cpu_physical_memory_write(addr, &val, 8);
2570 }
2571
2572 void stq_be_phys(hwaddr addr, uint64_t val)
2573 {
2574 val = cpu_to_be64(val);
2575 cpu_physical_memory_write(addr, &val, 8);
2576 }
2577
2578 /* virtual memory access for debug (includes writing to ROM) */
2579 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2580 uint8_t *buf, int len, int is_write)
2581 {
2582 int l;
2583 hwaddr phys_addr;
2584 target_ulong page;
2585
2586 while (len > 0) {
2587 page = addr & TARGET_PAGE_MASK;
2588 phys_addr = cpu_get_phys_page_debug(env, page);
2589 /* if no physical page mapped, return an error */
2590 if (phys_addr == -1)
2591 return -1;
2592 l = (page + TARGET_PAGE_SIZE) - addr;
2593 if (l > len)
2594 l = len;
2595 phys_addr += (addr & ~TARGET_PAGE_MASK);
2596 if (is_write)
2597 cpu_physical_memory_write_rom(phys_addr, buf, l);
2598 else
2599 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2600 len -= l;
2601 buf += l;
2602 addr += l;
2603 }
2604 return 0;
2605 }
2606 #endif
2607
2608 #if !defined(CONFIG_USER_ONLY)
2609
2610 /*
2611 * A helper function for the _utterly broken_ virtio device model to find out if
2612 * it's running on a big endian machine. Don't do this at home kids!
2613 */
2614 bool virtio_is_big_endian(void);
2615 bool virtio_is_big_endian(void)
2616 {
2617 #if defined(TARGET_WORDS_BIGENDIAN)
2618 return true;
2619 #else
2620 return false;
2621 #endif
2622 }
2623
2624 #endif
2625
2626 #ifndef CONFIG_USER_ONLY
2627 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2628 {
2629 MemoryRegion*mr;
2630 hwaddr l = 1;
2631
2632 mr = address_space_translate(&address_space_memory,
2633 phys_addr, &phys_addr, &l, false);
2634
2635 return !(memory_region_is_ram(mr) ||
2636 memory_region_is_romd(mr));
2637 }
2638 #endif
QEMU mirror