]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
exec: split cpu_exec_init()
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #ifndef _WIN32
22 #endif
23
24 #include "qemu/cutils.h"
25 #include "cpu.h"
26 #include "exec/exec-all.h"
27 #include "tcg.h"
28 #include "hw/qdev-core.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
32 #endif
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include "qemu.h"
40 #else /* !CONFIG_USER_ONLY */
41 #include "hw/hw.h"
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57 #include "exec/log.h"
58
59 #include "migration/vmstate.h"
60
61 #include "qemu/range.h"
62 #ifndef _WIN32
63 #include "qemu/mmap-alloc.h"
64 #endif
65
66 //#define DEBUG_SUBPAGE
67
68 #if !defined(CONFIG_USER_ONLY)
69 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
72 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
73
74 static MemoryRegion *system_memory;
75 static MemoryRegion *system_io;
76
77 AddressSpace address_space_io;
78 AddressSpace address_space_memory;
79
80 MemoryRegion io_mem_rom, io_mem_notdirty;
81 static MemoryRegion io_mem_unassigned;
82
83 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84 #define RAM_PREALLOC (1 << 0)
85
86 /* RAM is mmap-ed with MAP_SHARED */
87 #define RAM_SHARED (1 << 1)
88
89 /* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92 #define RAM_RESIZEABLE (1 << 2)
93
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 MemoryRegionSection *mru_section;
143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
147 PhysPageMap map;
148 AddressSpace *as;
149 };
150
151 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152 typedef struct subpage_t {
153 MemoryRegion iomem;
154 AddressSpace *as;
155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157 } subpage_t;
158
159 #define PHYS_SECTION_UNASSIGNED 0
160 #define PHYS_SECTION_NOTDIRTY 1
161 #define PHYS_SECTION_ROM 2
162 #define PHYS_SECTION_WATCH 3
163
164 static void io_mem_init(void);
165 static void memory_map_init(void);
166 static void tcg_commit(MemoryListener *listener);
167
168 static MemoryRegion io_mem_watch;
169
170 /**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177 struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182 };
183
184 #endif
185
186 #if !defined(CONFIG_USER_ONLY)
187
188 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
189 {
190 static unsigned alloc_hint = 16;
191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
195 alloc_hint = map->nodes_nb_alloc;
196 }
197 }
198
199 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
200 {
201 unsigned i;
202 uint32_t ret;
203 PhysPageEntry e;
204 PhysPageEntry *p;
205
206 ret = map->nodes_nb++;
207 p = map->nodes[ret];
208 assert(ret != PHYS_MAP_NODE_NIL);
209 assert(ret != map->nodes_nb_alloc);
210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
213 for (i = 0; i < P_L2_SIZE; ++i) {
214 memcpy(&p[i], &e, sizeof(e));
215 }
216 return ret;
217 }
218
219 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
221 int level)
222 {
223 PhysPageEntry *p;
224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
225
226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
227 lp->ptr = phys_map_node_alloc(map, level == 0);
228 }
229 p = map->nodes[lp->ptr];
230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
231
232 while (*nb && lp < &p[P_L2_SIZE]) {
233 if ((*index & (step - 1)) == 0 && *nb >= step) {
234 lp->skip = 0;
235 lp->ptr = leaf;
236 *index += step;
237 *nb -= step;
238 } else {
239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
240 }
241 ++lp;
242 }
243 }
244
245 static void phys_page_set(AddressSpaceDispatch *d,
246 hwaddr index, hwaddr nb,
247 uint16_t leaf)
248 {
249 /* Wildly overreserve - it doesn't matter much. */
250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
251
252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
253 }
254
255 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258 static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
259 {
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306 }
307
308 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309 {
310 if (d->phys_map.skip) {
311 phys_page_compact(&d->phys_map, d->map.nodes);
312 }
313 }
314
315 static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317 {
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324 }
325
326 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
327 Node *nodes, MemoryRegionSection *sections)
328 {
329 PhysPageEntry *p;
330 hwaddr index = addr >> TARGET_PAGE_BITS;
331 int i;
332
333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
335 return &sections[PHYS_SECTION_UNASSIGNED];
336 }
337 p = nodes[lp.ptr];
338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
339 }
340
341 if (section_covers_addr(&sections[lp.ptr], addr)) {
342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
346 }
347
348 bool memory_region_is_unassigned(MemoryRegion *mr)
349 {
350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
351 && mr != &io_mem_watch;
352 }
353
354 /* Called from RCU critical section */
355 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
356 hwaddr addr,
357 bool resolve_subpage)
358 {
359 MemoryRegionSection *section = atomic_read(&d->mru_section);
360 subpage_t *subpage;
361 bool update;
362
363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
374 }
375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
378 return section;
379 }
380
381 /* Called from RCU critical section */
382 static MemoryRegionSection *
383 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
384 hwaddr *plen, bool resolve_subpage)
385 {
386 MemoryRegionSection *section;
387 MemoryRegion *mr;
388 Int128 diff;
389
390 section = address_space_lookup_region(d, addr, resolve_subpage);
391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
397 mr = section->mr;
398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
410 if (memory_region_is_ram(mr)) {
411 diff = int128_sub(section->size, int128_make64(addr));
412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
414 return section;
415 }
416
417 /* Called from RCU critical section */
418 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
421 {
422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
425
426 for (;;) {
427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
449 *plen = MIN(page, *plen);
450 }
451
452 *xlat = addr;
453 return mr;
454 }
455
456 /* Called from RCU critical section */
457 MemoryRegionSection *
458 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
459 hwaddr *xlat, hwaddr *plen)
460 {
461 MemoryRegionSection *section;
462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
465
466 assert(!section->mr->iommu_ops);
467 return section;
468 }
469 #endif
470
471 #if !defined(CONFIG_USER_ONLY)
472
473 static int cpu_common_post_load(void *opaque, int version_id)
474 {
475 CPUState *cpu = opaque;
476
477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
479 cpu->interrupt_request &= ~0x01;
480 tlb_flush(cpu, 1);
481
482 return 0;
483 }
484
485 static int cpu_common_pre_load(void *opaque)
486 {
487 CPUState *cpu = opaque;
488
489 cpu->exception_index = -1;
490
491 return 0;
492 }
493
494 static bool cpu_common_exception_index_needed(void *opaque)
495 {
496 CPUState *cpu = opaque;
497
498 return tcg_enabled() && cpu->exception_index != -1;
499 }
500
501 static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
505 .needed = cpu_common_exception_index_needed,
506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510 };
511
512 static bool cpu_common_crash_occurred_needed(void *opaque)
513 {
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517 }
518
519 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528 };
529
530 const VMStateDescription vmstate_cpu_common = {
531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
534 .pre_load = cpu_common_pre_load,
535 .post_load = cpu_common_post_load,
536 .fields = (VMStateField[]) {
537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
539 VMSTATE_END_OF_LIST()
540 },
541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
543 &vmstate_cpu_common_crash_occurred,
544 NULL
545 }
546 };
547
548 #endif
549
550 CPUState *qemu_get_cpu(int index)
551 {
552 CPUState *cpu;
553
554 CPU_FOREACH(cpu) {
555 if (cpu->cpu_index == index) {
556 return cpu;
557 }
558 }
559
560 return NULL;
561 }
562
563 #if !defined(CONFIG_USER_ONLY)
564 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
565 {
566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
578
579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
581 }
582
583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
586 if (tcg_enabled()) {
587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
589 }
590 }
591
592 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593 {
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596 }
597 #endif
598
599 void cpu_exec_exit(CPUState *cpu)
600 {
601 CPUClass *cc = CPU_GET_CLASS(cpu);
602
603 cpu_list_remove(cpu);
604
605 if (cc->vmsd != NULL) {
606 vmstate_unregister(NULL, cc->vmsd, cpu);
607 }
608 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
609 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
610 }
611 }
612
613 void cpu_exec_initfn(CPUState *cpu)
614 {
615 cpu->as = NULL;
616 cpu->num_ases = 0;
617
618 #ifndef CONFIG_USER_ONLY
619 cpu->thread_id = qemu_get_thread_id();
620
621 /* This is a softmmu CPU object, so create a property for it
622 * so users can wire up its memory. (This can't go in qom/cpu.c
623 * because that file is compiled only once for both user-mode
624 * and system builds.) The default if no link is set up is to use
625 * the system address space.
626 */
627 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
628 (Object **)&cpu->memory,
629 qdev_prop_allow_set_link_before_realize,
630 OBJ_PROP_LINK_UNREF_ON_RELEASE,
631 &error_abort);
632 cpu->memory = system_memory;
633 object_ref(OBJECT(cpu->memory));
634 #endif
635 }
636
637 void cpu_exec_init(CPUState *cpu, Error **errp)
638 {
639 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
640
641 cpu_list_add(cpu);
642
643 #ifndef CONFIG_USER_ONLY
644 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
645 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
646 }
647 if (cc->vmsd != NULL) {
648 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
649 }
650 #endif
651 }
652
653 #if defined(CONFIG_USER_ONLY)
654 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
655 {
656 tb_invalidate_phys_page_range(pc, pc + 1, 0);
657 }
658 #else
659 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
660 {
661 MemTxAttrs attrs;
662 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
663 int asidx = cpu_asidx_from_attrs(cpu, attrs);
664 if (phys != -1) {
665 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
666 phys | (pc & ~TARGET_PAGE_MASK));
667 }
668 }
669 #endif
670
671 #if defined(CONFIG_USER_ONLY)
672 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
673
674 {
675 }
676
677 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
678 int flags)
679 {
680 return -ENOSYS;
681 }
682
683 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
684 {
685 }
686
687 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
688 int flags, CPUWatchpoint **watchpoint)
689 {
690 return -ENOSYS;
691 }
692 #else
693 /* Add a watchpoint. */
694 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
695 int flags, CPUWatchpoint **watchpoint)
696 {
697 CPUWatchpoint *wp;
698
699 /* forbid ranges which are empty or run off the end of the address space */
700 if (len == 0 || (addr + len - 1) < addr) {
701 error_report("tried to set invalid watchpoint at %"
702 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
703 return -EINVAL;
704 }
705 wp = g_malloc(sizeof(*wp));
706
707 wp->vaddr = addr;
708 wp->len = len;
709 wp->flags = flags;
710
711 /* keep all GDB-injected watchpoints in front */
712 if (flags & BP_GDB) {
713 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
714 } else {
715 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
716 }
717
718 tlb_flush_page(cpu, addr);
719
720 if (watchpoint)
721 *watchpoint = wp;
722 return 0;
723 }
724
725 /* Remove a specific watchpoint. */
726 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
727 int flags)
728 {
729 CPUWatchpoint *wp;
730
731 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
732 if (addr == wp->vaddr && len == wp->len
733 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
734 cpu_watchpoint_remove_by_ref(cpu, wp);
735 return 0;
736 }
737 }
738 return -ENOENT;
739 }
740
741 /* Remove a specific watchpoint by reference. */
742 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
743 {
744 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
745
746 tlb_flush_page(cpu, watchpoint->vaddr);
747
748 g_free(watchpoint);
749 }
750
751 /* Remove all matching watchpoints. */
752 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
753 {
754 CPUWatchpoint *wp, *next;
755
756 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
757 if (wp->flags & mask) {
758 cpu_watchpoint_remove_by_ref(cpu, wp);
759 }
760 }
761 }
762
763 /* Return true if this watchpoint address matches the specified
764 * access (ie the address range covered by the watchpoint overlaps
765 * partially or completely with the address range covered by the
766 * access).
767 */
768 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
769 vaddr addr,
770 vaddr len)
771 {
772 /* We know the lengths are non-zero, but a little caution is
773 * required to avoid errors in the case where the range ends
774 * exactly at the top of the address space and so addr + len
775 * wraps round to zero.
776 */
777 vaddr wpend = wp->vaddr + wp->len - 1;
778 vaddr addrend = addr + len - 1;
779
780 return !(addr > wpend || wp->vaddr > addrend);
781 }
782
783 #endif
784
785 /* Add a breakpoint. */
786 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
787 CPUBreakpoint **breakpoint)
788 {
789 CPUBreakpoint *bp;
790
791 bp = g_malloc(sizeof(*bp));
792
793 bp->pc = pc;
794 bp->flags = flags;
795
796 /* keep all GDB-injected breakpoints in front */
797 if (flags & BP_GDB) {
798 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
799 } else {
800 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
801 }
802
803 breakpoint_invalidate(cpu, pc);
804
805 if (breakpoint) {
806 *breakpoint = bp;
807 }
808 return 0;
809 }
810
811 /* Remove a specific breakpoint. */
812 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
813 {
814 CPUBreakpoint *bp;
815
816 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
817 if (bp->pc == pc && bp->flags == flags) {
818 cpu_breakpoint_remove_by_ref(cpu, bp);
819 return 0;
820 }
821 }
822 return -ENOENT;
823 }
824
825 /* Remove a specific breakpoint by reference. */
826 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
827 {
828 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
829
830 breakpoint_invalidate(cpu, breakpoint->pc);
831
832 g_free(breakpoint);
833 }
834
835 /* Remove all matching breakpoints. */
836 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
837 {
838 CPUBreakpoint *bp, *next;
839
840 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
841 if (bp->flags & mask) {
842 cpu_breakpoint_remove_by_ref(cpu, bp);
843 }
844 }
845 }
846
847 /* enable or disable single step mode. EXCP_DEBUG is returned by the
848 CPU loop after each instruction */
849 void cpu_single_step(CPUState *cpu, int enabled)
850 {
851 if (cpu->singlestep_enabled != enabled) {
852 cpu->singlestep_enabled = enabled;
853 if (kvm_enabled()) {
854 kvm_update_guest_debug(cpu, 0);
855 } else {
856 /* must flush all the translated code to avoid inconsistencies */
857 /* XXX: only flush what is necessary */
858 tb_flush(cpu);
859 }
860 }
861 }
862
863 void cpu_abort(CPUState *cpu, const char *fmt, ...)
864 {
865 va_list ap;
866 va_list ap2;
867
868 va_start(ap, fmt);
869 va_copy(ap2, ap);
870 fprintf(stderr, "qemu: fatal: ");
871 vfprintf(stderr, fmt, ap);
872 fprintf(stderr, "\n");
873 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
874 if (qemu_log_separate()) {
875 qemu_log("qemu: fatal: ");
876 qemu_log_vprintf(fmt, ap2);
877 qemu_log("\n");
878 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
879 qemu_log_flush();
880 qemu_log_close();
881 }
882 va_end(ap2);
883 va_end(ap);
884 replay_finish();
885 #if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892 #endif
893 abort();
894 }
895
896 #if !defined(CONFIG_USER_ONLY)
897 /* Called from RCU critical section */
898 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899 {
900 RAMBlock *block;
901
902 block = atomic_rcu_read(&ram_list.mru_block);
903 if (block && addr - block->offset < block->max_length) {
904 return block;
905 }
906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
907 if (addr - block->offset < block->max_length) {
908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915 found:
916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
932 ram_list.mru_block = block;
933 return block;
934 }
935
936 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
937 {
938 CPUState *cpu;
939 ram_addr_t start1;
940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
945
946 rcu_read_lock();
947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
953 rcu_read_unlock();
954 }
955
956 /* Note: start and end must be within the same ram block. */
957 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
960 {
961 DirtyMemoryBlocks *blocks;
962 unsigned long end, page;
963 bool dirty = false;
964
965 if (length == 0) {
966 return false;
967 }
968
969 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
970 page = start >> TARGET_PAGE_BITS;
971
972 rcu_read_lock();
973
974 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
975
976 while (page < end) {
977 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
978 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
979 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
980
981 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
982 offset, num);
983 page += num;
984 }
985
986 rcu_read_unlock();
987
988 if (dirty && tcg_enabled()) {
989 tlb_reset_dirty_range_all(start, length);
990 }
991
992 return dirty;
993 }
994
995 /* Called from RCU critical section */
996 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
997 MemoryRegionSection *section,
998 target_ulong vaddr,
999 hwaddr paddr, hwaddr xlat,
1000 int prot,
1001 target_ulong *address)
1002 {
1003 hwaddr iotlb;
1004 CPUWatchpoint *wp;
1005
1006 if (memory_region_is_ram(section->mr)) {
1007 /* Normal RAM. */
1008 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1009 if (!section->readonly) {
1010 iotlb |= PHYS_SECTION_NOTDIRTY;
1011 } else {
1012 iotlb |= PHYS_SECTION_ROM;
1013 }
1014 } else {
1015 AddressSpaceDispatch *d;
1016
1017 d = atomic_rcu_read(&section->address_space->dispatch);
1018 iotlb = section - d->map.sections;
1019 iotlb += xlat;
1020 }
1021
1022 /* Make accesses to pages with watchpoints go via the
1023 watchpoint trap routines. */
1024 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1025 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1026 /* Avoid trapping reads of pages with a write breakpoint. */
1027 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1028 iotlb = PHYS_SECTION_WATCH + paddr;
1029 *address |= TLB_MMIO;
1030 break;
1031 }
1032 }
1033 }
1034
1035 return iotlb;
1036 }
1037 #endif /* defined(CONFIG_USER_ONLY) */
1038
1039 #if !defined(CONFIG_USER_ONLY)
1040
1041 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1042 uint16_t section);
1043 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1044
1045 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1046 qemu_anon_ram_alloc;
1047
1048 /*
1049 * Set a custom physical guest memory alloator.
1050 * Accelerators with unusual needs may need this. Hopefully, we can
1051 * get rid of it eventually.
1052 */
1053 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1054 {
1055 phys_mem_alloc = alloc;
1056 }
1057
1058 static uint16_t phys_section_add(PhysPageMap *map,
1059 MemoryRegionSection *section)
1060 {
1061 /* The physical section number is ORed with a page-aligned
1062 * pointer to produce the iotlb entries. Thus it should
1063 * never overflow into the page-aligned value.
1064 */
1065 assert(map->sections_nb < TARGET_PAGE_SIZE);
1066
1067 if (map->sections_nb == map->sections_nb_alloc) {
1068 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1069 map->sections = g_renew(MemoryRegionSection, map->sections,
1070 map->sections_nb_alloc);
1071 }
1072 map->sections[map->sections_nb] = *section;
1073 memory_region_ref(section->mr);
1074 return map->sections_nb++;
1075 }
1076
1077 static void phys_section_destroy(MemoryRegion *mr)
1078 {
1079 bool have_sub_page = mr->subpage;
1080
1081 memory_region_unref(mr);
1082
1083 if (have_sub_page) {
1084 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1085 object_unref(OBJECT(&subpage->iomem));
1086 g_free(subpage);
1087 }
1088 }
1089
1090 static void phys_sections_free(PhysPageMap *map)
1091 {
1092 while (map->sections_nb > 0) {
1093 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1094 phys_section_destroy(section->mr);
1095 }
1096 g_free(map->sections);
1097 g_free(map->nodes);
1098 }
1099
1100 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1101 {
1102 subpage_t *subpage;
1103 hwaddr base = section->offset_within_address_space
1104 & TARGET_PAGE_MASK;
1105 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1106 d->map.nodes, d->map.sections);
1107 MemoryRegionSection subsection = {
1108 .offset_within_address_space = base,
1109 .size = int128_make64(TARGET_PAGE_SIZE),
1110 };
1111 hwaddr start, end;
1112
1113 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1114
1115 if (!(existing->mr->subpage)) {
1116 subpage = subpage_init(d->as, base);
1117 subsection.address_space = d->as;
1118 subsection.mr = &subpage->iomem;
1119 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1120 phys_section_add(&d->map, &subsection));
1121 } else {
1122 subpage = container_of(existing->mr, subpage_t, iomem);
1123 }
1124 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1125 end = start + int128_get64(section->size) - 1;
1126 subpage_register(subpage, start, end,
1127 phys_section_add(&d->map, section));
1128 }
1129
1130
1131 static void register_multipage(AddressSpaceDispatch *d,
1132 MemoryRegionSection *section)
1133 {
1134 hwaddr start_addr = section->offset_within_address_space;
1135 uint16_t section_index = phys_section_add(&d->map, section);
1136 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1137 TARGET_PAGE_BITS));
1138
1139 assert(num_pages);
1140 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1141 }
1142
1143 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1144 {
1145 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1146 AddressSpaceDispatch *d = as->next_dispatch;
1147 MemoryRegionSection now = *section, remain = *section;
1148 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1149
1150 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1152 - now.offset_within_address_space;
1153
1154 now.size = int128_min(int128_make64(left), now.size);
1155 register_subpage(d, &now);
1156 } else {
1157 now.size = int128_zero();
1158 }
1159 while (int128_ne(remain.size, now.size)) {
1160 remain.size = int128_sub(remain.size, now.size);
1161 remain.offset_within_address_space += int128_get64(now.size);
1162 remain.offset_within_region += int128_get64(now.size);
1163 now = remain;
1164 if (int128_lt(remain.size, page_size)) {
1165 register_subpage(d, &now);
1166 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1167 now.size = page_size;
1168 register_subpage(d, &now);
1169 } else {
1170 now.size = int128_and(now.size, int128_neg(page_size));
1171 register_multipage(d, &now);
1172 }
1173 }
1174 }
1175
1176 void qemu_flush_coalesced_mmio_buffer(void)
1177 {
1178 if (kvm_enabled())
1179 kvm_flush_coalesced_mmio_buffer();
1180 }
1181
1182 void qemu_mutex_lock_ramlist(void)
1183 {
1184 qemu_mutex_lock(&ram_list.mutex);
1185 }
1186
1187 void qemu_mutex_unlock_ramlist(void)
1188 {
1189 qemu_mutex_unlock(&ram_list.mutex);
1190 }
1191
1192 #ifdef __linux__
1193 static void *file_ram_alloc(RAMBlock *block,
1194 ram_addr_t memory,
1195 const char *path,
1196 Error **errp)
1197 {
1198 bool unlink_on_error = false;
1199 char *filename;
1200 char *sanitized_name;
1201 char *c;
1202 void *area = MAP_FAILED;
1203 int fd = -1;
1204
1205 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1206 error_setg(errp,
1207 "host lacks kvm mmu notifiers, -mem-path unsupported");
1208 return NULL;
1209 }
1210
1211 for (;;) {
1212 fd = open(path, O_RDWR);
1213 if (fd >= 0) {
1214 /* @path names an existing file, use it */
1215 break;
1216 }
1217 if (errno == ENOENT) {
1218 /* @path names a file that doesn't exist, create it */
1219 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1220 if (fd >= 0) {
1221 unlink_on_error = true;
1222 break;
1223 }
1224 } else if (errno == EISDIR) {
1225 /* @path names a directory, create a file there */
1226 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1227 sanitized_name = g_strdup(memory_region_name(block->mr));
1228 for (c = sanitized_name; *c != '\0'; c++) {
1229 if (*c == '/') {
1230 *c = '_';
1231 }
1232 }
1233
1234 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1235 sanitized_name);
1236 g_free(sanitized_name);
1237
1238 fd = mkstemp(filename);
1239 if (fd >= 0) {
1240 unlink(filename);
1241 g_free(filename);
1242 break;
1243 }
1244 g_free(filename);
1245 }
1246 if (errno != EEXIST && errno != EINTR) {
1247 error_setg_errno(errp, errno,
1248 "can't open backing store %s for guest RAM",
1249 path);
1250 goto error;
1251 }
1252 /*
1253 * Try again on EINTR and EEXIST. The latter happens when
1254 * something else creates the file between our two open().
1255 */
1256 }
1257
1258 block->page_size = qemu_fd_getpagesize(fd);
1259 block->mr->align = block->page_size;
1260 #if defined(__s390x__)
1261 if (kvm_enabled()) {
1262 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1263 }
1264 #endif
1265
1266 if (memory < block->page_size) {
1267 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1268 "or larger than page size 0x%zx",
1269 memory, block->page_size);
1270 goto error;
1271 }
1272
1273 memory = ROUND_UP(memory, block->page_size);
1274
1275 /*
1276 * ftruncate is not supported by hugetlbfs in older
1277 * hosts, so don't bother bailing out on errors.
1278 * If anything goes wrong with it under other filesystems,
1279 * mmap will fail.
1280 */
1281 if (ftruncate(fd, memory)) {
1282 perror("ftruncate");
1283 }
1284
1285 area = qemu_ram_mmap(fd, memory, block->mr->align,
1286 block->flags & RAM_SHARED);
1287 if (area == MAP_FAILED) {
1288 error_setg_errno(errp, errno,
1289 "unable to map backing store for guest RAM");
1290 goto error;
1291 }
1292
1293 if (mem_prealloc) {
1294 os_mem_prealloc(fd, area, memory, errp);
1295 if (errp && *errp) {
1296 goto error;
1297 }
1298 }
1299
1300 block->fd = fd;
1301 return area;
1302
1303 error:
1304 if (area != MAP_FAILED) {
1305 qemu_ram_munmap(area, memory);
1306 }
1307 if (unlink_on_error) {
1308 unlink(path);
1309 }
1310 if (fd != -1) {
1311 close(fd);
1312 }
1313 return NULL;
1314 }
1315 #endif
1316
1317 /* Called with the ramlist lock held. */
1318 static ram_addr_t find_ram_offset(ram_addr_t size)
1319 {
1320 RAMBlock *block, *next_block;
1321 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1322
1323 assert(size != 0); /* it would hand out same offset multiple times */
1324
1325 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1326 return 0;
1327 }
1328
1329 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1330 ram_addr_t end, next = RAM_ADDR_MAX;
1331
1332 end = block->offset + block->max_length;
1333
1334 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1335 if (next_block->offset >= end) {
1336 next = MIN(next, next_block->offset);
1337 }
1338 }
1339 if (next - end >= size && next - end < mingap) {
1340 offset = end;
1341 mingap = next - end;
1342 }
1343 }
1344
1345 if (offset == RAM_ADDR_MAX) {
1346 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1347 (uint64_t)size);
1348 abort();
1349 }
1350
1351 return offset;
1352 }
1353
1354 ram_addr_t last_ram_offset(void)
1355 {
1356 RAMBlock *block;
1357 ram_addr_t last = 0;
1358
1359 rcu_read_lock();
1360 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1361 last = MAX(last, block->offset + block->max_length);
1362 }
1363 rcu_read_unlock();
1364 return last;
1365 }
1366
1367 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1368 {
1369 int ret;
1370
1371 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1372 if (!machine_dump_guest_core(current_machine)) {
1373 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1374 if (ret) {
1375 perror("qemu_madvise");
1376 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1377 "but dump_guest_core=off specified\n");
1378 }
1379 }
1380 }
1381
1382 const char *qemu_ram_get_idstr(RAMBlock *rb)
1383 {
1384 return rb->idstr;
1385 }
1386
1387 /* Called with iothread lock held. */
1388 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1389 {
1390 RAMBlock *block;
1391
1392 assert(new_block);
1393 assert(!new_block->idstr[0]);
1394
1395 if (dev) {
1396 char *id = qdev_get_dev_path(dev);
1397 if (id) {
1398 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1399 g_free(id);
1400 }
1401 }
1402 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1403
1404 rcu_read_lock();
1405 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1406 if (block != new_block &&
1407 !strcmp(block->idstr, new_block->idstr)) {
1408 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1409 new_block->idstr);
1410 abort();
1411 }
1412 }
1413 rcu_read_unlock();
1414 }
1415
1416 /* Called with iothread lock held. */
1417 void qemu_ram_unset_idstr(RAMBlock *block)
1418 {
1419 /* FIXME: arch_init.c assumes that this is not called throughout
1420 * migration. Ignore the problem since hot-unplug during migration
1421 * does not work anyway.
1422 */
1423 if (block) {
1424 memset(block->idstr, 0, sizeof(block->idstr));
1425 }
1426 }
1427
1428 size_t qemu_ram_pagesize(RAMBlock *rb)
1429 {
1430 return rb->page_size;
1431 }
1432
1433 static int memory_try_enable_merging(void *addr, size_t len)
1434 {
1435 if (!machine_mem_merge(current_machine)) {
1436 /* disabled by the user */
1437 return 0;
1438 }
1439
1440 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1441 }
1442
1443 /* Only legal before guest might have detected the memory size: e.g. on
1444 * incoming migration, or right after reset.
1445 *
1446 * As memory core doesn't know how is memory accessed, it is up to
1447 * resize callback to update device state and/or add assertions to detect
1448 * misuse, if necessary.
1449 */
1450 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1451 {
1452 assert(block);
1453
1454 newsize = HOST_PAGE_ALIGN(newsize);
1455
1456 if (block->used_length == newsize) {
1457 return 0;
1458 }
1459
1460 if (!(block->flags & RAM_RESIZEABLE)) {
1461 error_setg_errno(errp, EINVAL,
1462 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1463 " in != 0x" RAM_ADDR_FMT, block->idstr,
1464 newsize, block->used_length);
1465 return -EINVAL;
1466 }
1467
1468 if (block->max_length < newsize) {
1469 error_setg_errno(errp, EINVAL,
1470 "Length too large: %s: 0x" RAM_ADDR_FMT
1471 " > 0x" RAM_ADDR_FMT, block->idstr,
1472 newsize, block->max_length);
1473 return -EINVAL;
1474 }
1475
1476 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1477 block->used_length = newsize;
1478 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1479 DIRTY_CLIENTS_ALL);
1480 memory_region_set_size(block->mr, newsize);
1481 if (block->resized) {
1482 block->resized(block->idstr, newsize, block->host);
1483 }
1484 return 0;
1485 }
1486
1487 /* Called with ram_list.mutex held */
1488 static void dirty_memory_extend(ram_addr_t old_ram_size,
1489 ram_addr_t new_ram_size)
1490 {
1491 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1492 DIRTY_MEMORY_BLOCK_SIZE);
1493 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1494 DIRTY_MEMORY_BLOCK_SIZE);
1495 int i;
1496
1497 /* Only need to extend if block count increased */
1498 if (new_num_blocks <= old_num_blocks) {
1499 return;
1500 }
1501
1502 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1503 DirtyMemoryBlocks *old_blocks;
1504 DirtyMemoryBlocks *new_blocks;
1505 int j;
1506
1507 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1508 new_blocks = g_malloc(sizeof(*new_blocks) +
1509 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1510
1511 if (old_num_blocks) {
1512 memcpy(new_blocks->blocks, old_blocks->blocks,
1513 old_num_blocks * sizeof(old_blocks->blocks[0]));
1514 }
1515
1516 for (j = old_num_blocks; j < new_num_blocks; j++) {
1517 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1518 }
1519
1520 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1521
1522 if (old_blocks) {
1523 g_free_rcu(old_blocks, rcu);
1524 }
1525 }
1526 }
1527
1528 static void ram_block_add(RAMBlock *new_block, Error **errp)
1529 {
1530 RAMBlock *block;
1531 RAMBlock *last_block = NULL;
1532 ram_addr_t old_ram_size, new_ram_size;
1533 Error *err = NULL;
1534
1535 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1536
1537 qemu_mutex_lock_ramlist();
1538 new_block->offset = find_ram_offset(new_block->max_length);
1539
1540 if (!new_block->host) {
1541 if (xen_enabled()) {
1542 xen_ram_alloc(new_block->offset, new_block->max_length,
1543 new_block->mr, &err);
1544 if (err) {
1545 error_propagate(errp, err);
1546 qemu_mutex_unlock_ramlist();
1547 return;
1548 }
1549 } else {
1550 new_block->host = phys_mem_alloc(new_block->max_length,
1551 &new_block->mr->align);
1552 if (!new_block->host) {
1553 error_setg_errno(errp, errno,
1554 "cannot set up guest memory '%s'",
1555 memory_region_name(new_block->mr));
1556 qemu_mutex_unlock_ramlist();
1557 return;
1558 }
1559 memory_try_enable_merging(new_block->host, new_block->max_length);
1560 }
1561 }
1562
1563 new_ram_size = MAX(old_ram_size,
1564 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1565 if (new_ram_size > old_ram_size) {
1566 migration_bitmap_extend(old_ram_size, new_ram_size);
1567 dirty_memory_extend(old_ram_size, new_ram_size);
1568 }
1569 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1570 * QLIST (which has an RCU-friendly variant) does not have insertion at
1571 * tail, so save the last element in last_block.
1572 */
1573 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1574 last_block = block;
1575 if (block->max_length < new_block->max_length) {
1576 break;
1577 }
1578 }
1579 if (block) {
1580 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1581 } else if (last_block) {
1582 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1583 } else { /* list is empty */
1584 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1585 }
1586 ram_list.mru_block = NULL;
1587
1588 /* Write list before version */
1589 smp_wmb();
1590 ram_list.version++;
1591 qemu_mutex_unlock_ramlist();
1592
1593 cpu_physical_memory_set_dirty_range(new_block->offset,
1594 new_block->used_length,
1595 DIRTY_CLIENTS_ALL);
1596
1597 if (new_block->host) {
1598 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1599 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1600 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
1601 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1602 }
1603 }
1604
1605 #ifdef __linux__
1606 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1607 bool share, const char *mem_path,
1608 Error **errp)
1609 {
1610 RAMBlock *new_block;
1611 Error *local_err = NULL;
1612
1613 if (xen_enabled()) {
1614 error_setg(errp, "-mem-path not supported with Xen");
1615 return NULL;
1616 }
1617
1618 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1619 /*
1620 * file_ram_alloc() needs to allocate just like
1621 * phys_mem_alloc, but we haven't bothered to provide
1622 * a hook there.
1623 */
1624 error_setg(errp,
1625 "-mem-path not supported with this accelerator");
1626 return NULL;
1627 }
1628
1629 size = HOST_PAGE_ALIGN(size);
1630 new_block = g_malloc0(sizeof(*new_block));
1631 new_block->mr = mr;
1632 new_block->used_length = size;
1633 new_block->max_length = size;
1634 new_block->flags = share ? RAM_SHARED : 0;
1635 new_block->host = file_ram_alloc(new_block, size,
1636 mem_path, errp);
1637 if (!new_block->host) {
1638 g_free(new_block);
1639 return NULL;
1640 }
1641
1642 ram_block_add(new_block, &local_err);
1643 if (local_err) {
1644 g_free(new_block);
1645 error_propagate(errp, local_err);
1646 return NULL;
1647 }
1648 return new_block;
1649 }
1650 #endif
1651
1652 static
1653 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1654 void (*resized)(const char*,
1655 uint64_t length,
1656 void *host),
1657 void *host, bool resizeable,
1658 MemoryRegion *mr, Error **errp)
1659 {
1660 RAMBlock *new_block;
1661 Error *local_err = NULL;
1662
1663 size = HOST_PAGE_ALIGN(size);
1664 max_size = HOST_PAGE_ALIGN(max_size);
1665 new_block = g_malloc0(sizeof(*new_block));
1666 new_block->mr = mr;
1667 new_block->resized = resized;
1668 new_block->used_length = size;
1669 new_block->max_length = max_size;
1670 assert(max_size >= size);
1671 new_block->fd = -1;
1672 new_block->page_size = getpagesize();
1673 new_block->host = host;
1674 if (host) {
1675 new_block->flags |= RAM_PREALLOC;
1676 }
1677 if (resizeable) {
1678 new_block->flags |= RAM_RESIZEABLE;
1679 }
1680 ram_block_add(new_block, &local_err);
1681 if (local_err) {
1682 g_free(new_block);
1683 error_propagate(errp, local_err);
1684 return NULL;
1685 }
1686 return new_block;
1687 }
1688
1689 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1690 MemoryRegion *mr, Error **errp)
1691 {
1692 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1693 }
1694
1695 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1696 {
1697 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1698 }
1699
1700 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1701 void (*resized)(const char*,
1702 uint64_t length,
1703 void *host),
1704 MemoryRegion *mr, Error **errp)
1705 {
1706 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1707 }
1708
1709 static void reclaim_ramblock(RAMBlock *block)
1710 {
1711 if (block->flags & RAM_PREALLOC) {
1712 ;
1713 } else if (xen_enabled()) {
1714 xen_invalidate_map_cache_entry(block->host);
1715 #ifndef _WIN32
1716 } else if (block->fd >= 0) {
1717 qemu_ram_munmap(block->host, block->max_length);
1718 close(block->fd);
1719 #endif
1720 } else {
1721 qemu_anon_ram_free(block->host, block->max_length);
1722 }
1723 g_free(block);
1724 }
1725
1726 void qemu_ram_free(RAMBlock *block)
1727 {
1728 if (!block) {
1729 return;
1730 }
1731
1732 qemu_mutex_lock_ramlist();
1733 QLIST_REMOVE_RCU(block, next);
1734 ram_list.mru_block = NULL;
1735 /* Write list before version */
1736 smp_wmb();
1737 ram_list.version++;
1738 call_rcu(block, reclaim_ramblock, rcu);
1739 qemu_mutex_unlock_ramlist();
1740 }
1741
1742 #ifndef _WIN32
1743 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1744 {
1745 RAMBlock *block;
1746 ram_addr_t offset;
1747 int flags;
1748 void *area, *vaddr;
1749
1750 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1751 offset = addr - block->offset;
1752 if (offset < block->max_length) {
1753 vaddr = ramblock_ptr(block, offset);
1754 if (block->flags & RAM_PREALLOC) {
1755 ;
1756 } else if (xen_enabled()) {
1757 abort();
1758 } else {
1759 flags = MAP_FIXED;
1760 if (block->fd >= 0) {
1761 flags |= (block->flags & RAM_SHARED ?
1762 MAP_SHARED : MAP_PRIVATE);
1763 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1764 flags, block->fd, offset);
1765 } else {
1766 /*
1767 * Remap needs to match alloc. Accelerators that
1768 * set phys_mem_alloc never remap. If they did,
1769 * we'd need a remap hook here.
1770 */
1771 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1772
1773 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1774 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1775 flags, -1, 0);
1776 }
1777 if (area != vaddr) {
1778 fprintf(stderr, "Could not remap addr: "
1779 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1780 length, addr);
1781 exit(1);
1782 }
1783 memory_try_enable_merging(vaddr, length);
1784 qemu_ram_setup_dump(vaddr, length);
1785 }
1786 }
1787 }
1788 }
1789 #endif /* !_WIN32 */
1790
1791 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1792 * This should not be used for general purpose DMA. Use address_space_map
1793 * or address_space_rw instead. For local memory (e.g. video ram) that the
1794 * device owns, use memory_region_get_ram_ptr.
1795 *
1796 * Called within RCU critical section.
1797 */
1798 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1799 {
1800 RAMBlock *block = ram_block;
1801
1802 if (block == NULL) {
1803 block = qemu_get_ram_block(addr);
1804 addr -= block->offset;
1805 }
1806
1807 if (xen_enabled() && block->host == NULL) {
1808 /* We need to check if the requested address is in the RAM
1809 * because we don't want to map the entire memory in QEMU.
1810 * In that case just map until the end of the page.
1811 */
1812 if (block->offset == 0) {
1813 return xen_map_cache(addr, 0, 0);
1814 }
1815
1816 block->host = xen_map_cache(block->offset, block->max_length, 1);
1817 }
1818 return ramblock_ptr(block, addr);
1819 }
1820
1821 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
1822 * but takes a size argument.
1823 *
1824 * Called within RCU critical section.
1825 */
1826 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1827 hwaddr *size)
1828 {
1829 RAMBlock *block = ram_block;
1830 if (*size == 0) {
1831 return NULL;
1832 }
1833
1834 if (block == NULL) {
1835 block = qemu_get_ram_block(addr);
1836 addr -= block->offset;
1837 }
1838 *size = MIN(*size, block->max_length - addr);
1839
1840 if (xen_enabled() && block->host == NULL) {
1841 /* We need to check if the requested address is in the RAM
1842 * because we don't want to map the entire memory in QEMU.
1843 * In that case just map the requested area.
1844 */
1845 if (block->offset == 0) {
1846 return xen_map_cache(addr, *size, 1);
1847 }
1848
1849 block->host = xen_map_cache(block->offset, block->max_length, 1);
1850 }
1851
1852 return ramblock_ptr(block, addr);
1853 }
1854
1855 /*
1856 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1857 * in that RAMBlock.
1858 *
1859 * ptr: Host pointer to look up
1860 * round_offset: If true round the result offset down to a page boundary
1861 * *ram_addr: set to result ram_addr
1862 * *offset: set to result offset within the RAMBlock
1863 *
1864 * Returns: RAMBlock (or NULL if not found)
1865 *
1866 * By the time this function returns, the returned pointer is not protected
1867 * by RCU anymore. If the caller is not within an RCU critical section and
1868 * does not hold the iothread lock, it must have other means of protecting the
1869 * pointer, such as a reference to the region that includes the incoming
1870 * ram_addr_t.
1871 */
1872 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1873 ram_addr_t *offset)
1874 {
1875 RAMBlock *block;
1876 uint8_t *host = ptr;
1877
1878 if (xen_enabled()) {
1879 ram_addr_t ram_addr;
1880 rcu_read_lock();
1881 ram_addr = xen_ram_addr_from_mapcache(ptr);
1882 block = qemu_get_ram_block(ram_addr);
1883 if (block) {
1884 *offset = ram_addr - block->offset;
1885 }
1886 rcu_read_unlock();
1887 return block;
1888 }
1889
1890 rcu_read_lock();
1891 block = atomic_rcu_read(&ram_list.mru_block);
1892 if (block && block->host && host - block->host < block->max_length) {
1893 goto found;
1894 }
1895
1896 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1897 /* This case append when the block is not mapped. */
1898 if (block->host == NULL) {
1899 continue;
1900 }
1901 if (host - block->host < block->max_length) {
1902 goto found;
1903 }
1904 }
1905
1906 rcu_read_unlock();
1907 return NULL;
1908
1909 found:
1910 *offset = (host - block->host);
1911 if (round_offset) {
1912 *offset &= TARGET_PAGE_MASK;
1913 }
1914 rcu_read_unlock();
1915 return block;
1916 }
1917
1918 /*
1919 * Finds the named RAMBlock
1920 *
1921 * name: The name of RAMBlock to find
1922 *
1923 * Returns: RAMBlock (or NULL if not found)
1924 */
1925 RAMBlock *qemu_ram_block_by_name(const char *name)
1926 {
1927 RAMBlock *block;
1928
1929 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1930 if (!strcmp(name, block->idstr)) {
1931 return block;
1932 }
1933 }
1934
1935 return NULL;
1936 }
1937
1938 /* Some of the softmmu routines need to translate from a host pointer
1939 (typically a TLB entry) back to a ram offset. */
1940 ram_addr_t qemu_ram_addr_from_host(void *ptr)
1941 {
1942 RAMBlock *block;
1943 ram_addr_t offset;
1944
1945 block = qemu_ram_block_from_host(ptr, false, &offset);
1946 if (!block) {
1947 return RAM_ADDR_INVALID;
1948 }
1949
1950 return block->offset + offset;
1951 }
1952
1953 /* Called within RCU critical section. */
1954 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1955 uint64_t val, unsigned size)
1956 {
1957 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1958 tb_invalidate_phys_page_fast(ram_addr, size);
1959 }
1960 switch (size) {
1961 case 1:
1962 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1963 break;
1964 case 2:
1965 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1966 break;
1967 case 4:
1968 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1969 break;
1970 default:
1971 abort();
1972 }
1973 /* Set both VGA and migration bits for simplicity and to remove
1974 * the notdirty callback faster.
1975 */
1976 cpu_physical_memory_set_dirty_range(ram_addr, size,
1977 DIRTY_CLIENTS_NOCODE);
1978 /* we remove the notdirty callback only if the code has been
1979 flushed */
1980 if (!cpu_physical_memory_is_clean(ram_addr)) {
1981 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1982 }
1983 }
1984
1985 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1986 unsigned size, bool is_write)
1987 {
1988 return is_write;
1989 }
1990
1991 static const MemoryRegionOps notdirty_mem_ops = {
1992 .write = notdirty_mem_write,
1993 .valid.accepts = notdirty_mem_accepts,
1994 .endianness = DEVICE_NATIVE_ENDIAN,
1995 };
1996
1997 /* Generate a debug exception if a watchpoint has been hit. */
1998 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1999 {
2000 CPUState *cpu = current_cpu;
2001 CPUClass *cc = CPU_GET_CLASS(cpu);
2002 CPUArchState *env = cpu->env_ptr;
2003 target_ulong pc, cs_base;
2004 target_ulong vaddr;
2005 CPUWatchpoint *wp;
2006 uint32_t cpu_flags;
2007
2008 if (cpu->watchpoint_hit) {
2009 /* We re-entered the check after replacing the TB. Now raise
2010 * the debug interrupt so that is will trigger after the
2011 * current instruction. */
2012 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2013 return;
2014 }
2015 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2016 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2017 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2018 && (wp->flags & flags)) {
2019 if (flags == BP_MEM_READ) {
2020 wp->flags |= BP_WATCHPOINT_HIT_READ;
2021 } else {
2022 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2023 }
2024 wp->hitaddr = vaddr;
2025 wp->hitattrs = attrs;
2026 if (!cpu->watchpoint_hit) {
2027 if (wp->flags & BP_CPU &&
2028 !cc->debug_check_watchpoint(cpu, wp)) {
2029 wp->flags &= ~BP_WATCHPOINT_HIT;
2030 continue;
2031 }
2032 cpu->watchpoint_hit = wp;
2033 tb_check_watchpoint(cpu);
2034 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2035 cpu->exception_index = EXCP_DEBUG;
2036 cpu_loop_exit(cpu);
2037 } else {
2038 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2039 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2040 cpu_loop_exit_noexc(cpu);
2041 }
2042 }
2043 } else {
2044 wp->flags &= ~BP_WATCHPOINT_HIT;
2045 }
2046 }
2047 }
2048
2049 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2050 so these check for a hit then pass through to the normal out-of-line
2051 phys routines. */
2052 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2053 unsigned size, MemTxAttrs attrs)
2054 {
2055 MemTxResult res;
2056 uint64_t data;
2057 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2058 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2059
2060 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2061 switch (size) {
2062 case 1:
2063 data = address_space_ldub(as, addr, attrs, &res);
2064 break;
2065 case 2:
2066 data = address_space_lduw(as, addr, attrs, &res);
2067 break;
2068 case 4:
2069 data = address_space_ldl(as, addr, attrs, &res);
2070 break;
2071 default: abort();
2072 }
2073 *pdata = data;
2074 return res;
2075 }
2076
2077 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2078 uint64_t val, unsigned size,
2079 MemTxAttrs attrs)
2080 {
2081 MemTxResult res;
2082 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2083 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2084
2085 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2086 switch (size) {
2087 case 1:
2088 address_space_stb(as, addr, val, attrs, &res);
2089 break;
2090 case 2:
2091 address_space_stw(as, addr, val, attrs, &res);
2092 break;
2093 case 4:
2094 address_space_stl(as, addr, val, attrs, &res);
2095 break;
2096 default: abort();
2097 }
2098 return res;
2099 }
2100
2101 static const MemoryRegionOps watch_mem_ops = {
2102 .read_with_attrs = watch_mem_read,
2103 .write_with_attrs = watch_mem_write,
2104 .endianness = DEVICE_NATIVE_ENDIAN,
2105 };
2106
2107 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2108 unsigned len, MemTxAttrs attrs)
2109 {
2110 subpage_t *subpage = opaque;
2111 uint8_t buf[8];
2112 MemTxResult res;
2113
2114 #if defined(DEBUG_SUBPAGE)
2115 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2116 subpage, len, addr);
2117 #endif
2118 res = address_space_read(subpage->as, addr + subpage->base,
2119 attrs, buf, len);
2120 if (res) {
2121 return res;
2122 }
2123 switch (len) {
2124 case 1:
2125 *data = ldub_p(buf);
2126 return MEMTX_OK;
2127 case 2:
2128 *data = lduw_p(buf);
2129 return MEMTX_OK;
2130 case 4:
2131 *data = ldl_p(buf);
2132 return MEMTX_OK;
2133 case 8:
2134 *data = ldq_p(buf);
2135 return MEMTX_OK;
2136 default:
2137 abort();
2138 }
2139 }
2140
2141 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2142 uint64_t value, unsigned len, MemTxAttrs attrs)
2143 {
2144 subpage_t *subpage = opaque;
2145 uint8_t buf[8];
2146
2147 #if defined(DEBUG_SUBPAGE)
2148 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2149 " value %"PRIx64"\n",
2150 __func__, subpage, len, addr, value);
2151 #endif
2152 switch (len) {
2153 case 1:
2154 stb_p(buf, value);
2155 break;
2156 case 2:
2157 stw_p(buf, value);
2158 break;
2159 case 4:
2160 stl_p(buf, value);
2161 break;
2162 case 8:
2163 stq_p(buf, value);
2164 break;
2165 default:
2166 abort();
2167 }
2168 return address_space_write(subpage->as, addr + subpage->base,
2169 attrs, buf, len);
2170 }
2171
2172 static bool subpage_accepts(void *opaque, hwaddr addr,
2173 unsigned len, bool is_write)
2174 {
2175 subpage_t *subpage = opaque;
2176 #if defined(DEBUG_SUBPAGE)
2177 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2178 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2179 #endif
2180
2181 return address_space_access_valid(subpage->as, addr + subpage->base,
2182 len, is_write);
2183 }
2184
2185 static const MemoryRegionOps subpage_ops = {
2186 .read_with_attrs = subpage_read,
2187 .write_with_attrs = subpage_write,
2188 .impl.min_access_size = 1,
2189 .impl.max_access_size = 8,
2190 .valid.min_access_size = 1,
2191 .valid.max_access_size = 8,
2192 .valid.accepts = subpage_accepts,
2193 .endianness = DEVICE_NATIVE_ENDIAN,
2194 };
2195
2196 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2197 uint16_t section)
2198 {
2199 int idx, eidx;
2200
2201 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2202 return -1;
2203 idx = SUBPAGE_IDX(start);
2204 eidx = SUBPAGE_IDX(end);
2205 #if defined(DEBUG_SUBPAGE)
2206 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2207 __func__, mmio, start, end, idx, eidx, section);
2208 #endif
2209 for (; idx <= eidx; idx++) {
2210 mmio->sub_section[idx] = section;
2211 }
2212
2213 return 0;
2214 }
2215
2216 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2217 {
2218 subpage_t *mmio;
2219
2220 mmio = g_malloc0(sizeof(subpage_t));
2221
2222 mmio->as = as;
2223 mmio->base = base;
2224 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2225 NULL, TARGET_PAGE_SIZE);
2226 mmio->iomem.subpage = true;
2227 #if defined(DEBUG_SUBPAGE)
2228 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2229 mmio, base, TARGET_PAGE_SIZE);
2230 #endif
2231 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2232
2233 return mmio;
2234 }
2235
2236 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2237 MemoryRegion *mr)
2238 {
2239 assert(as);
2240 MemoryRegionSection section = {
2241 .address_space = as,
2242 .mr = mr,
2243 .offset_within_address_space = 0,
2244 .offset_within_region = 0,
2245 .size = int128_2_64(),
2246 };
2247
2248 return phys_section_add(map, &section);
2249 }
2250
2251 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2252 {
2253 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2254 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2255 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2256 MemoryRegionSection *sections = d->map.sections;
2257
2258 return sections[index & ~TARGET_PAGE_MASK].mr;
2259 }
2260
2261 static void io_mem_init(void)
2262 {
2263 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2264 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2265 NULL, UINT64_MAX);
2266 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2267 NULL, UINT64_MAX);
2268 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2269 NULL, UINT64_MAX);
2270 }
2271
2272 static void mem_begin(MemoryListener *listener)
2273 {
2274 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2275 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2276 uint16_t n;
2277
2278 n = dummy_section(&d->map, as, &io_mem_unassigned);
2279 assert(n == PHYS_SECTION_UNASSIGNED);
2280 n = dummy_section(&d->map, as, &io_mem_notdirty);
2281 assert(n == PHYS_SECTION_NOTDIRTY);
2282 n = dummy_section(&d->map, as, &io_mem_rom);
2283 assert(n == PHYS_SECTION_ROM);
2284 n = dummy_section(&d->map, as, &io_mem_watch);
2285 assert(n == PHYS_SECTION_WATCH);
2286
2287 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2288 d->as = as;
2289 as->next_dispatch = d;
2290 }
2291
2292 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2293 {
2294 phys_sections_free(&d->map);
2295 g_free(d);
2296 }
2297
2298 static void mem_commit(MemoryListener *listener)
2299 {
2300 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2301 AddressSpaceDispatch *cur = as->dispatch;
2302 AddressSpaceDispatch *next = as->next_dispatch;
2303
2304 phys_page_compact_all(next, next->map.nodes_nb);
2305
2306 atomic_rcu_set(&as->dispatch, next);
2307 if (cur) {
2308 call_rcu(cur, address_space_dispatch_free, rcu);
2309 }
2310 }
2311
2312 static void tcg_commit(MemoryListener *listener)
2313 {
2314 CPUAddressSpace *cpuas;
2315 AddressSpaceDispatch *d;
2316
2317 /* since each CPU stores ram addresses in its TLB cache, we must
2318 reset the modified entries */
2319 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2320 cpu_reloading_memory_map();
2321 /* The CPU and TLB are protected by the iothread lock.
2322 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2323 * may have split the RCU critical section.
2324 */
2325 d = atomic_rcu_read(&cpuas->as->dispatch);
2326 cpuas->memory_dispatch = d;
2327 tlb_flush(cpuas->cpu, 1);
2328 }
2329
2330 void address_space_init_dispatch(AddressSpace *as)
2331 {
2332 as->dispatch = NULL;
2333 as->dispatch_listener = (MemoryListener) {
2334 .begin = mem_begin,
2335 .commit = mem_commit,
2336 .region_add = mem_add,
2337 .region_nop = mem_add,
2338 .priority = 0,
2339 };
2340 memory_listener_register(&as->dispatch_listener, as);
2341 }
2342
2343 void address_space_unregister(AddressSpace *as)
2344 {
2345 memory_listener_unregister(&as->dispatch_listener);
2346 }
2347
2348 void address_space_destroy_dispatch(AddressSpace *as)
2349 {
2350 AddressSpaceDispatch *d = as->dispatch;
2351
2352 atomic_rcu_set(&as->dispatch, NULL);
2353 if (d) {
2354 call_rcu(d, address_space_dispatch_free, rcu);
2355 }
2356 }
2357
2358 static void memory_map_init(void)
2359 {
2360 system_memory = g_malloc(sizeof(*system_memory));
2361
2362 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2363 address_space_init(&address_space_memory, system_memory, "memory");
2364
2365 system_io = g_malloc(sizeof(*system_io));
2366 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2367 65536);
2368 address_space_init(&address_space_io, system_io, "I/O");
2369 }
2370
2371 MemoryRegion *get_system_memory(void)
2372 {
2373 return system_memory;
2374 }
2375
2376 MemoryRegion *get_system_io(void)
2377 {
2378 return system_io;
2379 }
2380
2381 #endif /* !defined(CONFIG_USER_ONLY) */
2382
2383 /* physical memory access (slow version, mainly for debug) */
2384 #if defined(CONFIG_USER_ONLY)
2385 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2386 uint8_t *buf, int len, int is_write)
2387 {
2388 int l, flags;
2389 target_ulong page;
2390 void * p;
2391
2392 while (len > 0) {
2393 page = addr & TARGET_PAGE_MASK;
2394 l = (page + TARGET_PAGE_SIZE) - addr;
2395 if (l > len)
2396 l = len;
2397 flags = page_get_flags(page);
2398 if (!(flags & PAGE_VALID))
2399 return -1;
2400 if (is_write) {
2401 if (!(flags & PAGE_WRITE))
2402 return -1;
2403 /* XXX: this code should not depend on lock_user */
2404 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2405 return -1;
2406 memcpy(p, buf, l);
2407 unlock_user(p, addr, l);
2408 } else {
2409 if (!(flags & PAGE_READ))
2410 return -1;
2411 /* XXX: this code should not depend on lock_user */
2412 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2413 return -1;
2414 memcpy(buf, p, l);
2415 unlock_user(p, addr, 0);
2416 }
2417 len -= l;
2418 buf += l;
2419 addr += l;
2420 }
2421 return 0;
2422 }
2423
2424 #else
2425
2426 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2427 hwaddr length)
2428 {
2429 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2430 addr += memory_region_get_ram_addr(mr);
2431
2432 /* No early return if dirty_log_mask is or becomes 0, because
2433 * cpu_physical_memory_set_dirty_range will still call
2434 * xen_modified_memory.
2435 */
2436 if (dirty_log_mask) {
2437 dirty_log_mask =
2438 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2439 }
2440 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2441 tb_invalidate_phys_range(addr, addr + length);
2442 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2443 }
2444 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2445 }
2446
2447 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2448 {
2449 unsigned access_size_max = mr->ops->valid.max_access_size;
2450
2451 /* Regions are assumed to support 1-4 byte accesses unless
2452 otherwise specified. */
2453 if (access_size_max == 0) {
2454 access_size_max = 4;
2455 }
2456
2457 /* Bound the maximum access by the alignment of the address. */
2458 if (!mr->ops->impl.unaligned) {
2459 unsigned align_size_max = addr & -addr;
2460 if (align_size_max != 0 && align_size_max < access_size_max) {
2461 access_size_max = align_size_max;
2462 }
2463 }
2464
2465 /* Don't attempt accesses larger than the maximum. */
2466 if (l > access_size_max) {
2467 l = access_size_max;
2468 }
2469 l = pow2floor(l);
2470
2471 return l;
2472 }
2473
2474 static bool prepare_mmio_access(MemoryRegion *mr)
2475 {
2476 bool unlocked = !qemu_mutex_iothread_locked();
2477 bool release_lock = false;
2478
2479 if (unlocked && mr->global_locking) {
2480 qemu_mutex_lock_iothread();
2481 unlocked = false;
2482 release_lock = true;
2483 }
2484 if (mr->flush_coalesced_mmio) {
2485 if (unlocked) {
2486 qemu_mutex_lock_iothread();
2487 }
2488 qemu_flush_coalesced_mmio_buffer();
2489 if (unlocked) {
2490 qemu_mutex_unlock_iothread();
2491 }
2492 }
2493
2494 return release_lock;
2495 }
2496
2497 /* Called within RCU critical section. */
2498 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2499 MemTxAttrs attrs,
2500 const uint8_t *buf,
2501 int len, hwaddr addr1,
2502 hwaddr l, MemoryRegion *mr)
2503 {
2504 uint8_t *ptr;
2505 uint64_t val;
2506 MemTxResult result = MEMTX_OK;
2507 bool release_lock = false;
2508
2509 for (;;) {
2510 if (!memory_access_is_direct(mr, true)) {
2511 release_lock |= prepare_mmio_access(mr);
2512 l = memory_access_size(mr, l, addr1);
2513 /* XXX: could force current_cpu to NULL to avoid
2514 potential bugs */
2515 switch (l) {
2516 case 8:
2517 /* 64 bit write access */
2518 val = ldq_p(buf);
2519 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2520 attrs);
2521 break;
2522 case 4:
2523 /* 32 bit write access */
2524 val = ldl_p(buf);
2525 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2526 attrs);
2527 break;
2528 case 2:
2529 /* 16 bit write access */
2530 val = lduw_p(buf);
2531 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2532 attrs);
2533 break;
2534 case 1:
2535 /* 8 bit write access */
2536 val = ldub_p(buf);
2537 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2538 attrs);
2539 break;
2540 default:
2541 abort();
2542 }
2543 } else {
2544 /* RAM case */
2545 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2546 memcpy(ptr, buf, l);
2547 invalidate_and_set_dirty(mr, addr1, l);
2548 }
2549
2550 if (release_lock) {
2551 qemu_mutex_unlock_iothread();
2552 release_lock = false;
2553 }
2554
2555 len -= l;
2556 buf += l;
2557 addr += l;
2558
2559 if (!len) {
2560 break;
2561 }
2562
2563 l = len;
2564 mr = address_space_translate(as, addr, &addr1, &l, true);
2565 }
2566
2567 return result;
2568 }
2569
2570 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2571 const uint8_t *buf, int len)
2572 {
2573 hwaddr l;
2574 hwaddr addr1;
2575 MemoryRegion *mr;
2576 MemTxResult result = MEMTX_OK;
2577
2578 if (len > 0) {
2579 rcu_read_lock();
2580 l = len;
2581 mr = address_space_translate(as, addr, &addr1, &l, true);
2582 result = address_space_write_continue(as, addr, attrs, buf, len,
2583 addr1, l, mr);
2584 rcu_read_unlock();
2585 }
2586
2587 return result;
2588 }
2589
2590 /* Called within RCU critical section. */
2591 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2592 MemTxAttrs attrs, uint8_t *buf,
2593 int len, hwaddr addr1, hwaddr l,
2594 MemoryRegion *mr)
2595 {
2596 uint8_t *ptr;
2597 uint64_t val;
2598 MemTxResult result = MEMTX_OK;
2599 bool release_lock = false;
2600
2601 for (;;) {
2602 if (!memory_access_is_direct(mr, false)) {
2603 /* I/O case */
2604 release_lock |= prepare_mmio_access(mr);
2605 l = memory_access_size(mr, l, addr1);
2606 switch (l) {
2607 case 8:
2608 /* 64 bit read access */
2609 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2610 attrs);
2611 stq_p(buf, val);
2612 break;
2613 case 4:
2614 /* 32 bit read access */
2615 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2616 attrs);
2617 stl_p(buf, val);
2618 break;
2619 case 2:
2620 /* 16 bit read access */
2621 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2622 attrs);
2623 stw_p(buf, val);
2624 break;
2625 case 1:
2626 /* 8 bit read access */
2627 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2628 attrs);
2629 stb_p(buf, val);
2630 break;
2631 default:
2632 abort();
2633 }
2634 } else {
2635 /* RAM case */
2636 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2637 memcpy(buf, ptr, l);
2638 }
2639
2640 if (release_lock) {
2641 qemu_mutex_unlock_iothread();
2642 release_lock = false;
2643 }
2644
2645 len -= l;
2646 buf += l;
2647 addr += l;
2648
2649 if (!len) {
2650 break;
2651 }
2652
2653 l = len;
2654 mr = address_space_translate(as, addr, &addr1, &l, false);
2655 }
2656
2657 return result;
2658 }
2659
2660 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2661 MemTxAttrs attrs, uint8_t *buf, int len)
2662 {
2663 hwaddr l;
2664 hwaddr addr1;
2665 MemoryRegion *mr;
2666 MemTxResult result = MEMTX_OK;
2667
2668 if (len > 0) {
2669 rcu_read_lock();
2670 l = len;
2671 mr = address_space_translate(as, addr, &addr1, &l, false);
2672 result = address_space_read_continue(as, addr, attrs, buf, len,
2673 addr1, l, mr);
2674 rcu_read_unlock();
2675 }
2676
2677 return result;
2678 }
2679
2680 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2681 uint8_t *buf, int len, bool is_write)
2682 {
2683 if (is_write) {
2684 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2685 } else {
2686 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2687 }
2688 }
2689
2690 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2691 int len, int is_write)
2692 {
2693 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2694 buf, len, is_write);
2695 }
2696
2697 enum write_rom_type {
2698 WRITE_DATA,
2699 FLUSH_CACHE,
2700 };
2701
2702 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2703 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2704 {
2705 hwaddr l;
2706 uint8_t *ptr;
2707 hwaddr addr1;
2708 MemoryRegion *mr;
2709
2710 rcu_read_lock();
2711 while (len > 0) {
2712 l = len;
2713 mr = address_space_translate(as, addr, &addr1, &l, true);
2714
2715 if (!(memory_region_is_ram(mr) ||
2716 memory_region_is_romd(mr))) {
2717 l = memory_access_size(mr, l, addr1);
2718 } else {
2719 /* ROM/RAM case */
2720 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2721 switch (type) {
2722 case WRITE_DATA:
2723 memcpy(ptr, buf, l);
2724 invalidate_and_set_dirty(mr, addr1, l);
2725 break;
2726 case FLUSH_CACHE:
2727 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2728 break;
2729 }
2730 }
2731 len -= l;
2732 buf += l;
2733 addr += l;
2734 }
2735 rcu_read_unlock();
2736 }
2737
2738 /* used for ROM loading : can write in RAM and ROM */
2739 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2740 const uint8_t *buf, int len)
2741 {
2742 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2743 }
2744
2745 void cpu_flush_icache_range(hwaddr start, int len)
2746 {
2747 /*
2748 * This function should do the same thing as an icache flush that was
2749 * triggered from within the guest. For TCG we are always cache coherent,
2750 * so there is no need to flush anything. For KVM / Xen we need to flush
2751 * the host's instruction cache at least.
2752 */
2753 if (tcg_enabled()) {
2754 return;
2755 }
2756
2757 cpu_physical_memory_write_rom_internal(&address_space_memory,
2758 start, NULL, len, FLUSH_CACHE);
2759 }
2760
2761 typedef struct {
2762 MemoryRegion *mr;
2763 void *buffer;
2764 hwaddr addr;
2765 hwaddr len;
2766 bool in_use;
2767 } BounceBuffer;
2768
2769 static BounceBuffer bounce;
2770
2771 typedef struct MapClient {
2772 QEMUBH *bh;
2773 QLIST_ENTRY(MapClient) link;
2774 } MapClient;
2775
2776 QemuMutex map_client_list_lock;
2777 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2778 = QLIST_HEAD_INITIALIZER(map_client_list);
2779
2780 static void cpu_unregister_map_client_do(MapClient *client)
2781 {
2782 QLIST_REMOVE(client, link);
2783 g_free(client);
2784 }
2785
2786 static void cpu_notify_map_clients_locked(void)
2787 {
2788 MapClient *client;
2789
2790 while (!QLIST_EMPTY(&map_client_list)) {
2791 client = QLIST_FIRST(&map_client_list);
2792 qemu_bh_schedule(client->bh);
2793 cpu_unregister_map_client_do(client);
2794 }
2795 }
2796
2797 void cpu_register_map_client(QEMUBH *bh)
2798 {
2799 MapClient *client = g_malloc(sizeof(*client));
2800
2801 qemu_mutex_lock(&map_client_list_lock);
2802 client->bh = bh;
2803 QLIST_INSERT_HEAD(&map_client_list, client, link);
2804 if (!atomic_read(&bounce.in_use)) {
2805 cpu_notify_map_clients_locked();
2806 }
2807 qemu_mutex_unlock(&map_client_list_lock);
2808 }
2809
2810 void cpu_exec_init_all(void)
2811 {
2812 qemu_mutex_init(&ram_list.mutex);
2813 io_mem_init();
2814 memory_map_init();
2815 qemu_mutex_init(&map_client_list_lock);
2816 }
2817
2818 void cpu_unregister_map_client(QEMUBH *bh)
2819 {
2820 MapClient *client;
2821
2822 qemu_mutex_lock(&map_client_list_lock);
2823 QLIST_FOREACH(client, &map_client_list, link) {
2824 if (client->bh == bh) {
2825 cpu_unregister_map_client_do(client);
2826 break;
2827 }
2828 }
2829 qemu_mutex_unlock(&map_client_list_lock);
2830 }
2831
2832 static void cpu_notify_map_clients(void)
2833 {
2834 qemu_mutex_lock(&map_client_list_lock);
2835 cpu_notify_map_clients_locked();
2836 qemu_mutex_unlock(&map_client_list_lock);
2837 }
2838
2839 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2840 {
2841 MemoryRegion *mr;
2842 hwaddr l, xlat;
2843
2844 rcu_read_lock();
2845 while (len > 0) {
2846 l = len;
2847 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2848 if (!memory_access_is_direct(mr, is_write)) {
2849 l = memory_access_size(mr, l, addr);
2850 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2851 return false;
2852 }
2853 }
2854
2855 len -= l;
2856 addr += l;
2857 }
2858 rcu_read_unlock();
2859 return true;
2860 }
2861
2862 /* Map a physical memory region into a host virtual address.
2863 * May map a subset of the requested range, given by and returned in *plen.
2864 * May return NULL if resources needed to perform the mapping are exhausted.
2865 * Use only for reads OR writes - not for read-modify-write operations.
2866 * Use cpu_register_map_client() to know when retrying the map operation is
2867 * likely to succeed.
2868 */
2869 void *address_space_map(AddressSpace *as,
2870 hwaddr addr,
2871 hwaddr *plen,
2872 bool is_write)
2873 {
2874 hwaddr len = *plen;
2875 hwaddr done = 0;
2876 hwaddr l, xlat, base;
2877 MemoryRegion *mr, *this_mr;
2878 void *ptr;
2879
2880 if (len == 0) {
2881 return NULL;
2882 }
2883
2884 l = len;
2885 rcu_read_lock();
2886 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2887
2888 if (!memory_access_is_direct(mr, is_write)) {
2889 if (atomic_xchg(&bounce.in_use, true)) {
2890 rcu_read_unlock();
2891 return NULL;
2892 }
2893 /* Avoid unbounded allocations */
2894 l = MIN(l, TARGET_PAGE_SIZE);
2895 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2896 bounce.addr = addr;
2897 bounce.len = l;
2898
2899 memory_region_ref(mr);
2900 bounce.mr = mr;
2901 if (!is_write) {
2902 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2903 bounce.buffer, l);
2904 }
2905
2906 rcu_read_unlock();
2907 *plen = l;
2908 return bounce.buffer;
2909 }
2910
2911 base = xlat;
2912
2913 for (;;) {
2914 len -= l;
2915 addr += l;
2916 done += l;
2917 if (len == 0) {
2918 break;
2919 }
2920
2921 l = len;
2922 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2923 if (this_mr != mr || xlat != base + done) {
2924 break;
2925 }
2926 }
2927
2928 memory_region_ref(mr);
2929 *plen = done;
2930 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
2931 rcu_read_unlock();
2932
2933 return ptr;
2934 }
2935
2936 /* Unmaps a memory region previously mapped by address_space_map().
2937 * Will also mark the memory as dirty if is_write == 1. access_len gives
2938 * the amount of memory that was actually read or written by the caller.
2939 */
2940 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2941 int is_write, hwaddr access_len)
2942 {
2943 if (buffer != bounce.buffer) {
2944 MemoryRegion *mr;
2945 ram_addr_t addr1;
2946
2947 mr = memory_region_from_host(buffer, &addr1);
2948 assert(mr != NULL);
2949 if (is_write) {
2950 invalidate_and_set_dirty(mr, addr1, access_len);
2951 }
2952 if (xen_enabled()) {
2953 xen_invalidate_map_cache_entry(buffer);
2954 }
2955 memory_region_unref(mr);
2956 return;
2957 }
2958 if (is_write) {
2959 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2960 bounce.buffer, access_len);
2961 }
2962 qemu_vfree(bounce.buffer);
2963 bounce.buffer = NULL;
2964 memory_region_unref(bounce.mr);
2965 atomic_mb_set(&bounce.in_use, false);
2966 cpu_notify_map_clients();
2967 }
2968
2969 void *cpu_physical_memory_map(hwaddr addr,
2970 hwaddr *plen,
2971 int is_write)
2972 {
2973 return address_space_map(&address_space_memory, addr, plen, is_write);
2974 }
2975
2976 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2977 int is_write, hwaddr access_len)
2978 {
2979 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2980 }
2981
2982 /* warning: addr must be aligned */
2983 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs,
2985 MemTxResult *result,
2986 enum device_endian endian)
2987 {
2988 uint8_t *ptr;
2989 uint64_t val;
2990 MemoryRegion *mr;
2991 hwaddr l = 4;
2992 hwaddr addr1;
2993 MemTxResult r;
2994 bool release_lock = false;
2995
2996 rcu_read_lock();
2997 mr = address_space_translate(as, addr, &addr1, &l, false);
2998 if (l < 4 || !memory_access_is_direct(mr, false)) {
2999 release_lock |= prepare_mmio_access(mr);
3000
3001 /* I/O case */
3002 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3003 #if defined(TARGET_WORDS_BIGENDIAN)
3004 if (endian == DEVICE_LITTLE_ENDIAN) {
3005 val = bswap32(val);
3006 }
3007 #else
3008 if (endian == DEVICE_BIG_ENDIAN) {
3009 val = bswap32(val);
3010 }
3011 #endif
3012 } else {
3013 /* RAM case */
3014 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3015 switch (endian) {
3016 case DEVICE_LITTLE_ENDIAN:
3017 val = ldl_le_p(ptr);
3018 break;
3019 case DEVICE_BIG_ENDIAN:
3020 val = ldl_be_p(ptr);
3021 break;
3022 default:
3023 val = ldl_p(ptr);
3024 break;
3025 }
3026 r = MEMTX_OK;
3027 }
3028 if (result) {
3029 *result = r;
3030 }
3031 if (release_lock) {
3032 qemu_mutex_unlock_iothread();
3033 }
3034 rcu_read_unlock();
3035 return val;
3036 }
3037
3038 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3039 MemTxAttrs attrs, MemTxResult *result)
3040 {
3041 return address_space_ldl_internal(as, addr, attrs, result,
3042 DEVICE_NATIVE_ENDIAN);
3043 }
3044
3045 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3046 MemTxAttrs attrs, MemTxResult *result)
3047 {
3048 return address_space_ldl_internal(as, addr, attrs, result,
3049 DEVICE_LITTLE_ENDIAN);
3050 }
3051
3052 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3053 MemTxAttrs attrs, MemTxResult *result)
3054 {
3055 return address_space_ldl_internal(as, addr, attrs, result,
3056 DEVICE_BIG_ENDIAN);
3057 }
3058
3059 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3060 {
3061 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3062 }
3063
3064 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3065 {
3066 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3067 }
3068
3069 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3070 {
3071 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3072 }
3073
3074 /* warning: addr must be aligned */
3075 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3076 MemTxAttrs attrs,
3077 MemTxResult *result,
3078 enum device_endian endian)
3079 {
3080 uint8_t *ptr;
3081 uint64_t val;
3082 MemoryRegion *mr;
3083 hwaddr l = 8;
3084 hwaddr addr1;
3085 MemTxResult r;
3086 bool release_lock = false;
3087
3088 rcu_read_lock();
3089 mr = address_space_translate(as, addr, &addr1, &l,
3090 false);
3091 if (l < 8 || !memory_access_is_direct(mr, false)) {
3092 release_lock |= prepare_mmio_access(mr);
3093
3094 /* I/O case */
3095 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3096 #if defined(TARGET_WORDS_BIGENDIAN)
3097 if (endian == DEVICE_LITTLE_ENDIAN) {
3098 val = bswap64(val);
3099 }
3100 #else
3101 if (endian == DEVICE_BIG_ENDIAN) {
3102 val = bswap64(val);
3103 }
3104 #endif
3105 } else {
3106 /* RAM case */
3107 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3108 switch (endian) {
3109 case DEVICE_LITTLE_ENDIAN:
3110 val = ldq_le_p(ptr);
3111 break;
3112 case DEVICE_BIG_ENDIAN:
3113 val = ldq_be_p(ptr);
3114 break;
3115 default:
3116 val = ldq_p(ptr);
3117 break;
3118 }
3119 r = MEMTX_OK;
3120 }
3121 if (result) {
3122 *result = r;
3123 }
3124 if (release_lock) {
3125 qemu_mutex_unlock_iothread();
3126 }
3127 rcu_read_unlock();
3128 return val;
3129 }
3130
3131 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3132 MemTxAttrs attrs, MemTxResult *result)
3133 {
3134 return address_space_ldq_internal(as, addr, attrs, result,
3135 DEVICE_NATIVE_ENDIAN);
3136 }
3137
3138 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3139 MemTxAttrs attrs, MemTxResult *result)
3140 {
3141 return address_space_ldq_internal(as, addr, attrs, result,
3142 DEVICE_LITTLE_ENDIAN);
3143 }
3144
3145 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3146 MemTxAttrs attrs, MemTxResult *result)
3147 {
3148 return address_space_ldq_internal(as, addr, attrs, result,
3149 DEVICE_BIG_ENDIAN);
3150 }
3151
3152 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3153 {
3154 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3155 }
3156
3157 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3158 {
3159 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3160 }
3161
3162 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3163 {
3164 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3165 }
3166
3167 /* XXX: optimize */
3168 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3169 MemTxAttrs attrs, MemTxResult *result)
3170 {
3171 uint8_t val;
3172 MemTxResult r;
3173
3174 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3175 if (result) {
3176 *result = r;
3177 }
3178 return val;
3179 }
3180
3181 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3182 {
3183 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3184 }
3185
3186 /* warning: addr must be aligned */
3187 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3188 hwaddr addr,
3189 MemTxAttrs attrs,
3190 MemTxResult *result,
3191 enum device_endian endian)
3192 {
3193 uint8_t *ptr;
3194 uint64_t val;
3195 MemoryRegion *mr;
3196 hwaddr l = 2;
3197 hwaddr addr1;
3198 MemTxResult r;
3199 bool release_lock = false;
3200
3201 rcu_read_lock();
3202 mr = address_space_translate(as, addr, &addr1, &l,
3203 false);
3204 if (l < 2 || !memory_access_is_direct(mr, false)) {
3205 release_lock |= prepare_mmio_access(mr);
3206
3207 /* I/O case */
3208 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3209 #if defined(TARGET_WORDS_BIGENDIAN)
3210 if (endian == DEVICE_LITTLE_ENDIAN) {
3211 val = bswap16(val);
3212 }
3213 #else
3214 if (endian == DEVICE_BIG_ENDIAN) {
3215 val = bswap16(val);
3216 }
3217 #endif
3218 } else {
3219 /* RAM case */
3220 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3221 switch (endian) {
3222 case DEVICE_LITTLE_ENDIAN:
3223 val = lduw_le_p(ptr);
3224 break;
3225 case DEVICE_BIG_ENDIAN:
3226 val = lduw_be_p(ptr);
3227 break;
3228 default:
3229 val = lduw_p(ptr);
3230 break;
3231 }
3232 r = MEMTX_OK;
3233 }
3234 if (result) {
3235 *result = r;
3236 }
3237 if (release_lock) {
3238 qemu_mutex_unlock_iothread();
3239 }
3240 rcu_read_unlock();
3241 return val;
3242 }
3243
3244 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3245 MemTxAttrs attrs, MemTxResult *result)
3246 {
3247 return address_space_lduw_internal(as, addr, attrs, result,
3248 DEVICE_NATIVE_ENDIAN);
3249 }
3250
3251 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3252 MemTxAttrs attrs, MemTxResult *result)
3253 {
3254 return address_space_lduw_internal(as, addr, attrs, result,
3255 DEVICE_LITTLE_ENDIAN);
3256 }
3257
3258 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3259 MemTxAttrs attrs, MemTxResult *result)
3260 {
3261 return address_space_lduw_internal(as, addr, attrs, result,
3262 DEVICE_BIG_ENDIAN);
3263 }
3264
3265 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3266 {
3267 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3268 }
3269
3270 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3271 {
3272 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3273 }
3274
3275 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3276 {
3277 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3278 }
3279
3280 /* warning: addr must be aligned. The ram page is not masked as dirty
3281 and the code inside is not invalidated. It is useful if the dirty
3282 bits are used to track modified PTEs */
3283 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3284 MemTxAttrs attrs, MemTxResult *result)
3285 {
3286 uint8_t *ptr;
3287 MemoryRegion *mr;
3288 hwaddr l = 4;
3289 hwaddr addr1;
3290 MemTxResult r;
3291 uint8_t dirty_log_mask;
3292 bool release_lock = false;
3293
3294 rcu_read_lock();
3295 mr = address_space_translate(as, addr, &addr1, &l,
3296 true);
3297 if (l < 4 || !memory_access_is_direct(mr, true)) {
3298 release_lock |= prepare_mmio_access(mr);
3299
3300 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3301 } else {
3302 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3303 stl_p(ptr, val);
3304
3305 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3306 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3307 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3308 4, dirty_log_mask);
3309 r = MEMTX_OK;
3310 }
3311 if (result) {
3312 *result = r;
3313 }
3314 if (release_lock) {
3315 qemu_mutex_unlock_iothread();
3316 }
3317 rcu_read_unlock();
3318 }
3319
3320 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3321 {
3322 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3323 }
3324
3325 /* warning: addr must be aligned */
3326 static inline void address_space_stl_internal(AddressSpace *as,
3327 hwaddr addr, uint32_t val,
3328 MemTxAttrs attrs,
3329 MemTxResult *result,
3330 enum device_endian endian)
3331 {
3332 uint8_t *ptr;
3333 MemoryRegion *mr;
3334 hwaddr l = 4;
3335 hwaddr addr1;
3336 MemTxResult r;
3337 bool release_lock = false;
3338
3339 rcu_read_lock();
3340 mr = address_space_translate(as, addr, &addr1, &l,
3341 true);
3342 if (l < 4 || !memory_access_is_direct(mr, true)) {
3343 release_lock |= prepare_mmio_access(mr);
3344
3345 #if defined(TARGET_WORDS_BIGENDIAN)
3346 if (endian == DEVICE_LITTLE_ENDIAN) {
3347 val = bswap32(val);
3348 }
3349 #else
3350 if (endian == DEVICE_BIG_ENDIAN) {
3351 val = bswap32(val);
3352 }
3353 #endif
3354 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3355 } else {
3356 /* RAM case */
3357 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3358 switch (endian) {
3359 case DEVICE_LITTLE_ENDIAN:
3360 stl_le_p(ptr, val);
3361 break;
3362 case DEVICE_BIG_ENDIAN:
3363 stl_be_p(ptr, val);
3364 break;
3365 default:
3366 stl_p(ptr, val);
3367 break;
3368 }
3369 invalidate_and_set_dirty(mr, addr1, 4);
3370 r = MEMTX_OK;
3371 }
3372 if (result) {
3373 *result = r;
3374 }
3375 if (release_lock) {
3376 qemu_mutex_unlock_iothread();
3377 }
3378 rcu_read_unlock();
3379 }
3380
3381 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3382 MemTxAttrs attrs, MemTxResult *result)
3383 {
3384 address_space_stl_internal(as, addr, val, attrs, result,
3385 DEVICE_NATIVE_ENDIAN);
3386 }
3387
3388 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3389 MemTxAttrs attrs, MemTxResult *result)
3390 {
3391 address_space_stl_internal(as, addr, val, attrs, result,
3392 DEVICE_LITTLE_ENDIAN);
3393 }
3394
3395 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3396 MemTxAttrs attrs, MemTxResult *result)
3397 {
3398 address_space_stl_internal(as, addr, val, attrs, result,
3399 DEVICE_BIG_ENDIAN);
3400 }
3401
3402 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3403 {
3404 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3405 }
3406
3407 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3408 {
3409 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3410 }
3411
3412 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3413 {
3414 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3415 }
3416
3417 /* XXX: optimize */
3418 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3419 MemTxAttrs attrs, MemTxResult *result)
3420 {
3421 uint8_t v = val;
3422 MemTxResult r;
3423
3424 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3425 if (result) {
3426 *result = r;
3427 }
3428 }
3429
3430 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3431 {
3432 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3433 }
3434
3435 /* warning: addr must be aligned */
3436 static inline void address_space_stw_internal(AddressSpace *as,
3437 hwaddr addr, uint32_t val,
3438 MemTxAttrs attrs,
3439 MemTxResult *result,
3440 enum device_endian endian)
3441 {
3442 uint8_t *ptr;
3443 MemoryRegion *mr;
3444 hwaddr l = 2;
3445 hwaddr addr1;
3446 MemTxResult r;
3447 bool release_lock = false;
3448
3449 rcu_read_lock();
3450 mr = address_space_translate(as, addr, &addr1, &l, true);
3451 if (l < 2 || !memory_access_is_direct(mr, true)) {
3452 release_lock |= prepare_mmio_access(mr);
3453
3454 #if defined(TARGET_WORDS_BIGENDIAN)
3455 if (endian == DEVICE_LITTLE_ENDIAN) {
3456 val = bswap16(val);
3457 }
3458 #else
3459 if (endian == DEVICE_BIG_ENDIAN) {
3460 val = bswap16(val);
3461 }
3462 #endif
3463 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3464 } else {
3465 /* RAM case */
3466 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3467 switch (endian) {
3468 case DEVICE_LITTLE_ENDIAN:
3469 stw_le_p(ptr, val);
3470 break;
3471 case DEVICE_BIG_ENDIAN:
3472 stw_be_p(ptr, val);
3473 break;
3474 default:
3475 stw_p(ptr, val);
3476 break;
3477 }
3478 invalidate_and_set_dirty(mr, addr1, 2);
3479 r = MEMTX_OK;
3480 }
3481 if (result) {
3482 *result = r;
3483 }
3484 if (release_lock) {
3485 qemu_mutex_unlock_iothread();
3486 }
3487 rcu_read_unlock();
3488 }
3489
3490 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3491 MemTxAttrs attrs, MemTxResult *result)
3492 {
3493 address_space_stw_internal(as, addr, val, attrs, result,
3494 DEVICE_NATIVE_ENDIAN);
3495 }
3496
3497 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3498 MemTxAttrs attrs, MemTxResult *result)
3499 {
3500 address_space_stw_internal(as, addr, val, attrs, result,
3501 DEVICE_LITTLE_ENDIAN);
3502 }
3503
3504 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3505 MemTxAttrs attrs, MemTxResult *result)
3506 {
3507 address_space_stw_internal(as, addr, val, attrs, result,
3508 DEVICE_BIG_ENDIAN);
3509 }
3510
3511 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3512 {
3513 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3514 }
3515
3516 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3517 {
3518 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3519 }
3520
3521 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3522 {
3523 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3524 }
3525
3526 /* XXX: optimize */
3527 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3528 MemTxAttrs attrs, MemTxResult *result)
3529 {
3530 MemTxResult r;
3531 val = tswap64(val);
3532 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3533 if (result) {
3534 *result = r;
3535 }
3536 }
3537
3538 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3539 MemTxAttrs attrs, MemTxResult *result)
3540 {
3541 MemTxResult r;
3542 val = cpu_to_le64(val);
3543 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3544 if (result) {
3545 *result = r;
3546 }
3547 }
3548 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3549 MemTxAttrs attrs, MemTxResult *result)
3550 {
3551 MemTxResult r;
3552 val = cpu_to_be64(val);
3553 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3554 if (result) {
3555 *result = r;
3556 }
3557 }
3558
3559 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3560 {
3561 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3562 }
3563
3564 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3565 {
3566 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3567 }
3568
3569 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3570 {
3571 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3572 }
3573
3574 /* virtual memory access for debug (includes writing to ROM) */
3575 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3576 uint8_t *buf, int len, int is_write)
3577 {
3578 int l;
3579 hwaddr phys_addr;
3580 target_ulong page;
3581
3582 while (len > 0) {
3583 int asidx;
3584 MemTxAttrs attrs;
3585
3586 page = addr & TARGET_PAGE_MASK;
3587 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3588 asidx = cpu_asidx_from_attrs(cpu, attrs);
3589 /* if no physical page mapped, return an error */
3590 if (phys_addr == -1)
3591 return -1;
3592 l = (page + TARGET_PAGE_SIZE) - addr;
3593 if (l > len)
3594 l = len;
3595 phys_addr += (addr & ~TARGET_PAGE_MASK);
3596 if (is_write) {
3597 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3598 phys_addr, buf, l);
3599 } else {
3600 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3601 MEMTXATTRS_UNSPECIFIED,
3602 buf, l, 0);
3603 }
3604 len -= l;
3605 buf += l;
3606 addr += l;
3607 }
3608 return 0;
3609 }
3610
3611 /*
3612 * Allows code that needs to deal with migration bitmaps etc to still be built
3613 * target independent.
3614 */
3615 size_t qemu_target_page_bits(void)
3616 {
3617 return TARGET_PAGE_BITS;
3618 }
3619
3620 #endif
3621
3622 /*
3623 * A helper function for the _utterly broken_ virtio device model to find out if
3624 * it's running on a big endian machine. Don't do this at home kids!
3625 */
3626 bool target_words_bigendian(void);
3627 bool target_words_bigendian(void)
3628 {
3629 #if defined(TARGET_WORDS_BIGENDIAN)
3630 return true;
3631 #else
3632 return false;
3633 #endif
3634 }
3635
3636 #ifndef CONFIG_USER_ONLY
3637 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3638 {
3639 MemoryRegion*mr;
3640 hwaddr l = 1;
3641 bool res;
3642
3643 rcu_read_lock();
3644 mr = address_space_translate(&address_space_memory,
3645 phys_addr, &phys_addr, &l, false);
3646
3647 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3648 rcu_read_unlock();
3649 return res;
3650 }
3651
3652 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3653 {
3654 RAMBlock *block;
3655 int ret = 0;
3656
3657 rcu_read_lock();
3658 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3659 ret = func(block->idstr, block->host, block->offset,
3660 block->used_length, opaque);
3661 if (ret) {
3662 break;
3663 }
3664 }
3665 rcu_read_unlock();
3666 return ret;
3667 }
3668 #endif
QEMU mirror