]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
qom/cpu: Add MemoryRegion property
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 #endif
92
93 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
94 /* current CPU in the current thread. It is only valid inside
95 cpu_exec() */
96 __thread CPUState *current_cpu;
97 /* 0 = Do not count executed instructions.
98 1 = Precise instruction counting.
99 2 = Adaptive rate instruction counting. */
100 int use_icount;
101
102 #if !defined(CONFIG_USER_ONLY)
103
104 typedef struct PhysPageEntry PhysPageEntry;
105
106 struct PhysPageEntry {
107 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
108 uint32_t skip : 6;
109 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
110 uint32_t ptr : 26;
111 };
112
113 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
114
115 /* Size of the L2 (and L3, etc) page tables. */
116 #define ADDR_SPACE_BITS 64
117
118 #define P_L2_BITS 9
119 #define P_L2_SIZE (1 << P_L2_BITS)
120
121 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
122
123 typedef PhysPageEntry Node[P_L2_SIZE];
124
125 typedef struct PhysPageMap {
126 struct rcu_head rcu;
127
128 unsigned sections_nb;
129 unsigned sections_nb_alloc;
130 unsigned nodes_nb;
131 unsigned nodes_nb_alloc;
132 Node *nodes;
133 MemoryRegionSection *sections;
134 } PhysPageMap;
135
136 struct AddressSpaceDispatch {
137 struct rcu_head rcu;
138
139 /* This is a multi-level map on the physical address space.
140 * The bottom level has pointers to MemoryRegionSections.
141 */
142 PhysPageEntry phys_map;
143 PhysPageMap map;
144 AddressSpace *as;
145 };
146
147 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
148 typedef struct subpage_t {
149 MemoryRegion iomem;
150 AddressSpace *as;
151 hwaddr base;
152 uint16_t sub_section[TARGET_PAGE_SIZE];
153 } subpage_t;
154
155 #define PHYS_SECTION_UNASSIGNED 0
156 #define PHYS_SECTION_NOTDIRTY 1
157 #define PHYS_SECTION_ROM 2
158 #define PHYS_SECTION_WATCH 3
159
160 static void io_mem_init(void);
161 static void memory_map_init(void);
162 static void tcg_commit(MemoryListener *listener);
163
164 static MemoryRegion io_mem_watch;
165
166 /**
167 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
168 * @cpu: the CPU whose AddressSpace this is
169 * @as: the AddressSpace itself
170 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
171 * @tcg_as_listener: listener for tracking changes to the AddressSpace
172 */
173 struct CPUAddressSpace {
174 CPUState *cpu;
175 AddressSpace *as;
176 struct AddressSpaceDispatch *memory_dispatch;
177 MemoryListener tcg_as_listener;
178 };
179
180 #endif
181
182 #if !defined(CONFIG_USER_ONLY)
183
184 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
185 {
186 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
187 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
188 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
189 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
190 }
191 }
192
193 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
194 {
195 unsigned i;
196 uint32_t ret;
197 PhysPageEntry e;
198 PhysPageEntry *p;
199
200 ret = map->nodes_nb++;
201 p = map->nodes[ret];
202 assert(ret != PHYS_MAP_NODE_NIL);
203 assert(ret != map->nodes_nb_alloc);
204
205 e.skip = leaf ? 0 : 1;
206 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
207 for (i = 0; i < P_L2_SIZE; ++i) {
208 memcpy(&p[i], &e, sizeof(e));
209 }
210 return ret;
211 }
212
213 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
214 hwaddr *index, hwaddr *nb, uint16_t leaf,
215 int level)
216 {
217 PhysPageEntry *p;
218 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
219
220 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
221 lp->ptr = phys_map_node_alloc(map, level == 0);
222 }
223 p = map->nodes[lp->ptr];
224 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
225
226 while (*nb && lp < &p[P_L2_SIZE]) {
227 if ((*index & (step - 1)) == 0 && *nb >= step) {
228 lp->skip = 0;
229 lp->ptr = leaf;
230 *index += step;
231 *nb -= step;
232 } else {
233 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
234 }
235 ++lp;
236 }
237 }
238
239 static void phys_page_set(AddressSpaceDispatch *d,
240 hwaddr index, hwaddr nb,
241 uint16_t leaf)
242 {
243 /* Wildly overreserve - it doesn't matter much. */
244 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
245
246 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
247 }
248
249 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
250 * and update our entry so we can skip it and go directly to the destination.
251 */
252 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
253 {
254 unsigned valid_ptr = P_L2_SIZE;
255 int valid = 0;
256 PhysPageEntry *p;
257 int i;
258
259 if (lp->ptr == PHYS_MAP_NODE_NIL) {
260 return;
261 }
262
263 p = nodes[lp->ptr];
264 for (i = 0; i < P_L2_SIZE; i++) {
265 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
266 continue;
267 }
268
269 valid_ptr = i;
270 valid++;
271 if (p[i].skip) {
272 phys_page_compact(&p[i], nodes, compacted);
273 }
274 }
275
276 /* We can only compress if there's only one child. */
277 if (valid != 1) {
278 return;
279 }
280
281 assert(valid_ptr < P_L2_SIZE);
282
283 /* Don't compress if it won't fit in the # of bits we have. */
284 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
285 return;
286 }
287
288 lp->ptr = p[valid_ptr].ptr;
289 if (!p[valid_ptr].skip) {
290 /* If our only child is a leaf, make this a leaf. */
291 /* By design, we should have made this node a leaf to begin with so we
292 * should never reach here.
293 * But since it's so simple to handle this, let's do it just in case we
294 * change this rule.
295 */
296 lp->skip = 0;
297 } else {
298 lp->skip += p[valid_ptr].skip;
299 }
300 }
301
302 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
303 {
304 DECLARE_BITMAP(compacted, nodes_nb);
305
306 if (d->phys_map.skip) {
307 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
308 }
309 }
310
311 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
312 Node *nodes, MemoryRegionSection *sections)
313 {
314 PhysPageEntry *p;
315 hwaddr index = addr >> TARGET_PAGE_BITS;
316 int i;
317
318 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
319 if (lp.ptr == PHYS_MAP_NODE_NIL) {
320 return &sections[PHYS_SECTION_UNASSIGNED];
321 }
322 p = nodes[lp.ptr];
323 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
324 }
325
326 if (sections[lp.ptr].size.hi ||
327 range_covers_byte(sections[lp.ptr].offset_within_address_space,
328 sections[lp.ptr].size.lo, addr)) {
329 return &sections[lp.ptr];
330 } else {
331 return &sections[PHYS_SECTION_UNASSIGNED];
332 }
333 }
334
335 bool memory_region_is_unassigned(MemoryRegion *mr)
336 {
337 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
338 && mr != &io_mem_watch;
339 }
340
341 /* Called from RCU critical section */
342 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
343 hwaddr addr,
344 bool resolve_subpage)
345 {
346 MemoryRegionSection *section;
347 subpage_t *subpage;
348
349 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
350 if (resolve_subpage && section->mr->subpage) {
351 subpage = container_of(section->mr, subpage_t, iomem);
352 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
353 }
354 return section;
355 }
356
357 /* Called from RCU critical section */
358 static MemoryRegionSection *
359 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
360 hwaddr *plen, bool resolve_subpage)
361 {
362 MemoryRegionSection *section;
363 MemoryRegion *mr;
364 Int128 diff;
365
366 section = address_space_lookup_region(d, addr, resolve_subpage);
367 /* Compute offset within MemoryRegionSection */
368 addr -= section->offset_within_address_space;
369
370 /* Compute offset within MemoryRegion */
371 *xlat = addr + section->offset_within_region;
372
373 mr = section->mr;
374
375 /* MMIO registers can be expected to perform full-width accesses based only
376 * on their address, without considering adjacent registers that could
377 * decode to completely different MemoryRegions. When such registers
378 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
379 * regions overlap wildly. For this reason we cannot clamp the accesses
380 * here.
381 *
382 * If the length is small (as is the case for address_space_ldl/stl),
383 * everything works fine. If the incoming length is large, however,
384 * the caller really has to do the clamping through memory_access_size.
385 */
386 if (memory_region_is_ram(mr)) {
387 diff = int128_sub(section->size, int128_make64(addr));
388 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
389 }
390 return section;
391 }
392
393 /* Called from RCU critical section */
394 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
395 hwaddr *xlat, hwaddr *plen,
396 bool is_write)
397 {
398 IOMMUTLBEntry iotlb;
399 MemoryRegionSection *section;
400 MemoryRegion *mr;
401
402 for (;;) {
403 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
404 section = address_space_translate_internal(d, addr, &addr, plen, true);
405 mr = section->mr;
406
407 if (!mr->iommu_ops) {
408 break;
409 }
410
411 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
412 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
413 | (addr & iotlb.addr_mask));
414 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
415 if (!(iotlb.perm & (1 << is_write))) {
416 mr = &io_mem_unassigned;
417 break;
418 }
419
420 as = iotlb.target_as;
421 }
422
423 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
424 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
425 *plen = MIN(page, *plen);
426 }
427
428 *xlat = addr;
429 return mr;
430 }
431
432 /* Called from RCU critical section */
433 MemoryRegionSection *
434 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
435 hwaddr *xlat, hwaddr *plen)
436 {
437 MemoryRegionSection *section;
438 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
439
440 section = address_space_translate_internal(d, addr, xlat, plen, false);
441
442 assert(!section->mr->iommu_ops);
443 return section;
444 }
445 #endif
446
447 #if !defined(CONFIG_USER_ONLY)
448
449 static int cpu_common_post_load(void *opaque, int version_id)
450 {
451 CPUState *cpu = opaque;
452
453 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
454 version_id is increased. */
455 cpu->interrupt_request &= ~0x01;
456 tlb_flush(cpu, 1);
457
458 return 0;
459 }
460
461 static int cpu_common_pre_load(void *opaque)
462 {
463 CPUState *cpu = opaque;
464
465 cpu->exception_index = -1;
466
467 return 0;
468 }
469
470 static bool cpu_common_exception_index_needed(void *opaque)
471 {
472 CPUState *cpu = opaque;
473
474 return tcg_enabled() && cpu->exception_index != -1;
475 }
476
477 static const VMStateDescription vmstate_cpu_common_exception_index = {
478 .name = "cpu_common/exception_index",
479 .version_id = 1,
480 .minimum_version_id = 1,
481 .needed = cpu_common_exception_index_needed,
482 .fields = (VMStateField[]) {
483 VMSTATE_INT32(exception_index, CPUState),
484 VMSTATE_END_OF_LIST()
485 }
486 };
487
488 static bool cpu_common_crash_occurred_needed(void *opaque)
489 {
490 CPUState *cpu = opaque;
491
492 return cpu->crash_occurred;
493 }
494
495 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
496 .name = "cpu_common/crash_occurred",
497 .version_id = 1,
498 .minimum_version_id = 1,
499 .needed = cpu_common_crash_occurred_needed,
500 .fields = (VMStateField[]) {
501 VMSTATE_BOOL(crash_occurred, CPUState),
502 VMSTATE_END_OF_LIST()
503 }
504 };
505
506 const VMStateDescription vmstate_cpu_common = {
507 .name = "cpu_common",
508 .version_id = 1,
509 .minimum_version_id = 1,
510 .pre_load = cpu_common_pre_load,
511 .post_load = cpu_common_post_load,
512 .fields = (VMStateField[]) {
513 VMSTATE_UINT32(halted, CPUState),
514 VMSTATE_UINT32(interrupt_request, CPUState),
515 VMSTATE_END_OF_LIST()
516 },
517 .subsections = (const VMStateDescription*[]) {
518 &vmstate_cpu_common_exception_index,
519 &vmstate_cpu_common_crash_occurred,
520 NULL
521 }
522 };
523
524 #endif
525
526 CPUState *qemu_get_cpu(int index)
527 {
528 CPUState *cpu;
529
530 CPU_FOREACH(cpu) {
531 if (cpu->cpu_index == index) {
532 return cpu;
533 }
534 }
535
536 return NULL;
537 }
538
539 #if !defined(CONFIG_USER_ONLY)
540 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
541 {
542 CPUAddressSpace *newas;
543
544 /* Target code should have set num_ases before calling us */
545 assert(asidx < cpu->num_ases);
546
547 if (asidx == 0) {
548 /* address space 0 gets the convenience alias */
549 cpu->as = as;
550 }
551
552 /* KVM cannot currently support multiple address spaces. */
553 assert(asidx == 0 || !kvm_enabled());
554
555 if (!cpu->cpu_ases) {
556 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
557 }
558
559 newas = &cpu->cpu_ases[asidx];
560 newas->cpu = cpu;
561 newas->as = as;
562 if (tcg_enabled()) {
563 newas->tcg_as_listener.commit = tcg_commit;
564 memory_listener_register(&newas->tcg_as_listener, as);
565 }
566 }
567
568 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
569 {
570 /* Return the AddressSpace corresponding to the specified index */
571 return cpu->cpu_ases[asidx].as;
572 }
573 #endif
574
575 #ifndef CONFIG_USER_ONLY
576 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
577
578 static int cpu_get_free_index(Error **errp)
579 {
580 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
581
582 if (cpu >= MAX_CPUMASK_BITS) {
583 error_setg(errp, "Trying to use more CPUs than max of %d",
584 MAX_CPUMASK_BITS);
585 return -1;
586 }
587
588 bitmap_set(cpu_index_map, cpu, 1);
589 return cpu;
590 }
591
592 void cpu_exec_exit(CPUState *cpu)
593 {
594 if (cpu->cpu_index == -1) {
595 /* cpu_index was never allocated by this @cpu or was already freed. */
596 return;
597 }
598
599 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
600 cpu->cpu_index = -1;
601 }
602 #else
603
604 static int cpu_get_free_index(Error **errp)
605 {
606 CPUState *some_cpu;
607 int cpu_index = 0;
608
609 CPU_FOREACH(some_cpu) {
610 cpu_index++;
611 }
612 return cpu_index;
613 }
614
615 void cpu_exec_exit(CPUState *cpu)
616 {
617 }
618 #endif
619
620 void cpu_exec_init(CPUState *cpu, Error **errp)
621 {
622 CPUClass *cc = CPU_GET_CLASS(cpu);
623 int cpu_index;
624 Error *local_err = NULL;
625
626 cpu->as = NULL;
627 cpu->num_ases = 0;
628
629 #ifndef CONFIG_USER_ONLY
630 cpu->thread_id = qemu_get_thread_id();
631
632 /* This is a softmmu CPU object, so create a property for it
633 * so users can wire up its memory. (This can't go in qom/cpu.c
634 * because that file is compiled only once for both user-mode
635 * and system builds.) The default if no link is set up is to use
636 * the system address space.
637 */
638 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
639 (Object **)&cpu->memory,
640 qdev_prop_allow_set_link_before_realize,
641 OBJ_PROP_LINK_UNREF_ON_RELEASE,
642 &error_abort);
643 cpu->memory = system_memory;
644 object_ref(OBJECT(cpu->memory));
645 #endif
646
647 #if defined(CONFIG_USER_ONLY)
648 cpu_list_lock();
649 #endif
650 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
651 if (local_err) {
652 error_propagate(errp, local_err);
653 #if defined(CONFIG_USER_ONLY)
654 cpu_list_unlock();
655 #endif
656 return;
657 }
658 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
659 #if defined(CONFIG_USER_ONLY)
660 cpu_list_unlock();
661 #endif
662 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
663 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
664 }
665 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
666 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
667 cpu_save, cpu_load, cpu->env_ptr);
668 assert(cc->vmsd == NULL);
669 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
670 #endif
671 if (cc->vmsd != NULL) {
672 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
673 }
674 }
675
676 #if defined(CONFIG_USER_ONLY)
677 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
678 {
679 tb_invalidate_phys_page_range(pc, pc + 1, 0);
680 }
681 #else
682 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
683 {
684 MemTxAttrs attrs;
685 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
686 int asidx = cpu_asidx_from_attrs(cpu, attrs);
687 if (phys != -1) {
688 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
689 phys | (pc & ~TARGET_PAGE_MASK));
690 }
691 }
692 #endif
693
694 #if defined(CONFIG_USER_ONLY)
695 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
696
697 {
698 }
699
700 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
701 int flags)
702 {
703 return -ENOSYS;
704 }
705
706 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
707 {
708 }
709
710 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
711 int flags, CPUWatchpoint **watchpoint)
712 {
713 return -ENOSYS;
714 }
715 #else
716 /* Add a watchpoint. */
717 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
718 int flags, CPUWatchpoint **watchpoint)
719 {
720 CPUWatchpoint *wp;
721
722 /* forbid ranges which are empty or run off the end of the address space */
723 if (len == 0 || (addr + len - 1) < addr) {
724 error_report("tried to set invalid watchpoint at %"
725 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
726 return -EINVAL;
727 }
728 wp = g_malloc(sizeof(*wp));
729
730 wp->vaddr = addr;
731 wp->len = len;
732 wp->flags = flags;
733
734 /* keep all GDB-injected watchpoints in front */
735 if (flags & BP_GDB) {
736 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
737 } else {
738 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
739 }
740
741 tlb_flush_page(cpu, addr);
742
743 if (watchpoint)
744 *watchpoint = wp;
745 return 0;
746 }
747
748 /* Remove a specific watchpoint. */
749 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
750 int flags)
751 {
752 CPUWatchpoint *wp;
753
754 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
755 if (addr == wp->vaddr && len == wp->len
756 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
757 cpu_watchpoint_remove_by_ref(cpu, wp);
758 return 0;
759 }
760 }
761 return -ENOENT;
762 }
763
764 /* Remove a specific watchpoint by reference. */
765 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
766 {
767 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
768
769 tlb_flush_page(cpu, watchpoint->vaddr);
770
771 g_free(watchpoint);
772 }
773
774 /* Remove all matching watchpoints. */
775 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
776 {
777 CPUWatchpoint *wp, *next;
778
779 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
780 if (wp->flags & mask) {
781 cpu_watchpoint_remove_by_ref(cpu, wp);
782 }
783 }
784 }
785
786 /* Return true if this watchpoint address matches the specified
787 * access (ie the address range covered by the watchpoint overlaps
788 * partially or completely with the address range covered by the
789 * access).
790 */
791 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
792 vaddr addr,
793 vaddr len)
794 {
795 /* We know the lengths are non-zero, but a little caution is
796 * required to avoid errors in the case where the range ends
797 * exactly at the top of the address space and so addr + len
798 * wraps round to zero.
799 */
800 vaddr wpend = wp->vaddr + wp->len - 1;
801 vaddr addrend = addr + len - 1;
802
803 return !(addr > wpend || wp->vaddr > addrend);
804 }
805
806 #endif
807
808 /* Add a breakpoint. */
809 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
810 CPUBreakpoint **breakpoint)
811 {
812 CPUBreakpoint *bp;
813
814 bp = g_malloc(sizeof(*bp));
815
816 bp->pc = pc;
817 bp->flags = flags;
818
819 /* keep all GDB-injected breakpoints in front */
820 if (flags & BP_GDB) {
821 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
822 } else {
823 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
824 }
825
826 breakpoint_invalidate(cpu, pc);
827
828 if (breakpoint) {
829 *breakpoint = bp;
830 }
831 return 0;
832 }
833
834 /* Remove a specific breakpoint. */
835 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
836 {
837 CPUBreakpoint *bp;
838
839 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
840 if (bp->pc == pc && bp->flags == flags) {
841 cpu_breakpoint_remove_by_ref(cpu, bp);
842 return 0;
843 }
844 }
845 return -ENOENT;
846 }
847
848 /* Remove a specific breakpoint by reference. */
849 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
850 {
851 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
852
853 breakpoint_invalidate(cpu, breakpoint->pc);
854
855 g_free(breakpoint);
856 }
857
858 /* Remove all matching breakpoints. */
859 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
860 {
861 CPUBreakpoint *bp, *next;
862
863 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
864 if (bp->flags & mask) {
865 cpu_breakpoint_remove_by_ref(cpu, bp);
866 }
867 }
868 }
869
870 /* enable or disable single step mode. EXCP_DEBUG is returned by the
871 CPU loop after each instruction */
872 void cpu_single_step(CPUState *cpu, int enabled)
873 {
874 if (cpu->singlestep_enabled != enabled) {
875 cpu->singlestep_enabled = enabled;
876 if (kvm_enabled()) {
877 kvm_update_guest_debug(cpu, 0);
878 } else {
879 /* must flush all the translated code to avoid inconsistencies */
880 /* XXX: only flush what is necessary */
881 tb_flush(cpu);
882 }
883 }
884 }
885
886 void cpu_abort(CPUState *cpu, const char *fmt, ...)
887 {
888 va_list ap;
889 va_list ap2;
890
891 va_start(ap, fmt);
892 va_copy(ap2, ap);
893 fprintf(stderr, "qemu: fatal: ");
894 vfprintf(stderr, fmt, ap);
895 fprintf(stderr, "\n");
896 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
897 if (qemu_log_separate()) {
898 qemu_log("qemu: fatal: ");
899 qemu_log_vprintf(fmt, ap2);
900 qemu_log("\n");
901 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
902 qemu_log_flush();
903 qemu_log_close();
904 }
905 va_end(ap2);
906 va_end(ap);
907 replay_finish();
908 #if defined(CONFIG_USER_ONLY)
909 {
910 struct sigaction act;
911 sigfillset(&act.sa_mask);
912 act.sa_handler = SIG_DFL;
913 sigaction(SIGABRT, &act, NULL);
914 }
915 #endif
916 abort();
917 }
918
919 #if !defined(CONFIG_USER_ONLY)
920 /* Called from RCU critical section */
921 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
922 {
923 RAMBlock *block;
924
925 block = atomic_rcu_read(&ram_list.mru_block);
926 if (block && addr - block->offset < block->max_length) {
927 return block;
928 }
929 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
930 if (addr - block->offset < block->max_length) {
931 goto found;
932 }
933 }
934
935 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
936 abort();
937
938 found:
939 /* It is safe to write mru_block outside the iothread lock. This
940 * is what happens:
941 *
942 * mru_block = xxx
943 * rcu_read_unlock()
944 * xxx removed from list
945 * rcu_read_lock()
946 * read mru_block
947 * mru_block = NULL;
948 * call_rcu(reclaim_ramblock, xxx);
949 * rcu_read_unlock()
950 *
951 * atomic_rcu_set is not needed here. The block was already published
952 * when it was placed into the list. Here we're just making an extra
953 * copy of the pointer.
954 */
955 ram_list.mru_block = block;
956 return block;
957 }
958
959 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
960 {
961 CPUState *cpu;
962 ram_addr_t start1;
963 RAMBlock *block;
964 ram_addr_t end;
965
966 end = TARGET_PAGE_ALIGN(start + length);
967 start &= TARGET_PAGE_MASK;
968
969 rcu_read_lock();
970 block = qemu_get_ram_block(start);
971 assert(block == qemu_get_ram_block(end - 1));
972 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
973 CPU_FOREACH(cpu) {
974 tlb_reset_dirty(cpu, start1, length);
975 }
976 rcu_read_unlock();
977 }
978
979 /* Note: start and end must be within the same ram block. */
980 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
981 ram_addr_t length,
982 unsigned client)
983 {
984 unsigned long end, page;
985 bool dirty;
986
987 if (length == 0) {
988 return false;
989 }
990
991 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
992 page = start >> TARGET_PAGE_BITS;
993 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
994 page, end - page);
995
996 if (dirty && tcg_enabled()) {
997 tlb_reset_dirty_range_all(start, length);
998 }
999
1000 return dirty;
1001 }
1002
1003 /* Called from RCU critical section */
1004 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
1005 MemoryRegionSection *section,
1006 target_ulong vaddr,
1007 hwaddr paddr, hwaddr xlat,
1008 int prot,
1009 target_ulong *address)
1010 {
1011 hwaddr iotlb;
1012 CPUWatchpoint *wp;
1013
1014 if (memory_region_is_ram(section->mr)) {
1015 /* Normal RAM. */
1016 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
1017 + xlat;
1018 if (!section->readonly) {
1019 iotlb |= PHYS_SECTION_NOTDIRTY;
1020 } else {
1021 iotlb |= PHYS_SECTION_ROM;
1022 }
1023 } else {
1024 AddressSpaceDispatch *d;
1025
1026 d = atomic_rcu_read(&section->address_space->dispatch);
1027 iotlb = section - d->map.sections;
1028 iotlb += xlat;
1029 }
1030
1031 /* Make accesses to pages with watchpoints go via the
1032 watchpoint trap routines. */
1033 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1034 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1035 /* Avoid trapping reads of pages with a write breakpoint. */
1036 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1037 iotlb = PHYS_SECTION_WATCH + paddr;
1038 *address |= TLB_MMIO;
1039 break;
1040 }
1041 }
1042 }
1043
1044 return iotlb;
1045 }
1046 #endif /* defined(CONFIG_USER_ONLY) */
1047
1048 #if !defined(CONFIG_USER_ONLY)
1049
1050 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1051 uint16_t section);
1052 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1053
1054 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1055 qemu_anon_ram_alloc;
1056
1057 /*
1058 * Set a custom physical guest memory alloator.
1059 * Accelerators with unusual needs may need this. Hopefully, we can
1060 * get rid of it eventually.
1061 */
1062 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1063 {
1064 phys_mem_alloc = alloc;
1065 }
1066
1067 static uint16_t phys_section_add(PhysPageMap *map,
1068 MemoryRegionSection *section)
1069 {
1070 /* The physical section number is ORed with a page-aligned
1071 * pointer to produce the iotlb entries. Thus it should
1072 * never overflow into the page-aligned value.
1073 */
1074 assert(map->sections_nb < TARGET_PAGE_SIZE);
1075
1076 if (map->sections_nb == map->sections_nb_alloc) {
1077 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1078 map->sections = g_renew(MemoryRegionSection, map->sections,
1079 map->sections_nb_alloc);
1080 }
1081 map->sections[map->sections_nb] = *section;
1082 memory_region_ref(section->mr);
1083 return map->sections_nb++;
1084 }
1085
1086 static void phys_section_destroy(MemoryRegion *mr)
1087 {
1088 bool have_sub_page = mr->subpage;
1089
1090 memory_region_unref(mr);
1091
1092 if (have_sub_page) {
1093 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1094 object_unref(OBJECT(&subpage->iomem));
1095 g_free(subpage);
1096 }
1097 }
1098
1099 static void phys_sections_free(PhysPageMap *map)
1100 {
1101 while (map->sections_nb > 0) {
1102 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1103 phys_section_destroy(section->mr);
1104 }
1105 g_free(map->sections);
1106 g_free(map->nodes);
1107 }
1108
1109 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1110 {
1111 subpage_t *subpage;
1112 hwaddr base = section->offset_within_address_space
1113 & TARGET_PAGE_MASK;
1114 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1115 d->map.nodes, d->map.sections);
1116 MemoryRegionSection subsection = {
1117 .offset_within_address_space = base,
1118 .size = int128_make64(TARGET_PAGE_SIZE),
1119 };
1120 hwaddr start, end;
1121
1122 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1123
1124 if (!(existing->mr->subpage)) {
1125 subpage = subpage_init(d->as, base);
1126 subsection.address_space = d->as;
1127 subsection.mr = &subpage->iomem;
1128 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1129 phys_section_add(&d->map, &subsection));
1130 } else {
1131 subpage = container_of(existing->mr, subpage_t, iomem);
1132 }
1133 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1134 end = start + int128_get64(section->size) - 1;
1135 subpage_register(subpage, start, end,
1136 phys_section_add(&d->map, section));
1137 }
1138
1139
1140 static void register_multipage(AddressSpaceDispatch *d,
1141 MemoryRegionSection *section)
1142 {
1143 hwaddr start_addr = section->offset_within_address_space;
1144 uint16_t section_index = phys_section_add(&d->map, section);
1145 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1146 TARGET_PAGE_BITS));
1147
1148 assert(num_pages);
1149 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1150 }
1151
1152 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1153 {
1154 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1155 AddressSpaceDispatch *d = as->next_dispatch;
1156 MemoryRegionSection now = *section, remain = *section;
1157 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1158
1159 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1160 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1161 - now.offset_within_address_space;
1162
1163 now.size = int128_min(int128_make64(left), now.size);
1164 register_subpage(d, &now);
1165 } else {
1166 now.size = int128_zero();
1167 }
1168 while (int128_ne(remain.size, now.size)) {
1169 remain.size = int128_sub(remain.size, now.size);
1170 remain.offset_within_address_space += int128_get64(now.size);
1171 remain.offset_within_region += int128_get64(now.size);
1172 now = remain;
1173 if (int128_lt(remain.size, page_size)) {
1174 register_subpage(d, &now);
1175 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1176 now.size = page_size;
1177 register_subpage(d, &now);
1178 } else {
1179 now.size = int128_and(now.size, int128_neg(page_size));
1180 register_multipage(d, &now);
1181 }
1182 }
1183 }
1184
1185 void qemu_flush_coalesced_mmio_buffer(void)
1186 {
1187 if (kvm_enabled())
1188 kvm_flush_coalesced_mmio_buffer();
1189 }
1190
1191 void qemu_mutex_lock_ramlist(void)
1192 {
1193 qemu_mutex_lock(&ram_list.mutex);
1194 }
1195
1196 void qemu_mutex_unlock_ramlist(void)
1197 {
1198 qemu_mutex_unlock(&ram_list.mutex);
1199 }
1200
1201 #ifdef __linux__
1202
1203 #include <sys/vfs.h>
1204
1205 #define HUGETLBFS_MAGIC 0x958458f6
1206
1207 static long gethugepagesize(const char *path, Error **errp)
1208 {
1209 struct statfs fs;
1210 int ret;
1211
1212 do {
1213 ret = statfs(path, &fs);
1214 } while (ret != 0 && errno == EINTR);
1215
1216 if (ret != 0) {
1217 error_setg_errno(errp, errno, "failed to get page size of file %s",
1218 path);
1219 return 0;
1220 }
1221
1222 return fs.f_bsize;
1223 }
1224
1225 static void *file_ram_alloc(RAMBlock *block,
1226 ram_addr_t memory,
1227 const char *path,
1228 Error **errp)
1229 {
1230 struct stat st;
1231 char *filename;
1232 char *sanitized_name;
1233 char *c;
1234 void *area;
1235 int fd;
1236 uint64_t hpagesize;
1237 Error *local_err = NULL;
1238
1239 hpagesize = gethugepagesize(path, &local_err);
1240 if (local_err) {
1241 error_propagate(errp, local_err);
1242 goto error;
1243 }
1244 block->mr->align = hpagesize;
1245
1246 if (memory < hpagesize) {
1247 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1248 "or larger than huge page size 0x%" PRIx64,
1249 memory, hpagesize);
1250 goto error;
1251 }
1252
1253 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1254 error_setg(errp,
1255 "host lacks kvm mmu notifiers, -mem-path unsupported");
1256 goto error;
1257 }
1258
1259 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1260 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1261 sanitized_name = g_strdup(memory_region_name(block->mr));
1262 for (c = sanitized_name; *c != '\0'; c++) {
1263 if (*c == '/') {
1264 *c = '_';
1265 }
1266 }
1267
1268 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1269 sanitized_name);
1270 g_free(sanitized_name);
1271
1272 fd = mkstemp(filename);
1273 if (fd >= 0) {
1274 unlink(filename);
1275 }
1276 g_free(filename);
1277 } else {
1278 fd = open(path, O_RDWR | O_CREAT, 0644);
1279 }
1280
1281 if (fd < 0) {
1282 error_setg_errno(errp, errno,
1283 "unable to create backing store for hugepages");
1284 goto error;
1285 }
1286
1287 memory = ROUND_UP(memory, hpagesize);
1288
1289 /*
1290 * ftruncate is not supported by hugetlbfs in older
1291 * hosts, so don't bother bailing out on errors.
1292 * If anything goes wrong with it under other filesystems,
1293 * mmap will fail.
1294 */
1295 if (ftruncate(fd, memory)) {
1296 perror("ftruncate");
1297 }
1298
1299 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1300 if (area == MAP_FAILED) {
1301 error_setg_errno(errp, errno,
1302 "unable to map backing store for hugepages");
1303 close(fd);
1304 goto error;
1305 }
1306
1307 if (mem_prealloc) {
1308 os_mem_prealloc(fd, area, memory);
1309 }
1310
1311 block->fd = fd;
1312 return area;
1313
1314 error:
1315 return NULL;
1316 }
1317 #endif
1318
1319 /* Called with the ramlist lock held. */
1320 static ram_addr_t find_ram_offset(ram_addr_t size)
1321 {
1322 RAMBlock *block, *next_block;
1323 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1324
1325 assert(size != 0); /* it would hand out same offset multiple times */
1326
1327 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1328 return 0;
1329 }
1330
1331 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1332 ram_addr_t end, next = RAM_ADDR_MAX;
1333
1334 end = block->offset + block->max_length;
1335
1336 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1337 if (next_block->offset >= end) {
1338 next = MIN(next, next_block->offset);
1339 }
1340 }
1341 if (next - end >= size && next - end < mingap) {
1342 offset = end;
1343 mingap = next - end;
1344 }
1345 }
1346
1347 if (offset == RAM_ADDR_MAX) {
1348 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1349 (uint64_t)size);
1350 abort();
1351 }
1352
1353 return offset;
1354 }
1355
1356 ram_addr_t last_ram_offset(void)
1357 {
1358 RAMBlock *block;
1359 ram_addr_t last = 0;
1360
1361 rcu_read_lock();
1362 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1363 last = MAX(last, block->offset + block->max_length);
1364 }
1365 rcu_read_unlock();
1366 return last;
1367 }
1368
1369 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1370 {
1371 int ret;
1372
1373 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1374 if (!machine_dump_guest_core(current_machine)) {
1375 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1376 if (ret) {
1377 perror("qemu_madvise");
1378 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1379 "but dump_guest_core=off specified\n");
1380 }
1381 }
1382 }
1383
1384 /* Called within an RCU critical section, or while the ramlist lock
1385 * is held.
1386 */
1387 static RAMBlock *find_ram_block(ram_addr_t addr)
1388 {
1389 RAMBlock *block;
1390
1391 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1392 if (block->offset == addr) {
1393 return block;
1394 }
1395 }
1396
1397 return NULL;
1398 }
1399
1400 const char *qemu_ram_get_idstr(RAMBlock *rb)
1401 {
1402 return rb->idstr;
1403 }
1404
1405 /* Called with iothread lock held. */
1406 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1407 {
1408 RAMBlock *new_block, *block;
1409
1410 rcu_read_lock();
1411 new_block = find_ram_block(addr);
1412 assert(new_block);
1413 assert(!new_block->idstr[0]);
1414
1415 if (dev) {
1416 char *id = qdev_get_dev_path(dev);
1417 if (id) {
1418 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1419 g_free(id);
1420 }
1421 }
1422 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1423
1424 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1425 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1426 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1427 new_block->idstr);
1428 abort();
1429 }
1430 }
1431 rcu_read_unlock();
1432 }
1433
1434 /* Called with iothread lock held. */
1435 void qemu_ram_unset_idstr(ram_addr_t addr)
1436 {
1437 RAMBlock *block;
1438
1439 /* FIXME: arch_init.c assumes that this is not called throughout
1440 * migration. Ignore the problem since hot-unplug during migration
1441 * does not work anyway.
1442 */
1443
1444 rcu_read_lock();
1445 block = find_ram_block(addr);
1446 if (block) {
1447 memset(block->idstr, 0, sizeof(block->idstr));
1448 }
1449 rcu_read_unlock();
1450 }
1451
1452 static int memory_try_enable_merging(void *addr, size_t len)
1453 {
1454 if (!machine_mem_merge(current_machine)) {
1455 /* disabled by the user */
1456 return 0;
1457 }
1458
1459 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1460 }
1461
1462 /* Only legal before guest might have detected the memory size: e.g. on
1463 * incoming migration, or right after reset.
1464 *
1465 * As memory core doesn't know how is memory accessed, it is up to
1466 * resize callback to update device state and/or add assertions to detect
1467 * misuse, if necessary.
1468 */
1469 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1470 {
1471 RAMBlock *block = find_ram_block(base);
1472
1473 assert(block);
1474
1475 newsize = HOST_PAGE_ALIGN(newsize);
1476
1477 if (block->used_length == newsize) {
1478 return 0;
1479 }
1480
1481 if (!(block->flags & RAM_RESIZEABLE)) {
1482 error_setg_errno(errp, EINVAL,
1483 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1484 " in != 0x" RAM_ADDR_FMT, block->idstr,
1485 newsize, block->used_length);
1486 return -EINVAL;
1487 }
1488
1489 if (block->max_length < newsize) {
1490 error_setg_errno(errp, EINVAL,
1491 "Length too large: %s: 0x" RAM_ADDR_FMT
1492 " > 0x" RAM_ADDR_FMT, block->idstr,
1493 newsize, block->max_length);
1494 return -EINVAL;
1495 }
1496
1497 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1498 block->used_length = newsize;
1499 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1500 DIRTY_CLIENTS_ALL);
1501 memory_region_set_size(block->mr, newsize);
1502 if (block->resized) {
1503 block->resized(block->idstr, newsize, block->host);
1504 }
1505 return 0;
1506 }
1507
1508 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1509 {
1510 RAMBlock *block;
1511 RAMBlock *last_block = NULL;
1512 ram_addr_t old_ram_size, new_ram_size;
1513
1514 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1515
1516 qemu_mutex_lock_ramlist();
1517 new_block->offset = find_ram_offset(new_block->max_length);
1518
1519 if (!new_block->host) {
1520 if (xen_enabled()) {
1521 xen_ram_alloc(new_block->offset, new_block->max_length,
1522 new_block->mr);
1523 } else {
1524 new_block->host = phys_mem_alloc(new_block->max_length,
1525 &new_block->mr->align);
1526 if (!new_block->host) {
1527 error_setg_errno(errp, errno,
1528 "cannot set up guest memory '%s'",
1529 memory_region_name(new_block->mr));
1530 qemu_mutex_unlock_ramlist();
1531 return -1;
1532 }
1533 memory_try_enable_merging(new_block->host, new_block->max_length);
1534 }
1535 }
1536
1537 new_ram_size = MAX(old_ram_size,
1538 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1539 if (new_ram_size > old_ram_size) {
1540 migration_bitmap_extend(old_ram_size, new_ram_size);
1541 }
1542 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1543 * QLIST (which has an RCU-friendly variant) does not have insertion at
1544 * tail, so save the last element in last_block.
1545 */
1546 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1547 last_block = block;
1548 if (block->max_length < new_block->max_length) {
1549 break;
1550 }
1551 }
1552 if (block) {
1553 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1554 } else if (last_block) {
1555 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1556 } else { /* list is empty */
1557 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1558 }
1559 ram_list.mru_block = NULL;
1560
1561 /* Write list before version */
1562 smp_wmb();
1563 ram_list.version++;
1564 qemu_mutex_unlock_ramlist();
1565
1566 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1567
1568 if (new_ram_size > old_ram_size) {
1569 int i;
1570
1571 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1572 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1573 ram_list.dirty_memory[i] =
1574 bitmap_zero_extend(ram_list.dirty_memory[i],
1575 old_ram_size, new_ram_size);
1576 }
1577 }
1578 cpu_physical_memory_set_dirty_range(new_block->offset,
1579 new_block->used_length,
1580 DIRTY_CLIENTS_ALL);
1581
1582 if (new_block->host) {
1583 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1584 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1585 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1586 if (kvm_enabled()) {
1587 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1588 }
1589 }
1590
1591 return new_block->offset;
1592 }
1593
1594 #ifdef __linux__
1595 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1596 bool share, const char *mem_path,
1597 Error **errp)
1598 {
1599 RAMBlock *new_block;
1600 ram_addr_t addr;
1601 Error *local_err = NULL;
1602
1603 if (xen_enabled()) {
1604 error_setg(errp, "-mem-path not supported with Xen");
1605 return -1;
1606 }
1607
1608 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1609 /*
1610 * file_ram_alloc() needs to allocate just like
1611 * phys_mem_alloc, but we haven't bothered to provide
1612 * a hook there.
1613 */
1614 error_setg(errp,
1615 "-mem-path not supported with this accelerator");
1616 return -1;
1617 }
1618
1619 size = HOST_PAGE_ALIGN(size);
1620 new_block = g_malloc0(sizeof(*new_block));
1621 new_block->mr = mr;
1622 new_block->used_length = size;
1623 new_block->max_length = size;
1624 new_block->flags = share ? RAM_SHARED : 0;
1625 new_block->host = file_ram_alloc(new_block, size,
1626 mem_path, errp);
1627 if (!new_block->host) {
1628 g_free(new_block);
1629 return -1;
1630 }
1631
1632 addr = ram_block_add(new_block, &local_err);
1633 if (local_err) {
1634 g_free(new_block);
1635 error_propagate(errp, local_err);
1636 return -1;
1637 }
1638 return addr;
1639 }
1640 #endif
1641
1642 static
1643 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1644 void (*resized)(const char*,
1645 uint64_t length,
1646 void *host),
1647 void *host, bool resizeable,
1648 MemoryRegion *mr, Error **errp)
1649 {
1650 RAMBlock *new_block;
1651 ram_addr_t addr;
1652 Error *local_err = NULL;
1653
1654 size = HOST_PAGE_ALIGN(size);
1655 max_size = HOST_PAGE_ALIGN(max_size);
1656 new_block = g_malloc0(sizeof(*new_block));
1657 new_block->mr = mr;
1658 new_block->resized = resized;
1659 new_block->used_length = size;
1660 new_block->max_length = max_size;
1661 assert(max_size >= size);
1662 new_block->fd = -1;
1663 new_block->host = host;
1664 if (host) {
1665 new_block->flags |= RAM_PREALLOC;
1666 }
1667 if (resizeable) {
1668 new_block->flags |= RAM_RESIZEABLE;
1669 }
1670 addr = ram_block_add(new_block, &local_err);
1671 if (local_err) {
1672 g_free(new_block);
1673 error_propagate(errp, local_err);
1674 return -1;
1675 }
1676 return addr;
1677 }
1678
1679 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1680 MemoryRegion *mr, Error **errp)
1681 {
1682 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1683 }
1684
1685 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1686 {
1687 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1688 }
1689
1690 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1691 void (*resized)(const char*,
1692 uint64_t length,
1693 void *host),
1694 MemoryRegion *mr, Error **errp)
1695 {
1696 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1697 }
1698
1699 static void reclaim_ramblock(RAMBlock *block)
1700 {
1701 if (block->flags & RAM_PREALLOC) {
1702 ;
1703 } else if (xen_enabled()) {
1704 xen_invalidate_map_cache_entry(block->host);
1705 #ifndef _WIN32
1706 } else if (block->fd >= 0) {
1707 qemu_ram_munmap(block->host, block->max_length);
1708 close(block->fd);
1709 #endif
1710 } else {
1711 qemu_anon_ram_free(block->host, block->max_length);
1712 }
1713 g_free(block);
1714 }
1715
1716 void qemu_ram_free(ram_addr_t addr)
1717 {
1718 RAMBlock *block;
1719
1720 qemu_mutex_lock_ramlist();
1721 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1722 if (addr == block->offset) {
1723 QLIST_REMOVE_RCU(block, next);
1724 ram_list.mru_block = NULL;
1725 /* Write list before version */
1726 smp_wmb();
1727 ram_list.version++;
1728 call_rcu(block, reclaim_ramblock, rcu);
1729 break;
1730 }
1731 }
1732 qemu_mutex_unlock_ramlist();
1733 }
1734
1735 #ifndef _WIN32
1736 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1737 {
1738 RAMBlock *block;
1739 ram_addr_t offset;
1740 int flags;
1741 void *area, *vaddr;
1742
1743 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1744 offset = addr - block->offset;
1745 if (offset < block->max_length) {
1746 vaddr = ramblock_ptr(block, offset);
1747 if (block->flags & RAM_PREALLOC) {
1748 ;
1749 } else if (xen_enabled()) {
1750 abort();
1751 } else {
1752 flags = MAP_FIXED;
1753 if (block->fd >= 0) {
1754 flags |= (block->flags & RAM_SHARED ?
1755 MAP_SHARED : MAP_PRIVATE);
1756 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1757 flags, block->fd, offset);
1758 } else {
1759 /*
1760 * Remap needs to match alloc. Accelerators that
1761 * set phys_mem_alloc never remap. If they did,
1762 * we'd need a remap hook here.
1763 */
1764 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1765
1766 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1767 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1768 flags, -1, 0);
1769 }
1770 if (area != vaddr) {
1771 fprintf(stderr, "Could not remap addr: "
1772 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1773 length, addr);
1774 exit(1);
1775 }
1776 memory_try_enable_merging(vaddr, length);
1777 qemu_ram_setup_dump(vaddr, length);
1778 }
1779 }
1780 }
1781 }
1782 #endif /* !_WIN32 */
1783
1784 int qemu_get_ram_fd(ram_addr_t addr)
1785 {
1786 RAMBlock *block;
1787 int fd;
1788
1789 rcu_read_lock();
1790 block = qemu_get_ram_block(addr);
1791 fd = block->fd;
1792 rcu_read_unlock();
1793 return fd;
1794 }
1795
1796 void qemu_set_ram_fd(ram_addr_t addr, int fd)
1797 {
1798 RAMBlock *block;
1799
1800 rcu_read_lock();
1801 block = qemu_get_ram_block(addr);
1802 block->fd = fd;
1803 rcu_read_unlock();
1804 }
1805
1806 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1807 {
1808 RAMBlock *block;
1809 void *ptr;
1810
1811 rcu_read_lock();
1812 block = qemu_get_ram_block(addr);
1813 ptr = ramblock_ptr(block, 0);
1814 rcu_read_unlock();
1815 return ptr;
1816 }
1817
1818 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1819 * This should not be used for general purpose DMA. Use address_space_map
1820 * or address_space_rw instead. For local memory (e.g. video ram) that the
1821 * device owns, use memory_region_get_ram_ptr.
1822 *
1823 * Called within RCU critical section.
1824 */
1825 void *qemu_get_ram_ptr(ram_addr_t addr)
1826 {
1827 RAMBlock *block = qemu_get_ram_block(addr);
1828
1829 if (xen_enabled() && block->host == NULL) {
1830 /* We need to check if the requested address is in the RAM
1831 * because we don't want to map the entire memory in QEMU.
1832 * In that case just map until the end of the page.
1833 */
1834 if (block->offset == 0) {
1835 return xen_map_cache(addr, 0, 0);
1836 }
1837
1838 block->host = xen_map_cache(block->offset, block->max_length, 1);
1839 }
1840 return ramblock_ptr(block, addr - block->offset);
1841 }
1842
1843 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1844 * but takes a size argument.
1845 *
1846 * Called within RCU critical section.
1847 */
1848 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1849 {
1850 RAMBlock *block;
1851 ram_addr_t offset_inside_block;
1852 if (*size == 0) {
1853 return NULL;
1854 }
1855
1856 block = qemu_get_ram_block(addr);
1857 offset_inside_block = addr - block->offset;
1858 *size = MIN(*size, block->max_length - offset_inside_block);
1859
1860 if (xen_enabled() && block->host == NULL) {
1861 /* We need to check if the requested address is in the RAM
1862 * because we don't want to map the entire memory in QEMU.
1863 * In that case just map the requested area.
1864 */
1865 if (block->offset == 0) {
1866 return xen_map_cache(addr, *size, 1);
1867 }
1868
1869 block->host = xen_map_cache(block->offset, block->max_length, 1);
1870 }
1871
1872 return ramblock_ptr(block, offset_inside_block);
1873 }
1874
1875 /*
1876 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1877 * in that RAMBlock.
1878 *
1879 * ptr: Host pointer to look up
1880 * round_offset: If true round the result offset down to a page boundary
1881 * *ram_addr: set to result ram_addr
1882 * *offset: set to result offset within the RAMBlock
1883 *
1884 * Returns: RAMBlock (or NULL if not found)
1885 *
1886 * By the time this function returns, the returned pointer is not protected
1887 * by RCU anymore. If the caller is not within an RCU critical section and
1888 * does not hold the iothread lock, it must have other means of protecting the
1889 * pointer, such as a reference to the region that includes the incoming
1890 * ram_addr_t.
1891 */
1892 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1893 ram_addr_t *ram_addr,
1894 ram_addr_t *offset)
1895 {
1896 RAMBlock *block;
1897 uint8_t *host = ptr;
1898
1899 if (xen_enabled()) {
1900 rcu_read_lock();
1901 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1902 block = qemu_get_ram_block(*ram_addr);
1903 if (block) {
1904 *offset = (host - block->host);
1905 }
1906 rcu_read_unlock();
1907 return block;
1908 }
1909
1910 rcu_read_lock();
1911 block = atomic_rcu_read(&ram_list.mru_block);
1912 if (block && block->host && host - block->host < block->max_length) {
1913 goto found;
1914 }
1915
1916 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1917 /* This case append when the block is not mapped. */
1918 if (block->host == NULL) {
1919 continue;
1920 }
1921 if (host - block->host < block->max_length) {
1922 goto found;
1923 }
1924 }
1925
1926 rcu_read_unlock();
1927 return NULL;
1928
1929 found:
1930 *offset = (host - block->host);
1931 if (round_offset) {
1932 *offset &= TARGET_PAGE_MASK;
1933 }
1934 *ram_addr = block->offset + *offset;
1935 rcu_read_unlock();
1936 return block;
1937 }
1938
1939 /*
1940 * Finds the named RAMBlock
1941 *
1942 * name: The name of RAMBlock to find
1943 *
1944 * Returns: RAMBlock (or NULL if not found)
1945 */
1946 RAMBlock *qemu_ram_block_by_name(const char *name)
1947 {
1948 RAMBlock *block;
1949
1950 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1951 if (!strcmp(name, block->idstr)) {
1952 return block;
1953 }
1954 }
1955
1956 return NULL;
1957 }
1958
1959 /* Some of the softmmu routines need to translate from a host pointer
1960 (typically a TLB entry) back to a ram offset. */
1961 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1962 {
1963 RAMBlock *block;
1964 ram_addr_t offset; /* Not used */
1965
1966 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1967
1968 if (!block) {
1969 return NULL;
1970 }
1971
1972 return block->mr;
1973 }
1974
1975 /* Called within RCU critical section. */
1976 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1977 uint64_t val, unsigned size)
1978 {
1979 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1980 tb_invalidate_phys_page_fast(ram_addr, size);
1981 }
1982 switch (size) {
1983 case 1:
1984 stb_p(qemu_get_ram_ptr(ram_addr), val);
1985 break;
1986 case 2:
1987 stw_p(qemu_get_ram_ptr(ram_addr), val);
1988 break;
1989 case 4:
1990 stl_p(qemu_get_ram_ptr(ram_addr), val);
1991 break;
1992 default:
1993 abort();
1994 }
1995 /* Set both VGA and migration bits for simplicity and to remove
1996 * the notdirty callback faster.
1997 */
1998 cpu_physical_memory_set_dirty_range(ram_addr, size,
1999 DIRTY_CLIENTS_NOCODE);
2000 /* we remove the notdirty callback only if the code has been
2001 flushed */
2002 if (!cpu_physical_memory_is_clean(ram_addr)) {
2003 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
2004 }
2005 }
2006
2007 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2008 unsigned size, bool is_write)
2009 {
2010 return is_write;
2011 }
2012
2013 static const MemoryRegionOps notdirty_mem_ops = {
2014 .write = notdirty_mem_write,
2015 .valid.accepts = notdirty_mem_accepts,
2016 .endianness = DEVICE_NATIVE_ENDIAN,
2017 };
2018
2019 /* Generate a debug exception if a watchpoint has been hit. */
2020 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2021 {
2022 CPUState *cpu = current_cpu;
2023 CPUArchState *env = cpu->env_ptr;
2024 target_ulong pc, cs_base;
2025 target_ulong vaddr;
2026 CPUWatchpoint *wp;
2027 int cpu_flags;
2028
2029 if (cpu->watchpoint_hit) {
2030 /* We re-entered the check after replacing the TB. Now raise
2031 * the debug interrupt so that is will trigger after the
2032 * current instruction. */
2033 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2034 return;
2035 }
2036 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2037 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2038 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2039 && (wp->flags & flags)) {
2040 if (flags == BP_MEM_READ) {
2041 wp->flags |= BP_WATCHPOINT_HIT_READ;
2042 } else {
2043 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2044 }
2045 wp->hitaddr = vaddr;
2046 wp->hitattrs = attrs;
2047 if (!cpu->watchpoint_hit) {
2048 cpu->watchpoint_hit = wp;
2049 tb_check_watchpoint(cpu);
2050 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2051 cpu->exception_index = EXCP_DEBUG;
2052 cpu_loop_exit(cpu);
2053 } else {
2054 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2055 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2056 cpu_resume_from_signal(cpu, NULL);
2057 }
2058 }
2059 } else {
2060 wp->flags &= ~BP_WATCHPOINT_HIT;
2061 }
2062 }
2063 }
2064
2065 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2066 so these check for a hit then pass through to the normal out-of-line
2067 phys routines. */
2068 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2069 unsigned size, MemTxAttrs attrs)
2070 {
2071 MemTxResult res;
2072 uint64_t data;
2073 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2074 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2075
2076 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2077 switch (size) {
2078 case 1:
2079 data = address_space_ldub(as, addr, attrs, &res);
2080 break;
2081 case 2:
2082 data = address_space_lduw(as, addr, attrs, &res);
2083 break;
2084 case 4:
2085 data = address_space_ldl(as, addr, attrs, &res);
2086 break;
2087 default: abort();
2088 }
2089 *pdata = data;
2090 return res;
2091 }
2092
2093 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2094 uint64_t val, unsigned size,
2095 MemTxAttrs attrs)
2096 {
2097 MemTxResult res;
2098 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2099 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2100
2101 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2102 switch (size) {
2103 case 1:
2104 address_space_stb(as, addr, val, attrs, &res);
2105 break;
2106 case 2:
2107 address_space_stw(as, addr, val, attrs, &res);
2108 break;
2109 case 4:
2110 address_space_stl(as, addr, val, attrs, &res);
2111 break;
2112 default: abort();
2113 }
2114 return res;
2115 }
2116
2117 static const MemoryRegionOps watch_mem_ops = {
2118 .read_with_attrs = watch_mem_read,
2119 .write_with_attrs = watch_mem_write,
2120 .endianness = DEVICE_NATIVE_ENDIAN,
2121 };
2122
2123 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2124 unsigned len, MemTxAttrs attrs)
2125 {
2126 subpage_t *subpage = opaque;
2127 uint8_t buf[8];
2128 MemTxResult res;
2129
2130 #if defined(DEBUG_SUBPAGE)
2131 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2132 subpage, len, addr);
2133 #endif
2134 res = address_space_read(subpage->as, addr + subpage->base,
2135 attrs, buf, len);
2136 if (res) {
2137 return res;
2138 }
2139 switch (len) {
2140 case 1:
2141 *data = ldub_p(buf);
2142 return MEMTX_OK;
2143 case 2:
2144 *data = lduw_p(buf);
2145 return MEMTX_OK;
2146 case 4:
2147 *data = ldl_p(buf);
2148 return MEMTX_OK;
2149 case 8:
2150 *data = ldq_p(buf);
2151 return MEMTX_OK;
2152 default:
2153 abort();
2154 }
2155 }
2156
2157 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2158 uint64_t value, unsigned len, MemTxAttrs attrs)
2159 {
2160 subpage_t *subpage = opaque;
2161 uint8_t buf[8];
2162
2163 #if defined(DEBUG_SUBPAGE)
2164 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2165 " value %"PRIx64"\n",
2166 __func__, subpage, len, addr, value);
2167 #endif
2168 switch (len) {
2169 case 1:
2170 stb_p(buf, value);
2171 break;
2172 case 2:
2173 stw_p(buf, value);
2174 break;
2175 case 4:
2176 stl_p(buf, value);
2177 break;
2178 case 8:
2179 stq_p(buf, value);
2180 break;
2181 default:
2182 abort();
2183 }
2184 return address_space_write(subpage->as, addr + subpage->base,
2185 attrs, buf, len);
2186 }
2187
2188 static bool subpage_accepts(void *opaque, hwaddr addr,
2189 unsigned len, bool is_write)
2190 {
2191 subpage_t *subpage = opaque;
2192 #if defined(DEBUG_SUBPAGE)
2193 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2194 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2195 #endif
2196
2197 return address_space_access_valid(subpage->as, addr + subpage->base,
2198 len, is_write);
2199 }
2200
2201 static const MemoryRegionOps subpage_ops = {
2202 .read_with_attrs = subpage_read,
2203 .write_with_attrs = subpage_write,
2204 .impl.min_access_size = 1,
2205 .impl.max_access_size = 8,
2206 .valid.min_access_size = 1,
2207 .valid.max_access_size = 8,
2208 .valid.accepts = subpage_accepts,
2209 .endianness = DEVICE_NATIVE_ENDIAN,
2210 };
2211
2212 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2213 uint16_t section)
2214 {
2215 int idx, eidx;
2216
2217 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2218 return -1;
2219 idx = SUBPAGE_IDX(start);
2220 eidx = SUBPAGE_IDX(end);
2221 #if defined(DEBUG_SUBPAGE)
2222 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2223 __func__, mmio, start, end, idx, eidx, section);
2224 #endif
2225 for (; idx <= eidx; idx++) {
2226 mmio->sub_section[idx] = section;
2227 }
2228
2229 return 0;
2230 }
2231
2232 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2233 {
2234 subpage_t *mmio;
2235
2236 mmio = g_malloc0(sizeof(subpage_t));
2237
2238 mmio->as = as;
2239 mmio->base = base;
2240 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2241 NULL, TARGET_PAGE_SIZE);
2242 mmio->iomem.subpage = true;
2243 #if defined(DEBUG_SUBPAGE)
2244 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2245 mmio, base, TARGET_PAGE_SIZE);
2246 #endif
2247 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2248
2249 return mmio;
2250 }
2251
2252 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2253 MemoryRegion *mr)
2254 {
2255 assert(as);
2256 MemoryRegionSection section = {
2257 .address_space = as,
2258 .mr = mr,
2259 .offset_within_address_space = 0,
2260 .offset_within_region = 0,
2261 .size = int128_2_64(),
2262 };
2263
2264 return phys_section_add(map, &section);
2265 }
2266
2267 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2268 {
2269 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2270 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2271 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2272 MemoryRegionSection *sections = d->map.sections;
2273
2274 return sections[index & ~TARGET_PAGE_MASK].mr;
2275 }
2276
2277 static void io_mem_init(void)
2278 {
2279 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2280 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2281 NULL, UINT64_MAX);
2282 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2283 NULL, UINT64_MAX);
2284 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2285 NULL, UINT64_MAX);
2286 }
2287
2288 static void mem_begin(MemoryListener *listener)
2289 {
2290 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2291 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2292 uint16_t n;
2293
2294 n = dummy_section(&d->map, as, &io_mem_unassigned);
2295 assert(n == PHYS_SECTION_UNASSIGNED);
2296 n = dummy_section(&d->map, as, &io_mem_notdirty);
2297 assert(n == PHYS_SECTION_NOTDIRTY);
2298 n = dummy_section(&d->map, as, &io_mem_rom);
2299 assert(n == PHYS_SECTION_ROM);
2300 n = dummy_section(&d->map, as, &io_mem_watch);
2301 assert(n == PHYS_SECTION_WATCH);
2302
2303 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2304 d->as = as;
2305 as->next_dispatch = d;
2306 }
2307
2308 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2309 {
2310 phys_sections_free(&d->map);
2311 g_free(d);
2312 }
2313
2314 static void mem_commit(MemoryListener *listener)
2315 {
2316 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2317 AddressSpaceDispatch *cur = as->dispatch;
2318 AddressSpaceDispatch *next = as->next_dispatch;
2319
2320 phys_page_compact_all(next, next->map.nodes_nb);
2321
2322 atomic_rcu_set(&as->dispatch, next);
2323 if (cur) {
2324 call_rcu(cur, address_space_dispatch_free, rcu);
2325 }
2326 }
2327
2328 static void tcg_commit(MemoryListener *listener)
2329 {
2330 CPUAddressSpace *cpuas;
2331 AddressSpaceDispatch *d;
2332
2333 /* since each CPU stores ram addresses in its TLB cache, we must
2334 reset the modified entries */
2335 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2336 cpu_reloading_memory_map();
2337 /* The CPU and TLB are protected by the iothread lock.
2338 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2339 * may have split the RCU critical section.
2340 */
2341 d = atomic_rcu_read(&cpuas->as->dispatch);
2342 cpuas->memory_dispatch = d;
2343 tlb_flush(cpuas->cpu, 1);
2344 }
2345
2346 void address_space_init_dispatch(AddressSpace *as)
2347 {
2348 as->dispatch = NULL;
2349 as->dispatch_listener = (MemoryListener) {
2350 .begin = mem_begin,
2351 .commit = mem_commit,
2352 .region_add = mem_add,
2353 .region_nop = mem_add,
2354 .priority = 0,
2355 };
2356 memory_listener_register(&as->dispatch_listener, as);
2357 }
2358
2359 void address_space_unregister(AddressSpace *as)
2360 {
2361 memory_listener_unregister(&as->dispatch_listener);
2362 }
2363
2364 void address_space_destroy_dispatch(AddressSpace *as)
2365 {
2366 AddressSpaceDispatch *d = as->dispatch;
2367
2368 atomic_rcu_set(&as->dispatch, NULL);
2369 if (d) {
2370 call_rcu(d, address_space_dispatch_free, rcu);
2371 }
2372 }
2373
2374 static void memory_map_init(void)
2375 {
2376 system_memory = g_malloc(sizeof(*system_memory));
2377
2378 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2379 address_space_init(&address_space_memory, system_memory, "memory");
2380
2381 system_io = g_malloc(sizeof(*system_io));
2382 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2383 65536);
2384 address_space_init(&address_space_io, system_io, "I/O");
2385 }
2386
2387 MemoryRegion *get_system_memory(void)
2388 {
2389 return system_memory;
2390 }
2391
2392 MemoryRegion *get_system_io(void)
2393 {
2394 return system_io;
2395 }
2396
2397 #endif /* !defined(CONFIG_USER_ONLY) */
2398
2399 /* physical memory access (slow version, mainly for debug) */
2400 #if defined(CONFIG_USER_ONLY)
2401 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2402 uint8_t *buf, int len, int is_write)
2403 {
2404 int l, flags;
2405 target_ulong page;
2406 void * p;
2407
2408 while (len > 0) {
2409 page = addr & TARGET_PAGE_MASK;
2410 l = (page + TARGET_PAGE_SIZE) - addr;
2411 if (l > len)
2412 l = len;
2413 flags = page_get_flags(page);
2414 if (!(flags & PAGE_VALID))
2415 return -1;
2416 if (is_write) {
2417 if (!(flags & PAGE_WRITE))
2418 return -1;
2419 /* XXX: this code should not depend on lock_user */
2420 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2421 return -1;
2422 memcpy(p, buf, l);
2423 unlock_user(p, addr, l);
2424 } else {
2425 if (!(flags & PAGE_READ))
2426 return -1;
2427 /* XXX: this code should not depend on lock_user */
2428 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2429 return -1;
2430 memcpy(buf, p, l);
2431 unlock_user(p, addr, 0);
2432 }
2433 len -= l;
2434 buf += l;
2435 addr += l;
2436 }
2437 return 0;
2438 }
2439
2440 #else
2441
2442 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2443 hwaddr length)
2444 {
2445 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2446 /* No early return if dirty_log_mask is or becomes 0, because
2447 * cpu_physical_memory_set_dirty_range will still call
2448 * xen_modified_memory.
2449 */
2450 if (dirty_log_mask) {
2451 dirty_log_mask =
2452 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2453 }
2454 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2455 tb_invalidate_phys_range(addr, addr + length);
2456 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2457 }
2458 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2459 }
2460
2461 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2462 {
2463 unsigned access_size_max = mr->ops->valid.max_access_size;
2464
2465 /* Regions are assumed to support 1-4 byte accesses unless
2466 otherwise specified. */
2467 if (access_size_max == 0) {
2468 access_size_max = 4;
2469 }
2470
2471 /* Bound the maximum access by the alignment of the address. */
2472 if (!mr->ops->impl.unaligned) {
2473 unsigned align_size_max = addr & -addr;
2474 if (align_size_max != 0 && align_size_max < access_size_max) {
2475 access_size_max = align_size_max;
2476 }
2477 }
2478
2479 /* Don't attempt accesses larger than the maximum. */
2480 if (l > access_size_max) {
2481 l = access_size_max;
2482 }
2483 l = pow2floor(l);
2484
2485 return l;
2486 }
2487
2488 static bool prepare_mmio_access(MemoryRegion *mr)
2489 {
2490 bool unlocked = !qemu_mutex_iothread_locked();
2491 bool release_lock = false;
2492
2493 if (unlocked && mr->global_locking) {
2494 qemu_mutex_lock_iothread();
2495 unlocked = false;
2496 release_lock = true;
2497 }
2498 if (mr->flush_coalesced_mmio) {
2499 if (unlocked) {
2500 qemu_mutex_lock_iothread();
2501 }
2502 qemu_flush_coalesced_mmio_buffer();
2503 if (unlocked) {
2504 qemu_mutex_unlock_iothread();
2505 }
2506 }
2507
2508 return release_lock;
2509 }
2510
2511 /* Called within RCU critical section. */
2512 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2513 MemTxAttrs attrs,
2514 const uint8_t *buf,
2515 int len, hwaddr addr1,
2516 hwaddr l, MemoryRegion *mr)
2517 {
2518 uint8_t *ptr;
2519 uint64_t val;
2520 MemTxResult result = MEMTX_OK;
2521 bool release_lock = false;
2522
2523 for (;;) {
2524 if (!memory_access_is_direct(mr, true)) {
2525 release_lock |= prepare_mmio_access(mr);
2526 l = memory_access_size(mr, l, addr1);
2527 /* XXX: could force current_cpu to NULL to avoid
2528 potential bugs */
2529 switch (l) {
2530 case 8:
2531 /* 64 bit write access */
2532 val = ldq_p(buf);
2533 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2534 attrs);
2535 break;
2536 case 4:
2537 /* 32 bit write access */
2538 val = ldl_p(buf);
2539 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2540 attrs);
2541 break;
2542 case 2:
2543 /* 16 bit write access */
2544 val = lduw_p(buf);
2545 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2546 attrs);
2547 break;
2548 case 1:
2549 /* 8 bit write access */
2550 val = ldub_p(buf);
2551 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2552 attrs);
2553 break;
2554 default:
2555 abort();
2556 }
2557 } else {
2558 addr1 += memory_region_get_ram_addr(mr);
2559 /* RAM case */
2560 ptr = qemu_get_ram_ptr(addr1);
2561 memcpy(ptr, buf, l);
2562 invalidate_and_set_dirty(mr, addr1, l);
2563 }
2564
2565 if (release_lock) {
2566 qemu_mutex_unlock_iothread();
2567 release_lock = false;
2568 }
2569
2570 len -= l;
2571 buf += l;
2572 addr += l;
2573
2574 if (!len) {
2575 break;
2576 }
2577
2578 l = len;
2579 mr = address_space_translate(as, addr, &addr1, &l, true);
2580 }
2581
2582 return result;
2583 }
2584
2585 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2586 const uint8_t *buf, int len)
2587 {
2588 hwaddr l;
2589 hwaddr addr1;
2590 MemoryRegion *mr;
2591 MemTxResult result = MEMTX_OK;
2592
2593 if (len > 0) {
2594 rcu_read_lock();
2595 l = len;
2596 mr = address_space_translate(as, addr, &addr1, &l, true);
2597 result = address_space_write_continue(as, addr, attrs, buf, len,
2598 addr1, l, mr);
2599 rcu_read_unlock();
2600 }
2601
2602 return result;
2603 }
2604
2605 /* Called within RCU critical section. */
2606 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2607 MemTxAttrs attrs, uint8_t *buf,
2608 int len, hwaddr addr1, hwaddr l,
2609 MemoryRegion *mr)
2610 {
2611 uint8_t *ptr;
2612 uint64_t val;
2613 MemTxResult result = MEMTX_OK;
2614 bool release_lock = false;
2615
2616 for (;;) {
2617 if (!memory_access_is_direct(mr, false)) {
2618 /* I/O case */
2619 release_lock |= prepare_mmio_access(mr);
2620 l = memory_access_size(mr, l, addr1);
2621 switch (l) {
2622 case 8:
2623 /* 64 bit read access */
2624 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2625 attrs);
2626 stq_p(buf, val);
2627 break;
2628 case 4:
2629 /* 32 bit read access */
2630 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2631 attrs);
2632 stl_p(buf, val);
2633 break;
2634 case 2:
2635 /* 16 bit read access */
2636 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2637 attrs);
2638 stw_p(buf, val);
2639 break;
2640 case 1:
2641 /* 8 bit read access */
2642 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2643 attrs);
2644 stb_p(buf, val);
2645 break;
2646 default:
2647 abort();
2648 }
2649 } else {
2650 /* RAM case */
2651 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2652 memcpy(buf, ptr, l);
2653 }
2654
2655 if (release_lock) {
2656 qemu_mutex_unlock_iothread();
2657 release_lock = false;
2658 }
2659
2660 len -= l;
2661 buf += l;
2662 addr += l;
2663
2664 if (!len) {
2665 break;
2666 }
2667
2668 l = len;
2669 mr = address_space_translate(as, addr, &addr1, &l, false);
2670 }
2671
2672 return result;
2673 }
2674
2675 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2676 MemTxAttrs attrs, uint8_t *buf, int len)
2677 {
2678 hwaddr l;
2679 hwaddr addr1;
2680 MemoryRegion *mr;
2681 MemTxResult result = MEMTX_OK;
2682
2683 if (len > 0) {
2684 rcu_read_lock();
2685 l = len;
2686 mr = address_space_translate(as, addr, &addr1, &l, false);
2687 result = address_space_read_continue(as, addr, attrs, buf, len,
2688 addr1, l, mr);
2689 rcu_read_unlock();
2690 }
2691
2692 return result;
2693 }
2694
2695 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2696 uint8_t *buf, int len, bool is_write)
2697 {
2698 if (is_write) {
2699 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2700 } else {
2701 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2702 }
2703 }
2704
2705 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2706 int len, int is_write)
2707 {
2708 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2709 buf, len, is_write);
2710 }
2711
2712 enum write_rom_type {
2713 WRITE_DATA,
2714 FLUSH_CACHE,
2715 };
2716
2717 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2718 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2719 {
2720 hwaddr l;
2721 uint8_t *ptr;
2722 hwaddr addr1;
2723 MemoryRegion *mr;
2724
2725 rcu_read_lock();
2726 while (len > 0) {
2727 l = len;
2728 mr = address_space_translate(as, addr, &addr1, &l, true);
2729
2730 if (!(memory_region_is_ram(mr) ||
2731 memory_region_is_romd(mr))) {
2732 l = memory_access_size(mr, l, addr1);
2733 } else {
2734 addr1 += memory_region_get_ram_addr(mr);
2735 /* ROM/RAM case */
2736 ptr = qemu_get_ram_ptr(addr1);
2737 switch (type) {
2738 case WRITE_DATA:
2739 memcpy(ptr, buf, l);
2740 invalidate_and_set_dirty(mr, addr1, l);
2741 break;
2742 case FLUSH_CACHE:
2743 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2744 break;
2745 }
2746 }
2747 len -= l;
2748 buf += l;
2749 addr += l;
2750 }
2751 rcu_read_unlock();
2752 }
2753
2754 /* used for ROM loading : can write in RAM and ROM */
2755 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2756 const uint8_t *buf, int len)
2757 {
2758 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2759 }
2760
2761 void cpu_flush_icache_range(hwaddr start, int len)
2762 {
2763 /*
2764 * This function should do the same thing as an icache flush that was
2765 * triggered from within the guest. For TCG we are always cache coherent,
2766 * so there is no need to flush anything. For KVM / Xen we need to flush
2767 * the host's instruction cache at least.
2768 */
2769 if (tcg_enabled()) {
2770 return;
2771 }
2772
2773 cpu_physical_memory_write_rom_internal(&address_space_memory,
2774 start, NULL, len, FLUSH_CACHE);
2775 }
2776
2777 typedef struct {
2778 MemoryRegion *mr;
2779 void *buffer;
2780 hwaddr addr;
2781 hwaddr len;
2782 bool in_use;
2783 } BounceBuffer;
2784
2785 static BounceBuffer bounce;
2786
2787 typedef struct MapClient {
2788 QEMUBH *bh;
2789 QLIST_ENTRY(MapClient) link;
2790 } MapClient;
2791
2792 QemuMutex map_client_list_lock;
2793 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2794 = QLIST_HEAD_INITIALIZER(map_client_list);
2795
2796 static void cpu_unregister_map_client_do(MapClient *client)
2797 {
2798 QLIST_REMOVE(client, link);
2799 g_free(client);
2800 }
2801
2802 static void cpu_notify_map_clients_locked(void)
2803 {
2804 MapClient *client;
2805
2806 while (!QLIST_EMPTY(&map_client_list)) {
2807 client = QLIST_FIRST(&map_client_list);
2808 qemu_bh_schedule(client->bh);
2809 cpu_unregister_map_client_do(client);
2810 }
2811 }
2812
2813 void cpu_register_map_client(QEMUBH *bh)
2814 {
2815 MapClient *client = g_malloc(sizeof(*client));
2816
2817 qemu_mutex_lock(&map_client_list_lock);
2818 client->bh = bh;
2819 QLIST_INSERT_HEAD(&map_client_list, client, link);
2820 if (!atomic_read(&bounce.in_use)) {
2821 cpu_notify_map_clients_locked();
2822 }
2823 qemu_mutex_unlock(&map_client_list_lock);
2824 }
2825
2826 void cpu_exec_init_all(void)
2827 {
2828 qemu_mutex_init(&ram_list.mutex);
2829 io_mem_init();
2830 memory_map_init();
2831 qemu_mutex_init(&map_client_list_lock);
2832 }
2833
2834 void cpu_unregister_map_client(QEMUBH *bh)
2835 {
2836 MapClient *client;
2837
2838 qemu_mutex_lock(&map_client_list_lock);
2839 QLIST_FOREACH(client, &map_client_list, link) {
2840 if (client->bh == bh) {
2841 cpu_unregister_map_client_do(client);
2842 break;
2843 }
2844 }
2845 qemu_mutex_unlock(&map_client_list_lock);
2846 }
2847
2848 static void cpu_notify_map_clients(void)
2849 {
2850 qemu_mutex_lock(&map_client_list_lock);
2851 cpu_notify_map_clients_locked();
2852 qemu_mutex_unlock(&map_client_list_lock);
2853 }
2854
2855 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2856 {
2857 MemoryRegion *mr;
2858 hwaddr l, xlat;
2859
2860 rcu_read_lock();
2861 while (len > 0) {
2862 l = len;
2863 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2864 if (!memory_access_is_direct(mr, is_write)) {
2865 l = memory_access_size(mr, l, addr);
2866 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2867 return false;
2868 }
2869 }
2870
2871 len -= l;
2872 addr += l;
2873 }
2874 rcu_read_unlock();
2875 return true;
2876 }
2877
2878 /* Map a physical memory region into a host virtual address.
2879 * May map a subset of the requested range, given by and returned in *plen.
2880 * May return NULL if resources needed to perform the mapping are exhausted.
2881 * Use only for reads OR writes - not for read-modify-write operations.
2882 * Use cpu_register_map_client() to know when retrying the map operation is
2883 * likely to succeed.
2884 */
2885 void *address_space_map(AddressSpace *as,
2886 hwaddr addr,
2887 hwaddr *plen,
2888 bool is_write)
2889 {
2890 hwaddr len = *plen;
2891 hwaddr done = 0;
2892 hwaddr l, xlat, base;
2893 MemoryRegion *mr, *this_mr;
2894 ram_addr_t raddr;
2895 void *ptr;
2896
2897 if (len == 0) {
2898 return NULL;
2899 }
2900
2901 l = len;
2902 rcu_read_lock();
2903 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2904
2905 if (!memory_access_is_direct(mr, is_write)) {
2906 if (atomic_xchg(&bounce.in_use, true)) {
2907 rcu_read_unlock();
2908 return NULL;
2909 }
2910 /* Avoid unbounded allocations */
2911 l = MIN(l, TARGET_PAGE_SIZE);
2912 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2913 bounce.addr = addr;
2914 bounce.len = l;
2915
2916 memory_region_ref(mr);
2917 bounce.mr = mr;
2918 if (!is_write) {
2919 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2920 bounce.buffer, l);
2921 }
2922
2923 rcu_read_unlock();
2924 *plen = l;
2925 return bounce.buffer;
2926 }
2927
2928 base = xlat;
2929 raddr = memory_region_get_ram_addr(mr);
2930
2931 for (;;) {
2932 len -= l;
2933 addr += l;
2934 done += l;
2935 if (len == 0) {
2936 break;
2937 }
2938
2939 l = len;
2940 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2941 if (this_mr != mr || xlat != base + done) {
2942 break;
2943 }
2944 }
2945
2946 memory_region_ref(mr);
2947 *plen = done;
2948 ptr = qemu_ram_ptr_length(raddr + base, plen);
2949 rcu_read_unlock();
2950
2951 return ptr;
2952 }
2953
2954 /* Unmaps a memory region previously mapped by address_space_map().
2955 * Will also mark the memory as dirty if is_write == 1. access_len gives
2956 * the amount of memory that was actually read or written by the caller.
2957 */
2958 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2959 int is_write, hwaddr access_len)
2960 {
2961 if (buffer != bounce.buffer) {
2962 MemoryRegion *mr;
2963 ram_addr_t addr1;
2964
2965 mr = qemu_ram_addr_from_host(buffer, &addr1);
2966 assert(mr != NULL);
2967 if (is_write) {
2968 invalidate_and_set_dirty(mr, addr1, access_len);
2969 }
2970 if (xen_enabled()) {
2971 xen_invalidate_map_cache_entry(buffer);
2972 }
2973 memory_region_unref(mr);
2974 return;
2975 }
2976 if (is_write) {
2977 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2978 bounce.buffer, access_len);
2979 }
2980 qemu_vfree(bounce.buffer);
2981 bounce.buffer = NULL;
2982 memory_region_unref(bounce.mr);
2983 atomic_mb_set(&bounce.in_use, false);
2984 cpu_notify_map_clients();
2985 }
2986
2987 void *cpu_physical_memory_map(hwaddr addr,
2988 hwaddr *plen,
2989 int is_write)
2990 {
2991 return address_space_map(&address_space_memory, addr, plen, is_write);
2992 }
2993
2994 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2995 int is_write, hwaddr access_len)
2996 {
2997 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2998 }
2999
3000 /* warning: addr must be aligned */
3001 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3002 MemTxAttrs attrs,
3003 MemTxResult *result,
3004 enum device_endian endian)
3005 {
3006 uint8_t *ptr;
3007 uint64_t val;
3008 MemoryRegion *mr;
3009 hwaddr l = 4;
3010 hwaddr addr1;
3011 MemTxResult r;
3012 bool release_lock = false;
3013
3014 rcu_read_lock();
3015 mr = address_space_translate(as, addr, &addr1, &l, false);
3016 if (l < 4 || !memory_access_is_direct(mr, false)) {
3017 release_lock |= prepare_mmio_access(mr);
3018
3019 /* I/O case */
3020 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3021 #if defined(TARGET_WORDS_BIGENDIAN)
3022 if (endian == DEVICE_LITTLE_ENDIAN) {
3023 val = bswap32(val);
3024 }
3025 #else
3026 if (endian == DEVICE_BIG_ENDIAN) {
3027 val = bswap32(val);
3028 }
3029 #endif
3030 } else {
3031 /* RAM case */
3032 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3033 & TARGET_PAGE_MASK)
3034 + addr1);
3035 switch (endian) {
3036 case DEVICE_LITTLE_ENDIAN:
3037 val = ldl_le_p(ptr);
3038 break;
3039 case DEVICE_BIG_ENDIAN:
3040 val = ldl_be_p(ptr);
3041 break;
3042 default:
3043 val = ldl_p(ptr);
3044 break;
3045 }
3046 r = MEMTX_OK;
3047 }
3048 if (result) {
3049 *result = r;
3050 }
3051 if (release_lock) {
3052 qemu_mutex_unlock_iothread();
3053 }
3054 rcu_read_unlock();
3055 return val;
3056 }
3057
3058 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3059 MemTxAttrs attrs, MemTxResult *result)
3060 {
3061 return address_space_ldl_internal(as, addr, attrs, result,
3062 DEVICE_NATIVE_ENDIAN);
3063 }
3064
3065 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3066 MemTxAttrs attrs, MemTxResult *result)
3067 {
3068 return address_space_ldl_internal(as, addr, attrs, result,
3069 DEVICE_LITTLE_ENDIAN);
3070 }
3071
3072 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3073 MemTxAttrs attrs, MemTxResult *result)
3074 {
3075 return address_space_ldl_internal(as, addr, attrs, result,
3076 DEVICE_BIG_ENDIAN);
3077 }
3078
3079 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3080 {
3081 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3082 }
3083
3084 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3085 {
3086 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3087 }
3088
3089 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3090 {
3091 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3092 }
3093
3094 /* warning: addr must be aligned */
3095 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3096 MemTxAttrs attrs,
3097 MemTxResult *result,
3098 enum device_endian endian)
3099 {
3100 uint8_t *ptr;
3101 uint64_t val;
3102 MemoryRegion *mr;
3103 hwaddr l = 8;
3104 hwaddr addr1;
3105 MemTxResult r;
3106 bool release_lock = false;
3107
3108 rcu_read_lock();
3109 mr = address_space_translate(as, addr, &addr1, &l,
3110 false);
3111 if (l < 8 || !memory_access_is_direct(mr, false)) {
3112 release_lock |= prepare_mmio_access(mr);
3113
3114 /* I/O case */
3115 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3116 #if defined(TARGET_WORDS_BIGENDIAN)
3117 if (endian == DEVICE_LITTLE_ENDIAN) {
3118 val = bswap64(val);
3119 }
3120 #else
3121 if (endian == DEVICE_BIG_ENDIAN) {
3122 val = bswap64(val);
3123 }
3124 #endif
3125 } else {
3126 /* RAM case */
3127 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3128 & TARGET_PAGE_MASK)
3129 + addr1);
3130 switch (endian) {
3131 case DEVICE_LITTLE_ENDIAN:
3132 val = ldq_le_p(ptr);
3133 break;
3134 case DEVICE_BIG_ENDIAN:
3135 val = ldq_be_p(ptr);
3136 break;
3137 default:
3138 val = ldq_p(ptr);
3139 break;
3140 }
3141 r = MEMTX_OK;
3142 }
3143 if (result) {
3144 *result = r;
3145 }
3146 if (release_lock) {
3147 qemu_mutex_unlock_iothread();
3148 }
3149 rcu_read_unlock();
3150 return val;
3151 }
3152
3153 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3154 MemTxAttrs attrs, MemTxResult *result)
3155 {
3156 return address_space_ldq_internal(as, addr, attrs, result,
3157 DEVICE_NATIVE_ENDIAN);
3158 }
3159
3160 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3161 MemTxAttrs attrs, MemTxResult *result)
3162 {
3163 return address_space_ldq_internal(as, addr, attrs, result,
3164 DEVICE_LITTLE_ENDIAN);
3165 }
3166
3167 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3168 MemTxAttrs attrs, MemTxResult *result)
3169 {
3170 return address_space_ldq_internal(as, addr, attrs, result,
3171 DEVICE_BIG_ENDIAN);
3172 }
3173
3174 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3175 {
3176 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3177 }
3178
3179 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3180 {
3181 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3182 }
3183
3184 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3185 {
3186 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3187 }
3188
3189 /* XXX: optimize */
3190 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3191 MemTxAttrs attrs, MemTxResult *result)
3192 {
3193 uint8_t val;
3194 MemTxResult r;
3195
3196 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3197 if (result) {
3198 *result = r;
3199 }
3200 return val;
3201 }
3202
3203 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3204 {
3205 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3206 }
3207
3208 /* warning: addr must be aligned */
3209 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3210 hwaddr addr,
3211 MemTxAttrs attrs,
3212 MemTxResult *result,
3213 enum device_endian endian)
3214 {
3215 uint8_t *ptr;
3216 uint64_t val;
3217 MemoryRegion *mr;
3218 hwaddr l = 2;
3219 hwaddr addr1;
3220 MemTxResult r;
3221 bool release_lock = false;
3222
3223 rcu_read_lock();
3224 mr = address_space_translate(as, addr, &addr1, &l,
3225 false);
3226 if (l < 2 || !memory_access_is_direct(mr, false)) {
3227 release_lock |= prepare_mmio_access(mr);
3228
3229 /* I/O case */
3230 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3231 #if defined(TARGET_WORDS_BIGENDIAN)
3232 if (endian == DEVICE_LITTLE_ENDIAN) {
3233 val = bswap16(val);
3234 }
3235 #else
3236 if (endian == DEVICE_BIG_ENDIAN) {
3237 val = bswap16(val);
3238 }
3239 #endif
3240 } else {
3241 /* RAM case */
3242 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3243 & TARGET_PAGE_MASK)
3244 + addr1);
3245 switch (endian) {
3246 case DEVICE_LITTLE_ENDIAN:
3247 val = lduw_le_p(ptr);
3248 break;
3249 case DEVICE_BIG_ENDIAN:
3250 val = lduw_be_p(ptr);
3251 break;
3252 default:
3253 val = lduw_p(ptr);
3254 break;
3255 }
3256 r = MEMTX_OK;
3257 }
3258 if (result) {
3259 *result = r;
3260 }
3261 if (release_lock) {
3262 qemu_mutex_unlock_iothread();
3263 }
3264 rcu_read_unlock();
3265 return val;
3266 }
3267
3268 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3269 MemTxAttrs attrs, MemTxResult *result)
3270 {
3271 return address_space_lduw_internal(as, addr, attrs, result,
3272 DEVICE_NATIVE_ENDIAN);
3273 }
3274
3275 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3276 MemTxAttrs attrs, MemTxResult *result)
3277 {
3278 return address_space_lduw_internal(as, addr, attrs, result,
3279 DEVICE_LITTLE_ENDIAN);
3280 }
3281
3282 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3283 MemTxAttrs attrs, MemTxResult *result)
3284 {
3285 return address_space_lduw_internal(as, addr, attrs, result,
3286 DEVICE_BIG_ENDIAN);
3287 }
3288
3289 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3290 {
3291 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3292 }
3293
3294 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3295 {
3296 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3297 }
3298
3299 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3300 {
3301 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3302 }
3303
3304 /* warning: addr must be aligned. The ram page is not masked as dirty
3305 and the code inside is not invalidated. It is useful if the dirty
3306 bits are used to track modified PTEs */
3307 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3308 MemTxAttrs attrs, MemTxResult *result)
3309 {
3310 uint8_t *ptr;
3311 MemoryRegion *mr;
3312 hwaddr l = 4;
3313 hwaddr addr1;
3314 MemTxResult r;
3315 uint8_t dirty_log_mask;
3316 bool release_lock = false;
3317
3318 rcu_read_lock();
3319 mr = address_space_translate(as, addr, &addr1, &l,
3320 true);
3321 if (l < 4 || !memory_access_is_direct(mr, true)) {
3322 release_lock |= prepare_mmio_access(mr);
3323
3324 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3325 } else {
3326 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3327 ptr = qemu_get_ram_ptr(addr1);
3328 stl_p(ptr, val);
3329
3330 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3331 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3332 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3333 r = MEMTX_OK;
3334 }
3335 if (result) {
3336 *result = r;
3337 }
3338 if (release_lock) {
3339 qemu_mutex_unlock_iothread();
3340 }
3341 rcu_read_unlock();
3342 }
3343
3344 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3345 {
3346 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3347 }
3348
3349 /* warning: addr must be aligned */
3350 static inline void address_space_stl_internal(AddressSpace *as,
3351 hwaddr addr, uint32_t val,
3352 MemTxAttrs attrs,
3353 MemTxResult *result,
3354 enum device_endian endian)
3355 {
3356 uint8_t *ptr;
3357 MemoryRegion *mr;
3358 hwaddr l = 4;
3359 hwaddr addr1;
3360 MemTxResult r;
3361 bool release_lock = false;
3362
3363 rcu_read_lock();
3364 mr = address_space_translate(as, addr, &addr1, &l,
3365 true);
3366 if (l < 4 || !memory_access_is_direct(mr, true)) {
3367 release_lock |= prepare_mmio_access(mr);
3368
3369 #if defined(TARGET_WORDS_BIGENDIAN)
3370 if (endian == DEVICE_LITTLE_ENDIAN) {
3371 val = bswap32(val);
3372 }
3373 #else
3374 if (endian == DEVICE_BIG_ENDIAN) {
3375 val = bswap32(val);
3376 }
3377 #endif
3378 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3379 } else {
3380 /* RAM case */
3381 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3382 ptr = qemu_get_ram_ptr(addr1);
3383 switch (endian) {
3384 case DEVICE_LITTLE_ENDIAN:
3385 stl_le_p(ptr, val);
3386 break;
3387 case DEVICE_BIG_ENDIAN:
3388 stl_be_p(ptr, val);
3389 break;
3390 default:
3391 stl_p(ptr, val);
3392 break;
3393 }
3394 invalidate_and_set_dirty(mr, addr1, 4);
3395 r = MEMTX_OK;
3396 }
3397 if (result) {
3398 *result = r;
3399 }
3400 if (release_lock) {
3401 qemu_mutex_unlock_iothread();
3402 }
3403 rcu_read_unlock();
3404 }
3405
3406 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3407 MemTxAttrs attrs, MemTxResult *result)
3408 {
3409 address_space_stl_internal(as, addr, val, attrs, result,
3410 DEVICE_NATIVE_ENDIAN);
3411 }
3412
3413 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3414 MemTxAttrs attrs, MemTxResult *result)
3415 {
3416 address_space_stl_internal(as, addr, val, attrs, result,
3417 DEVICE_LITTLE_ENDIAN);
3418 }
3419
3420 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3421 MemTxAttrs attrs, MemTxResult *result)
3422 {
3423 address_space_stl_internal(as, addr, val, attrs, result,
3424 DEVICE_BIG_ENDIAN);
3425 }
3426
3427 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3428 {
3429 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3430 }
3431
3432 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3433 {
3434 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3435 }
3436
3437 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3438 {
3439 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3440 }
3441
3442 /* XXX: optimize */
3443 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3444 MemTxAttrs attrs, MemTxResult *result)
3445 {
3446 uint8_t v = val;
3447 MemTxResult r;
3448
3449 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3450 if (result) {
3451 *result = r;
3452 }
3453 }
3454
3455 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3456 {
3457 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3458 }
3459
3460 /* warning: addr must be aligned */
3461 static inline void address_space_stw_internal(AddressSpace *as,
3462 hwaddr addr, uint32_t val,
3463 MemTxAttrs attrs,
3464 MemTxResult *result,
3465 enum device_endian endian)
3466 {
3467 uint8_t *ptr;
3468 MemoryRegion *mr;
3469 hwaddr l = 2;
3470 hwaddr addr1;
3471 MemTxResult r;
3472 bool release_lock = false;
3473
3474 rcu_read_lock();
3475 mr = address_space_translate(as, addr, &addr1, &l, true);
3476 if (l < 2 || !memory_access_is_direct(mr, true)) {
3477 release_lock |= prepare_mmio_access(mr);
3478
3479 #if defined(TARGET_WORDS_BIGENDIAN)
3480 if (endian == DEVICE_LITTLE_ENDIAN) {
3481 val = bswap16(val);
3482 }
3483 #else
3484 if (endian == DEVICE_BIG_ENDIAN) {
3485 val = bswap16(val);
3486 }
3487 #endif
3488 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3489 } else {
3490 /* RAM case */
3491 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3492 ptr = qemu_get_ram_ptr(addr1);
3493 switch (endian) {
3494 case DEVICE_LITTLE_ENDIAN:
3495 stw_le_p(ptr, val);
3496 break;
3497 case DEVICE_BIG_ENDIAN:
3498 stw_be_p(ptr, val);
3499 break;
3500 default:
3501 stw_p(ptr, val);
3502 break;
3503 }
3504 invalidate_and_set_dirty(mr, addr1, 2);
3505 r = MEMTX_OK;
3506 }
3507 if (result) {
3508 *result = r;
3509 }
3510 if (release_lock) {
3511 qemu_mutex_unlock_iothread();
3512 }
3513 rcu_read_unlock();
3514 }
3515
3516 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3517 MemTxAttrs attrs, MemTxResult *result)
3518 {
3519 address_space_stw_internal(as, addr, val, attrs, result,
3520 DEVICE_NATIVE_ENDIAN);
3521 }
3522
3523 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3524 MemTxAttrs attrs, MemTxResult *result)
3525 {
3526 address_space_stw_internal(as, addr, val, attrs, result,
3527 DEVICE_LITTLE_ENDIAN);
3528 }
3529
3530 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3531 MemTxAttrs attrs, MemTxResult *result)
3532 {
3533 address_space_stw_internal(as, addr, val, attrs, result,
3534 DEVICE_BIG_ENDIAN);
3535 }
3536
3537 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3538 {
3539 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3540 }
3541
3542 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3543 {
3544 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3545 }
3546
3547 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3548 {
3549 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3550 }
3551
3552 /* XXX: optimize */
3553 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3554 MemTxAttrs attrs, MemTxResult *result)
3555 {
3556 MemTxResult r;
3557 val = tswap64(val);
3558 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3559 if (result) {
3560 *result = r;
3561 }
3562 }
3563
3564 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3565 MemTxAttrs attrs, MemTxResult *result)
3566 {
3567 MemTxResult r;
3568 val = cpu_to_le64(val);
3569 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3570 if (result) {
3571 *result = r;
3572 }
3573 }
3574 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3575 MemTxAttrs attrs, MemTxResult *result)
3576 {
3577 MemTxResult r;
3578 val = cpu_to_be64(val);
3579 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3580 if (result) {
3581 *result = r;
3582 }
3583 }
3584
3585 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3586 {
3587 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3588 }
3589
3590 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3591 {
3592 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3593 }
3594
3595 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3596 {
3597 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3598 }
3599
3600 /* virtual memory access for debug (includes writing to ROM) */
3601 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3602 uint8_t *buf, int len, int is_write)
3603 {
3604 int l;
3605 hwaddr phys_addr;
3606 target_ulong page;
3607
3608 while (len > 0) {
3609 int asidx;
3610 MemTxAttrs attrs;
3611
3612 page = addr & TARGET_PAGE_MASK;
3613 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3614 asidx = cpu_asidx_from_attrs(cpu, attrs);
3615 /* if no physical page mapped, return an error */
3616 if (phys_addr == -1)
3617 return -1;
3618 l = (page + TARGET_PAGE_SIZE) - addr;
3619 if (l > len)
3620 l = len;
3621 phys_addr += (addr & ~TARGET_PAGE_MASK);
3622 if (is_write) {
3623 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3624 phys_addr, buf, l);
3625 } else {
3626 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3627 MEMTXATTRS_UNSPECIFIED,
3628 buf, l, 0);
3629 }
3630 len -= l;
3631 buf += l;
3632 addr += l;
3633 }
3634 return 0;
3635 }
3636
3637 /*
3638 * Allows code that needs to deal with migration bitmaps etc to still be built
3639 * target independent.
3640 */
3641 size_t qemu_target_page_bits(void)
3642 {
3643 return TARGET_PAGE_BITS;
3644 }
3645
3646 #endif
3647
3648 /*
3649 * A helper function for the _utterly broken_ virtio device model to find out if
3650 * it's running on a big endian machine. Don't do this at home kids!
3651 */
3652 bool target_words_bigendian(void);
3653 bool target_words_bigendian(void)
3654 {
3655 #if defined(TARGET_WORDS_BIGENDIAN)
3656 return true;
3657 #else
3658 return false;
3659 #endif
3660 }
3661
3662 #ifndef CONFIG_USER_ONLY
3663 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3664 {
3665 MemoryRegion*mr;
3666 hwaddr l = 1;
3667 bool res;
3668
3669 rcu_read_lock();
3670 mr = address_space_translate(&address_space_memory,
3671 phys_addr, &phys_addr, &l, false);
3672
3673 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3674 rcu_read_unlock();
3675 return res;
3676 }
3677
3678 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3679 {
3680 RAMBlock *block;
3681 int ret = 0;
3682
3683 rcu_read_lock();
3684 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3685 ret = func(block->idstr, block->host, block->offset,
3686 block->used_length, opaque);
3687 if (ret) {
3688 break;
3689 }
3690 }
3691 rcu_read_unlock();
3692 return ret;
3693 }
3694 #endif
QEMU mirror