]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
exec: Eliminate qemu_ram_free_from_ptr()
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57
58 #include "qemu/range.h"
59 #ifndef _WIN32
60 #include "qemu/mmap-alloc.h"
61 #endif
62
63 //#define DEBUG_SUBPAGE
64
65 #if !defined(CONFIG_USER_ONLY)
66 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
67 * are protected by the ramlist lock.
68 */
69 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
70
71 static MemoryRegion *system_memory;
72 static MemoryRegion *system_io;
73
74 AddressSpace address_space_io;
75 AddressSpace address_space_memory;
76
77 MemoryRegion io_mem_rom, io_mem_notdirty;
78 static MemoryRegion io_mem_unassigned;
79
80 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
81 #define RAM_PREALLOC (1 << 0)
82
83 /* RAM is mmap-ed with MAP_SHARED */
84 #define RAM_SHARED (1 << 1)
85
86 /* Only a portion of RAM (used_length) is actually used, and migrated.
87 * This used_length size can change across reboots.
88 */
89 #define RAM_RESIZEABLE (1 << 2)
90
91 /* RAM is backed by an mmapped file.
92 */
93 #define RAM_FILE (1 << 3)
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 /* This is a multi-level map on the physical address space.
143 * The bottom level has pointers to MemoryRegionSections.
144 */
145 PhysPageEntry phys_map;
146 PhysPageMap map;
147 AddressSpace *as;
148 };
149
150 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
151 typedef struct subpage_t {
152 MemoryRegion iomem;
153 AddressSpace *as;
154 hwaddr base;
155 uint16_t sub_section[TARGET_PAGE_SIZE];
156 } subpage_t;
157
158 #define PHYS_SECTION_UNASSIGNED 0
159 #define PHYS_SECTION_NOTDIRTY 1
160 #define PHYS_SECTION_ROM 2
161 #define PHYS_SECTION_WATCH 3
162
163 static void io_mem_init(void);
164 static void memory_map_init(void);
165 static void tcg_commit(MemoryListener *listener);
166
167 static MemoryRegion io_mem_watch;
168
169 /**
170 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
171 * @cpu: the CPU whose AddressSpace this is
172 * @as: the AddressSpace itself
173 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
174 * @tcg_as_listener: listener for tracking changes to the AddressSpace
175 */
176 struct CPUAddressSpace {
177 CPUState *cpu;
178 AddressSpace *as;
179 struct AddressSpaceDispatch *memory_dispatch;
180 MemoryListener tcg_as_listener;
181 };
182
183 #endif
184
185 #if !defined(CONFIG_USER_ONLY)
186
187 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
188 {
189 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
191 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
192 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
193 }
194 }
195
196 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
197 {
198 unsigned i;
199 uint32_t ret;
200 PhysPageEntry e;
201 PhysPageEntry *p;
202
203 ret = map->nodes_nb++;
204 p = map->nodes[ret];
205 assert(ret != PHYS_MAP_NODE_NIL);
206 assert(ret != map->nodes_nb_alloc);
207
208 e.skip = leaf ? 0 : 1;
209 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
210 for (i = 0; i < P_L2_SIZE; ++i) {
211 memcpy(&p[i], &e, sizeof(e));
212 }
213 return ret;
214 }
215
216 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
217 hwaddr *index, hwaddr *nb, uint16_t leaf,
218 int level)
219 {
220 PhysPageEntry *p;
221 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
222
223 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
224 lp->ptr = phys_map_node_alloc(map, level == 0);
225 }
226 p = map->nodes[lp->ptr];
227 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
228
229 while (*nb && lp < &p[P_L2_SIZE]) {
230 if ((*index & (step - 1)) == 0 && *nb >= step) {
231 lp->skip = 0;
232 lp->ptr = leaf;
233 *index += step;
234 *nb -= step;
235 } else {
236 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
237 }
238 ++lp;
239 }
240 }
241
242 static void phys_page_set(AddressSpaceDispatch *d,
243 hwaddr index, hwaddr nb,
244 uint16_t leaf)
245 {
246 /* Wildly overreserve - it doesn't matter much. */
247 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
248
249 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
250 }
251
252 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
253 * and update our entry so we can skip it and go directly to the destination.
254 */
255 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
256 {
257 unsigned valid_ptr = P_L2_SIZE;
258 int valid = 0;
259 PhysPageEntry *p;
260 int i;
261
262 if (lp->ptr == PHYS_MAP_NODE_NIL) {
263 return;
264 }
265
266 p = nodes[lp->ptr];
267 for (i = 0; i < P_L2_SIZE; i++) {
268 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
269 continue;
270 }
271
272 valid_ptr = i;
273 valid++;
274 if (p[i].skip) {
275 phys_page_compact(&p[i], nodes, compacted);
276 }
277 }
278
279 /* We can only compress if there's only one child. */
280 if (valid != 1) {
281 return;
282 }
283
284 assert(valid_ptr < P_L2_SIZE);
285
286 /* Don't compress if it won't fit in the # of bits we have. */
287 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
288 return;
289 }
290
291 lp->ptr = p[valid_ptr].ptr;
292 if (!p[valid_ptr].skip) {
293 /* If our only child is a leaf, make this a leaf. */
294 /* By design, we should have made this node a leaf to begin with so we
295 * should never reach here.
296 * But since it's so simple to handle this, let's do it just in case we
297 * change this rule.
298 */
299 lp->skip = 0;
300 } else {
301 lp->skip += p[valid_ptr].skip;
302 }
303 }
304
305 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
306 {
307 DECLARE_BITMAP(compacted, nodes_nb);
308
309 if (d->phys_map.skip) {
310 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
311 }
312 }
313
314 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
315 Node *nodes, MemoryRegionSection *sections)
316 {
317 PhysPageEntry *p;
318 hwaddr index = addr >> TARGET_PAGE_BITS;
319 int i;
320
321 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
322 if (lp.ptr == PHYS_MAP_NODE_NIL) {
323 return &sections[PHYS_SECTION_UNASSIGNED];
324 }
325 p = nodes[lp.ptr];
326 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
327 }
328
329 if (sections[lp.ptr].size.hi ||
330 range_covers_byte(sections[lp.ptr].offset_within_address_space,
331 sections[lp.ptr].size.lo, addr)) {
332 return &sections[lp.ptr];
333 } else {
334 return &sections[PHYS_SECTION_UNASSIGNED];
335 }
336 }
337
338 bool memory_region_is_unassigned(MemoryRegion *mr)
339 {
340 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
341 && mr != &io_mem_watch;
342 }
343
344 /* Called from RCU critical section */
345 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
346 hwaddr addr,
347 bool resolve_subpage)
348 {
349 MemoryRegionSection *section;
350 subpage_t *subpage;
351
352 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
353 if (resolve_subpage && section->mr->subpage) {
354 subpage = container_of(section->mr, subpage_t, iomem);
355 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
356 }
357 return section;
358 }
359
360 /* Called from RCU critical section */
361 static MemoryRegionSection *
362 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
363 hwaddr *plen, bool resolve_subpage)
364 {
365 MemoryRegionSection *section;
366 MemoryRegion *mr;
367 Int128 diff;
368
369 section = address_space_lookup_region(d, addr, resolve_subpage);
370 /* Compute offset within MemoryRegionSection */
371 addr -= section->offset_within_address_space;
372
373 /* Compute offset within MemoryRegion */
374 *xlat = addr + section->offset_within_region;
375
376 mr = section->mr;
377
378 /* MMIO registers can be expected to perform full-width accesses based only
379 * on their address, without considering adjacent registers that could
380 * decode to completely different MemoryRegions. When such registers
381 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
382 * regions overlap wildly. For this reason we cannot clamp the accesses
383 * here.
384 *
385 * If the length is small (as is the case for address_space_ldl/stl),
386 * everything works fine. If the incoming length is large, however,
387 * the caller really has to do the clamping through memory_access_size.
388 */
389 if (memory_region_is_ram(mr)) {
390 diff = int128_sub(section->size, int128_make64(addr));
391 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
392 }
393 return section;
394 }
395
396 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
397 {
398 if (memory_region_is_ram(mr)) {
399 return !(is_write && mr->readonly);
400 }
401 if (memory_region_is_romd(mr)) {
402 return !is_write;
403 }
404
405 return false;
406 }
407
408 /* Called from RCU critical section */
409 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
410 hwaddr *xlat, hwaddr *plen,
411 bool is_write)
412 {
413 IOMMUTLBEntry iotlb;
414 MemoryRegionSection *section;
415 MemoryRegion *mr;
416
417 for (;;) {
418 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
419 section = address_space_translate_internal(d, addr, &addr, plen, true);
420 mr = section->mr;
421
422 if (!mr->iommu_ops) {
423 break;
424 }
425
426 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
427 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
428 | (addr & iotlb.addr_mask));
429 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
430 if (!(iotlb.perm & (1 << is_write))) {
431 mr = &io_mem_unassigned;
432 break;
433 }
434
435 as = iotlb.target_as;
436 }
437
438 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
439 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
440 *plen = MIN(page, *plen);
441 }
442
443 *xlat = addr;
444 return mr;
445 }
446
447 /* Called from RCU critical section */
448 MemoryRegionSection *
449 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
450 hwaddr *xlat, hwaddr *plen)
451 {
452 MemoryRegionSection *section;
453 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
454 addr, xlat, plen, false);
455
456 assert(!section->mr->iommu_ops);
457 return section;
458 }
459 #endif
460
461 #if !defined(CONFIG_USER_ONLY)
462
463 static int cpu_common_post_load(void *opaque, int version_id)
464 {
465 CPUState *cpu = opaque;
466
467 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
468 version_id is increased. */
469 cpu->interrupt_request &= ~0x01;
470 tlb_flush(cpu, 1);
471
472 return 0;
473 }
474
475 static int cpu_common_pre_load(void *opaque)
476 {
477 CPUState *cpu = opaque;
478
479 cpu->exception_index = -1;
480
481 return 0;
482 }
483
484 static bool cpu_common_exception_index_needed(void *opaque)
485 {
486 CPUState *cpu = opaque;
487
488 return tcg_enabled() && cpu->exception_index != -1;
489 }
490
491 static const VMStateDescription vmstate_cpu_common_exception_index = {
492 .name = "cpu_common/exception_index",
493 .version_id = 1,
494 .minimum_version_id = 1,
495 .needed = cpu_common_exception_index_needed,
496 .fields = (VMStateField[]) {
497 VMSTATE_INT32(exception_index, CPUState),
498 VMSTATE_END_OF_LIST()
499 }
500 };
501
502 static bool cpu_common_crash_occurred_needed(void *opaque)
503 {
504 CPUState *cpu = opaque;
505
506 return cpu->crash_occurred;
507 }
508
509 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
510 .name = "cpu_common/crash_occurred",
511 .version_id = 1,
512 .minimum_version_id = 1,
513 .needed = cpu_common_crash_occurred_needed,
514 .fields = (VMStateField[]) {
515 VMSTATE_BOOL(crash_occurred, CPUState),
516 VMSTATE_END_OF_LIST()
517 }
518 };
519
520 const VMStateDescription vmstate_cpu_common = {
521 .name = "cpu_common",
522 .version_id = 1,
523 .minimum_version_id = 1,
524 .pre_load = cpu_common_pre_load,
525 .post_load = cpu_common_post_load,
526 .fields = (VMStateField[]) {
527 VMSTATE_UINT32(halted, CPUState),
528 VMSTATE_UINT32(interrupt_request, CPUState),
529 VMSTATE_END_OF_LIST()
530 },
531 .subsections = (const VMStateDescription*[]) {
532 &vmstate_cpu_common_exception_index,
533 &vmstate_cpu_common_crash_occurred,
534 NULL
535 }
536 };
537
538 #endif
539
540 CPUState *qemu_get_cpu(int index)
541 {
542 CPUState *cpu;
543
544 CPU_FOREACH(cpu) {
545 if (cpu->cpu_index == index) {
546 return cpu;
547 }
548 }
549
550 return NULL;
551 }
552
553 #if !defined(CONFIG_USER_ONLY)
554 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
555 {
556 /* We only support one address space per cpu at the moment. */
557 assert(cpu->as == as);
558
559 if (cpu->cpu_ases) {
560 /* We've already registered the listener for our only AS */
561 return;
562 }
563
564 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
565 cpu->cpu_ases[0].cpu = cpu;
566 cpu->cpu_ases[0].as = as;
567 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
568 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
569 }
570 #endif
571
572 #ifndef CONFIG_USER_ONLY
573 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
574
575 static int cpu_get_free_index(Error **errp)
576 {
577 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
578
579 if (cpu >= MAX_CPUMASK_BITS) {
580 error_setg(errp, "Trying to use more CPUs than max of %d",
581 MAX_CPUMASK_BITS);
582 return -1;
583 }
584
585 bitmap_set(cpu_index_map, cpu, 1);
586 return cpu;
587 }
588
589 void cpu_exec_exit(CPUState *cpu)
590 {
591 if (cpu->cpu_index == -1) {
592 /* cpu_index was never allocated by this @cpu or was already freed. */
593 return;
594 }
595
596 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
597 cpu->cpu_index = -1;
598 }
599 #else
600
601 static int cpu_get_free_index(Error **errp)
602 {
603 CPUState *some_cpu;
604 int cpu_index = 0;
605
606 CPU_FOREACH(some_cpu) {
607 cpu_index++;
608 }
609 return cpu_index;
610 }
611
612 void cpu_exec_exit(CPUState *cpu)
613 {
614 }
615 #endif
616
617 void cpu_exec_init(CPUState *cpu, Error **errp)
618 {
619 CPUClass *cc = CPU_GET_CLASS(cpu);
620 int cpu_index;
621 Error *local_err = NULL;
622
623 #ifndef CONFIG_USER_ONLY
624 cpu->as = &address_space_memory;
625 cpu->thread_id = qemu_get_thread_id();
626 #endif
627
628 #if defined(CONFIG_USER_ONLY)
629 cpu_list_lock();
630 #endif
631 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
632 if (local_err) {
633 error_propagate(errp, local_err);
634 #if defined(CONFIG_USER_ONLY)
635 cpu_list_unlock();
636 #endif
637 return;
638 }
639 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
640 #if defined(CONFIG_USER_ONLY)
641 cpu_list_unlock();
642 #endif
643 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
644 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
645 }
646 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
647 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
648 cpu_save, cpu_load, cpu->env_ptr);
649 assert(cc->vmsd == NULL);
650 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
651 #endif
652 if (cc->vmsd != NULL) {
653 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
654 }
655 }
656
657 #if defined(CONFIG_USER_ONLY)
658 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
659 {
660 tb_invalidate_phys_page_range(pc, pc + 1, 0);
661 }
662 #else
663 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
664 {
665 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
666 if (phys != -1) {
667 tb_invalidate_phys_addr(cpu->as,
668 phys | (pc & ~TARGET_PAGE_MASK));
669 }
670 }
671 #endif
672
673 #if defined(CONFIG_USER_ONLY)
674 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
675
676 {
677 }
678
679 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
680 int flags)
681 {
682 return -ENOSYS;
683 }
684
685 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
686 {
687 }
688
689 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
690 int flags, CPUWatchpoint **watchpoint)
691 {
692 return -ENOSYS;
693 }
694 #else
695 /* Add a watchpoint. */
696 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
697 int flags, CPUWatchpoint **watchpoint)
698 {
699 CPUWatchpoint *wp;
700
701 /* forbid ranges which are empty or run off the end of the address space */
702 if (len == 0 || (addr + len - 1) < addr) {
703 error_report("tried to set invalid watchpoint at %"
704 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
705 return -EINVAL;
706 }
707 wp = g_malloc(sizeof(*wp));
708
709 wp->vaddr = addr;
710 wp->len = len;
711 wp->flags = flags;
712
713 /* keep all GDB-injected watchpoints in front */
714 if (flags & BP_GDB) {
715 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
716 } else {
717 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
718 }
719
720 tlb_flush_page(cpu, addr);
721
722 if (watchpoint)
723 *watchpoint = wp;
724 return 0;
725 }
726
727 /* Remove a specific watchpoint. */
728 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
729 int flags)
730 {
731 CPUWatchpoint *wp;
732
733 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
734 if (addr == wp->vaddr && len == wp->len
735 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
736 cpu_watchpoint_remove_by_ref(cpu, wp);
737 return 0;
738 }
739 }
740 return -ENOENT;
741 }
742
743 /* Remove a specific watchpoint by reference. */
744 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
745 {
746 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
747
748 tlb_flush_page(cpu, watchpoint->vaddr);
749
750 g_free(watchpoint);
751 }
752
753 /* Remove all matching watchpoints. */
754 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
755 {
756 CPUWatchpoint *wp, *next;
757
758 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
759 if (wp->flags & mask) {
760 cpu_watchpoint_remove_by_ref(cpu, wp);
761 }
762 }
763 }
764
765 /* Return true if this watchpoint address matches the specified
766 * access (ie the address range covered by the watchpoint overlaps
767 * partially or completely with the address range covered by the
768 * access).
769 */
770 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
771 vaddr addr,
772 vaddr len)
773 {
774 /* We know the lengths are non-zero, but a little caution is
775 * required to avoid errors in the case where the range ends
776 * exactly at the top of the address space and so addr + len
777 * wraps round to zero.
778 */
779 vaddr wpend = wp->vaddr + wp->len - 1;
780 vaddr addrend = addr + len - 1;
781
782 return !(addr > wpend || wp->vaddr > addrend);
783 }
784
785 #endif
786
787 /* Add a breakpoint. */
788 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
789 CPUBreakpoint **breakpoint)
790 {
791 CPUBreakpoint *bp;
792
793 bp = g_malloc(sizeof(*bp));
794
795 bp->pc = pc;
796 bp->flags = flags;
797
798 /* keep all GDB-injected breakpoints in front */
799 if (flags & BP_GDB) {
800 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
801 } else {
802 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
803 }
804
805 breakpoint_invalidate(cpu, pc);
806
807 if (breakpoint) {
808 *breakpoint = bp;
809 }
810 return 0;
811 }
812
813 /* Remove a specific breakpoint. */
814 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
815 {
816 CPUBreakpoint *bp;
817
818 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
819 if (bp->pc == pc && bp->flags == flags) {
820 cpu_breakpoint_remove_by_ref(cpu, bp);
821 return 0;
822 }
823 }
824 return -ENOENT;
825 }
826
827 /* Remove a specific breakpoint by reference. */
828 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
829 {
830 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
831
832 breakpoint_invalidate(cpu, breakpoint->pc);
833
834 g_free(breakpoint);
835 }
836
837 /* Remove all matching breakpoints. */
838 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
839 {
840 CPUBreakpoint *bp, *next;
841
842 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
843 if (bp->flags & mask) {
844 cpu_breakpoint_remove_by_ref(cpu, bp);
845 }
846 }
847 }
848
849 /* enable or disable single step mode. EXCP_DEBUG is returned by the
850 CPU loop after each instruction */
851 void cpu_single_step(CPUState *cpu, int enabled)
852 {
853 if (cpu->singlestep_enabled != enabled) {
854 cpu->singlestep_enabled = enabled;
855 if (kvm_enabled()) {
856 kvm_update_guest_debug(cpu, 0);
857 } else {
858 /* must flush all the translated code to avoid inconsistencies */
859 /* XXX: only flush what is necessary */
860 tb_flush(cpu);
861 }
862 }
863 }
864
865 void cpu_abort(CPUState *cpu, const char *fmt, ...)
866 {
867 va_list ap;
868 va_list ap2;
869
870 va_start(ap, fmt);
871 va_copy(ap2, ap);
872 fprintf(stderr, "qemu: fatal: ");
873 vfprintf(stderr, fmt, ap);
874 fprintf(stderr, "\n");
875 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
876 if (qemu_log_enabled()) {
877 qemu_log("qemu: fatal: ");
878 qemu_log_vprintf(fmt, ap2);
879 qemu_log("\n");
880 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
881 qemu_log_flush();
882 qemu_log_close();
883 }
884 va_end(ap2);
885 va_end(ap);
886 replay_finish();
887 #if defined(CONFIG_USER_ONLY)
888 {
889 struct sigaction act;
890 sigfillset(&act.sa_mask);
891 act.sa_handler = SIG_DFL;
892 sigaction(SIGABRT, &act, NULL);
893 }
894 #endif
895 abort();
896 }
897
898 #if !defined(CONFIG_USER_ONLY)
899 /* Called from RCU critical section */
900 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
901 {
902 RAMBlock *block;
903
904 block = atomic_rcu_read(&ram_list.mru_block);
905 if (block && addr - block->offset < block->max_length) {
906 return block;
907 }
908 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
909 if (addr - block->offset < block->max_length) {
910 goto found;
911 }
912 }
913
914 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
915 abort();
916
917 found:
918 /* It is safe to write mru_block outside the iothread lock. This
919 * is what happens:
920 *
921 * mru_block = xxx
922 * rcu_read_unlock()
923 * xxx removed from list
924 * rcu_read_lock()
925 * read mru_block
926 * mru_block = NULL;
927 * call_rcu(reclaim_ramblock, xxx);
928 * rcu_read_unlock()
929 *
930 * atomic_rcu_set is not needed here. The block was already published
931 * when it was placed into the list. Here we're just making an extra
932 * copy of the pointer.
933 */
934 ram_list.mru_block = block;
935 return block;
936 }
937
938 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
939 {
940 CPUState *cpu;
941 ram_addr_t start1;
942 RAMBlock *block;
943 ram_addr_t end;
944
945 end = TARGET_PAGE_ALIGN(start + length);
946 start &= TARGET_PAGE_MASK;
947
948 rcu_read_lock();
949 block = qemu_get_ram_block(start);
950 assert(block == qemu_get_ram_block(end - 1));
951 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
952 CPU_FOREACH(cpu) {
953 tlb_reset_dirty(cpu, start1, length);
954 }
955 rcu_read_unlock();
956 }
957
958 /* Note: start and end must be within the same ram block. */
959 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
960 ram_addr_t length,
961 unsigned client)
962 {
963 unsigned long end, page;
964 bool dirty;
965
966 if (length == 0) {
967 return false;
968 }
969
970 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
971 page = start >> TARGET_PAGE_BITS;
972 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
973 page, end - page);
974
975 if (dirty && tcg_enabled()) {
976 tlb_reset_dirty_range_all(start, length);
977 }
978
979 return dirty;
980 }
981
982 /* Called from RCU critical section */
983 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
984 MemoryRegionSection *section,
985 target_ulong vaddr,
986 hwaddr paddr, hwaddr xlat,
987 int prot,
988 target_ulong *address)
989 {
990 hwaddr iotlb;
991 CPUWatchpoint *wp;
992
993 if (memory_region_is_ram(section->mr)) {
994 /* Normal RAM. */
995 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
996 + xlat;
997 if (!section->readonly) {
998 iotlb |= PHYS_SECTION_NOTDIRTY;
999 } else {
1000 iotlb |= PHYS_SECTION_ROM;
1001 }
1002 } else {
1003 AddressSpaceDispatch *d;
1004
1005 d = atomic_rcu_read(&section->address_space->dispatch);
1006 iotlb = section - d->map.sections;
1007 iotlb += xlat;
1008 }
1009
1010 /* Make accesses to pages with watchpoints go via the
1011 watchpoint trap routines. */
1012 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1013 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1014 /* Avoid trapping reads of pages with a write breakpoint. */
1015 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1016 iotlb = PHYS_SECTION_WATCH + paddr;
1017 *address |= TLB_MMIO;
1018 break;
1019 }
1020 }
1021 }
1022
1023 return iotlb;
1024 }
1025 #endif /* defined(CONFIG_USER_ONLY) */
1026
1027 #if !defined(CONFIG_USER_ONLY)
1028
1029 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1030 uint16_t section);
1031 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1032
1033 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1034 qemu_anon_ram_alloc;
1035
1036 /*
1037 * Set a custom physical guest memory alloator.
1038 * Accelerators with unusual needs may need this. Hopefully, we can
1039 * get rid of it eventually.
1040 */
1041 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1042 {
1043 phys_mem_alloc = alloc;
1044 }
1045
1046 static uint16_t phys_section_add(PhysPageMap *map,
1047 MemoryRegionSection *section)
1048 {
1049 /* The physical section number is ORed with a page-aligned
1050 * pointer to produce the iotlb entries. Thus it should
1051 * never overflow into the page-aligned value.
1052 */
1053 assert(map->sections_nb < TARGET_PAGE_SIZE);
1054
1055 if (map->sections_nb == map->sections_nb_alloc) {
1056 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1057 map->sections = g_renew(MemoryRegionSection, map->sections,
1058 map->sections_nb_alloc);
1059 }
1060 map->sections[map->sections_nb] = *section;
1061 memory_region_ref(section->mr);
1062 return map->sections_nb++;
1063 }
1064
1065 static void phys_section_destroy(MemoryRegion *mr)
1066 {
1067 bool have_sub_page = mr->subpage;
1068
1069 memory_region_unref(mr);
1070
1071 if (have_sub_page) {
1072 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1073 object_unref(OBJECT(&subpage->iomem));
1074 g_free(subpage);
1075 }
1076 }
1077
1078 static void phys_sections_free(PhysPageMap *map)
1079 {
1080 while (map->sections_nb > 0) {
1081 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1082 phys_section_destroy(section->mr);
1083 }
1084 g_free(map->sections);
1085 g_free(map->nodes);
1086 }
1087
1088 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1089 {
1090 subpage_t *subpage;
1091 hwaddr base = section->offset_within_address_space
1092 & TARGET_PAGE_MASK;
1093 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1094 d->map.nodes, d->map.sections);
1095 MemoryRegionSection subsection = {
1096 .offset_within_address_space = base,
1097 .size = int128_make64(TARGET_PAGE_SIZE),
1098 };
1099 hwaddr start, end;
1100
1101 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1102
1103 if (!(existing->mr->subpage)) {
1104 subpage = subpage_init(d->as, base);
1105 subsection.address_space = d->as;
1106 subsection.mr = &subpage->iomem;
1107 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1108 phys_section_add(&d->map, &subsection));
1109 } else {
1110 subpage = container_of(existing->mr, subpage_t, iomem);
1111 }
1112 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1113 end = start + int128_get64(section->size) - 1;
1114 subpage_register(subpage, start, end,
1115 phys_section_add(&d->map, section));
1116 }
1117
1118
1119 static void register_multipage(AddressSpaceDispatch *d,
1120 MemoryRegionSection *section)
1121 {
1122 hwaddr start_addr = section->offset_within_address_space;
1123 uint16_t section_index = phys_section_add(&d->map, section);
1124 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1125 TARGET_PAGE_BITS));
1126
1127 assert(num_pages);
1128 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1129 }
1130
1131 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1132 {
1133 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1134 AddressSpaceDispatch *d = as->next_dispatch;
1135 MemoryRegionSection now = *section, remain = *section;
1136 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1137
1138 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1139 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1140 - now.offset_within_address_space;
1141
1142 now.size = int128_min(int128_make64(left), now.size);
1143 register_subpage(d, &now);
1144 } else {
1145 now.size = int128_zero();
1146 }
1147 while (int128_ne(remain.size, now.size)) {
1148 remain.size = int128_sub(remain.size, now.size);
1149 remain.offset_within_address_space += int128_get64(now.size);
1150 remain.offset_within_region += int128_get64(now.size);
1151 now = remain;
1152 if (int128_lt(remain.size, page_size)) {
1153 register_subpage(d, &now);
1154 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1155 now.size = page_size;
1156 register_subpage(d, &now);
1157 } else {
1158 now.size = int128_and(now.size, int128_neg(page_size));
1159 register_multipage(d, &now);
1160 }
1161 }
1162 }
1163
1164 void qemu_flush_coalesced_mmio_buffer(void)
1165 {
1166 if (kvm_enabled())
1167 kvm_flush_coalesced_mmio_buffer();
1168 }
1169
1170 void qemu_mutex_lock_ramlist(void)
1171 {
1172 qemu_mutex_lock(&ram_list.mutex);
1173 }
1174
1175 void qemu_mutex_unlock_ramlist(void)
1176 {
1177 qemu_mutex_unlock(&ram_list.mutex);
1178 }
1179
1180 #ifdef __linux__
1181
1182 #include <sys/vfs.h>
1183
1184 #define HUGETLBFS_MAGIC 0x958458f6
1185
1186 static long gethugepagesize(const char *path, Error **errp)
1187 {
1188 struct statfs fs;
1189 int ret;
1190
1191 do {
1192 ret = statfs(path, &fs);
1193 } while (ret != 0 && errno == EINTR);
1194
1195 if (ret != 0) {
1196 error_setg_errno(errp, errno, "failed to get page size of file %s",
1197 path);
1198 return 0;
1199 }
1200
1201 return fs.f_bsize;
1202 }
1203
1204 static void *file_ram_alloc(RAMBlock *block,
1205 ram_addr_t memory,
1206 const char *path,
1207 Error **errp)
1208 {
1209 struct stat st;
1210 char *filename;
1211 char *sanitized_name;
1212 char *c;
1213 void *area;
1214 int fd;
1215 uint64_t hpagesize;
1216 Error *local_err = NULL;
1217
1218 hpagesize = gethugepagesize(path, &local_err);
1219 if (local_err) {
1220 error_propagate(errp, local_err);
1221 goto error;
1222 }
1223 block->mr->align = hpagesize;
1224
1225 if (memory < hpagesize) {
1226 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1227 "or larger than huge page size 0x%" PRIx64,
1228 memory, hpagesize);
1229 goto error;
1230 }
1231
1232 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1233 error_setg(errp,
1234 "host lacks kvm mmu notifiers, -mem-path unsupported");
1235 goto error;
1236 }
1237
1238 if (!stat(path, &st) && S_ISDIR(st.st_mode)) {
1239 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1240 sanitized_name = g_strdup(memory_region_name(block->mr));
1241 for (c = sanitized_name; *c != '\0'; c++) {
1242 if (*c == '/') {
1243 *c = '_';
1244 }
1245 }
1246
1247 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1248 sanitized_name);
1249 g_free(sanitized_name);
1250
1251 fd = mkstemp(filename);
1252 if (fd >= 0) {
1253 unlink(filename);
1254 }
1255 g_free(filename);
1256 } else {
1257 fd = open(path, O_RDWR | O_CREAT, 0644);
1258 }
1259
1260 if (fd < 0) {
1261 error_setg_errno(errp, errno,
1262 "unable to create backing store for hugepages");
1263 goto error;
1264 }
1265
1266 memory = ROUND_UP(memory, hpagesize);
1267
1268 /*
1269 * ftruncate is not supported by hugetlbfs in older
1270 * hosts, so don't bother bailing out on errors.
1271 * If anything goes wrong with it under other filesystems,
1272 * mmap will fail.
1273 */
1274 if (ftruncate(fd, memory)) {
1275 perror("ftruncate");
1276 }
1277
1278 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1279 if (area == MAP_FAILED) {
1280 error_setg_errno(errp, errno,
1281 "unable to map backing store for hugepages");
1282 close(fd);
1283 goto error;
1284 }
1285
1286 if (mem_prealloc) {
1287 os_mem_prealloc(fd, area, memory);
1288 }
1289
1290 block->fd = fd;
1291 return area;
1292
1293 error:
1294 return NULL;
1295 }
1296 #endif
1297
1298 /* Called with the ramlist lock held. */
1299 static ram_addr_t find_ram_offset(ram_addr_t size)
1300 {
1301 RAMBlock *block, *next_block;
1302 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1303
1304 assert(size != 0); /* it would hand out same offset multiple times */
1305
1306 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1307 return 0;
1308 }
1309
1310 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1311 ram_addr_t end, next = RAM_ADDR_MAX;
1312
1313 end = block->offset + block->max_length;
1314
1315 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1316 if (next_block->offset >= end) {
1317 next = MIN(next, next_block->offset);
1318 }
1319 }
1320 if (next - end >= size && next - end < mingap) {
1321 offset = end;
1322 mingap = next - end;
1323 }
1324 }
1325
1326 if (offset == RAM_ADDR_MAX) {
1327 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1328 (uint64_t)size);
1329 abort();
1330 }
1331
1332 return offset;
1333 }
1334
1335 ram_addr_t last_ram_offset(void)
1336 {
1337 RAMBlock *block;
1338 ram_addr_t last = 0;
1339
1340 rcu_read_lock();
1341 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1342 last = MAX(last, block->offset + block->max_length);
1343 }
1344 rcu_read_unlock();
1345 return last;
1346 }
1347
1348 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1349 {
1350 int ret;
1351
1352 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1353 if (!machine_dump_guest_core(current_machine)) {
1354 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1355 if (ret) {
1356 perror("qemu_madvise");
1357 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1358 "but dump_guest_core=off specified\n");
1359 }
1360 }
1361 }
1362
1363 /* Called within an RCU critical section, or while the ramlist lock
1364 * is held.
1365 */
1366 static RAMBlock *find_ram_block(ram_addr_t addr)
1367 {
1368 RAMBlock *block;
1369
1370 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1371 if (block->offset == addr) {
1372 return block;
1373 }
1374 }
1375
1376 return NULL;
1377 }
1378
1379 const char *qemu_ram_get_idstr(RAMBlock *rb)
1380 {
1381 return rb->idstr;
1382 }
1383
1384 /* Called with iothread lock held. */
1385 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1386 {
1387 RAMBlock *new_block, *block;
1388
1389 rcu_read_lock();
1390 new_block = find_ram_block(addr);
1391 assert(new_block);
1392 assert(!new_block->idstr[0]);
1393
1394 if (dev) {
1395 char *id = qdev_get_dev_path(dev);
1396 if (id) {
1397 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1398 g_free(id);
1399 }
1400 }
1401 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1402
1403 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1404 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1405 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1406 new_block->idstr);
1407 abort();
1408 }
1409 }
1410 rcu_read_unlock();
1411 }
1412
1413 /* Called with iothread lock held. */
1414 void qemu_ram_unset_idstr(ram_addr_t addr)
1415 {
1416 RAMBlock *block;
1417
1418 /* FIXME: arch_init.c assumes that this is not called throughout
1419 * migration. Ignore the problem since hot-unplug during migration
1420 * does not work anyway.
1421 */
1422
1423 rcu_read_lock();
1424 block = find_ram_block(addr);
1425 if (block) {
1426 memset(block->idstr, 0, sizeof(block->idstr));
1427 }
1428 rcu_read_unlock();
1429 }
1430
1431 static int memory_try_enable_merging(void *addr, size_t len)
1432 {
1433 if (!machine_mem_merge(current_machine)) {
1434 /* disabled by the user */
1435 return 0;
1436 }
1437
1438 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1439 }
1440
1441 /* Only legal before guest might have detected the memory size: e.g. on
1442 * incoming migration, or right after reset.
1443 *
1444 * As memory core doesn't know how is memory accessed, it is up to
1445 * resize callback to update device state and/or add assertions to detect
1446 * misuse, if necessary.
1447 */
1448 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1449 {
1450 RAMBlock *block = find_ram_block(base);
1451
1452 assert(block);
1453
1454 newsize = HOST_PAGE_ALIGN(newsize);
1455
1456 if (block->used_length == newsize) {
1457 return 0;
1458 }
1459
1460 if (!(block->flags & RAM_RESIZEABLE)) {
1461 error_setg_errno(errp, EINVAL,
1462 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1463 " in != 0x" RAM_ADDR_FMT, block->idstr,
1464 newsize, block->used_length);
1465 return -EINVAL;
1466 }
1467
1468 if (block->max_length < newsize) {
1469 error_setg_errno(errp, EINVAL,
1470 "Length too large: %s: 0x" RAM_ADDR_FMT
1471 " > 0x" RAM_ADDR_FMT, block->idstr,
1472 newsize, block->max_length);
1473 return -EINVAL;
1474 }
1475
1476 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1477 block->used_length = newsize;
1478 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1479 DIRTY_CLIENTS_ALL);
1480 memory_region_set_size(block->mr, newsize);
1481 if (block->resized) {
1482 block->resized(block->idstr, newsize, block->host);
1483 }
1484 return 0;
1485 }
1486
1487 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1488 {
1489 RAMBlock *block;
1490 RAMBlock *last_block = NULL;
1491 ram_addr_t old_ram_size, new_ram_size;
1492
1493 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1494
1495 qemu_mutex_lock_ramlist();
1496 new_block->offset = find_ram_offset(new_block->max_length);
1497
1498 if (!new_block->host) {
1499 if (xen_enabled()) {
1500 xen_ram_alloc(new_block->offset, new_block->max_length,
1501 new_block->mr);
1502 } else {
1503 new_block->host = phys_mem_alloc(new_block->max_length,
1504 &new_block->mr->align);
1505 if (!new_block->host) {
1506 error_setg_errno(errp, errno,
1507 "cannot set up guest memory '%s'",
1508 memory_region_name(new_block->mr));
1509 qemu_mutex_unlock_ramlist();
1510 return -1;
1511 }
1512 memory_try_enable_merging(new_block->host, new_block->max_length);
1513 }
1514 }
1515
1516 new_ram_size = MAX(old_ram_size,
1517 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1518 if (new_ram_size > old_ram_size) {
1519 migration_bitmap_extend(old_ram_size, new_ram_size);
1520 }
1521 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1522 * QLIST (which has an RCU-friendly variant) does not have insertion at
1523 * tail, so save the last element in last_block.
1524 */
1525 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1526 last_block = block;
1527 if (block->max_length < new_block->max_length) {
1528 break;
1529 }
1530 }
1531 if (block) {
1532 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1533 } else if (last_block) {
1534 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1535 } else { /* list is empty */
1536 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1537 }
1538 ram_list.mru_block = NULL;
1539
1540 /* Write list before version */
1541 smp_wmb();
1542 ram_list.version++;
1543 qemu_mutex_unlock_ramlist();
1544
1545 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1546
1547 if (new_ram_size > old_ram_size) {
1548 int i;
1549
1550 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1551 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1552 ram_list.dirty_memory[i] =
1553 bitmap_zero_extend(ram_list.dirty_memory[i],
1554 old_ram_size, new_ram_size);
1555 }
1556 }
1557 cpu_physical_memory_set_dirty_range(new_block->offset,
1558 new_block->used_length,
1559 DIRTY_CLIENTS_ALL);
1560
1561 if (new_block->host) {
1562 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1563 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1564 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1565 if (kvm_enabled()) {
1566 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1567 }
1568 }
1569
1570 return new_block->offset;
1571 }
1572
1573 #ifdef __linux__
1574 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1575 bool share, const char *mem_path,
1576 Error **errp)
1577 {
1578 RAMBlock *new_block;
1579 ram_addr_t addr;
1580 Error *local_err = NULL;
1581
1582 if (xen_enabled()) {
1583 error_setg(errp, "-mem-path not supported with Xen");
1584 return -1;
1585 }
1586
1587 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1588 /*
1589 * file_ram_alloc() needs to allocate just like
1590 * phys_mem_alloc, but we haven't bothered to provide
1591 * a hook there.
1592 */
1593 error_setg(errp,
1594 "-mem-path not supported with this accelerator");
1595 return -1;
1596 }
1597
1598 size = HOST_PAGE_ALIGN(size);
1599 new_block = g_malloc0(sizeof(*new_block));
1600 new_block->mr = mr;
1601 new_block->used_length = size;
1602 new_block->max_length = size;
1603 new_block->flags = share ? RAM_SHARED : 0;
1604 new_block->flags |= RAM_FILE;
1605 new_block->host = file_ram_alloc(new_block, size,
1606 mem_path, errp);
1607 if (!new_block->host) {
1608 g_free(new_block);
1609 return -1;
1610 }
1611
1612 addr = ram_block_add(new_block, &local_err);
1613 if (local_err) {
1614 g_free(new_block);
1615 error_propagate(errp, local_err);
1616 return -1;
1617 }
1618 return addr;
1619 }
1620 #endif
1621
1622 static
1623 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1624 void (*resized)(const char*,
1625 uint64_t length,
1626 void *host),
1627 void *host, bool resizeable,
1628 MemoryRegion *mr, Error **errp)
1629 {
1630 RAMBlock *new_block;
1631 ram_addr_t addr;
1632 Error *local_err = NULL;
1633
1634 size = HOST_PAGE_ALIGN(size);
1635 max_size = HOST_PAGE_ALIGN(max_size);
1636 new_block = g_malloc0(sizeof(*new_block));
1637 new_block->mr = mr;
1638 new_block->resized = resized;
1639 new_block->used_length = size;
1640 new_block->max_length = max_size;
1641 assert(max_size >= size);
1642 new_block->fd = -1;
1643 new_block->host = host;
1644 if (host) {
1645 new_block->flags |= RAM_PREALLOC;
1646 }
1647 if (resizeable) {
1648 new_block->flags |= RAM_RESIZEABLE;
1649 }
1650 addr = ram_block_add(new_block, &local_err);
1651 if (local_err) {
1652 g_free(new_block);
1653 error_propagate(errp, local_err);
1654 return -1;
1655 }
1656 return addr;
1657 }
1658
1659 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1660 MemoryRegion *mr, Error **errp)
1661 {
1662 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1663 }
1664
1665 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1666 {
1667 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1668 }
1669
1670 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1671 void (*resized)(const char*,
1672 uint64_t length,
1673 void *host),
1674 MemoryRegion *mr, Error **errp)
1675 {
1676 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1677 }
1678
1679 static void reclaim_ramblock(RAMBlock *block)
1680 {
1681 if (block->flags & RAM_PREALLOC) {
1682 ;
1683 } else if (xen_enabled()) {
1684 xen_invalidate_map_cache_entry(block->host);
1685 #ifndef _WIN32
1686 } else if (block->fd >= 0) {
1687 if (block->flags & RAM_FILE) {
1688 qemu_ram_munmap(block->host, block->max_length);
1689 } else {
1690 munmap(block->host, block->max_length);
1691 }
1692 close(block->fd);
1693 #endif
1694 } else {
1695 qemu_anon_ram_free(block->host, block->max_length);
1696 }
1697 g_free(block);
1698 }
1699
1700 void qemu_ram_free(ram_addr_t addr)
1701 {
1702 RAMBlock *block;
1703
1704 qemu_mutex_lock_ramlist();
1705 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1706 if (addr == block->offset) {
1707 QLIST_REMOVE_RCU(block, next);
1708 ram_list.mru_block = NULL;
1709 /* Write list before version */
1710 smp_wmb();
1711 ram_list.version++;
1712 call_rcu(block, reclaim_ramblock, rcu);
1713 break;
1714 }
1715 }
1716 qemu_mutex_unlock_ramlist();
1717 }
1718
1719 #ifndef _WIN32
1720 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1721 {
1722 RAMBlock *block;
1723 ram_addr_t offset;
1724 int flags;
1725 void *area, *vaddr;
1726
1727 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1728 offset = addr - block->offset;
1729 if (offset < block->max_length) {
1730 vaddr = ramblock_ptr(block, offset);
1731 if (block->flags & RAM_PREALLOC) {
1732 ;
1733 } else if (xen_enabled()) {
1734 abort();
1735 } else {
1736 flags = MAP_FIXED;
1737 if (block->fd >= 0) {
1738 flags |= (block->flags & RAM_SHARED ?
1739 MAP_SHARED : MAP_PRIVATE);
1740 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1741 flags, block->fd, offset);
1742 } else {
1743 /*
1744 * Remap needs to match alloc. Accelerators that
1745 * set phys_mem_alloc never remap. If they did,
1746 * we'd need a remap hook here.
1747 */
1748 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1749
1750 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1751 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1752 flags, -1, 0);
1753 }
1754 if (area != vaddr) {
1755 fprintf(stderr, "Could not remap addr: "
1756 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1757 length, addr);
1758 exit(1);
1759 }
1760 memory_try_enable_merging(vaddr, length);
1761 qemu_ram_setup_dump(vaddr, length);
1762 }
1763 }
1764 }
1765 }
1766 #endif /* !_WIN32 */
1767
1768 int qemu_get_ram_fd(ram_addr_t addr)
1769 {
1770 RAMBlock *block;
1771 int fd;
1772
1773 rcu_read_lock();
1774 block = qemu_get_ram_block(addr);
1775 fd = block->fd;
1776 rcu_read_unlock();
1777 return fd;
1778 }
1779
1780 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1781 {
1782 RAMBlock *block;
1783 void *ptr;
1784
1785 rcu_read_lock();
1786 block = qemu_get_ram_block(addr);
1787 ptr = ramblock_ptr(block, 0);
1788 rcu_read_unlock();
1789 return ptr;
1790 }
1791
1792 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1793 * This should not be used for general purpose DMA. Use address_space_map
1794 * or address_space_rw instead. For local memory (e.g. video ram) that the
1795 * device owns, use memory_region_get_ram_ptr.
1796 *
1797 * By the time this function returns, the returned pointer is not protected
1798 * by RCU anymore. If the caller is not within an RCU critical section and
1799 * does not hold the iothread lock, it must have other means of protecting the
1800 * pointer, such as a reference to the region that includes the incoming
1801 * ram_addr_t.
1802 */
1803 void *qemu_get_ram_ptr(ram_addr_t addr)
1804 {
1805 RAMBlock *block;
1806 void *ptr;
1807
1808 rcu_read_lock();
1809 block = qemu_get_ram_block(addr);
1810
1811 if (xen_enabled() && block->host == NULL) {
1812 /* We need to check if the requested address is in the RAM
1813 * because we don't want to map the entire memory in QEMU.
1814 * In that case just map until the end of the page.
1815 */
1816 if (block->offset == 0) {
1817 ptr = xen_map_cache(addr, 0, 0);
1818 goto unlock;
1819 }
1820
1821 block->host = xen_map_cache(block->offset, block->max_length, 1);
1822 }
1823 ptr = ramblock_ptr(block, addr - block->offset);
1824
1825 unlock:
1826 rcu_read_unlock();
1827 return ptr;
1828 }
1829
1830 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1831 * but takes a size argument.
1832 *
1833 * By the time this function returns, the returned pointer is not protected
1834 * by RCU anymore. If the caller is not within an RCU critical section and
1835 * does not hold the iothread lock, it must have other means of protecting the
1836 * pointer, such as a reference to the region that includes the incoming
1837 * ram_addr_t.
1838 */
1839 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1840 {
1841 void *ptr;
1842 if (*size == 0) {
1843 return NULL;
1844 }
1845 if (xen_enabled()) {
1846 return xen_map_cache(addr, *size, 1);
1847 } else {
1848 RAMBlock *block;
1849 rcu_read_lock();
1850 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1851 if (addr - block->offset < block->max_length) {
1852 if (addr - block->offset + *size > block->max_length)
1853 *size = block->max_length - addr + block->offset;
1854 ptr = ramblock_ptr(block, addr - block->offset);
1855 rcu_read_unlock();
1856 return ptr;
1857 }
1858 }
1859
1860 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1861 abort();
1862 }
1863 }
1864
1865 /*
1866 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1867 * in that RAMBlock.
1868 *
1869 * ptr: Host pointer to look up
1870 * round_offset: If true round the result offset down to a page boundary
1871 * *ram_addr: set to result ram_addr
1872 * *offset: set to result offset within the RAMBlock
1873 *
1874 * Returns: RAMBlock (or NULL if not found)
1875 *
1876 * By the time this function returns, the returned pointer is not protected
1877 * by RCU anymore. If the caller is not within an RCU critical section and
1878 * does not hold the iothread lock, it must have other means of protecting the
1879 * pointer, such as a reference to the region that includes the incoming
1880 * ram_addr_t.
1881 */
1882 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1883 ram_addr_t *ram_addr,
1884 ram_addr_t *offset)
1885 {
1886 RAMBlock *block;
1887 uint8_t *host = ptr;
1888
1889 if (xen_enabled()) {
1890 rcu_read_lock();
1891 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1892 block = qemu_get_ram_block(*ram_addr);
1893 if (block) {
1894 *offset = (host - block->host);
1895 }
1896 rcu_read_unlock();
1897 return block;
1898 }
1899
1900 rcu_read_lock();
1901 block = atomic_rcu_read(&ram_list.mru_block);
1902 if (block && block->host && host - block->host < block->max_length) {
1903 goto found;
1904 }
1905
1906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1907 /* This case append when the block is not mapped. */
1908 if (block->host == NULL) {
1909 continue;
1910 }
1911 if (host - block->host < block->max_length) {
1912 goto found;
1913 }
1914 }
1915
1916 rcu_read_unlock();
1917 return NULL;
1918
1919 found:
1920 *offset = (host - block->host);
1921 if (round_offset) {
1922 *offset &= TARGET_PAGE_MASK;
1923 }
1924 *ram_addr = block->offset + *offset;
1925 rcu_read_unlock();
1926 return block;
1927 }
1928
1929 /*
1930 * Finds the named RAMBlock
1931 *
1932 * name: The name of RAMBlock to find
1933 *
1934 * Returns: RAMBlock (or NULL if not found)
1935 */
1936 RAMBlock *qemu_ram_block_by_name(const char *name)
1937 {
1938 RAMBlock *block;
1939
1940 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1941 if (!strcmp(name, block->idstr)) {
1942 return block;
1943 }
1944 }
1945
1946 return NULL;
1947 }
1948
1949 /* Some of the softmmu routines need to translate from a host pointer
1950 (typically a TLB entry) back to a ram offset. */
1951 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1952 {
1953 RAMBlock *block;
1954 ram_addr_t offset; /* Not used */
1955
1956 block = qemu_ram_block_from_host(ptr, false, ram_addr, &offset);
1957
1958 if (!block) {
1959 return NULL;
1960 }
1961
1962 return block->mr;
1963 }
1964
1965 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1966 uint64_t val, unsigned size)
1967 {
1968 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1969 tb_invalidate_phys_page_fast(ram_addr, size);
1970 }
1971 switch (size) {
1972 case 1:
1973 stb_p(qemu_get_ram_ptr(ram_addr), val);
1974 break;
1975 case 2:
1976 stw_p(qemu_get_ram_ptr(ram_addr), val);
1977 break;
1978 case 4:
1979 stl_p(qemu_get_ram_ptr(ram_addr), val);
1980 break;
1981 default:
1982 abort();
1983 }
1984 /* Set both VGA and migration bits for simplicity and to remove
1985 * the notdirty callback faster.
1986 */
1987 cpu_physical_memory_set_dirty_range(ram_addr, size,
1988 DIRTY_CLIENTS_NOCODE);
1989 /* we remove the notdirty callback only if the code has been
1990 flushed */
1991 if (!cpu_physical_memory_is_clean(ram_addr)) {
1992 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1993 }
1994 }
1995
1996 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1997 unsigned size, bool is_write)
1998 {
1999 return is_write;
2000 }
2001
2002 static const MemoryRegionOps notdirty_mem_ops = {
2003 .write = notdirty_mem_write,
2004 .valid.accepts = notdirty_mem_accepts,
2005 .endianness = DEVICE_NATIVE_ENDIAN,
2006 };
2007
2008 /* Generate a debug exception if a watchpoint has been hit. */
2009 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
2010 {
2011 CPUState *cpu = current_cpu;
2012 CPUArchState *env = cpu->env_ptr;
2013 target_ulong pc, cs_base;
2014 target_ulong vaddr;
2015 CPUWatchpoint *wp;
2016 int cpu_flags;
2017
2018 if (cpu->watchpoint_hit) {
2019 /* We re-entered the check after replacing the TB. Now raise
2020 * the debug interrupt so that is will trigger after the
2021 * current instruction. */
2022 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2023 return;
2024 }
2025 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2026 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2027 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2028 && (wp->flags & flags)) {
2029 if (flags == BP_MEM_READ) {
2030 wp->flags |= BP_WATCHPOINT_HIT_READ;
2031 } else {
2032 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2033 }
2034 wp->hitaddr = vaddr;
2035 wp->hitattrs = attrs;
2036 if (!cpu->watchpoint_hit) {
2037 cpu->watchpoint_hit = wp;
2038 tb_check_watchpoint(cpu);
2039 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2040 cpu->exception_index = EXCP_DEBUG;
2041 cpu_loop_exit(cpu);
2042 } else {
2043 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2044 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2045 cpu_resume_from_signal(cpu, NULL);
2046 }
2047 }
2048 } else {
2049 wp->flags &= ~BP_WATCHPOINT_HIT;
2050 }
2051 }
2052 }
2053
2054 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2055 so these check for a hit then pass through to the normal out-of-line
2056 phys routines. */
2057 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2058 unsigned size, MemTxAttrs attrs)
2059 {
2060 MemTxResult res;
2061 uint64_t data;
2062
2063 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2064 switch (size) {
2065 case 1:
2066 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2067 break;
2068 case 2:
2069 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2070 break;
2071 case 4:
2072 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2073 break;
2074 default: abort();
2075 }
2076 *pdata = data;
2077 return res;
2078 }
2079
2080 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2081 uint64_t val, unsigned size,
2082 MemTxAttrs attrs)
2083 {
2084 MemTxResult res;
2085
2086 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2087 switch (size) {
2088 case 1:
2089 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2090 break;
2091 case 2:
2092 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2093 break;
2094 case 4:
2095 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2096 break;
2097 default: abort();
2098 }
2099 return res;
2100 }
2101
2102 static const MemoryRegionOps watch_mem_ops = {
2103 .read_with_attrs = watch_mem_read,
2104 .write_with_attrs = watch_mem_write,
2105 .endianness = DEVICE_NATIVE_ENDIAN,
2106 };
2107
2108 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2109 unsigned len, MemTxAttrs attrs)
2110 {
2111 subpage_t *subpage = opaque;
2112 uint8_t buf[8];
2113 MemTxResult res;
2114
2115 #if defined(DEBUG_SUBPAGE)
2116 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2117 subpage, len, addr);
2118 #endif
2119 res = address_space_read(subpage->as, addr + subpage->base,
2120 attrs, buf, len);
2121 if (res) {
2122 return res;
2123 }
2124 switch (len) {
2125 case 1:
2126 *data = ldub_p(buf);
2127 return MEMTX_OK;
2128 case 2:
2129 *data = lduw_p(buf);
2130 return MEMTX_OK;
2131 case 4:
2132 *data = ldl_p(buf);
2133 return MEMTX_OK;
2134 case 8:
2135 *data = ldq_p(buf);
2136 return MEMTX_OK;
2137 default:
2138 abort();
2139 }
2140 }
2141
2142 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2143 uint64_t value, unsigned len, MemTxAttrs attrs)
2144 {
2145 subpage_t *subpage = opaque;
2146 uint8_t buf[8];
2147
2148 #if defined(DEBUG_SUBPAGE)
2149 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2150 " value %"PRIx64"\n",
2151 __func__, subpage, len, addr, value);
2152 #endif
2153 switch (len) {
2154 case 1:
2155 stb_p(buf, value);
2156 break;
2157 case 2:
2158 stw_p(buf, value);
2159 break;
2160 case 4:
2161 stl_p(buf, value);
2162 break;
2163 case 8:
2164 stq_p(buf, value);
2165 break;
2166 default:
2167 abort();
2168 }
2169 return address_space_write(subpage->as, addr + subpage->base,
2170 attrs, buf, len);
2171 }
2172
2173 static bool subpage_accepts(void *opaque, hwaddr addr,
2174 unsigned len, bool is_write)
2175 {
2176 subpage_t *subpage = opaque;
2177 #if defined(DEBUG_SUBPAGE)
2178 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2179 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2180 #endif
2181
2182 return address_space_access_valid(subpage->as, addr + subpage->base,
2183 len, is_write);
2184 }
2185
2186 static const MemoryRegionOps subpage_ops = {
2187 .read_with_attrs = subpage_read,
2188 .write_with_attrs = subpage_write,
2189 .impl.min_access_size = 1,
2190 .impl.max_access_size = 8,
2191 .valid.min_access_size = 1,
2192 .valid.max_access_size = 8,
2193 .valid.accepts = subpage_accepts,
2194 .endianness = DEVICE_NATIVE_ENDIAN,
2195 };
2196
2197 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2198 uint16_t section)
2199 {
2200 int idx, eidx;
2201
2202 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2203 return -1;
2204 idx = SUBPAGE_IDX(start);
2205 eidx = SUBPAGE_IDX(end);
2206 #if defined(DEBUG_SUBPAGE)
2207 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2208 __func__, mmio, start, end, idx, eidx, section);
2209 #endif
2210 for (; idx <= eidx; idx++) {
2211 mmio->sub_section[idx] = section;
2212 }
2213
2214 return 0;
2215 }
2216
2217 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2218 {
2219 subpage_t *mmio;
2220
2221 mmio = g_malloc0(sizeof(subpage_t));
2222
2223 mmio->as = as;
2224 mmio->base = base;
2225 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2226 NULL, TARGET_PAGE_SIZE);
2227 mmio->iomem.subpage = true;
2228 #if defined(DEBUG_SUBPAGE)
2229 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2230 mmio, base, TARGET_PAGE_SIZE);
2231 #endif
2232 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2233
2234 return mmio;
2235 }
2236
2237 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2238 MemoryRegion *mr)
2239 {
2240 assert(as);
2241 MemoryRegionSection section = {
2242 .address_space = as,
2243 .mr = mr,
2244 .offset_within_address_space = 0,
2245 .offset_within_region = 0,
2246 .size = int128_2_64(),
2247 };
2248
2249 return phys_section_add(map, &section);
2250 }
2251
2252 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2253 {
2254 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2255 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2256 MemoryRegionSection *sections = d->map.sections;
2257
2258 return sections[index & ~TARGET_PAGE_MASK].mr;
2259 }
2260
2261 static void io_mem_init(void)
2262 {
2263 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2264 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2265 NULL, UINT64_MAX);
2266 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2267 NULL, UINT64_MAX);
2268 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2269 NULL, UINT64_MAX);
2270 }
2271
2272 static void mem_begin(MemoryListener *listener)
2273 {
2274 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2275 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2276 uint16_t n;
2277
2278 n = dummy_section(&d->map, as, &io_mem_unassigned);
2279 assert(n == PHYS_SECTION_UNASSIGNED);
2280 n = dummy_section(&d->map, as, &io_mem_notdirty);
2281 assert(n == PHYS_SECTION_NOTDIRTY);
2282 n = dummy_section(&d->map, as, &io_mem_rom);
2283 assert(n == PHYS_SECTION_ROM);
2284 n = dummy_section(&d->map, as, &io_mem_watch);
2285 assert(n == PHYS_SECTION_WATCH);
2286
2287 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2288 d->as = as;
2289 as->next_dispatch = d;
2290 }
2291
2292 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2293 {
2294 phys_sections_free(&d->map);
2295 g_free(d);
2296 }
2297
2298 static void mem_commit(MemoryListener *listener)
2299 {
2300 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2301 AddressSpaceDispatch *cur = as->dispatch;
2302 AddressSpaceDispatch *next = as->next_dispatch;
2303
2304 phys_page_compact_all(next, next->map.nodes_nb);
2305
2306 atomic_rcu_set(&as->dispatch, next);
2307 if (cur) {
2308 call_rcu(cur, address_space_dispatch_free, rcu);
2309 }
2310 }
2311
2312 static void tcg_commit(MemoryListener *listener)
2313 {
2314 CPUAddressSpace *cpuas;
2315 AddressSpaceDispatch *d;
2316
2317 /* since each CPU stores ram addresses in its TLB cache, we must
2318 reset the modified entries */
2319 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2320 cpu_reloading_memory_map();
2321 /* The CPU and TLB are protected by the iothread lock.
2322 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2323 * may have split the RCU critical section.
2324 */
2325 d = atomic_rcu_read(&cpuas->as->dispatch);
2326 cpuas->memory_dispatch = d;
2327 tlb_flush(cpuas->cpu, 1);
2328 }
2329
2330 void address_space_init_dispatch(AddressSpace *as)
2331 {
2332 as->dispatch = NULL;
2333 as->dispatch_listener = (MemoryListener) {
2334 .begin = mem_begin,
2335 .commit = mem_commit,
2336 .region_add = mem_add,
2337 .region_nop = mem_add,
2338 .priority = 0,
2339 };
2340 memory_listener_register(&as->dispatch_listener, as);
2341 }
2342
2343 void address_space_unregister(AddressSpace *as)
2344 {
2345 memory_listener_unregister(&as->dispatch_listener);
2346 }
2347
2348 void address_space_destroy_dispatch(AddressSpace *as)
2349 {
2350 AddressSpaceDispatch *d = as->dispatch;
2351
2352 atomic_rcu_set(&as->dispatch, NULL);
2353 if (d) {
2354 call_rcu(d, address_space_dispatch_free, rcu);
2355 }
2356 }
2357
2358 static void memory_map_init(void)
2359 {
2360 system_memory = g_malloc(sizeof(*system_memory));
2361
2362 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2363 address_space_init(&address_space_memory, system_memory, "memory");
2364
2365 system_io = g_malloc(sizeof(*system_io));
2366 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2367 65536);
2368 address_space_init(&address_space_io, system_io, "I/O");
2369 }
2370
2371 MemoryRegion *get_system_memory(void)
2372 {
2373 return system_memory;
2374 }
2375
2376 MemoryRegion *get_system_io(void)
2377 {
2378 return system_io;
2379 }
2380
2381 #endif /* !defined(CONFIG_USER_ONLY) */
2382
2383 /* physical memory access (slow version, mainly for debug) */
2384 #if defined(CONFIG_USER_ONLY)
2385 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2386 uint8_t *buf, int len, int is_write)
2387 {
2388 int l, flags;
2389 target_ulong page;
2390 void * p;
2391
2392 while (len > 0) {
2393 page = addr & TARGET_PAGE_MASK;
2394 l = (page + TARGET_PAGE_SIZE) - addr;
2395 if (l > len)
2396 l = len;
2397 flags = page_get_flags(page);
2398 if (!(flags & PAGE_VALID))
2399 return -1;
2400 if (is_write) {
2401 if (!(flags & PAGE_WRITE))
2402 return -1;
2403 /* XXX: this code should not depend on lock_user */
2404 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2405 return -1;
2406 memcpy(p, buf, l);
2407 unlock_user(p, addr, l);
2408 } else {
2409 if (!(flags & PAGE_READ))
2410 return -1;
2411 /* XXX: this code should not depend on lock_user */
2412 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2413 return -1;
2414 memcpy(buf, p, l);
2415 unlock_user(p, addr, 0);
2416 }
2417 len -= l;
2418 buf += l;
2419 addr += l;
2420 }
2421 return 0;
2422 }
2423
2424 #else
2425
2426 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2427 hwaddr length)
2428 {
2429 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2430 /* No early return if dirty_log_mask is or becomes 0, because
2431 * cpu_physical_memory_set_dirty_range will still call
2432 * xen_modified_memory.
2433 */
2434 if (dirty_log_mask) {
2435 dirty_log_mask =
2436 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2437 }
2438 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2439 tb_invalidate_phys_range(addr, addr + length);
2440 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2441 }
2442 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2443 }
2444
2445 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2446 {
2447 unsigned access_size_max = mr->ops->valid.max_access_size;
2448
2449 /* Regions are assumed to support 1-4 byte accesses unless
2450 otherwise specified. */
2451 if (access_size_max == 0) {
2452 access_size_max = 4;
2453 }
2454
2455 /* Bound the maximum access by the alignment of the address. */
2456 if (!mr->ops->impl.unaligned) {
2457 unsigned align_size_max = addr & -addr;
2458 if (align_size_max != 0 && align_size_max < access_size_max) {
2459 access_size_max = align_size_max;
2460 }
2461 }
2462
2463 /* Don't attempt accesses larger than the maximum. */
2464 if (l > access_size_max) {
2465 l = access_size_max;
2466 }
2467 l = pow2floor(l);
2468
2469 return l;
2470 }
2471
2472 static bool prepare_mmio_access(MemoryRegion *mr)
2473 {
2474 bool unlocked = !qemu_mutex_iothread_locked();
2475 bool release_lock = false;
2476
2477 if (unlocked && mr->global_locking) {
2478 qemu_mutex_lock_iothread();
2479 unlocked = false;
2480 release_lock = true;
2481 }
2482 if (mr->flush_coalesced_mmio) {
2483 if (unlocked) {
2484 qemu_mutex_lock_iothread();
2485 }
2486 qemu_flush_coalesced_mmio_buffer();
2487 if (unlocked) {
2488 qemu_mutex_unlock_iothread();
2489 }
2490 }
2491
2492 return release_lock;
2493 }
2494
2495 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2496 uint8_t *buf, int len, bool is_write)
2497 {
2498 hwaddr l;
2499 uint8_t *ptr;
2500 uint64_t val;
2501 hwaddr addr1;
2502 MemoryRegion *mr;
2503 MemTxResult result = MEMTX_OK;
2504 bool release_lock = false;
2505
2506 rcu_read_lock();
2507 while (len > 0) {
2508 l = len;
2509 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2510
2511 if (is_write) {
2512 if (!memory_access_is_direct(mr, is_write)) {
2513 release_lock |= prepare_mmio_access(mr);
2514 l = memory_access_size(mr, l, addr1);
2515 /* XXX: could force current_cpu to NULL to avoid
2516 potential bugs */
2517 switch (l) {
2518 case 8:
2519 /* 64 bit write access */
2520 val = ldq_p(buf);
2521 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2522 attrs);
2523 break;
2524 case 4:
2525 /* 32 bit write access */
2526 val = ldl_p(buf);
2527 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2528 attrs);
2529 break;
2530 case 2:
2531 /* 16 bit write access */
2532 val = lduw_p(buf);
2533 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2534 attrs);
2535 break;
2536 case 1:
2537 /* 8 bit write access */
2538 val = ldub_p(buf);
2539 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2540 attrs);
2541 break;
2542 default:
2543 abort();
2544 }
2545 } else {
2546 addr1 += memory_region_get_ram_addr(mr);
2547 /* RAM case */
2548 ptr = qemu_get_ram_ptr(addr1);
2549 memcpy(ptr, buf, l);
2550 invalidate_and_set_dirty(mr, addr1, l);
2551 }
2552 } else {
2553 if (!memory_access_is_direct(mr, is_write)) {
2554 /* I/O case */
2555 release_lock |= prepare_mmio_access(mr);
2556 l = memory_access_size(mr, l, addr1);
2557 switch (l) {
2558 case 8:
2559 /* 64 bit read access */
2560 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2561 attrs);
2562 stq_p(buf, val);
2563 break;
2564 case 4:
2565 /* 32 bit read access */
2566 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2567 attrs);
2568 stl_p(buf, val);
2569 break;
2570 case 2:
2571 /* 16 bit read access */
2572 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2573 attrs);
2574 stw_p(buf, val);
2575 break;
2576 case 1:
2577 /* 8 bit read access */
2578 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2579 attrs);
2580 stb_p(buf, val);
2581 break;
2582 default:
2583 abort();
2584 }
2585 } else {
2586 /* RAM case */
2587 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2588 memcpy(buf, ptr, l);
2589 }
2590 }
2591
2592 if (release_lock) {
2593 qemu_mutex_unlock_iothread();
2594 release_lock = false;
2595 }
2596
2597 len -= l;
2598 buf += l;
2599 addr += l;
2600 }
2601 rcu_read_unlock();
2602
2603 return result;
2604 }
2605
2606 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2607 const uint8_t *buf, int len)
2608 {
2609 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2610 }
2611
2612 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2613 uint8_t *buf, int len)
2614 {
2615 return address_space_rw(as, addr, attrs, buf, len, false);
2616 }
2617
2618
2619 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2620 int len, int is_write)
2621 {
2622 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2623 buf, len, is_write);
2624 }
2625
2626 enum write_rom_type {
2627 WRITE_DATA,
2628 FLUSH_CACHE,
2629 };
2630
2631 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2632 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2633 {
2634 hwaddr l;
2635 uint8_t *ptr;
2636 hwaddr addr1;
2637 MemoryRegion *mr;
2638
2639 rcu_read_lock();
2640 while (len > 0) {
2641 l = len;
2642 mr = address_space_translate(as, addr, &addr1, &l, true);
2643
2644 if (!(memory_region_is_ram(mr) ||
2645 memory_region_is_romd(mr))) {
2646 l = memory_access_size(mr, l, addr1);
2647 } else {
2648 addr1 += memory_region_get_ram_addr(mr);
2649 /* ROM/RAM case */
2650 ptr = qemu_get_ram_ptr(addr1);
2651 switch (type) {
2652 case WRITE_DATA:
2653 memcpy(ptr, buf, l);
2654 invalidate_and_set_dirty(mr, addr1, l);
2655 break;
2656 case FLUSH_CACHE:
2657 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2658 break;
2659 }
2660 }
2661 len -= l;
2662 buf += l;
2663 addr += l;
2664 }
2665 rcu_read_unlock();
2666 }
2667
2668 /* used for ROM loading : can write in RAM and ROM */
2669 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2670 const uint8_t *buf, int len)
2671 {
2672 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2673 }
2674
2675 void cpu_flush_icache_range(hwaddr start, int len)
2676 {
2677 /*
2678 * This function should do the same thing as an icache flush that was
2679 * triggered from within the guest. For TCG we are always cache coherent,
2680 * so there is no need to flush anything. For KVM / Xen we need to flush
2681 * the host's instruction cache at least.
2682 */
2683 if (tcg_enabled()) {
2684 return;
2685 }
2686
2687 cpu_physical_memory_write_rom_internal(&address_space_memory,
2688 start, NULL, len, FLUSH_CACHE);
2689 }
2690
2691 typedef struct {
2692 MemoryRegion *mr;
2693 void *buffer;
2694 hwaddr addr;
2695 hwaddr len;
2696 bool in_use;
2697 } BounceBuffer;
2698
2699 static BounceBuffer bounce;
2700
2701 typedef struct MapClient {
2702 QEMUBH *bh;
2703 QLIST_ENTRY(MapClient) link;
2704 } MapClient;
2705
2706 QemuMutex map_client_list_lock;
2707 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2708 = QLIST_HEAD_INITIALIZER(map_client_list);
2709
2710 static void cpu_unregister_map_client_do(MapClient *client)
2711 {
2712 QLIST_REMOVE(client, link);
2713 g_free(client);
2714 }
2715
2716 static void cpu_notify_map_clients_locked(void)
2717 {
2718 MapClient *client;
2719
2720 while (!QLIST_EMPTY(&map_client_list)) {
2721 client = QLIST_FIRST(&map_client_list);
2722 qemu_bh_schedule(client->bh);
2723 cpu_unregister_map_client_do(client);
2724 }
2725 }
2726
2727 void cpu_register_map_client(QEMUBH *bh)
2728 {
2729 MapClient *client = g_malloc(sizeof(*client));
2730
2731 qemu_mutex_lock(&map_client_list_lock);
2732 client->bh = bh;
2733 QLIST_INSERT_HEAD(&map_client_list, client, link);
2734 if (!atomic_read(&bounce.in_use)) {
2735 cpu_notify_map_clients_locked();
2736 }
2737 qemu_mutex_unlock(&map_client_list_lock);
2738 }
2739
2740 void cpu_exec_init_all(void)
2741 {
2742 qemu_mutex_init(&ram_list.mutex);
2743 io_mem_init();
2744 memory_map_init();
2745 qemu_mutex_init(&map_client_list_lock);
2746 }
2747
2748 void cpu_unregister_map_client(QEMUBH *bh)
2749 {
2750 MapClient *client;
2751
2752 qemu_mutex_lock(&map_client_list_lock);
2753 QLIST_FOREACH(client, &map_client_list, link) {
2754 if (client->bh == bh) {
2755 cpu_unregister_map_client_do(client);
2756 break;
2757 }
2758 }
2759 qemu_mutex_unlock(&map_client_list_lock);
2760 }
2761
2762 static void cpu_notify_map_clients(void)
2763 {
2764 qemu_mutex_lock(&map_client_list_lock);
2765 cpu_notify_map_clients_locked();
2766 qemu_mutex_unlock(&map_client_list_lock);
2767 }
2768
2769 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2770 {
2771 MemoryRegion *mr;
2772 hwaddr l, xlat;
2773
2774 rcu_read_lock();
2775 while (len > 0) {
2776 l = len;
2777 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2778 if (!memory_access_is_direct(mr, is_write)) {
2779 l = memory_access_size(mr, l, addr);
2780 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2781 return false;
2782 }
2783 }
2784
2785 len -= l;
2786 addr += l;
2787 }
2788 rcu_read_unlock();
2789 return true;
2790 }
2791
2792 /* Map a physical memory region into a host virtual address.
2793 * May map a subset of the requested range, given by and returned in *plen.
2794 * May return NULL if resources needed to perform the mapping are exhausted.
2795 * Use only for reads OR writes - not for read-modify-write operations.
2796 * Use cpu_register_map_client() to know when retrying the map operation is
2797 * likely to succeed.
2798 */
2799 void *address_space_map(AddressSpace *as,
2800 hwaddr addr,
2801 hwaddr *plen,
2802 bool is_write)
2803 {
2804 hwaddr len = *plen;
2805 hwaddr done = 0;
2806 hwaddr l, xlat, base;
2807 MemoryRegion *mr, *this_mr;
2808 ram_addr_t raddr;
2809
2810 if (len == 0) {
2811 return NULL;
2812 }
2813
2814 l = len;
2815 rcu_read_lock();
2816 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2817
2818 if (!memory_access_is_direct(mr, is_write)) {
2819 if (atomic_xchg(&bounce.in_use, true)) {
2820 rcu_read_unlock();
2821 return NULL;
2822 }
2823 /* Avoid unbounded allocations */
2824 l = MIN(l, TARGET_PAGE_SIZE);
2825 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2826 bounce.addr = addr;
2827 bounce.len = l;
2828
2829 memory_region_ref(mr);
2830 bounce.mr = mr;
2831 if (!is_write) {
2832 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2833 bounce.buffer, l);
2834 }
2835
2836 rcu_read_unlock();
2837 *plen = l;
2838 return bounce.buffer;
2839 }
2840
2841 base = xlat;
2842 raddr = memory_region_get_ram_addr(mr);
2843
2844 for (;;) {
2845 len -= l;
2846 addr += l;
2847 done += l;
2848 if (len == 0) {
2849 break;
2850 }
2851
2852 l = len;
2853 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2854 if (this_mr != mr || xlat != base + done) {
2855 break;
2856 }
2857 }
2858
2859 memory_region_ref(mr);
2860 rcu_read_unlock();
2861 *plen = done;
2862 return qemu_ram_ptr_length(raddr + base, plen);
2863 }
2864
2865 /* Unmaps a memory region previously mapped by address_space_map().
2866 * Will also mark the memory as dirty if is_write == 1. access_len gives
2867 * the amount of memory that was actually read or written by the caller.
2868 */
2869 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2870 int is_write, hwaddr access_len)
2871 {
2872 if (buffer != bounce.buffer) {
2873 MemoryRegion *mr;
2874 ram_addr_t addr1;
2875
2876 mr = qemu_ram_addr_from_host(buffer, &addr1);
2877 assert(mr != NULL);
2878 if (is_write) {
2879 invalidate_and_set_dirty(mr, addr1, access_len);
2880 }
2881 if (xen_enabled()) {
2882 xen_invalidate_map_cache_entry(buffer);
2883 }
2884 memory_region_unref(mr);
2885 return;
2886 }
2887 if (is_write) {
2888 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2889 bounce.buffer, access_len);
2890 }
2891 qemu_vfree(bounce.buffer);
2892 bounce.buffer = NULL;
2893 memory_region_unref(bounce.mr);
2894 atomic_mb_set(&bounce.in_use, false);
2895 cpu_notify_map_clients();
2896 }
2897
2898 void *cpu_physical_memory_map(hwaddr addr,
2899 hwaddr *plen,
2900 int is_write)
2901 {
2902 return address_space_map(&address_space_memory, addr, plen, is_write);
2903 }
2904
2905 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2906 int is_write, hwaddr access_len)
2907 {
2908 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2909 }
2910
2911 /* warning: addr must be aligned */
2912 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2913 MemTxAttrs attrs,
2914 MemTxResult *result,
2915 enum device_endian endian)
2916 {
2917 uint8_t *ptr;
2918 uint64_t val;
2919 MemoryRegion *mr;
2920 hwaddr l = 4;
2921 hwaddr addr1;
2922 MemTxResult r;
2923 bool release_lock = false;
2924
2925 rcu_read_lock();
2926 mr = address_space_translate(as, addr, &addr1, &l, false);
2927 if (l < 4 || !memory_access_is_direct(mr, false)) {
2928 release_lock |= prepare_mmio_access(mr);
2929
2930 /* I/O case */
2931 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2932 #if defined(TARGET_WORDS_BIGENDIAN)
2933 if (endian == DEVICE_LITTLE_ENDIAN) {
2934 val = bswap32(val);
2935 }
2936 #else
2937 if (endian == DEVICE_BIG_ENDIAN) {
2938 val = bswap32(val);
2939 }
2940 #endif
2941 } else {
2942 /* RAM case */
2943 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2944 & TARGET_PAGE_MASK)
2945 + addr1);
2946 switch (endian) {
2947 case DEVICE_LITTLE_ENDIAN:
2948 val = ldl_le_p(ptr);
2949 break;
2950 case DEVICE_BIG_ENDIAN:
2951 val = ldl_be_p(ptr);
2952 break;
2953 default:
2954 val = ldl_p(ptr);
2955 break;
2956 }
2957 r = MEMTX_OK;
2958 }
2959 if (result) {
2960 *result = r;
2961 }
2962 if (release_lock) {
2963 qemu_mutex_unlock_iothread();
2964 }
2965 rcu_read_unlock();
2966 return val;
2967 }
2968
2969 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2970 MemTxAttrs attrs, MemTxResult *result)
2971 {
2972 return address_space_ldl_internal(as, addr, attrs, result,
2973 DEVICE_NATIVE_ENDIAN);
2974 }
2975
2976 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2977 MemTxAttrs attrs, MemTxResult *result)
2978 {
2979 return address_space_ldl_internal(as, addr, attrs, result,
2980 DEVICE_LITTLE_ENDIAN);
2981 }
2982
2983 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2984 MemTxAttrs attrs, MemTxResult *result)
2985 {
2986 return address_space_ldl_internal(as, addr, attrs, result,
2987 DEVICE_BIG_ENDIAN);
2988 }
2989
2990 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2991 {
2992 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2993 }
2994
2995 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2996 {
2997 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2998 }
2999
3000 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3001 {
3002 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3003 }
3004
3005 /* warning: addr must be aligned */
3006 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3007 MemTxAttrs attrs,
3008 MemTxResult *result,
3009 enum device_endian endian)
3010 {
3011 uint8_t *ptr;
3012 uint64_t val;
3013 MemoryRegion *mr;
3014 hwaddr l = 8;
3015 hwaddr addr1;
3016 MemTxResult r;
3017 bool release_lock = false;
3018
3019 rcu_read_lock();
3020 mr = address_space_translate(as, addr, &addr1, &l,
3021 false);
3022 if (l < 8 || !memory_access_is_direct(mr, false)) {
3023 release_lock |= prepare_mmio_access(mr);
3024
3025 /* I/O case */
3026 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3027 #if defined(TARGET_WORDS_BIGENDIAN)
3028 if (endian == DEVICE_LITTLE_ENDIAN) {
3029 val = bswap64(val);
3030 }
3031 #else
3032 if (endian == DEVICE_BIG_ENDIAN) {
3033 val = bswap64(val);
3034 }
3035 #endif
3036 } else {
3037 /* RAM case */
3038 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3039 & TARGET_PAGE_MASK)
3040 + addr1);
3041 switch (endian) {
3042 case DEVICE_LITTLE_ENDIAN:
3043 val = ldq_le_p(ptr);
3044 break;
3045 case DEVICE_BIG_ENDIAN:
3046 val = ldq_be_p(ptr);
3047 break;
3048 default:
3049 val = ldq_p(ptr);
3050 break;
3051 }
3052 r = MEMTX_OK;
3053 }
3054 if (result) {
3055 *result = r;
3056 }
3057 if (release_lock) {
3058 qemu_mutex_unlock_iothread();
3059 }
3060 rcu_read_unlock();
3061 return val;
3062 }
3063
3064 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3065 MemTxAttrs attrs, MemTxResult *result)
3066 {
3067 return address_space_ldq_internal(as, addr, attrs, result,
3068 DEVICE_NATIVE_ENDIAN);
3069 }
3070
3071 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3072 MemTxAttrs attrs, MemTxResult *result)
3073 {
3074 return address_space_ldq_internal(as, addr, attrs, result,
3075 DEVICE_LITTLE_ENDIAN);
3076 }
3077
3078 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3079 MemTxAttrs attrs, MemTxResult *result)
3080 {
3081 return address_space_ldq_internal(as, addr, attrs, result,
3082 DEVICE_BIG_ENDIAN);
3083 }
3084
3085 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3086 {
3087 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3088 }
3089
3090 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3091 {
3092 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3093 }
3094
3095 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3096 {
3097 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3098 }
3099
3100 /* XXX: optimize */
3101 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3102 MemTxAttrs attrs, MemTxResult *result)
3103 {
3104 uint8_t val;
3105 MemTxResult r;
3106
3107 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3108 if (result) {
3109 *result = r;
3110 }
3111 return val;
3112 }
3113
3114 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3115 {
3116 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3117 }
3118
3119 /* warning: addr must be aligned */
3120 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3121 hwaddr addr,
3122 MemTxAttrs attrs,
3123 MemTxResult *result,
3124 enum device_endian endian)
3125 {
3126 uint8_t *ptr;
3127 uint64_t val;
3128 MemoryRegion *mr;
3129 hwaddr l = 2;
3130 hwaddr addr1;
3131 MemTxResult r;
3132 bool release_lock = false;
3133
3134 rcu_read_lock();
3135 mr = address_space_translate(as, addr, &addr1, &l,
3136 false);
3137 if (l < 2 || !memory_access_is_direct(mr, false)) {
3138 release_lock |= prepare_mmio_access(mr);
3139
3140 /* I/O case */
3141 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3142 #if defined(TARGET_WORDS_BIGENDIAN)
3143 if (endian == DEVICE_LITTLE_ENDIAN) {
3144 val = bswap16(val);
3145 }
3146 #else
3147 if (endian == DEVICE_BIG_ENDIAN) {
3148 val = bswap16(val);
3149 }
3150 #endif
3151 } else {
3152 /* RAM case */
3153 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3154 & TARGET_PAGE_MASK)
3155 + addr1);
3156 switch (endian) {
3157 case DEVICE_LITTLE_ENDIAN:
3158 val = lduw_le_p(ptr);
3159 break;
3160 case DEVICE_BIG_ENDIAN:
3161 val = lduw_be_p(ptr);
3162 break;
3163 default:
3164 val = lduw_p(ptr);
3165 break;
3166 }
3167 r = MEMTX_OK;
3168 }
3169 if (result) {
3170 *result = r;
3171 }
3172 if (release_lock) {
3173 qemu_mutex_unlock_iothread();
3174 }
3175 rcu_read_unlock();
3176 return val;
3177 }
3178
3179 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3180 MemTxAttrs attrs, MemTxResult *result)
3181 {
3182 return address_space_lduw_internal(as, addr, attrs, result,
3183 DEVICE_NATIVE_ENDIAN);
3184 }
3185
3186 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3187 MemTxAttrs attrs, MemTxResult *result)
3188 {
3189 return address_space_lduw_internal(as, addr, attrs, result,
3190 DEVICE_LITTLE_ENDIAN);
3191 }
3192
3193 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3194 MemTxAttrs attrs, MemTxResult *result)
3195 {
3196 return address_space_lduw_internal(as, addr, attrs, result,
3197 DEVICE_BIG_ENDIAN);
3198 }
3199
3200 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3201 {
3202 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3203 }
3204
3205 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3206 {
3207 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3208 }
3209
3210 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3211 {
3212 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3213 }
3214
3215 /* warning: addr must be aligned. The ram page is not masked as dirty
3216 and the code inside is not invalidated. It is useful if the dirty
3217 bits are used to track modified PTEs */
3218 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3219 MemTxAttrs attrs, MemTxResult *result)
3220 {
3221 uint8_t *ptr;
3222 MemoryRegion *mr;
3223 hwaddr l = 4;
3224 hwaddr addr1;
3225 MemTxResult r;
3226 uint8_t dirty_log_mask;
3227 bool release_lock = false;
3228
3229 rcu_read_lock();
3230 mr = address_space_translate(as, addr, &addr1, &l,
3231 true);
3232 if (l < 4 || !memory_access_is_direct(mr, true)) {
3233 release_lock |= prepare_mmio_access(mr);
3234
3235 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3236 } else {
3237 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3238 ptr = qemu_get_ram_ptr(addr1);
3239 stl_p(ptr, val);
3240
3241 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3242 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3243 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3244 r = MEMTX_OK;
3245 }
3246 if (result) {
3247 *result = r;
3248 }
3249 if (release_lock) {
3250 qemu_mutex_unlock_iothread();
3251 }
3252 rcu_read_unlock();
3253 }
3254
3255 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3256 {
3257 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3258 }
3259
3260 /* warning: addr must be aligned */
3261 static inline void address_space_stl_internal(AddressSpace *as,
3262 hwaddr addr, uint32_t val,
3263 MemTxAttrs attrs,
3264 MemTxResult *result,
3265 enum device_endian endian)
3266 {
3267 uint8_t *ptr;
3268 MemoryRegion *mr;
3269 hwaddr l = 4;
3270 hwaddr addr1;
3271 MemTxResult r;
3272 bool release_lock = false;
3273
3274 rcu_read_lock();
3275 mr = address_space_translate(as, addr, &addr1, &l,
3276 true);
3277 if (l < 4 || !memory_access_is_direct(mr, true)) {
3278 release_lock |= prepare_mmio_access(mr);
3279
3280 #if defined(TARGET_WORDS_BIGENDIAN)
3281 if (endian == DEVICE_LITTLE_ENDIAN) {
3282 val = bswap32(val);
3283 }
3284 #else
3285 if (endian == DEVICE_BIG_ENDIAN) {
3286 val = bswap32(val);
3287 }
3288 #endif
3289 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3290 } else {
3291 /* RAM case */
3292 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3293 ptr = qemu_get_ram_ptr(addr1);
3294 switch (endian) {
3295 case DEVICE_LITTLE_ENDIAN:
3296 stl_le_p(ptr, val);
3297 break;
3298 case DEVICE_BIG_ENDIAN:
3299 stl_be_p(ptr, val);
3300 break;
3301 default:
3302 stl_p(ptr, val);
3303 break;
3304 }
3305 invalidate_and_set_dirty(mr, addr1, 4);
3306 r = MEMTX_OK;
3307 }
3308 if (result) {
3309 *result = r;
3310 }
3311 if (release_lock) {
3312 qemu_mutex_unlock_iothread();
3313 }
3314 rcu_read_unlock();
3315 }
3316
3317 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3318 MemTxAttrs attrs, MemTxResult *result)
3319 {
3320 address_space_stl_internal(as, addr, val, attrs, result,
3321 DEVICE_NATIVE_ENDIAN);
3322 }
3323
3324 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3325 MemTxAttrs attrs, MemTxResult *result)
3326 {
3327 address_space_stl_internal(as, addr, val, attrs, result,
3328 DEVICE_LITTLE_ENDIAN);
3329 }
3330
3331 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3332 MemTxAttrs attrs, MemTxResult *result)
3333 {
3334 address_space_stl_internal(as, addr, val, attrs, result,
3335 DEVICE_BIG_ENDIAN);
3336 }
3337
3338 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3339 {
3340 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3341 }
3342
3343 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3344 {
3345 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3346 }
3347
3348 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3349 {
3350 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3351 }
3352
3353 /* XXX: optimize */
3354 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3355 MemTxAttrs attrs, MemTxResult *result)
3356 {
3357 uint8_t v = val;
3358 MemTxResult r;
3359
3360 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3361 if (result) {
3362 *result = r;
3363 }
3364 }
3365
3366 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3367 {
3368 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3369 }
3370
3371 /* warning: addr must be aligned */
3372 static inline void address_space_stw_internal(AddressSpace *as,
3373 hwaddr addr, uint32_t val,
3374 MemTxAttrs attrs,
3375 MemTxResult *result,
3376 enum device_endian endian)
3377 {
3378 uint8_t *ptr;
3379 MemoryRegion *mr;
3380 hwaddr l = 2;
3381 hwaddr addr1;
3382 MemTxResult r;
3383 bool release_lock = false;
3384
3385 rcu_read_lock();
3386 mr = address_space_translate(as, addr, &addr1, &l, true);
3387 if (l < 2 || !memory_access_is_direct(mr, true)) {
3388 release_lock |= prepare_mmio_access(mr);
3389
3390 #if defined(TARGET_WORDS_BIGENDIAN)
3391 if (endian == DEVICE_LITTLE_ENDIAN) {
3392 val = bswap16(val);
3393 }
3394 #else
3395 if (endian == DEVICE_BIG_ENDIAN) {
3396 val = bswap16(val);
3397 }
3398 #endif
3399 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3400 } else {
3401 /* RAM case */
3402 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3403 ptr = qemu_get_ram_ptr(addr1);
3404 switch (endian) {
3405 case DEVICE_LITTLE_ENDIAN:
3406 stw_le_p(ptr, val);
3407 break;
3408 case DEVICE_BIG_ENDIAN:
3409 stw_be_p(ptr, val);
3410 break;
3411 default:
3412 stw_p(ptr, val);
3413 break;
3414 }
3415 invalidate_and_set_dirty(mr, addr1, 2);
3416 r = MEMTX_OK;
3417 }
3418 if (result) {
3419 *result = r;
3420 }
3421 if (release_lock) {
3422 qemu_mutex_unlock_iothread();
3423 }
3424 rcu_read_unlock();
3425 }
3426
3427 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3428 MemTxAttrs attrs, MemTxResult *result)
3429 {
3430 address_space_stw_internal(as, addr, val, attrs, result,
3431 DEVICE_NATIVE_ENDIAN);
3432 }
3433
3434 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3435 MemTxAttrs attrs, MemTxResult *result)
3436 {
3437 address_space_stw_internal(as, addr, val, attrs, result,
3438 DEVICE_LITTLE_ENDIAN);
3439 }
3440
3441 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3442 MemTxAttrs attrs, MemTxResult *result)
3443 {
3444 address_space_stw_internal(as, addr, val, attrs, result,
3445 DEVICE_BIG_ENDIAN);
3446 }
3447
3448 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3449 {
3450 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3451 }
3452
3453 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3454 {
3455 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3456 }
3457
3458 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3459 {
3460 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3461 }
3462
3463 /* XXX: optimize */
3464 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3465 MemTxAttrs attrs, MemTxResult *result)
3466 {
3467 MemTxResult r;
3468 val = tswap64(val);
3469 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3470 if (result) {
3471 *result = r;
3472 }
3473 }
3474
3475 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3476 MemTxAttrs attrs, MemTxResult *result)
3477 {
3478 MemTxResult r;
3479 val = cpu_to_le64(val);
3480 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3481 if (result) {
3482 *result = r;
3483 }
3484 }
3485 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3486 MemTxAttrs attrs, MemTxResult *result)
3487 {
3488 MemTxResult r;
3489 val = cpu_to_be64(val);
3490 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3491 if (result) {
3492 *result = r;
3493 }
3494 }
3495
3496 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3497 {
3498 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3499 }
3500
3501 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3502 {
3503 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3504 }
3505
3506 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3507 {
3508 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3509 }
3510
3511 /* virtual memory access for debug (includes writing to ROM) */
3512 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3513 uint8_t *buf, int len, int is_write)
3514 {
3515 int l;
3516 hwaddr phys_addr;
3517 target_ulong page;
3518
3519 while (len > 0) {
3520 page = addr & TARGET_PAGE_MASK;
3521 phys_addr = cpu_get_phys_page_debug(cpu, page);
3522 /* if no physical page mapped, return an error */
3523 if (phys_addr == -1)
3524 return -1;
3525 l = (page + TARGET_PAGE_SIZE) - addr;
3526 if (l > len)
3527 l = len;
3528 phys_addr += (addr & ~TARGET_PAGE_MASK);
3529 if (is_write) {
3530 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3531 } else {
3532 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3533 buf, l, 0);
3534 }
3535 len -= l;
3536 buf += l;
3537 addr += l;
3538 }
3539 return 0;
3540 }
3541
3542 /*
3543 * Allows code that needs to deal with migration bitmaps etc to still be built
3544 * target independent.
3545 */
3546 size_t qemu_target_page_bits(void)
3547 {
3548 return TARGET_PAGE_BITS;
3549 }
3550
3551 #endif
3552
3553 /*
3554 * A helper function for the _utterly broken_ virtio device model to find out if
3555 * it's running on a big endian machine. Don't do this at home kids!
3556 */
3557 bool target_words_bigendian(void);
3558 bool target_words_bigendian(void)
3559 {
3560 #if defined(TARGET_WORDS_BIGENDIAN)
3561 return true;
3562 #else
3563 return false;
3564 #endif
3565 }
3566
3567 #ifndef CONFIG_USER_ONLY
3568 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3569 {
3570 MemoryRegion*mr;
3571 hwaddr l = 1;
3572 bool res;
3573
3574 rcu_read_lock();
3575 mr = address_space_translate(&address_space_memory,
3576 phys_addr, &phys_addr, &l, false);
3577
3578 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3579 rcu_read_unlock();
3580 return res;
3581 }
3582
3583 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3584 {
3585 RAMBlock *block;
3586 int ret = 0;
3587
3588 rcu_read_lock();
3589 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3590 ret = func(block->idstr, block->host, block->offset,
3591 block->used_length, opaque);
3592 if (ret) {
3593 break;
3594 }
3595 }
3596 rcu_read_unlock();
3597 return ret;
3598 }
3599 #endif
QEMU mirror