]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
exec: fix coding style
[mirror_qemu.git] / exec.c
1 /*
2 * virtual page mapping and translated block handling
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "osdep.h"
33 #include "kvm.h"
34 #include "hw/xen.h"
35 #include "qemu-timer.h"
36 #include "memory.h"
37 #include "dma.h"
38 #include "exec-memory.h"
39 #if defined(CONFIG_USER_ONLY)
40 #include <qemu.h>
41 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
42 #include <sys/param.h>
43 #if __FreeBSD_version >= 700104
44 #define HAVE_KINFO_GETVMMAP
45 #define sigqueue sigqueue_freebsd /* avoid redefinition */
46 #include <sys/time.h>
47 #include <sys/proc.h>
48 #include <machine/profile.h>
49 #define _KERNEL
50 #include <sys/user.h>
51 #undef _KERNEL
52 #undef sigqueue
53 #include <libutil.h>
54 #endif
55 #endif
56 #else /* !CONFIG_USER_ONLY */
57 #include "xen-mapcache.h"
58 #include "trace.h"
59 #endif
60
61 #include "cputlb.h"
62
63 #include "memory-internal.h"
64
65 //#define DEBUG_TB_INVALIDATE
66 //#define DEBUG_FLUSH
67 //#define DEBUG_UNASSIGNED
68
69 /* make various TB consistency checks */
70 //#define DEBUG_TB_CHECK
71
72 //#define DEBUG_IOPORT
73 //#define DEBUG_SUBPAGE
74
75 #if !defined(CONFIG_USER_ONLY)
76 /* TB consistency checks only implemented for usermode emulation. */
77 #undef DEBUG_TB_CHECK
78 #endif
79
80 #define SMC_BITMAP_USE_THRESHOLD 10
81
82 /* Code generation and translation blocks */
83 static TranslationBlock *tbs;
84 static int code_gen_max_blocks;
85 TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
86 static int nb_tbs;
87 /* any access to the tbs or the page table must use this lock */
88 spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
89
90 uint8_t *code_gen_prologue;
91 static uint8_t *code_gen_buffer;
92 static size_t code_gen_buffer_size;
93 /* threshold to flush the translated code buffer */
94 static size_t code_gen_buffer_max_size;
95 static uint8_t *code_gen_ptr;
96
97 #if !defined(CONFIG_USER_ONLY)
98 int phys_ram_fd;
99 static int in_migration;
100
101 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
102
103 static MemoryRegion *system_memory;
104 static MemoryRegion *system_io;
105
106 AddressSpace address_space_io;
107 AddressSpace address_space_memory;
108 DMAContext dma_context_memory;
109
110 MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
111 static MemoryRegion io_mem_subpage_ram;
112
113 #endif
114
115 CPUArchState *first_cpu;
116 /* current CPU in the current thread. It is only valid inside
117 cpu_exec() */
118 DEFINE_TLS(CPUArchState *,cpu_single_env);
119 /* 0 = Do not count executed instructions.
120 1 = Precise instruction counting.
121 2 = Adaptive rate instruction counting. */
122 int use_icount = 0;
123
124 typedef struct PageDesc {
125 /* list of TBs intersecting this ram page */
126 TranslationBlock *first_tb;
127 /* in order to optimize self modifying code, we count the number
128 of lookups we do to a given page to use a bitmap */
129 unsigned int code_write_count;
130 uint8_t *code_bitmap;
131 #if defined(CONFIG_USER_ONLY)
132 unsigned long flags;
133 #endif
134 } PageDesc;
135
136 /* In system mode we want L1_MAP to be based on ram offsets,
137 while in user mode we want it to be based on virtual addresses. */
138 #if !defined(CONFIG_USER_ONLY)
139 #if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
140 # define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
141 #else
142 # define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
143 #endif
144 #else
145 # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
146 #endif
147
148 /* Size of the L2 (and L3, etc) page tables. */
149 #define L2_BITS 10
150 #define L2_SIZE (1 << L2_BITS)
151
152 #define P_L2_LEVELS \
153 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
154
155 /* The bits remaining after N lower levels of page tables. */
156 #define V_L1_BITS_REM \
157 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
158
159 #if V_L1_BITS_REM < 4
160 #define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
161 #else
162 #define V_L1_BITS V_L1_BITS_REM
163 #endif
164
165 #define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
166
167 #define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
168
169 uintptr_t qemu_real_host_page_size;
170 uintptr_t qemu_host_page_size;
171 uintptr_t qemu_host_page_mask;
172
173 /* This is a multi-level map on the virtual address space.
174 The bottom level has pointers to PageDesc. */
175 static void *l1_map[V_L1_SIZE];
176
177 #if !defined(CONFIG_USER_ONLY)
178
179 static MemoryRegionSection *phys_sections;
180 static unsigned phys_sections_nb, phys_sections_nb_alloc;
181 static uint16_t phys_section_unassigned;
182 static uint16_t phys_section_notdirty;
183 static uint16_t phys_section_rom;
184 static uint16_t phys_section_watch;
185
186 /* Simple allocator for PhysPageEntry nodes */
187 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
188 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
189
190 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
191
192 static void io_mem_init(void);
193 static void memory_map_init(void);
194 static void *qemu_safe_ram_ptr(ram_addr_t addr);
195
196 static MemoryRegion io_mem_watch;
197 #endif
198 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
199 tb_page_addr_t phys_page2);
200
201 /* statistics */
202 static int tb_flush_count;
203 static int tb_phys_invalidate_count;
204
205 #ifdef _WIN32
206 static inline void map_exec(void *addr, long size)
207 {
208 DWORD old_protect;
209 VirtualProtect(addr, size,
210 PAGE_EXECUTE_READWRITE, &old_protect);
211 }
212 #else
213 static inline void map_exec(void *addr, long size)
214 {
215 unsigned long start, end, page_size;
216
217 page_size = getpagesize();
218 start = (unsigned long)addr;
219 start &= ~(page_size - 1);
220
221 end = (unsigned long)addr + size;
222 end += page_size - 1;
223 end &= ~(page_size - 1);
224
225 mprotect((void *)start, end - start,
226 PROT_READ | PROT_WRITE | PROT_EXEC);
227 }
228 #endif
229
230 static void page_init(void)
231 {
232 /* NOTE: we can always suppose that qemu_host_page_size >=
233 TARGET_PAGE_SIZE */
234 #ifdef _WIN32
235 {
236 SYSTEM_INFO system_info;
237
238 GetSystemInfo(&system_info);
239 qemu_real_host_page_size = system_info.dwPageSize;
240 }
241 #else
242 qemu_real_host_page_size = getpagesize();
243 #endif
244 if (qemu_host_page_size == 0) {
245 qemu_host_page_size = qemu_real_host_page_size;
246 }
247 if (qemu_host_page_size < TARGET_PAGE_SIZE) {
248 qemu_host_page_size = TARGET_PAGE_SIZE;
249 }
250 qemu_host_page_mask = ~(qemu_host_page_size - 1);
251
252 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
253 {
254 #ifdef HAVE_KINFO_GETVMMAP
255 struct kinfo_vmentry *freep;
256 int i, cnt;
257
258 freep = kinfo_getvmmap(getpid(), &cnt);
259 if (freep) {
260 mmap_lock();
261 for (i = 0; i < cnt; i++) {
262 unsigned long startaddr, endaddr;
263
264 startaddr = freep[i].kve_start;
265 endaddr = freep[i].kve_end;
266 if (h2g_valid(startaddr)) {
267 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
268
269 if (h2g_valid(endaddr)) {
270 endaddr = h2g(endaddr);
271 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
272 } else {
273 #if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
274 endaddr = ~0ul;
275 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
276 #endif
277 }
278 }
279 }
280 free(freep);
281 mmap_unlock();
282 }
283 #else
284 FILE *f;
285
286 last_brk = (unsigned long)sbrk(0);
287
288 f = fopen("/compat/linux/proc/self/maps", "r");
289 if (f) {
290 mmap_lock();
291
292 do {
293 unsigned long startaddr, endaddr;
294 int n;
295
296 n = fscanf(f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
297
298 if (n == 2 && h2g_valid(startaddr)) {
299 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
300
301 if (h2g_valid(endaddr)) {
302 endaddr = h2g(endaddr);
303 } else {
304 endaddr = ~0ul;
305 }
306 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
307 }
308 } while (!feof(f));
309
310 fclose(f);
311 mmap_unlock();
312 }
313 #endif
314 }
315 #endif
316 }
317
318 static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
319 {
320 PageDesc *pd;
321 void **lp;
322 int i;
323
324 #if defined(CONFIG_USER_ONLY)
325 /* We can't use g_malloc because it may recurse into a locked mutex. */
326 # define ALLOC(P, SIZE) \
327 do { \
328 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
329 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
330 } while (0)
331 #else
332 # define ALLOC(P, SIZE) \
333 do { P = g_malloc0(SIZE); } while (0)
334 #endif
335
336 /* Level 1. Always allocated. */
337 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
338
339 /* Level 2..N-1. */
340 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
341 void **p = *lp;
342
343 if (p == NULL) {
344 if (!alloc) {
345 return NULL;
346 }
347 ALLOC(p, sizeof(void *) * L2_SIZE);
348 *lp = p;
349 }
350
351 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
352 }
353
354 pd = *lp;
355 if (pd == NULL) {
356 if (!alloc) {
357 return NULL;
358 }
359 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
360 *lp = pd;
361 }
362
363 #undef ALLOC
364
365 return pd + (index & (L2_SIZE - 1));
366 }
367
368 static inline PageDesc *page_find(tb_page_addr_t index)
369 {
370 return page_find_alloc(index, 0);
371 }
372
373 #if !defined(CONFIG_USER_ONLY)
374
375 static void phys_map_node_reserve(unsigned nodes)
376 {
377 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
378 typedef PhysPageEntry Node[L2_SIZE];
379 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
380 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
381 phys_map_nodes_nb + nodes);
382 phys_map_nodes = g_renew(Node, phys_map_nodes,
383 phys_map_nodes_nb_alloc);
384 }
385 }
386
387 static uint16_t phys_map_node_alloc(void)
388 {
389 unsigned i;
390 uint16_t ret;
391
392 ret = phys_map_nodes_nb++;
393 assert(ret != PHYS_MAP_NODE_NIL);
394 assert(ret != phys_map_nodes_nb_alloc);
395 for (i = 0; i < L2_SIZE; ++i) {
396 phys_map_nodes[ret][i].is_leaf = 0;
397 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
398 }
399 return ret;
400 }
401
402 static void phys_map_nodes_reset(void)
403 {
404 phys_map_nodes_nb = 0;
405 }
406
407
408 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
409 hwaddr *nb, uint16_t leaf,
410 int level)
411 {
412 PhysPageEntry *p;
413 int i;
414 hwaddr step = (hwaddr)1 << (level * L2_BITS);
415
416 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
417 lp->ptr = phys_map_node_alloc();
418 p = phys_map_nodes[lp->ptr];
419 if (level == 0) {
420 for (i = 0; i < L2_SIZE; i++) {
421 p[i].is_leaf = 1;
422 p[i].ptr = phys_section_unassigned;
423 }
424 }
425 } else {
426 p = phys_map_nodes[lp->ptr];
427 }
428 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
429
430 while (*nb && lp < &p[L2_SIZE]) {
431 if ((*index & (step - 1)) == 0 && *nb >= step) {
432 lp->is_leaf = true;
433 lp->ptr = leaf;
434 *index += step;
435 *nb -= step;
436 } else {
437 phys_page_set_level(lp, index, nb, leaf, level - 1);
438 }
439 ++lp;
440 }
441 }
442
443 static void phys_page_set(AddressSpaceDispatch *d,
444 hwaddr index, hwaddr nb,
445 uint16_t leaf)
446 {
447 /* Wildly overreserve - it doesn't matter much. */
448 phys_map_node_reserve(3 * P_L2_LEVELS);
449
450 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
451 }
452
453 MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
454 {
455 PhysPageEntry lp = d->phys_map;
456 PhysPageEntry *p;
457 int i;
458 uint16_t s_index = phys_section_unassigned;
459
460 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
461 if (lp.ptr == PHYS_MAP_NODE_NIL) {
462 goto not_found;
463 }
464 p = phys_map_nodes[lp.ptr];
465 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
466 }
467
468 s_index = lp.ptr;
469 not_found:
470 return &phys_sections[s_index];
471 }
472
473 bool memory_region_is_unassigned(MemoryRegion *mr)
474 {
475 return mr != &io_mem_ram && mr != &io_mem_rom
476 && mr != &io_mem_notdirty && !mr->rom_device
477 && mr != &io_mem_watch;
478 }
479
480 #define mmap_lock() do { } while(0)
481 #define mmap_unlock() do { } while(0)
482 #endif
483
484 #if defined(CONFIG_USER_ONLY)
485 /* Currently it is not recommended to allocate big chunks of data in
486 user mode. It will change when a dedicated libc will be used. */
487 /* ??? 64-bit hosts ought to have no problem mmaping data outside the
488 region in which the guest needs to run. Revisit this. */
489 #define USE_STATIC_CODE_GEN_BUFFER
490 #endif
491
492 /* ??? Should configure for this, not list operating systems here. */
493 #if (defined(__linux__) \
494 || defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
495 || defined(__DragonFly__) || defined(__OpenBSD__) \
496 || defined(__NetBSD__))
497 # define USE_MMAP
498 #endif
499
500 /* Minimum size of the code gen buffer. This number is randomly chosen,
501 but not so small that we can't have a fair number of TB's live. */
502 #define MIN_CODE_GEN_BUFFER_SIZE (1024u * 1024)
503
504 /* Maximum size of the code gen buffer we'd like to use. Unless otherwise
505 indicated, this is constrained by the range of direct branches on the
506 host cpu, as used by the TCG implementation of goto_tb. */
507 #if defined(__x86_64__)
508 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
509 #elif defined(__sparc__)
510 # define MAX_CODE_GEN_BUFFER_SIZE (2ul * 1024 * 1024 * 1024)
511 #elif defined(__arm__)
512 # define MAX_CODE_GEN_BUFFER_SIZE (16u * 1024 * 1024)
513 #elif defined(__s390x__)
514 /* We have a +- 4GB range on the branches; leave some slop. */
515 # define MAX_CODE_GEN_BUFFER_SIZE (3ul * 1024 * 1024 * 1024)
516 #else
517 # define MAX_CODE_GEN_BUFFER_SIZE ((size_t)-1)
518 #endif
519
520 #define DEFAULT_CODE_GEN_BUFFER_SIZE_1 (32u * 1024 * 1024)
521
522 #define DEFAULT_CODE_GEN_BUFFER_SIZE \
523 (DEFAULT_CODE_GEN_BUFFER_SIZE_1 < MAX_CODE_GEN_BUFFER_SIZE \
524 ? DEFAULT_CODE_GEN_BUFFER_SIZE_1 : MAX_CODE_GEN_BUFFER_SIZE)
525
526 static inline size_t size_code_gen_buffer(size_t tb_size)
527 {
528 /* Size the buffer. */
529 if (tb_size == 0) {
530 #ifdef USE_STATIC_CODE_GEN_BUFFER
531 tb_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
532 #else
533 /* ??? Needs adjustments. */
534 /* ??? If we relax the requirement that CONFIG_USER_ONLY use the
535 static buffer, we could size this on RESERVED_VA, on the text
536 segment size of the executable, or continue to use the default. */
537 tb_size = (unsigned long)(ram_size / 4);
538 #endif
539 }
540 if (tb_size < MIN_CODE_GEN_BUFFER_SIZE) {
541 tb_size = MIN_CODE_GEN_BUFFER_SIZE;
542 }
543 if (tb_size > MAX_CODE_GEN_BUFFER_SIZE) {
544 tb_size = MAX_CODE_GEN_BUFFER_SIZE;
545 }
546 code_gen_buffer_size = tb_size;
547 return tb_size;
548 }
549
550 #ifdef USE_STATIC_CODE_GEN_BUFFER
551 static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
552 __attribute__((aligned(CODE_GEN_ALIGN)));
553
554 static inline void *alloc_code_gen_buffer(void)
555 {
556 map_exec(static_code_gen_buffer, code_gen_buffer_size);
557 return static_code_gen_buffer;
558 }
559 #elif defined(USE_MMAP)
560 static inline void *alloc_code_gen_buffer(void)
561 {
562 int flags = MAP_PRIVATE | MAP_ANONYMOUS;
563 uintptr_t start = 0;
564 void *buf;
565
566 /* Constrain the position of the buffer based on the host cpu.
567 Note that these addresses are chosen in concert with the
568 addresses assigned in the relevant linker script file. */
569 # if defined(__PIE__) || defined(__PIC__)
570 /* Don't bother setting a preferred location if we're building
571 a position-independent executable. We're more likely to get
572 an address near the main executable if we let the kernel
573 choose the address. */
574 # elif defined(__x86_64__) && defined(MAP_32BIT)
575 /* Force the memory down into low memory with the executable.
576 Leave the choice of exact location with the kernel. */
577 flags |= MAP_32BIT;
578 /* Cannot expect to map more than 800MB in low memory. */
579 if (code_gen_buffer_size > 800u * 1024 * 1024) {
580 code_gen_buffer_size = 800u * 1024 * 1024;
581 }
582 # elif defined(__sparc__)
583 start = 0x40000000ul;
584 # elif defined(__s390x__)
585 start = 0x90000000ul;
586 # endif
587
588 buf = mmap((void *)start, code_gen_buffer_size,
589 PROT_WRITE | PROT_READ | PROT_EXEC, flags, -1, 0);
590 return buf == MAP_FAILED ? NULL : buf;
591 }
592 #else
593 static inline void *alloc_code_gen_buffer(void)
594 {
595 void *buf = g_malloc(code_gen_buffer_size);
596
597 if (buf) {
598 map_exec(buf, code_gen_buffer_size);
599 }
600 return buf;
601 }
602 #endif /* USE_STATIC_CODE_GEN_BUFFER, USE_MMAP */
603
604 static inline void code_gen_alloc(size_t tb_size)
605 {
606 code_gen_buffer_size = size_code_gen_buffer(tb_size);
607 code_gen_buffer = alloc_code_gen_buffer();
608 if (code_gen_buffer == NULL) {
609 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
610 exit(1);
611 }
612
613 qemu_madvise(code_gen_buffer, code_gen_buffer_size, QEMU_MADV_HUGEPAGE);
614
615 /* Steal room for the prologue at the end of the buffer. This ensures
616 (via the MAX_CODE_GEN_BUFFER_SIZE limits above) that direct branches
617 from TB's to the prologue are going to be in range. It also means
618 that we don't need to mark (additional) portions of the data segment
619 as executable. */
620 code_gen_prologue = code_gen_buffer + code_gen_buffer_size - 1024;
621 code_gen_buffer_size -= 1024;
622
623 code_gen_buffer_max_size = code_gen_buffer_size -
624 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
625 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
626 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
627 }
628
629 /* Must be called before using the QEMU cpus. 'tb_size' is the size
630 (in bytes) allocated to the translation buffer. Zero means default
631 size. */
632 void tcg_exec_init(unsigned long tb_size)
633 {
634 cpu_gen_init();
635 code_gen_alloc(tb_size);
636 code_gen_ptr = code_gen_buffer;
637 tcg_register_jit(code_gen_buffer, code_gen_buffer_size);
638 page_init();
639 #if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
640 /* There's no guest base to take into account, so go ahead and
641 initialize the prologue now. */
642 tcg_prologue_init(&tcg_ctx);
643 #endif
644 }
645
646 bool tcg_enabled(void)
647 {
648 return code_gen_buffer != NULL;
649 }
650
651 void cpu_exec_init_all(void)
652 {
653 #if !defined(CONFIG_USER_ONLY)
654 memory_map_init();
655 io_mem_init();
656 #endif
657 }
658
659 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
660
661 static int cpu_common_post_load(void *opaque, int version_id)
662 {
663 CPUArchState *env = opaque;
664
665 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
666 version_id is increased. */
667 env->interrupt_request &= ~0x01;
668 tlb_flush(env, 1);
669
670 return 0;
671 }
672
673 static const VMStateDescription vmstate_cpu_common = {
674 .name = "cpu_common",
675 .version_id = 1,
676 .minimum_version_id = 1,
677 .minimum_version_id_old = 1,
678 .post_load = cpu_common_post_load,
679 .fields = (VMStateField []) {
680 VMSTATE_UINT32(halted, CPUArchState),
681 VMSTATE_UINT32(interrupt_request, CPUArchState),
682 VMSTATE_END_OF_LIST()
683 }
684 };
685 #endif
686
687 CPUArchState *qemu_get_cpu(int cpu)
688 {
689 CPUArchState *env = first_cpu;
690
691 while (env) {
692 if (env->cpu_index == cpu)
693 break;
694 env = env->next_cpu;
695 }
696
697 return env;
698 }
699
700 void cpu_exec_init(CPUArchState *env)
701 {
702 #ifndef CONFIG_USER_ONLY
703 CPUState *cpu = ENV_GET_CPU(env);
704 #endif
705 CPUArchState **penv;
706 int cpu_index;
707
708 #if defined(CONFIG_USER_ONLY)
709 cpu_list_lock();
710 #endif
711 env->next_cpu = NULL;
712 penv = &first_cpu;
713 cpu_index = 0;
714 while (*penv != NULL) {
715 penv = &(*penv)->next_cpu;
716 cpu_index++;
717 }
718 env->cpu_index = cpu_index;
719 env->numa_node = 0;
720 QTAILQ_INIT(&env->breakpoints);
721 QTAILQ_INIT(&env->watchpoints);
722 #ifndef CONFIG_USER_ONLY
723 cpu->thread_id = qemu_get_thread_id();
724 #endif
725 *penv = env;
726 #if defined(CONFIG_USER_ONLY)
727 cpu_list_unlock();
728 #endif
729 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
730 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
731 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
732 cpu_save, cpu_load, env);
733 #endif
734 }
735
736 /* Allocate a new translation block. Flush the translation buffer if
737 too many translation blocks or too much generated code. */
738 static TranslationBlock *tb_alloc(target_ulong pc)
739 {
740 TranslationBlock *tb;
741
742 if (nb_tbs >= code_gen_max_blocks ||
743 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size) {
744 return NULL;
745 }
746 tb = &tbs[nb_tbs++];
747 tb->pc = pc;
748 tb->cflags = 0;
749 return tb;
750 }
751
752 void tb_free(TranslationBlock *tb)
753 {
754 /* In practice this is mostly used for single use temporary TB
755 Ignore the hard cases and just back up if this TB happens to
756 be the last one generated. */
757 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
758 code_gen_ptr = tb->tc_ptr;
759 nb_tbs--;
760 }
761 }
762
763 static inline void invalidate_page_bitmap(PageDesc *p)
764 {
765 if (p->code_bitmap) {
766 g_free(p->code_bitmap);
767 p->code_bitmap = NULL;
768 }
769 p->code_write_count = 0;
770 }
771
772 /* Set to NULL all the 'first_tb' fields in all PageDescs. */
773 static void page_flush_tb_1(int level, void **lp)
774 {
775 int i;
776
777 if (*lp == NULL) {
778 return;
779 }
780 if (level == 0) {
781 PageDesc *pd = *lp;
782
783 for (i = 0; i < L2_SIZE; ++i) {
784 pd[i].first_tb = NULL;
785 invalidate_page_bitmap(pd + i);
786 }
787 } else {
788 void **pp = *lp;
789
790 for (i = 0; i < L2_SIZE; ++i) {
791 page_flush_tb_1(level - 1, pp + i);
792 }
793 }
794 }
795
796 static void page_flush_tb(void)
797 {
798 int i;
799
800 for (i = 0; i < V_L1_SIZE; i++) {
801 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
802 }
803 }
804
805 /* flush all the translation blocks */
806 /* XXX: tb_flush is currently not thread safe */
807 void tb_flush(CPUArchState *env1)
808 {
809 CPUArchState *env;
810
811 #if defined(DEBUG_FLUSH)
812 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
813 (unsigned long)(code_gen_ptr - code_gen_buffer),
814 nb_tbs, nb_tbs > 0 ?
815 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
816 #endif
817 if ((unsigned long)(code_gen_ptr - code_gen_buffer)
818 > code_gen_buffer_size) {
819 cpu_abort(env1, "Internal error: code buffer overflow\n");
820 }
821 nb_tbs = 0;
822
823 for (env = first_cpu; env != NULL; env = env->next_cpu) {
824 memset(env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof(void *));
825 }
826
827 memset(tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof(void *));
828 page_flush_tb();
829
830 code_gen_ptr = code_gen_buffer;
831 /* XXX: flush processor icache at this point if cache flush is
832 expensive */
833 tb_flush_count++;
834 }
835
836 #ifdef DEBUG_TB_CHECK
837
838 static void tb_invalidate_check(target_ulong address)
839 {
840 TranslationBlock *tb;
841 int i;
842
843 address &= TARGET_PAGE_MASK;
844 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
845 for (tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
846 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
847 address >= tb->pc + tb->size)) {
848 printf("ERROR invalidate: address=" TARGET_FMT_lx
849 " PC=%08lx size=%04x\n",
850 address, (long)tb->pc, tb->size);
851 }
852 }
853 }
854 }
855
856 /* verify that all the pages have correct rights for code */
857 static void tb_page_check(void)
858 {
859 TranslationBlock *tb;
860 int i, flags1, flags2;
861
862 for (i = 0; i < CODE_GEN_PHYS_HASH_SIZE; i++) {
863 for (tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
864 flags1 = page_get_flags(tb->pc);
865 flags2 = page_get_flags(tb->pc + tb->size - 1);
866 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
867 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
868 (long)tb->pc, tb->size, flags1, flags2);
869 }
870 }
871 }
872 }
873
874 #endif
875
876
877 /* invalidate one TB */
878 static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
879 int next_offset)
880 {
881 TranslationBlock *tb1;
882
883 for (;;) {
884 tb1 = *ptb;
885 if (tb1 == tb) {
886 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
887 break;
888 }
889 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
890 }
891 }
892
893 static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
894 {
895 TranslationBlock *tb1;
896 unsigned int n1;
897
898 for (;;) {
899 tb1 = *ptb;
900 n1 = (uintptr_t)tb1 & 3;
901 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
902 if (tb1 == tb) {
903 *ptb = tb1->page_next[n1];
904 break;
905 }
906 ptb = &tb1->page_next[n1];
907 }
908 }
909
910 static inline void tb_jmp_remove(TranslationBlock *tb, int n)
911 {
912 TranslationBlock *tb1, **ptb;
913 unsigned int n1;
914
915 ptb = &tb->jmp_next[n];
916 tb1 = *ptb;
917 if (tb1) {
918 /* find tb(n) in circular list */
919 for (;;) {
920 tb1 = *ptb;
921 n1 = (uintptr_t)tb1 & 3;
922 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
923 if (n1 == n && tb1 == tb) {
924 break;
925 }
926 if (n1 == 2) {
927 ptb = &tb1->jmp_first;
928 } else {
929 ptb = &tb1->jmp_next[n1];
930 }
931 }
932 /* now we can suppress tb(n) from the list */
933 *ptb = tb->jmp_next[n];
934
935 tb->jmp_next[n] = NULL;
936 }
937 }
938
939 /* reset the jump entry 'n' of a TB so that it is not chained to
940 another TB */
941 static inline void tb_reset_jump(TranslationBlock *tb, int n)
942 {
943 tb_set_jmp_target(tb, n, (uintptr_t)(tb->tc_ptr + tb->tb_next_offset[n]));
944 }
945
946 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
947 {
948 CPUArchState *env;
949 PageDesc *p;
950 unsigned int h, n1;
951 tb_page_addr_t phys_pc;
952 TranslationBlock *tb1, *tb2;
953
954 /* remove the TB from the hash list */
955 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
956 h = tb_phys_hash_func(phys_pc);
957 tb_remove(&tb_phys_hash[h], tb,
958 offsetof(TranslationBlock, phys_hash_next));
959
960 /* remove the TB from the page list */
961 if (tb->page_addr[0] != page_addr) {
962 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
963 tb_page_remove(&p->first_tb, tb);
964 invalidate_page_bitmap(p);
965 }
966 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
967 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
968 tb_page_remove(&p->first_tb, tb);
969 invalidate_page_bitmap(p);
970 }
971
972 tb_invalidated_flag = 1;
973
974 /* remove the TB from the hash list */
975 h = tb_jmp_cache_hash_func(tb->pc);
976 for (env = first_cpu; env != NULL; env = env->next_cpu) {
977 if (env->tb_jmp_cache[h] == tb) {
978 env->tb_jmp_cache[h] = NULL;
979 }
980 }
981
982 /* suppress this TB from the two jump lists */
983 tb_jmp_remove(tb, 0);
984 tb_jmp_remove(tb, 1);
985
986 /* suppress any remaining jumps to this TB */
987 tb1 = tb->jmp_first;
988 for (;;) {
989 n1 = (uintptr_t)tb1 & 3;
990 if (n1 == 2) {
991 break;
992 }
993 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
994 tb2 = tb1->jmp_next[n1];
995 tb_reset_jump(tb1, n1);
996 tb1->jmp_next[n1] = NULL;
997 tb1 = tb2;
998 }
999 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2); /* fail safe */
1000
1001 tb_phys_invalidate_count++;
1002 }
1003
1004 static inline void set_bits(uint8_t *tab, int start, int len)
1005 {
1006 int end, mask, end1;
1007
1008 end = start + len;
1009 tab += start >> 3;
1010 mask = 0xff << (start & 7);
1011 if ((start & ~7) == (end & ~7)) {
1012 if (start < end) {
1013 mask &= ~(0xff << (end & 7));
1014 *tab |= mask;
1015 }
1016 } else {
1017 *tab++ |= mask;
1018 start = (start + 8) & ~7;
1019 end1 = end & ~7;
1020 while (start < end1) {
1021 *tab++ = 0xff;
1022 start += 8;
1023 }
1024 if (start < end) {
1025 mask = ~(0xff << (end & 7));
1026 *tab |= mask;
1027 }
1028 }
1029 }
1030
1031 static void build_page_bitmap(PageDesc *p)
1032 {
1033 int n, tb_start, tb_end;
1034 TranslationBlock *tb;
1035
1036 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
1037
1038 tb = p->first_tb;
1039 while (tb != NULL) {
1040 n = (uintptr_t)tb & 3;
1041 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1042 /* NOTE: this is subtle as a TB may span two physical pages */
1043 if (n == 0) {
1044 /* NOTE: tb_end may be after the end of the page, but
1045 it is not a problem */
1046 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1047 tb_end = tb_start + tb->size;
1048 if (tb_end > TARGET_PAGE_SIZE) {
1049 tb_end = TARGET_PAGE_SIZE;
1050 }
1051 } else {
1052 tb_start = 0;
1053 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1054 }
1055 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1056 tb = tb->page_next[n];
1057 }
1058 }
1059
1060 TranslationBlock *tb_gen_code(CPUArchState *env,
1061 target_ulong pc, target_ulong cs_base,
1062 int flags, int cflags)
1063 {
1064 TranslationBlock *tb;
1065 uint8_t *tc_ptr;
1066 tb_page_addr_t phys_pc, phys_page2;
1067 target_ulong virt_page2;
1068 int code_gen_size;
1069
1070 phys_pc = get_page_addr_code(env, pc);
1071 tb = tb_alloc(pc);
1072 if (!tb) {
1073 /* flush must be done */
1074 tb_flush(env);
1075 /* cannot fail at this point */
1076 tb = tb_alloc(pc);
1077 /* Don't forget to invalidate previous TB info. */
1078 tb_invalidated_flag = 1;
1079 }
1080 tc_ptr = code_gen_ptr;
1081 tb->tc_ptr = tc_ptr;
1082 tb->cs_base = cs_base;
1083 tb->flags = flags;
1084 tb->cflags = cflags;
1085 cpu_gen_code(env, tb, &code_gen_size);
1086 code_gen_ptr = (void *)(((uintptr_t)code_gen_ptr + code_gen_size +
1087 CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
1088
1089 /* check next page if needed */
1090 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
1091 phys_page2 = -1;
1092 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
1093 phys_page2 = get_page_addr_code(env, virt_page2);
1094 }
1095 tb_link_page(tb, phys_pc, phys_page2);
1096 return tb;
1097 }
1098
1099 /*
1100 * Invalidate all TBs which intersect with the target physical address range
1101 * [start;end[. NOTE: start and end may refer to *different* physical pages.
1102 * 'is_cpu_write_access' should be true if called from a real cpu write
1103 * access: the virtual CPU will exit the current TB if code is modified inside
1104 * this TB.
1105 */
1106 void tb_invalidate_phys_range(tb_page_addr_t start, tb_page_addr_t end,
1107 int is_cpu_write_access)
1108 {
1109 while (start < end) {
1110 tb_invalidate_phys_page_range(start, end, is_cpu_write_access);
1111 start &= TARGET_PAGE_MASK;
1112 start += TARGET_PAGE_SIZE;
1113 }
1114 }
1115
1116 /*
1117 * Invalidate all TBs which intersect with the target physical address range
1118 * [start;end[. NOTE: start and end must refer to the *same* physical page.
1119 * 'is_cpu_write_access' should be true if called from a real cpu write
1120 * access: the virtual CPU will exit the current TB if code is modified inside
1121 * this TB.
1122 */
1123 void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
1124 int is_cpu_write_access)
1125 {
1126 TranslationBlock *tb, *tb_next, *saved_tb;
1127 CPUArchState *env = cpu_single_env;
1128 tb_page_addr_t tb_start, tb_end;
1129 PageDesc *p;
1130 int n;
1131 #ifdef TARGET_HAS_PRECISE_SMC
1132 int current_tb_not_found = is_cpu_write_access;
1133 TranslationBlock *current_tb = NULL;
1134 int current_tb_modified = 0;
1135 target_ulong current_pc = 0;
1136 target_ulong current_cs_base = 0;
1137 int current_flags = 0;
1138 #endif /* TARGET_HAS_PRECISE_SMC */
1139
1140 p = page_find(start >> TARGET_PAGE_BITS);
1141 if (!p) {
1142 return;
1143 }
1144 if (!p->code_bitmap &&
1145 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1146 is_cpu_write_access) {
1147 /* build code bitmap */
1148 build_page_bitmap(p);
1149 }
1150
1151 /* we remove all the TBs in the range [start, end[ */
1152 /* XXX: see if in some cases it could be faster to invalidate all
1153 the code */
1154 tb = p->first_tb;
1155 while (tb != NULL) {
1156 n = (uintptr_t)tb & 3;
1157 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1158 tb_next = tb->page_next[n];
1159 /* NOTE: this is subtle as a TB may span two physical pages */
1160 if (n == 0) {
1161 /* NOTE: tb_end may be after the end of the page, but
1162 it is not a problem */
1163 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1164 tb_end = tb_start + tb->size;
1165 } else {
1166 tb_start = tb->page_addr[1];
1167 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1168 }
1169 if (!(tb_end <= start || tb_start >= end)) {
1170 #ifdef TARGET_HAS_PRECISE_SMC
1171 if (current_tb_not_found) {
1172 current_tb_not_found = 0;
1173 current_tb = NULL;
1174 if (env->mem_io_pc) {
1175 /* now we have a real cpu fault */
1176 current_tb = tb_find_pc(env->mem_io_pc);
1177 }
1178 }
1179 if (current_tb == tb &&
1180 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1181 /* If we are modifying the current TB, we must stop
1182 its execution. We could be more precise by checking
1183 that the modification is after the current PC, but it
1184 would require a specialized function to partially
1185 restore the CPU state */
1186
1187 current_tb_modified = 1;
1188 cpu_restore_state(current_tb, env, env->mem_io_pc);
1189 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1190 &current_flags);
1191 }
1192 #endif /* TARGET_HAS_PRECISE_SMC */
1193 /* we need to do that to handle the case where a signal
1194 occurs while doing tb_phys_invalidate() */
1195 saved_tb = NULL;
1196 if (env) {
1197 saved_tb = env->current_tb;
1198 env->current_tb = NULL;
1199 }
1200 tb_phys_invalidate(tb, -1);
1201 if (env) {
1202 env->current_tb = saved_tb;
1203 if (env->interrupt_request && env->current_tb) {
1204 cpu_interrupt(env, env->interrupt_request);
1205 }
1206 }
1207 }
1208 tb = tb_next;
1209 }
1210 #if !defined(CONFIG_USER_ONLY)
1211 /* if no code remaining, no need to continue to use slow writes */
1212 if (!p->first_tb) {
1213 invalidate_page_bitmap(p);
1214 if (is_cpu_write_access) {
1215 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
1216 }
1217 }
1218 #endif
1219 #ifdef TARGET_HAS_PRECISE_SMC
1220 if (current_tb_modified) {
1221 /* we generate a block containing just the instruction
1222 modifying the memory. It will ensure that it cannot modify
1223 itself */
1224 env->current_tb = NULL;
1225 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1226 cpu_resume_from_signal(env, NULL);
1227 }
1228 #endif
1229 }
1230
1231 /* len must be <= 8 and start must be a multiple of len */
1232 static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
1233 {
1234 PageDesc *p;
1235 int offset, b;
1236
1237 #if 0
1238 if (1) {
1239 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1240 cpu_single_env->mem_io_vaddr, len,
1241 cpu_single_env->eip,
1242 cpu_single_env->eip +
1243 (intptr_t)cpu_single_env->segs[R_CS].base);
1244 }
1245 #endif
1246 p = page_find(start >> TARGET_PAGE_BITS);
1247 if (!p) {
1248 return;
1249 }
1250 if (p->code_bitmap) {
1251 offset = start & ~TARGET_PAGE_MASK;
1252 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1253 if (b & ((1 << len) - 1)) {
1254 goto do_invalidate;
1255 }
1256 } else {
1257 do_invalidate:
1258 tb_invalidate_phys_page_range(start, start + len, 1);
1259 }
1260 }
1261
1262 #if !defined(CONFIG_SOFTMMU)
1263 static void tb_invalidate_phys_page(tb_page_addr_t addr,
1264 uintptr_t pc, void *puc)
1265 {
1266 TranslationBlock *tb;
1267 PageDesc *p;
1268 int n;
1269 #ifdef TARGET_HAS_PRECISE_SMC
1270 TranslationBlock *current_tb = NULL;
1271 CPUArchState *env = cpu_single_env;
1272 int current_tb_modified = 0;
1273 target_ulong current_pc = 0;
1274 target_ulong current_cs_base = 0;
1275 int current_flags = 0;
1276 #endif
1277
1278 addr &= TARGET_PAGE_MASK;
1279 p = page_find(addr >> TARGET_PAGE_BITS);
1280 if (!p) {
1281 return;
1282 }
1283 tb = p->first_tb;
1284 #ifdef TARGET_HAS_PRECISE_SMC
1285 if (tb && pc != 0) {
1286 current_tb = tb_find_pc(pc);
1287 }
1288 #endif
1289 while (tb != NULL) {
1290 n = (uintptr_t)tb & 3;
1291 tb = (TranslationBlock *)((uintptr_t)tb & ~3);
1292 #ifdef TARGET_HAS_PRECISE_SMC
1293 if (current_tb == tb &&
1294 (current_tb->cflags & CF_COUNT_MASK) != 1) {
1295 /* If we are modifying the current TB, we must stop
1296 its execution. We could be more precise by checking
1297 that the modification is after the current PC, but it
1298 would require a specialized function to partially
1299 restore the CPU state */
1300
1301 current_tb_modified = 1;
1302 cpu_restore_state(current_tb, env, pc);
1303 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1304 &current_flags);
1305 }
1306 #endif /* TARGET_HAS_PRECISE_SMC */
1307 tb_phys_invalidate(tb, addr);
1308 tb = tb->page_next[n];
1309 }
1310 p->first_tb = NULL;
1311 #ifdef TARGET_HAS_PRECISE_SMC
1312 if (current_tb_modified) {
1313 /* we generate a block containing just the instruction
1314 modifying the memory. It will ensure that it cannot modify
1315 itself */
1316 env->current_tb = NULL;
1317 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
1318 cpu_resume_from_signal(env, puc);
1319 }
1320 #endif
1321 }
1322 #endif
1323
1324 /* add the tb in the target page and protect it if necessary */
1325 static inline void tb_alloc_page(TranslationBlock *tb,
1326 unsigned int n, tb_page_addr_t page_addr)
1327 {
1328 PageDesc *p;
1329 #ifndef CONFIG_USER_ONLY
1330 bool page_already_protected;
1331 #endif
1332
1333 tb->page_addr[n] = page_addr;
1334 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
1335 tb->page_next[n] = p->first_tb;
1336 #ifndef CONFIG_USER_ONLY
1337 page_already_protected = p->first_tb != NULL;
1338 #endif
1339 p->first_tb = (TranslationBlock *)((uintptr_t)tb | n);
1340 invalidate_page_bitmap(p);
1341
1342 #if defined(TARGET_HAS_SMC) || 1
1343
1344 #if defined(CONFIG_USER_ONLY)
1345 if (p->flags & PAGE_WRITE) {
1346 target_ulong addr;
1347 PageDesc *p2;
1348 int prot;
1349
1350 /* force the host page as non writable (writes will have a
1351 page fault + mprotect overhead) */
1352 page_addr &= qemu_host_page_mask;
1353 prot = 0;
1354 for (addr = page_addr; addr < page_addr + qemu_host_page_size;
1355 addr += TARGET_PAGE_SIZE) {
1356
1357 p2 = page_find(addr >> TARGET_PAGE_BITS);
1358 if (!p2) {
1359 continue;
1360 }
1361 prot |= p2->flags;
1362 p2->flags &= ~PAGE_WRITE;
1363 }
1364 mprotect(g2h(page_addr), qemu_host_page_size,
1365 (prot & PAGE_BITS) & ~PAGE_WRITE);
1366 #ifdef DEBUG_TB_INVALIDATE
1367 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
1368 page_addr);
1369 #endif
1370 }
1371 #else
1372 /* if some code is already present, then the pages are already
1373 protected. So we handle the case where only the first TB is
1374 allocated in a physical page */
1375 if (!page_already_protected) {
1376 tlb_protect_code(page_addr);
1377 }
1378 #endif
1379
1380 #endif /* TARGET_HAS_SMC */
1381 }
1382
1383 /* add a new TB and link it to the physical page tables. phys_page2 is
1384 (-1) to indicate that only one page contains the TB. */
1385 static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
1386 tb_page_addr_t phys_page2)
1387 {
1388 unsigned int h;
1389 TranslationBlock **ptb;
1390
1391 /* Grab the mmap lock to stop another thread invalidating this TB
1392 before we are done. */
1393 mmap_lock();
1394 /* add in the physical hash table */
1395 h = tb_phys_hash_func(phys_pc);
1396 ptb = &tb_phys_hash[h];
1397 tb->phys_hash_next = *ptb;
1398 *ptb = tb;
1399
1400 /* add in the page list */
1401 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1402 if (phys_page2 != -1) {
1403 tb_alloc_page(tb, 1, phys_page2);
1404 } else {
1405 tb->page_addr[1] = -1;
1406 }
1407
1408 tb->jmp_first = (TranslationBlock *)((uintptr_t)tb | 2);
1409 tb->jmp_next[0] = NULL;
1410 tb->jmp_next[1] = NULL;
1411
1412 /* init original jump addresses */
1413 if (tb->tb_next_offset[0] != 0xffff) {
1414 tb_reset_jump(tb, 0);
1415 }
1416 if (tb->tb_next_offset[1] != 0xffff) {
1417 tb_reset_jump(tb, 1);
1418 }
1419
1420 #ifdef DEBUG_TB_CHECK
1421 tb_page_check();
1422 #endif
1423 mmap_unlock();
1424 }
1425
1426 #if defined(CONFIG_QEMU_LDST_OPTIMIZATION) && defined(CONFIG_SOFTMMU)
1427 /* check whether the given addr is in TCG generated code buffer or not */
1428 bool is_tcg_gen_code(uintptr_t tc_ptr)
1429 {
1430 /* This can be called during code generation, code_gen_buffer_max_size
1431 is used instead of code_gen_ptr for upper boundary checking */
1432 return (tc_ptr >= (uintptr_t)code_gen_buffer &&
1433 tc_ptr < (uintptr_t)(code_gen_buffer + code_gen_buffer_max_size));
1434 }
1435 #endif
1436
1437 /* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1438 tb[1].tc_ptr. Return NULL if not found */
1439 TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
1440 {
1441 int m_min, m_max, m;
1442 uintptr_t v;
1443 TranslationBlock *tb;
1444
1445 if (nb_tbs <= 0) {
1446 return NULL;
1447 }
1448 if (tc_ptr < (uintptr_t)code_gen_buffer ||
1449 tc_ptr >= (uintptr_t)code_gen_ptr) {
1450 return NULL;
1451 }
1452 /* binary search (cf Knuth) */
1453 m_min = 0;
1454 m_max = nb_tbs - 1;
1455 while (m_min <= m_max) {
1456 m = (m_min + m_max) >> 1;
1457 tb = &tbs[m];
1458 v = (uintptr_t)tb->tc_ptr;
1459 if (v == tc_ptr) {
1460 return tb;
1461 } else if (tc_ptr < v) {
1462 m_max = m - 1;
1463 } else {
1464 m_min = m + 1;
1465 }
1466 }
1467 return &tbs[m_max];
1468 }
1469
1470 static void tb_reset_jump_recursive(TranslationBlock *tb);
1471
1472 static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1473 {
1474 TranslationBlock *tb1, *tb_next, **ptb;
1475 unsigned int n1;
1476
1477 tb1 = tb->jmp_next[n];
1478 if (tb1 != NULL) {
1479 /* find head of list */
1480 for (;;) {
1481 n1 = (uintptr_t)tb1 & 3;
1482 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1483 if (n1 == 2) {
1484 break;
1485 }
1486 tb1 = tb1->jmp_next[n1];
1487 }
1488 /* we are now sure now that tb jumps to tb1 */
1489 tb_next = tb1;
1490
1491 /* remove tb from the jmp_first list */
1492 ptb = &tb_next->jmp_first;
1493 for (;;) {
1494 tb1 = *ptb;
1495 n1 = (uintptr_t)tb1 & 3;
1496 tb1 = (TranslationBlock *)((uintptr_t)tb1 & ~3);
1497 if (n1 == n && tb1 == tb) {
1498 break;
1499 }
1500 ptb = &tb1->jmp_next[n1];
1501 }
1502 *ptb = tb->jmp_next[n];
1503 tb->jmp_next[n] = NULL;
1504
1505 /* suppress the jump to next tb in generated code */
1506 tb_reset_jump(tb, n);
1507
1508 /* suppress jumps in the tb on which we could have jumped */
1509 tb_reset_jump_recursive(tb_next);
1510 }
1511 }
1512
1513 static void tb_reset_jump_recursive(TranslationBlock *tb)
1514 {
1515 tb_reset_jump_recursive2(tb, 0);
1516 tb_reset_jump_recursive2(tb, 1);
1517 }
1518
1519 #if defined(TARGET_HAS_ICE)
1520 #if defined(CONFIG_USER_ONLY)
1521 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1522 {
1523 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1524 }
1525 #else
1526 void tb_invalidate_phys_addr(hwaddr addr)
1527 {
1528 ram_addr_t ram_addr;
1529 MemoryRegionSection *section;
1530
1531 section = phys_page_find(address_space_memory.dispatch,
1532 addr >> TARGET_PAGE_BITS);
1533 if (!(memory_region_is_ram(section->mr)
1534 || (section->mr->rom_device && section->mr->readable))) {
1535 return;
1536 }
1537 ram_addr = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1538 + memory_region_section_addr(section, addr);
1539 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
1540 }
1541
1542 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
1543 {
1544 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
1545 (pc & ~TARGET_PAGE_MASK));
1546 }
1547 #endif
1548 #endif /* TARGET_HAS_ICE */
1549
1550 #if defined(CONFIG_USER_ONLY)
1551 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1552
1553 {
1554 }
1555
1556 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1557 int flags, CPUWatchpoint **watchpoint)
1558 {
1559 return -ENOSYS;
1560 }
1561 #else
1562 /* Add a watchpoint. */
1563 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
1564 int flags, CPUWatchpoint **watchpoint)
1565 {
1566 target_ulong len_mask = ~(len - 1);
1567 CPUWatchpoint *wp;
1568
1569 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1570 if ((len & (len - 1)) || (addr & ~len_mask) ||
1571 len == 0 || len > TARGET_PAGE_SIZE) {
1572 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1573 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1574 return -EINVAL;
1575 }
1576 wp = g_malloc(sizeof(*wp));
1577
1578 wp->vaddr = addr;
1579 wp->len_mask = len_mask;
1580 wp->flags = flags;
1581
1582 /* keep all GDB-injected watchpoints in front */
1583 if (flags & BP_GDB)
1584 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
1585 else
1586 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
1587
1588 tlb_flush_page(env, addr);
1589
1590 if (watchpoint)
1591 *watchpoint = wp;
1592 return 0;
1593 }
1594
1595 /* Remove a specific watchpoint. */
1596 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
1597 int flags)
1598 {
1599 target_ulong len_mask = ~(len - 1);
1600 CPUWatchpoint *wp;
1601
1602 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1603 if (addr == wp->vaddr && len_mask == wp->len_mask
1604 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
1605 cpu_watchpoint_remove_by_ref(env, wp);
1606 return 0;
1607 }
1608 }
1609 return -ENOENT;
1610 }
1611
1612 /* Remove a specific watchpoint by reference. */
1613 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
1614 {
1615 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
1616
1617 tlb_flush_page(env, watchpoint->vaddr);
1618
1619 g_free(watchpoint);
1620 }
1621
1622 /* Remove all matching watchpoints. */
1623 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
1624 {
1625 CPUWatchpoint *wp, *next;
1626
1627 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
1628 if (wp->flags & mask)
1629 cpu_watchpoint_remove_by_ref(env, wp);
1630 }
1631 }
1632 #endif
1633
1634 /* Add a breakpoint. */
1635 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
1636 CPUBreakpoint **breakpoint)
1637 {
1638 #if defined(TARGET_HAS_ICE)
1639 CPUBreakpoint *bp;
1640
1641 bp = g_malloc(sizeof(*bp));
1642
1643 bp->pc = pc;
1644 bp->flags = flags;
1645
1646 /* keep all GDB-injected breakpoints in front */
1647 if (flags & BP_GDB)
1648 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
1649 else
1650 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
1651
1652 breakpoint_invalidate(env, pc);
1653
1654 if (breakpoint)
1655 *breakpoint = bp;
1656 return 0;
1657 #else
1658 return -ENOSYS;
1659 #endif
1660 }
1661
1662 /* Remove a specific breakpoint. */
1663 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
1664 {
1665 #if defined(TARGET_HAS_ICE)
1666 CPUBreakpoint *bp;
1667
1668 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1669 if (bp->pc == pc && bp->flags == flags) {
1670 cpu_breakpoint_remove_by_ref(env, bp);
1671 return 0;
1672 }
1673 }
1674 return -ENOENT;
1675 #else
1676 return -ENOSYS;
1677 #endif
1678 }
1679
1680 /* Remove a specific breakpoint by reference. */
1681 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
1682 {
1683 #if defined(TARGET_HAS_ICE)
1684 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
1685
1686 breakpoint_invalidate(env, breakpoint->pc);
1687
1688 g_free(breakpoint);
1689 #endif
1690 }
1691
1692 /* Remove all matching breakpoints. */
1693 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
1694 {
1695 #if defined(TARGET_HAS_ICE)
1696 CPUBreakpoint *bp, *next;
1697
1698 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
1699 if (bp->flags & mask)
1700 cpu_breakpoint_remove_by_ref(env, bp);
1701 }
1702 #endif
1703 }
1704
1705 /* enable or disable single step mode. EXCP_DEBUG is returned by the
1706 CPU loop after each instruction */
1707 void cpu_single_step(CPUArchState *env, int enabled)
1708 {
1709 #if defined(TARGET_HAS_ICE)
1710 if (env->singlestep_enabled != enabled) {
1711 env->singlestep_enabled = enabled;
1712 if (kvm_enabled())
1713 kvm_update_guest_debug(env, 0);
1714 else {
1715 /* must flush all the translated code to avoid inconsistencies */
1716 /* XXX: only flush what is necessary */
1717 tb_flush(env);
1718 }
1719 }
1720 #endif
1721 }
1722
1723 static void cpu_unlink_tb(CPUArchState *env)
1724 {
1725 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1726 problem and hope the cpu will stop of its own accord. For userspace
1727 emulation this often isn't actually as bad as it sounds. Often
1728 signals are used primarily to interrupt blocking syscalls. */
1729 TranslationBlock *tb;
1730 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
1731
1732 spin_lock(&interrupt_lock);
1733 tb = env->current_tb;
1734 /* if the cpu is currently executing code, we must unlink it and
1735 all the potentially executing TB */
1736 if (tb) {
1737 env->current_tb = NULL;
1738 tb_reset_jump_recursive(tb);
1739 }
1740 spin_unlock(&interrupt_lock);
1741 }
1742
1743 #ifndef CONFIG_USER_ONLY
1744 /* mask must never be zero, except for A20 change call */
1745 static void tcg_handle_interrupt(CPUArchState *env, int mask)
1746 {
1747 CPUState *cpu = ENV_GET_CPU(env);
1748 int old_mask;
1749
1750 old_mask = env->interrupt_request;
1751 env->interrupt_request |= mask;
1752
1753 /*
1754 * If called from iothread context, wake the target cpu in
1755 * case its halted.
1756 */
1757 if (!qemu_cpu_is_self(cpu)) {
1758 qemu_cpu_kick(cpu);
1759 return;
1760 }
1761
1762 if (use_icount) {
1763 env->icount_decr.u16.high = 0xffff;
1764 if (!can_do_io(env)
1765 && (mask & ~old_mask) != 0) {
1766 cpu_abort(env, "Raised interrupt while not in I/O function");
1767 }
1768 } else {
1769 cpu_unlink_tb(env);
1770 }
1771 }
1772
1773 CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1774
1775 #else /* CONFIG_USER_ONLY */
1776
1777 void cpu_interrupt(CPUArchState *env, int mask)
1778 {
1779 env->interrupt_request |= mask;
1780 cpu_unlink_tb(env);
1781 }
1782 #endif /* CONFIG_USER_ONLY */
1783
1784 void cpu_reset_interrupt(CPUArchState *env, int mask)
1785 {
1786 env->interrupt_request &= ~mask;
1787 }
1788
1789 void cpu_exit(CPUArchState *env)
1790 {
1791 env->exit_request = 1;
1792 cpu_unlink_tb(env);
1793 }
1794
1795 void cpu_abort(CPUArchState *env, const char *fmt, ...)
1796 {
1797 va_list ap;
1798 va_list ap2;
1799
1800 va_start(ap, fmt);
1801 va_copy(ap2, ap);
1802 fprintf(stderr, "qemu: fatal: ");
1803 vfprintf(stderr, fmt, ap);
1804 fprintf(stderr, "\n");
1805 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
1806 if (qemu_log_enabled()) {
1807 qemu_log("qemu: fatal: ");
1808 qemu_log_vprintf(fmt, ap2);
1809 qemu_log("\n");
1810 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
1811 qemu_log_flush();
1812 qemu_log_close();
1813 }
1814 va_end(ap2);
1815 va_end(ap);
1816 #if defined(CONFIG_USER_ONLY)
1817 {
1818 struct sigaction act;
1819 sigfillset(&act.sa_mask);
1820 act.sa_handler = SIG_DFL;
1821 sigaction(SIGABRT, &act, NULL);
1822 }
1823 #endif
1824 abort();
1825 }
1826
1827 CPUArchState *cpu_copy(CPUArchState *env)
1828 {
1829 CPUArchState *new_env = cpu_init(env->cpu_model_str);
1830 CPUArchState *next_cpu = new_env->next_cpu;
1831 int cpu_index = new_env->cpu_index;
1832 #if defined(TARGET_HAS_ICE)
1833 CPUBreakpoint *bp;
1834 CPUWatchpoint *wp;
1835 #endif
1836
1837 memcpy(new_env, env, sizeof(CPUArchState));
1838
1839 /* Preserve chaining and index. */
1840 new_env->next_cpu = next_cpu;
1841 new_env->cpu_index = cpu_index;
1842
1843 /* Clone all break/watchpoints.
1844 Note: Once we support ptrace with hw-debug register access, make sure
1845 BP_CPU break/watchpoints are handled correctly on clone. */
1846 QTAILQ_INIT(&env->breakpoints);
1847 QTAILQ_INIT(&env->watchpoints);
1848 #if defined(TARGET_HAS_ICE)
1849 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
1850 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1851 }
1852 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1853 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1854 wp->flags, NULL);
1855 }
1856 #endif
1857
1858 return new_env;
1859 }
1860
1861 #if !defined(CONFIG_USER_ONLY)
1862 void tb_flush_jmp_cache(CPUArchState *env, target_ulong addr)
1863 {
1864 unsigned int i;
1865
1866 /* Discard jump cache entries for any tb which might potentially
1867 overlap the flushed page. */
1868 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1869 memset (&env->tb_jmp_cache[i], 0,
1870 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1871
1872 i = tb_jmp_cache_hash_page(addr);
1873 memset (&env->tb_jmp_cache[i], 0,
1874 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
1875 }
1876
1877 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
1878 uintptr_t length)
1879 {
1880 uintptr_t start1;
1881
1882 /* we modify the TLB cache so that the dirty bit will be set again
1883 when accessing the range */
1884 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
1885 /* Check that we don't span multiple blocks - this breaks the
1886 address comparisons below. */
1887 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
1888 != (end - 1) - start) {
1889 abort();
1890 }
1891 cpu_tlb_reset_dirty_all(start1, length);
1892
1893 }
1894
1895 /* Note: start and end must be within the same ram block. */
1896 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
1897 int dirty_flags)
1898 {
1899 uintptr_t length;
1900
1901 start &= TARGET_PAGE_MASK;
1902 end = TARGET_PAGE_ALIGN(end);
1903
1904 length = end - start;
1905 if (length == 0)
1906 return;
1907 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
1908
1909 if (tcg_enabled()) {
1910 tlb_reset_dirty_range_all(start, end, length);
1911 }
1912 }
1913
1914 static int cpu_physical_memory_set_dirty_tracking(int enable)
1915 {
1916 int ret = 0;
1917 in_migration = enable;
1918 return ret;
1919 }
1920
1921 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
1922 MemoryRegionSection *section,
1923 target_ulong vaddr,
1924 hwaddr paddr,
1925 int prot,
1926 target_ulong *address)
1927 {
1928 hwaddr iotlb;
1929 CPUWatchpoint *wp;
1930
1931 if (memory_region_is_ram(section->mr)) {
1932 /* Normal RAM. */
1933 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1934 + memory_region_section_addr(section, paddr);
1935 if (!section->readonly) {
1936 iotlb |= phys_section_notdirty;
1937 } else {
1938 iotlb |= phys_section_rom;
1939 }
1940 } else {
1941 /* IO handlers are currently passed a physical address.
1942 It would be nice to pass an offset from the base address
1943 of that region. This would avoid having to special case RAM,
1944 and avoid full address decoding in every device.
1945 We can't use the high bits of pd for this because
1946 IO_MEM_ROMD uses these as a ram address. */
1947 iotlb = section - phys_sections;
1948 iotlb += memory_region_section_addr(section, paddr);
1949 }
1950
1951 /* Make accesses to pages with watchpoints go via the
1952 watchpoint trap routines. */
1953 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1954 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
1955 /* Avoid trapping reads of pages with a write breakpoint. */
1956 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1957 iotlb = phys_section_watch + paddr;
1958 *address |= TLB_MMIO;
1959 break;
1960 }
1961 }
1962 }
1963
1964 return iotlb;
1965 }
1966
1967 #else
1968 /*
1969 * Walks guest process memory "regions" one by one
1970 * and calls callback function 'fn' for each region.
1971 */
1972 struct walk_memory_regions_data {
1973 walk_memory_regions_fn fn;
1974 void *priv;
1975 uintptr_t start;
1976 int prot;
1977 };
1978
1979 static int walk_memory_regions_end(struct walk_memory_regions_data *data,
1980 abi_ulong end, int new_prot)
1981 {
1982 if (data->start != -1ul) {
1983 int rc = data->fn(data->priv, data->start, end, data->prot);
1984 if (rc != 0) {
1985 return rc;
1986 }
1987 }
1988
1989 data->start = (new_prot ? end : -1ul);
1990 data->prot = new_prot;
1991
1992 return 0;
1993 }
1994
1995 static int walk_memory_regions_1(struct walk_memory_regions_data *data,
1996 abi_ulong base, int level, void **lp)
1997 {
1998 abi_ulong pa;
1999 int i, rc;
2000
2001 if (*lp == NULL) {
2002 return walk_memory_regions_end(data, base, 0);
2003 }
2004
2005 if (level == 0) {
2006 PageDesc *pd = *lp;
2007
2008 for (i = 0; i < L2_SIZE; ++i) {
2009 int prot = pd[i].flags;
2010
2011 pa = base | (i << TARGET_PAGE_BITS);
2012 if (prot != data->prot) {
2013 rc = walk_memory_regions_end(data, pa, prot);
2014 if (rc != 0) {
2015 return rc;
2016 }
2017 }
2018 }
2019 } else {
2020 void **pp = *lp;
2021
2022 for (i = 0; i < L2_SIZE; ++i) {
2023 pa = base | ((abi_ulong)i <<
2024 (TARGET_PAGE_BITS + L2_BITS * level));
2025 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2026 if (rc != 0) {
2027 return rc;
2028 }
2029 }
2030 }
2031
2032 return 0;
2033 }
2034
2035 int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2036 {
2037 struct walk_memory_regions_data data;
2038 uintptr_t i;
2039
2040 data.fn = fn;
2041 data.priv = priv;
2042 data.start = -1ul;
2043 data.prot = 0;
2044
2045 for (i = 0; i < V_L1_SIZE; i++) {
2046 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
2047 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2048
2049 if (rc != 0) {
2050 return rc;
2051 }
2052 }
2053
2054 return walk_memory_regions_end(&data, 0, 0);
2055 }
2056
2057 static int dump_region(void *priv, abi_ulong start,
2058 abi_ulong end, unsigned long prot)
2059 {
2060 FILE *f = (FILE *)priv;
2061
2062 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2063 " "TARGET_ABI_FMT_lx" %c%c%c\n",
2064 start, end, end - start,
2065 ((prot & PAGE_READ) ? 'r' : '-'),
2066 ((prot & PAGE_WRITE) ? 'w' : '-'),
2067 ((prot & PAGE_EXEC) ? 'x' : '-'));
2068
2069 return 0;
2070 }
2071
2072 /* dump memory mappings */
2073 void page_dump(FILE *f)
2074 {
2075 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2076 "start", "end", "size", "prot");
2077 walk_memory_regions(f, dump_region);
2078 }
2079
2080 int page_get_flags(target_ulong address)
2081 {
2082 PageDesc *p;
2083
2084 p = page_find(address >> TARGET_PAGE_BITS);
2085 if (!p) {
2086 return 0;
2087 }
2088 return p->flags;
2089 }
2090
2091 /* Modify the flags of a page and invalidate the code if necessary.
2092 The flag PAGE_WRITE_ORG is positioned automatically depending
2093 on PAGE_WRITE. The mmap_lock should already be held. */
2094 void page_set_flags(target_ulong start, target_ulong end, int flags)
2095 {
2096 target_ulong addr, len;
2097
2098 /* This function should never be called with addresses outside the
2099 guest address space. If this assert fires, it probably indicates
2100 a missing call to h2g_valid. */
2101 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2102 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2103 #endif
2104 assert(start < end);
2105
2106 start = start & TARGET_PAGE_MASK;
2107 end = TARGET_PAGE_ALIGN(end);
2108
2109 if (flags & PAGE_WRITE) {
2110 flags |= PAGE_WRITE_ORG;
2111 }
2112
2113 for (addr = start, len = end - start;
2114 len != 0;
2115 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2116 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2117
2118 /* If the write protection bit is set, then we invalidate
2119 the code inside. */
2120 if (!(p->flags & PAGE_WRITE) &&
2121 (flags & PAGE_WRITE) &&
2122 p->first_tb) {
2123 tb_invalidate_phys_page(addr, 0, NULL);
2124 }
2125 p->flags = flags;
2126 }
2127 }
2128
2129 int page_check_range(target_ulong start, target_ulong len, int flags)
2130 {
2131 PageDesc *p;
2132 target_ulong end;
2133 target_ulong addr;
2134
2135 /* This function should never be called with addresses outside the
2136 guest address space. If this assert fires, it probably indicates
2137 a missing call to h2g_valid. */
2138 #if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2139 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
2140 #endif
2141
2142 if (len == 0) {
2143 return 0;
2144 }
2145 if (start + len - 1 < start) {
2146 /* We've wrapped around. */
2147 return -1;
2148 }
2149
2150 /* must do before we loose bits in the next step */
2151 end = TARGET_PAGE_ALIGN(start + len);
2152 start = start & TARGET_PAGE_MASK;
2153
2154 for (addr = start, len = end - start;
2155 len != 0;
2156 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2157 p = page_find(addr >> TARGET_PAGE_BITS);
2158 if (!p) {
2159 return -1;
2160 }
2161 if (!(p->flags & PAGE_VALID)) {
2162 return -1;
2163 }
2164
2165 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ)) {
2166 return -1;
2167 }
2168 if (flags & PAGE_WRITE) {
2169 if (!(p->flags & PAGE_WRITE_ORG)) {
2170 return -1;
2171 }
2172 /* unprotect the page if it was put read-only because it
2173 contains translated code */
2174 if (!(p->flags & PAGE_WRITE)) {
2175 if (!page_unprotect(addr, 0, NULL)) {
2176 return -1;
2177 }
2178 }
2179 return 0;
2180 }
2181 }
2182 return 0;
2183 }
2184
2185 /* called from signal handler: invalidate the code and unprotect the
2186 page. Return TRUE if the fault was successfully handled. */
2187 int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
2188 {
2189 unsigned int prot;
2190 PageDesc *p;
2191 target_ulong host_start, host_end, addr;
2192
2193 /* Technically this isn't safe inside a signal handler. However we
2194 know this only ever happens in a synchronous SEGV handler, so in
2195 practice it seems to be ok. */
2196 mmap_lock();
2197
2198 p = page_find(address >> TARGET_PAGE_BITS);
2199 if (!p) {
2200 mmap_unlock();
2201 return 0;
2202 }
2203
2204 /* if the page was really writable, then we change its
2205 protection back to writable */
2206 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2207 host_start = address & qemu_host_page_mask;
2208 host_end = host_start + qemu_host_page_size;
2209
2210 prot = 0;
2211 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2212 p = page_find(addr >> TARGET_PAGE_BITS);
2213 p->flags |= PAGE_WRITE;
2214 prot |= p->flags;
2215
2216 /* and since the content will be modified, we must invalidate
2217 the corresponding translated code. */
2218 tb_invalidate_phys_page(addr, pc, puc);
2219 #ifdef DEBUG_TB_CHECK
2220 tb_invalidate_check(addr);
2221 #endif
2222 }
2223 mprotect((void *)g2h(host_start), qemu_host_page_size,
2224 prot & PAGE_BITS);
2225
2226 mmap_unlock();
2227 return 1;
2228 }
2229 mmap_unlock();
2230 return 0;
2231 }
2232 #endif /* defined(CONFIG_USER_ONLY) */
2233
2234 #if !defined(CONFIG_USER_ONLY)
2235
2236 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2237 typedef struct subpage_t {
2238 MemoryRegion iomem;
2239 hwaddr base;
2240 uint16_t sub_section[TARGET_PAGE_SIZE];
2241 } subpage_t;
2242
2243 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2244 uint16_t section);
2245 static subpage_t *subpage_init(hwaddr base);
2246 static void destroy_page_desc(uint16_t section_index)
2247 {
2248 MemoryRegionSection *section = &phys_sections[section_index];
2249 MemoryRegion *mr = section->mr;
2250
2251 if (mr->subpage) {
2252 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2253 memory_region_destroy(&subpage->iomem);
2254 g_free(subpage);
2255 }
2256 }
2257
2258 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
2259 {
2260 unsigned i;
2261 PhysPageEntry *p;
2262
2263 if (lp->ptr == PHYS_MAP_NODE_NIL) {
2264 return;
2265 }
2266
2267 p = phys_map_nodes[lp->ptr];
2268 for (i = 0; i < L2_SIZE; ++i) {
2269 if (!p[i].is_leaf) {
2270 destroy_l2_mapping(&p[i], level - 1);
2271 } else {
2272 destroy_page_desc(p[i].ptr);
2273 }
2274 }
2275 lp->is_leaf = 0;
2276 lp->ptr = PHYS_MAP_NODE_NIL;
2277 }
2278
2279 static void destroy_all_mappings(AddressSpaceDispatch *d)
2280 {
2281 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
2282 phys_map_nodes_reset();
2283 }
2284
2285 static uint16_t phys_section_add(MemoryRegionSection *section)
2286 {
2287 if (phys_sections_nb == phys_sections_nb_alloc) {
2288 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2289 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2290 phys_sections_nb_alloc);
2291 }
2292 phys_sections[phys_sections_nb] = *section;
2293 return phys_sections_nb++;
2294 }
2295
2296 static void phys_sections_clear(void)
2297 {
2298 phys_sections_nb = 0;
2299 }
2300
2301 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
2302 {
2303 subpage_t *subpage;
2304 hwaddr base = section->offset_within_address_space
2305 & TARGET_PAGE_MASK;
2306 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
2307 MemoryRegionSection subsection = {
2308 .offset_within_address_space = base,
2309 .size = TARGET_PAGE_SIZE,
2310 };
2311 hwaddr start, end;
2312
2313 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
2314
2315 if (!(existing->mr->subpage)) {
2316 subpage = subpage_init(base);
2317 subsection.mr = &subpage->iomem;
2318 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
2319 phys_section_add(&subsection));
2320 } else {
2321 subpage = container_of(existing->mr, subpage_t, iomem);
2322 }
2323 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2324 end = start + section->size - 1;
2325 subpage_register(subpage, start, end, phys_section_add(section));
2326 }
2327
2328
2329 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
2330 {
2331 hwaddr start_addr = section->offset_within_address_space;
2332 ram_addr_t size = section->size;
2333 hwaddr addr;
2334 uint16_t section_index = phys_section_add(section);
2335
2336 assert(size);
2337
2338 addr = start_addr;
2339 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
2340 section_index);
2341 }
2342
2343 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
2344 {
2345 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
2346 MemoryRegionSection now = *section, remain = *section;
2347
2348 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2349 || (now.size < TARGET_PAGE_SIZE)) {
2350 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2351 - now.offset_within_address_space,
2352 now.size);
2353 register_subpage(d, &now);
2354 remain.size -= now.size;
2355 remain.offset_within_address_space += now.size;
2356 remain.offset_within_region += now.size;
2357 }
2358 while (remain.size >= TARGET_PAGE_SIZE) {
2359 now = remain;
2360 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
2361 now.size = TARGET_PAGE_SIZE;
2362 register_subpage(d, &now);
2363 } else {
2364 now.size &= TARGET_PAGE_MASK;
2365 register_multipage(d, &now);
2366 }
2367 remain.size -= now.size;
2368 remain.offset_within_address_space += now.size;
2369 remain.offset_within_region += now.size;
2370 }
2371 now = remain;
2372 if (now.size) {
2373 register_subpage(d, &now);
2374 }
2375 }
2376
2377 void qemu_flush_coalesced_mmio_buffer(void)
2378 {
2379 if (kvm_enabled())
2380 kvm_flush_coalesced_mmio_buffer();
2381 }
2382
2383 #if defined(__linux__) && !defined(TARGET_S390X)
2384
2385 #include <sys/vfs.h>
2386
2387 #define HUGETLBFS_MAGIC 0x958458f6
2388
2389 static long gethugepagesize(const char *path)
2390 {
2391 struct statfs fs;
2392 int ret;
2393
2394 do {
2395 ret = statfs(path, &fs);
2396 } while (ret != 0 && errno == EINTR);
2397
2398 if (ret != 0) {
2399 perror(path);
2400 return 0;
2401 }
2402
2403 if (fs.f_type != HUGETLBFS_MAGIC)
2404 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
2405
2406 return fs.f_bsize;
2407 }
2408
2409 static void *file_ram_alloc(RAMBlock *block,
2410 ram_addr_t memory,
2411 const char *path)
2412 {
2413 char *filename;
2414 void *area;
2415 int fd;
2416 #ifdef MAP_POPULATE
2417 int flags;
2418 #endif
2419 unsigned long hpagesize;
2420
2421 hpagesize = gethugepagesize(path);
2422 if (!hpagesize) {
2423 return NULL;
2424 }
2425
2426 if (memory < hpagesize) {
2427 return NULL;
2428 }
2429
2430 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2431 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2432 return NULL;
2433 }
2434
2435 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
2436 return NULL;
2437 }
2438
2439 fd = mkstemp(filename);
2440 if (fd < 0) {
2441 perror("unable to create backing store for hugepages");
2442 free(filename);
2443 return NULL;
2444 }
2445 unlink(filename);
2446 free(filename);
2447
2448 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2449
2450 /*
2451 * ftruncate is not supported by hugetlbfs in older
2452 * hosts, so don't bother bailing out on errors.
2453 * If anything goes wrong with it under other filesystems,
2454 * mmap will fail.
2455 */
2456 if (ftruncate(fd, memory))
2457 perror("ftruncate");
2458
2459 #ifdef MAP_POPULATE
2460 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2461 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2462 * to sidestep this quirk.
2463 */
2464 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2465 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2466 #else
2467 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2468 #endif
2469 if (area == MAP_FAILED) {
2470 perror("file_ram_alloc: can't mmap RAM pages");
2471 close(fd);
2472 return (NULL);
2473 }
2474 block->fd = fd;
2475 return area;
2476 }
2477 #endif
2478
2479 static ram_addr_t find_ram_offset(ram_addr_t size)
2480 {
2481 RAMBlock *block, *next_block;
2482 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
2483
2484 if (QLIST_EMPTY(&ram_list.blocks))
2485 return 0;
2486
2487 QLIST_FOREACH(block, &ram_list.blocks, next) {
2488 ram_addr_t end, next = RAM_ADDR_MAX;
2489
2490 end = block->offset + block->length;
2491
2492 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2493 if (next_block->offset >= end) {
2494 next = MIN(next, next_block->offset);
2495 }
2496 }
2497 if (next - end >= size && next - end < mingap) {
2498 offset = end;
2499 mingap = next - end;
2500 }
2501 }
2502
2503 if (offset == RAM_ADDR_MAX) {
2504 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2505 (uint64_t)size);
2506 abort();
2507 }
2508
2509 return offset;
2510 }
2511
2512 ram_addr_t last_ram_offset(void)
2513 {
2514 RAMBlock *block;
2515 ram_addr_t last = 0;
2516
2517 QLIST_FOREACH(block, &ram_list.blocks, next)
2518 last = MAX(last, block->offset + block->length);
2519
2520 return last;
2521 }
2522
2523 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
2524 {
2525 int ret;
2526 QemuOpts *machine_opts;
2527
2528 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
2529 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2530 if (machine_opts &&
2531 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
2532 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
2533 if (ret) {
2534 perror("qemu_madvise");
2535 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
2536 "but dump_guest_core=off specified\n");
2537 }
2538 }
2539 }
2540
2541 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
2542 {
2543 RAMBlock *new_block, *block;
2544
2545 new_block = NULL;
2546 QLIST_FOREACH(block, &ram_list.blocks, next) {
2547 if (block->offset == addr) {
2548 new_block = block;
2549 break;
2550 }
2551 }
2552 assert(new_block);
2553 assert(!new_block->idstr[0]);
2554
2555 if (dev) {
2556 char *id = qdev_get_dev_path(dev);
2557 if (id) {
2558 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
2559 g_free(id);
2560 }
2561 }
2562 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2563
2564 QLIST_FOREACH(block, &ram_list.blocks, next) {
2565 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
2566 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2567 new_block->idstr);
2568 abort();
2569 }
2570 }
2571 }
2572
2573 static int memory_try_enable_merging(void *addr, size_t len)
2574 {
2575 QemuOpts *opts;
2576
2577 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
2578 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
2579 /* disabled by the user */
2580 return 0;
2581 }
2582
2583 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
2584 }
2585
2586 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2587 MemoryRegion *mr)
2588 {
2589 RAMBlock *new_block;
2590
2591 size = TARGET_PAGE_ALIGN(size);
2592 new_block = g_malloc0(sizeof(*new_block));
2593
2594 new_block->mr = mr;
2595 new_block->offset = find_ram_offset(size);
2596 if (host) {
2597 new_block->host = host;
2598 new_block->flags |= RAM_PREALLOC_MASK;
2599 } else {
2600 if (mem_path) {
2601 #if defined (__linux__) && !defined(TARGET_S390X)
2602 new_block->host = file_ram_alloc(new_block, size, mem_path);
2603 if (!new_block->host) {
2604 new_block->host = qemu_vmalloc(size);
2605 memory_try_enable_merging(new_block->host, size);
2606 }
2607 #else
2608 fprintf(stderr, "-mem-path option unsupported\n");
2609 exit(1);
2610 #endif
2611 } else {
2612 if (xen_enabled()) {
2613 xen_ram_alloc(new_block->offset, size, mr);
2614 } else if (kvm_enabled()) {
2615 /* some s390/kvm configurations have special constraints */
2616 new_block->host = kvm_vmalloc(size);
2617 } else {
2618 new_block->host = qemu_vmalloc(size);
2619 }
2620 memory_try_enable_merging(new_block->host, size);
2621 }
2622 }
2623 new_block->length = size;
2624
2625 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
2626
2627 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
2628 last_ram_offset() >> TARGET_PAGE_BITS);
2629 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
2630 0, size >> TARGET_PAGE_BITS);
2631 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
2632
2633 qemu_ram_setup_dump(new_block->host, size);
2634 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
2635
2636 if (kvm_enabled())
2637 kvm_setup_guest_memory(new_block->host, size);
2638
2639 return new_block->offset;
2640 }
2641
2642 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
2643 {
2644 return qemu_ram_alloc_from_ptr(size, NULL, mr);
2645 }
2646
2647 void qemu_ram_free_from_ptr(ram_addr_t addr)
2648 {
2649 RAMBlock *block;
2650
2651 QLIST_FOREACH(block, &ram_list.blocks, next) {
2652 if (addr == block->offset) {
2653 QLIST_REMOVE(block, next);
2654 g_free(block);
2655 return;
2656 }
2657 }
2658 }
2659
2660 void qemu_ram_free(ram_addr_t addr)
2661 {
2662 RAMBlock *block;
2663
2664 QLIST_FOREACH(block, &ram_list.blocks, next) {
2665 if (addr == block->offset) {
2666 QLIST_REMOVE(block, next);
2667 if (block->flags & RAM_PREALLOC_MASK) {
2668 ;
2669 } else if (mem_path) {
2670 #if defined (__linux__) && !defined(TARGET_S390X)
2671 if (block->fd) {
2672 munmap(block->host, block->length);
2673 close(block->fd);
2674 } else {
2675 qemu_vfree(block->host);
2676 }
2677 #else
2678 abort();
2679 #endif
2680 } else {
2681 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2682 munmap(block->host, block->length);
2683 #else
2684 if (xen_enabled()) {
2685 xen_invalidate_map_cache_entry(block->host);
2686 } else {
2687 qemu_vfree(block->host);
2688 }
2689 #endif
2690 }
2691 g_free(block);
2692 return;
2693 }
2694 }
2695
2696 }
2697
2698 #ifndef _WIN32
2699 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2700 {
2701 RAMBlock *block;
2702 ram_addr_t offset;
2703 int flags;
2704 void *area, *vaddr;
2705
2706 QLIST_FOREACH(block, &ram_list.blocks, next) {
2707 offset = addr - block->offset;
2708 if (offset < block->length) {
2709 vaddr = block->host + offset;
2710 if (block->flags & RAM_PREALLOC_MASK) {
2711 ;
2712 } else {
2713 flags = MAP_FIXED;
2714 munmap(vaddr, length);
2715 if (mem_path) {
2716 #if defined(__linux__) && !defined(TARGET_S390X)
2717 if (block->fd) {
2718 #ifdef MAP_POPULATE
2719 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
2720 MAP_PRIVATE;
2721 #else
2722 flags |= MAP_PRIVATE;
2723 #endif
2724 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2725 flags, block->fd, offset);
2726 } else {
2727 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2728 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2729 flags, -1, 0);
2730 }
2731 #else
2732 abort();
2733 #endif
2734 } else {
2735 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
2736 flags |= MAP_SHARED | MAP_ANONYMOUS;
2737 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
2738 flags, -1, 0);
2739 #else
2740 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
2741 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
2742 flags, -1, 0);
2743 #endif
2744 }
2745 if (area != vaddr) {
2746 fprintf(stderr, "Could not remap addr: "
2747 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
2748 length, addr);
2749 exit(1);
2750 }
2751 memory_try_enable_merging(vaddr, length);
2752 qemu_ram_setup_dump(vaddr, length);
2753 }
2754 return;
2755 }
2756 }
2757 }
2758 #endif /* !_WIN32 */
2759
2760 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2761 With the exception of the softmmu code in this file, this should
2762 only be used for local memory (e.g. video ram) that the device owns,
2763 and knows it isn't going to access beyond the end of the block.
2764
2765 It should not be used for general purpose DMA.
2766 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
2767 */
2768 void *qemu_get_ram_ptr(ram_addr_t addr)
2769 {
2770 RAMBlock *block;
2771
2772 QLIST_FOREACH(block, &ram_list.blocks, next) {
2773 if (addr - block->offset < block->length) {
2774 /* Move this entry to to start of the list. */
2775 if (block != QLIST_FIRST(&ram_list.blocks)) {
2776 QLIST_REMOVE(block, next);
2777 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
2778 }
2779 if (xen_enabled()) {
2780 /* We need to check if the requested address is in the RAM
2781 * because we don't want to map the entire memory in QEMU.
2782 * In that case just map until the end of the page.
2783 */
2784 if (block->offset == 0) {
2785 return xen_map_cache(addr, 0, 0);
2786 } else if (block->host == NULL) {
2787 block->host =
2788 xen_map_cache(block->offset, block->length, 1);
2789 }
2790 }
2791 return block->host + (addr - block->offset);
2792 }
2793 }
2794
2795 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2796 abort();
2797
2798 return NULL;
2799 }
2800
2801 /* Return a host pointer to ram allocated with qemu_ram_alloc.
2802 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
2803 */
2804 static void *qemu_safe_ram_ptr(ram_addr_t addr)
2805 {
2806 RAMBlock *block;
2807
2808 QLIST_FOREACH(block, &ram_list.blocks, next) {
2809 if (addr - block->offset < block->length) {
2810 if (xen_enabled()) {
2811 /* We need to check if the requested address is in the RAM
2812 * because we don't want to map the entire memory in QEMU.
2813 * In that case just map until the end of the page.
2814 */
2815 if (block->offset == 0) {
2816 return xen_map_cache(addr, 0, 0);
2817 } else if (block->host == NULL) {
2818 block->host =
2819 xen_map_cache(block->offset, block->length, 1);
2820 }
2821 }
2822 return block->host + (addr - block->offset);
2823 }
2824 }
2825
2826 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2827 abort();
2828
2829 return NULL;
2830 }
2831
2832 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
2833 * but takes a size argument */
2834 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
2835 {
2836 if (*size == 0) {
2837 return NULL;
2838 }
2839 if (xen_enabled()) {
2840 return xen_map_cache(addr, *size, 1);
2841 } else {
2842 RAMBlock *block;
2843
2844 QLIST_FOREACH(block, &ram_list.blocks, next) {
2845 if (addr - block->offset < block->length) {
2846 if (addr - block->offset + *size > block->length)
2847 *size = block->length - addr + block->offset;
2848 return block->host + (addr - block->offset);
2849 }
2850 }
2851
2852 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
2853 abort();
2854 }
2855 }
2856
2857 void qemu_put_ram_ptr(void *addr)
2858 {
2859 trace_qemu_put_ram_ptr(addr);
2860 }
2861
2862 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
2863 {
2864 RAMBlock *block;
2865 uint8_t *host = ptr;
2866
2867 if (xen_enabled()) {
2868 *ram_addr = xen_ram_addr_from_mapcache(ptr);
2869 return 0;
2870 }
2871
2872 QLIST_FOREACH(block, &ram_list.blocks, next) {
2873 /* This case append when the block is not mapped. */
2874 if (block->host == NULL) {
2875 continue;
2876 }
2877 if (host - block->host < block->length) {
2878 *ram_addr = block->offset + (host - block->host);
2879 return 0;
2880 }
2881 }
2882
2883 return -1;
2884 }
2885
2886 /* Some of the softmmu routines need to translate from a host pointer
2887 (typically a TLB entry) back to a ram offset. */
2888 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
2889 {
2890 ram_addr_t ram_addr;
2891
2892 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
2893 fprintf(stderr, "Bad ram pointer %p\n", ptr);
2894 abort();
2895 }
2896 return ram_addr;
2897 }
2898
2899 static uint64_t unassigned_mem_read(void *opaque, hwaddr addr,
2900 unsigned size)
2901 {
2902 #ifdef DEBUG_UNASSIGNED
2903 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
2904 #endif
2905 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2906 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
2907 #endif
2908 return 0;
2909 }
2910
2911 static void unassigned_mem_write(void *opaque, hwaddr addr,
2912 uint64_t val, unsigned size)
2913 {
2914 #ifdef DEBUG_UNASSIGNED
2915 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
2916 #endif
2917 #if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
2918 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
2919 #endif
2920 }
2921
2922 static const MemoryRegionOps unassigned_mem_ops = {
2923 .read = unassigned_mem_read,
2924 .write = unassigned_mem_write,
2925 .endianness = DEVICE_NATIVE_ENDIAN,
2926 };
2927
2928 static uint64_t error_mem_read(void *opaque, hwaddr addr,
2929 unsigned size)
2930 {
2931 abort();
2932 }
2933
2934 static void error_mem_write(void *opaque, hwaddr addr,
2935 uint64_t value, unsigned size)
2936 {
2937 abort();
2938 }
2939
2940 static const MemoryRegionOps error_mem_ops = {
2941 .read = error_mem_read,
2942 .write = error_mem_write,
2943 .endianness = DEVICE_NATIVE_ENDIAN,
2944 };
2945
2946 static const MemoryRegionOps rom_mem_ops = {
2947 .read = error_mem_read,
2948 .write = unassigned_mem_write,
2949 .endianness = DEVICE_NATIVE_ENDIAN,
2950 };
2951
2952 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
2953 uint64_t val, unsigned size)
2954 {
2955 int dirty_flags;
2956 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
2957 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
2958 #if !defined(CONFIG_USER_ONLY)
2959 tb_invalidate_phys_page_fast(ram_addr, size);
2960 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
2961 #endif
2962 }
2963 switch (size) {
2964 case 1:
2965 stb_p(qemu_get_ram_ptr(ram_addr), val);
2966 break;
2967 case 2:
2968 stw_p(qemu_get_ram_ptr(ram_addr), val);
2969 break;
2970 case 4:
2971 stl_p(qemu_get_ram_ptr(ram_addr), val);
2972 break;
2973 default:
2974 abort();
2975 }
2976 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
2977 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
2978 /* we remove the notdirty callback only if the code has been
2979 flushed */
2980 if (dirty_flags == 0xff)
2981 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
2982 }
2983
2984 static const MemoryRegionOps notdirty_mem_ops = {
2985 .read = error_mem_read,
2986 .write = notdirty_mem_write,
2987 .endianness = DEVICE_NATIVE_ENDIAN,
2988 };
2989
2990 /* Generate a debug exception if a watchpoint has been hit. */
2991 static void check_watchpoint(int offset, int len_mask, int flags)
2992 {
2993 CPUArchState *env = cpu_single_env;
2994 target_ulong pc, cs_base;
2995 TranslationBlock *tb;
2996 target_ulong vaddr;
2997 CPUWatchpoint *wp;
2998 int cpu_flags;
2999
3000 if (env->watchpoint_hit) {
3001 /* We re-entered the check after replacing the TB. Now raise
3002 * the debug interrupt so that is will trigger after the
3003 * current instruction. */
3004 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3005 return;
3006 }
3007 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
3008 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
3009 if ((vaddr == (wp->vaddr & len_mask) ||
3010 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
3011 wp->flags |= BP_WATCHPOINT_HIT;
3012 if (!env->watchpoint_hit) {
3013 env->watchpoint_hit = wp;
3014 tb = tb_find_pc(env->mem_io_pc);
3015 if (!tb) {
3016 cpu_abort(env, "check_watchpoint: could not find TB for "
3017 "pc=%p", (void *)env->mem_io_pc);
3018 }
3019 cpu_restore_state(tb, env, env->mem_io_pc);
3020 tb_phys_invalidate(tb, -1);
3021 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3022 env->exception_index = EXCP_DEBUG;
3023 cpu_loop_exit(env);
3024 } else {
3025 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3026 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3027 cpu_resume_from_signal(env, NULL);
3028 }
3029 }
3030 } else {
3031 wp->flags &= ~BP_WATCHPOINT_HIT;
3032 }
3033 }
3034 }
3035
3036 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3037 so these check for a hit then pass through to the normal out-of-line
3038 phys routines. */
3039 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
3040 unsigned size)
3041 {
3042 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3043 switch (size) {
3044 case 1: return ldub_phys(addr);
3045 case 2: return lduw_phys(addr);
3046 case 4: return ldl_phys(addr);
3047 default: abort();
3048 }
3049 }
3050
3051 static void watch_mem_write(void *opaque, hwaddr addr,
3052 uint64_t val, unsigned size)
3053 {
3054 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3055 switch (size) {
3056 case 1:
3057 stb_phys(addr, val);
3058 break;
3059 case 2:
3060 stw_phys(addr, val);
3061 break;
3062 case 4:
3063 stl_phys(addr, val);
3064 break;
3065 default: abort();
3066 }
3067 }
3068
3069 static const MemoryRegionOps watch_mem_ops = {
3070 .read = watch_mem_read,
3071 .write = watch_mem_write,
3072 .endianness = DEVICE_NATIVE_ENDIAN,
3073 };
3074
3075 static uint64_t subpage_read(void *opaque, hwaddr addr,
3076 unsigned len)
3077 {
3078 subpage_t *mmio = opaque;
3079 unsigned int idx = SUBPAGE_IDX(addr);
3080 MemoryRegionSection *section;
3081 #if defined(DEBUG_SUBPAGE)
3082 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3083 mmio, len, addr, idx);
3084 #endif
3085
3086 section = &phys_sections[mmio->sub_section[idx]];
3087 addr += mmio->base;
3088 addr -= section->offset_within_address_space;
3089 addr += section->offset_within_region;
3090 return io_mem_read(section->mr, addr, len);
3091 }
3092
3093 static void subpage_write(void *opaque, hwaddr addr,
3094 uint64_t value, unsigned len)
3095 {
3096 subpage_t *mmio = opaque;
3097 unsigned int idx = SUBPAGE_IDX(addr);
3098 MemoryRegionSection *section;
3099 #if defined(DEBUG_SUBPAGE)
3100 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3101 " idx %d value %"PRIx64"\n",
3102 __func__, mmio, len, addr, idx, value);
3103 #endif
3104
3105 section = &phys_sections[mmio->sub_section[idx]];
3106 addr += mmio->base;
3107 addr -= section->offset_within_address_space;
3108 addr += section->offset_within_region;
3109 io_mem_write(section->mr, addr, value, len);
3110 }
3111
3112 static const MemoryRegionOps subpage_ops = {
3113 .read = subpage_read,
3114 .write = subpage_write,
3115 .endianness = DEVICE_NATIVE_ENDIAN,
3116 };
3117
3118 static uint64_t subpage_ram_read(void *opaque, hwaddr addr,
3119 unsigned size)
3120 {
3121 ram_addr_t raddr = addr;
3122 void *ptr = qemu_get_ram_ptr(raddr);
3123 switch (size) {
3124 case 1: return ldub_p(ptr);
3125 case 2: return lduw_p(ptr);
3126 case 4: return ldl_p(ptr);
3127 default: abort();
3128 }
3129 }
3130
3131 static void subpage_ram_write(void *opaque, hwaddr addr,
3132 uint64_t value, unsigned size)
3133 {
3134 ram_addr_t raddr = addr;
3135 void *ptr = qemu_get_ram_ptr(raddr);
3136 switch (size) {
3137 case 1: return stb_p(ptr, value);
3138 case 2: return stw_p(ptr, value);
3139 case 4: return stl_p(ptr, value);
3140 default: abort();
3141 }
3142 }
3143
3144 static const MemoryRegionOps subpage_ram_ops = {
3145 .read = subpage_ram_read,
3146 .write = subpage_ram_write,
3147 .endianness = DEVICE_NATIVE_ENDIAN,
3148 };
3149
3150 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
3151 uint16_t section)
3152 {
3153 int idx, eidx;
3154
3155 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3156 return -1;
3157 idx = SUBPAGE_IDX(start);
3158 eidx = SUBPAGE_IDX(end);
3159 #if defined(DEBUG_SUBPAGE)
3160 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
3161 mmio, start, end, idx, eidx, memory);
3162 #endif
3163 if (memory_region_is_ram(phys_sections[section].mr)) {
3164 MemoryRegionSection new_section = phys_sections[section];
3165 new_section.mr = &io_mem_subpage_ram;
3166 section = phys_section_add(&new_section);
3167 }
3168 for (; idx <= eidx; idx++) {
3169 mmio->sub_section[idx] = section;
3170 }
3171
3172 return 0;
3173 }
3174
3175 static subpage_t *subpage_init(hwaddr base)
3176 {
3177 subpage_t *mmio;
3178
3179 mmio = g_malloc0(sizeof(subpage_t));
3180
3181 mmio->base = base;
3182 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3183 "subpage", TARGET_PAGE_SIZE);
3184 mmio->iomem.subpage = true;
3185 #if defined(DEBUG_SUBPAGE)
3186 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3187 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
3188 #endif
3189 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
3190
3191 return mmio;
3192 }
3193
3194 static uint16_t dummy_section(MemoryRegion *mr)
3195 {
3196 MemoryRegionSection section = {
3197 .mr = mr,
3198 .offset_within_address_space = 0,
3199 .offset_within_region = 0,
3200 .size = UINT64_MAX,
3201 };
3202
3203 return phys_section_add(&section);
3204 }
3205
3206 MemoryRegion *iotlb_to_region(hwaddr index)
3207 {
3208 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
3209 }
3210
3211 static void io_mem_init(void)
3212 {
3213 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3214 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3215 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3216 "unassigned", UINT64_MAX);
3217 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3218 "notdirty", UINT64_MAX);
3219 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3220 "subpage-ram", UINT64_MAX);
3221 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3222 "watch", UINT64_MAX);
3223 }
3224
3225 static void mem_begin(MemoryListener *listener)
3226 {
3227 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
3228
3229 destroy_all_mappings(d);
3230 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
3231 }
3232
3233 static void core_begin(MemoryListener *listener)
3234 {
3235 phys_sections_clear();
3236 phys_section_unassigned = dummy_section(&io_mem_unassigned);
3237 phys_section_notdirty = dummy_section(&io_mem_notdirty);
3238 phys_section_rom = dummy_section(&io_mem_rom);
3239 phys_section_watch = dummy_section(&io_mem_watch);
3240 }
3241
3242 static void tcg_commit(MemoryListener *listener)
3243 {
3244 CPUArchState *env;
3245
3246 /* since each CPU stores ram addresses in its TLB cache, we must
3247 reset the modified entries */
3248 /* XXX: slow ! */
3249 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3250 tlb_flush(env, 1);
3251 }
3252 }
3253
3254 static void core_log_global_start(MemoryListener *listener)
3255 {
3256 cpu_physical_memory_set_dirty_tracking(1);
3257 }
3258
3259 static void core_log_global_stop(MemoryListener *listener)
3260 {
3261 cpu_physical_memory_set_dirty_tracking(0);
3262 }
3263
3264 static void io_region_add(MemoryListener *listener,
3265 MemoryRegionSection *section)
3266 {
3267 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
3268
3269 mrio->mr = section->mr;
3270 mrio->offset = section->offset_within_region;
3271 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
3272 section->offset_within_address_space, section->size);
3273 ioport_register(&mrio->iorange);
3274 }
3275
3276 static void io_region_del(MemoryListener *listener,
3277 MemoryRegionSection *section)
3278 {
3279 isa_unassign_ioport(section->offset_within_address_space, section->size);
3280 }
3281
3282 static MemoryListener core_memory_listener = {
3283 .begin = core_begin,
3284 .log_global_start = core_log_global_start,
3285 .log_global_stop = core_log_global_stop,
3286 .priority = 1,
3287 };
3288
3289 static MemoryListener io_memory_listener = {
3290 .region_add = io_region_add,
3291 .region_del = io_region_del,
3292 .priority = 0,
3293 };
3294
3295 static MemoryListener tcg_memory_listener = {
3296 .commit = tcg_commit,
3297 };
3298
3299 void address_space_init_dispatch(AddressSpace *as)
3300 {
3301 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
3302
3303 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
3304 d->listener = (MemoryListener) {
3305 .begin = mem_begin,
3306 .region_add = mem_add,
3307 .region_nop = mem_add,
3308 .priority = 0,
3309 };
3310 as->dispatch = d;
3311 memory_listener_register(&d->listener, as);
3312 }
3313
3314 void address_space_destroy_dispatch(AddressSpace *as)
3315 {
3316 AddressSpaceDispatch *d = as->dispatch;
3317
3318 memory_listener_unregister(&d->listener);
3319 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
3320 g_free(d);
3321 as->dispatch = NULL;
3322 }
3323
3324 static void memory_map_init(void)
3325 {
3326 system_memory = g_malloc(sizeof(*system_memory));
3327 memory_region_init(system_memory, "system", INT64_MAX);
3328 address_space_init(&address_space_memory, system_memory);
3329 address_space_memory.name = "memory";
3330
3331 system_io = g_malloc(sizeof(*system_io));
3332 memory_region_init(system_io, "io", 65536);
3333 address_space_init(&address_space_io, system_io);
3334 address_space_io.name = "I/O";
3335
3336 memory_listener_register(&core_memory_listener, &address_space_memory);
3337 memory_listener_register(&io_memory_listener, &address_space_io);
3338 memory_listener_register(&tcg_memory_listener, &address_space_memory);
3339
3340 dma_context_init(&dma_context_memory, &address_space_memory,
3341 NULL, NULL, NULL);
3342 }
3343
3344 MemoryRegion *get_system_memory(void)
3345 {
3346 return system_memory;
3347 }
3348
3349 MemoryRegion *get_system_io(void)
3350 {
3351 return system_io;
3352 }
3353
3354 #endif /* !defined(CONFIG_USER_ONLY) */
3355
3356 /* physical memory access (slow version, mainly for debug) */
3357 #if defined(CONFIG_USER_ONLY)
3358 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
3359 uint8_t *buf, int len, int is_write)
3360 {
3361 int l, flags;
3362 target_ulong page;
3363 void * p;
3364
3365 while (len > 0) {
3366 page = addr & TARGET_PAGE_MASK;
3367 l = (page + TARGET_PAGE_SIZE) - addr;
3368 if (l > len)
3369 l = len;
3370 flags = page_get_flags(page);
3371 if (!(flags & PAGE_VALID))
3372 return -1;
3373 if (is_write) {
3374 if (!(flags & PAGE_WRITE))
3375 return -1;
3376 /* XXX: this code should not depend on lock_user */
3377 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
3378 return -1;
3379 memcpy(p, buf, l);
3380 unlock_user(p, addr, l);
3381 } else {
3382 if (!(flags & PAGE_READ))
3383 return -1;
3384 /* XXX: this code should not depend on lock_user */
3385 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
3386 return -1;
3387 memcpy(buf, p, l);
3388 unlock_user(p, addr, 0);
3389 }
3390 len -= l;
3391 buf += l;
3392 addr += l;
3393 }
3394 return 0;
3395 }
3396
3397 #else
3398
3399 static void invalidate_and_set_dirty(hwaddr addr,
3400 hwaddr length)
3401 {
3402 if (!cpu_physical_memory_is_dirty(addr)) {
3403 /* invalidate code */
3404 tb_invalidate_phys_page_range(addr, addr + length, 0);
3405 /* set dirty bit */
3406 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
3407 }
3408 xen_modified_memory(addr, length);
3409 }
3410
3411 void address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
3412 int len, bool is_write)
3413 {
3414 AddressSpaceDispatch *d = as->dispatch;
3415 int l;
3416 uint8_t *ptr;
3417 uint32_t val;
3418 hwaddr page;
3419 MemoryRegionSection *section;
3420
3421 while (len > 0) {
3422 page = addr & TARGET_PAGE_MASK;
3423 l = (page + TARGET_PAGE_SIZE) - addr;
3424 if (l > len)
3425 l = len;
3426 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3427
3428 if (is_write) {
3429 if (!memory_region_is_ram(section->mr)) {
3430 hwaddr addr1;
3431 addr1 = memory_region_section_addr(section, addr);
3432 /* XXX: could force cpu_single_env to NULL to avoid
3433 potential bugs */
3434 if (l >= 4 && ((addr1 & 3) == 0)) {
3435 /* 32 bit write access */
3436 val = ldl_p(buf);
3437 io_mem_write(section->mr, addr1, val, 4);
3438 l = 4;
3439 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3440 /* 16 bit write access */
3441 val = lduw_p(buf);
3442 io_mem_write(section->mr, addr1, val, 2);
3443 l = 2;
3444 } else {
3445 /* 8 bit write access */
3446 val = ldub_p(buf);
3447 io_mem_write(section->mr, addr1, val, 1);
3448 l = 1;
3449 }
3450 } else if (!section->readonly) {
3451 ram_addr_t addr1;
3452 addr1 = memory_region_get_ram_addr(section->mr)
3453 + memory_region_section_addr(section, addr);
3454 /* RAM case */
3455 ptr = qemu_get_ram_ptr(addr1);
3456 memcpy(ptr, buf, l);
3457 invalidate_and_set_dirty(addr1, l);
3458 qemu_put_ram_ptr(ptr);
3459 }
3460 } else {
3461 if (!(memory_region_is_ram(section->mr) ||
3462 memory_region_is_romd(section->mr))) {
3463 hwaddr addr1;
3464 /* I/O case */
3465 addr1 = memory_region_section_addr(section, addr);
3466 if (l >= 4 && ((addr1 & 3) == 0)) {
3467 /* 32 bit read access */
3468 val = io_mem_read(section->mr, addr1, 4);
3469 stl_p(buf, val);
3470 l = 4;
3471 } else if (l >= 2 && ((addr1 & 1) == 0)) {
3472 /* 16 bit read access */
3473 val = io_mem_read(section->mr, addr1, 2);
3474 stw_p(buf, val);
3475 l = 2;
3476 } else {
3477 /* 8 bit read access */
3478 val = io_mem_read(section->mr, addr1, 1);
3479 stb_p(buf, val);
3480 l = 1;
3481 }
3482 } else {
3483 /* RAM case */
3484 ptr = qemu_get_ram_ptr(section->mr->ram_addr
3485 + memory_region_section_addr(section,
3486 addr));
3487 memcpy(buf, ptr, l);
3488 qemu_put_ram_ptr(ptr);
3489 }
3490 }
3491 len -= l;
3492 buf += l;
3493 addr += l;
3494 }
3495 }
3496
3497 void address_space_write(AddressSpace *as, hwaddr addr,
3498 const uint8_t *buf, int len)
3499 {
3500 address_space_rw(as, addr, (uint8_t *)buf, len, true);
3501 }
3502
3503 /**
3504 * address_space_read: read from an address space.
3505 *
3506 * @as: #AddressSpace to be accessed
3507 * @addr: address within that address space
3508 * @buf: buffer with the data transferred
3509 */
3510 void address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
3511 {
3512 address_space_rw(as, addr, buf, len, false);
3513 }
3514
3515
3516 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
3517 int len, int is_write)
3518 {
3519 return address_space_rw(&address_space_memory, addr, buf, len, is_write);
3520 }
3521
3522 /* used for ROM loading : can write in RAM and ROM */
3523 void cpu_physical_memory_write_rom(hwaddr addr,
3524 const uint8_t *buf, int len)
3525 {
3526 AddressSpaceDispatch *d = address_space_memory.dispatch;
3527 int l;
3528 uint8_t *ptr;
3529 hwaddr page;
3530 MemoryRegionSection *section;
3531
3532 while (len > 0) {
3533 page = addr & TARGET_PAGE_MASK;
3534 l = (page + TARGET_PAGE_SIZE) - addr;
3535 if (l > len)
3536 l = len;
3537 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3538
3539 if (!(memory_region_is_ram(section->mr) ||
3540 memory_region_is_romd(section->mr))) {
3541 /* do nothing */
3542 } else {
3543 unsigned long addr1;
3544 addr1 = memory_region_get_ram_addr(section->mr)
3545 + memory_region_section_addr(section, addr);
3546 /* ROM/RAM case */
3547 ptr = qemu_get_ram_ptr(addr1);
3548 memcpy(ptr, buf, l);
3549 invalidate_and_set_dirty(addr1, l);
3550 qemu_put_ram_ptr(ptr);
3551 }
3552 len -= l;
3553 buf += l;
3554 addr += l;
3555 }
3556 }
3557
3558 typedef struct {
3559 void *buffer;
3560 hwaddr addr;
3561 hwaddr len;
3562 } BounceBuffer;
3563
3564 static BounceBuffer bounce;
3565
3566 typedef struct MapClient {
3567 void *opaque;
3568 void (*callback)(void *opaque);
3569 QLIST_ENTRY(MapClient) link;
3570 } MapClient;
3571
3572 static QLIST_HEAD(map_client_list, MapClient) map_client_list
3573 = QLIST_HEAD_INITIALIZER(map_client_list);
3574
3575 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3576 {
3577 MapClient *client = g_malloc(sizeof(*client));
3578
3579 client->opaque = opaque;
3580 client->callback = callback;
3581 QLIST_INSERT_HEAD(&map_client_list, client, link);
3582 return client;
3583 }
3584
3585 static void cpu_unregister_map_client(void *_client)
3586 {
3587 MapClient *client = (MapClient *)_client;
3588
3589 QLIST_REMOVE(client, link);
3590 g_free(client);
3591 }
3592
3593 static void cpu_notify_map_clients(void)
3594 {
3595 MapClient *client;
3596
3597 while (!QLIST_EMPTY(&map_client_list)) {
3598 client = QLIST_FIRST(&map_client_list);
3599 client->callback(client->opaque);
3600 cpu_unregister_map_client(client);
3601 }
3602 }
3603
3604 /* Map a physical memory region into a host virtual address.
3605 * May map a subset of the requested range, given by and returned in *plen.
3606 * May return NULL if resources needed to perform the mapping are exhausted.
3607 * Use only for reads OR writes - not for read-modify-write operations.
3608 * Use cpu_register_map_client() to know when retrying the map operation is
3609 * likely to succeed.
3610 */
3611 void *address_space_map(AddressSpace *as,
3612 hwaddr addr,
3613 hwaddr *plen,
3614 bool is_write)
3615 {
3616 AddressSpaceDispatch *d = as->dispatch;
3617 hwaddr len = *plen;
3618 hwaddr todo = 0;
3619 int l;
3620 hwaddr page;
3621 MemoryRegionSection *section;
3622 ram_addr_t raddr = RAM_ADDR_MAX;
3623 ram_addr_t rlen;
3624 void *ret;
3625
3626 while (len > 0) {
3627 page = addr & TARGET_PAGE_MASK;
3628 l = (page + TARGET_PAGE_SIZE) - addr;
3629 if (l > len)
3630 l = len;
3631 section = phys_page_find(d, page >> TARGET_PAGE_BITS);
3632
3633 if (!(memory_region_is_ram(section->mr) && !section->readonly)) {
3634 if (todo || bounce.buffer) {
3635 break;
3636 }
3637 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
3638 bounce.addr = addr;
3639 bounce.len = l;
3640 if (!is_write) {
3641 address_space_read(as, addr, bounce.buffer, l);
3642 }
3643
3644 *plen = l;
3645 return bounce.buffer;
3646 }
3647 if (!todo) {
3648 raddr = memory_region_get_ram_addr(section->mr)
3649 + memory_region_section_addr(section, addr);
3650 }
3651
3652 len -= l;
3653 addr += l;
3654 todo += l;
3655 }
3656 rlen = todo;
3657 ret = qemu_ram_ptr_length(raddr, &rlen);
3658 *plen = rlen;
3659 return ret;
3660 }
3661
3662 /* Unmaps a memory region previously mapped by address_space_map().
3663 * Will also mark the memory as dirty if is_write == 1. access_len gives
3664 * the amount of memory that was actually read or written by the caller.
3665 */
3666 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
3667 int is_write, hwaddr access_len)
3668 {
3669 if (buffer != bounce.buffer) {
3670 if (is_write) {
3671 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
3672 while (access_len) {
3673 unsigned l;
3674 l = TARGET_PAGE_SIZE;
3675 if (l > access_len)
3676 l = access_len;
3677 invalidate_and_set_dirty(addr1, l);
3678 addr1 += l;
3679 access_len -= l;
3680 }
3681 }
3682 if (xen_enabled()) {
3683 xen_invalidate_map_cache_entry(buffer);
3684 }
3685 return;
3686 }
3687 if (is_write) {
3688 address_space_write(as, bounce.addr, bounce.buffer, access_len);
3689 }
3690 qemu_vfree(bounce.buffer);
3691 bounce.buffer = NULL;
3692 cpu_notify_map_clients();
3693 }
3694
3695 void *cpu_physical_memory_map(hwaddr addr,
3696 hwaddr *plen,
3697 int is_write)
3698 {
3699 return address_space_map(&address_space_memory, addr, plen, is_write);
3700 }
3701
3702 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
3703 int is_write, hwaddr access_len)
3704 {
3705 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
3706 }
3707
3708 /* warning: addr must be aligned */
3709 static inline uint32_t ldl_phys_internal(hwaddr addr,
3710 enum device_endian endian)
3711 {
3712 uint8_t *ptr;
3713 uint32_t val;
3714 MemoryRegionSection *section;
3715
3716 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3717
3718 if (!(memory_region_is_ram(section->mr) ||
3719 memory_region_is_romd(section->mr))) {
3720 /* I/O case */
3721 addr = memory_region_section_addr(section, addr);
3722 val = io_mem_read(section->mr, addr, 4);
3723 #if defined(TARGET_WORDS_BIGENDIAN)
3724 if (endian == DEVICE_LITTLE_ENDIAN) {
3725 val = bswap32(val);
3726 }
3727 #else
3728 if (endian == DEVICE_BIG_ENDIAN) {
3729 val = bswap32(val);
3730 }
3731 #endif
3732 } else {
3733 /* RAM case */
3734 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3735 & TARGET_PAGE_MASK)
3736 + memory_region_section_addr(section, addr));
3737 switch (endian) {
3738 case DEVICE_LITTLE_ENDIAN:
3739 val = ldl_le_p(ptr);
3740 break;
3741 case DEVICE_BIG_ENDIAN:
3742 val = ldl_be_p(ptr);
3743 break;
3744 default:
3745 val = ldl_p(ptr);
3746 break;
3747 }
3748 }
3749 return val;
3750 }
3751
3752 uint32_t ldl_phys(hwaddr addr)
3753 {
3754 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3755 }
3756
3757 uint32_t ldl_le_phys(hwaddr addr)
3758 {
3759 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3760 }
3761
3762 uint32_t ldl_be_phys(hwaddr addr)
3763 {
3764 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
3765 }
3766
3767 /* warning: addr must be aligned */
3768 static inline uint64_t ldq_phys_internal(hwaddr addr,
3769 enum device_endian endian)
3770 {
3771 uint8_t *ptr;
3772 uint64_t val;
3773 MemoryRegionSection *section;
3774
3775 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3776
3777 if (!(memory_region_is_ram(section->mr) ||
3778 memory_region_is_romd(section->mr))) {
3779 /* I/O case */
3780 addr = memory_region_section_addr(section, addr);
3781
3782 /* XXX This is broken when device endian != cpu endian.
3783 Fix and add "endian" variable check */
3784 #ifdef TARGET_WORDS_BIGENDIAN
3785 val = io_mem_read(section->mr, addr, 4) << 32;
3786 val |= io_mem_read(section->mr, addr + 4, 4);
3787 #else
3788 val = io_mem_read(section->mr, addr, 4);
3789 val |= io_mem_read(section->mr, addr + 4, 4) << 32;
3790 #endif
3791 } else {
3792 /* RAM case */
3793 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3794 & TARGET_PAGE_MASK)
3795 + memory_region_section_addr(section, addr));
3796 switch (endian) {
3797 case DEVICE_LITTLE_ENDIAN:
3798 val = ldq_le_p(ptr);
3799 break;
3800 case DEVICE_BIG_ENDIAN:
3801 val = ldq_be_p(ptr);
3802 break;
3803 default:
3804 val = ldq_p(ptr);
3805 break;
3806 }
3807 }
3808 return val;
3809 }
3810
3811 uint64_t ldq_phys(hwaddr addr)
3812 {
3813 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3814 }
3815
3816 uint64_t ldq_le_phys(hwaddr addr)
3817 {
3818 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3819 }
3820
3821 uint64_t ldq_be_phys(hwaddr addr)
3822 {
3823 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
3824 }
3825
3826 /* XXX: optimize */
3827 uint32_t ldub_phys(hwaddr addr)
3828 {
3829 uint8_t val;
3830 cpu_physical_memory_read(addr, &val, 1);
3831 return val;
3832 }
3833
3834 /* warning: addr must be aligned */
3835 static inline uint32_t lduw_phys_internal(hwaddr addr,
3836 enum device_endian endian)
3837 {
3838 uint8_t *ptr;
3839 uint64_t val;
3840 MemoryRegionSection *section;
3841
3842 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3843
3844 if (!(memory_region_is_ram(section->mr) ||
3845 memory_region_is_romd(section->mr))) {
3846 /* I/O case */
3847 addr = memory_region_section_addr(section, addr);
3848 val = io_mem_read(section->mr, addr, 2);
3849 #if defined(TARGET_WORDS_BIGENDIAN)
3850 if (endian == DEVICE_LITTLE_ENDIAN) {
3851 val = bswap16(val);
3852 }
3853 #else
3854 if (endian == DEVICE_BIG_ENDIAN) {
3855 val = bswap16(val);
3856 }
3857 #endif
3858 } else {
3859 /* RAM case */
3860 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3861 & TARGET_PAGE_MASK)
3862 + memory_region_section_addr(section, addr));
3863 switch (endian) {
3864 case DEVICE_LITTLE_ENDIAN:
3865 val = lduw_le_p(ptr);
3866 break;
3867 case DEVICE_BIG_ENDIAN:
3868 val = lduw_be_p(ptr);
3869 break;
3870 default:
3871 val = lduw_p(ptr);
3872 break;
3873 }
3874 }
3875 return val;
3876 }
3877
3878 uint32_t lduw_phys(hwaddr addr)
3879 {
3880 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
3881 }
3882
3883 uint32_t lduw_le_phys(hwaddr addr)
3884 {
3885 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
3886 }
3887
3888 uint32_t lduw_be_phys(hwaddr addr)
3889 {
3890 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
3891 }
3892
3893 /* warning: addr must be aligned. The ram page is not masked as dirty
3894 and the code inside is not invalidated. It is useful if the dirty
3895 bits are used to track modified PTEs */
3896 void stl_phys_notdirty(hwaddr addr, uint32_t val)
3897 {
3898 uint8_t *ptr;
3899 MemoryRegionSection *section;
3900
3901 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3902
3903 if (!memory_region_is_ram(section->mr) || section->readonly) {
3904 addr = memory_region_section_addr(section, addr);
3905 if (memory_region_is_ram(section->mr)) {
3906 section = &phys_sections[phys_section_rom];
3907 }
3908 io_mem_write(section->mr, addr, val, 4);
3909 } else {
3910 unsigned long addr1 = (memory_region_get_ram_addr(section->mr)
3911 & TARGET_PAGE_MASK)
3912 + memory_region_section_addr(section, addr);
3913 ptr = qemu_get_ram_ptr(addr1);
3914 stl_p(ptr, val);
3915
3916 if (unlikely(in_migration)) {
3917 if (!cpu_physical_memory_is_dirty(addr1)) {
3918 /* invalidate code */
3919 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
3920 /* set dirty bit */
3921 cpu_physical_memory_set_dirty_flags(
3922 addr1, (0xff & ~CODE_DIRTY_FLAG));
3923 }
3924 }
3925 }
3926 }
3927
3928 void stq_phys_notdirty(hwaddr addr, uint64_t val)
3929 {
3930 uint8_t *ptr;
3931 MemoryRegionSection *section;
3932
3933 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3934
3935 if (!memory_region_is_ram(section->mr) || section->readonly) {
3936 addr = memory_region_section_addr(section, addr);
3937 if (memory_region_is_ram(section->mr)) {
3938 section = &phys_sections[phys_section_rom];
3939 }
3940 #ifdef TARGET_WORDS_BIGENDIAN
3941 io_mem_write(section->mr, addr, val >> 32, 4);
3942 io_mem_write(section->mr, addr + 4, (uint32_t)val, 4);
3943 #else
3944 io_mem_write(section->mr, addr, (uint32_t)val, 4);
3945 io_mem_write(section->mr, addr + 4, val >> 32, 4);
3946 #endif
3947 } else {
3948 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section->mr)
3949 & TARGET_PAGE_MASK)
3950 + memory_region_section_addr(section, addr));
3951 stq_p(ptr, val);
3952 }
3953 }
3954
3955 /* warning: addr must be aligned */
3956 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
3957 enum device_endian endian)
3958 {
3959 uint8_t *ptr;
3960 MemoryRegionSection *section;
3961
3962 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
3963
3964 if (!memory_region_is_ram(section->mr) || section->readonly) {
3965 addr = memory_region_section_addr(section, addr);
3966 if (memory_region_is_ram(section->mr)) {
3967 section = &phys_sections[phys_section_rom];
3968 }
3969 #if defined(TARGET_WORDS_BIGENDIAN)
3970 if (endian == DEVICE_LITTLE_ENDIAN) {
3971 val = bswap32(val);
3972 }
3973 #else
3974 if (endian == DEVICE_BIG_ENDIAN) {
3975 val = bswap32(val);
3976 }
3977 #endif
3978 io_mem_write(section->mr, addr, val, 4);
3979 } else {
3980 unsigned long addr1;
3981 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
3982 + memory_region_section_addr(section, addr);
3983 /* RAM case */
3984 ptr = qemu_get_ram_ptr(addr1);
3985 switch (endian) {
3986 case DEVICE_LITTLE_ENDIAN:
3987 stl_le_p(ptr, val);
3988 break;
3989 case DEVICE_BIG_ENDIAN:
3990 stl_be_p(ptr, val);
3991 break;
3992 default:
3993 stl_p(ptr, val);
3994 break;
3995 }
3996 invalidate_and_set_dirty(addr1, 4);
3997 }
3998 }
3999
4000 void stl_phys(hwaddr addr, uint32_t val)
4001 {
4002 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4003 }
4004
4005 void stl_le_phys(hwaddr addr, uint32_t val)
4006 {
4007 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4008 }
4009
4010 void stl_be_phys(hwaddr addr, uint32_t val)
4011 {
4012 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4013 }
4014
4015 /* XXX: optimize */
4016 void stb_phys(hwaddr addr, uint32_t val)
4017 {
4018 uint8_t v = val;
4019 cpu_physical_memory_write(addr, &v, 1);
4020 }
4021
4022 /* warning: addr must be aligned */
4023 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
4024 enum device_endian endian)
4025 {
4026 uint8_t *ptr;
4027 MemoryRegionSection *section;
4028
4029 section = phys_page_find(address_space_memory.dispatch, addr >> TARGET_PAGE_BITS);
4030
4031 if (!memory_region_is_ram(section->mr) || section->readonly) {
4032 addr = memory_region_section_addr(section, addr);
4033 if (memory_region_is_ram(section->mr)) {
4034 section = &phys_sections[phys_section_rom];
4035 }
4036 #if defined(TARGET_WORDS_BIGENDIAN)
4037 if (endian == DEVICE_LITTLE_ENDIAN) {
4038 val = bswap16(val);
4039 }
4040 #else
4041 if (endian == DEVICE_BIG_ENDIAN) {
4042 val = bswap16(val);
4043 }
4044 #endif
4045 io_mem_write(section->mr, addr, val, 2);
4046 } else {
4047 unsigned long addr1;
4048 addr1 = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
4049 + memory_region_section_addr(section, addr);
4050 /* RAM case */
4051 ptr = qemu_get_ram_ptr(addr1);
4052 switch (endian) {
4053 case DEVICE_LITTLE_ENDIAN:
4054 stw_le_p(ptr, val);
4055 break;
4056 case DEVICE_BIG_ENDIAN:
4057 stw_be_p(ptr, val);
4058 break;
4059 default:
4060 stw_p(ptr, val);
4061 break;
4062 }
4063 invalidate_and_set_dirty(addr1, 2);
4064 }
4065 }
4066
4067 void stw_phys(hwaddr addr, uint32_t val)
4068 {
4069 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4070 }
4071
4072 void stw_le_phys(hwaddr addr, uint32_t val)
4073 {
4074 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4075 }
4076
4077 void stw_be_phys(hwaddr addr, uint32_t val)
4078 {
4079 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4080 }
4081
4082 /* XXX: optimize */
4083 void stq_phys(hwaddr addr, uint64_t val)
4084 {
4085 val = tswap64(val);
4086 cpu_physical_memory_write(addr, &val, 8);
4087 }
4088
4089 void stq_le_phys(hwaddr addr, uint64_t val)
4090 {
4091 val = cpu_to_le64(val);
4092 cpu_physical_memory_write(addr, &val, 8);
4093 }
4094
4095 void stq_be_phys(hwaddr addr, uint64_t val)
4096 {
4097 val = cpu_to_be64(val);
4098 cpu_physical_memory_write(addr, &val, 8);
4099 }
4100
4101 /* virtual memory access for debug (includes writing to ROM) */
4102 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
4103 uint8_t *buf, int len, int is_write)
4104 {
4105 int l;
4106 hwaddr phys_addr;
4107 target_ulong page;
4108
4109 while (len > 0) {
4110 page = addr & TARGET_PAGE_MASK;
4111 phys_addr = cpu_get_phys_page_debug(env, page);
4112 /* if no physical page mapped, return an error */
4113 if (phys_addr == -1)
4114 return -1;
4115 l = (page + TARGET_PAGE_SIZE) - addr;
4116 if (l > len)
4117 l = len;
4118 phys_addr += (addr & ~TARGET_PAGE_MASK);
4119 if (is_write)
4120 cpu_physical_memory_write_rom(phys_addr, buf, l);
4121 else
4122 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
4123 len -= l;
4124 buf += l;
4125 addr += l;
4126 }
4127 return 0;
4128 }
4129 #endif
4130
4131 /* in deterministic execution mode, instructions doing device I/Os
4132 must be at the end of the TB */
4133 void cpu_io_recompile(CPUArchState *env, uintptr_t retaddr)
4134 {
4135 TranslationBlock *tb;
4136 uint32_t n, cflags;
4137 target_ulong pc, cs_base;
4138 uint64_t flags;
4139
4140 tb = tb_find_pc(retaddr);
4141 if (!tb) {
4142 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4143 (void *)retaddr);
4144 }
4145 n = env->icount_decr.u16.low + tb->icount;
4146 cpu_restore_state(tb, env, retaddr);
4147 /* Calculate how many instructions had been executed before the fault
4148 occurred. */
4149 n = n - env->icount_decr.u16.low;
4150 /* Generate a new TB ending on the I/O insn. */
4151 n++;
4152 /* On MIPS and SH, delay slot instructions can only be restarted if
4153 they were already the first instruction in the TB. If this is not
4154 the first instruction in a TB then re-execute the preceding
4155 branch. */
4156 #if defined(TARGET_MIPS)
4157 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4158 env->active_tc.PC -= 4;
4159 env->icount_decr.u16.low++;
4160 env->hflags &= ~MIPS_HFLAG_BMASK;
4161 }
4162 #elif defined(TARGET_SH4)
4163 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4164 && n > 1) {
4165 env->pc -= 2;
4166 env->icount_decr.u16.low++;
4167 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4168 }
4169 #endif
4170 /* This should never happen. */
4171 if (n > CF_COUNT_MASK) {
4172 cpu_abort(env, "TB too big during recompile");
4173 }
4174
4175 cflags = n | CF_LAST_IO;
4176 pc = tb->pc;
4177 cs_base = tb->cs_base;
4178 flags = tb->flags;
4179 tb_phys_invalidate(tb, -1);
4180 /* FIXME: In theory this could raise an exception. In practice
4181 we have already translated the block once so it's probably ok. */
4182 tb_gen_code(env, pc, cs_base, flags, cflags);
4183 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
4184 the first in the TB) then we end up generating a whole new TB and
4185 repeating the fault, which is horribly inefficient.
4186 Better would be to execute just this insn uncached, or generate a
4187 second new TB. */
4188 cpu_resume_from_signal(env, NULL);
4189 }
4190
4191 #if !defined(CONFIG_USER_ONLY)
4192
4193 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
4194 {
4195 int i, target_code_size, max_target_code_size;
4196 int direct_jmp_count, direct_jmp2_count, cross_page;
4197 TranslationBlock *tb;
4198
4199 target_code_size = 0;
4200 max_target_code_size = 0;
4201 cross_page = 0;
4202 direct_jmp_count = 0;
4203 direct_jmp2_count = 0;
4204 for (i = 0; i < nb_tbs; i++) {
4205 tb = &tbs[i];
4206 target_code_size += tb->size;
4207 if (tb->size > max_target_code_size) {
4208 max_target_code_size = tb->size;
4209 }
4210 if (tb->page_addr[1] != -1) {
4211 cross_page++;
4212 }
4213 if (tb->tb_next_offset[0] != 0xffff) {
4214 direct_jmp_count++;
4215 if (tb->tb_next_offset[1] != 0xffff) {
4216 direct_jmp2_count++;
4217 }
4218 }
4219 }
4220 /* XXX: avoid using doubles ? */
4221 cpu_fprintf(f, "Translation buffer state:\n");
4222 cpu_fprintf(f, "gen code size %td/%zd\n",
4223 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4224 cpu_fprintf(f, "TB count %d/%d\n",
4225 nb_tbs, code_gen_max_blocks);
4226 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
4227 nb_tbs ? target_code_size / nb_tbs : 0,
4228 max_target_code_size);
4229 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
4230 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4231 target_code_size ? (double) (code_gen_ptr - code_gen_buffer)
4232 / target_code_size : 0);
4233 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4234 cross_page,
4235 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4236 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
4237 direct_jmp_count,
4238 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4239 direct_jmp2_count,
4240 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
4241 cpu_fprintf(f, "\nStatistics:\n");
4242 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4243 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4244 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
4245 tcg_dump_info(f, cpu_fprintf);
4246 }
4247
4248 /*
4249 * A helper function for the _utterly broken_ virtio device model to find out if
4250 * it's running on a big endian machine. Don't do this at home kids!
4251 */
4252 bool virtio_is_big_endian(void);
4253 bool virtio_is_big_endian(void)
4254 {
4255 #if defined(TARGET_WORDS_BIGENDIAN)
4256 return true;
4257 #else
4258 return false;
4259 #endif
4260 }
4261
4262 #endif
4263
4264 #ifndef CONFIG_USER_ONLY
4265 bool cpu_physical_memory_is_io(hwaddr phys_addr)
4266 {
4267 MemoryRegionSection *section;
4268
4269 section = phys_page_find(address_space_memory.dispatch,
4270 phys_addr >> TARGET_PAGE_BITS);
4271
4272 return !(memory_region_is_ram(section->mr) ||
4273 memory_region_is_romd(section->mr));
4274 }
4275 #endif
QEMU mirror