]> git.proxmox.com Git - qemu.git/blob - exec.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revert "memory: limit sections in the radix tree to the actual address space size"
[qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifdef _WIN32
21 #include <windows.h>
22 #else
23 #include <sys/types.h>
24 #include <sys/mman.h>
25 #endif
26
27 #include "qemu-common.h"
28 #include "cpu.h"
29 #include "tcg.h"
30 #include "hw/hw.h"
31 #include "hw/qdev.h"
32 #include "qemu/osdep.h"
33 #include "sysemu/kvm.h"
34 #include "hw/xen/xen.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52
53 //#define DEBUG_SUBPAGE
54
55 #if !defined(CONFIG_USER_ONLY)
56 int phys_ram_fd;
57 static int in_migration;
58
59 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
60
61 static MemoryRegion *system_memory;
62 static MemoryRegion *system_io;
63
64 AddressSpace address_space_io;
65 AddressSpace address_space_memory;
66 DMAContext dma_context_memory;
67
68 MemoryRegion io_mem_rom, io_mem_notdirty;
69 static MemoryRegion io_mem_unassigned;
70
71 #endif
72
73 CPUArchState *first_cpu;
74 /* current CPU in the current thread. It is only valid inside
75 cpu_exec() */
76 DEFINE_TLS(CPUArchState *,cpu_single_env);
77 /* 0 = Do not count executed instructions.
78 1 = Precise instruction counting.
79 2 = Adaptive rate instruction counting. */
80 int use_icount;
81
82 #if !defined(CONFIG_USER_ONLY)
83
84 typedef struct PhysPageEntry PhysPageEntry;
85
86 struct PhysPageEntry {
87 uint16_t is_leaf : 1;
88 /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */
89 uint16_t ptr : 15;
90 };
91
92 struct AddressSpaceDispatch {
93 /* This is a multi-level map on the physical address space.
94 * The bottom level has pointers to MemoryRegionSections.
95 */
96 PhysPageEntry phys_map;
97 MemoryListener listener;
98 AddressSpace *as;
99 };
100
101 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
102 typedef struct subpage_t {
103 MemoryRegion iomem;
104 AddressSpace *as;
105 hwaddr base;
106 uint16_t sub_section[TARGET_PAGE_SIZE];
107 } subpage_t;
108
109 static MemoryRegionSection *phys_sections;
110 static unsigned phys_sections_nb, phys_sections_nb_alloc;
111 static uint16_t phys_section_unassigned;
112 static uint16_t phys_section_notdirty;
113 static uint16_t phys_section_rom;
114 static uint16_t phys_section_watch;
115
116 /* Simple allocator for PhysPageEntry nodes */
117 static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
118 static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
119
120 #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1)
121
122 static void io_mem_init(void);
123 static void memory_map_init(void);
124 static void *qemu_safe_ram_ptr(ram_addr_t addr);
125
126 static MemoryRegion io_mem_watch;
127 #endif
128
129 #if !defined(CONFIG_USER_ONLY)
130
131 static void phys_map_node_reserve(unsigned nodes)
132 {
133 if (phys_map_nodes_nb + nodes > phys_map_nodes_nb_alloc) {
134 typedef PhysPageEntry Node[L2_SIZE];
135 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
136 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc,
137 phys_map_nodes_nb + nodes);
138 phys_map_nodes = g_renew(Node, phys_map_nodes,
139 phys_map_nodes_nb_alloc);
140 }
141 }
142
143 static uint16_t phys_map_node_alloc(void)
144 {
145 unsigned i;
146 uint16_t ret;
147
148 ret = phys_map_nodes_nb++;
149 assert(ret != PHYS_MAP_NODE_NIL);
150 assert(ret != phys_map_nodes_nb_alloc);
151 for (i = 0; i < L2_SIZE; ++i) {
152 phys_map_nodes[ret][i].is_leaf = 0;
153 phys_map_nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
154 }
155 return ret;
156 }
157
158 static void phys_map_nodes_reset(void)
159 {
160 phys_map_nodes_nb = 0;
161 }
162
163
164 static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index,
165 hwaddr *nb, uint16_t leaf,
166 int level)
167 {
168 PhysPageEntry *p;
169 int i;
170 hwaddr step = (hwaddr)1 << (level * L2_BITS);
171
172 if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) {
173 lp->ptr = phys_map_node_alloc();
174 p = phys_map_nodes[lp->ptr];
175 if (level == 0) {
176 for (i = 0; i < L2_SIZE; i++) {
177 p[i].is_leaf = 1;
178 p[i].ptr = phys_section_unassigned;
179 }
180 }
181 } else {
182 p = phys_map_nodes[lp->ptr];
183 }
184 lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)];
185
186 while (*nb && lp < &p[L2_SIZE]) {
187 if ((*index & (step - 1)) == 0 && *nb >= step) {
188 lp->is_leaf = true;
189 lp->ptr = leaf;
190 *index += step;
191 *nb -= step;
192 } else {
193 phys_page_set_level(lp, index, nb, leaf, level - 1);
194 }
195 ++lp;
196 }
197 }
198
199 static void phys_page_set(AddressSpaceDispatch *d,
200 hwaddr index, hwaddr nb,
201 uint16_t leaf)
202 {
203 /* Wildly overreserve - it doesn't matter much. */
204 phys_map_node_reserve(3 * P_L2_LEVELS);
205
206 phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
207 }
208
209 static MemoryRegionSection *phys_page_find(AddressSpaceDispatch *d, hwaddr index)
210 {
211 PhysPageEntry lp = d->phys_map;
212 PhysPageEntry *p;
213 int i;
214
215 for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) {
216 if (lp.ptr == PHYS_MAP_NODE_NIL) {
217 return &phys_sections[phys_section_unassigned];
218 }
219 p = phys_map_nodes[lp.ptr];
220 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
221 }
222 return &phys_sections[lp.ptr];
223 }
224
225 bool memory_region_is_unassigned(MemoryRegion *mr)
226 {
227 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
228 && mr != &io_mem_watch;
229 }
230
231 static MemoryRegionSection *address_space_lookup_region(AddressSpace *as,
232 hwaddr addr,
233 bool resolve_subpage)
234 {
235 MemoryRegionSection *section;
236 subpage_t *subpage;
237
238 section = phys_page_find(as->dispatch, addr >> TARGET_PAGE_BITS);
239 if (resolve_subpage && section->mr->subpage) {
240 subpage = container_of(section->mr, subpage_t, iomem);
241 section = &phys_sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
242 }
243 return section;
244 }
245
246 static MemoryRegionSection *
247 address_space_translate_internal(AddressSpace *as, hwaddr addr, hwaddr *xlat,
248 hwaddr *plen, bool resolve_subpage)
249 {
250 MemoryRegionSection *section;
251 Int128 diff;
252
253 section = address_space_lookup_region(as, addr, resolve_subpage);
254 /* Compute offset within MemoryRegionSection */
255 addr -= section->offset_within_address_space;
256
257 /* Compute offset within MemoryRegion */
258 *xlat = addr + section->offset_within_region;
259
260 diff = int128_sub(section->mr->size, int128_make64(addr));
261 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
262 return section;
263 }
264
265 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
266 hwaddr *xlat, hwaddr *plen,
267 bool is_write)
268 {
269 return address_space_translate_internal(as, addr, xlat, plen, true)->mr;
270 }
271
272 MemoryRegionSection *
273 address_space_translate_for_iotlb(AddressSpace *as, hwaddr addr, hwaddr *xlat,
274 hwaddr *plen)
275 {
276 return address_space_translate_internal(as, addr, xlat, plen, false);
277 }
278 #endif
279
280 void cpu_exec_init_all(void)
281 {
282 #if !defined(CONFIG_USER_ONLY)
283 qemu_mutex_init(&ram_list.mutex);
284 memory_map_init();
285 io_mem_init();
286 #endif
287 }
288
289 #if !defined(CONFIG_USER_ONLY)
290
291 static int cpu_common_post_load(void *opaque, int version_id)
292 {
293 CPUState *cpu = opaque;
294
295 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
296 version_id is increased. */
297 cpu->interrupt_request &= ~0x01;
298 tlb_flush(cpu->env_ptr, 1);
299
300 return 0;
301 }
302
303 static const VMStateDescription vmstate_cpu_common = {
304 .name = "cpu_common",
305 .version_id = 1,
306 .minimum_version_id = 1,
307 .minimum_version_id_old = 1,
308 .post_load = cpu_common_post_load,
309 .fields = (VMStateField []) {
310 VMSTATE_UINT32(halted, CPUState),
311 VMSTATE_UINT32(interrupt_request, CPUState),
312 VMSTATE_END_OF_LIST()
313 }
314 };
315 #else
316 #define vmstate_cpu_common vmstate_dummy
317 #endif
318
319 CPUState *qemu_get_cpu(int index)
320 {
321 CPUArchState *env = first_cpu;
322 CPUState *cpu = NULL;
323
324 while (env) {
325 cpu = ENV_GET_CPU(env);
326 if (cpu->cpu_index == index) {
327 break;
328 }
329 env = env->next_cpu;
330 }
331
332 return env ? cpu : NULL;
333 }
334
335 void qemu_for_each_cpu(void (*func)(CPUState *cpu, void *data), void *data)
336 {
337 CPUArchState *env = first_cpu;
338
339 while (env) {
340 func(ENV_GET_CPU(env), data);
341 env = env->next_cpu;
342 }
343 }
344
345 void cpu_exec_init(CPUArchState *env)
346 {
347 CPUState *cpu = ENV_GET_CPU(env);
348 CPUClass *cc = CPU_GET_CLASS(cpu);
349 CPUArchState **penv;
350 int cpu_index;
351
352 #if defined(CONFIG_USER_ONLY)
353 cpu_list_lock();
354 #endif
355 env->next_cpu = NULL;
356 penv = &first_cpu;
357 cpu_index = 0;
358 while (*penv != NULL) {
359 penv = &(*penv)->next_cpu;
360 cpu_index++;
361 }
362 cpu->cpu_index = cpu_index;
363 cpu->numa_node = 0;
364 QTAILQ_INIT(&env->breakpoints);
365 QTAILQ_INIT(&env->watchpoints);
366 #ifndef CONFIG_USER_ONLY
367 cpu->thread_id = qemu_get_thread_id();
368 #endif
369 *penv = env;
370 #if defined(CONFIG_USER_ONLY)
371 cpu_list_unlock();
372 #endif
373 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
374 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
375 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
376 cpu_save, cpu_load, env);
377 assert(cc->vmsd == NULL);
378 #endif
379 if (cc->vmsd != NULL) {
380 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
381 }
382 }
383
384 #if defined(TARGET_HAS_ICE)
385 #if defined(CONFIG_USER_ONLY)
386 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
387 {
388 tb_invalidate_phys_page_range(pc, pc + 1, 0);
389 }
390 #else
391 static void breakpoint_invalidate(CPUArchState *env, target_ulong pc)
392 {
393 tb_invalidate_phys_addr(cpu_get_phys_page_debug(env, pc) |
394 (pc & ~TARGET_PAGE_MASK));
395 }
396 #endif
397 #endif /* TARGET_HAS_ICE */
398
399 #if defined(CONFIG_USER_ONLY)
400 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
401
402 {
403 }
404
405 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
406 int flags, CPUWatchpoint **watchpoint)
407 {
408 return -ENOSYS;
409 }
410 #else
411 /* Add a watchpoint. */
412 int cpu_watchpoint_insert(CPUArchState *env, target_ulong addr, target_ulong len,
413 int flags, CPUWatchpoint **watchpoint)
414 {
415 target_ulong len_mask = ~(len - 1);
416 CPUWatchpoint *wp;
417
418 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
419 if ((len & (len - 1)) || (addr & ~len_mask) ||
420 len == 0 || len > TARGET_PAGE_SIZE) {
421 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
422 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
423 return -EINVAL;
424 }
425 wp = g_malloc(sizeof(*wp));
426
427 wp->vaddr = addr;
428 wp->len_mask = len_mask;
429 wp->flags = flags;
430
431 /* keep all GDB-injected watchpoints in front */
432 if (flags & BP_GDB)
433 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
434 else
435 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
436
437 tlb_flush_page(env, addr);
438
439 if (watchpoint)
440 *watchpoint = wp;
441 return 0;
442 }
443
444 /* Remove a specific watchpoint. */
445 int cpu_watchpoint_remove(CPUArchState *env, target_ulong addr, target_ulong len,
446 int flags)
447 {
448 target_ulong len_mask = ~(len - 1);
449 CPUWatchpoint *wp;
450
451 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
452 if (addr == wp->vaddr && len_mask == wp->len_mask
453 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
454 cpu_watchpoint_remove_by_ref(env, wp);
455 return 0;
456 }
457 }
458 return -ENOENT;
459 }
460
461 /* Remove a specific watchpoint by reference. */
462 void cpu_watchpoint_remove_by_ref(CPUArchState *env, CPUWatchpoint *watchpoint)
463 {
464 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
465
466 tlb_flush_page(env, watchpoint->vaddr);
467
468 g_free(watchpoint);
469 }
470
471 /* Remove all matching watchpoints. */
472 void cpu_watchpoint_remove_all(CPUArchState *env, int mask)
473 {
474 CPUWatchpoint *wp, *next;
475
476 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
477 if (wp->flags & mask)
478 cpu_watchpoint_remove_by_ref(env, wp);
479 }
480 }
481 #endif
482
483 /* Add a breakpoint. */
484 int cpu_breakpoint_insert(CPUArchState *env, target_ulong pc, int flags,
485 CPUBreakpoint **breakpoint)
486 {
487 #if defined(TARGET_HAS_ICE)
488 CPUBreakpoint *bp;
489
490 bp = g_malloc(sizeof(*bp));
491
492 bp->pc = pc;
493 bp->flags = flags;
494
495 /* keep all GDB-injected breakpoints in front */
496 if (flags & BP_GDB)
497 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
498 else
499 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
500
501 breakpoint_invalidate(env, pc);
502
503 if (breakpoint)
504 *breakpoint = bp;
505 return 0;
506 #else
507 return -ENOSYS;
508 #endif
509 }
510
511 /* Remove a specific breakpoint. */
512 int cpu_breakpoint_remove(CPUArchState *env, target_ulong pc, int flags)
513 {
514 #if defined(TARGET_HAS_ICE)
515 CPUBreakpoint *bp;
516
517 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
518 if (bp->pc == pc && bp->flags == flags) {
519 cpu_breakpoint_remove_by_ref(env, bp);
520 return 0;
521 }
522 }
523 return -ENOENT;
524 #else
525 return -ENOSYS;
526 #endif
527 }
528
529 /* Remove a specific breakpoint by reference. */
530 void cpu_breakpoint_remove_by_ref(CPUArchState *env, CPUBreakpoint *breakpoint)
531 {
532 #if defined(TARGET_HAS_ICE)
533 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
534
535 breakpoint_invalidate(env, breakpoint->pc);
536
537 g_free(breakpoint);
538 #endif
539 }
540
541 /* Remove all matching breakpoints. */
542 void cpu_breakpoint_remove_all(CPUArchState *env, int mask)
543 {
544 #if defined(TARGET_HAS_ICE)
545 CPUBreakpoint *bp, *next;
546
547 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
548 if (bp->flags & mask)
549 cpu_breakpoint_remove_by_ref(env, bp);
550 }
551 #endif
552 }
553
554 /* enable or disable single step mode. EXCP_DEBUG is returned by the
555 CPU loop after each instruction */
556 void cpu_single_step(CPUArchState *env, int enabled)
557 {
558 #if defined(TARGET_HAS_ICE)
559 if (env->singlestep_enabled != enabled) {
560 env->singlestep_enabled = enabled;
561 if (kvm_enabled())
562 kvm_update_guest_debug(env, 0);
563 else {
564 /* must flush all the translated code to avoid inconsistencies */
565 /* XXX: only flush what is necessary */
566 tb_flush(env);
567 }
568 }
569 #endif
570 }
571
572 void cpu_exit(CPUArchState *env)
573 {
574 CPUState *cpu = ENV_GET_CPU(env);
575
576 cpu->exit_request = 1;
577 cpu->tcg_exit_req = 1;
578 }
579
580 void cpu_abort(CPUArchState *env, const char *fmt, ...)
581 {
582 va_list ap;
583 va_list ap2;
584
585 va_start(ap, fmt);
586 va_copy(ap2, ap);
587 fprintf(stderr, "qemu: fatal: ");
588 vfprintf(stderr, fmt, ap);
589 fprintf(stderr, "\n");
590 cpu_dump_state(env, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
591 if (qemu_log_enabled()) {
592 qemu_log("qemu: fatal: ");
593 qemu_log_vprintf(fmt, ap2);
594 qemu_log("\n");
595 log_cpu_state(env, CPU_DUMP_FPU | CPU_DUMP_CCOP);
596 qemu_log_flush();
597 qemu_log_close();
598 }
599 va_end(ap2);
600 va_end(ap);
601 #if defined(CONFIG_USER_ONLY)
602 {
603 struct sigaction act;
604 sigfillset(&act.sa_mask);
605 act.sa_handler = SIG_DFL;
606 sigaction(SIGABRT, &act, NULL);
607 }
608 #endif
609 abort();
610 }
611
612 CPUArchState *cpu_copy(CPUArchState *env)
613 {
614 CPUArchState *new_env = cpu_init(env->cpu_model_str);
615 CPUArchState *next_cpu = new_env->next_cpu;
616 #if defined(TARGET_HAS_ICE)
617 CPUBreakpoint *bp;
618 CPUWatchpoint *wp;
619 #endif
620
621 memcpy(new_env, env, sizeof(CPUArchState));
622
623 /* Preserve chaining. */
624 new_env->next_cpu = next_cpu;
625
626 /* Clone all break/watchpoints.
627 Note: Once we support ptrace with hw-debug register access, make sure
628 BP_CPU break/watchpoints are handled correctly on clone. */
629 QTAILQ_INIT(&env->breakpoints);
630 QTAILQ_INIT(&env->watchpoints);
631 #if defined(TARGET_HAS_ICE)
632 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
633 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
634 }
635 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
636 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
637 wp->flags, NULL);
638 }
639 #endif
640
641 return new_env;
642 }
643
644 #if !defined(CONFIG_USER_ONLY)
645 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t end,
646 uintptr_t length)
647 {
648 uintptr_t start1;
649
650 /* we modify the TLB cache so that the dirty bit will be set again
651 when accessing the range */
652 start1 = (uintptr_t)qemu_safe_ram_ptr(start);
653 /* Check that we don't span multiple blocks - this breaks the
654 address comparisons below. */
655 if ((uintptr_t)qemu_safe_ram_ptr(end - 1) - start1
656 != (end - 1) - start) {
657 abort();
658 }
659 cpu_tlb_reset_dirty_all(start1, length);
660
661 }
662
663 /* Note: start and end must be within the same ram block. */
664 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
665 int dirty_flags)
666 {
667 uintptr_t length;
668
669 start &= TARGET_PAGE_MASK;
670 end = TARGET_PAGE_ALIGN(end);
671
672 length = end - start;
673 if (length == 0)
674 return;
675 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
676
677 if (tcg_enabled()) {
678 tlb_reset_dirty_range_all(start, end, length);
679 }
680 }
681
682 static int cpu_physical_memory_set_dirty_tracking(int enable)
683 {
684 int ret = 0;
685 in_migration = enable;
686 return ret;
687 }
688
689 hwaddr memory_region_section_get_iotlb(CPUArchState *env,
690 MemoryRegionSection *section,
691 target_ulong vaddr,
692 hwaddr paddr, hwaddr xlat,
693 int prot,
694 target_ulong *address)
695 {
696 hwaddr iotlb;
697 CPUWatchpoint *wp;
698
699 if (memory_region_is_ram(section->mr)) {
700 /* Normal RAM. */
701 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
702 + xlat;
703 if (!section->readonly) {
704 iotlb |= phys_section_notdirty;
705 } else {
706 iotlb |= phys_section_rom;
707 }
708 } else {
709 iotlb = section - phys_sections;
710 iotlb += xlat;
711 }
712
713 /* Make accesses to pages with watchpoints go via the
714 watchpoint trap routines. */
715 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
716 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
717 /* Avoid trapping reads of pages with a write breakpoint. */
718 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
719 iotlb = phys_section_watch + paddr;
720 *address |= TLB_MMIO;
721 break;
722 }
723 }
724 }
725
726 return iotlb;
727 }
728 #endif /* defined(CONFIG_USER_ONLY) */
729
730 #if !defined(CONFIG_USER_ONLY)
731
732 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
733 uint16_t section);
734 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
735 static void destroy_page_desc(uint16_t section_index)
736 {
737 MemoryRegionSection *section = &phys_sections[section_index];
738 MemoryRegion *mr = section->mr;
739
740 if (mr->subpage) {
741 subpage_t *subpage = container_of(mr, subpage_t, iomem);
742 memory_region_destroy(&subpage->iomem);
743 g_free(subpage);
744 }
745 }
746
747 static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
748 {
749 unsigned i;
750 PhysPageEntry *p;
751
752 if (lp->ptr == PHYS_MAP_NODE_NIL) {
753 return;
754 }
755
756 p = phys_map_nodes[lp->ptr];
757 for (i = 0; i < L2_SIZE; ++i) {
758 if (!p[i].is_leaf) {
759 destroy_l2_mapping(&p[i], level - 1);
760 } else {
761 destroy_page_desc(p[i].ptr);
762 }
763 }
764 lp->is_leaf = 0;
765 lp->ptr = PHYS_MAP_NODE_NIL;
766 }
767
768 static void destroy_all_mappings(AddressSpaceDispatch *d)
769 {
770 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
771 phys_map_nodes_reset();
772 }
773
774 static uint16_t phys_section_add(MemoryRegionSection *section)
775 {
776 /* The physical section number is ORed with a page-aligned
777 * pointer to produce the iotlb entries. Thus it should
778 * never overflow into the page-aligned value.
779 */
780 assert(phys_sections_nb < TARGET_PAGE_SIZE);
781
782 if (phys_sections_nb == phys_sections_nb_alloc) {
783 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
784 phys_sections = g_renew(MemoryRegionSection, phys_sections,
785 phys_sections_nb_alloc);
786 }
787 phys_sections[phys_sections_nb] = *section;
788 return phys_sections_nb++;
789 }
790
791 static void phys_sections_clear(void)
792 {
793 phys_sections_nb = 0;
794 }
795
796 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
797 {
798 subpage_t *subpage;
799 hwaddr base = section->offset_within_address_space
800 & TARGET_PAGE_MASK;
801 MemoryRegionSection *existing = phys_page_find(d, base >> TARGET_PAGE_BITS);
802 MemoryRegionSection subsection = {
803 .offset_within_address_space = base,
804 .size = TARGET_PAGE_SIZE,
805 };
806 hwaddr start, end;
807
808 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
809
810 if (!(existing->mr->subpage)) {
811 subpage = subpage_init(d->as, base);
812 subsection.mr = &subpage->iomem;
813 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
814 phys_section_add(&subsection));
815 } else {
816 subpage = container_of(existing->mr, subpage_t, iomem);
817 }
818 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
819 end = start + section->size - 1;
820 subpage_register(subpage, start, end, phys_section_add(section));
821 }
822
823
824 static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section)
825 {
826 hwaddr start_addr = section->offset_within_address_space;
827 ram_addr_t size = section->size;
828 hwaddr addr;
829 uint16_t section_index = phys_section_add(section);
830
831 assert(size);
832
833 addr = start_addr;
834 phys_page_set(d, addr >> TARGET_PAGE_BITS, size >> TARGET_PAGE_BITS,
835 section_index);
836 }
837
838 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
839 {
840 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
841 MemoryRegionSection now = *section, remain = *section;
842
843 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
844 || (now.size < TARGET_PAGE_SIZE)) {
845 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
846 - now.offset_within_address_space,
847 now.size);
848 register_subpage(d, &now);
849 remain.size -= now.size;
850 remain.offset_within_address_space += now.size;
851 remain.offset_within_region += now.size;
852 }
853 while (remain.size >= TARGET_PAGE_SIZE) {
854 now = remain;
855 if (remain.offset_within_region & ~TARGET_PAGE_MASK) {
856 now.size = TARGET_PAGE_SIZE;
857 register_subpage(d, &now);
858 } else {
859 now.size &= TARGET_PAGE_MASK;
860 register_multipage(d, &now);
861 }
862 remain.size -= now.size;
863 remain.offset_within_address_space += now.size;
864 remain.offset_within_region += now.size;
865 }
866 now = remain;
867 if (now.size) {
868 register_subpage(d, &now);
869 }
870 }
871
872 void qemu_flush_coalesced_mmio_buffer(void)
873 {
874 if (kvm_enabled())
875 kvm_flush_coalesced_mmio_buffer();
876 }
877
878 void qemu_mutex_lock_ramlist(void)
879 {
880 qemu_mutex_lock(&ram_list.mutex);
881 }
882
883 void qemu_mutex_unlock_ramlist(void)
884 {
885 qemu_mutex_unlock(&ram_list.mutex);
886 }
887
888 #if defined(__linux__) && !defined(TARGET_S390X)
889
890 #include <sys/vfs.h>
891
892 #define HUGETLBFS_MAGIC 0x958458f6
893
894 static long gethugepagesize(const char *path)
895 {
896 struct statfs fs;
897 int ret;
898
899 do {
900 ret = statfs(path, &fs);
901 } while (ret != 0 && errno == EINTR);
902
903 if (ret != 0) {
904 perror(path);
905 return 0;
906 }
907
908 if (fs.f_type != HUGETLBFS_MAGIC)
909 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
910
911 return fs.f_bsize;
912 }
913
914 static void *file_ram_alloc(RAMBlock *block,
915 ram_addr_t memory,
916 const char *path)
917 {
918 char *filename;
919 char *sanitized_name;
920 char *c;
921 void *area;
922 int fd;
923 #ifdef MAP_POPULATE
924 int flags;
925 #endif
926 unsigned long hpagesize;
927
928 hpagesize = gethugepagesize(path);
929 if (!hpagesize) {
930 return NULL;
931 }
932
933 if (memory < hpagesize) {
934 return NULL;
935 }
936
937 if (kvm_enabled() && !kvm_has_sync_mmu()) {
938 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
939 return NULL;
940 }
941
942 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
943 sanitized_name = g_strdup(block->mr->name);
944 for (c = sanitized_name; *c != '\0'; c++) {
945 if (*c == '/')
946 *c = '_';
947 }
948
949 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
950 sanitized_name);
951 g_free(sanitized_name);
952
953 fd = mkstemp(filename);
954 if (fd < 0) {
955 perror("unable to create backing store for hugepages");
956 g_free(filename);
957 return NULL;
958 }
959 unlink(filename);
960 g_free(filename);
961
962 memory = (memory+hpagesize-1) & ~(hpagesize-1);
963
964 /*
965 * ftruncate is not supported by hugetlbfs in older
966 * hosts, so don't bother bailing out on errors.
967 * If anything goes wrong with it under other filesystems,
968 * mmap will fail.
969 */
970 if (ftruncate(fd, memory))
971 perror("ftruncate");
972
973 #ifdef MAP_POPULATE
974 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
975 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
976 * to sidestep this quirk.
977 */
978 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
979 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
980 #else
981 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
982 #endif
983 if (area == MAP_FAILED) {
984 perror("file_ram_alloc: can't mmap RAM pages");
985 close(fd);
986 return (NULL);
987 }
988 block->fd = fd;
989 return area;
990 }
991 #endif
992
993 static ram_addr_t find_ram_offset(ram_addr_t size)
994 {
995 RAMBlock *block, *next_block;
996 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
997
998 assert(size != 0); /* it would hand out same offset multiple times */
999
1000 if (QTAILQ_EMPTY(&ram_list.blocks))
1001 return 0;
1002
1003 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1004 ram_addr_t end, next = RAM_ADDR_MAX;
1005
1006 end = block->offset + block->length;
1007
1008 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1009 if (next_block->offset >= end) {
1010 next = MIN(next, next_block->offset);
1011 }
1012 }
1013 if (next - end >= size && next - end < mingap) {
1014 offset = end;
1015 mingap = next - end;
1016 }
1017 }
1018
1019 if (offset == RAM_ADDR_MAX) {
1020 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1021 (uint64_t)size);
1022 abort();
1023 }
1024
1025 return offset;
1026 }
1027
1028 ram_addr_t last_ram_offset(void)
1029 {
1030 RAMBlock *block;
1031 ram_addr_t last = 0;
1032
1033 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1034 last = MAX(last, block->offset + block->length);
1035
1036 return last;
1037 }
1038
1039 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1040 {
1041 int ret;
1042 QemuOpts *machine_opts;
1043
1044 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1045 machine_opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1046 if (machine_opts &&
1047 !qemu_opt_get_bool(machine_opts, "dump-guest-core", true)) {
1048 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1049 if (ret) {
1050 perror("qemu_madvise");
1051 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1052 "but dump_guest_core=off specified\n");
1053 }
1054 }
1055 }
1056
1057 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1058 {
1059 RAMBlock *new_block, *block;
1060
1061 new_block = NULL;
1062 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1063 if (block->offset == addr) {
1064 new_block = block;
1065 break;
1066 }
1067 }
1068 assert(new_block);
1069 assert(!new_block->idstr[0]);
1070
1071 if (dev) {
1072 char *id = qdev_get_dev_path(dev);
1073 if (id) {
1074 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1075 g_free(id);
1076 }
1077 }
1078 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1079
1080 /* This assumes the iothread lock is taken here too. */
1081 qemu_mutex_lock_ramlist();
1082 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1083 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1084 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1085 new_block->idstr);
1086 abort();
1087 }
1088 }
1089 qemu_mutex_unlock_ramlist();
1090 }
1091
1092 static int memory_try_enable_merging(void *addr, size_t len)
1093 {
1094 QemuOpts *opts;
1095
1096 opts = qemu_opts_find(qemu_find_opts("machine"), 0);
1097 if (opts && !qemu_opt_get_bool(opts, "mem-merge", true)) {
1098 /* disabled by the user */
1099 return 0;
1100 }
1101
1102 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1103 }
1104
1105 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1106 MemoryRegion *mr)
1107 {
1108 RAMBlock *block, *new_block;
1109
1110 size = TARGET_PAGE_ALIGN(size);
1111 new_block = g_malloc0(sizeof(*new_block));
1112
1113 /* This assumes the iothread lock is taken here too. */
1114 qemu_mutex_lock_ramlist();
1115 new_block->mr = mr;
1116 new_block->offset = find_ram_offset(size);
1117 if (host) {
1118 new_block->host = host;
1119 new_block->flags |= RAM_PREALLOC_MASK;
1120 } else {
1121 if (mem_path) {
1122 #if defined (__linux__) && !defined(TARGET_S390X)
1123 new_block->host = file_ram_alloc(new_block, size, mem_path);
1124 if (!new_block->host) {
1125 new_block->host = qemu_anon_ram_alloc(size);
1126 memory_try_enable_merging(new_block->host, size);
1127 }
1128 #else
1129 fprintf(stderr, "-mem-path option unsupported\n");
1130 exit(1);
1131 #endif
1132 } else {
1133 if (xen_enabled()) {
1134 xen_ram_alloc(new_block->offset, size, mr);
1135 } else if (kvm_enabled()) {
1136 /* some s390/kvm configurations have special constraints */
1137 new_block->host = kvm_ram_alloc(size);
1138 } else {
1139 new_block->host = qemu_anon_ram_alloc(size);
1140 }
1141 memory_try_enable_merging(new_block->host, size);
1142 }
1143 }
1144 new_block->length = size;
1145
1146 /* Keep the list sorted from biggest to smallest block. */
1147 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1148 if (block->length < new_block->length) {
1149 break;
1150 }
1151 }
1152 if (block) {
1153 QTAILQ_INSERT_BEFORE(block, new_block, next);
1154 } else {
1155 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1156 }
1157 ram_list.mru_block = NULL;
1158
1159 ram_list.version++;
1160 qemu_mutex_unlock_ramlist();
1161
1162 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
1163 last_ram_offset() >> TARGET_PAGE_BITS);
1164 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
1165 0, size >> TARGET_PAGE_BITS);
1166 cpu_physical_memory_set_dirty_range(new_block->offset, size, 0xff);
1167
1168 qemu_ram_setup_dump(new_block->host, size);
1169 qemu_madvise(new_block->host, size, QEMU_MADV_HUGEPAGE);
1170
1171 if (kvm_enabled())
1172 kvm_setup_guest_memory(new_block->host, size);
1173
1174 return new_block->offset;
1175 }
1176
1177 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
1178 {
1179 return qemu_ram_alloc_from_ptr(size, NULL, mr);
1180 }
1181
1182 void qemu_ram_free_from_ptr(ram_addr_t addr)
1183 {
1184 RAMBlock *block;
1185
1186 /* This assumes the iothread lock is taken here too. */
1187 qemu_mutex_lock_ramlist();
1188 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1189 if (addr == block->offset) {
1190 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1191 ram_list.mru_block = NULL;
1192 ram_list.version++;
1193 g_free(block);
1194 break;
1195 }
1196 }
1197 qemu_mutex_unlock_ramlist();
1198 }
1199
1200 void qemu_ram_free(ram_addr_t addr)
1201 {
1202 RAMBlock *block;
1203
1204 /* This assumes the iothread lock is taken here too. */
1205 qemu_mutex_lock_ramlist();
1206 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1207 if (addr == block->offset) {
1208 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1209 ram_list.mru_block = NULL;
1210 ram_list.version++;
1211 if (block->flags & RAM_PREALLOC_MASK) {
1212 ;
1213 } else if (mem_path) {
1214 #if defined (__linux__) && !defined(TARGET_S390X)
1215 if (block->fd) {
1216 munmap(block->host, block->length);
1217 close(block->fd);
1218 } else {
1219 qemu_anon_ram_free(block->host, block->length);
1220 }
1221 #else
1222 abort();
1223 #endif
1224 } else {
1225 if (xen_enabled()) {
1226 xen_invalidate_map_cache_entry(block->host);
1227 } else {
1228 qemu_anon_ram_free(block->host, block->length);
1229 }
1230 }
1231 g_free(block);
1232 break;
1233 }
1234 }
1235 qemu_mutex_unlock_ramlist();
1236
1237 }
1238
1239 #ifndef _WIN32
1240 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1241 {
1242 RAMBlock *block;
1243 ram_addr_t offset;
1244 int flags;
1245 void *area, *vaddr;
1246
1247 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1248 offset = addr - block->offset;
1249 if (offset < block->length) {
1250 vaddr = block->host + offset;
1251 if (block->flags & RAM_PREALLOC_MASK) {
1252 ;
1253 } else {
1254 flags = MAP_FIXED;
1255 munmap(vaddr, length);
1256 if (mem_path) {
1257 #if defined(__linux__) && !defined(TARGET_S390X)
1258 if (block->fd) {
1259 #ifdef MAP_POPULATE
1260 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
1261 MAP_PRIVATE;
1262 #else
1263 flags |= MAP_PRIVATE;
1264 #endif
1265 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1266 flags, block->fd, offset);
1267 } else {
1268 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1269 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1270 flags, -1, 0);
1271 }
1272 #else
1273 abort();
1274 #endif
1275 } else {
1276 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
1277 flags |= MAP_SHARED | MAP_ANONYMOUS;
1278 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
1279 flags, -1, 0);
1280 #else
1281 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1282 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1283 flags, -1, 0);
1284 #endif
1285 }
1286 if (area != vaddr) {
1287 fprintf(stderr, "Could not remap addr: "
1288 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1289 length, addr);
1290 exit(1);
1291 }
1292 memory_try_enable_merging(vaddr, length);
1293 qemu_ram_setup_dump(vaddr, length);
1294 }
1295 return;
1296 }
1297 }
1298 }
1299 #endif /* !_WIN32 */
1300
1301 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1302 With the exception of the softmmu code in this file, this should
1303 only be used for local memory (e.g. video ram) that the device owns,
1304 and knows it isn't going to access beyond the end of the block.
1305
1306 It should not be used for general purpose DMA.
1307 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
1308 */
1309 void *qemu_get_ram_ptr(ram_addr_t addr)
1310 {
1311 RAMBlock *block;
1312
1313 /* The list is protected by the iothread lock here. */
1314 block = ram_list.mru_block;
1315 if (block && addr - block->offset < block->length) {
1316 goto found;
1317 }
1318 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1319 if (addr - block->offset < block->length) {
1320 goto found;
1321 }
1322 }
1323
1324 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1325 abort();
1326
1327 found:
1328 ram_list.mru_block = block;
1329 if (xen_enabled()) {
1330 /* We need to check if the requested address is in the RAM
1331 * because we don't want to map the entire memory in QEMU.
1332 * In that case just map until the end of the page.
1333 */
1334 if (block->offset == 0) {
1335 return xen_map_cache(addr, 0, 0);
1336 } else if (block->host == NULL) {
1337 block->host =
1338 xen_map_cache(block->offset, block->length, 1);
1339 }
1340 }
1341 return block->host + (addr - block->offset);
1342 }
1343
1344 /* Return a host pointer to ram allocated with qemu_ram_alloc. Same as
1345 * qemu_get_ram_ptr but do not touch ram_list.mru_block.
1346 *
1347 * ??? Is this still necessary?
1348 */
1349 static void *qemu_safe_ram_ptr(ram_addr_t addr)
1350 {
1351 RAMBlock *block;
1352
1353 /* The list is protected by the iothread lock here. */
1354 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1355 if (addr - block->offset < block->length) {
1356 if (xen_enabled()) {
1357 /* We need to check if the requested address is in the RAM
1358 * because we don't want to map the entire memory in QEMU.
1359 * In that case just map until the end of the page.
1360 */
1361 if (block->offset == 0) {
1362 return xen_map_cache(addr, 0, 0);
1363 } else if (block->host == NULL) {
1364 block->host =
1365 xen_map_cache(block->offset, block->length, 1);
1366 }
1367 }
1368 return block->host + (addr - block->offset);
1369 }
1370 }
1371
1372 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1373 abort();
1374
1375 return NULL;
1376 }
1377
1378 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1379 * but takes a size argument */
1380 static void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
1381 {
1382 if (*size == 0) {
1383 return NULL;
1384 }
1385 if (xen_enabled()) {
1386 return xen_map_cache(addr, *size, 1);
1387 } else {
1388 RAMBlock *block;
1389
1390 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1391 if (addr - block->offset < block->length) {
1392 if (addr - block->offset + *size > block->length)
1393 *size = block->length - addr + block->offset;
1394 return block->host + (addr - block->offset);
1395 }
1396 }
1397
1398 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1399 abort();
1400 }
1401 }
1402
1403 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1404 {
1405 RAMBlock *block;
1406 uint8_t *host = ptr;
1407
1408 if (xen_enabled()) {
1409 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1410 return 0;
1411 }
1412
1413 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1414 /* This case append when the block is not mapped. */
1415 if (block->host == NULL) {
1416 continue;
1417 }
1418 if (host - block->host < block->length) {
1419 *ram_addr = block->offset + (host - block->host);
1420 return 0;
1421 }
1422 }
1423
1424 return -1;
1425 }
1426
1427 /* Some of the softmmu routines need to translate from a host pointer
1428 (typically a TLB entry) back to a ram offset. */
1429 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
1430 {
1431 ram_addr_t ram_addr;
1432
1433 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
1434 fprintf(stderr, "Bad ram pointer %p\n", ptr);
1435 abort();
1436 }
1437 return ram_addr;
1438 }
1439
1440 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1441 uint64_t val, unsigned size)
1442 {
1443 int dirty_flags;
1444 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1445 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
1446 tb_invalidate_phys_page_fast(ram_addr, size);
1447 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
1448 }
1449 switch (size) {
1450 case 1:
1451 stb_p(qemu_get_ram_ptr(ram_addr), val);
1452 break;
1453 case 2:
1454 stw_p(qemu_get_ram_ptr(ram_addr), val);
1455 break;
1456 case 4:
1457 stl_p(qemu_get_ram_ptr(ram_addr), val);
1458 break;
1459 default:
1460 abort();
1461 }
1462 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
1463 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
1464 /* we remove the notdirty callback only if the code has been
1465 flushed */
1466 if (dirty_flags == 0xff)
1467 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
1468 }
1469
1470 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1471 unsigned size, bool is_write)
1472 {
1473 return is_write;
1474 }
1475
1476 static const MemoryRegionOps notdirty_mem_ops = {
1477 .write = notdirty_mem_write,
1478 .valid.accepts = notdirty_mem_accepts,
1479 .endianness = DEVICE_NATIVE_ENDIAN,
1480 };
1481
1482 /* Generate a debug exception if a watchpoint has been hit. */
1483 static void check_watchpoint(int offset, int len_mask, int flags)
1484 {
1485 CPUArchState *env = cpu_single_env;
1486 target_ulong pc, cs_base;
1487 target_ulong vaddr;
1488 CPUWatchpoint *wp;
1489 int cpu_flags;
1490
1491 if (env->watchpoint_hit) {
1492 /* We re-entered the check after replacing the TB. Now raise
1493 * the debug interrupt so that is will trigger after the
1494 * current instruction. */
1495 cpu_interrupt(ENV_GET_CPU(env), CPU_INTERRUPT_DEBUG);
1496 return;
1497 }
1498 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1499 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
1500 if ((vaddr == (wp->vaddr & len_mask) ||
1501 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
1502 wp->flags |= BP_WATCHPOINT_HIT;
1503 if (!env->watchpoint_hit) {
1504 env->watchpoint_hit = wp;
1505 tb_check_watchpoint(env);
1506 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1507 env->exception_index = EXCP_DEBUG;
1508 cpu_loop_exit(env);
1509 } else {
1510 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1511 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
1512 cpu_resume_from_signal(env, NULL);
1513 }
1514 }
1515 } else {
1516 wp->flags &= ~BP_WATCHPOINT_HIT;
1517 }
1518 }
1519 }
1520
1521 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1522 so these check for a hit then pass through to the normal out-of-line
1523 phys routines. */
1524 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1525 unsigned size)
1526 {
1527 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
1528 switch (size) {
1529 case 1: return ldub_phys(addr);
1530 case 2: return lduw_phys(addr);
1531 case 4: return ldl_phys(addr);
1532 default: abort();
1533 }
1534 }
1535
1536 static void watch_mem_write(void *opaque, hwaddr addr,
1537 uint64_t val, unsigned size)
1538 {
1539 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
1540 switch (size) {
1541 case 1:
1542 stb_phys(addr, val);
1543 break;
1544 case 2:
1545 stw_phys(addr, val);
1546 break;
1547 case 4:
1548 stl_phys(addr, val);
1549 break;
1550 default: abort();
1551 }
1552 }
1553
1554 static const MemoryRegionOps watch_mem_ops = {
1555 .read = watch_mem_read,
1556 .write = watch_mem_write,
1557 .endianness = DEVICE_NATIVE_ENDIAN,
1558 };
1559
1560 static uint64_t subpage_read(void *opaque, hwaddr addr,
1561 unsigned len)
1562 {
1563 subpage_t *subpage = opaque;
1564 uint8_t buf[4];
1565
1566 #if defined(DEBUG_SUBPAGE)
1567 printf("%s: subpage %p len %d addr " TARGET_FMT_plx "\n", __func__,
1568 subpage, len, addr);
1569 #endif
1570 address_space_read(subpage->as, addr + subpage->base, buf, len);
1571 switch (len) {
1572 case 1:
1573 return ldub_p(buf);
1574 case 2:
1575 return lduw_p(buf);
1576 case 4:
1577 return ldl_p(buf);
1578 default:
1579 abort();
1580 }
1581 }
1582
1583 static void subpage_write(void *opaque, hwaddr addr,
1584 uint64_t value, unsigned len)
1585 {
1586 subpage_t *subpage = opaque;
1587 uint8_t buf[4];
1588
1589 #if defined(DEBUG_SUBPAGE)
1590 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
1591 " value %"PRIx64"\n",
1592 __func__, subpage, len, addr, value);
1593 #endif
1594 switch (len) {
1595 case 1:
1596 stb_p(buf, value);
1597 break;
1598 case 2:
1599 stw_p(buf, value);
1600 break;
1601 case 4:
1602 stl_p(buf, value);
1603 break;
1604 default:
1605 abort();
1606 }
1607 address_space_write(subpage->as, addr + subpage->base, buf, len);
1608 }
1609
1610 static bool subpage_accepts(void *opaque, hwaddr addr,
1611 unsigned size, bool is_write)
1612 {
1613 subpage_t *subpage = opaque;
1614 #if defined(DEBUG_SUBPAGE)
1615 printf("%s: subpage %p %c len %d addr " TARGET_FMT_plx "\n",
1616 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1617 #endif
1618
1619 return address_space_access_valid(subpage->as, addr + subpage->base,
1620 size, is_write);
1621 }
1622
1623 static const MemoryRegionOps subpage_ops = {
1624 .read = subpage_read,
1625 .write = subpage_write,
1626 .valid.accepts = subpage_accepts,
1627 .endianness = DEVICE_NATIVE_ENDIAN,
1628 };
1629
1630 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1631 uint16_t section)
1632 {
1633 int idx, eidx;
1634
1635 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1636 return -1;
1637 idx = SUBPAGE_IDX(start);
1638 eidx = SUBPAGE_IDX(end);
1639 #if defined(DEBUG_SUBPAGE)
1640 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
1641 mmio, start, end, idx, eidx, memory);
1642 #endif
1643 for (; idx <= eidx; idx++) {
1644 mmio->sub_section[idx] = section;
1645 }
1646
1647 return 0;
1648 }
1649
1650 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1651 {
1652 subpage_t *mmio;
1653
1654 mmio = g_malloc0(sizeof(subpage_t));
1655
1656 mmio->as = as;
1657 mmio->base = base;
1658 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
1659 "subpage", TARGET_PAGE_SIZE);
1660 mmio->iomem.subpage = true;
1661 #if defined(DEBUG_SUBPAGE)
1662 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
1663 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
1664 #endif
1665 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
1666
1667 return mmio;
1668 }
1669
1670 static uint16_t dummy_section(MemoryRegion *mr)
1671 {
1672 MemoryRegionSection section = {
1673 .mr = mr,
1674 .offset_within_address_space = 0,
1675 .offset_within_region = 0,
1676 .size = UINT64_MAX,
1677 };
1678
1679 return phys_section_add(&section);
1680 }
1681
1682 MemoryRegion *iotlb_to_region(hwaddr index)
1683 {
1684 return phys_sections[index & ~TARGET_PAGE_MASK].mr;
1685 }
1686
1687 static void io_mem_init(void)
1688 {
1689 memory_region_init_io(&io_mem_rom, &unassigned_mem_ops, NULL, "rom", UINT64_MAX);
1690 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
1691 "unassigned", UINT64_MAX);
1692 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
1693 "notdirty", UINT64_MAX);
1694 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
1695 "watch", UINT64_MAX);
1696 }
1697
1698 static void mem_begin(MemoryListener *listener)
1699 {
1700 AddressSpaceDispatch *d = container_of(listener, AddressSpaceDispatch, listener);
1701
1702 destroy_all_mappings(d);
1703 d->phys_map.ptr = PHYS_MAP_NODE_NIL;
1704 }
1705
1706 static void core_begin(MemoryListener *listener)
1707 {
1708 phys_sections_clear();
1709 phys_section_unassigned = dummy_section(&io_mem_unassigned);
1710 phys_section_notdirty = dummy_section(&io_mem_notdirty);
1711 phys_section_rom = dummy_section(&io_mem_rom);
1712 phys_section_watch = dummy_section(&io_mem_watch);
1713 }
1714
1715 static void tcg_commit(MemoryListener *listener)
1716 {
1717 CPUArchState *env;
1718
1719 /* since each CPU stores ram addresses in its TLB cache, we must
1720 reset the modified entries */
1721 /* XXX: slow ! */
1722 for(env = first_cpu; env != NULL; env = env->next_cpu) {
1723 tlb_flush(env, 1);
1724 }
1725 }
1726
1727 static void core_log_global_start(MemoryListener *listener)
1728 {
1729 cpu_physical_memory_set_dirty_tracking(1);
1730 }
1731
1732 static void core_log_global_stop(MemoryListener *listener)
1733 {
1734 cpu_physical_memory_set_dirty_tracking(0);
1735 }
1736
1737 static void io_region_add(MemoryListener *listener,
1738 MemoryRegionSection *section)
1739 {
1740 MemoryRegionIORange *mrio = g_new(MemoryRegionIORange, 1);
1741
1742 mrio->mr = section->mr;
1743 mrio->offset = section->offset_within_region;
1744 iorange_init(&mrio->iorange, &memory_region_iorange_ops,
1745 section->offset_within_address_space, section->size);
1746 ioport_register(&mrio->iorange);
1747 }
1748
1749 static void io_region_del(MemoryListener *listener,
1750 MemoryRegionSection *section)
1751 {
1752 isa_unassign_ioport(section->offset_within_address_space, section->size);
1753 }
1754
1755 static MemoryListener core_memory_listener = {
1756 .begin = core_begin,
1757 .log_global_start = core_log_global_start,
1758 .log_global_stop = core_log_global_stop,
1759 .priority = 1,
1760 };
1761
1762 static MemoryListener io_memory_listener = {
1763 .region_add = io_region_add,
1764 .region_del = io_region_del,
1765 .priority = 0,
1766 };
1767
1768 static MemoryListener tcg_memory_listener = {
1769 .commit = tcg_commit,
1770 };
1771
1772 void address_space_init_dispatch(AddressSpace *as)
1773 {
1774 AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1);
1775
1776 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 };
1777 d->listener = (MemoryListener) {
1778 .begin = mem_begin,
1779 .region_add = mem_add,
1780 .region_nop = mem_add,
1781 .priority = 0,
1782 };
1783 d->as = as;
1784 as->dispatch = d;
1785 memory_listener_register(&d->listener, as);
1786 }
1787
1788 void address_space_destroy_dispatch(AddressSpace *as)
1789 {
1790 AddressSpaceDispatch *d = as->dispatch;
1791
1792 memory_listener_unregister(&d->listener);
1793 destroy_l2_mapping(&d->phys_map, P_L2_LEVELS - 1);
1794 g_free(d);
1795 as->dispatch = NULL;
1796 }
1797
1798 static void memory_map_init(void)
1799 {
1800 system_memory = g_malloc(sizeof(*system_memory));
1801 memory_region_init(system_memory, "system", INT64_MAX);
1802 address_space_init(&address_space_memory, system_memory);
1803 address_space_memory.name = "memory";
1804
1805 system_io = g_malloc(sizeof(*system_io));
1806 memory_region_init(system_io, "io", 65536);
1807 address_space_init(&address_space_io, system_io);
1808 address_space_io.name = "I/O";
1809
1810 memory_listener_register(&core_memory_listener, &address_space_memory);
1811 memory_listener_register(&io_memory_listener, &address_space_io);
1812 memory_listener_register(&tcg_memory_listener, &address_space_memory);
1813
1814 dma_context_init(&dma_context_memory, &address_space_memory,
1815 NULL, NULL, NULL);
1816 }
1817
1818 MemoryRegion *get_system_memory(void)
1819 {
1820 return system_memory;
1821 }
1822
1823 MemoryRegion *get_system_io(void)
1824 {
1825 return system_io;
1826 }
1827
1828 #endif /* !defined(CONFIG_USER_ONLY) */
1829
1830 /* physical memory access (slow version, mainly for debug) */
1831 #if defined(CONFIG_USER_ONLY)
1832 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
1833 uint8_t *buf, int len, int is_write)
1834 {
1835 int l, flags;
1836 target_ulong page;
1837 void * p;
1838
1839 while (len > 0) {
1840 page = addr & TARGET_PAGE_MASK;
1841 l = (page + TARGET_PAGE_SIZE) - addr;
1842 if (l > len)
1843 l = len;
1844 flags = page_get_flags(page);
1845 if (!(flags & PAGE_VALID))
1846 return -1;
1847 if (is_write) {
1848 if (!(flags & PAGE_WRITE))
1849 return -1;
1850 /* XXX: this code should not depend on lock_user */
1851 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
1852 return -1;
1853 memcpy(p, buf, l);
1854 unlock_user(p, addr, l);
1855 } else {
1856 if (!(flags & PAGE_READ))
1857 return -1;
1858 /* XXX: this code should not depend on lock_user */
1859 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
1860 return -1;
1861 memcpy(buf, p, l);
1862 unlock_user(p, addr, 0);
1863 }
1864 len -= l;
1865 buf += l;
1866 addr += l;
1867 }
1868 return 0;
1869 }
1870
1871 #else
1872
1873 static void invalidate_and_set_dirty(hwaddr addr,
1874 hwaddr length)
1875 {
1876 if (!cpu_physical_memory_is_dirty(addr)) {
1877 /* invalidate code */
1878 tb_invalidate_phys_page_range(addr, addr + length, 0);
1879 /* set dirty bit */
1880 cpu_physical_memory_set_dirty_flags(addr, (0xff & ~CODE_DIRTY_FLAG));
1881 }
1882 xen_modified_memory(addr, length);
1883 }
1884
1885 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
1886 {
1887 if (memory_region_is_ram(mr)) {
1888 return !(is_write && mr->readonly);
1889 }
1890 if (memory_region_is_romd(mr)) {
1891 return !is_write;
1892 }
1893
1894 return false;
1895 }
1896
1897 static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)
1898 {
1899 if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {
1900 return 4;
1901 }
1902 if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {
1903 return 2;
1904 }
1905 return 1;
1906 }
1907
1908 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
1909 int len, bool is_write)
1910 {
1911 hwaddr l;
1912 uint8_t *ptr;
1913 uint64_t val;
1914 hwaddr addr1;
1915 MemoryRegion *mr;
1916 bool error = false;
1917
1918 while (len > 0) {
1919 l = len;
1920 mr = address_space_translate(as, addr, &addr1, &l, is_write);
1921
1922 if (is_write) {
1923 if (!memory_access_is_direct(mr, is_write)) {
1924 l = memory_access_size(mr, l, addr1);
1925 /* XXX: could force cpu_single_env to NULL to avoid
1926 potential bugs */
1927 if (l == 4) {
1928 /* 32 bit write access */
1929 val = ldl_p(buf);
1930 error |= io_mem_write(mr, addr1, val, 4);
1931 } else if (l == 2) {
1932 /* 16 bit write access */
1933 val = lduw_p(buf);
1934 error |= io_mem_write(mr, addr1, val, 2);
1935 } else {
1936 /* 8 bit write access */
1937 val = ldub_p(buf);
1938 error |= io_mem_write(mr, addr1, val, 1);
1939 }
1940 } else {
1941 addr1 += memory_region_get_ram_addr(mr);
1942 /* RAM case */
1943 ptr = qemu_get_ram_ptr(addr1);
1944 memcpy(ptr, buf, l);
1945 invalidate_and_set_dirty(addr1, l);
1946 }
1947 } else {
1948 if (!memory_access_is_direct(mr, is_write)) {
1949 /* I/O case */
1950 l = memory_access_size(mr, l, addr1);
1951 if (l == 4) {
1952 /* 32 bit read access */
1953 error |= io_mem_read(mr, addr1, &val, 4);
1954 stl_p(buf, val);
1955 } else if (l == 2) {
1956 /* 16 bit read access */
1957 error |= io_mem_read(mr, addr1, &val, 2);
1958 stw_p(buf, val);
1959 } else {
1960 /* 8 bit read access */
1961 error |= io_mem_read(mr, addr1, &val, 1);
1962 stb_p(buf, val);
1963 }
1964 } else {
1965 /* RAM case */
1966 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
1967 memcpy(buf, ptr, l);
1968 }
1969 }
1970 len -= l;
1971 buf += l;
1972 addr += l;
1973 }
1974
1975 return error;
1976 }
1977
1978 bool address_space_write(AddressSpace *as, hwaddr addr,
1979 const uint8_t *buf, int len)
1980 {
1981 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
1982 }
1983
1984 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
1985 {
1986 return address_space_rw(as, addr, buf, len, false);
1987 }
1988
1989
1990 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
1991 int len, int is_write)
1992 {
1993 address_space_rw(&address_space_memory, addr, buf, len, is_write);
1994 }
1995
1996 /* used for ROM loading : can write in RAM and ROM */
1997 void cpu_physical_memory_write_rom(hwaddr addr,
1998 const uint8_t *buf, int len)
1999 {
2000 hwaddr l;
2001 uint8_t *ptr;
2002 hwaddr addr1;
2003 MemoryRegion *mr;
2004
2005 while (len > 0) {
2006 l = len;
2007 mr = address_space_translate(&address_space_memory,
2008 addr, &addr1, &l, true);
2009
2010 if (!(memory_region_is_ram(mr) ||
2011 memory_region_is_romd(mr))) {
2012 /* do nothing */
2013 } else {
2014 addr1 += memory_region_get_ram_addr(mr);
2015 /* ROM/RAM case */
2016 ptr = qemu_get_ram_ptr(addr1);
2017 memcpy(ptr, buf, l);
2018 invalidate_and_set_dirty(addr1, l);
2019 }
2020 len -= l;
2021 buf += l;
2022 addr += l;
2023 }
2024 }
2025
2026 typedef struct {
2027 void *buffer;
2028 hwaddr addr;
2029 hwaddr len;
2030 } BounceBuffer;
2031
2032 static BounceBuffer bounce;
2033
2034 typedef struct MapClient {
2035 void *opaque;
2036 void (*callback)(void *opaque);
2037 QLIST_ENTRY(MapClient) link;
2038 } MapClient;
2039
2040 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2041 = QLIST_HEAD_INITIALIZER(map_client_list);
2042
2043 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2044 {
2045 MapClient *client = g_malloc(sizeof(*client));
2046
2047 client->opaque = opaque;
2048 client->callback = callback;
2049 QLIST_INSERT_HEAD(&map_client_list, client, link);
2050 return client;
2051 }
2052
2053 static void cpu_unregister_map_client(void *_client)
2054 {
2055 MapClient *client = (MapClient *)_client;
2056
2057 QLIST_REMOVE(client, link);
2058 g_free(client);
2059 }
2060
2061 static void cpu_notify_map_clients(void)
2062 {
2063 MapClient *client;
2064
2065 while (!QLIST_EMPTY(&map_client_list)) {
2066 client = QLIST_FIRST(&map_client_list);
2067 client->callback(client->opaque);
2068 cpu_unregister_map_client(client);
2069 }
2070 }
2071
2072 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2073 {
2074 MemoryRegion *mr;
2075 hwaddr l, xlat;
2076
2077 while (len > 0) {
2078 l = len;
2079 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2080 if (!memory_access_is_direct(mr, is_write)) {
2081 l = memory_access_size(mr, l, addr);
2082 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2083 return false;
2084 }
2085 }
2086
2087 len -= l;
2088 addr += l;
2089 }
2090 return true;
2091 }
2092
2093 /* Map a physical memory region into a host virtual address.
2094 * May map a subset of the requested range, given by and returned in *plen.
2095 * May return NULL if resources needed to perform the mapping are exhausted.
2096 * Use only for reads OR writes - not for read-modify-write operations.
2097 * Use cpu_register_map_client() to know when retrying the map operation is
2098 * likely to succeed.
2099 */
2100 void *address_space_map(AddressSpace *as,
2101 hwaddr addr,
2102 hwaddr *plen,
2103 bool is_write)
2104 {
2105 hwaddr len = *plen;
2106 hwaddr todo = 0;
2107 hwaddr l, xlat;
2108 MemoryRegion *mr;
2109 ram_addr_t raddr = RAM_ADDR_MAX;
2110 ram_addr_t rlen;
2111 void *ret;
2112
2113 while (len > 0) {
2114 l = len;
2115 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2116
2117 if (!memory_access_is_direct(mr, is_write)) {
2118 if (todo || bounce.buffer) {
2119 break;
2120 }
2121 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
2122 bounce.addr = addr;
2123 bounce.len = l;
2124 if (!is_write) {
2125 address_space_read(as, addr, bounce.buffer, l);
2126 }
2127
2128 *plen = l;
2129 return bounce.buffer;
2130 }
2131 if (!todo) {
2132 raddr = memory_region_get_ram_addr(mr) + xlat;
2133 } else {
2134 if (memory_region_get_ram_addr(mr) + xlat != raddr + todo) {
2135 break;
2136 }
2137 }
2138
2139 len -= l;
2140 addr += l;
2141 todo += l;
2142 }
2143 rlen = todo;
2144 ret = qemu_ram_ptr_length(raddr, &rlen);
2145 *plen = rlen;
2146 return ret;
2147 }
2148
2149 /* Unmaps a memory region previously mapped by address_space_map().
2150 * Will also mark the memory as dirty if is_write == 1. access_len gives
2151 * the amount of memory that was actually read or written by the caller.
2152 */
2153 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2154 int is_write, hwaddr access_len)
2155 {
2156 if (buffer != bounce.buffer) {
2157 if (is_write) {
2158 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
2159 while (access_len) {
2160 unsigned l;
2161 l = TARGET_PAGE_SIZE;
2162 if (l > access_len)
2163 l = access_len;
2164 invalidate_and_set_dirty(addr1, l);
2165 addr1 += l;
2166 access_len -= l;
2167 }
2168 }
2169 if (xen_enabled()) {
2170 xen_invalidate_map_cache_entry(buffer);
2171 }
2172 return;
2173 }
2174 if (is_write) {
2175 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2176 }
2177 qemu_vfree(bounce.buffer);
2178 bounce.buffer = NULL;
2179 cpu_notify_map_clients();
2180 }
2181
2182 void *cpu_physical_memory_map(hwaddr addr,
2183 hwaddr *plen,
2184 int is_write)
2185 {
2186 return address_space_map(&address_space_memory, addr, plen, is_write);
2187 }
2188
2189 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2190 int is_write, hwaddr access_len)
2191 {
2192 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2193 }
2194
2195 /* warning: addr must be aligned */
2196 static inline uint32_t ldl_phys_internal(hwaddr addr,
2197 enum device_endian endian)
2198 {
2199 uint8_t *ptr;
2200 uint64_t val;
2201 MemoryRegion *mr;
2202 hwaddr l = 4;
2203 hwaddr addr1;
2204
2205 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2206 false);
2207 if (l < 4 || !memory_access_is_direct(mr, false)) {
2208 /* I/O case */
2209 io_mem_read(mr, addr1, &val, 4);
2210 #if defined(TARGET_WORDS_BIGENDIAN)
2211 if (endian == DEVICE_LITTLE_ENDIAN) {
2212 val = bswap32(val);
2213 }
2214 #else
2215 if (endian == DEVICE_BIG_ENDIAN) {
2216 val = bswap32(val);
2217 }
2218 #endif
2219 } else {
2220 /* RAM case */
2221 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2222 & TARGET_PAGE_MASK)
2223 + addr1);
2224 switch (endian) {
2225 case DEVICE_LITTLE_ENDIAN:
2226 val = ldl_le_p(ptr);
2227 break;
2228 case DEVICE_BIG_ENDIAN:
2229 val = ldl_be_p(ptr);
2230 break;
2231 default:
2232 val = ldl_p(ptr);
2233 break;
2234 }
2235 }
2236 return val;
2237 }
2238
2239 uint32_t ldl_phys(hwaddr addr)
2240 {
2241 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2242 }
2243
2244 uint32_t ldl_le_phys(hwaddr addr)
2245 {
2246 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2247 }
2248
2249 uint32_t ldl_be_phys(hwaddr addr)
2250 {
2251 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
2252 }
2253
2254 /* warning: addr must be aligned */
2255 static inline uint64_t ldq_phys_internal(hwaddr addr,
2256 enum device_endian endian)
2257 {
2258 uint8_t *ptr;
2259 uint64_t val;
2260 MemoryRegion *mr;
2261 hwaddr l = 8;
2262 hwaddr addr1;
2263
2264 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2265 false);
2266 if (l < 8 || !memory_access_is_direct(mr, false)) {
2267 /* I/O case */
2268 io_mem_read(mr, addr1, &val, 8);
2269 #if defined(TARGET_WORDS_BIGENDIAN)
2270 if (endian == DEVICE_LITTLE_ENDIAN) {
2271 val = bswap64(val);
2272 }
2273 #else
2274 if (endian == DEVICE_BIG_ENDIAN) {
2275 val = bswap64(val);
2276 }
2277 #endif
2278 } else {
2279 /* RAM case */
2280 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2281 & TARGET_PAGE_MASK)
2282 + addr1);
2283 switch (endian) {
2284 case DEVICE_LITTLE_ENDIAN:
2285 val = ldq_le_p(ptr);
2286 break;
2287 case DEVICE_BIG_ENDIAN:
2288 val = ldq_be_p(ptr);
2289 break;
2290 default:
2291 val = ldq_p(ptr);
2292 break;
2293 }
2294 }
2295 return val;
2296 }
2297
2298 uint64_t ldq_phys(hwaddr addr)
2299 {
2300 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2301 }
2302
2303 uint64_t ldq_le_phys(hwaddr addr)
2304 {
2305 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2306 }
2307
2308 uint64_t ldq_be_phys(hwaddr addr)
2309 {
2310 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
2311 }
2312
2313 /* XXX: optimize */
2314 uint32_t ldub_phys(hwaddr addr)
2315 {
2316 uint8_t val;
2317 cpu_physical_memory_read(addr, &val, 1);
2318 return val;
2319 }
2320
2321 /* warning: addr must be aligned */
2322 static inline uint32_t lduw_phys_internal(hwaddr addr,
2323 enum device_endian endian)
2324 {
2325 uint8_t *ptr;
2326 uint64_t val;
2327 MemoryRegion *mr;
2328 hwaddr l = 2;
2329 hwaddr addr1;
2330
2331 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2332 false);
2333 if (l < 2 || !memory_access_is_direct(mr, false)) {
2334 /* I/O case */
2335 io_mem_read(mr, addr1, &val, 2);
2336 #if defined(TARGET_WORDS_BIGENDIAN)
2337 if (endian == DEVICE_LITTLE_ENDIAN) {
2338 val = bswap16(val);
2339 }
2340 #else
2341 if (endian == DEVICE_BIG_ENDIAN) {
2342 val = bswap16(val);
2343 }
2344 #endif
2345 } else {
2346 /* RAM case */
2347 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2348 & TARGET_PAGE_MASK)
2349 + addr1);
2350 switch (endian) {
2351 case DEVICE_LITTLE_ENDIAN:
2352 val = lduw_le_p(ptr);
2353 break;
2354 case DEVICE_BIG_ENDIAN:
2355 val = lduw_be_p(ptr);
2356 break;
2357 default:
2358 val = lduw_p(ptr);
2359 break;
2360 }
2361 }
2362 return val;
2363 }
2364
2365 uint32_t lduw_phys(hwaddr addr)
2366 {
2367 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
2368 }
2369
2370 uint32_t lduw_le_phys(hwaddr addr)
2371 {
2372 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
2373 }
2374
2375 uint32_t lduw_be_phys(hwaddr addr)
2376 {
2377 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
2378 }
2379
2380 /* warning: addr must be aligned. The ram page is not masked as dirty
2381 and the code inside is not invalidated. It is useful if the dirty
2382 bits are used to track modified PTEs */
2383 void stl_phys_notdirty(hwaddr addr, uint32_t val)
2384 {
2385 uint8_t *ptr;
2386 MemoryRegion *mr;
2387 hwaddr l = 4;
2388 hwaddr addr1;
2389
2390 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2391 true);
2392 if (l < 4 || !memory_access_is_direct(mr, true)) {
2393 io_mem_write(mr, addr1, val, 4);
2394 } else {
2395 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2396 ptr = qemu_get_ram_ptr(addr1);
2397 stl_p(ptr, val);
2398
2399 if (unlikely(in_migration)) {
2400 if (!cpu_physical_memory_is_dirty(addr1)) {
2401 /* invalidate code */
2402 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2403 /* set dirty bit */
2404 cpu_physical_memory_set_dirty_flags(
2405 addr1, (0xff & ~CODE_DIRTY_FLAG));
2406 }
2407 }
2408 }
2409 }
2410
2411 /* warning: addr must be aligned */
2412 static inline void stl_phys_internal(hwaddr addr, uint32_t val,
2413 enum device_endian endian)
2414 {
2415 uint8_t *ptr;
2416 MemoryRegion *mr;
2417 hwaddr l = 4;
2418 hwaddr addr1;
2419
2420 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2421 true);
2422 if (l < 4 || !memory_access_is_direct(mr, true)) {
2423 #if defined(TARGET_WORDS_BIGENDIAN)
2424 if (endian == DEVICE_LITTLE_ENDIAN) {
2425 val = bswap32(val);
2426 }
2427 #else
2428 if (endian == DEVICE_BIG_ENDIAN) {
2429 val = bswap32(val);
2430 }
2431 #endif
2432 io_mem_write(mr, addr1, val, 4);
2433 } else {
2434 /* RAM case */
2435 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2436 ptr = qemu_get_ram_ptr(addr1);
2437 switch (endian) {
2438 case DEVICE_LITTLE_ENDIAN:
2439 stl_le_p(ptr, val);
2440 break;
2441 case DEVICE_BIG_ENDIAN:
2442 stl_be_p(ptr, val);
2443 break;
2444 default:
2445 stl_p(ptr, val);
2446 break;
2447 }
2448 invalidate_and_set_dirty(addr1, 4);
2449 }
2450 }
2451
2452 void stl_phys(hwaddr addr, uint32_t val)
2453 {
2454 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2455 }
2456
2457 void stl_le_phys(hwaddr addr, uint32_t val)
2458 {
2459 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2460 }
2461
2462 void stl_be_phys(hwaddr addr, uint32_t val)
2463 {
2464 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2465 }
2466
2467 /* XXX: optimize */
2468 void stb_phys(hwaddr addr, uint32_t val)
2469 {
2470 uint8_t v = val;
2471 cpu_physical_memory_write(addr, &v, 1);
2472 }
2473
2474 /* warning: addr must be aligned */
2475 static inline void stw_phys_internal(hwaddr addr, uint32_t val,
2476 enum device_endian endian)
2477 {
2478 uint8_t *ptr;
2479 MemoryRegion *mr;
2480 hwaddr l = 2;
2481 hwaddr addr1;
2482
2483 mr = address_space_translate(&address_space_memory, addr, &addr1, &l,
2484 true);
2485 if (l < 2 || !memory_access_is_direct(mr, true)) {
2486 #if defined(TARGET_WORDS_BIGENDIAN)
2487 if (endian == DEVICE_LITTLE_ENDIAN) {
2488 val = bswap16(val);
2489 }
2490 #else
2491 if (endian == DEVICE_BIG_ENDIAN) {
2492 val = bswap16(val);
2493 }
2494 #endif
2495 io_mem_write(mr, addr1, val, 2);
2496 } else {
2497 /* RAM case */
2498 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2499 ptr = qemu_get_ram_ptr(addr1);
2500 switch (endian) {
2501 case DEVICE_LITTLE_ENDIAN:
2502 stw_le_p(ptr, val);
2503 break;
2504 case DEVICE_BIG_ENDIAN:
2505 stw_be_p(ptr, val);
2506 break;
2507 default:
2508 stw_p(ptr, val);
2509 break;
2510 }
2511 invalidate_and_set_dirty(addr1, 2);
2512 }
2513 }
2514
2515 void stw_phys(hwaddr addr, uint32_t val)
2516 {
2517 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
2518 }
2519
2520 void stw_le_phys(hwaddr addr, uint32_t val)
2521 {
2522 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
2523 }
2524
2525 void stw_be_phys(hwaddr addr, uint32_t val)
2526 {
2527 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
2528 }
2529
2530 /* XXX: optimize */
2531 void stq_phys(hwaddr addr, uint64_t val)
2532 {
2533 val = tswap64(val);
2534 cpu_physical_memory_write(addr, &val, 8);
2535 }
2536
2537 void stq_le_phys(hwaddr addr, uint64_t val)
2538 {
2539 val = cpu_to_le64(val);
2540 cpu_physical_memory_write(addr, &val, 8);
2541 }
2542
2543 void stq_be_phys(hwaddr addr, uint64_t val)
2544 {
2545 val = cpu_to_be64(val);
2546 cpu_physical_memory_write(addr, &val, 8);
2547 }
2548
2549 /* virtual memory access for debug (includes writing to ROM) */
2550 int cpu_memory_rw_debug(CPUArchState *env, target_ulong addr,
2551 uint8_t *buf, int len, int is_write)
2552 {
2553 int l;
2554 hwaddr phys_addr;
2555 target_ulong page;
2556
2557 while (len > 0) {
2558 page = addr & TARGET_PAGE_MASK;
2559 phys_addr = cpu_get_phys_page_debug(env, page);
2560 /* if no physical page mapped, return an error */
2561 if (phys_addr == -1)
2562 return -1;
2563 l = (page + TARGET_PAGE_SIZE) - addr;
2564 if (l > len)
2565 l = len;
2566 phys_addr += (addr & ~TARGET_PAGE_MASK);
2567 if (is_write)
2568 cpu_physical_memory_write_rom(phys_addr, buf, l);
2569 else
2570 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
2571 len -= l;
2572 buf += l;
2573 addr += l;
2574 }
2575 return 0;
2576 }
2577 #endif
2578
2579 #if !defined(CONFIG_USER_ONLY)
2580
2581 /*
2582 * A helper function for the _utterly broken_ virtio device model to find out if
2583 * it's running on a big endian machine. Don't do this at home kids!
2584 */
2585 bool virtio_is_big_endian(void);
2586 bool virtio_is_big_endian(void)
2587 {
2588 #if defined(TARGET_WORDS_BIGENDIAN)
2589 return true;
2590 #else
2591 return false;
2592 #endif
2593 }
2594
2595 #endif
2596
2597 #ifndef CONFIG_USER_ONLY
2598 bool cpu_physical_memory_is_io(hwaddr phys_addr)
2599 {
2600 MemoryRegion*mr;
2601 hwaddr l = 1;
2602
2603 mr = address_space_translate(&address_space_memory,
2604 phys_addr, &phys_addr, &l, false);
2605
2606 return !(memory_region_is_ram(mr) ||
2607 memory_region_is_romd(mr));
2608 }
2609 #endif
Qemu copy for testing