]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cosmetic changes preparing for the following patches
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #include "hw/qdev.h"
30 #include "qemu/osdep.h"
31 #include "sysemu/kvm.h"
32 #include "sysemu/sysemu.h"
33 #include "hw/xen/xen.h"
34 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "qemu/error-report.h"
37 #include "exec/memory.h"
38 #include "sysemu/dma.h"
39 #include "exec/address-spaces.h"
40 #if defined(CONFIG_USER_ONLY)
41 #include <qemu.h>
42 #else /* !CONFIG_USER_ONLY */
43 #include "sysemu/xen-mapcache.h"
44 #include "trace.h"
45 #endif
46 #include "exec/cpu-all.h"
47
48 #include "exec/cputlb.h"
49 #include "translate-all.h"
50
51 #include "exec/memory-internal.h"
52 #include "exec/ram_addr.h"
53
54 #include "qemu/range.h"
55
56 //#define DEBUG_SUBPAGE
57
58 #if !defined(CONFIG_USER_ONLY)
59 static bool in_migration;
60
61 RAMList ram_list = { .blocks = QTAILQ_HEAD_INITIALIZER(ram_list.blocks) };
62
63 static MemoryRegion *system_memory;
64 static MemoryRegion *system_io;
65
66 AddressSpace address_space_io;
67 AddressSpace address_space_memory;
68
69 MemoryRegion io_mem_rom, io_mem_notdirty;
70 static MemoryRegion io_mem_unassigned;
71
72 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
73 #define RAM_PREALLOC (1 << 0)
74
75 /* RAM is mmap-ed with MAP_SHARED */
76 #define RAM_SHARED (1 << 1)
77
78 /* Only a portion of RAM (used_length) is actually used, and migrated.
79 * This used_length size can change across reboots.
80 */
81 #define RAM_RESIZEABLE (1 << 2)
82
83 #endif
84
85 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
86 /* current CPU in the current thread. It is only valid inside
87 cpu_exec() */
88 DEFINE_TLS(CPUState *, current_cpu);
89 /* 0 = Do not count executed instructions.
90 1 = Precise instruction counting.
91 2 = Adaptive rate instruction counting. */
92 int use_icount;
93
94 #if !defined(CONFIG_USER_ONLY)
95
96 typedef struct PhysPageEntry PhysPageEntry;
97
98 struct PhysPageEntry {
99 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
100 uint32_t skip : 6;
101 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
102 uint32_t ptr : 26;
103 };
104
105 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
106
107 /* Size of the L2 (and L3, etc) page tables. */
108 #define ADDR_SPACE_BITS 64
109
110 #define P_L2_BITS 9
111 #define P_L2_SIZE (1 << P_L2_BITS)
112
113 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
114
115 typedef PhysPageEntry Node[P_L2_SIZE];
116
117 typedef struct PhysPageMap {
118 struct rcu_head rcu;
119
120 unsigned sections_nb;
121 unsigned sections_nb_alloc;
122 unsigned nodes_nb;
123 unsigned nodes_nb_alloc;
124 Node *nodes;
125 MemoryRegionSection *sections;
126 } PhysPageMap;
127
128 struct AddressSpaceDispatch {
129 struct rcu_head rcu;
130
131 /* This is a multi-level map on the physical address space.
132 * The bottom level has pointers to MemoryRegionSections.
133 */
134 PhysPageEntry phys_map;
135 PhysPageMap map;
136 AddressSpace *as;
137 };
138
139 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
140 typedef struct subpage_t {
141 MemoryRegion iomem;
142 AddressSpace *as;
143 hwaddr base;
144 uint16_t sub_section[TARGET_PAGE_SIZE];
145 } subpage_t;
146
147 #define PHYS_SECTION_UNASSIGNED 0
148 #define PHYS_SECTION_NOTDIRTY 1
149 #define PHYS_SECTION_ROM 2
150 #define PHYS_SECTION_WATCH 3
151
152 static void io_mem_init(void);
153 static void memory_map_init(void);
154 static void tcg_commit(MemoryListener *listener);
155
156 static MemoryRegion io_mem_watch;
157 #endif
158
159 #if !defined(CONFIG_USER_ONLY)
160
161 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
162 {
163 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
164 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
165 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
166 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
167 }
168 }
169
170 static uint32_t phys_map_node_alloc(PhysPageMap *map)
171 {
172 unsigned i;
173 uint32_t ret;
174
175 ret = map->nodes_nb++;
176 assert(ret != PHYS_MAP_NODE_NIL);
177 assert(ret != map->nodes_nb_alloc);
178 for (i = 0; i < P_L2_SIZE; ++i) {
179 map->nodes[ret][i].skip = 1;
180 map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL;
181 }
182 return ret;
183 }
184
185 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
186 hwaddr *index, hwaddr *nb, uint16_t leaf,
187 int level)
188 {
189 PhysPageEntry *p;
190 int i;
191 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
192
193 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
194 lp->ptr = phys_map_node_alloc(map);
195 p = map->nodes[lp->ptr];
196 if (level == 0) {
197 for (i = 0; i < P_L2_SIZE; i++) {
198 p[i].skip = 0;
199 p[i].ptr = PHYS_SECTION_UNASSIGNED;
200 }
201 }
202 } else {
203 p = map->nodes[lp->ptr];
204 }
205 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
206
207 while (*nb && lp < &p[P_L2_SIZE]) {
208 if ((*index & (step - 1)) == 0 && *nb >= step) {
209 lp->skip = 0;
210 lp->ptr = leaf;
211 *index += step;
212 *nb -= step;
213 } else {
214 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
215 }
216 ++lp;
217 }
218 }
219
220 static void phys_page_set(AddressSpaceDispatch *d,
221 hwaddr index, hwaddr nb,
222 uint16_t leaf)
223 {
224 /* Wildly overreserve - it doesn't matter much. */
225 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
226
227 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
228 }
229
230 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
231 * and update our entry so we can skip it and go directly to the destination.
232 */
233 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
234 {
235 unsigned valid_ptr = P_L2_SIZE;
236 int valid = 0;
237 PhysPageEntry *p;
238 int i;
239
240 if (lp->ptr == PHYS_MAP_NODE_NIL) {
241 return;
242 }
243
244 p = nodes[lp->ptr];
245 for (i = 0; i < P_L2_SIZE; i++) {
246 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
247 continue;
248 }
249
250 valid_ptr = i;
251 valid++;
252 if (p[i].skip) {
253 phys_page_compact(&p[i], nodes, compacted);
254 }
255 }
256
257 /* We can only compress if there's only one child. */
258 if (valid != 1) {
259 return;
260 }
261
262 assert(valid_ptr < P_L2_SIZE);
263
264 /* Don't compress if it won't fit in the # of bits we have. */
265 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
266 return;
267 }
268
269 lp->ptr = p[valid_ptr].ptr;
270 if (!p[valid_ptr].skip) {
271 /* If our only child is a leaf, make this a leaf. */
272 /* By design, we should have made this node a leaf to begin with so we
273 * should never reach here.
274 * But since it's so simple to handle this, let's do it just in case we
275 * change this rule.
276 */
277 lp->skip = 0;
278 } else {
279 lp->skip += p[valid_ptr].skip;
280 }
281 }
282
283 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
284 {
285 DECLARE_BITMAP(compacted, nodes_nb);
286
287 if (d->phys_map.skip) {
288 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
289 }
290 }
291
292 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
293 Node *nodes, MemoryRegionSection *sections)
294 {
295 PhysPageEntry *p;
296 hwaddr index = addr >> TARGET_PAGE_BITS;
297 int i;
298
299 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
300 if (lp.ptr == PHYS_MAP_NODE_NIL) {
301 return &sections[PHYS_SECTION_UNASSIGNED];
302 }
303 p = nodes[lp.ptr];
304 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
305 }
306
307 if (sections[lp.ptr].size.hi ||
308 range_covers_byte(sections[lp.ptr].offset_within_address_space,
309 sections[lp.ptr].size.lo, addr)) {
310 return &sections[lp.ptr];
311 } else {
312 return &sections[PHYS_SECTION_UNASSIGNED];
313 }
314 }
315
316 bool memory_region_is_unassigned(MemoryRegion *mr)
317 {
318 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
319 && mr != &io_mem_watch;
320 }
321
322 /* Called from RCU critical section */
323 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
324 hwaddr addr,
325 bool resolve_subpage)
326 {
327 MemoryRegionSection *section;
328 subpage_t *subpage;
329
330 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
331 if (resolve_subpage && section->mr->subpage) {
332 subpage = container_of(section->mr, subpage_t, iomem);
333 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
334 }
335 return section;
336 }
337
338 /* Called from RCU critical section */
339 static MemoryRegionSection *
340 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
341 hwaddr *plen, bool resolve_subpage)
342 {
343 MemoryRegionSection *section;
344 Int128 diff;
345
346 section = address_space_lookup_region(d, addr, resolve_subpage);
347 /* Compute offset within MemoryRegionSection */
348 addr -= section->offset_within_address_space;
349
350 /* Compute offset within MemoryRegion */
351 *xlat = addr + section->offset_within_region;
352
353 diff = int128_sub(section->mr->size, int128_make64(addr));
354 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
355 return section;
356 }
357
358 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
359 {
360 if (memory_region_is_ram(mr)) {
361 return !(is_write && mr->readonly);
362 }
363 if (memory_region_is_romd(mr)) {
364 return !is_write;
365 }
366
367 return false;
368 }
369
370 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
371 hwaddr *xlat, hwaddr *plen,
372 bool is_write)
373 {
374 IOMMUTLBEntry iotlb;
375 MemoryRegionSection *section;
376 MemoryRegion *mr;
377 hwaddr len = *plen;
378
379 rcu_read_lock();
380 for (;;) {
381 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
382 section = address_space_translate_internal(d, addr, &addr, plen, true);
383 mr = section->mr;
384
385 if (!mr->iommu_ops) {
386 break;
387 }
388
389 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
390 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
391 | (addr & iotlb.addr_mask));
392 len = MIN(len, (addr | iotlb.addr_mask) - addr + 1);
393 if (!(iotlb.perm & (1 << is_write))) {
394 mr = &io_mem_unassigned;
395 break;
396 }
397
398 as = iotlb.target_as;
399 }
400
401 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
402 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
403 len = MIN(page, len);
404 }
405
406 *plen = len;
407 *xlat = addr;
408 rcu_read_unlock();
409 return mr;
410 }
411
412 /* Called from RCU critical section */
413 MemoryRegionSection *
414 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
415 hwaddr *xlat, hwaddr *plen)
416 {
417 MemoryRegionSection *section;
418 section = address_space_translate_internal(cpu->memory_dispatch,
419 addr, xlat, plen, false);
420
421 assert(!section->mr->iommu_ops);
422 return section;
423 }
424 #endif
425
426 void cpu_exec_init_all(void)
427 {
428 #if !defined(CONFIG_USER_ONLY)
429 qemu_mutex_init(&ram_list.mutex);
430 memory_map_init();
431 io_mem_init();
432 #endif
433 }
434
435 #if !defined(CONFIG_USER_ONLY)
436
437 static int cpu_common_post_load(void *opaque, int version_id)
438 {
439 CPUState *cpu = opaque;
440
441 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
442 version_id is increased. */
443 cpu->interrupt_request &= ~0x01;
444 tlb_flush(cpu, 1);
445
446 return 0;
447 }
448
449 static int cpu_common_pre_load(void *opaque)
450 {
451 CPUState *cpu = opaque;
452
453 cpu->exception_index = -1;
454
455 return 0;
456 }
457
458 static bool cpu_common_exception_index_needed(void *opaque)
459 {
460 CPUState *cpu = opaque;
461
462 return tcg_enabled() && cpu->exception_index != -1;
463 }
464
465 static const VMStateDescription vmstate_cpu_common_exception_index = {
466 .name = "cpu_common/exception_index",
467 .version_id = 1,
468 .minimum_version_id = 1,
469 .fields = (VMStateField[]) {
470 VMSTATE_INT32(exception_index, CPUState),
471 VMSTATE_END_OF_LIST()
472 }
473 };
474
475 const VMStateDescription vmstate_cpu_common = {
476 .name = "cpu_common",
477 .version_id = 1,
478 .minimum_version_id = 1,
479 .pre_load = cpu_common_pre_load,
480 .post_load = cpu_common_post_load,
481 .fields = (VMStateField[]) {
482 VMSTATE_UINT32(halted, CPUState),
483 VMSTATE_UINT32(interrupt_request, CPUState),
484 VMSTATE_END_OF_LIST()
485 },
486 .subsections = (VMStateSubsection[]) {
487 {
488 .vmsd = &vmstate_cpu_common_exception_index,
489 .needed = cpu_common_exception_index_needed,
490 } , {
491 /* empty */
492 }
493 }
494 };
495
496 #endif
497
498 CPUState *qemu_get_cpu(int index)
499 {
500 CPUState *cpu;
501
502 CPU_FOREACH(cpu) {
503 if (cpu->cpu_index == index) {
504 return cpu;
505 }
506 }
507
508 return NULL;
509 }
510
511 #if !defined(CONFIG_USER_ONLY)
512 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
513 {
514 /* We only support one address space per cpu at the moment. */
515 assert(cpu->as == as);
516
517 if (cpu->tcg_as_listener) {
518 memory_listener_unregister(cpu->tcg_as_listener);
519 } else {
520 cpu->tcg_as_listener = g_new0(MemoryListener, 1);
521 }
522 cpu->tcg_as_listener->commit = tcg_commit;
523 memory_listener_register(cpu->tcg_as_listener, as);
524 }
525 #endif
526
527 void cpu_exec_init(CPUArchState *env)
528 {
529 CPUState *cpu = ENV_GET_CPU(env);
530 CPUClass *cc = CPU_GET_CLASS(cpu);
531 CPUState *some_cpu;
532 int cpu_index;
533
534 #if defined(CONFIG_USER_ONLY)
535 cpu_list_lock();
536 #endif
537 cpu_index = 0;
538 CPU_FOREACH(some_cpu) {
539 cpu_index++;
540 }
541 cpu->cpu_index = cpu_index;
542 cpu->numa_node = 0;
543 QTAILQ_INIT(&cpu->breakpoints);
544 QTAILQ_INIT(&cpu->watchpoints);
545 #ifndef CONFIG_USER_ONLY
546 cpu->as = &address_space_memory;
547 cpu->thread_id = qemu_get_thread_id();
548 #endif
549 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
550 #if defined(CONFIG_USER_ONLY)
551 cpu_list_unlock();
552 #endif
553 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
554 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
555 }
556 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
557 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
558 cpu_save, cpu_load, env);
559 assert(cc->vmsd == NULL);
560 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
561 #endif
562 if (cc->vmsd != NULL) {
563 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
564 }
565 }
566
567 #if defined(CONFIG_USER_ONLY)
568 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
569 {
570 tb_invalidate_phys_page_range(pc, pc + 1, 0);
571 }
572 #else
573 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
574 {
575 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
576 if (phys != -1) {
577 tb_invalidate_phys_addr(cpu->as,
578 phys | (pc & ~TARGET_PAGE_MASK));
579 }
580 }
581 #endif
582
583 #if defined(CONFIG_USER_ONLY)
584 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
585
586 {
587 }
588
589 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
590 int flags)
591 {
592 return -ENOSYS;
593 }
594
595 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
596 {
597 }
598
599 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
600 int flags, CPUWatchpoint **watchpoint)
601 {
602 return -ENOSYS;
603 }
604 #else
605 /* Add a watchpoint. */
606 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
607 int flags, CPUWatchpoint **watchpoint)
608 {
609 CPUWatchpoint *wp;
610
611 /* forbid ranges which are empty or run off the end of the address space */
612 if (len == 0 || (addr + len - 1) < addr) {
613 error_report("tried to set invalid watchpoint at %"
614 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
615 return -EINVAL;
616 }
617 wp = g_malloc(sizeof(*wp));
618
619 wp->vaddr = addr;
620 wp->len = len;
621 wp->flags = flags;
622
623 /* keep all GDB-injected watchpoints in front */
624 if (flags & BP_GDB) {
625 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
626 } else {
627 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
628 }
629
630 tlb_flush_page(cpu, addr);
631
632 if (watchpoint)
633 *watchpoint = wp;
634 return 0;
635 }
636
637 /* Remove a specific watchpoint. */
638 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
639 int flags)
640 {
641 CPUWatchpoint *wp;
642
643 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
644 if (addr == wp->vaddr && len == wp->len
645 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
646 cpu_watchpoint_remove_by_ref(cpu, wp);
647 return 0;
648 }
649 }
650 return -ENOENT;
651 }
652
653 /* Remove a specific watchpoint by reference. */
654 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
655 {
656 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
657
658 tlb_flush_page(cpu, watchpoint->vaddr);
659
660 g_free(watchpoint);
661 }
662
663 /* Remove all matching watchpoints. */
664 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
665 {
666 CPUWatchpoint *wp, *next;
667
668 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
669 if (wp->flags & mask) {
670 cpu_watchpoint_remove_by_ref(cpu, wp);
671 }
672 }
673 }
674
675 /* Return true if this watchpoint address matches the specified
676 * access (ie the address range covered by the watchpoint overlaps
677 * partially or completely with the address range covered by the
678 * access).
679 */
680 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
681 vaddr addr,
682 vaddr len)
683 {
684 /* We know the lengths are non-zero, but a little caution is
685 * required to avoid errors in the case where the range ends
686 * exactly at the top of the address space and so addr + len
687 * wraps round to zero.
688 */
689 vaddr wpend = wp->vaddr + wp->len - 1;
690 vaddr addrend = addr + len - 1;
691
692 return !(addr > wpend || wp->vaddr > addrend);
693 }
694
695 #endif
696
697 /* Add a breakpoint. */
698 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
699 CPUBreakpoint **breakpoint)
700 {
701 CPUBreakpoint *bp;
702
703 bp = g_malloc(sizeof(*bp));
704
705 bp->pc = pc;
706 bp->flags = flags;
707
708 /* keep all GDB-injected breakpoints in front */
709 if (flags & BP_GDB) {
710 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
711 } else {
712 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
713 }
714
715 breakpoint_invalidate(cpu, pc);
716
717 if (breakpoint) {
718 *breakpoint = bp;
719 }
720 return 0;
721 }
722
723 /* Remove a specific breakpoint. */
724 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
725 {
726 CPUBreakpoint *bp;
727
728 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
729 if (bp->pc == pc && bp->flags == flags) {
730 cpu_breakpoint_remove_by_ref(cpu, bp);
731 return 0;
732 }
733 }
734 return -ENOENT;
735 }
736
737 /* Remove a specific breakpoint by reference. */
738 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
739 {
740 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
741
742 breakpoint_invalidate(cpu, breakpoint->pc);
743
744 g_free(breakpoint);
745 }
746
747 /* Remove all matching breakpoints. */
748 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
749 {
750 CPUBreakpoint *bp, *next;
751
752 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
753 if (bp->flags & mask) {
754 cpu_breakpoint_remove_by_ref(cpu, bp);
755 }
756 }
757 }
758
759 /* enable or disable single step mode. EXCP_DEBUG is returned by the
760 CPU loop after each instruction */
761 void cpu_single_step(CPUState *cpu, int enabled)
762 {
763 if (cpu->singlestep_enabled != enabled) {
764 cpu->singlestep_enabled = enabled;
765 if (kvm_enabled()) {
766 kvm_update_guest_debug(cpu, 0);
767 } else {
768 /* must flush all the translated code to avoid inconsistencies */
769 /* XXX: only flush what is necessary */
770 CPUArchState *env = cpu->env_ptr;
771 tb_flush(env);
772 }
773 }
774 }
775
776 void cpu_abort(CPUState *cpu, const char *fmt, ...)
777 {
778 va_list ap;
779 va_list ap2;
780
781 va_start(ap, fmt);
782 va_copy(ap2, ap);
783 fprintf(stderr, "qemu: fatal: ");
784 vfprintf(stderr, fmt, ap);
785 fprintf(stderr, "\n");
786 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
787 if (qemu_log_enabled()) {
788 qemu_log("qemu: fatal: ");
789 qemu_log_vprintf(fmt, ap2);
790 qemu_log("\n");
791 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
792 qemu_log_flush();
793 qemu_log_close();
794 }
795 va_end(ap2);
796 va_end(ap);
797 #if defined(CONFIG_USER_ONLY)
798 {
799 struct sigaction act;
800 sigfillset(&act.sa_mask);
801 act.sa_handler = SIG_DFL;
802 sigaction(SIGABRT, &act, NULL);
803 }
804 #endif
805 abort();
806 }
807
808 #if !defined(CONFIG_USER_ONLY)
809 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
810 {
811 RAMBlock *block;
812
813 /* The list is protected by the iothread lock here. */
814 block = atomic_rcu_read(&ram_list.mru_block);
815 if (block && addr - block->offset < block->max_length) {
816 goto found;
817 }
818 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
819 if (addr - block->offset < block->max_length) {
820 goto found;
821 }
822 }
823
824 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
825 abort();
826
827 found:
828 /* It is safe to write mru_block outside the iothread lock. This
829 * is what happens:
830 *
831 * mru_block = xxx
832 * rcu_read_unlock()
833 * xxx removed from list
834 * rcu_read_lock()
835 * read mru_block
836 * mru_block = NULL;
837 * call_rcu(reclaim_ramblock, xxx);
838 * rcu_read_unlock()
839 *
840 * atomic_rcu_set is not needed here. The block was already published
841 * when it was placed into the list. Here we're just making an extra
842 * copy of the pointer.
843 */
844 ram_list.mru_block = block;
845 return block;
846 }
847
848 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
849 {
850 ram_addr_t start1;
851 RAMBlock *block;
852 ram_addr_t end;
853
854 end = TARGET_PAGE_ALIGN(start + length);
855 start &= TARGET_PAGE_MASK;
856
857 block = qemu_get_ram_block(start);
858 assert(block == qemu_get_ram_block(end - 1));
859 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
860 cpu_tlb_reset_dirty_all(start1, length);
861 }
862
863 /* Note: start and end must be within the same ram block. */
864 void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t length,
865 unsigned client)
866 {
867 if (length == 0)
868 return;
869 cpu_physical_memory_clear_dirty_range_type(start, length, client);
870
871 if (tcg_enabled()) {
872 tlb_reset_dirty_range_all(start, length);
873 }
874 }
875
876 static void cpu_physical_memory_set_dirty_tracking(bool enable)
877 {
878 in_migration = enable;
879 }
880
881 /* Called from RCU critical section */
882 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
883 MemoryRegionSection *section,
884 target_ulong vaddr,
885 hwaddr paddr, hwaddr xlat,
886 int prot,
887 target_ulong *address)
888 {
889 hwaddr iotlb;
890 CPUWatchpoint *wp;
891
892 if (memory_region_is_ram(section->mr)) {
893 /* Normal RAM. */
894 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
895 + xlat;
896 if (!section->readonly) {
897 iotlb |= PHYS_SECTION_NOTDIRTY;
898 } else {
899 iotlb |= PHYS_SECTION_ROM;
900 }
901 } else {
902 iotlb = section - section->address_space->dispatch->map.sections;
903 iotlb += xlat;
904 }
905
906 /* Make accesses to pages with watchpoints go via the
907 watchpoint trap routines. */
908 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
909 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
910 /* Avoid trapping reads of pages with a write breakpoint. */
911 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
912 iotlb = PHYS_SECTION_WATCH + paddr;
913 *address |= TLB_MMIO;
914 break;
915 }
916 }
917 }
918
919 return iotlb;
920 }
921 #endif /* defined(CONFIG_USER_ONLY) */
922
923 #if !defined(CONFIG_USER_ONLY)
924
925 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
926 uint16_t section);
927 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
928
929 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
930 qemu_anon_ram_alloc;
931
932 /*
933 * Set a custom physical guest memory alloator.
934 * Accelerators with unusual needs may need this. Hopefully, we can
935 * get rid of it eventually.
936 */
937 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
938 {
939 phys_mem_alloc = alloc;
940 }
941
942 static uint16_t phys_section_add(PhysPageMap *map,
943 MemoryRegionSection *section)
944 {
945 /* The physical section number is ORed with a page-aligned
946 * pointer to produce the iotlb entries. Thus it should
947 * never overflow into the page-aligned value.
948 */
949 assert(map->sections_nb < TARGET_PAGE_SIZE);
950
951 if (map->sections_nb == map->sections_nb_alloc) {
952 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
953 map->sections = g_renew(MemoryRegionSection, map->sections,
954 map->sections_nb_alloc);
955 }
956 map->sections[map->sections_nb] = *section;
957 memory_region_ref(section->mr);
958 return map->sections_nb++;
959 }
960
961 static void phys_section_destroy(MemoryRegion *mr)
962 {
963 memory_region_unref(mr);
964
965 if (mr->subpage) {
966 subpage_t *subpage = container_of(mr, subpage_t, iomem);
967 object_unref(OBJECT(&subpage->iomem));
968 g_free(subpage);
969 }
970 }
971
972 static void phys_sections_free(PhysPageMap *map)
973 {
974 while (map->sections_nb > 0) {
975 MemoryRegionSection *section = &map->sections[--map->sections_nb];
976 phys_section_destroy(section->mr);
977 }
978 g_free(map->sections);
979 g_free(map->nodes);
980 }
981
982 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
983 {
984 subpage_t *subpage;
985 hwaddr base = section->offset_within_address_space
986 & TARGET_PAGE_MASK;
987 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
988 d->map.nodes, d->map.sections);
989 MemoryRegionSection subsection = {
990 .offset_within_address_space = base,
991 .size = int128_make64(TARGET_PAGE_SIZE),
992 };
993 hwaddr start, end;
994
995 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
996
997 if (!(existing->mr->subpage)) {
998 subpage = subpage_init(d->as, base);
999 subsection.address_space = d->as;
1000 subsection.mr = &subpage->iomem;
1001 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1002 phys_section_add(&d->map, &subsection));
1003 } else {
1004 subpage = container_of(existing->mr, subpage_t, iomem);
1005 }
1006 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1007 end = start + int128_get64(section->size) - 1;
1008 subpage_register(subpage, start, end,
1009 phys_section_add(&d->map, section));
1010 }
1011
1012
1013 static void register_multipage(AddressSpaceDispatch *d,
1014 MemoryRegionSection *section)
1015 {
1016 hwaddr start_addr = section->offset_within_address_space;
1017 uint16_t section_index = phys_section_add(&d->map, section);
1018 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1019 TARGET_PAGE_BITS));
1020
1021 assert(num_pages);
1022 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1023 }
1024
1025 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1026 {
1027 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1028 AddressSpaceDispatch *d = as->next_dispatch;
1029 MemoryRegionSection now = *section, remain = *section;
1030 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1031
1032 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1033 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1034 - now.offset_within_address_space;
1035
1036 now.size = int128_min(int128_make64(left), now.size);
1037 register_subpage(d, &now);
1038 } else {
1039 now.size = int128_zero();
1040 }
1041 while (int128_ne(remain.size, now.size)) {
1042 remain.size = int128_sub(remain.size, now.size);
1043 remain.offset_within_address_space += int128_get64(now.size);
1044 remain.offset_within_region += int128_get64(now.size);
1045 now = remain;
1046 if (int128_lt(remain.size, page_size)) {
1047 register_subpage(d, &now);
1048 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1049 now.size = page_size;
1050 register_subpage(d, &now);
1051 } else {
1052 now.size = int128_and(now.size, int128_neg(page_size));
1053 register_multipage(d, &now);
1054 }
1055 }
1056 }
1057
1058 void qemu_flush_coalesced_mmio_buffer(void)
1059 {
1060 if (kvm_enabled())
1061 kvm_flush_coalesced_mmio_buffer();
1062 }
1063
1064 void qemu_mutex_lock_ramlist(void)
1065 {
1066 qemu_mutex_lock(&ram_list.mutex);
1067 }
1068
1069 void qemu_mutex_unlock_ramlist(void)
1070 {
1071 qemu_mutex_unlock(&ram_list.mutex);
1072 }
1073
1074 #ifdef __linux__
1075
1076 #include <sys/vfs.h>
1077
1078 #define HUGETLBFS_MAGIC 0x958458f6
1079
1080 static long gethugepagesize(const char *path, Error **errp)
1081 {
1082 struct statfs fs;
1083 int ret;
1084
1085 do {
1086 ret = statfs(path, &fs);
1087 } while (ret != 0 && errno == EINTR);
1088
1089 if (ret != 0) {
1090 error_setg_errno(errp, errno, "failed to get page size of file %s",
1091 path);
1092 return 0;
1093 }
1094
1095 if (fs.f_type != HUGETLBFS_MAGIC)
1096 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1097
1098 return fs.f_bsize;
1099 }
1100
1101 static void *file_ram_alloc(RAMBlock *block,
1102 ram_addr_t memory,
1103 const char *path,
1104 Error **errp)
1105 {
1106 char *filename;
1107 char *sanitized_name;
1108 char *c;
1109 void *area = NULL;
1110 int fd;
1111 uint64_t hpagesize;
1112 Error *local_err = NULL;
1113
1114 hpagesize = gethugepagesize(path, &local_err);
1115 if (local_err) {
1116 error_propagate(errp, local_err);
1117 goto error;
1118 }
1119 block->mr->align = hpagesize;
1120
1121 if (memory < hpagesize) {
1122 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1123 "or larger than huge page size 0x%" PRIx64,
1124 memory, hpagesize);
1125 goto error;
1126 }
1127
1128 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1129 error_setg(errp,
1130 "host lacks kvm mmu notifiers, -mem-path unsupported");
1131 goto error;
1132 }
1133
1134 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1135 sanitized_name = g_strdup(memory_region_name(block->mr));
1136 for (c = sanitized_name; *c != '\0'; c++) {
1137 if (*c == '/')
1138 *c = '_';
1139 }
1140
1141 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1142 sanitized_name);
1143 g_free(sanitized_name);
1144
1145 fd = mkstemp(filename);
1146 if (fd < 0) {
1147 error_setg_errno(errp, errno,
1148 "unable to create backing store for hugepages");
1149 g_free(filename);
1150 goto error;
1151 }
1152 unlink(filename);
1153 g_free(filename);
1154
1155 memory = (memory+hpagesize-1) & ~(hpagesize-1);
1156
1157 /*
1158 * ftruncate is not supported by hugetlbfs in older
1159 * hosts, so don't bother bailing out on errors.
1160 * If anything goes wrong with it under other filesystems,
1161 * mmap will fail.
1162 */
1163 if (ftruncate(fd, memory)) {
1164 perror("ftruncate");
1165 }
1166
1167 area = mmap(0, memory, PROT_READ | PROT_WRITE,
1168 (block->flags & RAM_SHARED ? MAP_SHARED : MAP_PRIVATE),
1169 fd, 0);
1170 if (area == MAP_FAILED) {
1171 error_setg_errno(errp, errno,
1172 "unable to map backing store for hugepages");
1173 close(fd);
1174 goto error;
1175 }
1176
1177 if (mem_prealloc) {
1178 os_mem_prealloc(fd, area, memory);
1179 }
1180
1181 block->fd = fd;
1182 return area;
1183
1184 error:
1185 if (mem_prealloc) {
1186 error_report("%s\n", error_get_pretty(*errp));
1187 exit(1);
1188 }
1189 return NULL;
1190 }
1191 #endif
1192
1193 static ram_addr_t find_ram_offset(ram_addr_t size)
1194 {
1195 RAMBlock *block, *next_block;
1196 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1197
1198 assert(size != 0); /* it would hand out same offset multiple times */
1199
1200 if (QTAILQ_EMPTY(&ram_list.blocks))
1201 return 0;
1202
1203 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1204 ram_addr_t end, next = RAM_ADDR_MAX;
1205
1206 end = block->offset + block->max_length;
1207
1208 QTAILQ_FOREACH(next_block, &ram_list.blocks, next) {
1209 if (next_block->offset >= end) {
1210 next = MIN(next, next_block->offset);
1211 }
1212 }
1213 if (next - end >= size && next - end < mingap) {
1214 offset = end;
1215 mingap = next - end;
1216 }
1217 }
1218
1219 if (offset == RAM_ADDR_MAX) {
1220 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1221 (uint64_t)size);
1222 abort();
1223 }
1224
1225 return offset;
1226 }
1227
1228 ram_addr_t last_ram_offset(void)
1229 {
1230 RAMBlock *block;
1231 ram_addr_t last = 0;
1232
1233 QTAILQ_FOREACH(block, &ram_list.blocks, next)
1234 last = MAX(last, block->offset + block->max_length);
1235
1236 return last;
1237 }
1238
1239 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1240 {
1241 int ret;
1242
1243 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1244 if (!qemu_opt_get_bool(qemu_get_machine_opts(),
1245 "dump-guest-core", true)) {
1246 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1247 if (ret) {
1248 perror("qemu_madvise");
1249 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1250 "but dump_guest_core=off specified\n");
1251 }
1252 }
1253 }
1254
1255 static RAMBlock *find_ram_block(ram_addr_t addr)
1256 {
1257 RAMBlock *block;
1258
1259 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1260 if (block->offset == addr) {
1261 return block;
1262 }
1263 }
1264
1265 return NULL;
1266 }
1267
1268 /* Called with iothread lock held. */
1269 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1270 {
1271 RAMBlock *new_block, *block;
1272
1273 new_block = find_ram_block(addr);
1274 assert(new_block);
1275 assert(!new_block->idstr[0]);
1276
1277 if (dev) {
1278 char *id = qdev_get_dev_path(dev);
1279 if (id) {
1280 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1281 g_free(id);
1282 }
1283 }
1284 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1285
1286 qemu_mutex_lock_ramlist();
1287 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1288 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1289 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1290 new_block->idstr);
1291 abort();
1292 }
1293 }
1294 qemu_mutex_unlock_ramlist();
1295 }
1296
1297 /* Called with iothread lock held. */
1298 void qemu_ram_unset_idstr(ram_addr_t addr)
1299 {
1300 RAMBlock *block;
1301
1302 /* FIXME: arch_init.c assumes that this is not called throughout
1303 * migration. Ignore the problem since hot-unplug during migration
1304 * does not work anyway.
1305 */
1306
1307 block = find_ram_block(addr);
1308 if (block) {
1309 memset(block->idstr, 0, sizeof(block->idstr));
1310 }
1311 }
1312
1313 static int memory_try_enable_merging(void *addr, size_t len)
1314 {
1315 if (!qemu_opt_get_bool(qemu_get_machine_opts(), "mem-merge", true)) {
1316 /* disabled by the user */
1317 return 0;
1318 }
1319
1320 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1321 }
1322
1323 /* Only legal before guest might have detected the memory size: e.g. on
1324 * incoming migration, or right after reset.
1325 *
1326 * As memory core doesn't know how is memory accessed, it is up to
1327 * resize callback to update device state and/or add assertions to detect
1328 * misuse, if necessary.
1329 */
1330 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1331 {
1332 RAMBlock *block = find_ram_block(base);
1333
1334 assert(block);
1335
1336 if (block->used_length == newsize) {
1337 return 0;
1338 }
1339
1340 if (!(block->flags & RAM_RESIZEABLE)) {
1341 error_setg_errno(errp, EINVAL,
1342 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1343 " in != 0x" RAM_ADDR_FMT, block->idstr,
1344 newsize, block->used_length);
1345 return -EINVAL;
1346 }
1347
1348 if (block->max_length < newsize) {
1349 error_setg_errno(errp, EINVAL,
1350 "Length too large: %s: 0x" RAM_ADDR_FMT
1351 " > 0x" RAM_ADDR_FMT, block->idstr,
1352 newsize, block->max_length);
1353 return -EINVAL;
1354 }
1355
1356 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1357 block->used_length = newsize;
1358 cpu_physical_memory_set_dirty_range(block->offset, block->used_length);
1359 memory_region_set_size(block->mr, newsize);
1360 if (block->resized) {
1361 block->resized(block->idstr, newsize, block->host);
1362 }
1363 return 0;
1364 }
1365
1366 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1367 {
1368 RAMBlock *block;
1369 ram_addr_t old_ram_size, new_ram_size;
1370
1371 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1372
1373 /* This assumes the iothread lock is taken here too. */
1374 qemu_mutex_lock_ramlist();
1375 new_block->offset = find_ram_offset(new_block->max_length);
1376
1377 if (!new_block->host) {
1378 if (xen_enabled()) {
1379 xen_ram_alloc(new_block->offset, new_block->max_length,
1380 new_block->mr);
1381 } else {
1382 new_block->host = phys_mem_alloc(new_block->max_length,
1383 &new_block->mr->align);
1384 if (!new_block->host) {
1385 error_setg_errno(errp, errno,
1386 "cannot set up guest memory '%s'",
1387 memory_region_name(new_block->mr));
1388 qemu_mutex_unlock_ramlist();
1389 return -1;
1390 }
1391 memory_try_enable_merging(new_block->host, new_block->max_length);
1392 }
1393 }
1394
1395 /* Keep the list sorted from biggest to smallest block. */
1396 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1397 if (block->max_length < new_block->max_length) {
1398 break;
1399 }
1400 }
1401 if (block) {
1402 QTAILQ_INSERT_BEFORE(block, new_block, next);
1403 } else {
1404 QTAILQ_INSERT_TAIL(&ram_list.blocks, new_block, next);
1405 }
1406 ram_list.mru_block = NULL;
1407
1408 ram_list.version++;
1409 qemu_mutex_unlock_ramlist();
1410
1411 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1412
1413 if (new_ram_size > old_ram_size) {
1414 int i;
1415
1416 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1417 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1418 ram_list.dirty_memory[i] =
1419 bitmap_zero_extend(ram_list.dirty_memory[i],
1420 old_ram_size, new_ram_size);
1421 }
1422 }
1423 cpu_physical_memory_set_dirty_range(new_block->offset,
1424 new_block->used_length);
1425
1426 if (new_block->host) {
1427 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1428 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1429 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1430 if (kvm_enabled()) {
1431 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1432 }
1433 }
1434
1435 return new_block->offset;
1436 }
1437
1438 #ifdef __linux__
1439 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1440 bool share, const char *mem_path,
1441 Error **errp)
1442 {
1443 RAMBlock *new_block;
1444 ram_addr_t addr;
1445 Error *local_err = NULL;
1446
1447 if (xen_enabled()) {
1448 error_setg(errp, "-mem-path not supported with Xen");
1449 return -1;
1450 }
1451
1452 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1453 /*
1454 * file_ram_alloc() needs to allocate just like
1455 * phys_mem_alloc, but we haven't bothered to provide
1456 * a hook there.
1457 */
1458 error_setg(errp,
1459 "-mem-path not supported with this accelerator");
1460 return -1;
1461 }
1462
1463 size = TARGET_PAGE_ALIGN(size);
1464 new_block = g_malloc0(sizeof(*new_block));
1465 new_block->mr = mr;
1466 new_block->used_length = size;
1467 new_block->max_length = size;
1468 new_block->flags = share ? RAM_SHARED : 0;
1469 new_block->host = file_ram_alloc(new_block, size,
1470 mem_path, errp);
1471 if (!new_block->host) {
1472 g_free(new_block);
1473 return -1;
1474 }
1475
1476 addr = ram_block_add(new_block, &local_err);
1477 if (local_err) {
1478 g_free(new_block);
1479 error_propagate(errp, local_err);
1480 return -1;
1481 }
1482 return addr;
1483 }
1484 #endif
1485
1486 static
1487 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1488 void (*resized)(const char*,
1489 uint64_t length,
1490 void *host),
1491 void *host, bool resizeable,
1492 MemoryRegion *mr, Error **errp)
1493 {
1494 RAMBlock *new_block;
1495 ram_addr_t addr;
1496 Error *local_err = NULL;
1497
1498 size = TARGET_PAGE_ALIGN(size);
1499 max_size = TARGET_PAGE_ALIGN(max_size);
1500 new_block = g_malloc0(sizeof(*new_block));
1501 new_block->mr = mr;
1502 new_block->resized = resized;
1503 new_block->used_length = size;
1504 new_block->max_length = max_size;
1505 assert(max_size >= size);
1506 new_block->fd = -1;
1507 new_block->host = host;
1508 if (host) {
1509 new_block->flags |= RAM_PREALLOC;
1510 }
1511 if (resizeable) {
1512 new_block->flags |= RAM_RESIZEABLE;
1513 }
1514 addr = ram_block_add(new_block, &local_err);
1515 if (local_err) {
1516 g_free(new_block);
1517 error_propagate(errp, local_err);
1518 return -1;
1519 }
1520 return addr;
1521 }
1522
1523 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1524 MemoryRegion *mr, Error **errp)
1525 {
1526 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1527 }
1528
1529 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1530 {
1531 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1532 }
1533
1534 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1535 void (*resized)(const char*,
1536 uint64_t length,
1537 void *host),
1538 MemoryRegion *mr, Error **errp)
1539 {
1540 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1541 }
1542
1543 void qemu_ram_free_from_ptr(ram_addr_t addr)
1544 {
1545 RAMBlock *block;
1546
1547 /* This assumes the iothread lock is taken here too. */
1548 qemu_mutex_lock_ramlist();
1549 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1550 if (addr == block->offset) {
1551 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1552 ram_list.mru_block = NULL;
1553 ram_list.version++;
1554 g_free_rcu(block, rcu);
1555 break;
1556 }
1557 }
1558 qemu_mutex_unlock_ramlist();
1559 }
1560
1561 static void reclaim_ramblock(RAMBlock *block)
1562 {
1563 if (block->flags & RAM_PREALLOC) {
1564 ;
1565 } else if (xen_enabled()) {
1566 xen_invalidate_map_cache_entry(block->host);
1567 #ifndef _WIN32
1568 } else if (block->fd >= 0) {
1569 munmap(block->host, block->max_length);
1570 close(block->fd);
1571 #endif
1572 } else {
1573 qemu_anon_ram_free(block->host, block->max_length);
1574 }
1575 g_free(block);
1576 }
1577
1578 /* Called with the iothread lock held */
1579 void qemu_ram_free(ram_addr_t addr)
1580 {
1581 RAMBlock *block;
1582
1583 /* This assumes the iothread lock is taken here too. */
1584 qemu_mutex_lock_ramlist();
1585 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1586 if (addr == block->offset) {
1587 QTAILQ_REMOVE(&ram_list.blocks, block, next);
1588 ram_list.mru_block = NULL;
1589 ram_list.version++;
1590 call_rcu(block, reclaim_ramblock, rcu);
1591 break;
1592 }
1593 }
1594 qemu_mutex_unlock_ramlist();
1595 }
1596
1597 #ifndef _WIN32
1598 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1599 {
1600 RAMBlock *block;
1601 ram_addr_t offset;
1602 int flags;
1603 void *area, *vaddr;
1604
1605 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1606 offset = addr - block->offset;
1607 if (offset < block->max_length) {
1608 vaddr = ramblock_ptr(block, offset);
1609 if (block->flags & RAM_PREALLOC) {
1610 ;
1611 } else if (xen_enabled()) {
1612 abort();
1613 } else {
1614 flags = MAP_FIXED;
1615 munmap(vaddr, length);
1616 if (block->fd >= 0) {
1617 flags |= (block->flags & RAM_SHARED ?
1618 MAP_SHARED : MAP_PRIVATE);
1619 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1620 flags, block->fd, offset);
1621 } else {
1622 /*
1623 * Remap needs to match alloc. Accelerators that
1624 * set phys_mem_alloc never remap. If they did,
1625 * we'd need a remap hook here.
1626 */
1627 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1628
1629 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1630 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1631 flags, -1, 0);
1632 }
1633 if (area != vaddr) {
1634 fprintf(stderr, "Could not remap addr: "
1635 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1636 length, addr);
1637 exit(1);
1638 }
1639 memory_try_enable_merging(vaddr, length);
1640 qemu_ram_setup_dump(vaddr, length);
1641 }
1642 }
1643 }
1644 }
1645 #endif /* !_WIN32 */
1646
1647 int qemu_get_ram_fd(ram_addr_t addr)
1648 {
1649 RAMBlock *block;
1650 int fd;
1651
1652 block = qemu_get_ram_block(addr);
1653 fd = block->fd;
1654 return fd;
1655 }
1656
1657 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1658 {
1659 RAMBlock *block;
1660 void *ptr;
1661
1662 block = qemu_get_ram_block(addr);
1663 ptr = ramblock_ptr(block, 0);
1664 return ptr;
1665 }
1666
1667 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1668 * This should not be used for general purpose DMA. Use address_space_map
1669 * or address_space_rw instead. For local memory (e.g. video ram) that the
1670 * device owns, use memory_region_get_ram_ptr.
1671 */
1672 void *qemu_get_ram_ptr(ram_addr_t addr)
1673 {
1674 RAMBlock *block;
1675 void *ptr;
1676
1677 block = qemu_get_ram_block(addr);
1678
1679 if (xen_enabled() && block->host == NULL) {
1680 /* We need to check if the requested address is in the RAM
1681 * because we don't want to map the entire memory in QEMU.
1682 * In that case just map until the end of the page.
1683 */
1684 if (block->offset == 0) {
1685 ptr = xen_map_cache(addr, 0, 0);
1686 goto done;
1687 }
1688
1689 block->host = xen_map_cache(block->offset, block->max_length, 1);
1690 }
1691 ptr = ramblock_ptr(block, addr - block->offset);
1692
1693 done:
1694 return ptr;
1695 }
1696
1697 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1698 * but takes a size argument.
1699 */
1700 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1701 {
1702 void *ptr;
1703 if (*size == 0) {
1704 return NULL;
1705 }
1706 if (xen_enabled()) {
1707 return xen_map_cache(addr, *size, 1);
1708 } else {
1709 RAMBlock *block;
1710 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1711 if (addr - block->offset < block->max_length) {
1712 if (addr - block->offset + *size > block->max_length)
1713 *size = block->max_length - addr + block->offset;
1714 ptr = ramblock_ptr(block, addr - block->offset);
1715 return ptr;
1716 }
1717 }
1718
1719 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1720 abort();
1721 }
1722 }
1723
1724 /* Some of the softmmu routines need to translate from a host pointer
1725 * (typically a TLB entry) back to a ram offset.
1726 *
1727 * By the time this function returns, the returned pointer is not protected
1728 * by RCU anymore. If the caller is not within an RCU critical section and
1729 * does not hold the iothread lock, it must have other means of protecting the
1730 * pointer, such as a reference to the region that includes the incoming
1731 * ram_addr_t.
1732 */
1733 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1734 {
1735 RAMBlock *block;
1736 uint8_t *host = ptr;
1737 MemoryRegion *mr;
1738
1739 if (xen_enabled()) {
1740 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1741 mr = qemu_get_ram_block(*ram_addr)->mr;
1742 return mr;
1743 }
1744
1745 block = ram_list.mru_block;
1746 if (block && block->host && host - block->host < block->max_length) {
1747 goto found;
1748 }
1749
1750 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
1751 /* This case append when the block is not mapped. */
1752 if (block->host == NULL) {
1753 continue;
1754 }
1755 if (host - block->host < block->max_length) {
1756 goto found;
1757 }
1758 }
1759
1760 return NULL;
1761
1762 found:
1763 *ram_addr = block->offset + (host - block->host);
1764 mr = block->mr;
1765 return mr;
1766 }
1767
1768 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1769 uint64_t val, unsigned size)
1770 {
1771 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1772 tb_invalidate_phys_page_fast(ram_addr, size);
1773 }
1774 switch (size) {
1775 case 1:
1776 stb_p(qemu_get_ram_ptr(ram_addr), val);
1777 break;
1778 case 2:
1779 stw_p(qemu_get_ram_ptr(ram_addr), val);
1780 break;
1781 case 4:
1782 stl_p(qemu_get_ram_ptr(ram_addr), val);
1783 break;
1784 default:
1785 abort();
1786 }
1787 cpu_physical_memory_set_dirty_range_nocode(ram_addr, size);
1788 /* we remove the notdirty callback only if the code has been
1789 flushed */
1790 if (!cpu_physical_memory_is_clean(ram_addr)) {
1791 CPUArchState *env = current_cpu->env_ptr;
1792 tlb_set_dirty(env, current_cpu->mem_io_vaddr);
1793 }
1794 }
1795
1796 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1797 unsigned size, bool is_write)
1798 {
1799 return is_write;
1800 }
1801
1802 static const MemoryRegionOps notdirty_mem_ops = {
1803 .write = notdirty_mem_write,
1804 .valid.accepts = notdirty_mem_accepts,
1805 .endianness = DEVICE_NATIVE_ENDIAN,
1806 };
1807
1808 /* Generate a debug exception if a watchpoint has been hit. */
1809 static void check_watchpoint(int offset, int len, int flags)
1810 {
1811 CPUState *cpu = current_cpu;
1812 CPUArchState *env = cpu->env_ptr;
1813 target_ulong pc, cs_base;
1814 target_ulong vaddr;
1815 CPUWatchpoint *wp;
1816 int cpu_flags;
1817
1818 if (cpu->watchpoint_hit) {
1819 /* We re-entered the check after replacing the TB. Now raise
1820 * the debug interrupt so that is will trigger after the
1821 * current instruction. */
1822 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1823 return;
1824 }
1825 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1826 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1827 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1828 && (wp->flags & flags)) {
1829 if (flags == BP_MEM_READ) {
1830 wp->flags |= BP_WATCHPOINT_HIT_READ;
1831 } else {
1832 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1833 }
1834 wp->hitaddr = vaddr;
1835 if (!cpu->watchpoint_hit) {
1836 cpu->watchpoint_hit = wp;
1837 tb_check_watchpoint(cpu);
1838 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1839 cpu->exception_index = EXCP_DEBUG;
1840 cpu_loop_exit(cpu);
1841 } else {
1842 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
1843 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
1844 cpu_resume_from_signal(cpu, NULL);
1845 }
1846 }
1847 } else {
1848 wp->flags &= ~BP_WATCHPOINT_HIT;
1849 }
1850 }
1851 }
1852
1853 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
1854 so these check for a hit then pass through to the normal out-of-line
1855 phys routines. */
1856 static uint64_t watch_mem_read(void *opaque, hwaddr addr,
1857 unsigned size)
1858 {
1859 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_READ);
1860 switch (size) {
1861 case 1: return ldub_phys(&address_space_memory, addr);
1862 case 2: return lduw_phys(&address_space_memory, addr);
1863 case 4: return ldl_phys(&address_space_memory, addr);
1864 default: abort();
1865 }
1866 }
1867
1868 static void watch_mem_write(void *opaque, hwaddr addr,
1869 uint64_t val, unsigned size)
1870 {
1871 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, BP_MEM_WRITE);
1872 switch (size) {
1873 case 1:
1874 stb_phys(&address_space_memory, addr, val);
1875 break;
1876 case 2:
1877 stw_phys(&address_space_memory, addr, val);
1878 break;
1879 case 4:
1880 stl_phys(&address_space_memory, addr, val);
1881 break;
1882 default: abort();
1883 }
1884 }
1885
1886 static const MemoryRegionOps watch_mem_ops = {
1887 .read = watch_mem_read,
1888 .write = watch_mem_write,
1889 .endianness = DEVICE_NATIVE_ENDIAN,
1890 };
1891
1892 static uint64_t subpage_read(void *opaque, hwaddr addr,
1893 unsigned len)
1894 {
1895 subpage_t *subpage = opaque;
1896 uint8_t buf[8];
1897
1898 #if defined(DEBUG_SUBPAGE)
1899 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
1900 subpage, len, addr);
1901 #endif
1902 address_space_read(subpage->as, addr + subpage->base, buf, len);
1903 switch (len) {
1904 case 1:
1905 return ldub_p(buf);
1906 case 2:
1907 return lduw_p(buf);
1908 case 4:
1909 return ldl_p(buf);
1910 case 8:
1911 return ldq_p(buf);
1912 default:
1913 abort();
1914 }
1915 }
1916
1917 static void subpage_write(void *opaque, hwaddr addr,
1918 uint64_t value, unsigned len)
1919 {
1920 subpage_t *subpage = opaque;
1921 uint8_t buf[8];
1922
1923 #if defined(DEBUG_SUBPAGE)
1924 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
1925 " value %"PRIx64"\n",
1926 __func__, subpage, len, addr, value);
1927 #endif
1928 switch (len) {
1929 case 1:
1930 stb_p(buf, value);
1931 break;
1932 case 2:
1933 stw_p(buf, value);
1934 break;
1935 case 4:
1936 stl_p(buf, value);
1937 break;
1938 case 8:
1939 stq_p(buf, value);
1940 break;
1941 default:
1942 abort();
1943 }
1944 address_space_write(subpage->as, addr + subpage->base, buf, len);
1945 }
1946
1947 static bool subpage_accepts(void *opaque, hwaddr addr,
1948 unsigned len, bool is_write)
1949 {
1950 subpage_t *subpage = opaque;
1951 #if defined(DEBUG_SUBPAGE)
1952 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
1953 __func__, subpage, is_write ? 'w' : 'r', len, addr);
1954 #endif
1955
1956 return address_space_access_valid(subpage->as, addr + subpage->base,
1957 len, is_write);
1958 }
1959
1960 static const MemoryRegionOps subpage_ops = {
1961 .read = subpage_read,
1962 .write = subpage_write,
1963 .impl.min_access_size = 1,
1964 .impl.max_access_size = 8,
1965 .valid.min_access_size = 1,
1966 .valid.max_access_size = 8,
1967 .valid.accepts = subpage_accepts,
1968 .endianness = DEVICE_NATIVE_ENDIAN,
1969 };
1970
1971 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1972 uint16_t section)
1973 {
1974 int idx, eidx;
1975
1976 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
1977 return -1;
1978 idx = SUBPAGE_IDX(start);
1979 eidx = SUBPAGE_IDX(end);
1980 #if defined(DEBUG_SUBPAGE)
1981 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
1982 __func__, mmio, start, end, idx, eidx, section);
1983 #endif
1984 for (; idx <= eidx; idx++) {
1985 mmio->sub_section[idx] = section;
1986 }
1987
1988 return 0;
1989 }
1990
1991 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
1992 {
1993 subpage_t *mmio;
1994
1995 mmio = g_malloc0(sizeof(subpage_t));
1996
1997 mmio->as = as;
1998 mmio->base = base;
1999 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2000 NULL, TARGET_PAGE_SIZE);
2001 mmio->iomem.subpage = true;
2002 #if defined(DEBUG_SUBPAGE)
2003 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2004 mmio, base, TARGET_PAGE_SIZE);
2005 #endif
2006 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2007
2008 return mmio;
2009 }
2010
2011 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2012 MemoryRegion *mr)
2013 {
2014 assert(as);
2015 MemoryRegionSection section = {
2016 .address_space = as,
2017 .mr = mr,
2018 .offset_within_address_space = 0,
2019 .offset_within_region = 0,
2020 .size = int128_2_64(),
2021 };
2022
2023 return phys_section_add(map, &section);
2024 }
2025
2026 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2027 {
2028 AddressSpaceDispatch *d = atomic_rcu_read(&cpu->memory_dispatch);
2029 MemoryRegionSection *sections = d->map.sections;
2030
2031 return sections[index & ~TARGET_PAGE_MASK].mr;
2032 }
2033
2034 static void io_mem_init(void)
2035 {
2036 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2037 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2038 NULL, UINT64_MAX);
2039 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2040 NULL, UINT64_MAX);
2041 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2042 NULL, UINT64_MAX);
2043 }
2044
2045 static void mem_begin(MemoryListener *listener)
2046 {
2047 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2048 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2049 uint16_t n;
2050
2051 n = dummy_section(&d->map, as, &io_mem_unassigned);
2052 assert(n == PHYS_SECTION_UNASSIGNED);
2053 n = dummy_section(&d->map, as, &io_mem_notdirty);
2054 assert(n == PHYS_SECTION_NOTDIRTY);
2055 n = dummy_section(&d->map, as, &io_mem_rom);
2056 assert(n == PHYS_SECTION_ROM);
2057 n = dummy_section(&d->map, as, &io_mem_watch);
2058 assert(n == PHYS_SECTION_WATCH);
2059
2060 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2061 d->as = as;
2062 as->next_dispatch = d;
2063 }
2064
2065 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2066 {
2067 phys_sections_free(&d->map);
2068 g_free(d);
2069 }
2070
2071 static void mem_commit(MemoryListener *listener)
2072 {
2073 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2074 AddressSpaceDispatch *cur = as->dispatch;
2075 AddressSpaceDispatch *next = as->next_dispatch;
2076
2077 phys_page_compact_all(next, next->map.nodes_nb);
2078
2079 atomic_rcu_set(&as->dispatch, next);
2080 if (cur) {
2081 call_rcu(cur, address_space_dispatch_free, rcu);
2082 }
2083 }
2084
2085 static void tcg_commit(MemoryListener *listener)
2086 {
2087 CPUState *cpu;
2088
2089 /* since each CPU stores ram addresses in its TLB cache, we must
2090 reset the modified entries */
2091 /* XXX: slow ! */
2092 CPU_FOREACH(cpu) {
2093 /* FIXME: Disentangle the cpu.h circular files deps so we can
2094 directly get the right CPU from listener. */
2095 if (cpu->tcg_as_listener != listener) {
2096 continue;
2097 }
2098 cpu_reload_memory_map(cpu);
2099 }
2100 }
2101
2102 static void core_log_global_start(MemoryListener *listener)
2103 {
2104 cpu_physical_memory_set_dirty_tracking(true);
2105 }
2106
2107 static void core_log_global_stop(MemoryListener *listener)
2108 {
2109 cpu_physical_memory_set_dirty_tracking(false);
2110 }
2111
2112 static MemoryListener core_memory_listener = {
2113 .log_global_start = core_log_global_start,
2114 .log_global_stop = core_log_global_stop,
2115 .priority = 1,
2116 };
2117
2118 void address_space_init_dispatch(AddressSpace *as)
2119 {
2120 as->dispatch = NULL;
2121 as->dispatch_listener = (MemoryListener) {
2122 .begin = mem_begin,
2123 .commit = mem_commit,
2124 .region_add = mem_add,
2125 .region_nop = mem_add,
2126 .priority = 0,
2127 };
2128 memory_listener_register(&as->dispatch_listener, as);
2129 }
2130
2131 void address_space_unregister(AddressSpace *as)
2132 {
2133 memory_listener_unregister(&as->dispatch_listener);
2134 }
2135
2136 void address_space_destroy_dispatch(AddressSpace *as)
2137 {
2138 AddressSpaceDispatch *d = as->dispatch;
2139
2140 atomic_rcu_set(&as->dispatch, NULL);
2141 if (d) {
2142 call_rcu(d, address_space_dispatch_free, rcu);
2143 }
2144 }
2145
2146 static void memory_map_init(void)
2147 {
2148 system_memory = g_malloc(sizeof(*system_memory));
2149
2150 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2151 address_space_init(&address_space_memory, system_memory, "memory");
2152
2153 system_io = g_malloc(sizeof(*system_io));
2154 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2155 65536);
2156 address_space_init(&address_space_io, system_io, "I/O");
2157
2158 memory_listener_register(&core_memory_listener, &address_space_memory);
2159 }
2160
2161 MemoryRegion *get_system_memory(void)
2162 {
2163 return system_memory;
2164 }
2165
2166 MemoryRegion *get_system_io(void)
2167 {
2168 return system_io;
2169 }
2170
2171 #endif /* !defined(CONFIG_USER_ONLY) */
2172
2173 /* physical memory access (slow version, mainly for debug) */
2174 #if defined(CONFIG_USER_ONLY)
2175 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2176 uint8_t *buf, int len, int is_write)
2177 {
2178 int l, flags;
2179 target_ulong page;
2180 void * p;
2181
2182 while (len > 0) {
2183 page = addr & TARGET_PAGE_MASK;
2184 l = (page + TARGET_PAGE_SIZE) - addr;
2185 if (l > len)
2186 l = len;
2187 flags = page_get_flags(page);
2188 if (!(flags & PAGE_VALID))
2189 return -1;
2190 if (is_write) {
2191 if (!(flags & PAGE_WRITE))
2192 return -1;
2193 /* XXX: this code should not depend on lock_user */
2194 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2195 return -1;
2196 memcpy(p, buf, l);
2197 unlock_user(p, addr, l);
2198 } else {
2199 if (!(flags & PAGE_READ))
2200 return -1;
2201 /* XXX: this code should not depend on lock_user */
2202 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2203 return -1;
2204 memcpy(buf, p, l);
2205 unlock_user(p, addr, 0);
2206 }
2207 len -= l;
2208 buf += l;
2209 addr += l;
2210 }
2211 return 0;
2212 }
2213
2214 #else
2215
2216 static void invalidate_and_set_dirty(hwaddr addr,
2217 hwaddr length)
2218 {
2219 if (cpu_physical_memory_range_includes_clean(addr, length)) {
2220 tb_invalidate_phys_range(addr, addr + length, 0);
2221 cpu_physical_memory_set_dirty_range_nocode(addr, length);
2222 }
2223 xen_modified_memory(addr, length);
2224 }
2225
2226 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2227 {
2228 unsigned access_size_max = mr->ops->valid.max_access_size;
2229
2230 /* Regions are assumed to support 1-4 byte accesses unless
2231 otherwise specified. */
2232 if (access_size_max == 0) {
2233 access_size_max = 4;
2234 }
2235
2236 /* Bound the maximum access by the alignment of the address. */
2237 if (!mr->ops->impl.unaligned) {
2238 unsigned align_size_max = addr & -addr;
2239 if (align_size_max != 0 && align_size_max < access_size_max) {
2240 access_size_max = align_size_max;
2241 }
2242 }
2243
2244 /* Don't attempt accesses larger than the maximum. */
2245 if (l > access_size_max) {
2246 l = access_size_max;
2247 }
2248 if (l & (l - 1)) {
2249 l = 1 << (qemu_fls(l) - 1);
2250 }
2251
2252 return l;
2253 }
2254
2255 bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf,
2256 int len, bool is_write)
2257 {
2258 hwaddr l;
2259 uint8_t *ptr;
2260 uint64_t val;
2261 hwaddr addr1;
2262 MemoryRegion *mr;
2263 bool error = false;
2264
2265 while (len > 0) {
2266 l = len;
2267 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2268
2269 if (is_write) {
2270 if (!memory_access_is_direct(mr, is_write)) {
2271 l = memory_access_size(mr, l, addr1);
2272 /* XXX: could force current_cpu to NULL to avoid
2273 potential bugs */
2274 switch (l) {
2275 case 8:
2276 /* 64 bit write access */
2277 val = ldq_p(buf);
2278 error |= io_mem_write(mr, addr1, val, 8);
2279 break;
2280 case 4:
2281 /* 32 bit write access */
2282 val = ldl_p(buf);
2283 error |= io_mem_write(mr, addr1, val, 4);
2284 break;
2285 case 2:
2286 /* 16 bit write access */
2287 val = lduw_p(buf);
2288 error |= io_mem_write(mr, addr1, val, 2);
2289 break;
2290 case 1:
2291 /* 8 bit write access */
2292 val = ldub_p(buf);
2293 error |= io_mem_write(mr, addr1, val, 1);
2294 break;
2295 default:
2296 abort();
2297 }
2298 } else {
2299 addr1 += memory_region_get_ram_addr(mr);
2300 /* RAM case */
2301 ptr = qemu_get_ram_ptr(addr1);
2302 memcpy(ptr, buf, l);
2303 invalidate_and_set_dirty(addr1, l);
2304 }
2305 } else {
2306 if (!memory_access_is_direct(mr, is_write)) {
2307 /* I/O case */
2308 l = memory_access_size(mr, l, addr1);
2309 switch (l) {
2310 case 8:
2311 /* 64 bit read access */
2312 error |= io_mem_read(mr, addr1, &val, 8);
2313 stq_p(buf, val);
2314 break;
2315 case 4:
2316 /* 32 bit read access */
2317 error |= io_mem_read(mr, addr1, &val, 4);
2318 stl_p(buf, val);
2319 break;
2320 case 2:
2321 /* 16 bit read access */
2322 error |= io_mem_read(mr, addr1, &val, 2);
2323 stw_p(buf, val);
2324 break;
2325 case 1:
2326 /* 8 bit read access */
2327 error |= io_mem_read(mr, addr1, &val, 1);
2328 stb_p(buf, val);
2329 break;
2330 default:
2331 abort();
2332 }
2333 } else {
2334 /* RAM case */
2335 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2336 memcpy(buf, ptr, l);
2337 }
2338 }
2339 len -= l;
2340 buf += l;
2341 addr += l;
2342 }
2343
2344 return error;
2345 }
2346
2347 bool address_space_write(AddressSpace *as, hwaddr addr,
2348 const uint8_t *buf, int len)
2349 {
2350 return address_space_rw(as, addr, (uint8_t *)buf, len, true);
2351 }
2352
2353 bool address_space_read(AddressSpace *as, hwaddr addr, uint8_t *buf, int len)
2354 {
2355 return address_space_rw(as, addr, buf, len, false);
2356 }
2357
2358
2359 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2360 int len, int is_write)
2361 {
2362 address_space_rw(&address_space_memory, addr, buf, len, is_write);
2363 }
2364
2365 enum write_rom_type {
2366 WRITE_DATA,
2367 FLUSH_CACHE,
2368 };
2369
2370 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2371 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2372 {
2373 hwaddr l;
2374 uint8_t *ptr;
2375 hwaddr addr1;
2376 MemoryRegion *mr;
2377
2378 while (len > 0) {
2379 l = len;
2380 mr = address_space_translate(as, addr, &addr1, &l, true);
2381
2382 if (!(memory_region_is_ram(mr) ||
2383 memory_region_is_romd(mr))) {
2384 /* do nothing */
2385 } else {
2386 addr1 += memory_region_get_ram_addr(mr);
2387 /* ROM/RAM case */
2388 ptr = qemu_get_ram_ptr(addr1);
2389 switch (type) {
2390 case WRITE_DATA:
2391 memcpy(ptr, buf, l);
2392 invalidate_and_set_dirty(addr1, l);
2393 break;
2394 case FLUSH_CACHE:
2395 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2396 break;
2397 }
2398 }
2399 len -= l;
2400 buf += l;
2401 addr += l;
2402 }
2403 }
2404
2405 /* used for ROM loading : can write in RAM and ROM */
2406 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2407 const uint8_t *buf, int len)
2408 {
2409 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2410 }
2411
2412 void cpu_flush_icache_range(hwaddr start, int len)
2413 {
2414 /*
2415 * This function should do the same thing as an icache flush that was
2416 * triggered from within the guest. For TCG we are always cache coherent,
2417 * so there is no need to flush anything. For KVM / Xen we need to flush
2418 * the host's instruction cache at least.
2419 */
2420 if (tcg_enabled()) {
2421 return;
2422 }
2423
2424 cpu_physical_memory_write_rom_internal(&address_space_memory,
2425 start, NULL, len, FLUSH_CACHE);
2426 }
2427
2428 typedef struct {
2429 MemoryRegion *mr;
2430 void *buffer;
2431 hwaddr addr;
2432 hwaddr len;
2433 } BounceBuffer;
2434
2435 static BounceBuffer bounce;
2436
2437 typedef struct MapClient {
2438 void *opaque;
2439 void (*callback)(void *opaque);
2440 QLIST_ENTRY(MapClient) link;
2441 } MapClient;
2442
2443 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2444 = QLIST_HEAD_INITIALIZER(map_client_list);
2445
2446 void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
2447 {
2448 MapClient *client = g_malloc(sizeof(*client));
2449
2450 client->opaque = opaque;
2451 client->callback = callback;
2452 QLIST_INSERT_HEAD(&map_client_list, client, link);
2453 return client;
2454 }
2455
2456 static void cpu_unregister_map_client(void *_client)
2457 {
2458 MapClient *client = (MapClient *)_client;
2459
2460 QLIST_REMOVE(client, link);
2461 g_free(client);
2462 }
2463
2464 static void cpu_notify_map_clients(void)
2465 {
2466 MapClient *client;
2467
2468 while (!QLIST_EMPTY(&map_client_list)) {
2469 client = QLIST_FIRST(&map_client_list);
2470 client->callback(client->opaque);
2471 cpu_unregister_map_client(client);
2472 }
2473 }
2474
2475 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2476 {
2477 MemoryRegion *mr;
2478 hwaddr l, xlat;
2479
2480 while (len > 0) {
2481 l = len;
2482 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2483 if (!memory_access_is_direct(mr, is_write)) {
2484 l = memory_access_size(mr, l, addr);
2485 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2486 return false;
2487 }
2488 }
2489
2490 len -= l;
2491 addr += l;
2492 }
2493 return true;
2494 }
2495
2496 /* Map a physical memory region into a host virtual address.
2497 * May map a subset of the requested range, given by and returned in *plen.
2498 * May return NULL if resources needed to perform the mapping are exhausted.
2499 * Use only for reads OR writes - not for read-modify-write operations.
2500 * Use cpu_register_map_client() to know when retrying the map operation is
2501 * likely to succeed.
2502 */
2503 void *address_space_map(AddressSpace *as,
2504 hwaddr addr,
2505 hwaddr *plen,
2506 bool is_write)
2507 {
2508 hwaddr len = *plen;
2509 hwaddr done = 0;
2510 hwaddr l, xlat, base;
2511 MemoryRegion *mr, *this_mr;
2512 ram_addr_t raddr;
2513
2514 if (len == 0) {
2515 return NULL;
2516 }
2517
2518 l = len;
2519 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2520 if (!memory_access_is_direct(mr, is_write)) {
2521 if (bounce.buffer) {
2522 return NULL;
2523 }
2524 /* Avoid unbounded allocations */
2525 l = MIN(l, TARGET_PAGE_SIZE);
2526 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2527 bounce.addr = addr;
2528 bounce.len = l;
2529
2530 memory_region_ref(mr);
2531 bounce.mr = mr;
2532 if (!is_write) {
2533 address_space_read(as, addr, bounce.buffer, l);
2534 }
2535
2536 *plen = l;
2537 return bounce.buffer;
2538 }
2539
2540 base = xlat;
2541 raddr = memory_region_get_ram_addr(mr);
2542
2543 for (;;) {
2544 len -= l;
2545 addr += l;
2546 done += l;
2547 if (len == 0) {
2548 break;
2549 }
2550
2551 l = len;
2552 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2553 if (this_mr != mr || xlat != base + done) {
2554 break;
2555 }
2556 }
2557
2558 memory_region_ref(mr);
2559 *plen = done;
2560 return qemu_ram_ptr_length(raddr + base, plen);
2561 }
2562
2563 /* Unmaps a memory region previously mapped by address_space_map().
2564 * Will also mark the memory as dirty if is_write == 1. access_len gives
2565 * the amount of memory that was actually read or written by the caller.
2566 */
2567 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2568 int is_write, hwaddr access_len)
2569 {
2570 if (buffer != bounce.buffer) {
2571 MemoryRegion *mr;
2572 ram_addr_t addr1;
2573
2574 mr = qemu_ram_addr_from_host(buffer, &addr1);
2575 assert(mr != NULL);
2576 if (is_write) {
2577 invalidate_and_set_dirty(addr1, access_len);
2578 }
2579 if (xen_enabled()) {
2580 xen_invalidate_map_cache_entry(buffer);
2581 }
2582 memory_region_unref(mr);
2583 return;
2584 }
2585 if (is_write) {
2586 address_space_write(as, bounce.addr, bounce.buffer, access_len);
2587 }
2588 qemu_vfree(bounce.buffer);
2589 bounce.buffer = NULL;
2590 memory_region_unref(bounce.mr);
2591 cpu_notify_map_clients();
2592 }
2593
2594 void *cpu_physical_memory_map(hwaddr addr,
2595 hwaddr *plen,
2596 int is_write)
2597 {
2598 return address_space_map(&address_space_memory, addr, plen, is_write);
2599 }
2600
2601 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2602 int is_write, hwaddr access_len)
2603 {
2604 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2605 }
2606
2607 /* warning: addr must be aligned */
2608 static inline uint32_t ldl_phys_internal(AddressSpace *as, hwaddr addr,
2609 enum device_endian endian)
2610 {
2611 uint8_t *ptr;
2612 uint64_t val;
2613 MemoryRegion *mr;
2614 hwaddr l = 4;
2615 hwaddr addr1;
2616
2617 mr = address_space_translate(as, addr, &addr1, &l, false);
2618 if (l < 4 || !memory_access_is_direct(mr, false)) {
2619 /* I/O case */
2620 io_mem_read(mr, addr1, &val, 4);
2621 #if defined(TARGET_WORDS_BIGENDIAN)
2622 if (endian == DEVICE_LITTLE_ENDIAN) {
2623 val = bswap32(val);
2624 }
2625 #else
2626 if (endian == DEVICE_BIG_ENDIAN) {
2627 val = bswap32(val);
2628 }
2629 #endif
2630 } else {
2631 /* RAM case */
2632 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2633 & TARGET_PAGE_MASK)
2634 + addr1);
2635 switch (endian) {
2636 case DEVICE_LITTLE_ENDIAN:
2637 val = ldl_le_p(ptr);
2638 break;
2639 case DEVICE_BIG_ENDIAN:
2640 val = ldl_be_p(ptr);
2641 break;
2642 default:
2643 val = ldl_p(ptr);
2644 break;
2645 }
2646 }
2647 return val;
2648 }
2649
2650 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2651 {
2652 return ldl_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2653 }
2654
2655 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2656 {
2657 return ldl_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2658 }
2659
2660 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2661 {
2662 return ldl_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2663 }
2664
2665 /* warning: addr must be aligned */
2666 static inline uint64_t ldq_phys_internal(AddressSpace *as, hwaddr addr,
2667 enum device_endian endian)
2668 {
2669 uint8_t *ptr;
2670 uint64_t val;
2671 MemoryRegion *mr;
2672 hwaddr l = 8;
2673 hwaddr addr1;
2674
2675 mr = address_space_translate(as, addr, &addr1, &l,
2676 false);
2677 if (l < 8 || !memory_access_is_direct(mr, false)) {
2678 /* I/O case */
2679 io_mem_read(mr, addr1, &val, 8);
2680 #if defined(TARGET_WORDS_BIGENDIAN)
2681 if (endian == DEVICE_LITTLE_ENDIAN) {
2682 val = bswap64(val);
2683 }
2684 #else
2685 if (endian == DEVICE_BIG_ENDIAN) {
2686 val = bswap64(val);
2687 }
2688 #endif
2689 } else {
2690 /* RAM case */
2691 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2692 & TARGET_PAGE_MASK)
2693 + addr1);
2694 switch (endian) {
2695 case DEVICE_LITTLE_ENDIAN:
2696 val = ldq_le_p(ptr);
2697 break;
2698 case DEVICE_BIG_ENDIAN:
2699 val = ldq_be_p(ptr);
2700 break;
2701 default:
2702 val = ldq_p(ptr);
2703 break;
2704 }
2705 }
2706 return val;
2707 }
2708
2709 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
2710 {
2711 return ldq_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2712 }
2713
2714 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
2715 {
2716 return ldq_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2717 }
2718
2719 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
2720 {
2721 return ldq_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2722 }
2723
2724 /* XXX: optimize */
2725 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
2726 {
2727 uint8_t val;
2728 address_space_rw(as, addr, &val, 1, 0);
2729 return val;
2730 }
2731
2732 /* warning: addr must be aligned */
2733 static inline uint32_t lduw_phys_internal(AddressSpace *as, hwaddr addr,
2734 enum device_endian endian)
2735 {
2736 uint8_t *ptr;
2737 uint64_t val;
2738 MemoryRegion *mr;
2739 hwaddr l = 2;
2740 hwaddr addr1;
2741
2742 mr = address_space_translate(as, addr, &addr1, &l,
2743 false);
2744 if (l < 2 || !memory_access_is_direct(mr, false)) {
2745 /* I/O case */
2746 io_mem_read(mr, addr1, &val, 2);
2747 #if defined(TARGET_WORDS_BIGENDIAN)
2748 if (endian == DEVICE_LITTLE_ENDIAN) {
2749 val = bswap16(val);
2750 }
2751 #else
2752 if (endian == DEVICE_BIG_ENDIAN) {
2753 val = bswap16(val);
2754 }
2755 #endif
2756 } else {
2757 /* RAM case */
2758 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2759 & TARGET_PAGE_MASK)
2760 + addr1);
2761 switch (endian) {
2762 case DEVICE_LITTLE_ENDIAN:
2763 val = lduw_le_p(ptr);
2764 break;
2765 case DEVICE_BIG_ENDIAN:
2766 val = lduw_be_p(ptr);
2767 break;
2768 default:
2769 val = lduw_p(ptr);
2770 break;
2771 }
2772 }
2773 return val;
2774 }
2775
2776 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
2777 {
2778 return lduw_phys_internal(as, addr, DEVICE_NATIVE_ENDIAN);
2779 }
2780
2781 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
2782 {
2783 return lduw_phys_internal(as, addr, DEVICE_LITTLE_ENDIAN);
2784 }
2785
2786 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
2787 {
2788 return lduw_phys_internal(as, addr, DEVICE_BIG_ENDIAN);
2789 }
2790
2791 /* warning: addr must be aligned. The ram page is not masked as dirty
2792 and the code inside is not invalidated. It is useful if the dirty
2793 bits are used to track modified PTEs */
2794 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
2795 {
2796 uint8_t *ptr;
2797 MemoryRegion *mr;
2798 hwaddr l = 4;
2799 hwaddr addr1;
2800
2801 mr = address_space_translate(as, addr, &addr1, &l,
2802 true);
2803 if (l < 4 || !memory_access_is_direct(mr, true)) {
2804 io_mem_write(mr, addr1, val, 4);
2805 } else {
2806 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2807 ptr = qemu_get_ram_ptr(addr1);
2808 stl_p(ptr, val);
2809
2810 if (unlikely(in_migration)) {
2811 if (cpu_physical_memory_is_clean(addr1)) {
2812 /* invalidate code */
2813 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
2814 /* set dirty bit */
2815 cpu_physical_memory_set_dirty_range_nocode(addr1, 4);
2816 }
2817 }
2818 }
2819 }
2820
2821 /* warning: addr must be aligned */
2822 static inline void stl_phys_internal(AddressSpace *as,
2823 hwaddr addr, uint32_t val,
2824 enum device_endian endian)
2825 {
2826 uint8_t *ptr;
2827 MemoryRegion *mr;
2828 hwaddr l = 4;
2829 hwaddr addr1;
2830
2831 mr = address_space_translate(as, addr, &addr1, &l,
2832 true);
2833 if (l < 4 || !memory_access_is_direct(mr, true)) {
2834 #if defined(TARGET_WORDS_BIGENDIAN)
2835 if (endian == DEVICE_LITTLE_ENDIAN) {
2836 val = bswap32(val);
2837 }
2838 #else
2839 if (endian == DEVICE_BIG_ENDIAN) {
2840 val = bswap32(val);
2841 }
2842 #endif
2843 io_mem_write(mr, addr1, val, 4);
2844 } else {
2845 /* RAM case */
2846 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2847 ptr = qemu_get_ram_ptr(addr1);
2848 switch (endian) {
2849 case DEVICE_LITTLE_ENDIAN:
2850 stl_le_p(ptr, val);
2851 break;
2852 case DEVICE_BIG_ENDIAN:
2853 stl_be_p(ptr, val);
2854 break;
2855 default:
2856 stl_p(ptr, val);
2857 break;
2858 }
2859 invalidate_and_set_dirty(addr1, 4);
2860 }
2861 }
2862
2863 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2864 {
2865 stl_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2866 }
2867
2868 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2869 {
2870 stl_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2871 }
2872
2873 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2874 {
2875 stl_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2876 }
2877
2878 /* XXX: optimize */
2879 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2880 {
2881 uint8_t v = val;
2882 address_space_rw(as, addr, &v, 1, 1);
2883 }
2884
2885 /* warning: addr must be aligned */
2886 static inline void stw_phys_internal(AddressSpace *as,
2887 hwaddr addr, uint32_t val,
2888 enum device_endian endian)
2889 {
2890 uint8_t *ptr;
2891 MemoryRegion *mr;
2892 hwaddr l = 2;
2893 hwaddr addr1;
2894
2895 mr = address_space_translate(as, addr, &addr1, &l, true);
2896 if (l < 2 || !memory_access_is_direct(mr, true)) {
2897 #if defined(TARGET_WORDS_BIGENDIAN)
2898 if (endian == DEVICE_LITTLE_ENDIAN) {
2899 val = bswap16(val);
2900 }
2901 #else
2902 if (endian == DEVICE_BIG_ENDIAN) {
2903 val = bswap16(val);
2904 }
2905 #endif
2906 io_mem_write(mr, addr1, val, 2);
2907 } else {
2908 /* RAM case */
2909 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
2910 ptr = qemu_get_ram_ptr(addr1);
2911 switch (endian) {
2912 case DEVICE_LITTLE_ENDIAN:
2913 stw_le_p(ptr, val);
2914 break;
2915 case DEVICE_BIG_ENDIAN:
2916 stw_be_p(ptr, val);
2917 break;
2918 default:
2919 stw_p(ptr, val);
2920 break;
2921 }
2922 invalidate_and_set_dirty(addr1, 2);
2923 }
2924 }
2925
2926 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2927 {
2928 stw_phys_internal(as, addr, val, DEVICE_NATIVE_ENDIAN);
2929 }
2930
2931 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2932 {
2933 stw_phys_internal(as, addr, val, DEVICE_LITTLE_ENDIAN);
2934 }
2935
2936 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
2937 {
2938 stw_phys_internal(as, addr, val, DEVICE_BIG_ENDIAN);
2939 }
2940
2941 /* XXX: optimize */
2942 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2943 {
2944 val = tswap64(val);
2945 address_space_rw(as, addr, (void *) &val, 8, 1);
2946 }
2947
2948 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2949 {
2950 val = cpu_to_le64(val);
2951 address_space_rw(as, addr, (void *) &val, 8, 1);
2952 }
2953
2954 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
2955 {
2956 val = cpu_to_be64(val);
2957 address_space_rw(as, addr, (void *) &val, 8, 1);
2958 }
2959
2960 /* virtual memory access for debug (includes writing to ROM) */
2961 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2962 uint8_t *buf, int len, int is_write)
2963 {
2964 int l;
2965 hwaddr phys_addr;
2966 target_ulong page;
2967
2968 while (len > 0) {
2969 page = addr & TARGET_PAGE_MASK;
2970 phys_addr = cpu_get_phys_page_debug(cpu, page);
2971 /* if no physical page mapped, return an error */
2972 if (phys_addr == -1)
2973 return -1;
2974 l = (page + TARGET_PAGE_SIZE) - addr;
2975 if (l > len)
2976 l = len;
2977 phys_addr += (addr & ~TARGET_PAGE_MASK);
2978 if (is_write) {
2979 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
2980 } else {
2981 address_space_rw(cpu->as, phys_addr, buf, l, 0);
2982 }
2983 len -= l;
2984 buf += l;
2985 addr += l;
2986 }
2987 return 0;
2988 }
2989 #endif
2990
2991 /*
2992 * A helper function for the _utterly broken_ virtio device model to find out if
2993 * it's running on a big endian machine. Don't do this at home kids!
2994 */
2995 bool target_words_bigendian(void);
2996 bool target_words_bigendian(void)
2997 {
2998 #if defined(TARGET_WORDS_BIGENDIAN)
2999 return true;
3000 #else
3001 return false;
3002 #endif
3003 }
3004
3005 #ifndef CONFIG_USER_ONLY
3006 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3007 {
3008 MemoryRegion*mr;
3009 hwaddr l = 1;
3010
3011 mr = address_space_translate(&address_space_memory,
3012 phys_addr, &phys_addr, &l, false);
3013
3014 return !(memory_region_is_ram(mr) ||
3015 memory_region_is_romd(mr));
3016 }
3017
3018 void qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3019 {
3020 RAMBlock *block;
3021
3022 QTAILQ_FOREACH(block, &ram_list.blocks, next) {
3023 func(block->host, block->offset, block->used_length, opaque);
3024 }
3025 }
3026 #endif
QEMU mirror