]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "qemu/osdep.h"
20 #include "qapi/error.h"
21 #ifndef _WIN32
22 #endif
23
24 #include "qemu/cutils.h"
25 #include "cpu.h"
26 #include "exec/exec-all.h"
27 #include "tcg.h"
28 #include "hw/qdev-core.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #include "hw/xen/xen.h"
32 #endif
33 #include "sysemu/kvm.h"
34 #include "sysemu/sysemu.h"
35 #include "qemu/timer.h"
36 #include "qemu/config-file.h"
37 #include "qemu/error-report.h"
38 #if defined(CONFIG_USER_ONLY)
39 #include "qemu.h"
40 #else /* !CONFIG_USER_ONLY */
41 #include "hw/hw.h"
42 #include "exec/memory.h"
43 #include "exec/ioport.h"
44 #include "sysemu/dma.h"
45 #include "exec/address-spaces.h"
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53 #include "sysemu/replay.h"
54
55 #include "exec/memory-internal.h"
56 #include "exec/ram_addr.h"
57 #include "exec/log.h"
58
59 #include "migration/vmstate.h"
60
61 #include "qemu/range.h"
62 #ifndef _WIN32
63 #include "qemu/mmap-alloc.h"
64 #endif
65
66 //#define DEBUG_SUBPAGE
67
68 #if !defined(CONFIG_USER_ONLY)
69 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
72 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
73
74 static MemoryRegion *system_memory;
75 static MemoryRegion *system_io;
76
77 AddressSpace address_space_io;
78 AddressSpace address_space_memory;
79
80 MemoryRegion io_mem_rom, io_mem_notdirty;
81 static MemoryRegion io_mem_unassigned;
82
83 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84 #define RAM_PREALLOC (1 << 0)
85
86 /* RAM is mmap-ed with MAP_SHARED */
87 #define RAM_SHARED (1 << 1)
88
89 /* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92 #define RAM_RESIZEABLE (1 << 2)
93
94 #endif
95
96 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
97 /* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
99 __thread CPUState *current_cpu;
100 /* 0 = Do not count executed instructions.
101 1 = Precise instruction counting.
102 2 = Adaptive rate instruction counting. */
103 int use_icount;
104
105 #if !defined(CONFIG_USER_ONLY)
106
107 typedef struct PhysPageEntry PhysPageEntry;
108
109 struct PhysPageEntry {
110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
111 uint32_t skip : 6;
112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
113 uint32_t ptr : 26;
114 };
115
116 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
118 /* Size of the L2 (and L3, etc) page tables. */
119 #define ADDR_SPACE_BITS 64
120
121 #define P_L2_BITS 9
122 #define P_L2_SIZE (1 << P_L2_BITS)
123
124 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126 typedef PhysPageEntry Node[P_L2_SIZE];
127
128 typedef struct PhysPageMap {
129 struct rcu_head rcu;
130
131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137 } PhysPageMap;
138
139 struct AddressSpaceDispatch {
140 struct rcu_head rcu;
141
142 MemoryRegionSection *mru_section;
143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
147 PhysPageMap map;
148 AddressSpace *as;
149 };
150
151 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152 typedef struct subpage_t {
153 MemoryRegion iomem;
154 AddressSpace *as;
155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157 } subpage_t;
158
159 #define PHYS_SECTION_UNASSIGNED 0
160 #define PHYS_SECTION_NOTDIRTY 1
161 #define PHYS_SECTION_ROM 2
162 #define PHYS_SECTION_WATCH 3
163
164 static void io_mem_init(void);
165 static void memory_map_init(void);
166 static void tcg_commit(MemoryListener *listener);
167
168 static MemoryRegion io_mem_watch;
169
170 /**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177 struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182 };
183
184 #endif
185
186 #if !defined(CONFIG_USER_ONLY)
187
188 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
189 {
190 static unsigned alloc_hint = 16;
191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
195 alloc_hint = map->nodes_nb_alloc;
196 }
197 }
198
199 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
200 {
201 unsigned i;
202 uint32_t ret;
203 PhysPageEntry e;
204 PhysPageEntry *p;
205
206 ret = map->nodes_nb++;
207 p = map->nodes[ret];
208 assert(ret != PHYS_MAP_NODE_NIL);
209 assert(ret != map->nodes_nb_alloc);
210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
213 for (i = 0; i < P_L2_SIZE; ++i) {
214 memcpy(&p[i], &e, sizeof(e));
215 }
216 return ret;
217 }
218
219 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
221 int level)
222 {
223 PhysPageEntry *p;
224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
225
226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
227 lp->ptr = phys_map_node_alloc(map, level == 0);
228 }
229 p = map->nodes[lp->ptr];
230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
231
232 while (*nb && lp < &p[P_L2_SIZE]) {
233 if ((*index & (step - 1)) == 0 && *nb >= step) {
234 lp->skip = 0;
235 lp->ptr = leaf;
236 *index += step;
237 *nb -= step;
238 } else {
239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
240 }
241 ++lp;
242 }
243 }
244
245 static void phys_page_set(AddressSpaceDispatch *d,
246 hwaddr index, hwaddr nb,
247 uint16_t leaf)
248 {
249 /* Wildly overreserve - it doesn't matter much. */
250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
251
252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
253 }
254
255 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258 static void phys_page_compact(PhysPageEntry *lp, Node *nodes)
259 {
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306 }
307
308 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309 {
310 if (d->phys_map.skip) {
311 phys_page_compact(&d->phys_map, d->map.nodes);
312 }
313 }
314
315 static inline bool section_covers_addr(const MemoryRegionSection *section,
316 hwaddr addr)
317 {
318 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
319 * the section must cover the entire address space.
320 */
321 return section->size.hi ||
322 range_covers_byte(section->offset_within_address_space,
323 section->size.lo, addr);
324 }
325
326 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
327 Node *nodes, MemoryRegionSection *sections)
328 {
329 PhysPageEntry *p;
330 hwaddr index = addr >> TARGET_PAGE_BITS;
331 int i;
332
333 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
334 if (lp.ptr == PHYS_MAP_NODE_NIL) {
335 return &sections[PHYS_SECTION_UNASSIGNED];
336 }
337 p = nodes[lp.ptr];
338 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
339 }
340
341 if (section_covers_addr(&sections[lp.ptr], addr)) {
342 return &sections[lp.ptr];
343 } else {
344 return &sections[PHYS_SECTION_UNASSIGNED];
345 }
346 }
347
348 bool memory_region_is_unassigned(MemoryRegion *mr)
349 {
350 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
351 && mr != &io_mem_watch;
352 }
353
354 /* Called from RCU critical section */
355 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
356 hwaddr addr,
357 bool resolve_subpage)
358 {
359 MemoryRegionSection *section = atomic_read(&d->mru_section);
360 subpage_t *subpage;
361 bool update;
362
363 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
364 section_covers_addr(section, addr)) {
365 update = false;
366 } else {
367 section = phys_page_find(d->phys_map, addr, d->map.nodes,
368 d->map.sections);
369 update = true;
370 }
371 if (resolve_subpage && section->mr->subpage) {
372 subpage = container_of(section->mr, subpage_t, iomem);
373 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
374 }
375 if (update) {
376 atomic_set(&d->mru_section, section);
377 }
378 return section;
379 }
380
381 /* Called from RCU critical section */
382 static MemoryRegionSection *
383 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
384 hwaddr *plen, bool resolve_subpage)
385 {
386 MemoryRegionSection *section;
387 MemoryRegion *mr;
388 Int128 diff;
389
390 section = address_space_lookup_region(d, addr, resolve_subpage);
391 /* Compute offset within MemoryRegionSection */
392 addr -= section->offset_within_address_space;
393
394 /* Compute offset within MemoryRegion */
395 *xlat = addr + section->offset_within_region;
396
397 mr = section->mr;
398
399 /* MMIO registers can be expected to perform full-width accesses based only
400 * on their address, without considering adjacent registers that could
401 * decode to completely different MemoryRegions. When such registers
402 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
403 * regions overlap wildly. For this reason we cannot clamp the accesses
404 * here.
405 *
406 * If the length is small (as is the case for address_space_ldl/stl),
407 * everything works fine. If the incoming length is large, however,
408 * the caller really has to do the clamping through memory_access_size.
409 */
410 if (memory_region_is_ram(mr)) {
411 diff = int128_sub(section->size, int128_make64(addr));
412 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
413 }
414 return section;
415 }
416
417 /* Called from RCU critical section */
418 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
419 hwaddr *xlat, hwaddr *plen,
420 bool is_write)
421 {
422 IOMMUTLBEntry iotlb;
423 MemoryRegionSection *section;
424 MemoryRegion *mr;
425
426 for (;;) {
427 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
428 section = address_space_translate_internal(d, addr, &addr, plen, true);
429 mr = section->mr;
430
431 if (!mr->iommu_ops) {
432 break;
433 }
434
435 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
436 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
437 | (addr & iotlb.addr_mask));
438 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
439 if (!(iotlb.perm & (1 << is_write))) {
440 mr = &io_mem_unassigned;
441 break;
442 }
443
444 as = iotlb.target_as;
445 }
446
447 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
448 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
449 *plen = MIN(page, *plen);
450 }
451
452 *xlat = addr;
453 return mr;
454 }
455
456 /* Called from RCU critical section */
457 MemoryRegionSection *
458 address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
459 hwaddr *xlat, hwaddr *plen)
460 {
461 MemoryRegionSection *section;
462 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
463
464 section = address_space_translate_internal(d, addr, xlat, plen, false);
465
466 assert(!section->mr->iommu_ops);
467 return section;
468 }
469 #endif
470
471 #if !defined(CONFIG_USER_ONLY)
472
473 static int cpu_common_post_load(void *opaque, int version_id)
474 {
475 CPUState *cpu = opaque;
476
477 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
478 version_id is increased. */
479 cpu->interrupt_request &= ~0x01;
480 tlb_flush(cpu, 1);
481
482 return 0;
483 }
484
485 static int cpu_common_pre_load(void *opaque)
486 {
487 CPUState *cpu = opaque;
488
489 cpu->exception_index = -1;
490
491 return 0;
492 }
493
494 static bool cpu_common_exception_index_needed(void *opaque)
495 {
496 CPUState *cpu = opaque;
497
498 return tcg_enabled() && cpu->exception_index != -1;
499 }
500
501 static const VMStateDescription vmstate_cpu_common_exception_index = {
502 .name = "cpu_common/exception_index",
503 .version_id = 1,
504 .minimum_version_id = 1,
505 .needed = cpu_common_exception_index_needed,
506 .fields = (VMStateField[]) {
507 VMSTATE_INT32(exception_index, CPUState),
508 VMSTATE_END_OF_LIST()
509 }
510 };
511
512 static bool cpu_common_crash_occurred_needed(void *opaque)
513 {
514 CPUState *cpu = opaque;
515
516 return cpu->crash_occurred;
517 }
518
519 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
520 .name = "cpu_common/crash_occurred",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .needed = cpu_common_crash_occurred_needed,
524 .fields = (VMStateField[]) {
525 VMSTATE_BOOL(crash_occurred, CPUState),
526 VMSTATE_END_OF_LIST()
527 }
528 };
529
530 const VMStateDescription vmstate_cpu_common = {
531 .name = "cpu_common",
532 .version_id = 1,
533 .minimum_version_id = 1,
534 .pre_load = cpu_common_pre_load,
535 .post_load = cpu_common_post_load,
536 .fields = (VMStateField[]) {
537 VMSTATE_UINT32(halted, CPUState),
538 VMSTATE_UINT32(interrupt_request, CPUState),
539 VMSTATE_END_OF_LIST()
540 },
541 .subsections = (const VMStateDescription*[]) {
542 &vmstate_cpu_common_exception_index,
543 &vmstate_cpu_common_crash_occurred,
544 NULL
545 }
546 };
547
548 #endif
549
550 CPUState *qemu_get_cpu(int index)
551 {
552 CPUState *cpu;
553
554 CPU_FOREACH(cpu) {
555 if (cpu->cpu_index == index) {
556 return cpu;
557 }
558 }
559
560 return NULL;
561 }
562
563 #if !defined(CONFIG_USER_ONLY)
564 void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
565 {
566 CPUAddressSpace *newas;
567
568 /* Target code should have set num_ases before calling us */
569 assert(asidx < cpu->num_ases);
570
571 if (asidx == 0) {
572 /* address space 0 gets the convenience alias */
573 cpu->as = as;
574 }
575
576 /* KVM cannot currently support multiple address spaces. */
577 assert(asidx == 0 || !kvm_enabled());
578
579 if (!cpu->cpu_ases) {
580 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
581 }
582
583 newas = &cpu->cpu_ases[asidx];
584 newas->cpu = cpu;
585 newas->as = as;
586 if (tcg_enabled()) {
587 newas->tcg_as_listener.commit = tcg_commit;
588 memory_listener_register(&newas->tcg_as_listener, as);
589 }
590 }
591
592 AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
593 {
594 /* Return the AddressSpace corresponding to the specified index */
595 return cpu->cpu_ases[asidx].as;
596 }
597 #endif
598
599 void cpu_exec_exit(CPUState *cpu)
600 {
601 CPUClass *cc = CPU_GET_CLASS(cpu);
602
603 cpu_list_remove(cpu);
604
605 if (cc->vmsd != NULL) {
606 vmstate_unregister(NULL, cc->vmsd, cpu);
607 }
608 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
609 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
610 }
611 }
612
613 void cpu_exec_init(CPUState *cpu, Error **errp)
614 {
615 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
616 Error *local_err ATTRIBUTE_UNUSED = NULL;
617
618 cpu->as = NULL;
619 cpu->num_ases = 0;
620
621 #ifndef CONFIG_USER_ONLY
622 cpu->thread_id = qemu_get_thread_id();
623
624 /* This is a softmmu CPU object, so create a property for it
625 * so users can wire up its memory. (This can't go in qom/cpu.c
626 * because that file is compiled only once for both user-mode
627 * and system builds.) The default if no link is set up is to use
628 * the system address space.
629 */
630 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
631 (Object **)&cpu->memory,
632 qdev_prop_allow_set_link_before_realize,
633 OBJ_PROP_LINK_UNREF_ON_RELEASE,
634 &error_abort);
635 cpu->memory = system_memory;
636 object_ref(OBJECT(cpu->memory));
637 #endif
638
639 cpu_list_add(cpu);
640
641 #ifndef CONFIG_USER_ONLY
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
644 }
645 if (cc->vmsd != NULL) {
646 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
647 }
648 #endif
649 }
650
651 #if defined(CONFIG_USER_ONLY)
652 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
653 {
654 tb_invalidate_phys_page_range(pc, pc + 1, 0);
655 }
656 #else
657 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
658 {
659 MemTxAttrs attrs;
660 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
661 int asidx = cpu_asidx_from_attrs(cpu, attrs);
662 if (phys != -1) {
663 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
664 phys | (pc & ~TARGET_PAGE_MASK));
665 }
666 }
667 #endif
668
669 #if defined(CONFIG_USER_ONLY)
670 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
671
672 {
673 }
674
675 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
676 int flags)
677 {
678 return -ENOSYS;
679 }
680
681 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
682 {
683 }
684
685 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
686 int flags, CPUWatchpoint **watchpoint)
687 {
688 return -ENOSYS;
689 }
690 #else
691 /* Add a watchpoint. */
692 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
693 int flags, CPUWatchpoint **watchpoint)
694 {
695 CPUWatchpoint *wp;
696
697 /* forbid ranges which are empty or run off the end of the address space */
698 if (len == 0 || (addr + len - 1) < addr) {
699 error_report("tried to set invalid watchpoint at %"
700 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
701 return -EINVAL;
702 }
703 wp = g_malloc(sizeof(*wp));
704
705 wp->vaddr = addr;
706 wp->len = len;
707 wp->flags = flags;
708
709 /* keep all GDB-injected watchpoints in front */
710 if (flags & BP_GDB) {
711 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
712 } else {
713 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
714 }
715
716 tlb_flush_page(cpu, addr);
717
718 if (watchpoint)
719 *watchpoint = wp;
720 return 0;
721 }
722
723 /* Remove a specific watchpoint. */
724 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
725 int flags)
726 {
727 CPUWatchpoint *wp;
728
729 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
730 if (addr == wp->vaddr && len == wp->len
731 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
732 cpu_watchpoint_remove_by_ref(cpu, wp);
733 return 0;
734 }
735 }
736 return -ENOENT;
737 }
738
739 /* Remove a specific watchpoint by reference. */
740 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
741 {
742 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
743
744 tlb_flush_page(cpu, watchpoint->vaddr);
745
746 g_free(watchpoint);
747 }
748
749 /* Remove all matching watchpoints. */
750 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
751 {
752 CPUWatchpoint *wp, *next;
753
754 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
755 if (wp->flags & mask) {
756 cpu_watchpoint_remove_by_ref(cpu, wp);
757 }
758 }
759 }
760
761 /* Return true if this watchpoint address matches the specified
762 * access (ie the address range covered by the watchpoint overlaps
763 * partially or completely with the address range covered by the
764 * access).
765 */
766 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
767 vaddr addr,
768 vaddr len)
769 {
770 /* We know the lengths are non-zero, but a little caution is
771 * required to avoid errors in the case where the range ends
772 * exactly at the top of the address space and so addr + len
773 * wraps round to zero.
774 */
775 vaddr wpend = wp->vaddr + wp->len - 1;
776 vaddr addrend = addr + len - 1;
777
778 return !(addr > wpend || wp->vaddr > addrend);
779 }
780
781 #endif
782
783 /* Add a breakpoint. */
784 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
785 CPUBreakpoint **breakpoint)
786 {
787 CPUBreakpoint *bp;
788
789 bp = g_malloc(sizeof(*bp));
790
791 bp->pc = pc;
792 bp->flags = flags;
793
794 /* keep all GDB-injected breakpoints in front */
795 if (flags & BP_GDB) {
796 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
797 } else {
798 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
799 }
800
801 breakpoint_invalidate(cpu, pc);
802
803 if (breakpoint) {
804 *breakpoint = bp;
805 }
806 return 0;
807 }
808
809 /* Remove a specific breakpoint. */
810 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
811 {
812 CPUBreakpoint *bp;
813
814 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
815 if (bp->pc == pc && bp->flags == flags) {
816 cpu_breakpoint_remove_by_ref(cpu, bp);
817 return 0;
818 }
819 }
820 return -ENOENT;
821 }
822
823 /* Remove a specific breakpoint by reference. */
824 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
825 {
826 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
827
828 breakpoint_invalidate(cpu, breakpoint->pc);
829
830 g_free(breakpoint);
831 }
832
833 /* Remove all matching breakpoints. */
834 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
835 {
836 CPUBreakpoint *bp, *next;
837
838 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
839 if (bp->flags & mask) {
840 cpu_breakpoint_remove_by_ref(cpu, bp);
841 }
842 }
843 }
844
845 /* enable or disable single step mode. EXCP_DEBUG is returned by the
846 CPU loop after each instruction */
847 void cpu_single_step(CPUState *cpu, int enabled)
848 {
849 if (cpu->singlestep_enabled != enabled) {
850 cpu->singlestep_enabled = enabled;
851 if (kvm_enabled()) {
852 kvm_update_guest_debug(cpu, 0);
853 } else {
854 /* must flush all the translated code to avoid inconsistencies */
855 /* XXX: only flush what is necessary */
856 tb_flush(cpu);
857 }
858 }
859 }
860
861 void cpu_abort(CPUState *cpu, const char *fmt, ...)
862 {
863 va_list ap;
864 va_list ap2;
865
866 va_start(ap, fmt);
867 va_copy(ap2, ap);
868 fprintf(stderr, "qemu: fatal: ");
869 vfprintf(stderr, fmt, ap);
870 fprintf(stderr, "\n");
871 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
872 if (qemu_log_separate()) {
873 qemu_log("qemu: fatal: ");
874 qemu_log_vprintf(fmt, ap2);
875 qemu_log("\n");
876 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
877 qemu_log_flush();
878 qemu_log_close();
879 }
880 va_end(ap2);
881 va_end(ap);
882 replay_finish();
883 #if defined(CONFIG_USER_ONLY)
884 {
885 struct sigaction act;
886 sigfillset(&act.sa_mask);
887 act.sa_handler = SIG_DFL;
888 sigaction(SIGABRT, &act, NULL);
889 }
890 #endif
891 abort();
892 }
893
894 #if !defined(CONFIG_USER_ONLY)
895 /* Called from RCU critical section */
896 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
897 {
898 RAMBlock *block;
899
900 block = atomic_rcu_read(&ram_list.mru_block);
901 if (block && addr - block->offset < block->max_length) {
902 return block;
903 }
904 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
905 if (addr - block->offset < block->max_length) {
906 goto found;
907 }
908 }
909
910 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
911 abort();
912
913 found:
914 /* It is safe to write mru_block outside the iothread lock. This
915 * is what happens:
916 *
917 * mru_block = xxx
918 * rcu_read_unlock()
919 * xxx removed from list
920 * rcu_read_lock()
921 * read mru_block
922 * mru_block = NULL;
923 * call_rcu(reclaim_ramblock, xxx);
924 * rcu_read_unlock()
925 *
926 * atomic_rcu_set is not needed here. The block was already published
927 * when it was placed into the list. Here we're just making an extra
928 * copy of the pointer.
929 */
930 ram_list.mru_block = block;
931 return block;
932 }
933
934 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
935 {
936 CPUState *cpu;
937 ram_addr_t start1;
938 RAMBlock *block;
939 ram_addr_t end;
940
941 end = TARGET_PAGE_ALIGN(start + length);
942 start &= TARGET_PAGE_MASK;
943
944 rcu_read_lock();
945 block = qemu_get_ram_block(start);
946 assert(block == qemu_get_ram_block(end - 1));
947 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
948 CPU_FOREACH(cpu) {
949 tlb_reset_dirty(cpu, start1, length);
950 }
951 rcu_read_unlock();
952 }
953
954 /* Note: start and end must be within the same ram block. */
955 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
956 ram_addr_t length,
957 unsigned client)
958 {
959 DirtyMemoryBlocks *blocks;
960 unsigned long end, page;
961 bool dirty = false;
962
963 if (length == 0) {
964 return false;
965 }
966
967 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
968 page = start >> TARGET_PAGE_BITS;
969
970 rcu_read_lock();
971
972 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
973
974 while (page < end) {
975 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
976 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
977 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
978
979 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
980 offset, num);
981 page += num;
982 }
983
984 rcu_read_unlock();
985
986 if (dirty && tcg_enabled()) {
987 tlb_reset_dirty_range_all(start, length);
988 }
989
990 return dirty;
991 }
992
993 /* Called from RCU critical section */
994 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
995 MemoryRegionSection *section,
996 target_ulong vaddr,
997 hwaddr paddr, hwaddr xlat,
998 int prot,
999 target_ulong *address)
1000 {
1001 hwaddr iotlb;
1002 CPUWatchpoint *wp;
1003
1004 if (memory_region_is_ram(section->mr)) {
1005 /* Normal RAM. */
1006 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
1007 if (!section->readonly) {
1008 iotlb |= PHYS_SECTION_NOTDIRTY;
1009 } else {
1010 iotlb |= PHYS_SECTION_ROM;
1011 }
1012 } else {
1013 AddressSpaceDispatch *d;
1014
1015 d = atomic_rcu_read(&section->address_space->dispatch);
1016 iotlb = section - d->map.sections;
1017 iotlb += xlat;
1018 }
1019
1020 /* Make accesses to pages with watchpoints go via the
1021 watchpoint trap routines. */
1022 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1023 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1024 /* Avoid trapping reads of pages with a write breakpoint. */
1025 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1026 iotlb = PHYS_SECTION_WATCH + paddr;
1027 *address |= TLB_MMIO;
1028 break;
1029 }
1030 }
1031 }
1032
1033 return iotlb;
1034 }
1035 #endif /* defined(CONFIG_USER_ONLY) */
1036
1037 #if !defined(CONFIG_USER_ONLY)
1038
1039 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1040 uint16_t section);
1041 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1042
1043 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1044 qemu_anon_ram_alloc;
1045
1046 /*
1047 * Set a custom physical guest memory alloator.
1048 * Accelerators with unusual needs may need this. Hopefully, we can
1049 * get rid of it eventually.
1050 */
1051 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1052 {
1053 phys_mem_alloc = alloc;
1054 }
1055
1056 static uint16_t phys_section_add(PhysPageMap *map,
1057 MemoryRegionSection *section)
1058 {
1059 /* The physical section number is ORed with a page-aligned
1060 * pointer to produce the iotlb entries. Thus it should
1061 * never overflow into the page-aligned value.
1062 */
1063 assert(map->sections_nb < TARGET_PAGE_SIZE);
1064
1065 if (map->sections_nb == map->sections_nb_alloc) {
1066 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1067 map->sections = g_renew(MemoryRegionSection, map->sections,
1068 map->sections_nb_alloc);
1069 }
1070 map->sections[map->sections_nb] = *section;
1071 memory_region_ref(section->mr);
1072 return map->sections_nb++;
1073 }
1074
1075 static void phys_section_destroy(MemoryRegion *mr)
1076 {
1077 bool have_sub_page = mr->subpage;
1078
1079 memory_region_unref(mr);
1080
1081 if (have_sub_page) {
1082 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1083 object_unref(OBJECT(&subpage->iomem));
1084 g_free(subpage);
1085 }
1086 }
1087
1088 static void phys_sections_free(PhysPageMap *map)
1089 {
1090 while (map->sections_nb > 0) {
1091 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1092 phys_section_destroy(section->mr);
1093 }
1094 g_free(map->sections);
1095 g_free(map->nodes);
1096 }
1097
1098 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1099 {
1100 subpage_t *subpage;
1101 hwaddr base = section->offset_within_address_space
1102 & TARGET_PAGE_MASK;
1103 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1104 d->map.nodes, d->map.sections);
1105 MemoryRegionSection subsection = {
1106 .offset_within_address_space = base,
1107 .size = int128_make64(TARGET_PAGE_SIZE),
1108 };
1109 hwaddr start, end;
1110
1111 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1112
1113 if (!(existing->mr->subpage)) {
1114 subpage = subpage_init(d->as, base);
1115 subsection.address_space = d->as;
1116 subsection.mr = &subpage->iomem;
1117 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1118 phys_section_add(&d->map, &subsection));
1119 } else {
1120 subpage = container_of(existing->mr, subpage_t, iomem);
1121 }
1122 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1123 end = start + int128_get64(section->size) - 1;
1124 subpage_register(subpage, start, end,
1125 phys_section_add(&d->map, section));
1126 }
1127
1128
1129 static void register_multipage(AddressSpaceDispatch *d,
1130 MemoryRegionSection *section)
1131 {
1132 hwaddr start_addr = section->offset_within_address_space;
1133 uint16_t section_index = phys_section_add(&d->map, section);
1134 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1135 TARGET_PAGE_BITS));
1136
1137 assert(num_pages);
1138 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1139 }
1140
1141 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1142 {
1143 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1144 AddressSpaceDispatch *d = as->next_dispatch;
1145 MemoryRegionSection now = *section, remain = *section;
1146 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1147
1148 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1149 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1150 - now.offset_within_address_space;
1151
1152 now.size = int128_min(int128_make64(left), now.size);
1153 register_subpage(d, &now);
1154 } else {
1155 now.size = int128_zero();
1156 }
1157 while (int128_ne(remain.size, now.size)) {
1158 remain.size = int128_sub(remain.size, now.size);
1159 remain.offset_within_address_space += int128_get64(now.size);
1160 remain.offset_within_region += int128_get64(now.size);
1161 now = remain;
1162 if (int128_lt(remain.size, page_size)) {
1163 register_subpage(d, &now);
1164 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1165 now.size = page_size;
1166 register_subpage(d, &now);
1167 } else {
1168 now.size = int128_and(now.size, int128_neg(page_size));
1169 register_multipage(d, &now);
1170 }
1171 }
1172 }
1173
1174 void qemu_flush_coalesced_mmio_buffer(void)
1175 {
1176 if (kvm_enabled())
1177 kvm_flush_coalesced_mmio_buffer();
1178 }
1179
1180 void qemu_mutex_lock_ramlist(void)
1181 {
1182 qemu_mutex_lock(&ram_list.mutex);
1183 }
1184
1185 void qemu_mutex_unlock_ramlist(void)
1186 {
1187 qemu_mutex_unlock(&ram_list.mutex);
1188 }
1189
1190 #ifdef __linux__
1191 static void *file_ram_alloc(RAMBlock *block,
1192 ram_addr_t memory,
1193 const char *path,
1194 Error **errp)
1195 {
1196 bool unlink_on_error = false;
1197 char *filename;
1198 char *sanitized_name;
1199 char *c;
1200 void *area = MAP_FAILED;
1201 int fd = -1;
1202
1203 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1204 error_setg(errp,
1205 "host lacks kvm mmu notifiers, -mem-path unsupported");
1206 return NULL;
1207 }
1208
1209 for (;;) {
1210 fd = open(path, O_RDWR);
1211 if (fd >= 0) {
1212 /* @path names an existing file, use it */
1213 break;
1214 }
1215 if (errno == ENOENT) {
1216 /* @path names a file that doesn't exist, create it */
1217 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1218 if (fd >= 0) {
1219 unlink_on_error = true;
1220 break;
1221 }
1222 } else if (errno == EISDIR) {
1223 /* @path names a directory, create a file there */
1224 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1225 sanitized_name = g_strdup(memory_region_name(block->mr));
1226 for (c = sanitized_name; *c != '\0'; c++) {
1227 if (*c == '/') {
1228 *c = '_';
1229 }
1230 }
1231
1232 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1233 sanitized_name);
1234 g_free(sanitized_name);
1235
1236 fd = mkstemp(filename);
1237 if (fd >= 0) {
1238 unlink(filename);
1239 g_free(filename);
1240 break;
1241 }
1242 g_free(filename);
1243 }
1244 if (errno != EEXIST && errno != EINTR) {
1245 error_setg_errno(errp, errno,
1246 "can't open backing store %s for guest RAM",
1247 path);
1248 goto error;
1249 }
1250 /*
1251 * Try again on EINTR and EEXIST. The latter happens when
1252 * something else creates the file between our two open().
1253 */
1254 }
1255
1256 block->page_size = qemu_fd_getpagesize(fd);
1257 block->mr->align = block->page_size;
1258 #if defined(__s390x__)
1259 if (kvm_enabled()) {
1260 block->mr->align = MAX(block->mr->align, QEMU_VMALLOC_ALIGN);
1261 }
1262 #endif
1263
1264 if (memory < block->page_size) {
1265 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1266 "or larger than page size 0x%zx",
1267 memory, block->page_size);
1268 goto error;
1269 }
1270
1271 memory = ROUND_UP(memory, block->page_size);
1272
1273 /*
1274 * ftruncate is not supported by hugetlbfs in older
1275 * hosts, so don't bother bailing out on errors.
1276 * If anything goes wrong with it under other filesystems,
1277 * mmap will fail.
1278 */
1279 if (ftruncate(fd, memory)) {
1280 perror("ftruncate");
1281 }
1282
1283 area = qemu_ram_mmap(fd, memory, block->mr->align,
1284 block->flags & RAM_SHARED);
1285 if (area == MAP_FAILED) {
1286 error_setg_errno(errp, errno,
1287 "unable to map backing store for guest RAM");
1288 goto error;
1289 }
1290
1291 if (mem_prealloc) {
1292 os_mem_prealloc(fd, area, memory, errp);
1293 if (errp && *errp) {
1294 goto error;
1295 }
1296 }
1297
1298 block->fd = fd;
1299 return area;
1300
1301 error:
1302 if (area != MAP_FAILED) {
1303 qemu_ram_munmap(area, memory);
1304 }
1305 if (unlink_on_error) {
1306 unlink(path);
1307 }
1308 if (fd != -1) {
1309 close(fd);
1310 }
1311 return NULL;
1312 }
1313 #endif
1314
1315 /* Called with the ramlist lock held. */
1316 static ram_addr_t find_ram_offset(ram_addr_t size)
1317 {
1318 RAMBlock *block, *next_block;
1319 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1320
1321 assert(size != 0); /* it would hand out same offset multiple times */
1322
1323 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1324 return 0;
1325 }
1326
1327 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1328 ram_addr_t end, next = RAM_ADDR_MAX;
1329
1330 end = block->offset + block->max_length;
1331
1332 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1333 if (next_block->offset >= end) {
1334 next = MIN(next, next_block->offset);
1335 }
1336 }
1337 if (next - end >= size && next - end < mingap) {
1338 offset = end;
1339 mingap = next - end;
1340 }
1341 }
1342
1343 if (offset == RAM_ADDR_MAX) {
1344 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1345 (uint64_t)size);
1346 abort();
1347 }
1348
1349 return offset;
1350 }
1351
1352 ram_addr_t last_ram_offset(void)
1353 {
1354 RAMBlock *block;
1355 ram_addr_t last = 0;
1356
1357 rcu_read_lock();
1358 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1359 last = MAX(last, block->offset + block->max_length);
1360 }
1361 rcu_read_unlock();
1362 return last;
1363 }
1364
1365 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1366 {
1367 int ret;
1368
1369 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1370 if (!machine_dump_guest_core(current_machine)) {
1371 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1372 if (ret) {
1373 perror("qemu_madvise");
1374 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1375 "but dump_guest_core=off specified\n");
1376 }
1377 }
1378 }
1379
1380 const char *qemu_ram_get_idstr(RAMBlock *rb)
1381 {
1382 return rb->idstr;
1383 }
1384
1385 /* Called with iothread lock held. */
1386 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
1387 {
1388 RAMBlock *block;
1389
1390 assert(new_block);
1391 assert(!new_block->idstr[0]);
1392
1393 if (dev) {
1394 char *id = qdev_get_dev_path(dev);
1395 if (id) {
1396 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1397 g_free(id);
1398 }
1399 }
1400 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1401
1402 rcu_read_lock();
1403 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1404 if (block != new_block &&
1405 !strcmp(block->idstr, new_block->idstr)) {
1406 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1407 new_block->idstr);
1408 abort();
1409 }
1410 }
1411 rcu_read_unlock();
1412 }
1413
1414 /* Called with iothread lock held. */
1415 void qemu_ram_unset_idstr(RAMBlock *block)
1416 {
1417 /* FIXME: arch_init.c assumes that this is not called throughout
1418 * migration. Ignore the problem since hot-unplug during migration
1419 * does not work anyway.
1420 */
1421 if (block) {
1422 memset(block->idstr, 0, sizeof(block->idstr));
1423 }
1424 }
1425
1426 size_t qemu_ram_pagesize(RAMBlock *rb)
1427 {
1428 return rb->page_size;
1429 }
1430
1431 static int memory_try_enable_merging(void *addr, size_t len)
1432 {
1433 if (!machine_mem_merge(current_machine)) {
1434 /* disabled by the user */
1435 return 0;
1436 }
1437
1438 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1439 }
1440
1441 /* Only legal before guest might have detected the memory size: e.g. on
1442 * incoming migration, or right after reset.
1443 *
1444 * As memory core doesn't know how is memory accessed, it is up to
1445 * resize callback to update device state and/or add assertions to detect
1446 * misuse, if necessary.
1447 */
1448 int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
1449 {
1450 assert(block);
1451
1452 newsize = HOST_PAGE_ALIGN(newsize);
1453
1454 if (block->used_length == newsize) {
1455 return 0;
1456 }
1457
1458 if (!(block->flags & RAM_RESIZEABLE)) {
1459 error_setg_errno(errp, EINVAL,
1460 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1461 " in != 0x" RAM_ADDR_FMT, block->idstr,
1462 newsize, block->used_length);
1463 return -EINVAL;
1464 }
1465
1466 if (block->max_length < newsize) {
1467 error_setg_errno(errp, EINVAL,
1468 "Length too large: %s: 0x" RAM_ADDR_FMT
1469 " > 0x" RAM_ADDR_FMT, block->idstr,
1470 newsize, block->max_length);
1471 return -EINVAL;
1472 }
1473
1474 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1475 block->used_length = newsize;
1476 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1477 DIRTY_CLIENTS_ALL);
1478 memory_region_set_size(block->mr, newsize);
1479 if (block->resized) {
1480 block->resized(block->idstr, newsize, block->host);
1481 }
1482 return 0;
1483 }
1484
1485 /* Called with ram_list.mutex held */
1486 static void dirty_memory_extend(ram_addr_t old_ram_size,
1487 ram_addr_t new_ram_size)
1488 {
1489 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1490 DIRTY_MEMORY_BLOCK_SIZE);
1491 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1492 DIRTY_MEMORY_BLOCK_SIZE);
1493 int i;
1494
1495 /* Only need to extend if block count increased */
1496 if (new_num_blocks <= old_num_blocks) {
1497 return;
1498 }
1499
1500 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1501 DirtyMemoryBlocks *old_blocks;
1502 DirtyMemoryBlocks *new_blocks;
1503 int j;
1504
1505 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1506 new_blocks = g_malloc(sizeof(*new_blocks) +
1507 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1508
1509 if (old_num_blocks) {
1510 memcpy(new_blocks->blocks, old_blocks->blocks,
1511 old_num_blocks * sizeof(old_blocks->blocks[0]));
1512 }
1513
1514 for (j = old_num_blocks; j < new_num_blocks; j++) {
1515 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1516 }
1517
1518 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1519
1520 if (old_blocks) {
1521 g_free_rcu(old_blocks, rcu);
1522 }
1523 }
1524 }
1525
1526 static void ram_block_add(RAMBlock *new_block, Error **errp)
1527 {
1528 RAMBlock *block;
1529 RAMBlock *last_block = NULL;
1530 ram_addr_t old_ram_size, new_ram_size;
1531 Error *err = NULL;
1532
1533 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1534
1535 qemu_mutex_lock_ramlist();
1536 new_block->offset = find_ram_offset(new_block->max_length);
1537
1538 if (!new_block->host) {
1539 if (xen_enabled()) {
1540 xen_ram_alloc(new_block->offset, new_block->max_length,
1541 new_block->mr, &err);
1542 if (err) {
1543 error_propagate(errp, err);
1544 qemu_mutex_unlock_ramlist();
1545 return;
1546 }
1547 } else {
1548 new_block->host = phys_mem_alloc(new_block->max_length,
1549 &new_block->mr->align);
1550 if (!new_block->host) {
1551 error_setg_errno(errp, errno,
1552 "cannot set up guest memory '%s'",
1553 memory_region_name(new_block->mr));
1554 qemu_mutex_unlock_ramlist();
1555 return;
1556 }
1557 memory_try_enable_merging(new_block->host, new_block->max_length);
1558 }
1559 }
1560
1561 new_ram_size = MAX(old_ram_size,
1562 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1563 if (new_ram_size > old_ram_size) {
1564 migration_bitmap_extend(old_ram_size, new_ram_size);
1565 dirty_memory_extend(old_ram_size, new_ram_size);
1566 }
1567 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1568 * QLIST (which has an RCU-friendly variant) does not have insertion at
1569 * tail, so save the last element in last_block.
1570 */
1571 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1572 last_block = block;
1573 if (block->max_length < new_block->max_length) {
1574 break;
1575 }
1576 }
1577 if (block) {
1578 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1579 } else if (last_block) {
1580 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1581 } else { /* list is empty */
1582 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1583 }
1584 ram_list.mru_block = NULL;
1585
1586 /* Write list before version */
1587 smp_wmb();
1588 ram_list.version++;
1589 qemu_mutex_unlock_ramlist();
1590
1591 cpu_physical_memory_set_dirty_range(new_block->offset,
1592 new_block->used_length,
1593 DIRTY_CLIENTS_ALL);
1594
1595 if (new_block->host) {
1596 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1597 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1598 /* MADV_DONTFORK is also needed by KVM in absence of synchronous MMU */
1599 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1600 }
1601 }
1602
1603 #ifdef __linux__
1604 RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1605 bool share, const char *mem_path,
1606 Error **errp)
1607 {
1608 RAMBlock *new_block;
1609 Error *local_err = NULL;
1610
1611 if (xen_enabled()) {
1612 error_setg(errp, "-mem-path not supported with Xen");
1613 return NULL;
1614 }
1615
1616 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1617 /*
1618 * file_ram_alloc() needs to allocate just like
1619 * phys_mem_alloc, but we haven't bothered to provide
1620 * a hook there.
1621 */
1622 error_setg(errp,
1623 "-mem-path not supported with this accelerator");
1624 return NULL;
1625 }
1626
1627 size = HOST_PAGE_ALIGN(size);
1628 new_block = g_malloc0(sizeof(*new_block));
1629 new_block->mr = mr;
1630 new_block->used_length = size;
1631 new_block->max_length = size;
1632 new_block->flags = share ? RAM_SHARED : 0;
1633 new_block->host = file_ram_alloc(new_block, size,
1634 mem_path, errp);
1635 if (!new_block->host) {
1636 g_free(new_block);
1637 return NULL;
1638 }
1639
1640 ram_block_add(new_block, &local_err);
1641 if (local_err) {
1642 g_free(new_block);
1643 error_propagate(errp, local_err);
1644 return NULL;
1645 }
1646 return new_block;
1647 }
1648 #endif
1649
1650 static
1651 RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1652 void (*resized)(const char*,
1653 uint64_t length,
1654 void *host),
1655 void *host, bool resizeable,
1656 MemoryRegion *mr, Error **errp)
1657 {
1658 RAMBlock *new_block;
1659 Error *local_err = NULL;
1660
1661 size = HOST_PAGE_ALIGN(size);
1662 max_size = HOST_PAGE_ALIGN(max_size);
1663 new_block = g_malloc0(sizeof(*new_block));
1664 new_block->mr = mr;
1665 new_block->resized = resized;
1666 new_block->used_length = size;
1667 new_block->max_length = max_size;
1668 assert(max_size >= size);
1669 new_block->fd = -1;
1670 new_block->page_size = getpagesize();
1671 new_block->host = host;
1672 if (host) {
1673 new_block->flags |= RAM_PREALLOC;
1674 }
1675 if (resizeable) {
1676 new_block->flags |= RAM_RESIZEABLE;
1677 }
1678 ram_block_add(new_block, &local_err);
1679 if (local_err) {
1680 g_free(new_block);
1681 error_propagate(errp, local_err);
1682 return NULL;
1683 }
1684 return new_block;
1685 }
1686
1687 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1688 MemoryRegion *mr, Error **errp)
1689 {
1690 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1691 }
1692
1693 RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1694 {
1695 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1696 }
1697
1698 RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1699 void (*resized)(const char*,
1700 uint64_t length,
1701 void *host),
1702 MemoryRegion *mr, Error **errp)
1703 {
1704 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1705 }
1706
1707 static void reclaim_ramblock(RAMBlock *block)
1708 {
1709 if (block->flags & RAM_PREALLOC) {
1710 ;
1711 } else if (xen_enabled()) {
1712 xen_invalidate_map_cache_entry(block->host);
1713 #ifndef _WIN32
1714 } else if (block->fd >= 0) {
1715 qemu_ram_munmap(block->host, block->max_length);
1716 close(block->fd);
1717 #endif
1718 } else {
1719 qemu_anon_ram_free(block->host, block->max_length);
1720 }
1721 g_free(block);
1722 }
1723
1724 void qemu_ram_free(RAMBlock *block)
1725 {
1726 if (!block) {
1727 return;
1728 }
1729
1730 qemu_mutex_lock_ramlist();
1731 QLIST_REMOVE_RCU(block, next);
1732 ram_list.mru_block = NULL;
1733 /* Write list before version */
1734 smp_wmb();
1735 ram_list.version++;
1736 call_rcu(block, reclaim_ramblock, rcu);
1737 qemu_mutex_unlock_ramlist();
1738 }
1739
1740 #ifndef _WIN32
1741 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1742 {
1743 RAMBlock *block;
1744 ram_addr_t offset;
1745 int flags;
1746 void *area, *vaddr;
1747
1748 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1749 offset = addr - block->offset;
1750 if (offset < block->max_length) {
1751 vaddr = ramblock_ptr(block, offset);
1752 if (block->flags & RAM_PREALLOC) {
1753 ;
1754 } else if (xen_enabled()) {
1755 abort();
1756 } else {
1757 flags = MAP_FIXED;
1758 if (block->fd >= 0) {
1759 flags |= (block->flags & RAM_SHARED ?
1760 MAP_SHARED : MAP_PRIVATE);
1761 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1762 flags, block->fd, offset);
1763 } else {
1764 /*
1765 * Remap needs to match alloc. Accelerators that
1766 * set phys_mem_alloc never remap. If they did,
1767 * we'd need a remap hook here.
1768 */
1769 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1770
1771 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1772 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1773 flags, -1, 0);
1774 }
1775 if (area != vaddr) {
1776 fprintf(stderr, "Could not remap addr: "
1777 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1778 length, addr);
1779 exit(1);
1780 }
1781 memory_try_enable_merging(vaddr, length);
1782 qemu_ram_setup_dump(vaddr, length);
1783 }
1784 }
1785 }
1786 }
1787 #endif /* !_WIN32 */
1788
1789 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1790 * This should not be used for general purpose DMA. Use address_space_map
1791 * or address_space_rw instead. For local memory (e.g. video ram) that the
1792 * device owns, use memory_region_get_ram_ptr.
1793 *
1794 * Called within RCU critical section.
1795 */
1796 void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1797 {
1798 RAMBlock *block = ram_block;
1799
1800 if (block == NULL) {
1801 block = qemu_get_ram_block(addr);
1802 addr -= block->offset;
1803 }
1804
1805 if (xen_enabled() && block->host == NULL) {
1806 /* We need to check if the requested address is in the RAM
1807 * because we don't want to map the entire memory in QEMU.
1808 * In that case just map until the end of the page.
1809 */
1810 if (block->offset == 0) {
1811 return xen_map_cache(addr, 0, 0);
1812 }
1813
1814 block->host = xen_map_cache(block->offset, block->max_length, 1);
1815 }
1816 return ramblock_ptr(block, addr);
1817 }
1818
1819 /* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
1820 * but takes a size argument.
1821 *
1822 * Called within RCU critical section.
1823 */
1824 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1825 hwaddr *size)
1826 {
1827 RAMBlock *block = ram_block;
1828 if (*size == 0) {
1829 return NULL;
1830 }
1831
1832 if (block == NULL) {
1833 block = qemu_get_ram_block(addr);
1834 addr -= block->offset;
1835 }
1836 *size = MIN(*size, block->max_length - addr);
1837
1838 if (xen_enabled() && block->host == NULL) {
1839 /* We need to check if the requested address is in the RAM
1840 * because we don't want to map the entire memory in QEMU.
1841 * In that case just map the requested area.
1842 */
1843 if (block->offset == 0) {
1844 return xen_map_cache(addr, *size, 1);
1845 }
1846
1847 block->host = xen_map_cache(block->offset, block->max_length, 1);
1848 }
1849
1850 return ramblock_ptr(block, addr);
1851 }
1852
1853 /*
1854 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1855 * in that RAMBlock.
1856 *
1857 * ptr: Host pointer to look up
1858 * round_offset: If true round the result offset down to a page boundary
1859 * *ram_addr: set to result ram_addr
1860 * *offset: set to result offset within the RAMBlock
1861 *
1862 * Returns: RAMBlock (or NULL if not found)
1863 *
1864 * By the time this function returns, the returned pointer is not protected
1865 * by RCU anymore. If the caller is not within an RCU critical section and
1866 * does not hold the iothread lock, it must have other means of protecting the
1867 * pointer, such as a reference to the region that includes the incoming
1868 * ram_addr_t.
1869 */
1870 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
1871 ram_addr_t *offset)
1872 {
1873 RAMBlock *block;
1874 uint8_t *host = ptr;
1875
1876 if (xen_enabled()) {
1877 ram_addr_t ram_addr;
1878 rcu_read_lock();
1879 ram_addr = xen_ram_addr_from_mapcache(ptr);
1880 block = qemu_get_ram_block(ram_addr);
1881 if (block) {
1882 *offset = ram_addr - block->offset;
1883 }
1884 rcu_read_unlock();
1885 return block;
1886 }
1887
1888 rcu_read_lock();
1889 block = atomic_rcu_read(&ram_list.mru_block);
1890 if (block && block->host && host - block->host < block->max_length) {
1891 goto found;
1892 }
1893
1894 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1895 /* This case append when the block is not mapped. */
1896 if (block->host == NULL) {
1897 continue;
1898 }
1899 if (host - block->host < block->max_length) {
1900 goto found;
1901 }
1902 }
1903
1904 rcu_read_unlock();
1905 return NULL;
1906
1907 found:
1908 *offset = (host - block->host);
1909 if (round_offset) {
1910 *offset &= TARGET_PAGE_MASK;
1911 }
1912 rcu_read_unlock();
1913 return block;
1914 }
1915
1916 /*
1917 * Finds the named RAMBlock
1918 *
1919 * name: The name of RAMBlock to find
1920 *
1921 * Returns: RAMBlock (or NULL if not found)
1922 */
1923 RAMBlock *qemu_ram_block_by_name(const char *name)
1924 {
1925 RAMBlock *block;
1926
1927 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1928 if (!strcmp(name, block->idstr)) {
1929 return block;
1930 }
1931 }
1932
1933 return NULL;
1934 }
1935
1936 /* Some of the softmmu routines need to translate from a host pointer
1937 (typically a TLB entry) back to a ram offset. */
1938 ram_addr_t qemu_ram_addr_from_host(void *ptr)
1939 {
1940 RAMBlock *block;
1941 ram_addr_t offset;
1942
1943 block = qemu_ram_block_from_host(ptr, false, &offset);
1944 if (!block) {
1945 return RAM_ADDR_INVALID;
1946 }
1947
1948 return block->offset + offset;
1949 }
1950
1951 /* Called within RCU critical section. */
1952 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1953 uint64_t val, unsigned size)
1954 {
1955 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1956 tb_invalidate_phys_page_fast(ram_addr, size);
1957 }
1958 switch (size) {
1959 case 1:
1960 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1961 break;
1962 case 2:
1963 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1964 break;
1965 case 4:
1966 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
1967 break;
1968 default:
1969 abort();
1970 }
1971 /* Set both VGA and migration bits for simplicity and to remove
1972 * the notdirty callback faster.
1973 */
1974 cpu_physical_memory_set_dirty_range(ram_addr, size,
1975 DIRTY_CLIENTS_NOCODE);
1976 /* we remove the notdirty callback only if the code has been
1977 flushed */
1978 if (!cpu_physical_memory_is_clean(ram_addr)) {
1979 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1980 }
1981 }
1982
1983 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1984 unsigned size, bool is_write)
1985 {
1986 return is_write;
1987 }
1988
1989 static const MemoryRegionOps notdirty_mem_ops = {
1990 .write = notdirty_mem_write,
1991 .valid.accepts = notdirty_mem_accepts,
1992 .endianness = DEVICE_NATIVE_ENDIAN,
1993 };
1994
1995 /* Generate a debug exception if a watchpoint has been hit. */
1996 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1997 {
1998 CPUState *cpu = current_cpu;
1999 CPUClass *cc = CPU_GET_CLASS(cpu);
2000 CPUArchState *env = cpu->env_ptr;
2001 target_ulong pc, cs_base;
2002 target_ulong vaddr;
2003 CPUWatchpoint *wp;
2004 uint32_t cpu_flags;
2005
2006 if (cpu->watchpoint_hit) {
2007 /* We re-entered the check after replacing the TB. Now raise
2008 * the debug interrupt so that is will trigger after the
2009 * current instruction. */
2010 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
2011 return;
2012 }
2013 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
2014 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
2015 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2016 && (wp->flags & flags)) {
2017 if (flags == BP_MEM_READ) {
2018 wp->flags |= BP_WATCHPOINT_HIT_READ;
2019 } else {
2020 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2021 }
2022 wp->hitaddr = vaddr;
2023 wp->hitattrs = attrs;
2024 if (!cpu->watchpoint_hit) {
2025 if (wp->flags & BP_CPU &&
2026 !cc->debug_check_watchpoint(cpu, wp)) {
2027 wp->flags &= ~BP_WATCHPOINT_HIT;
2028 continue;
2029 }
2030 cpu->watchpoint_hit = wp;
2031 tb_check_watchpoint(cpu);
2032 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
2033 cpu->exception_index = EXCP_DEBUG;
2034 cpu_loop_exit(cpu);
2035 } else {
2036 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2037 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2038 cpu_loop_exit_noexc(cpu);
2039 }
2040 }
2041 } else {
2042 wp->flags &= ~BP_WATCHPOINT_HIT;
2043 }
2044 }
2045 }
2046
2047 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2048 so these check for a hit then pass through to the normal out-of-line
2049 phys routines. */
2050 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2051 unsigned size, MemTxAttrs attrs)
2052 {
2053 MemTxResult res;
2054 uint64_t data;
2055 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2056 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2057
2058 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2059 switch (size) {
2060 case 1:
2061 data = address_space_ldub(as, addr, attrs, &res);
2062 break;
2063 case 2:
2064 data = address_space_lduw(as, addr, attrs, &res);
2065 break;
2066 case 4:
2067 data = address_space_ldl(as, addr, attrs, &res);
2068 break;
2069 default: abort();
2070 }
2071 *pdata = data;
2072 return res;
2073 }
2074
2075 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2076 uint64_t val, unsigned size,
2077 MemTxAttrs attrs)
2078 {
2079 MemTxResult res;
2080 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2081 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
2082
2083 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2084 switch (size) {
2085 case 1:
2086 address_space_stb(as, addr, val, attrs, &res);
2087 break;
2088 case 2:
2089 address_space_stw(as, addr, val, attrs, &res);
2090 break;
2091 case 4:
2092 address_space_stl(as, addr, val, attrs, &res);
2093 break;
2094 default: abort();
2095 }
2096 return res;
2097 }
2098
2099 static const MemoryRegionOps watch_mem_ops = {
2100 .read_with_attrs = watch_mem_read,
2101 .write_with_attrs = watch_mem_write,
2102 .endianness = DEVICE_NATIVE_ENDIAN,
2103 };
2104
2105 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2106 unsigned len, MemTxAttrs attrs)
2107 {
2108 subpage_t *subpage = opaque;
2109 uint8_t buf[8];
2110 MemTxResult res;
2111
2112 #if defined(DEBUG_SUBPAGE)
2113 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2114 subpage, len, addr);
2115 #endif
2116 res = address_space_read(subpage->as, addr + subpage->base,
2117 attrs, buf, len);
2118 if (res) {
2119 return res;
2120 }
2121 switch (len) {
2122 case 1:
2123 *data = ldub_p(buf);
2124 return MEMTX_OK;
2125 case 2:
2126 *data = lduw_p(buf);
2127 return MEMTX_OK;
2128 case 4:
2129 *data = ldl_p(buf);
2130 return MEMTX_OK;
2131 case 8:
2132 *data = ldq_p(buf);
2133 return MEMTX_OK;
2134 default:
2135 abort();
2136 }
2137 }
2138
2139 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2140 uint64_t value, unsigned len, MemTxAttrs attrs)
2141 {
2142 subpage_t *subpage = opaque;
2143 uint8_t buf[8];
2144
2145 #if defined(DEBUG_SUBPAGE)
2146 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2147 " value %"PRIx64"\n",
2148 __func__, subpage, len, addr, value);
2149 #endif
2150 switch (len) {
2151 case 1:
2152 stb_p(buf, value);
2153 break;
2154 case 2:
2155 stw_p(buf, value);
2156 break;
2157 case 4:
2158 stl_p(buf, value);
2159 break;
2160 case 8:
2161 stq_p(buf, value);
2162 break;
2163 default:
2164 abort();
2165 }
2166 return address_space_write(subpage->as, addr + subpage->base,
2167 attrs, buf, len);
2168 }
2169
2170 static bool subpage_accepts(void *opaque, hwaddr addr,
2171 unsigned len, bool is_write)
2172 {
2173 subpage_t *subpage = opaque;
2174 #if defined(DEBUG_SUBPAGE)
2175 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2176 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2177 #endif
2178
2179 return address_space_access_valid(subpage->as, addr + subpage->base,
2180 len, is_write);
2181 }
2182
2183 static const MemoryRegionOps subpage_ops = {
2184 .read_with_attrs = subpage_read,
2185 .write_with_attrs = subpage_write,
2186 .impl.min_access_size = 1,
2187 .impl.max_access_size = 8,
2188 .valid.min_access_size = 1,
2189 .valid.max_access_size = 8,
2190 .valid.accepts = subpage_accepts,
2191 .endianness = DEVICE_NATIVE_ENDIAN,
2192 };
2193
2194 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2195 uint16_t section)
2196 {
2197 int idx, eidx;
2198
2199 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2200 return -1;
2201 idx = SUBPAGE_IDX(start);
2202 eidx = SUBPAGE_IDX(end);
2203 #if defined(DEBUG_SUBPAGE)
2204 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2205 __func__, mmio, start, end, idx, eidx, section);
2206 #endif
2207 for (; idx <= eidx; idx++) {
2208 mmio->sub_section[idx] = section;
2209 }
2210
2211 return 0;
2212 }
2213
2214 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2215 {
2216 subpage_t *mmio;
2217
2218 mmio = g_malloc0(sizeof(subpage_t));
2219
2220 mmio->as = as;
2221 mmio->base = base;
2222 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2223 NULL, TARGET_PAGE_SIZE);
2224 mmio->iomem.subpage = true;
2225 #if defined(DEBUG_SUBPAGE)
2226 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2227 mmio, base, TARGET_PAGE_SIZE);
2228 #endif
2229 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2230
2231 return mmio;
2232 }
2233
2234 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2235 MemoryRegion *mr)
2236 {
2237 assert(as);
2238 MemoryRegionSection section = {
2239 .address_space = as,
2240 .mr = mr,
2241 .offset_within_address_space = 0,
2242 .offset_within_region = 0,
2243 .size = int128_2_64(),
2244 };
2245
2246 return phys_section_add(map, &section);
2247 }
2248
2249 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
2250 {
2251 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2252 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
2253 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2254 MemoryRegionSection *sections = d->map.sections;
2255
2256 return sections[index & ~TARGET_PAGE_MASK].mr;
2257 }
2258
2259 static void io_mem_init(void)
2260 {
2261 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2262 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2263 NULL, UINT64_MAX);
2264 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2265 NULL, UINT64_MAX);
2266 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2267 NULL, UINT64_MAX);
2268 }
2269
2270 static void mem_begin(MemoryListener *listener)
2271 {
2272 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2273 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2274 uint16_t n;
2275
2276 n = dummy_section(&d->map, as, &io_mem_unassigned);
2277 assert(n == PHYS_SECTION_UNASSIGNED);
2278 n = dummy_section(&d->map, as, &io_mem_notdirty);
2279 assert(n == PHYS_SECTION_NOTDIRTY);
2280 n = dummy_section(&d->map, as, &io_mem_rom);
2281 assert(n == PHYS_SECTION_ROM);
2282 n = dummy_section(&d->map, as, &io_mem_watch);
2283 assert(n == PHYS_SECTION_WATCH);
2284
2285 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2286 d->as = as;
2287 as->next_dispatch = d;
2288 }
2289
2290 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2291 {
2292 phys_sections_free(&d->map);
2293 g_free(d);
2294 }
2295
2296 static void mem_commit(MemoryListener *listener)
2297 {
2298 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2299 AddressSpaceDispatch *cur = as->dispatch;
2300 AddressSpaceDispatch *next = as->next_dispatch;
2301
2302 phys_page_compact_all(next, next->map.nodes_nb);
2303
2304 atomic_rcu_set(&as->dispatch, next);
2305 if (cur) {
2306 call_rcu(cur, address_space_dispatch_free, rcu);
2307 }
2308 }
2309
2310 static void tcg_commit(MemoryListener *listener)
2311 {
2312 CPUAddressSpace *cpuas;
2313 AddressSpaceDispatch *d;
2314
2315 /* since each CPU stores ram addresses in its TLB cache, we must
2316 reset the modified entries */
2317 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2318 cpu_reloading_memory_map();
2319 /* The CPU and TLB are protected by the iothread lock.
2320 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2321 * may have split the RCU critical section.
2322 */
2323 d = atomic_rcu_read(&cpuas->as->dispatch);
2324 cpuas->memory_dispatch = d;
2325 tlb_flush(cpuas->cpu, 1);
2326 }
2327
2328 void address_space_init_dispatch(AddressSpace *as)
2329 {
2330 as->dispatch = NULL;
2331 as->dispatch_listener = (MemoryListener) {
2332 .begin = mem_begin,
2333 .commit = mem_commit,
2334 .region_add = mem_add,
2335 .region_nop = mem_add,
2336 .priority = 0,
2337 };
2338 memory_listener_register(&as->dispatch_listener, as);
2339 }
2340
2341 void address_space_unregister(AddressSpace *as)
2342 {
2343 memory_listener_unregister(&as->dispatch_listener);
2344 }
2345
2346 void address_space_destroy_dispatch(AddressSpace *as)
2347 {
2348 AddressSpaceDispatch *d = as->dispatch;
2349
2350 atomic_rcu_set(&as->dispatch, NULL);
2351 if (d) {
2352 call_rcu(d, address_space_dispatch_free, rcu);
2353 }
2354 }
2355
2356 static void memory_map_init(void)
2357 {
2358 system_memory = g_malloc(sizeof(*system_memory));
2359
2360 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2361 address_space_init(&address_space_memory, system_memory, "memory");
2362
2363 system_io = g_malloc(sizeof(*system_io));
2364 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2365 65536);
2366 address_space_init(&address_space_io, system_io, "I/O");
2367 }
2368
2369 MemoryRegion *get_system_memory(void)
2370 {
2371 return system_memory;
2372 }
2373
2374 MemoryRegion *get_system_io(void)
2375 {
2376 return system_io;
2377 }
2378
2379 #endif /* !defined(CONFIG_USER_ONLY) */
2380
2381 /* physical memory access (slow version, mainly for debug) */
2382 #if defined(CONFIG_USER_ONLY)
2383 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2384 uint8_t *buf, int len, int is_write)
2385 {
2386 int l, flags;
2387 target_ulong page;
2388 void * p;
2389
2390 while (len > 0) {
2391 page = addr & TARGET_PAGE_MASK;
2392 l = (page + TARGET_PAGE_SIZE) - addr;
2393 if (l > len)
2394 l = len;
2395 flags = page_get_flags(page);
2396 if (!(flags & PAGE_VALID))
2397 return -1;
2398 if (is_write) {
2399 if (!(flags & PAGE_WRITE))
2400 return -1;
2401 /* XXX: this code should not depend on lock_user */
2402 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2403 return -1;
2404 memcpy(p, buf, l);
2405 unlock_user(p, addr, l);
2406 } else {
2407 if (!(flags & PAGE_READ))
2408 return -1;
2409 /* XXX: this code should not depend on lock_user */
2410 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2411 return -1;
2412 memcpy(buf, p, l);
2413 unlock_user(p, addr, 0);
2414 }
2415 len -= l;
2416 buf += l;
2417 addr += l;
2418 }
2419 return 0;
2420 }
2421
2422 #else
2423
2424 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2425 hwaddr length)
2426 {
2427 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2428 addr += memory_region_get_ram_addr(mr);
2429
2430 /* No early return if dirty_log_mask is or becomes 0, because
2431 * cpu_physical_memory_set_dirty_range will still call
2432 * xen_modified_memory.
2433 */
2434 if (dirty_log_mask) {
2435 dirty_log_mask =
2436 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2437 }
2438 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2439 tb_invalidate_phys_range(addr, addr + length);
2440 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2441 }
2442 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2443 }
2444
2445 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2446 {
2447 unsigned access_size_max = mr->ops->valid.max_access_size;
2448
2449 /* Regions are assumed to support 1-4 byte accesses unless
2450 otherwise specified. */
2451 if (access_size_max == 0) {
2452 access_size_max = 4;
2453 }
2454
2455 /* Bound the maximum access by the alignment of the address. */
2456 if (!mr->ops->impl.unaligned) {
2457 unsigned align_size_max = addr & -addr;
2458 if (align_size_max != 0 && align_size_max < access_size_max) {
2459 access_size_max = align_size_max;
2460 }
2461 }
2462
2463 /* Don't attempt accesses larger than the maximum. */
2464 if (l > access_size_max) {
2465 l = access_size_max;
2466 }
2467 l = pow2floor(l);
2468
2469 return l;
2470 }
2471
2472 static bool prepare_mmio_access(MemoryRegion *mr)
2473 {
2474 bool unlocked = !qemu_mutex_iothread_locked();
2475 bool release_lock = false;
2476
2477 if (unlocked && mr->global_locking) {
2478 qemu_mutex_lock_iothread();
2479 unlocked = false;
2480 release_lock = true;
2481 }
2482 if (mr->flush_coalesced_mmio) {
2483 if (unlocked) {
2484 qemu_mutex_lock_iothread();
2485 }
2486 qemu_flush_coalesced_mmio_buffer();
2487 if (unlocked) {
2488 qemu_mutex_unlock_iothread();
2489 }
2490 }
2491
2492 return release_lock;
2493 }
2494
2495 /* Called within RCU critical section. */
2496 static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2497 MemTxAttrs attrs,
2498 const uint8_t *buf,
2499 int len, hwaddr addr1,
2500 hwaddr l, MemoryRegion *mr)
2501 {
2502 uint8_t *ptr;
2503 uint64_t val;
2504 MemTxResult result = MEMTX_OK;
2505 bool release_lock = false;
2506
2507 for (;;) {
2508 if (!memory_access_is_direct(mr, true)) {
2509 release_lock |= prepare_mmio_access(mr);
2510 l = memory_access_size(mr, l, addr1);
2511 /* XXX: could force current_cpu to NULL to avoid
2512 potential bugs */
2513 switch (l) {
2514 case 8:
2515 /* 64 bit write access */
2516 val = ldq_p(buf);
2517 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2518 attrs);
2519 break;
2520 case 4:
2521 /* 32 bit write access */
2522 val = ldl_p(buf);
2523 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2524 attrs);
2525 break;
2526 case 2:
2527 /* 16 bit write access */
2528 val = lduw_p(buf);
2529 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2530 attrs);
2531 break;
2532 case 1:
2533 /* 8 bit write access */
2534 val = ldub_p(buf);
2535 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2536 attrs);
2537 break;
2538 default:
2539 abort();
2540 }
2541 } else {
2542 /* RAM case */
2543 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2544 memcpy(ptr, buf, l);
2545 invalidate_and_set_dirty(mr, addr1, l);
2546 }
2547
2548 if (release_lock) {
2549 qemu_mutex_unlock_iothread();
2550 release_lock = false;
2551 }
2552
2553 len -= l;
2554 buf += l;
2555 addr += l;
2556
2557 if (!len) {
2558 break;
2559 }
2560
2561 l = len;
2562 mr = address_space_translate(as, addr, &addr1, &l, true);
2563 }
2564
2565 return result;
2566 }
2567
2568 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2569 const uint8_t *buf, int len)
2570 {
2571 hwaddr l;
2572 hwaddr addr1;
2573 MemoryRegion *mr;
2574 MemTxResult result = MEMTX_OK;
2575
2576 if (len > 0) {
2577 rcu_read_lock();
2578 l = len;
2579 mr = address_space_translate(as, addr, &addr1, &l, true);
2580 result = address_space_write_continue(as, addr, attrs, buf, len,
2581 addr1, l, mr);
2582 rcu_read_unlock();
2583 }
2584
2585 return result;
2586 }
2587
2588 /* Called within RCU critical section. */
2589 MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2590 MemTxAttrs attrs, uint8_t *buf,
2591 int len, hwaddr addr1, hwaddr l,
2592 MemoryRegion *mr)
2593 {
2594 uint8_t *ptr;
2595 uint64_t val;
2596 MemTxResult result = MEMTX_OK;
2597 bool release_lock = false;
2598
2599 for (;;) {
2600 if (!memory_access_is_direct(mr, false)) {
2601 /* I/O case */
2602 release_lock |= prepare_mmio_access(mr);
2603 l = memory_access_size(mr, l, addr1);
2604 switch (l) {
2605 case 8:
2606 /* 64 bit read access */
2607 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2608 attrs);
2609 stq_p(buf, val);
2610 break;
2611 case 4:
2612 /* 32 bit read access */
2613 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2614 attrs);
2615 stl_p(buf, val);
2616 break;
2617 case 2:
2618 /* 16 bit read access */
2619 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2620 attrs);
2621 stw_p(buf, val);
2622 break;
2623 case 1:
2624 /* 8 bit read access */
2625 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2626 attrs);
2627 stb_p(buf, val);
2628 break;
2629 default:
2630 abort();
2631 }
2632 } else {
2633 /* RAM case */
2634 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2635 memcpy(buf, ptr, l);
2636 }
2637
2638 if (release_lock) {
2639 qemu_mutex_unlock_iothread();
2640 release_lock = false;
2641 }
2642
2643 len -= l;
2644 buf += l;
2645 addr += l;
2646
2647 if (!len) {
2648 break;
2649 }
2650
2651 l = len;
2652 mr = address_space_translate(as, addr, &addr1, &l, false);
2653 }
2654
2655 return result;
2656 }
2657
2658 MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2659 MemTxAttrs attrs, uint8_t *buf, int len)
2660 {
2661 hwaddr l;
2662 hwaddr addr1;
2663 MemoryRegion *mr;
2664 MemTxResult result = MEMTX_OK;
2665
2666 if (len > 0) {
2667 rcu_read_lock();
2668 l = len;
2669 mr = address_space_translate(as, addr, &addr1, &l, false);
2670 result = address_space_read_continue(as, addr, attrs, buf, len,
2671 addr1, l, mr);
2672 rcu_read_unlock();
2673 }
2674
2675 return result;
2676 }
2677
2678 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2679 uint8_t *buf, int len, bool is_write)
2680 {
2681 if (is_write) {
2682 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2683 } else {
2684 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2685 }
2686 }
2687
2688 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2689 int len, int is_write)
2690 {
2691 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2692 buf, len, is_write);
2693 }
2694
2695 enum write_rom_type {
2696 WRITE_DATA,
2697 FLUSH_CACHE,
2698 };
2699
2700 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2701 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2702 {
2703 hwaddr l;
2704 uint8_t *ptr;
2705 hwaddr addr1;
2706 MemoryRegion *mr;
2707
2708 rcu_read_lock();
2709 while (len > 0) {
2710 l = len;
2711 mr = address_space_translate(as, addr, &addr1, &l, true);
2712
2713 if (!(memory_region_is_ram(mr) ||
2714 memory_region_is_romd(mr))) {
2715 l = memory_access_size(mr, l, addr1);
2716 } else {
2717 /* ROM/RAM case */
2718 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
2719 switch (type) {
2720 case WRITE_DATA:
2721 memcpy(ptr, buf, l);
2722 invalidate_and_set_dirty(mr, addr1, l);
2723 break;
2724 case FLUSH_CACHE:
2725 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2726 break;
2727 }
2728 }
2729 len -= l;
2730 buf += l;
2731 addr += l;
2732 }
2733 rcu_read_unlock();
2734 }
2735
2736 /* used for ROM loading : can write in RAM and ROM */
2737 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2738 const uint8_t *buf, int len)
2739 {
2740 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2741 }
2742
2743 void cpu_flush_icache_range(hwaddr start, int len)
2744 {
2745 /*
2746 * This function should do the same thing as an icache flush that was
2747 * triggered from within the guest. For TCG we are always cache coherent,
2748 * so there is no need to flush anything. For KVM / Xen we need to flush
2749 * the host's instruction cache at least.
2750 */
2751 if (tcg_enabled()) {
2752 return;
2753 }
2754
2755 cpu_physical_memory_write_rom_internal(&address_space_memory,
2756 start, NULL, len, FLUSH_CACHE);
2757 }
2758
2759 typedef struct {
2760 MemoryRegion *mr;
2761 void *buffer;
2762 hwaddr addr;
2763 hwaddr len;
2764 bool in_use;
2765 } BounceBuffer;
2766
2767 static BounceBuffer bounce;
2768
2769 typedef struct MapClient {
2770 QEMUBH *bh;
2771 QLIST_ENTRY(MapClient) link;
2772 } MapClient;
2773
2774 QemuMutex map_client_list_lock;
2775 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2776 = QLIST_HEAD_INITIALIZER(map_client_list);
2777
2778 static void cpu_unregister_map_client_do(MapClient *client)
2779 {
2780 QLIST_REMOVE(client, link);
2781 g_free(client);
2782 }
2783
2784 static void cpu_notify_map_clients_locked(void)
2785 {
2786 MapClient *client;
2787
2788 while (!QLIST_EMPTY(&map_client_list)) {
2789 client = QLIST_FIRST(&map_client_list);
2790 qemu_bh_schedule(client->bh);
2791 cpu_unregister_map_client_do(client);
2792 }
2793 }
2794
2795 void cpu_register_map_client(QEMUBH *bh)
2796 {
2797 MapClient *client = g_malloc(sizeof(*client));
2798
2799 qemu_mutex_lock(&map_client_list_lock);
2800 client->bh = bh;
2801 QLIST_INSERT_HEAD(&map_client_list, client, link);
2802 if (!atomic_read(&bounce.in_use)) {
2803 cpu_notify_map_clients_locked();
2804 }
2805 qemu_mutex_unlock(&map_client_list_lock);
2806 }
2807
2808 void cpu_exec_init_all(void)
2809 {
2810 qemu_mutex_init(&ram_list.mutex);
2811 io_mem_init();
2812 memory_map_init();
2813 qemu_mutex_init(&map_client_list_lock);
2814 }
2815
2816 void cpu_unregister_map_client(QEMUBH *bh)
2817 {
2818 MapClient *client;
2819
2820 qemu_mutex_lock(&map_client_list_lock);
2821 QLIST_FOREACH(client, &map_client_list, link) {
2822 if (client->bh == bh) {
2823 cpu_unregister_map_client_do(client);
2824 break;
2825 }
2826 }
2827 qemu_mutex_unlock(&map_client_list_lock);
2828 }
2829
2830 static void cpu_notify_map_clients(void)
2831 {
2832 qemu_mutex_lock(&map_client_list_lock);
2833 cpu_notify_map_clients_locked();
2834 qemu_mutex_unlock(&map_client_list_lock);
2835 }
2836
2837 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2838 {
2839 MemoryRegion *mr;
2840 hwaddr l, xlat;
2841
2842 rcu_read_lock();
2843 while (len > 0) {
2844 l = len;
2845 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2846 if (!memory_access_is_direct(mr, is_write)) {
2847 l = memory_access_size(mr, l, addr);
2848 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2849 return false;
2850 }
2851 }
2852
2853 len -= l;
2854 addr += l;
2855 }
2856 rcu_read_unlock();
2857 return true;
2858 }
2859
2860 /* Map a physical memory region into a host virtual address.
2861 * May map a subset of the requested range, given by and returned in *plen.
2862 * May return NULL if resources needed to perform the mapping are exhausted.
2863 * Use only for reads OR writes - not for read-modify-write operations.
2864 * Use cpu_register_map_client() to know when retrying the map operation is
2865 * likely to succeed.
2866 */
2867 void *address_space_map(AddressSpace *as,
2868 hwaddr addr,
2869 hwaddr *plen,
2870 bool is_write)
2871 {
2872 hwaddr len = *plen;
2873 hwaddr done = 0;
2874 hwaddr l, xlat, base;
2875 MemoryRegion *mr, *this_mr;
2876 void *ptr;
2877
2878 if (len == 0) {
2879 return NULL;
2880 }
2881
2882 l = len;
2883 rcu_read_lock();
2884 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2885
2886 if (!memory_access_is_direct(mr, is_write)) {
2887 if (atomic_xchg(&bounce.in_use, true)) {
2888 rcu_read_unlock();
2889 return NULL;
2890 }
2891 /* Avoid unbounded allocations */
2892 l = MIN(l, TARGET_PAGE_SIZE);
2893 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2894 bounce.addr = addr;
2895 bounce.len = l;
2896
2897 memory_region_ref(mr);
2898 bounce.mr = mr;
2899 if (!is_write) {
2900 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2901 bounce.buffer, l);
2902 }
2903
2904 rcu_read_unlock();
2905 *plen = l;
2906 return bounce.buffer;
2907 }
2908
2909 base = xlat;
2910
2911 for (;;) {
2912 len -= l;
2913 addr += l;
2914 done += l;
2915 if (len == 0) {
2916 break;
2917 }
2918
2919 l = len;
2920 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2921 if (this_mr != mr || xlat != base + done) {
2922 break;
2923 }
2924 }
2925
2926 memory_region_ref(mr);
2927 *plen = done;
2928 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
2929 rcu_read_unlock();
2930
2931 return ptr;
2932 }
2933
2934 /* Unmaps a memory region previously mapped by address_space_map().
2935 * Will also mark the memory as dirty if is_write == 1. access_len gives
2936 * the amount of memory that was actually read or written by the caller.
2937 */
2938 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2939 int is_write, hwaddr access_len)
2940 {
2941 if (buffer != bounce.buffer) {
2942 MemoryRegion *mr;
2943 ram_addr_t addr1;
2944
2945 mr = memory_region_from_host(buffer, &addr1);
2946 assert(mr != NULL);
2947 if (is_write) {
2948 invalidate_and_set_dirty(mr, addr1, access_len);
2949 }
2950 if (xen_enabled()) {
2951 xen_invalidate_map_cache_entry(buffer);
2952 }
2953 memory_region_unref(mr);
2954 return;
2955 }
2956 if (is_write) {
2957 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2958 bounce.buffer, access_len);
2959 }
2960 qemu_vfree(bounce.buffer);
2961 bounce.buffer = NULL;
2962 memory_region_unref(bounce.mr);
2963 atomic_mb_set(&bounce.in_use, false);
2964 cpu_notify_map_clients();
2965 }
2966
2967 void *cpu_physical_memory_map(hwaddr addr,
2968 hwaddr *plen,
2969 int is_write)
2970 {
2971 return address_space_map(&address_space_memory, addr, plen, is_write);
2972 }
2973
2974 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2975 int is_write, hwaddr access_len)
2976 {
2977 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2978 }
2979
2980 /* warning: addr must be aligned */
2981 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2982 MemTxAttrs attrs,
2983 MemTxResult *result,
2984 enum device_endian endian)
2985 {
2986 uint8_t *ptr;
2987 uint64_t val;
2988 MemoryRegion *mr;
2989 hwaddr l = 4;
2990 hwaddr addr1;
2991 MemTxResult r;
2992 bool release_lock = false;
2993
2994 rcu_read_lock();
2995 mr = address_space_translate(as, addr, &addr1, &l, false);
2996 if (l < 4 || !memory_access_is_direct(mr, false)) {
2997 release_lock |= prepare_mmio_access(mr);
2998
2999 /* I/O case */
3000 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
3001 #if defined(TARGET_WORDS_BIGENDIAN)
3002 if (endian == DEVICE_LITTLE_ENDIAN) {
3003 val = bswap32(val);
3004 }
3005 #else
3006 if (endian == DEVICE_BIG_ENDIAN) {
3007 val = bswap32(val);
3008 }
3009 #endif
3010 } else {
3011 /* RAM case */
3012 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3013 switch (endian) {
3014 case DEVICE_LITTLE_ENDIAN:
3015 val = ldl_le_p(ptr);
3016 break;
3017 case DEVICE_BIG_ENDIAN:
3018 val = ldl_be_p(ptr);
3019 break;
3020 default:
3021 val = ldl_p(ptr);
3022 break;
3023 }
3024 r = MEMTX_OK;
3025 }
3026 if (result) {
3027 *result = r;
3028 }
3029 if (release_lock) {
3030 qemu_mutex_unlock_iothread();
3031 }
3032 rcu_read_unlock();
3033 return val;
3034 }
3035
3036 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3037 MemTxAttrs attrs, MemTxResult *result)
3038 {
3039 return address_space_ldl_internal(as, addr, attrs, result,
3040 DEVICE_NATIVE_ENDIAN);
3041 }
3042
3043 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3044 MemTxAttrs attrs, MemTxResult *result)
3045 {
3046 return address_space_ldl_internal(as, addr, attrs, result,
3047 DEVICE_LITTLE_ENDIAN);
3048 }
3049
3050 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3051 MemTxAttrs attrs, MemTxResult *result)
3052 {
3053 return address_space_ldl_internal(as, addr, attrs, result,
3054 DEVICE_BIG_ENDIAN);
3055 }
3056
3057 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
3058 {
3059 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3060 }
3061
3062 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
3063 {
3064 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3065 }
3066
3067 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
3068 {
3069 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3070 }
3071
3072 /* warning: addr must be aligned */
3073 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3074 MemTxAttrs attrs,
3075 MemTxResult *result,
3076 enum device_endian endian)
3077 {
3078 uint8_t *ptr;
3079 uint64_t val;
3080 MemoryRegion *mr;
3081 hwaddr l = 8;
3082 hwaddr addr1;
3083 MemTxResult r;
3084 bool release_lock = false;
3085
3086 rcu_read_lock();
3087 mr = address_space_translate(as, addr, &addr1, &l,
3088 false);
3089 if (l < 8 || !memory_access_is_direct(mr, false)) {
3090 release_lock |= prepare_mmio_access(mr);
3091
3092 /* I/O case */
3093 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
3094 #if defined(TARGET_WORDS_BIGENDIAN)
3095 if (endian == DEVICE_LITTLE_ENDIAN) {
3096 val = bswap64(val);
3097 }
3098 #else
3099 if (endian == DEVICE_BIG_ENDIAN) {
3100 val = bswap64(val);
3101 }
3102 #endif
3103 } else {
3104 /* RAM case */
3105 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3106 switch (endian) {
3107 case DEVICE_LITTLE_ENDIAN:
3108 val = ldq_le_p(ptr);
3109 break;
3110 case DEVICE_BIG_ENDIAN:
3111 val = ldq_be_p(ptr);
3112 break;
3113 default:
3114 val = ldq_p(ptr);
3115 break;
3116 }
3117 r = MEMTX_OK;
3118 }
3119 if (result) {
3120 *result = r;
3121 }
3122 if (release_lock) {
3123 qemu_mutex_unlock_iothread();
3124 }
3125 rcu_read_unlock();
3126 return val;
3127 }
3128
3129 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3130 MemTxAttrs attrs, MemTxResult *result)
3131 {
3132 return address_space_ldq_internal(as, addr, attrs, result,
3133 DEVICE_NATIVE_ENDIAN);
3134 }
3135
3136 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3137 MemTxAttrs attrs, MemTxResult *result)
3138 {
3139 return address_space_ldq_internal(as, addr, attrs, result,
3140 DEVICE_LITTLE_ENDIAN);
3141 }
3142
3143 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3144 MemTxAttrs attrs, MemTxResult *result)
3145 {
3146 return address_space_ldq_internal(as, addr, attrs, result,
3147 DEVICE_BIG_ENDIAN);
3148 }
3149
3150 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3151 {
3152 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3153 }
3154
3155 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3156 {
3157 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3158 }
3159
3160 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3161 {
3162 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3163 }
3164
3165 /* XXX: optimize */
3166 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3167 MemTxAttrs attrs, MemTxResult *result)
3168 {
3169 uint8_t val;
3170 MemTxResult r;
3171
3172 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3173 if (result) {
3174 *result = r;
3175 }
3176 return val;
3177 }
3178
3179 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3180 {
3181 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3182 }
3183
3184 /* warning: addr must be aligned */
3185 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3186 hwaddr addr,
3187 MemTxAttrs attrs,
3188 MemTxResult *result,
3189 enum device_endian endian)
3190 {
3191 uint8_t *ptr;
3192 uint64_t val;
3193 MemoryRegion *mr;
3194 hwaddr l = 2;
3195 hwaddr addr1;
3196 MemTxResult r;
3197 bool release_lock = false;
3198
3199 rcu_read_lock();
3200 mr = address_space_translate(as, addr, &addr1, &l,
3201 false);
3202 if (l < 2 || !memory_access_is_direct(mr, false)) {
3203 release_lock |= prepare_mmio_access(mr);
3204
3205 /* I/O case */
3206 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3207 #if defined(TARGET_WORDS_BIGENDIAN)
3208 if (endian == DEVICE_LITTLE_ENDIAN) {
3209 val = bswap16(val);
3210 }
3211 #else
3212 if (endian == DEVICE_BIG_ENDIAN) {
3213 val = bswap16(val);
3214 }
3215 #endif
3216 } else {
3217 /* RAM case */
3218 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3219 switch (endian) {
3220 case DEVICE_LITTLE_ENDIAN:
3221 val = lduw_le_p(ptr);
3222 break;
3223 case DEVICE_BIG_ENDIAN:
3224 val = lduw_be_p(ptr);
3225 break;
3226 default:
3227 val = lduw_p(ptr);
3228 break;
3229 }
3230 r = MEMTX_OK;
3231 }
3232 if (result) {
3233 *result = r;
3234 }
3235 if (release_lock) {
3236 qemu_mutex_unlock_iothread();
3237 }
3238 rcu_read_unlock();
3239 return val;
3240 }
3241
3242 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3243 MemTxAttrs attrs, MemTxResult *result)
3244 {
3245 return address_space_lduw_internal(as, addr, attrs, result,
3246 DEVICE_NATIVE_ENDIAN);
3247 }
3248
3249 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3250 MemTxAttrs attrs, MemTxResult *result)
3251 {
3252 return address_space_lduw_internal(as, addr, attrs, result,
3253 DEVICE_LITTLE_ENDIAN);
3254 }
3255
3256 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3257 MemTxAttrs attrs, MemTxResult *result)
3258 {
3259 return address_space_lduw_internal(as, addr, attrs, result,
3260 DEVICE_BIG_ENDIAN);
3261 }
3262
3263 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3264 {
3265 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3266 }
3267
3268 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3269 {
3270 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3271 }
3272
3273 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3274 {
3275 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3276 }
3277
3278 /* warning: addr must be aligned. The ram page is not masked as dirty
3279 and the code inside is not invalidated. It is useful if the dirty
3280 bits are used to track modified PTEs */
3281 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3282 MemTxAttrs attrs, MemTxResult *result)
3283 {
3284 uint8_t *ptr;
3285 MemoryRegion *mr;
3286 hwaddr l = 4;
3287 hwaddr addr1;
3288 MemTxResult r;
3289 uint8_t dirty_log_mask;
3290 bool release_lock = false;
3291
3292 rcu_read_lock();
3293 mr = address_space_translate(as, addr, &addr1, &l,
3294 true);
3295 if (l < 4 || !memory_access_is_direct(mr, true)) {
3296 release_lock |= prepare_mmio_access(mr);
3297
3298 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3299 } else {
3300 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3301 stl_p(ptr, val);
3302
3303 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3304 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3305 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3306 4, dirty_log_mask);
3307 r = MEMTX_OK;
3308 }
3309 if (result) {
3310 *result = r;
3311 }
3312 if (release_lock) {
3313 qemu_mutex_unlock_iothread();
3314 }
3315 rcu_read_unlock();
3316 }
3317
3318 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3319 {
3320 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3321 }
3322
3323 /* warning: addr must be aligned */
3324 static inline void address_space_stl_internal(AddressSpace *as,
3325 hwaddr addr, uint32_t val,
3326 MemTxAttrs attrs,
3327 MemTxResult *result,
3328 enum device_endian endian)
3329 {
3330 uint8_t *ptr;
3331 MemoryRegion *mr;
3332 hwaddr l = 4;
3333 hwaddr addr1;
3334 MemTxResult r;
3335 bool release_lock = false;
3336
3337 rcu_read_lock();
3338 mr = address_space_translate(as, addr, &addr1, &l,
3339 true);
3340 if (l < 4 || !memory_access_is_direct(mr, true)) {
3341 release_lock |= prepare_mmio_access(mr);
3342
3343 #if defined(TARGET_WORDS_BIGENDIAN)
3344 if (endian == DEVICE_LITTLE_ENDIAN) {
3345 val = bswap32(val);
3346 }
3347 #else
3348 if (endian == DEVICE_BIG_ENDIAN) {
3349 val = bswap32(val);
3350 }
3351 #endif
3352 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3353 } else {
3354 /* RAM case */
3355 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3356 switch (endian) {
3357 case DEVICE_LITTLE_ENDIAN:
3358 stl_le_p(ptr, val);
3359 break;
3360 case DEVICE_BIG_ENDIAN:
3361 stl_be_p(ptr, val);
3362 break;
3363 default:
3364 stl_p(ptr, val);
3365 break;
3366 }
3367 invalidate_and_set_dirty(mr, addr1, 4);
3368 r = MEMTX_OK;
3369 }
3370 if (result) {
3371 *result = r;
3372 }
3373 if (release_lock) {
3374 qemu_mutex_unlock_iothread();
3375 }
3376 rcu_read_unlock();
3377 }
3378
3379 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3380 MemTxAttrs attrs, MemTxResult *result)
3381 {
3382 address_space_stl_internal(as, addr, val, attrs, result,
3383 DEVICE_NATIVE_ENDIAN);
3384 }
3385
3386 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3387 MemTxAttrs attrs, MemTxResult *result)
3388 {
3389 address_space_stl_internal(as, addr, val, attrs, result,
3390 DEVICE_LITTLE_ENDIAN);
3391 }
3392
3393 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3394 MemTxAttrs attrs, MemTxResult *result)
3395 {
3396 address_space_stl_internal(as, addr, val, attrs, result,
3397 DEVICE_BIG_ENDIAN);
3398 }
3399
3400 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3401 {
3402 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3403 }
3404
3405 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3406 {
3407 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3408 }
3409
3410 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3411 {
3412 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3413 }
3414
3415 /* XXX: optimize */
3416 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3417 MemTxAttrs attrs, MemTxResult *result)
3418 {
3419 uint8_t v = val;
3420 MemTxResult r;
3421
3422 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3423 if (result) {
3424 *result = r;
3425 }
3426 }
3427
3428 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3429 {
3430 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3431 }
3432
3433 /* warning: addr must be aligned */
3434 static inline void address_space_stw_internal(AddressSpace *as,
3435 hwaddr addr, uint32_t val,
3436 MemTxAttrs attrs,
3437 MemTxResult *result,
3438 enum device_endian endian)
3439 {
3440 uint8_t *ptr;
3441 MemoryRegion *mr;
3442 hwaddr l = 2;
3443 hwaddr addr1;
3444 MemTxResult r;
3445 bool release_lock = false;
3446
3447 rcu_read_lock();
3448 mr = address_space_translate(as, addr, &addr1, &l, true);
3449 if (l < 2 || !memory_access_is_direct(mr, true)) {
3450 release_lock |= prepare_mmio_access(mr);
3451
3452 #if defined(TARGET_WORDS_BIGENDIAN)
3453 if (endian == DEVICE_LITTLE_ENDIAN) {
3454 val = bswap16(val);
3455 }
3456 #else
3457 if (endian == DEVICE_BIG_ENDIAN) {
3458 val = bswap16(val);
3459 }
3460 #endif
3461 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3462 } else {
3463 /* RAM case */
3464 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
3465 switch (endian) {
3466 case DEVICE_LITTLE_ENDIAN:
3467 stw_le_p(ptr, val);
3468 break;
3469 case DEVICE_BIG_ENDIAN:
3470 stw_be_p(ptr, val);
3471 break;
3472 default:
3473 stw_p(ptr, val);
3474 break;
3475 }
3476 invalidate_and_set_dirty(mr, addr1, 2);
3477 r = MEMTX_OK;
3478 }
3479 if (result) {
3480 *result = r;
3481 }
3482 if (release_lock) {
3483 qemu_mutex_unlock_iothread();
3484 }
3485 rcu_read_unlock();
3486 }
3487
3488 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3489 MemTxAttrs attrs, MemTxResult *result)
3490 {
3491 address_space_stw_internal(as, addr, val, attrs, result,
3492 DEVICE_NATIVE_ENDIAN);
3493 }
3494
3495 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3496 MemTxAttrs attrs, MemTxResult *result)
3497 {
3498 address_space_stw_internal(as, addr, val, attrs, result,
3499 DEVICE_LITTLE_ENDIAN);
3500 }
3501
3502 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3503 MemTxAttrs attrs, MemTxResult *result)
3504 {
3505 address_space_stw_internal(as, addr, val, attrs, result,
3506 DEVICE_BIG_ENDIAN);
3507 }
3508
3509 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3510 {
3511 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3512 }
3513
3514 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3515 {
3516 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3517 }
3518
3519 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3520 {
3521 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3522 }
3523
3524 /* XXX: optimize */
3525 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3526 MemTxAttrs attrs, MemTxResult *result)
3527 {
3528 MemTxResult r;
3529 val = tswap64(val);
3530 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3531 if (result) {
3532 *result = r;
3533 }
3534 }
3535
3536 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3537 MemTxAttrs attrs, MemTxResult *result)
3538 {
3539 MemTxResult r;
3540 val = cpu_to_le64(val);
3541 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3542 if (result) {
3543 *result = r;
3544 }
3545 }
3546 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3547 MemTxAttrs attrs, MemTxResult *result)
3548 {
3549 MemTxResult r;
3550 val = cpu_to_be64(val);
3551 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3552 if (result) {
3553 *result = r;
3554 }
3555 }
3556
3557 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3558 {
3559 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3560 }
3561
3562 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3563 {
3564 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3565 }
3566
3567 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3568 {
3569 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3570 }
3571
3572 /* virtual memory access for debug (includes writing to ROM) */
3573 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3574 uint8_t *buf, int len, int is_write)
3575 {
3576 int l;
3577 hwaddr phys_addr;
3578 target_ulong page;
3579
3580 while (len > 0) {
3581 int asidx;
3582 MemTxAttrs attrs;
3583
3584 page = addr & TARGET_PAGE_MASK;
3585 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3586 asidx = cpu_asidx_from_attrs(cpu, attrs);
3587 /* if no physical page mapped, return an error */
3588 if (phys_addr == -1)
3589 return -1;
3590 l = (page + TARGET_PAGE_SIZE) - addr;
3591 if (l > len)
3592 l = len;
3593 phys_addr += (addr & ~TARGET_PAGE_MASK);
3594 if (is_write) {
3595 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3596 phys_addr, buf, l);
3597 } else {
3598 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3599 MEMTXATTRS_UNSPECIFIED,
3600 buf, l, 0);
3601 }
3602 len -= l;
3603 buf += l;
3604 addr += l;
3605 }
3606 return 0;
3607 }
3608
3609 /*
3610 * Allows code that needs to deal with migration bitmaps etc to still be built
3611 * target independent.
3612 */
3613 size_t qemu_target_page_bits(void)
3614 {
3615 return TARGET_PAGE_BITS;
3616 }
3617
3618 #endif
3619
3620 /*
3621 * A helper function for the _utterly broken_ virtio device model to find out if
3622 * it's running on a big endian machine. Don't do this at home kids!
3623 */
3624 bool target_words_bigendian(void);
3625 bool target_words_bigendian(void)
3626 {
3627 #if defined(TARGET_WORDS_BIGENDIAN)
3628 return true;
3629 #else
3630 return false;
3631 #endif
3632 }
3633
3634 #ifndef CONFIG_USER_ONLY
3635 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3636 {
3637 MemoryRegion*mr;
3638 hwaddr l = 1;
3639 bool res;
3640
3641 rcu_read_lock();
3642 mr = address_space_translate(&address_space_memory,
3643 phys_addr, &phys_addr, &l, false);
3644
3645 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3646 rcu_read_unlock();
3647 return res;
3648 }
3649
3650 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3651 {
3652 RAMBlock *block;
3653 int ret = 0;
3654
3655 rcu_read_lock();
3656 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3657 ret = func(block->idstr, block->host, block->offset,
3658 block->used_length, opaque);
3659 if (ret) {
3660 break;
3661 }
3662 }
3663 rcu_read_unlock();
3664 return ret;
3665 }
3666 #endif
QEMU mirror