]> git.proxmox.com Git - mirror_qemu.git/blob - exec.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
[mirror_qemu.git] / exec.c
1 /*
2 * Virtual page mapping
3 *
4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 */
19 #include "config.h"
20 #ifndef _WIN32
21 #include <sys/types.h>
22 #include <sys/mman.h>
23 #endif
24
25 #include "qemu-common.h"
26 #include "cpu.h"
27 #include "tcg.h"
28 #include "hw/hw.h"
29 #if !defined(CONFIG_USER_ONLY)
30 #include "hw/boards.h"
31 #endif
32 #include "hw/qdev.h"
33 #include "qemu/osdep.h"
34 #include "sysemu/kvm.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/xen/xen.h"
37 #include "qemu/timer.h"
38 #include "qemu/config-file.h"
39 #include "qemu/error-report.h"
40 #include "exec/memory.h"
41 #include "sysemu/dma.h"
42 #include "exec/address-spaces.h"
43 #if defined(CONFIG_USER_ONLY)
44 #include <qemu.h>
45 #else /* !CONFIG_USER_ONLY */
46 #include "sysemu/xen-mapcache.h"
47 #include "trace.h"
48 #endif
49 #include "exec/cpu-all.h"
50 #include "qemu/rcu_queue.h"
51 #include "qemu/main-loop.h"
52 #include "translate-all.h"
53
54 #include "exec/memory-internal.h"
55 #include "exec/ram_addr.h"
56
57 #include "qemu/range.h"
58 #ifndef _WIN32
59 #include "qemu/mmap-alloc.h"
60 #endif
61
62 //#define DEBUG_SUBPAGE
63
64 #if !defined(CONFIG_USER_ONLY)
65 /* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
66 * are protected by the ramlist lock.
67 */
68 RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
69
70 static MemoryRegion *system_memory;
71 static MemoryRegion *system_io;
72
73 AddressSpace address_space_io;
74 AddressSpace address_space_memory;
75
76 MemoryRegion io_mem_rom, io_mem_notdirty;
77 static MemoryRegion io_mem_unassigned;
78
79 /* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
80 #define RAM_PREALLOC (1 << 0)
81
82 /* RAM is mmap-ed with MAP_SHARED */
83 #define RAM_SHARED (1 << 1)
84
85 /* Only a portion of RAM (used_length) is actually used, and migrated.
86 * This used_length size can change across reboots.
87 */
88 #define RAM_RESIZEABLE (1 << 2)
89
90 /* RAM is backed by an mmapped file.
91 */
92 #define RAM_FILE (1 << 3)
93 #endif
94
95 struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
96 /* current CPU in the current thread. It is only valid inside
97 cpu_exec() */
98 __thread CPUState *current_cpu;
99 /* 0 = Do not count executed instructions.
100 1 = Precise instruction counting.
101 2 = Adaptive rate instruction counting. */
102 int use_icount;
103
104 #if !defined(CONFIG_USER_ONLY)
105
106 typedef struct PhysPageEntry PhysPageEntry;
107
108 struct PhysPageEntry {
109 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
110 uint32_t skip : 6;
111 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
112 uint32_t ptr : 26;
113 };
114
115 #define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
116
117 /* Size of the L2 (and L3, etc) page tables. */
118 #define ADDR_SPACE_BITS 64
119
120 #define P_L2_BITS 9
121 #define P_L2_SIZE (1 << P_L2_BITS)
122
123 #define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
124
125 typedef PhysPageEntry Node[P_L2_SIZE];
126
127 typedef struct PhysPageMap {
128 struct rcu_head rcu;
129
130 unsigned sections_nb;
131 unsigned sections_nb_alloc;
132 unsigned nodes_nb;
133 unsigned nodes_nb_alloc;
134 Node *nodes;
135 MemoryRegionSection *sections;
136 } PhysPageMap;
137
138 struct AddressSpaceDispatch {
139 struct rcu_head rcu;
140
141 /* This is a multi-level map on the physical address space.
142 * The bottom level has pointers to MemoryRegionSections.
143 */
144 PhysPageEntry phys_map;
145 PhysPageMap map;
146 AddressSpace *as;
147 };
148
149 #define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
150 typedef struct subpage_t {
151 MemoryRegion iomem;
152 AddressSpace *as;
153 hwaddr base;
154 uint16_t sub_section[TARGET_PAGE_SIZE];
155 } subpage_t;
156
157 #define PHYS_SECTION_UNASSIGNED 0
158 #define PHYS_SECTION_NOTDIRTY 1
159 #define PHYS_SECTION_ROM 2
160 #define PHYS_SECTION_WATCH 3
161
162 static void io_mem_init(void);
163 static void memory_map_init(void);
164 static void tcg_commit(MemoryListener *listener);
165
166 static MemoryRegion io_mem_watch;
167
168 /**
169 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
170 * @cpu: the CPU whose AddressSpace this is
171 * @as: the AddressSpace itself
172 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
173 * @tcg_as_listener: listener for tracking changes to the AddressSpace
174 */
175 struct CPUAddressSpace {
176 CPUState *cpu;
177 AddressSpace *as;
178 struct AddressSpaceDispatch *memory_dispatch;
179 MemoryListener tcg_as_listener;
180 };
181
182 #endif
183
184 #if !defined(CONFIG_USER_ONLY)
185
186 static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
187 {
188 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
189 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16);
190 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
191 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
192 }
193 }
194
195 static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
196 {
197 unsigned i;
198 uint32_t ret;
199 PhysPageEntry e;
200 PhysPageEntry *p;
201
202 ret = map->nodes_nb++;
203 p = map->nodes[ret];
204 assert(ret != PHYS_MAP_NODE_NIL);
205 assert(ret != map->nodes_nb_alloc);
206
207 e.skip = leaf ? 0 : 1;
208 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
209 for (i = 0; i < P_L2_SIZE; ++i) {
210 memcpy(&p[i], &e, sizeof(e));
211 }
212 return ret;
213 }
214
215 static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
216 hwaddr *index, hwaddr *nb, uint16_t leaf,
217 int level)
218 {
219 PhysPageEntry *p;
220 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
221
222 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
223 lp->ptr = phys_map_node_alloc(map, level == 0);
224 }
225 p = map->nodes[lp->ptr];
226 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
227
228 while (*nb && lp < &p[P_L2_SIZE]) {
229 if ((*index & (step - 1)) == 0 && *nb >= step) {
230 lp->skip = 0;
231 lp->ptr = leaf;
232 *index += step;
233 *nb -= step;
234 } else {
235 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
236 }
237 ++lp;
238 }
239 }
240
241 static void phys_page_set(AddressSpaceDispatch *d,
242 hwaddr index, hwaddr nb,
243 uint16_t leaf)
244 {
245 /* Wildly overreserve - it doesn't matter much. */
246 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
247
248 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
249 }
250
251 /* Compact a non leaf page entry. Simply detect that the entry has a single child,
252 * and update our entry so we can skip it and go directly to the destination.
253 */
254 static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
255 {
256 unsigned valid_ptr = P_L2_SIZE;
257 int valid = 0;
258 PhysPageEntry *p;
259 int i;
260
261 if (lp->ptr == PHYS_MAP_NODE_NIL) {
262 return;
263 }
264
265 p = nodes[lp->ptr];
266 for (i = 0; i < P_L2_SIZE; i++) {
267 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
268 continue;
269 }
270
271 valid_ptr = i;
272 valid++;
273 if (p[i].skip) {
274 phys_page_compact(&p[i], nodes, compacted);
275 }
276 }
277
278 /* We can only compress if there's only one child. */
279 if (valid != 1) {
280 return;
281 }
282
283 assert(valid_ptr < P_L2_SIZE);
284
285 /* Don't compress if it won't fit in the # of bits we have. */
286 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
287 return;
288 }
289
290 lp->ptr = p[valid_ptr].ptr;
291 if (!p[valid_ptr].skip) {
292 /* If our only child is a leaf, make this a leaf. */
293 /* By design, we should have made this node a leaf to begin with so we
294 * should never reach here.
295 * But since it's so simple to handle this, let's do it just in case we
296 * change this rule.
297 */
298 lp->skip = 0;
299 } else {
300 lp->skip += p[valid_ptr].skip;
301 }
302 }
303
304 static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
305 {
306 DECLARE_BITMAP(compacted, nodes_nb);
307
308 if (d->phys_map.skip) {
309 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
310 }
311 }
312
313 static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
314 Node *nodes, MemoryRegionSection *sections)
315 {
316 PhysPageEntry *p;
317 hwaddr index = addr >> TARGET_PAGE_BITS;
318 int i;
319
320 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
321 if (lp.ptr == PHYS_MAP_NODE_NIL) {
322 return &sections[PHYS_SECTION_UNASSIGNED];
323 }
324 p = nodes[lp.ptr];
325 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
326 }
327
328 if (sections[lp.ptr].size.hi ||
329 range_covers_byte(sections[lp.ptr].offset_within_address_space,
330 sections[lp.ptr].size.lo, addr)) {
331 return &sections[lp.ptr];
332 } else {
333 return &sections[PHYS_SECTION_UNASSIGNED];
334 }
335 }
336
337 bool memory_region_is_unassigned(MemoryRegion *mr)
338 {
339 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
340 && mr != &io_mem_watch;
341 }
342
343 /* Called from RCU critical section */
344 static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
345 hwaddr addr,
346 bool resolve_subpage)
347 {
348 MemoryRegionSection *section;
349 subpage_t *subpage;
350
351 section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections);
352 if (resolve_subpage && section->mr->subpage) {
353 subpage = container_of(section->mr, subpage_t, iomem);
354 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
355 }
356 return section;
357 }
358
359 /* Called from RCU critical section */
360 static MemoryRegionSection *
361 address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
362 hwaddr *plen, bool resolve_subpage)
363 {
364 MemoryRegionSection *section;
365 MemoryRegion *mr;
366 Int128 diff;
367
368 section = address_space_lookup_region(d, addr, resolve_subpage);
369 /* Compute offset within MemoryRegionSection */
370 addr -= section->offset_within_address_space;
371
372 /* Compute offset within MemoryRegion */
373 *xlat = addr + section->offset_within_region;
374
375 mr = section->mr;
376
377 /* MMIO registers can be expected to perform full-width accesses based only
378 * on their address, without considering adjacent registers that could
379 * decode to completely different MemoryRegions. When such registers
380 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
381 * regions overlap wildly. For this reason we cannot clamp the accesses
382 * here.
383 *
384 * If the length is small (as is the case for address_space_ldl/stl),
385 * everything works fine. If the incoming length is large, however,
386 * the caller really has to do the clamping through memory_access_size.
387 */
388 if (memory_region_is_ram(mr)) {
389 diff = int128_sub(section->size, int128_make64(addr));
390 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
391 }
392 return section;
393 }
394
395 static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write)
396 {
397 if (memory_region_is_ram(mr)) {
398 return !(is_write && mr->readonly);
399 }
400 if (memory_region_is_romd(mr)) {
401 return !is_write;
402 }
403
404 return false;
405 }
406
407 /* Called from RCU critical section */
408 MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
409 hwaddr *xlat, hwaddr *plen,
410 bool is_write)
411 {
412 IOMMUTLBEntry iotlb;
413 MemoryRegionSection *section;
414 MemoryRegion *mr;
415
416 for (;;) {
417 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
418 section = address_space_translate_internal(d, addr, &addr, plen, true);
419 mr = section->mr;
420
421 if (!mr->iommu_ops) {
422 break;
423 }
424
425 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
426 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
427 | (addr & iotlb.addr_mask));
428 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
429 if (!(iotlb.perm & (1 << is_write))) {
430 mr = &io_mem_unassigned;
431 break;
432 }
433
434 as = iotlb.target_as;
435 }
436
437 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
438 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
439 *plen = MIN(page, *plen);
440 }
441
442 *xlat = addr;
443 return mr;
444 }
445
446 /* Called from RCU critical section */
447 MemoryRegionSection *
448 address_space_translate_for_iotlb(CPUState *cpu, hwaddr addr,
449 hwaddr *xlat, hwaddr *plen)
450 {
451 MemoryRegionSection *section;
452 section = address_space_translate_internal(cpu->cpu_ases[0].memory_dispatch,
453 addr, xlat, plen, false);
454
455 assert(!section->mr->iommu_ops);
456 return section;
457 }
458 #endif
459
460 #if !defined(CONFIG_USER_ONLY)
461
462 static int cpu_common_post_load(void *opaque, int version_id)
463 {
464 CPUState *cpu = opaque;
465
466 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
467 version_id is increased. */
468 cpu->interrupt_request &= ~0x01;
469 tlb_flush(cpu, 1);
470
471 return 0;
472 }
473
474 static int cpu_common_pre_load(void *opaque)
475 {
476 CPUState *cpu = opaque;
477
478 cpu->exception_index = -1;
479
480 return 0;
481 }
482
483 static bool cpu_common_exception_index_needed(void *opaque)
484 {
485 CPUState *cpu = opaque;
486
487 return tcg_enabled() && cpu->exception_index != -1;
488 }
489
490 static const VMStateDescription vmstate_cpu_common_exception_index = {
491 .name = "cpu_common/exception_index",
492 .version_id = 1,
493 .minimum_version_id = 1,
494 .needed = cpu_common_exception_index_needed,
495 .fields = (VMStateField[]) {
496 VMSTATE_INT32(exception_index, CPUState),
497 VMSTATE_END_OF_LIST()
498 }
499 };
500
501 static bool cpu_common_crash_occurred_needed(void *opaque)
502 {
503 CPUState *cpu = opaque;
504
505 return cpu->crash_occurred;
506 }
507
508 static const VMStateDescription vmstate_cpu_common_crash_occurred = {
509 .name = "cpu_common/crash_occurred",
510 .version_id = 1,
511 .minimum_version_id = 1,
512 .needed = cpu_common_crash_occurred_needed,
513 .fields = (VMStateField[]) {
514 VMSTATE_BOOL(crash_occurred, CPUState),
515 VMSTATE_END_OF_LIST()
516 }
517 };
518
519 const VMStateDescription vmstate_cpu_common = {
520 .name = "cpu_common",
521 .version_id = 1,
522 .minimum_version_id = 1,
523 .pre_load = cpu_common_pre_load,
524 .post_load = cpu_common_post_load,
525 .fields = (VMStateField[]) {
526 VMSTATE_UINT32(halted, CPUState),
527 VMSTATE_UINT32(interrupt_request, CPUState),
528 VMSTATE_END_OF_LIST()
529 },
530 .subsections = (const VMStateDescription*[]) {
531 &vmstate_cpu_common_exception_index,
532 &vmstate_cpu_common_crash_occurred,
533 NULL
534 }
535 };
536
537 #endif
538
539 CPUState *qemu_get_cpu(int index)
540 {
541 CPUState *cpu;
542
543 CPU_FOREACH(cpu) {
544 if (cpu->cpu_index == index) {
545 return cpu;
546 }
547 }
548
549 return NULL;
550 }
551
552 #if !defined(CONFIG_USER_ONLY)
553 void tcg_cpu_address_space_init(CPUState *cpu, AddressSpace *as)
554 {
555 /* We only support one address space per cpu at the moment. */
556 assert(cpu->as == as);
557
558 if (cpu->cpu_ases) {
559 /* We've already registered the listener for our only AS */
560 return;
561 }
562
563 cpu->cpu_ases = g_new0(CPUAddressSpace, 1);
564 cpu->cpu_ases[0].cpu = cpu;
565 cpu->cpu_ases[0].as = as;
566 cpu->cpu_ases[0].tcg_as_listener.commit = tcg_commit;
567 memory_listener_register(&cpu->cpu_ases[0].tcg_as_listener, as);
568 }
569 #endif
570
571 #ifndef CONFIG_USER_ONLY
572 static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
573
574 static int cpu_get_free_index(Error **errp)
575 {
576 int cpu = find_first_zero_bit(cpu_index_map, MAX_CPUMASK_BITS);
577
578 if (cpu >= MAX_CPUMASK_BITS) {
579 error_setg(errp, "Trying to use more CPUs than max of %d",
580 MAX_CPUMASK_BITS);
581 return -1;
582 }
583
584 bitmap_set(cpu_index_map, cpu, 1);
585 return cpu;
586 }
587
588 void cpu_exec_exit(CPUState *cpu)
589 {
590 if (cpu->cpu_index == -1) {
591 /* cpu_index was never allocated by this @cpu or was already freed. */
592 return;
593 }
594
595 bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
596 cpu->cpu_index = -1;
597 }
598 #else
599
600 static int cpu_get_free_index(Error **errp)
601 {
602 CPUState *some_cpu;
603 int cpu_index = 0;
604
605 CPU_FOREACH(some_cpu) {
606 cpu_index++;
607 }
608 return cpu_index;
609 }
610
611 void cpu_exec_exit(CPUState *cpu)
612 {
613 }
614 #endif
615
616 void cpu_exec_init(CPUState *cpu, Error **errp)
617 {
618 CPUClass *cc = CPU_GET_CLASS(cpu);
619 int cpu_index;
620 Error *local_err = NULL;
621
622 #ifndef CONFIG_USER_ONLY
623 cpu->as = &address_space_memory;
624 cpu->thread_id = qemu_get_thread_id();
625 #endif
626
627 #if defined(CONFIG_USER_ONLY)
628 cpu_list_lock();
629 #endif
630 cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
631 if (local_err) {
632 error_propagate(errp, local_err);
633 #if defined(CONFIG_USER_ONLY)
634 cpu_list_unlock();
635 #endif
636 return;
637 }
638 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
639 #if defined(CONFIG_USER_ONLY)
640 cpu_list_unlock();
641 #endif
642 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
643 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
644 }
645 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
646 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
647 cpu_save, cpu_load, cpu->env_ptr);
648 assert(cc->vmsd == NULL);
649 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
650 #endif
651 if (cc->vmsd != NULL) {
652 vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
653 }
654 }
655
656 #if defined(CONFIG_USER_ONLY)
657 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
658 {
659 tb_invalidate_phys_page_range(pc, pc + 1, 0);
660 }
661 #else
662 static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
663 {
664 hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
665 if (phys != -1) {
666 tb_invalidate_phys_addr(cpu->as,
667 phys | (pc & ~TARGET_PAGE_MASK));
668 }
669 }
670 #endif
671
672 #if defined(CONFIG_USER_ONLY)
673 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
674
675 {
676 }
677
678 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
679 int flags)
680 {
681 return -ENOSYS;
682 }
683
684 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
685 {
686 }
687
688 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
689 int flags, CPUWatchpoint **watchpoint)
690 {
691 return -ENOSYS;
692 }
693 #else
694 /* Add a watchpoint. */
695 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
696 int flags, CPUWatchpoint **watchpoint)
697 {
698 CPUWatchpoint *wp;
699
700 /* forbid ranges which are empty or run off the end of the address space */
701 if (len == 0 || (addr + len - 1) < addr) {
702 error_report("tried to set invalid watchpoint at %"
703 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
704 return -EINVAL;
705 }
706 wp = g_malloc(sizeof(*wp));
707
708 wp->vaddr = addr;
709 wp->len = len;
710 wp->flags = flags;
711
712 /* keep all GDB-injected watchpoints in front */
713 if (flags & BP_GDB) {
714 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
715 } else {
716 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
717 }
718
719 tlb_flush_page(cpu, addr);
720
721 if (watchpoint)
722 *watchpoint = wp;
723 return 0;
724 }
725
726 /* Remove a specific watchpoint. */
727 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
728 int flags)
729 {
730 CPUWatchpoint *wp;
731
732 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
733 if (addr == wp->vaddr && len == wp->len
734 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
735 cpu_watchpoint_remove_by_ref(cpu, wp);
736 return 0;
737 }
738 }
739 return -ENOENT;
740 }
741
742 /* Remove a specific watchpoint by reference. */
743 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
744 {
745 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
746
747 tlb_flush_page(cpu, watchpoint->vaddr);
748
749 g_free(watchpoint);
750 }
751
752 /* Remove all matching watchpoints. */
753 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
754 {
755 CPUWatchpoint *wp, *next;
756
757 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
758 if (wp->flags & mask) {
759 cpu_watchpoint_remove_by_ref(cpu, wp);
760 }
761 }
762 }
763
764 /* Return true if this watchpoint address matches the specified
765 * access (ie the address range covered by the watchpoint overlaps
766 * partially or completely with the address range covered by the
767 * access).
768 */
769 static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
770 vaddr addr,
771 vaddr len)
772 {
773 /* We know the lengths are non-zero, but a little caution is
774 * required to avoid errors in the case where the range ends
775 * exactly at the top of the address space and so addr + len
776 * wraps round to zero.
777 */
778 vaddr wpend = wp->vaddr + wp->len - 1;
779 vaddr addrend = addr + len - 1;
780
781 return !(addr > wpend || wp->vaddr > addrend);
782 }
783
784 #endif
785
786 /* Add a breakpoint. */
787 int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
788 CPUBreakpoint **breakpoint)
789 {
790 CPUBreakpoint *bp;
791
792 bp = g_malloc(sizeof(*bp));
793
794 bp->pc = pc;
795 bp->flags = flags;
796
797 /* keep all GDB-injected breakpoints in front */
798 if (flags & BP_GDB) {
799 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
800 } else {
801 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
802 }
803
804 breakpoint_invalidate(cpu, pc);
805
806 if (breakpoint) {
807 *breakpoint = bp;
808 }
809 return 0;
810 }
811
812 /* Remove a specific breakpoint. */
813 int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
814 {
815 CPUBreakpoint *bp;
816
817 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
818 if (bp->pc == pc && bp->flags == flags) {
819 cpu_breakpoint_remove_by_ref(cpu, bp);
820 return 0;
821 }
822 }
823 return -ENOENT;
824 }
825
826 /* Remove a specific breakpoint by reference. */
827 void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
828 {
829 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
830
831 breakpoint_invalidate(cpu, breakpoint->pc);
832
833 g_free(breakpoint);
834 }
835
836 /* Remove all matching breakpoints. */
837 void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
838 {
839 CPUBreakpoint *bp, *next;
840
841 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
842 if (bp->flags & mask) {
843 cpu_breakpoint_remove_by_ref(cpu, bp);
844 }
845 }
846 }
847
848 /* enable or disable single step mode. EXCP_DEBUG is returned by the
849 CPU loop after each instruction */
850 void cpu_single_step(CPUState *cpu, int enabled)
851 {
852 if (cpu->singlestep_enabled != enabled) {
853 cpu->singlestep_enabled = enabled;
854 if (kvm_enabled()) {
855 kvm_update_guest_debug(cpu, 0);
856 } else {
857 /* must flush all the translated code to avoid inconsistencies */
858 /* XXX: only flush what is necessary */
859 tb_flush(cpu);
860 }
861 }
862 }
863
864 void cpu_abort(CPUState *cpu, const char *fmt, ...)
865 {
866 va_list ap;
867 va_list ap2;
868
869 va_start(ap, fmt);
870 va_copy(ap2, ap);
871 fprintf(stderr, "qemu: fatal: ");
872 vfprintf(stderr, fmt, ap);
873 fprintf(stderr, "\n");
874 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
875 if (qemu_log_enabled()) {
876 qemu_log("qemu: fatal: ");
877 qemu_log_vprintf(fmt, ap2);
878 qemu_log("\n");
879 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
880 qemu_log_flush();
881 qemu_log_close();
882 }
883 va_end(ap2);
884 va_end(ap);
885 #if defined(CONFIG_USER_ONLY)
886 {
887 struct sigaction act;
888 sigfillset(&act.sa_mask);
889 act.sa_handler = SIG_DFL;
890 sigaction(SIGABRT, &act, NULL);
891 }
892 #endif
893 abort();
894 }
895
896 #if !defined(CONFIG_USER_ONLY)
897 /* Called from RCU critical section */
898 static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
899 {
900 RAMBlock *block;
901
902 block = atomic_rcu_read(&ram_list.mru_block);
903 if (block && addr - block->offset < block->max_length) {
904 goto found;
905 }
906 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
907 if (addr - block->offset < block->max_length) {
908 goto found;
909 }
910 }
911
912 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
913 abort();
914
915 found:
916 /* It is safe to write mru_block outside the iothread lock. This
917 * is what happens:
918 *
919 * mru_block = xxx
920 * rcu_read_unlock()
921 * xxx removed from list
922 * rcu_read_lock()
923 * read mru_block
924 * mru_block = NULL;
925 * call_rcu(reclaim_ramblock, xxx);
926 * rcu_read_unlock()
927 *
928 * atomic_rcu_set is not needed here. The block was already published
929 * when it was placed into the list. Here we're just making an extra
930 * copy of the pointer.
931 */
932 ram_list.mru_block = block;
933 return block;
934 }
935
936 static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
937 {
938 CPUState *cpu;
939 ram_addr_t start1;
940 RAMBlock *block;
941 ram_addr_t end;
942
943 end = TARGET_PAGE_ALIGN(start + length);
944 start &= TARGET_PAGE_MASK;
945
946 rcu_read_lock();
947 block = qemu_get_ram_block(start);
948 assert(block == qemu_get_ram_block(end - 1));
949 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
950 CPU_FOREACH(cpu) {
951 tlb_reset_dirty(cpu, start1, length);
952 }
953 rcu_read_unlock();
954 }
955
956 /* Note: start and end must be within the same ram block. */
957 bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
958 ram_addr_t length,
959 unsigned client)
960 {
961 unsigned long end, page;
962 bool dirty;
963
964 if (length == 0) {
965 return false;
966 }
967
968 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
969 page = start >> TARGET_PAGE_BITS;
970 dirty = bitmap_test_and_clear_atomic(ram_list.dirty_memory[client],
971 page, end - page);
972
973 if (dirty && tcg_enabled()) {
974 tlb_reset_dirty_range_all(start, length);
975 }
976
977 return dirty;
978 }
979
980 /* Called from RCU critical section */
981 hwaddr memory_region_section_get_iotlb(CPUState *cpu,
982 MemoryRegionSection *section,
983 target_ulong vaddr,
984 hwaddr paddr, hwaddr xlat,
985 int prot,
986 target_ulong *address)
987 {
988 hwaddr iotlb;
989 CPUWatchpoint *wp;
990
991 if (memory_region_is_ram(section->mr)) {
992 /* Normal RAM. */
993 iotlb = (memory_region_get_ram_addr(section->mr) & TARGET_PAGE_MASK)
994 + xlat;
995 if (!section->readonly) {
996 iotlb |= PHYS_SECTION_NOTDIRTY;
997 } else {
998 iotlb |= PHYS_SECTION_ROM;
999 }
1000 } else {
1001 AddressSpaceDispatch *d;
1002
1003 d = atomic_rcu_read(&section->address_space->dispatch);
1004 iotlb = section - d->map.sections;
1005 iotlb += xlat;
1006 }
1007
1008 /* Make accesses to pages with watchpoints go via the
1009 watchpoint trap routines. */
1010 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1011 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
1012 /* Avoid trapping reads of pages with a write breakpoint. */
1013 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1014 iotlb = PHYS_SECTION_WATCH + paddr;
1015 *address |= TLB_MMIO;
1016 break;
1017 }
1018 }
1019 }
1020
1021 return iotlb;
1022 }
1023 #endif /* defined(CONFIG_USER_ONLY) */
1024
1025 #if !defined(CONFIG_USER_ONLY)
1026
1027 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
1028 uint16_t section);
1029 static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
1030
1031 static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1032 qemu_anon_ram_alloc;
1033
1034 /*
1035 * Set a custom physical guest memory alloator.
1036 * Accelerators with unusual needs may need this. Hopefully, we can
1037 * get rid of it eventually.
1038 */
1039 void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
1040 {
1041 phys_mem_alloc = alloc;
1042 }
1043
1044 static uint16_t phys_section_add(PhysPageMap *map,
1045 MemoryRegionSection *section)
1046 {
1047 /* The physical section number is ORed with a page-aligned
1048 * pointer to produce the iotlb entries. Thus it should
1049 * never overflow into the page-aligned value.
1050 */
1051 assert(map->sections_nb < TARGET_PAGE_SIZE);
1052
1053 if (map->sections_nb == map->sections_nb_alloc) {
1054 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1055 map->sections = g_renew(MemoryRegionSection, map->sections,
1056 map->sections_nb_alloc);
1057 }
1058 map->sections[map->sections_nb] = *section;
1059 memory_region_ref(section->mr);
1060 return map->sections_nb++;
1061 }
1062
1063 static void phys_section_destroy(MemoryRegion *mr)
1064 {
1065 memory_region_unref(mr);
1066
1067 if (mr->subpage) {
1068 subpage_t *subpage = container_of(mr, subpage_t, iomem);
1069 object_unref(OBJECT(&subpage->iomem));
1070 g_free(subpage);
1071 }
1072 }
1073
1074 static void phys_sections_free(PhysPageMap *map)
1075 {
1076 while (map->sections_nb > 0) {
1077 MemoryRegionSection *section = &map->sections[--map->sections_nb];
1078 phys_section_destroy(section->mr);
1079 }
1080 g_free(map->sections);
1081 g_free(map->nodes);
1082 }
1083
1084 static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
1085 {
1086 subpage_t *subpage;
1087 hwaddr base = section->offset_within_address_space
1088 & TARGET_PAGE_MASK;
1089 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
1090 d->map.nodes, d->map.sections);
1091 MemoryRegionSection subsection = {
1092 .offset_within_address_space = base,
1093 .size = int128_make64(TARGET_PAGE_SIZE),
1094 };
1095 hwaddr start, end;
1096
1097 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
1098
1099 if (!(existing->mr->subpage)) {
1100 subpage = subpage_init(d->as, base);
1101 subsection.address_space = d->as;
1102 subsection.mr = &subpage->iomem;
1103 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
1104 phys_section_add(&d->map, &subsection));
1105 } else {
1106 subpage = container_of(existing->mr, subpage_t, iomem);
1107 }
1108 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
1109 end = start + int128_get64(section->size) - 1;
1110 subpage_register(subpage, start, end,
1111 phys_section_add(&d->map, section));
1112 }
1113
1114
1115 static void register_multipage(AddressSpaceDispatch *d,
1116 MemoryRegionSection *section)
1117 {
1118 hwaddr start_addr = section->offset_within_address_space;
1119 uint16_t section_index = phys_section_add(&d->map, section);
1120 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1121 TARGET_PAGE_BITS));
1122
1123 assert(num_pages);
1124 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
1125 }
1126
1127 static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
1128 {
1129 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
1130 AddressSpaceDispatch *d = as->next_dispatch;
1131 MemoryRegionSection now = *section, remain = *section;
1132 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
1133
1134 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1135 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1136 - now.offset_within_address_space;
1137
1138 now.size = int128_min(int128_make64(left), now.size);
1139 register_subpage(d, &now);
1140 } else {
1141 now.size = int128_zero();
1142 }
1143 while (int128_ne(remain.size, now.size)) {
1144 remain.size = int128_sub(remain.size, now.size);
1145 remain.offset_within_address_space += int128_get64(now.size);
1146 remain.offset_within_region += int128_get64(now.size);
1147 now = remain;
1148 if (int128_lt(remain.size, page_size)) {
1149 register_subpage(d, &now);
1150 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
1151 now.size = page_size;
1152 register_subpage(d, &now);
1153 } else {
1154 now.size = int128_and(now.size, int128_neg(page_size));
1155 register_multipage(d, &now);
1156 }
1157 }
1158 }
1159
1160 void qemu_flush_coalesced_mmio_buffer(void)
1161 {
1162 if (kvm_enabled())
1163 kvm_flush_coalesced_mmio_buffer();
1164 }
1165
1166 void qemu_mutex_lock_ramlist(void)
1167 {
1168 qemu_mutex_lock(&ram_list.mutex);
1169 }
1170
1171 void qemu_mutex_unlock_ramlist(void)
1172 {
1173 qemu_mutex_unlock(&ram_list.mutex);
1174 }
1175
1176 #ifdef __linux__
1177
1178 #include <sys/vfs.h>
1179
1180 #define HUGETLBFS_MAGIC 0x958458f6
1181
1182 static long gethugepagesize(const char *path, Error **errp)
1183 {
1184 struct statfs fs;
1185 int ret;
1186
1187 do {
1188 ret = statfs(path, &fs);
1189 } while (ret != 0 && errno == EINTR);
1190
1191 if (ret != 0) {
1192 error_setg_errno(errp, errno, "failed to get page size of file %s",
1193 path);
1194 return 0;
1195 }
1196
1197 if (fs.f_type != HUGETLBFS_MAGIC)
1198 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
1199
1200 return fs.f_bsize;
1201 }
1202
1203 static void *file_ram_alloc(RAMBlock *block,
1204 ram_addr_t memory,
1205 const char *path,
1206 Error **errp)
1207 {
1208 char *filename;
1209 char *sanitized_name;
1210 char *c;
1211 void *area;
1212 int fd;
1213 uint64_t hpagesize;
1214 Error *local_err = NULL;
1215
1216 hpagesize = gethugepagesize(path, &local_err);
1217 if (local_err) {
1218 error_propagate(errp, local_err);
1219 goto error;
1220 }
1221 block->mr->align = hpagesize;
1222
1223 if (memory < hpagesize) {
1224 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1225 "or larger than huge page size 0x%" PRIx64,
1226 memory, hpagesize);
1227 goto error;
1228 }
1229
1230 if (kvm_enabled() && !kvm_has_sync_mmu()) {
1231 error_setg(errp,
1232 "host lacks kvm mmu notifiers, -mem-path unsupported");
1233 goto error;
1234 }
1235
1236 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1237 sanitized_name = g_strdup(memory_region_name(block->mr));
1238 for (c = sanitized_name; *c != '\0'; c++) {
1239 if (*c == '/')
1240 *c = '_';
1241 }
1242
1243 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1244 sanitized_name);
1245 g_free(sanitized_name);
1246
1247 fd = mkstemp(filename);
1248 if (fd < 0) {
1249 error_setg_errno(errp, errno,
1250 "unable to create backing store for hugepages");
1251 g_free(filename);
1252 goto error;
1253 }
1254 unlink(filename);
1255 g_free(filename);
1256
1257 memory = ROUND_UP(memory, hpagesize);
1258
1259 /*
1260 * ftruncate is not supported by hugetlbfs in older
1261 * hosts, so don't bother bailing out on errors.
1262 * If anything goes wrong with it under other filesystems,
1263 * mmap will fail.
1264 */
1265 if (ftruncate(fd, memory)) {
1266 perror("ftruncate");
1267 }
1268
1269 area = qemu_ram_mmap(fd, memory, hpagesize, block->flags & RAM_SHARED);
1270 if (area == MAP_FAILED) {
1271 error_setg_errno(errp, errno,
1272 "unable to map backing store for hugepages");
1273 close(fd);
1274 goto error;
1275 }
1276
1277 if (mem_prealloc) {
1278 os_mem_prealloc(fd, area, memory);
1279 }
1280
1281 block->fd = fd;
1282 return area;
1283
1284 error:
1285 if (mem_prealloc) {
1286 error_report("%s", error_get_pretty(*errp));
1287 exit(1);
1288 }
1289 return NULL;
1290 }
1291 #endif
1292
1293 /* Called with the ramlist lock held. */
1294 static ram_addr_t find_ram_offset(ram_addr_t size)
1295 {
1296 RAMBlock *block, *next_block;
1297 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
1298
1299 assert(size != 0); /* it would hand out same offset multiple times */
1300
1301 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
1302 return 0;
1303 }
1304
1305 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1306 ram_addr_t end, next = RAM_ADDR_MAX;
1307
1308 end = block->offset + block->max_length;
1309
1310 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
1311 if (next_block->offset >= end) {
1312 next = MIN(next, next_block->offset);
1313 }
1314 }
1315 if (next - end >= size && next - end < mingap) {
1316 offset = end;
1317 mingap = next - end;
1318 }
1319 }
1320
1321 if (offset == RAM_ADDR_MAX) {
1322 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1323 (uint64_t)size);
1324 abort();
1325 }
1326
1327 return offset;
1328 }
1329
1330 ram_addr_t last_ram_offset(void)
1331 {
1332 RAMBlock *block;
1333 ram_addr_t last = 0;
1334
1335 rcu_read_lock();
1336 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1337 last = MAX(last, block->offset + block->max_length);
1338 }
1339 rcu_read_unlock();
1340 return last;
1341 }
1342
1343 static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1344 {
1345 int ret;
1346
1347 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
1348 if (!machine_dump_guest_core(current_machine)) {
1349 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1350 if (ret) {
1351 perror("qemu_madvise");
1352 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1353 "but dump_guest_core=off specified\n");
1354 }
1355 }
1356 }
1357
1358 /* Called within an RCU critical section, or while the ramlist lock
1359 * is held.
1360 */
1361 static RAMBlock *find_ram_block(ram_addr_t addr)
1362 {
1363 RAMBlock *block;
1364
1365 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1366 if (block->offset == addr) {
1367 return block;
1368 }
1369 }
1370
1371 return NULL;
1372 }
1373
1374 /* Called with iothread lock held. */
1375 void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
1376 {
1377 RAMBlock *new_block, *block;
1378
1379 rcu_read_lock();
1380 new_block = find_ram_block(addr);
1381 assert(new_block);
1382 assert(!new_block->idstr[0]);
1383
1384 if (dev) {
1385 char *id = qdev_get_dev_path(dev);
1386 if (id) {
1387 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
1388 g_free(id);
1389 }
1390 }
1391 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1392
1393 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1394 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
1395 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1396 new_block->idstr);
1397 abort();
1398 }
1399 }
1400 rcu_read_unlock();
1401 }
1402
1403 /* Called with iothread lock held. */
1404 void qemu_ram_unset_idstr(ram_addr_t addr)
1405 {
1406 RAMBlock *block;
1407
1408 /* FIXME: arch_init.c assumes that this is not called throughout
1409 * migration. Ignore the problem since hot-unplug during migration
1410 * does not work anyway.
1411 */
1412
1413 rcu_read_lock();
1414 block = find_ram_block(addr);
1415 if (block) {
1416 memset(block->idstr, 0, sizeof(block->idstr));
1417 }
1418 rcu_read_unlock();
1419 }
1420
1421 static int memory_try_enable_merging(void *addr, size_t len)
1422 {
1423 if (!machine_mem_merge(current_machine)) {
1424 /* disabled by the user */
1425 return 0;
1426 }
1427
1428 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1429 }
1430
1431 /* Only legal before guest might have detected the memory size: e.g. on
1432 * incoming migration, or right after reset.
1433 *
1434 * As memory core doesn't know how is memory accessed, it is up to
1435 * resize callback to update device state and/or add assertions to detect
1436 * misuse, if necessary.
1437 */
1438 int qemu_ram_resize(ram_addr_t base, ram_addr_t newsize, Error **errp)
1439 {
1440 RAMBlock *block = find_ram_block(base);
1441
1442 assert(block);
1443
1444 newsize = TARGET_PAGE_ALIGN(newsize);
1445
1446 if (block->used_length == newsize) {
1447 return 0;
1448 }
1449
1450 if (!(block->flags & RAM_RESIZEABLE)) {
1451 error_setg_errno(errp, EINVAL,
1452 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1453 " in != 0x" RAM_ADDR_FMT, block->idstr,
1454 newsize, block->used_length);
1455 return -EINVAL;
1456 }
1457
1458 if (block->max_length < newsize) {
1459 error_setg_errno(errp, EINVAL,
1460 "Length too large: %s: 0x" RAM_ADDR_FMT
1461 " > 0x" RAM_ADDR_FMT, block->idstr,
1462 newsize, block->max_length);
1463 return -EINVAL;
1464 }
1465
1466 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1467 block->used_length = newsize;
1468 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1469 DIRTY_CLIENTS_ALL);
1470 memory_region_set_size(block->mr, newsize);
1471 if (block->resized) {
1472 block->resized(block->idstr, newsize, block->host);
1473 }
1474 return 0;
1475 }
1476
1477 static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
1478 {
1479 RAMBlock *block;
1480 RAMBlock *last_block = NULL;
1481 ram_addr_t old_ram_size, new_ram_size;
1482
1483 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1484
1485 qemu_mutex_lock_ramlist();
1486 new_block->offset = find_ram_offset(new_block->max_length);
1487
1488 if (!new_block->host) {
1489 if (xen_enabled()) {
1490 xen_ram_alloc(new_block->offset, new_block->max_length,
1491 new_block->mr);
1492 } else {
1493 new_block->host = phys_mem_alloc(new_block->max_length,
1494 &new_block->mr->align);
1495 if (!new_block->host) {
1496 error_setg_errno(errp, errno,
1497 "cannot set up guest memory '%s'",
1498 memory_region_name(new_block->mr));
1499 qemu_mutex_unlock_ramlist();
1500 return -1;
1501 }
1502 memory_try_enable_merging(new_block->host, new_block->max_length);
1503 }
1504 }
1505
1506 new_ram_size = MAX(old_ram_size,
1507 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1508 if (new_ram_size > old_ram_size) {
1509 migration_bitmap_extend(old_ram_size, new_ram_size);
1510 }
1511 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1512 * QLIST (which has an RCU-friendly variant) does not have insertion at
1513 * tail, so save the last element in last_block.
1514 */
1515 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1516 last_block = block;
1517 if (block->max_length < new_block->max_length) {
1518 break;
1519 }
1520 }
1521 if (block) {
1522 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
1523 } else if (last_block) {
1524 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
1525 } else { /* list is empty */
1526 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
1527 }
1528 ram_list.mru_block = NULL;
1529
1530 /* Write list before version */
1531 smp_wmb();
1532 ram_list.version++;
1533 qemu_mutex_unlock_ramlist();
1534
1535 new_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
1536
1537 if (new_ram_size > old_ram_size) {
1538 int i;
1539
1540 /* ram_list.dirty_memory[] is protected by the iothread lock. */
1541 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1542 ram_list.dirty_memory[i] =
1543 bitmap_zero_extend(ram_list.dirty_memory[i],
1544 old_ram_size, new_ram_size);
1545 }
1546 }
1547 cpu_physical_memory_set_dirty_range(new_block->offset,
1548 new_block->used_length,
1549 DIRTY_CLIENTS_ALL);
1550
1551 if (new_block->host) {
1552 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1553 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1554 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1555 if (kvm_enabled()) {
1556 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1557 }
1558 }
1559
1560 return new_block->offset;
1561 }
1562
1563 #ifdef __linux__
1564 ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1565 bool share, const char *mem_path,
1566 Error **errp)
1567 {
1568 RAMBlock *new_block;
1569 ram_addr_t addr;
1570 Error *local_err = NULL;
1571
1572 if (xen_enabled()) {
1573 error_setg(errp, "-mem-path not supported with Xen");
1574 return -1;
1575 }
1576
1577 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1578 /*
1579 * file_ram_alloc() needs to allocate just like
1580 * phys_mem_alloc, but we haven't bothered to provide
1581 * a hook there.
1582 */
1583 error_setg(errp,
1584 "-mem-path not supported with this accelerator");
1585 return -1;
1586 }
1587
1588 size = TARGET_PAGE_ALIGN(size);
1589 new_block = g_malloc0(sizeof(*new_block));
1590 new_block->mr = mr;
1591 new_block->used_length = size;
1592 new_block->max_length = size;
1593 new_block->flags = share ? RAM_SHARED : 0;
1594 new_block->flags |= RAM_FILE;
1595 new_block->host = file_ram_alloc(new_block, size,
1596 mem_path, errp);
1597 if (!new_block->host) {
1598 g_free(new_block);
1599 return -1;
1600 }
1601
1602 addr = ram_block_add(new_block, &local_err);
1603 if (local_err) {
1604 g_free(new_block);
1605 error_propagate(errp, local_err);
1606 return -1;
1607 }
1608 return addr;
1609 }
1610 #endif
1611
1612 static
1613 ram_addr_t qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1614 void (*resized)(const char*,
1615 uint64_t length,
1616 void *host),
1617 void *host, bool resizeable,
1618 MemoryRegion *mr, Error **errp)
1619 {
1620 RAMBlock *new_block;
1621 ram_addr_t addr;
1622 Error *local_err = NULL;
1623
1624 size = TARGET_PAGE_ALIGN(size);
1625 max_size = TARGET_PAGE_ALIGN(max_size);
1626 new_block = g_malloc0(sizeof(*new_block));
1627 new_block->mr = mr;
1628 new_block->resized = resized;
1629 new_block->used_length = size;
1630 new_block->max_length = max_size;
1631 assert(max_size >= size);
1632 new_block->fd = -1;
1633 new_block->host = host;
1634 if (host) {
1635 new_block->flags |= RAM_PREALLOC;
1636 }
1637 if (resizeable) {
1638 new_block->flags |= RAM_RESIZEABLE;
1639 }
1640 addr = ram_block_add(new_block, &local_err);
1641 if (local_err) {
1642 g_free(new_block);
1643 error_propagate(errp, local_err);
1644 return -1;
1645 }
1646 return addr;
1647 }
1648
1649 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
1650 MemoryRegion *mr, Error **errp)
1651 {
1652 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1653 }
1654
1655 ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
1656 {
1657 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1658 }
1659
1660 ram_addr_t qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
1661 void (*resized)(const char*,
1662 uint64_t length,
1663 void *host),
1664 MemoryRegion *mr, Error **errp)
1665 {
1666 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
1667 }
1668
1669 void qemu_ram_free_from_ptr(ram_addr_t addr)
1670 {
1671 RAMBlock *block;
1672
1673 qemu_mutex_lock_ramlist();
1674 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1675 if (addr == block->offset) {
1676 QLIST_REMOVE_RCU(block, next);
1677 ram_list.mru_block = NULL;
1678 /* Write list before version */
1679 smp_wmb();
1680 ram_list.version++;
1681 g_free_rcu(block, rcu);
1682 break;
1683 }
1684 }
1685 qemu_mutex_unlock_ramlist();
1686 }
1687
1688 static void reclaim_ramblock(RAMBlock *block)
1689 {
1690 if (block->flags & RAM_PREALLOC) {
1691 ;
1692 } else if (xen_enabled()) {
1693 xen_invalidate_map_cache_entry(block->host);
1694 #ifndef _WIN32
1695 } else if (block->fd >= 0) {
1696 if (block->flags & RAM_FILE) {
1697 qemu_ram_munmap(block->host, block->max_length);
1698 } else {
1699 munmap(block->host, block->max_length);
1700 }
1701 close(block->fd);
1702 #endif
1703 } else {
1704 qemu_anon_ram_free(block->host, block->max_length);
1705 }
1706 g_free(block);
1707 }
1708
1709 void qemu_ram_free(ram_addr_t addr)
1710 {
1711 RAMBlock *block;
1712
1713 qemu_mutex_lock_ramlist();
1714 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1715 if (addr == block->offset) {
1716 QLIST_REMOVE_RCU(block, next);
1717 ram_list.mru_block = NULL;
1718 /* Write list before version */
1719 smp_wmb();
1720 ram_list.version++;
1721 call_rcu(block, reclaim_ramblock, rcu);
1722 break;
1723 }
1724 }
1725 qemu_mutex_unlock_ramlist();
1726 }
1727
1728 #ifndef _WIN32
1729 void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1730 {
1731 RAMBlock *block;
1732 ram_addr_t offset;
1733 int flags;
1734 void *area, *vaddr;
1735
1736 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1737 offset = addr - block->offset;
1738 if (offset < block->max_length) {
1739 vaddr = ramblock_ptr(block, offset);
1740 if (block->flags & RAM_PREALLOC) {
1741 ;
1742 } else if (xen_enabled()) {
1743 abort();
1744 } else {
1745 flags = MAP_FIXED;
1746 if (block->fd >= 0) {
1747 flags |= (block->flags & RAM_SHARED ?
1748 MAP_SHARED : MAP_PRIVATE);
1749 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1750 flags, block->fd, offset);
1751 } else {
1752 /*
1753 * Remap needs to match alloc. Accelerators that
1754 * set phys_mem_alloc never remap. If they did,
1755 * we'd need a remap hook here.
1756 */
1757 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1758
1759 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1760 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1761 flags, -1, 0);
1762 }
1763 if (area != vaddr) {
1764 fprintf(stderr, "Could not remap addr: "
1765 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
1766 length, addr);
1767 exit(1);
1768 }
1769 memory_try_enable_merging(vaddr, length);
1770 qemu_ram_setup_dump(vaddr, length);
1771 }
1772 }
1773 }
1774 }
1775 #endif /* !_WIN32 */
1776
1777 int qemu_get_ram_fd(ram_addr_t addr)
1778 {
1779 RAMBlock *block;
1780 int fd;
1781
1782 rcu_read_lock();
1783 block = qemu_get_ram_block(addr);
1784 fd = block->fd;
1785 rcu_read_unlock();
1786 return fd;
1787 }
1788
1789 void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
1790 {
1791 RAMBlock *block;
1792 void *ptr;
1793
1794 rcu_read_lock();
1795 block = qemu_get_ram_block(addr);
1796 ptr = ramblock_ptr(block, 0);
1797 rcu_read_unlock();
1798 return ptr;
1799 }
1800
1801 /* Return a host pointer to ram allocated with qemu_ram_alloc.
1802 * This should not be used for general purpose DMA. Use address_space_map
1803 * or address_space_rw instead. For local memory (e.g. video ram) that the
1804 * device owns, use memory_region_get_ram_ptr.
1805 *
1806 * By the time this function returns, the returned pointer is not protected
1807 * by RCU anymore. If the caller is not within an RCU critical section and
1808 * does not hold the iothread lock, it must have other means of protecting the
1809 * pointer, such as a reference to the region that includes the incoming
1810 * ram_addr_t.
1811 */
1812 void *qemu_get_ram_ptr(ram_addr_t addr)
1813 {
1814 RAMBlock *block;
1815 void *ptr;
1816
1817 rcu_read_lock();
1818 block = qemu_get_ram_block(addr);
1819
1820 if (xen_enabled() && block->host == NULL) {
1821 /* We need to check if the requested address is in the RAM
1822 * because we don't want to map the entire memory in QEMU.
1823 * In that case just map until the end of the page.
1824 */
1825 if (block->offset == 0) {
1826 ptr = xen_map_cache(addr, 0, 0);
1827 goto unlock;
1828 }
1829
1830 block->host = xen_map_cache(block->offset, block->max_length, 1);
1831 }
1832 ptr = ramblock_ptr(block, addr - block->offset);
1833
1834 unlock:
1835 rcu_read_unlock();
1836 return ptr;
1837 }
1838
1839 /* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
1840 * but takes a size argument.
1841 *
1842 * By the time this function returns, the returned pointer is not protected
1843 * by RCU anymore. If the caller is not within an RCU critical section and
1844 * does not hold the iothread lock, it must have other means of protecting the
1845 * pointer, such as a reference to the region that includes the incoming
1846 * ram_addr_t.
1847 */
1848 static void *qemu_ram_ptr_length(ram_addr_t addr, hwaddr *size)
1849 {
1850 void *ptr;
1851 if (*size == 0) {
1852 return NULL;
1853 }
1854 if (xen_enabled()) {
1855 return xen_map_cache(addr, *size, 1);
1856 } else {
1857 RAMBlock *block;
1858 rcu_read_lock();
1859 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1860 if (addr - block->offset < block->max_length) {
1861 if (addr - block->offset + *size > block->max_length)
1862 *size = block->max_length - addr + block->offset;
1863 ptr = ramblock_ptr(block, addr - block->offset);
1864 rcu_read_unlock();
1865 return ptr;
1866 }
1867 }
1868
1869 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
1870 abort();
1871 }
1872 }
1873
1874 /* Some of the softmmu routines need to translate from a host pointer
1875 * (typically a TLB entry) back to a ram offset.
1876 *
1877 * By the time this function returns, the returned pointer is not protected
1878 * by RCU anymore. If the caller is not within an RCU critical section and
1879 * does not hold the iothread lock, it must have other means of protecting the
1880 * pointer, such as a reference to the region that includes the incoming
1881 * ram_addr_t.
1882 */
1883 MemoryRegion *qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
1884 {
1885 RAMBlock *block;
1886 uint8_t *host = ptr;
1887 MemoryRegion *mr;
1888
1889 if (xen_enabled()) {
1890 rcu_read_lock();
1891 *ram_addr = xen_ram_addr_from_mapcache(ptr);
1892 mr = qemu_get_ram_block(*ram_addr)->mr;
1893 rcu_read_unlock();
1894 return mr;
1895 }
1896
1897 rcu_read_lock();
1898 block = atomic_rcu_read(&ram_list.mru_block);
1899 if (block && block->host && host - block->host < block->max_length) {
1900 goto found;
1901 }
1902
1903 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1904 /* This case append when the block is not mapped. */
1905 if (block->host == NULL) {
1906 continue;
1907 }
1908 if (host - block->host < block->max_length) {
1909 goto found;
1910 }
1911 }
1912
1913 rcu_read_unlock();
1914 return NULL;
1915
1916 found:
1917 *ram_addr = block->offset + (host - block->host);
1918 mr = block->mr;
1919 rcu_read_unlock();
1920 return mr;
1921 }
1922
1923 static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
1924 uint64_t val, unsigned size)
1925 {
1926 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
1927 tb_invalidate_phys_page_fast(ram_addr, size);
1928 }
1929 switch (size) {
1930 case 1:
1931 stb_p(qemu_get_ram_ptr(ram_addr), val);
1932 break;
1933 case 2:
1934 stw_p(qemu_get_ram_ptr(ram_addr), val);
1935 break;
1936 case 4:
1937 stl_p(qemu_get_ram_ptr(ram_addr), val);
1938 break;
1939 default:
1940 abort();
1941 }
1942 /* Set both VGA and migration bits for simplicity and to remove
1943 * the notdirty callback faster.
1944 */
1945 cpu_physical_memory_set_dirty_range(ram_addr, size,
1946 DIRTY_CLIENTS_NOCODE);
1947 /* we remove the notdirty callback only if the code has been
1948 flushed */
1949 if (!cpu_physical_memory_is_clean(ram_addr)) {
1950 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
1951 }
1952 }
1953
1954 static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
1955 unsigned size, bool is_write)
1956 {
1957 return is_write;
1958 }
1959
1960 static const MemoryRegionOps notdirty_mem_ops = {
1961 .write = notdirty_mem_write,
1962 .valid.accepts = notdirty_mem_accepts,
1963 .endianness = DEVICE_NATIVE_ENDIAN,
1964 };
1965
1966 /* Generate a debug exception if a watchpoint has been hit. */
1967 static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
1968 {
1969 CPUState *cpu = current_cpu;
1970 CPUArchState *env = cpu->env_ptr;
1971 target_ulong pc, cs_base;
1972 target_ulong vaddr;
1973 CPUWatchpoint *wp;
1974 int cpu_flags;
1975
1976 if (cpu->watchpoint_hit) {
1977 /* We re-entered the check after replacing the TB. Now raise
1978 * the debug interrupt so that is will trigger after the
1979 * current instruction. */
1980 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
1981 return;
1982 }
1983 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
1984 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
1985 if (cpu_watchpoint_address_matches(wp, vaddr, len)
1986 && (wp->flags & flags)) {
1987 if (flags == BP_MEM_READ) {
1988 wp->flags |= BP_WATCHPOINT_HIT_READ;
1989 } else {
1990 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
1991 }
1992 wp->hitaddr = vaddr;
1993 wp->hitattrs = attrs;
1994 if (!cpu->watchpoint_hit) {
1995 cpu->watchpoint_hit = wp;
1996 tb_check_watchpoint(cpu);
1997 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
1998 cpu->exception_index = EXCP_DEBUG;
1999 cpu_loop_exit(cpu);
2000 } else {
2001 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
2002 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
2003 cpu_resume_from_signal(cpu, NULL);
2004 }
2005 }
2006 } else {
2007 wp->flags &= ~BP_WATCHPOINT_HIT;
2008 }
2009 }
2010 }
2011
2012 /* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2013 so these check for a hit then pass through to the normal out-of-line
2014 phys routines. */
2015 static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2016 unsigned size, MemTxAttrs attrs)
2017 {
2018 MemTxResult res;
2019 uint64_t data;
2020
2021 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
2022 switch (size) {
2023 case 1:
2024 data = address_space_ldub(&address_space_memory, addr, attrs, &res);
2025 break;
2026 case 2:
2027 data = address_space_lduw(&address_space_memory, addr, attrs, &res);
2028 break;
2029 case 4:
2030 data = address_space_ldl(&address_space_memory, addr, attrs, &res);
2031 break;
2032 default: abort();
2033 }
2034 *pdata = data;
2035 return res;
2036 }
2037
2038 static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2039 uint64_t val, unsigned size,
2040 MemTxAttrs attrs)
2041 {
2042 MemTxResult res;
2043
2044 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
2045 switch (size) {
2046 case 1:
2047 address_space_stb(&address_space_memory, addr, val, attrs, &res);
2048 break;
2049 case 2:
2050 address_space_stw(&address_space_memory, addr, val, attrs, &res);
2051 break;
2052 case 4:
2053 address_space_stl(&address_space_memory, addr, val, attrs, &res);
2054 break;
2055 default: abort();
2056 }
2057 return res;
2058 }
2059
2060 static const MemoryRegionOps watch_mem_ops = {
2061 .read_with_attrs = watch_mem_read,
2062 .write_with_attrs = watch_mem_write,
2063 .endianness = DEVICE_NATIVE_ENDIAN,
2064 };
2065
2066 static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2067 unsigned len, MemTxAttrs attrs)
2068 {
2069 subpage_t *subpage = opaque;
2070 uint8_t buf[8];
2071 MemTxResult res;
2072
2073 #if defined(DEBUG_SUBPAGE)
2074 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
2075 subpage, len, addr);
2076 #endif
2077 res = address_space_read(subpage->as, addr + subpage->base,
2078 attrs, buf, len);
2079 if (res) {
2080 return res;
2081 }
2082 switch (len) {
2083 case 1:
2084 *data = ldub_p(buf);
2085 return MEMTX_OK;
2086 case 2:
2087 *data = lduw_p(buf);
2088 return MEMTX_OK;
2089 case 4:
2090 *data = ldl_p(buf);
2091 return MEMTX_OK;
2092 case 8:
2093 *data = ldq_p(buf);
2094 return MEMTX_OK;
2095 default:
2096 abort();
2097 }
2098 }
2099
2100 static MemTxResult subpage_write(void *opaque, hwaddr addr,
2101 uint64_t value, unsigned len, MemTxAttrs attrs)
2102 {
2103 subpage_t *subpage = opaque;
2104 uint8_t buf[8];
2105
2106 #if defined(DEBUG_SUBPAGE)
2107 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
2108 " value %"PRIx64"\n",
2109 __func__, subpage, len, addr, value);
2110 #endif
2111 switch (len) {
2112 case 1:
2113 stb_p(buf, value);
2114 break;
2115 case 2:
2116 stw_p(buf, value);
2117 break;
2118 case 4:
2119 stl_p(buf, value);
2120 break;
2121 case 8:
2122 stq_p(buf, value);
2123 break;
2124 default:
2125 abort();
2126 }
2127 return address_space_write(subpage->as, addr + subpage->base,
2128 attrs, buf, len);
2129 }
2130
2131 static bool subpage_accepts(void *opaque, hwaddr addr,
2132 unsigned len, bool is_write)
2133 {
2134 subpage_t *subpage = opaque;
2135 #if defined(DEBUG_SUBPAGE)
2136 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
2137 __func__, subpage, is_write ? 'w' : 'r', len, addr);
2138 #endif
2139
2140 return address_space_access_valid(subpage->as, addr + subpage->base,
2141 len, is_write);
2142 }
2143
2144 static const MemoryRegionOps subpage_ops = {
2145 .read_with_attrs = subpage_read,
2146 .write_with_attrs = subpage_write,
2147 .impl.min_access_size = 1,
2148 .impl.max_access_size = 8,
2149 .valid.min_access_size = 1,
2150 .valid.max_access_size = 8,
2151 .valid.accepts = subpage_accepts,
2152 .endianness = DEVICE_NATIVE_ENDIAN,
2153 };
2154
2155 static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
2156 uint16_t section)
2157 {
2158 int idx, eidx;
2159
2160 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2161 return -1;
2162 idx = SUBPAGE_IDX(start);
2163 eidx = SUBPAGE_IDX(end);
2164 #if defined(DEBUG_SUBPAGE)
2165 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2166 __func__, mmio, start, end, idx, eidx, section);
2167 #endif
2168 for (; idx <= eidx; idx++) {
2169 mmio->sub_section[idx] = section;
2170 }
2171
2172 return 0;
2173 }
2174
2175 static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
2176 {
2177 subpage_t *mmio;
2178
2179 mmio = g_malloc0(sizeof(subpage_t));
2180
2181 mmio->as = as;
2182 mmio->base = base;
2183 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
2184 NULL, TARGET_PAGE_SIZE);
2185 mmio->iomem.subpage = true;
2186 #if defined(DEBUG_SUBPAGE)
2187 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2188 mmio, base, TARGET_PAGE_SIZE);
2189 #endif
2190 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
2191
2192 return mmio;
2193 }
2194
2195 static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2196 MemoryRegion *mr)
2197 {
2198 assert(as);
2199 MemoryRegionSection section = {
2200 .address_space = as,
2201 .mr = mr,
2202 .offset_within_address_space = 0,
2203 .offset_within_region = 0,
2204 .size = int128_2_64(),
2205 };
2206
2207 return phys_section_add(map, &section);
2208 }
2209
2210 MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index)
2211 {
2212 CPUAddressSpace *cpuas = &cpu->cpu_ases[0];
2213 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
2214 MemoryRegionSection *sections = d->map.sections;
2215
2216 return sections[index & ~TARGET_PAGE_MASK].mr;
2217 }
2218
2219 static void io_mem_init(void)
2220 {
2221 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2222 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
2223 NULL, UINT64_MAX);
2224 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
2225 NULL, UINT64_MAX);
2226 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
2227 NULL, UINT64_MAX);
2228 }
2229
2230 static void mem_begin(MemoryListener *listener)
2231 {
2232 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2233 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2234 uint16_t n;
2235
2236 n = dummy_section(&d->map, as, &io_mem_unassigned);
2237 assert(n == PHYS_SECTION_UNASSIGNED);
2238 n = dummy_section(&d->map, as, &io_mem_notdirty);
2239 assert(n == PHYS_SECTION_NOTDIRTY);
2240 n = dummy_section(&d->map, as, &io_mem_rom);
2241 assert(n == PHYS_SECTION_ROM);
2242 n = dummy_section(&d->map, as, &io_mem_watch);
2243 assert(n == PHYS_SECTION_WATCH);
2244
2245 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
2246 d->as = as;
2247 as->next_dispatch = d;
2248 }
2249
2250 static void address_space_dispatch_free(AddressSpaceDispatch *d)
2251 {
2252 phys_sections_free(&d->map);
2253 g_free(d);
2254 }
2255
2256 static void mem_commit(MemoryListener *listener)
2257 {
2258 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
2259 AddressSpaceDispatch *cur = as->dispatch;
2260 AddressSpaceDispatch *next = as->next_dispatch;
2261
2262 phys_page_compact_all(next, next->map.nodes_nb);
2263
2264 atomic_rcu_set(&as->dispatch, next);
2265 if (cur) {
2266 call_rcu(cur, address_space_dispatch_free, rcu);
2267 }
2268 }
2269
2270 static void tcg_commit(MemoryListener *listener)
2271 {
2272 CPUAddressSpace *cpuas;
2273 AddressSpaceDispatch *d;
2274
2275 /* since each CPU stores ram addresses in its TLB cache, we must
2276 reset the modified entries */
2277 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2278 cpu_reloading_memory_map();
2279 /* The CPU and TLB are protected by the iothread lock.
2280 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2281 * may have split the RCU critical section.
2282 */
2283 d = atomic_rcu_read(&cpuas->as->dispatch);
2284 cpuas->memory_dispatch = d;
2285 tlb_flush(cpuas->cpu, 1);
2286 }
2287
2288 void address_space_init_dispatch(AddressSpace *as)
2289 {
2290 as->dispatch = NULL;
2291 as->dispatch_listener = (MemoryListener) {
2292 .begin = mem_begin,
2293 .commit = mem_commit,
2294 .region_add = mem_add,
2295 .region_nop = mem_add,
2296 .priority = 0,
2297 };
2298 memory_listener_register(&as->dispatch_listener, as);
2299 }
2300
2301 void address_space_unregister(AddressSpace *as)
2302 {
2303 memory_listener_unregister(&as->dispatch_listener);
2304 }
2305
2306 void address_space_destroy_dispatch(AddressSpace *as)
2307 {
2308 AddressSpaceDispatch *d = as->dispatch;
2309
2310 atomic_rcu_set(&as->dispatch, NULL);
2311 if (d) {
2312 call_rcu(d, address_space_dispatch_free, rcu);
2313 }
2314 }
2315
2316 static void memory_map_init(void)
2317 {
2318 system_memory = g_malloc(sizeof(*system_memory));
2319
2320 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
2321 address_space_init(&address_space_memory, system_memory, "memory");
2322
2323 system_io = g_malloc(sizeof(*system_io));
2324 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2325 65536);
2326 address_space_init(&address_space_io, system_io, "I/O");
2327 }
2328
2329 MemoryRegion *get_system_memory(void)
2330 {
2331 return system_memory;
2332 }
2333
2334 MemoryRegion *get_system_io(void)
2335 {
2336 return system_io;
2337 }
2338
2339 #endif /* !defined(CONFIG_USER_ONLY) */
2340
2341 /* physical memory access (slow version, mainly for debug) */
2342 #if defined(CONFIG_USER_ONLY)
2343 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
2344 uint8_t *buf, int len, int is_write)
2345 {
2346 int l, flags;
2347 target_ulong page;
2348 void * p;
2349
2350 while (len > 0) {
2351 page = addr & TARGET_PAGE_MASK;
2352 l = (page + TARGET_PAGE_SIZE) - addr;
2353 if (l > len)
2354 l = len;
2355 flags = page_get_flags(page);
2356 if (!(flags & PAGE_VALID))
2357 return -1;
2358 if (is_write) {
2359 if (!(flags & PAGE_WRITE))
2360 return -1;
2361 /* XXX: this code should not depend on lock_user */
2362 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
2363 return -1;
2364 memcpy(p, buf, l);
2365 unlock_user(p, addr, l);
2366 } else {
2367 if (!(flags & PAGE_READ))
2368 return -1;
2369 /* XXX: this code should not depend on lock_user */
2370 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
2371 return -1;
2372 memcpy(buf, p, l);
2373 unlock_user(p, addr, 0);
2374 }
2375 len -= l;
2376 buf += l;
2377 addr += l;
2378 }
2379 return 0;
2380 }
2381
2382 #else
2383
2384 static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
2385 hwaddr length)
2386 {
2387 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
2388 /* No early return if dirty_log_mask is or becomes 0, because
2389 * cpu_physical_memory_set_dirty_range will still call
2390 * xen_modified_memory.
2391 */
2392 if (dirty_log_mask) {
2393 dirty_log_mask =
2394 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2395 }
2396 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2397 tb_invalidate_phys_range(addr, addr + length);
2398 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
2399 }
2400 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
2401 }
2402
2403 static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
2404 {
2405 unsigned access_size_max = mr->ops->valid.max_access_size;
2406
2407 /* Regions are assumed to support 1-4 byte accesses unless
2408 otherwise specified. */
2409 if (access_size_max == 0) {
2410 access_size_max = 4;
2411 }
2412
2413 /* Bound the maximum access by the alignment of the address. */
2414 if (!mr->ops->impl.unaligned) {
2415 unsigned align_size_max = addr & -addr;
2416 if (align_size_max != 0 && align_size_max < access_size_max) {
2417 access_size_max = align_size_max;
2418 }
2419 }
2420
2421 /* Don't attempt accesses larger than the maximum. */
2422 if (l > access_size_max) {
2423 l = access_size_max;
2424 }
2425 l = pow2floor(l);
2426
2427 return l;
2428 }
2429
2430 static bool prepare_mmio_access(MemoryRegion *mr)
2431 {
2432 bool unlocked = !qemu_mutex_iothread_locked();
2433 bool release_lock = false;
2434
2435 if (unlocked && mr->global_locking) {
2436 qemu_mutex_lock_iothread();
2437 unlocked = false;
2438 release_lock = true;
2439 }
2440 if (mr->flush_coalesced_mmio) {
2441 if (unlocked) {
2442 qemu_mutex_lock_iothread();
2443 }
2444 qemu_flush_coalesced_mmio_buffer();
2445 if (unlocked) {
2446 qemu_mutex_unlock_iothread();
2447 }
2448 }
2449
2450 return release_lock;
2451 }
2452
2453 MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2454 uint8_t *buf, int len, bool is_write)
2455 {
2456 hwaddr l;
2457 uint8_t *ptr;
2458 uint64_t val;
2459 hwaddr addr1;
2460 MemoryRegion *mr;
2461 MemTxResult result = MEMTX_OK;
2462 bool release_lock = false;
2463
2464 rcu_read_lock();
2465 while (len > 0) {
2466 l = len;
2467 mr = address_space_translate(as, addr, &addr1, &l, is_write);
2468
2469 if (is_write) {
2470 if (!memory_access_is_direct(mr, is_write)) {
2471 release_lock |= prepare_mmio_access(mr);
2472 l = memory_access_size(mr, l, addr1);
2473 /* XXX: could force current_cpu to NULL to avoid
2474 potential bugs */
2475 switch (l) {
2476 case 8:
2477 /* 64 bit write access */
2478 val = ldq_p(buf);
2479 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2480 attrs);
2481 break;
2482 case 4:
2483 /* 32 bit write access */
2484 val = ldl_p(buf);
2485 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2486 attrs);
2487 break;
2488 case 2:
2489 /* 16 bit write access */
2490 val = lduw_p(buf);
2491 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2492 attrs);
2493 break;
2494 case 1:
2495 /* 8 bit write access */
2496 val = ldub_p(buf);
2497 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2498 attrs);
2499 break;
2500 default:
2501 abort();
2502 }
2503 } else {
2504 addr1 += memory_region_get_ram_addr(mr);
2505 /* RAM case */
2506 ptr = qemu_get_ram_ptr(addr1);
2507 memcpy(ptr, buf, l);
2508 invalidate_and_set_dirty(mr, addr1, l);
2509 }
2510 } else {
2511 if (!memory_access_is_direct(mr, is_write)) {
2512 /* I/O case */
2513 release_lock |= prepare_mmio_access(mr);
2514 l = memory_access_size(mr, l, addr1);
2515 switch (l) {
2516 case 8:
2517 /* 64 bit read access */
2518 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2519 attrs);
2520 stq_p(buf, val);
2521 break;
2522 case 4:
2523 /* 32 bit read access */
2524 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2525 attrs);
2526 stl_p(buf, val);
2527 break;
2528 case 2:
2529 /* 16 bit read access */
2530 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2531 attrs);
2532 stw_p(buf, val);
2533 break;
2534 case 1:
2535 /* 8 bit read access */
2536 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2537 attrs);
2538 stb_p(buf, val);
2539 break;
2540 default:
2541 abort();
2542 }
2543 } else {
2544 /* RAM case */
2545 ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
2546 memcpy(buf, ptr, l);
2547 }
2548 }
2549
2550 if (release_lock) {
2551 qemu_mutex_unlock_iothread();
2552 release_lock = false;
2553 }
2554
2555 len -= l;
2556 buf += l;
2557 addr += l;
2558 }
2559 rcu_read_unlock();
2560
2561 return result;
2562 }
2563
2564 MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2565 const uint8_t *buf, int len)
2566 {
2567 return address_space_rw(as, addr, attrs, (uint8_t *)buf, len, true);
2568 }
2569
2570 MemTxResult address_space_read(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2571 uint8_t *buf, int len)
2572 {
2573 return address_space_rw(as, addr, attrs, buf, len, false);
2574 }
2575
2576
2577 void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
2578 int len, int is_write)
2579 {
2580 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2581 buf, len, is_write);
2582 }
2583
2584 enum write_rom_type {
2585 WRITE_DATA,
2586 FLUSH_CACHE,
2587 };
2588
2589 static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
2590 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
2591 {
2592 hwaddr l;
2593 uint8_t *ptr;
2594 hwaddr addr1;
2595 MemoryRegion *mr;
2596
2597 rcu_read_lock();
2598 while (len > 0) {
2599 l = len;
2600 mr = address_space_translate(as, addr, &addr1, &l, true);
2601
2602 if (!(memory_region_is_ram(mr) ||
2603 memory_region_is_romd(mr))) {
2604 l = memory_access_size(mr, l, addr1);
2605 } else {
2606 addr1 += memory_region_get_ram_addr(mr);
2607 /* ROM/RAM case */
2608 ptr = qemu_get_ram_ptr(addr1);
2609 switch (type) {
2610 case WRITE_DATA:
2611 memcpy(ptr, buf, l);
2612 invalidate_and_set_dirty(mr, addr1, l);
2613 break;
2614 case FLUSH_CACHE:
2615 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2616 break;
2617 }
2618 }
2619 len -= l;
2620 buf += l;
2621 addr += l;
2622 }
2623 rcu_read_unlock();
2624 }
2625
2626 /* used for ROM loading : can write in RAM and ROM */
2627 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
2628 const uint8_t *buf, int len)
2629 {
2630 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
2631 }
2632
2633 void cpu_flush_icache_range(hwaddr start, int len)
2634 {
2635 /*
2636 * This function should do the same thing as an icache flush that was
2637 * triggered from within the guest. For TCG we are always cache coherent,
2638 * so there is no need to flush anything. For KVM / Xen we need to flush
2639 * the host's instruction cache at least.
2640 */
2641 if (tcg_enabled()) {
2642 return;
2643 }
2644
2645 cpu_physical_memory_write_rom_internal(&address_space_memory,
2646 start, NULL, len, FLUSH_CACHE);
2647 }
2648
2649 typedef struct {
2650 MemoryRegion *mr;
2651 void *buffer;
2652 hwaddr addr;
2653 hwaddr len;
2654 bool in_use;
2655 } BounceBuffer;
2656
2657 static BounceBuffer bounce;
2658
2659 typedef struct MapClient {
2660 QEMUBH *bh;
2661 QLIST_ENTRY(MapClient) link;
2662 } MapClient;
2663
2664 QemuMutex map_client_list_lock;
2665 static QLIST_HEAD(map_client_list, MapClient) map_client_list
2666 = QLIST_HEAD_INITIALIZER(map_client_list);
2667
2668 static void cpu_unregister_map_client_do(MapClient *client)
2669 {
2670 QLIST_REMOVE(client, link);
2671 g_free(client);
2672 }
2673
2674 static void cpu_notify_map_clients_locked(void)
2675 {
2676 MapClient *client;
2677
2678 while (!QLIST_EMPTY(&map_client_list)) {
2679 client = QLIST_FIRST(&map_client_list);
2680 qemu_bh_schedule(client->bh);
2681 cpu_unregister_map_client_do(client);
2682 }
2683 }
2684
2685 void cpu_register_map_client(QEMUBH *bh)
2686 {
2687 MapClient *client = g_malloc(sizeof(*client));
2688
2689 qemu_mutex_lock(&map_client_list_lock);
2690 client->bh = bh;
2691 QLIST_INSERT_HEAD(&map_client_list, client, link);
2692 if (!atomic_read(&bounce.in_use)) {
2693 cpu_notify_map_clients_locked();
2694 }
2695 qemu_mutex_unlock(&map_client_list_lock);
2696 }
2697
2698 void cpu_exec_init_all(void)
2699 {
2700 qemu_mutex_init(&ram_list.mutex);
2701 memory_map_init();
2702 io_mem_init();
2703 qemu_mutex_init(&map_client_list_lock);
2704 }
2705
2706 void cpu_unregister_map_client(QEMUBH *bh)
2707 {
2708 MapClient *client;
2709
2710 qemu_mutex_lock(&map_client_list_lock);
2711 QLIST_FOREACH(client, &map_client_list, link) {
2712 if (client->bh == bh) {
2713 cpu_unregister_map_client_do(client);
2714 break;
2715 }
2716 }
2717 qemu_mutex_unlock(&map_client_list_lock);
2718 }
2719
2720 static void cpu_notify_map_clients(void)
2721 {
2722 qemu_mutex_lock(&map_client_list_lock);
2723 cpu_notify_map_clients_locked();
2724 qemu_mutex_unlock(&map_client_list_lock);
2725 }
2726
2727 bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2728 {
2729 MemoryRegion *mr;
2730 hwaddr l, xlat;
2731
2732 rcu_read_lock();
2733 while (len > 0) {
2734 l = len;
2735 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2736 if (!memory_access_is_direct(mr, is_write)) {
2737 l = memory_access_size(mr, l, addr);
2738 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
2739 return false;
2740 }
2741 }
2742
2743 len -= l;
2744 addr += l;
2745 }
2746 rcu_read_unlock();
2747 return true;
2748 }
2749
2750 /* Map a physical memory region into a host virtual address.
2751 * May map a subset of the requested range, given by and returned in *plen.
2752 * May return NULL if resources needed to perform the mapping are exhausted.
2753 * Use only for reads OR writes - not for read-modify-write operations.
2754 * Use cpu_register_map_client() to know when retrying the map operation is
2755 * likely to succeed.
2756 */
2757 void *address_space_map(AddressSpace *as,
2758 hwaddr addr,
2759 hwaddr *plen,
2760 bool is_write)
2761 {
2762 hwaddr len = *plen;
2763 hwaddr done = 0;
2764 hwaddr l, xlat, base;
2765 MemoryRegion *mr, *this_mr;
2766 ram_addr_t raddr;
2767
2768 if (len == 0) {
2769 return NULL;
2770 }
2771
2772 l = len;
2773 rcu_read_lock();
2774 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2775
2776 if (!memory_access_is_direct(mr, is_write)) {
2777 if (atomic_xchg(&bounce.in_use, true)) {
2778 rcu_read_unlock();
2779 return NULL;
2780 }
2781 /* Avoid unbounded allocations */
2782 l = MIN(l, TARGET_PAGE_SIZE);
2783 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
2784 bounce.addr = addr;
2785 bounce.len = l;
2786
2787 memory_region_ref(mr);
2788 bounce.mr = mr;
2789 if (!is_write) {
2790 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2791 bounce.buffer, l);
2792 }
2793
2794 rcu_read_unlock();
2795 *plen = l;
2796 return bounce.buffer;
2797 }
2798
2799 base = xlat;
2800 raddr = memory_region_get_ram_addr(mr);
2801
2802 for (;;) {
2803 len -= l;
2804 addr += l;
2805 done += l;
2806 if (len == 0) {
2807 break;
2808 }
2809
2810 l = len;
2811 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2812 if (this_mr != mr || xlat != base + done) {
2813 break;
2814 }
2815 }
2816
2817 memory_region_ref(mr);
2818 rcu_read_unlock();
2819 *plen = done;
2820 return qemu_ram_ptr_length(raddr + base, plen);
2821 }
2822
2823 /* Unmaps a memory region previously mapped by address_space_map().
2824 * Will also mark the memory as dirty if is_write == 1. access_len gives
2825 * the amount of memory that was actually read or written by the caller.
2826 */
2827 void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2828 int is_write, hwaddr access_len)
2829 {
2830 if (buffer != bounce.buffer) {
2831 MemoryRegion *mr;
2832 ram_addr_t addr1;
2833
2834 mr = qemu_ram_addr_from_host(buffer, &addr1);
2835 assert(mr != NULL);
2836 if (is_write) {
2837 invalidate_and_set_dirty(mr, addr1, access_len);
2838 }
2839 if (xen_enabled()) {
2840 xen_invalidate_map_cache_entry(buffer);
2841 }
2842 memory_region_unref(mr);
2843 return;
2844 }
2845 if (is_write) {
2846 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2847 bounce.buffer, access_len);
2848 }
2849 qemu_vfree(bounce.buffer);
2850 bounce.buffer = NULL;
2851 memory_region_unref(bounce.mr);
2852 atomic_mb_set(&bounce.in_use, false);
2853 cpu_notify_map_clients();
2854 }
2855
2856 void *cpu_physical_memory_map(hwaddr addr,
2857 hwaddr *plen,
2858 int is_write)
2859 {
2860 return address_space_map(&address_space_memory, addr, plen, is_write);
2861 }
2862
2863 void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2864 int is_write, hwaddr access_len)
2865 {
2866 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2867 }
2868
2869 /* warning: addr must be aligned */
2870 static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
2871 MemTxAttrs attrs,
2872 MemTxResult *result,
2873 enum device_endian endian)
2874 {
2875 uint8_t *ptr;
2876 uint64_t val;
2877 MemoryRegion *mr;
2878 hwaddr l = 4;
2879 hwaddr addr1;
2880 MemTxResult r;
2881 bool release_lock = false;
2882
2883 rcu_read_lock();
2884 mr = address_space_translate(as, addr, &addr1, &l, false);
2885 if (l < 4 || !memory_access_is_direct(mr, false)) {
2886 release_lock |= prepare_mmio_access(mr);
2887
2888 /* I/O case */
2889 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
2890 #if defined(TARGET_WORDS_BIGENDIAN)
2891 if (endian == DEVICE_LITTLE_ENDIAN) {
2892 val = bswap32(val);
2893 }
2894 #else
2895 if (endian == DEVICE_BIG_ENDIAN) {
2896 val = bswap32(val);
2897 }
2898 #endif
2899 } else {
2900 /* RAM case */
2901 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2902 & TARGET_PAGE_MASK)
2903 + addr1);
2904 switch (endian) {
2905 case DEVICE_LITTLE_ENDIAN:
2906 val = ldl_le_p(ptr);
2907 break;
2908 case DEVICE_BIG_ENDIAN:
2909 val = ldl_be_p(ptr);
2910 break;
2911 default:
2912 val = ldl_p(ptr);
2913 break;
2914 }
2915 r = MEMTX_OK;
2916 }
2917 if (result) {
2918 *result = r;
2919 }
2920 if (release_lock) {
2921 qemu_mutex_unlock_iothread();
2922 }
2923 rcu_read_unlock();
2924 return val;
2925 }
2926
2927 uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
2928 MemTxAttrs attrs, MemTxResult *result)
2929 {
2930 return address_space_ldl_internal(as, addr, attrs, result,
2931 DEVICE_NATIVE_ENDIAN);
2932 }
2933
2934 uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
2935 MemTxAttrs attrs, MemTxResult *result)
2936 {
2937 return address_space_ldl_internal(as, addr, attrs, result,
2938 DEVICE_LITTLE_ENDIAN);
2939 }
2940
2941 uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
2942 MemTxAttrs attrs, MemTxResult *result)
2943 {
2944 return address_space_ldl_internal(as, addr, attrs, result,
2945 DEVICE_BIG_ENDIAN);
2946 }
2947
2948 uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
2949 {
2950 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2951 }
2952
2953 uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
2954 {
2955 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2956 }
2957
2958 uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
2959 {
2960 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
2961 }
2962
2963 /* warning: addr must be aligned */
2964 static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
2965 MemTxAttrs attrs,
2966 MemTxResult *result,
2967 enum device_endian endian)
2968 {
2969 uint8_t *ptr;
2970 uint64_t val;
2971 MemoryRegion *mr;
2972 hwaddr l = 8;
2973 hwaddr addr1;
2974 MemTxResult r;
2975 bool release_lock = false;
2976
2977 rcu_read_lock();
2978 mr = address_space_translate(as, addr, &addr1, &l,
2979 false);
2980 if (l < 8 || !memory_access_is_direct(mr, false)) {
2981 release_lock |= prepare_mmio_access(mr);
2982
2983 /* I/O case */
2984 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
2985 #if defined(TARGET_WORDS_BIGENDIAN)
2986 if (endian == DEVICE_LITTLE_ENDIAN) {
2987 val = bswap64(val);
2988 }
2989 #else
2990 if (endian == DEVICE_BIG_ENDIAN) {
2991 val = bswap64(val);
2992 }
2993 #endif
2994 } else {
2995 /* RAM case */
2996 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
2997 & TARGET_PAGE_MASK)
2998 + addr1);
2999 switch (endian) {
3000 case DEVICE_LITTLE_ENDIAN:
3001 val = ldq_le_p(ptr);
3002 break;
3003 case DEVICE_BIG_ENDIAN:
3004 val = ldq_be_p(ptr);
3005 break;
3006 default:
3007 val = ldq_p(ptr);
3008 break;
3009 }
3010 r = MEMTX_OK;
3011 }
3012 if (result) {
3013 *result = r;
3014 }
3015 if (release_lock) {
3016 qemu_mutex_unlock_iothread();
3017 }
3018 rcu_read_unlock();
3019 return val;
3020 }
3021
3022 uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3023 MemTxAttrs attrs, MemTxResult *result)
3024 {
3025 return address_space_ldq_internal(as, addr, attrs, result,
3026 DEVICE_NATIVE_ENDIAN);
3027 }
3028
3029 uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3030 MemTxAttrs attrs, MemTxResult *result)
3031 {
3032 return address_space_ldq_internal(as, addr, attrs, result,
3033 DEVICE_LITTLE_ENDIAN);
3034 }
3035
3036 uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3037 MemTxAttrs attrs, MemTxResult *result)
3038 {
3039 return address_space_ldq_internal(as, addr, attrs, result,
3040 DEVICE_BIG_ENDIAN);
3041 }
3042
3043 uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
3044 {
3045 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3046 }
3047
3048 uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
3049 {
3050 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3051 }
3052
3053 uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
3054 {
3055 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3056 }
3057
3058 /* XXX: optimize */
3059 uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3060 MemTxAttrs attrs, MemTxResult *result)
3061 {
3062 uint8_t val;
3063 MemTxResult r;
3064
3065 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3066 if (result) {
3067 *result = r;
3068 }
3069 return val;
3070 }
3071
3072 uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3073 {
3074 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3075 }
3076
3077 /* warning: addr must be aligned */
3078 static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3079 hwaddr addr,
3080 MemTxAttrs attrs,
3081 MemTxResult *result,
3082 enum device_endian endian)
3083 {
3084 uint8_t *ptr;
3085 uint64_t val;
3086 MemoryRegion *mr;
3087 hwaddr l = 2;
3088 hwaddr addr1;
3089 MemTxResult r;
3090 bool release_lock = false;
3091
3092 rcu_read_lock();
3093 mr = address_space_translate(as, addr, &addr1, &l,
3094 false);
3095 if (l < 2 || !memory_access_is_direct(mr, false)) {
3096 release_lock |= prepare_mmio_access(mr);
3097
3098 /* I/O case */
3099 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
3100 #if defined(TARGET_WORDS_BIGENDIAN)
3101 if (endian == DEVICE_LITTLE_ENDIAN) {
3102 val = bswap16(val);
3103 }
3104 #else
3105 if (endian == DEVICE_BIG_ENDIAN) {
3106 val = bswap16(val);
3107 }
3108 #endif
3109 } else {
3110 /* RAM case */
3111 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(mr)
3112 & TARGET_PAGE_MASK)
3113 + addr1);
3114 switch (endian) {
3115 case DEVICE_LITTLE_ENDIAN:
3116 val = lduw_le_p(ptr);
3117 break;
3118 case DEVICE_BIG_ENDIAN:
3119 val = lduw_be_p(ptr);
3120 break;
3121 default:
3122 val = lduw_p(ptr);
3123 break;
3124 }
3125 r = MEMTX_OK;
3126 }
3127 if (result) {
3128 *result = r;
3129 }
3130 if (release_lock) {
3131 qemu_mutex_unlock_iothread();
3132 }
3133 rcu_read_unlock();
3134 return val;
3135 }
3136
3137 uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3138 MemTxAttrs attrs, MemTxResult *result)
3139 {
3140 return address_space_lduw_internal(as, addr, attrs, result,
3141 DEVICE_NATIVE_ENDIAN);
3142 }
3143
3144 uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3145 MemTxAttrs attrs, MemTxResult *result)
3146 {
3147 return address_space_lduw_internal(as, addr, attrs, result,
3148 DEVICE_LITTLE_ENDIAN);
3149 }
3150
3151 uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3152 MemTxAttrs attrs, MemTxResult *result)
3153 {
3154 return address_space_lduw_internal(as, addr, attrs, result,
3155 DEVICE_BIG_ENDIAN);
3156 }
3157
3158 uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
3159 {
3160 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3161 }
3162
3163 uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
3164 {
3165 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3166 }
3167
3168 uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
3169 {
3170 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3171 }
3172
3173 /* warning: addr must be aligned. The ram page is not masked as dirty
3174 and the code inside is not invalidated. It is useful if the dirty
3175 bits are used to track modified PTEs */
3176 void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3177 MemTxAttrs attrs, MemTxResult *result)
3178 {
3179 uint8_t *ptr;
3180 MemoryRegion *mr;
3181 hwaddr l = 4;
3182 hwaddr addr1;
3183 MemTxResult r;
3184 uint8_t dirty_log_mask;
3185 bool release_lock = false;
3186
3187 rcu_read_lock();
3188 mr = address_space_translate(as, addr, &addr1, &l,
3189 true);
3190 if (l < 4 || !memory_access_is_direct(mr, true)) {
3191 release_lock |= prepare_mmio_access(mr);
3192
3193 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3194 } else {
3195 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3196 ptr = qemu_get_ram_ptr(addr1);
3197 stl_p(ptr, val);
3198
3199 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3200 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
3201 cpu_physical_memory_set_dirty_range(addr1, 4, dirty_log_mask);
3202 r = MEMTX_OK;
3203 }
3204 if (result) {
3205 *result = r;
3206 }
3207 if (release_lock) {
3208 qemu_mutex_unlock_iothread();
3209 }
3210 rcu_read_unlock();
3211 }
3212
3213 void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3214 {
3215 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3216 }
3217
3218 /* warning: addr must be aligned */
3219 static inline void address_space_stl_internal(AddressSpace *as,
3220 hwaddr addr, uint32_t val,
3221 MemTxAttrs attrs,
3222 MemTxResult *result,
3223 enum device_endian endian)
3224 {
3225 uint8_t *ptr;
3226 MemoryRegion *mr;
3227 hwaddr l = 4;
3228 hwaddr addr1;
3229 MemTxResult r;
3230 bool release_lock = false;
3231
3232 rcu_read_lock();
3233 mr = address_space_translate(as, addr, &addr1, &l,
3234 true);
3235 if (l < 4 || !memory_access_is_direct(mr, true)) {
3236 release_lock |= prepare_mmio_access(mr);
3237
3238 #if defined(TARGET_WORDS_BIGENDIAN)
3239 if (endian == DEVICE_LITTLE_ENDIAN) {
3240 val = bswap32(val);
3241 }
3242 #else
3243 if (endian == DEVICE_BIG_ENDIAN) {
3244 val = bswap32(val);
3245 }
3246 #endif
3247 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
3248 } else {
3249 /* RAM case */
3250 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3251 ptr = qemu_get_ram_ptr(addr1);
3252 switch (endian) {
3253 case DEVICE_LITTLE_ENDIAN:
3254 stl_le_p(ptr, val);
3255 break;
3256 case DEVICE_BIG_ENDIAN:
3257 stl_be_p(ptr, val);
3258 break;
3259 default:
3260 stl_p(ptr, val);
3261 break;
3262 }
3263 invalidate_and_set_dirty(mr, addr1, 4);
3264 r = MEMTX_OK;
3265 }
3266 if (result) {
3267 *result = r;
3268 }
3269 if (release_lock) {
3270 qemu_mutex_unlock_iothread();
3271 }
3272 rcu_read_unlock();
3273 }
3274
3275 void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3276 MemTxAttrs attrs, MemTxResult *result)
3277 {
3278 address_space_stl_internal(as, addr, val, attrs, result,
3279 DEVICE_NATIVE_ENDIAN);
3280 }
3281
3282 void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3283 MemTxAttrs attrs, MemTxResult *result)
3284 {
3285 address_space_stl_internal(as, addr, val, attrs, result,
3286 DEVICE_LITTLE_ENDIAN);
3287 }
3288
3289 void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3290 MemTxAttrs attrs, MemTxResult *result)
3291 {
3292 address_space_stl_internal(as, addr, val, attrs, result,
3293 DEVICE_BIG_ENDIAN);
3294 }
3295
3296 void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3297 {
3298 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3299 }
3300
3301 void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3302 {
3303 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3304 }
3305
3306 void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3307 {
3308 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3309 }
3310
3311 /* XXX: optimize */
3312 void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3313 MemTxAttrs attrs, MemTxResult *result)
3314 {
3315 uint8_t v = val;
3316 MemTxResult r;
3317
3318 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3319 if (result) {
3320 *result = r;
3321 }
3322 }
3323
3324 void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3325 {
3326 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3327 }
3328
3329 /* warning: addr must be aligned */
3330 static inline void address_space_stw_internal(AddressSpace *as,
3331 hwaddr addr, uint32_t val,
3332 MemTxAttrs attrs,
3333 MemTxResult *result,
3334 enum device_endian endian)
3335 {
3336 uint8_t *ptr;
3337 MemoryRegion *mr;
3338 hwaddr l = 2;
3339 hwaddr addr1;
3340 MemTxResult r;
3341 bool release_lock = false;
3342
3343 rcu_read_lock();
3344 mr = address_space_translate(as, addr, &addr1, &l, true);
3345 if (l < 2 || !memory_access_is_direct(mr, true)) {
3346 release_lock |= prepare_mmio_access(mr);
3347
3348 #if defined(TARGET_WORDS_BIGENDIAN)
3349 if (endian == DEVICE_LITTLE_ENDIAN) {
3350 val = bswap16(val);
3351 }
3352 #else
3353 if (endian == DEVICE_BIG_ENDIAN) {
3354 val = bswap16(val);
3355 }
3356 #endif
3357 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
3358 } else {
3359 /* RAM case */
3360 addr1 += memory_region_get_ram_addr(mr) & TARGET_PAGE_MASK;
3361 ptr = qemu_get_ram_ptr(addr1);
3362 switch (endian) {
3363 case DEVICE_LITTLE_ENDIAN:
3364 stw_le_p(ptr, val);
3365 break;
3366 case DEVICE_BIG_ENDIAN:
3367 stw_be_p(ptr, val);
3368 break;
3369 default:
3370 stw_p(ptr, val);
3371 break;
3372 }
3373 invalidate_and_set_dirty(mr, addr1, 2);
3374 r = MEMTX_OK;
3375 }
3376 if (result) {
3377 *result = r;
3378 }
3379 if (release_lock) {
3380 qemu_mutex_unlock_iothread();
3381 }
3382 rcu_read_unlock();
3383 }
3384
3385 void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3386 MemTxAttrs attrs, MemTxResult *result)
3387 {
3388 address_space_stw_internal(as, addr, val, attrs, result,
3389 DEVICE_NATIVE_ENDIAN);
3390 }
3391
3392 void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3393 MemTxAttrs attrs, MemTxResult *result)
3394 {
3395 address_space_stw_internal(as, addr, val, attrs, result,
3396 DEVICE_LITTLE_ENDIAN);
3397 }
3398
3399 void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3400 MemTxAttrs attrs, MemTxResult *result)
3401 {
3402 address_space_stw_internal(as, addr, val, attrs, result,
3403 DEVICE_BIG_ENDIAN);
3404 }
3405
3406 void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3407 {
3408 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3409 }
3410
3411 void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3412 {
3413 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3414 }
3415
3416 void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3417 {
3418 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3419 }
3420
3421 /* XXX: optimize */
3422 void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3423 MemTxAttrs attrs, MemTxResult *result)
3424 {
3425 MemTxResult r;
3426 val = tswap64(val);
3427 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3428 if (result) {
3429 *result = r;
3430 }
3431 }
3432
3433 void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3434 MemTxAttrs attrs, MemTxResult *result)
3435 {
3436 MemTxResult r;
3437 val = cpu_to_le64(val);
3438 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3439 if (result) {
3440 *result = r;
3441 }
3442 }
3443 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3444 MemTxAttrs attrs, MemTxResult *result)
3445 {
3446 MemTxResult r;
3447 val = cpu_to_be64(val);
3448 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3449 if (result) {
3450 *result = r;
3451 }
3452 }
3453
3454 void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3455 {
3456 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3457 }
3458
3459 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3460 {
3461 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3462 }
3463
3464 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3465 {
3466 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3467 }
3468
3469 /* virtual memory access for debug (includes writing to ROM) */
3470 int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
3471 uint8_t *buf, int len, int is_write)
3472 {
3473 int l;
3474 hwaddr phys_addr;
3475 target_ulong page;
3476
3477 while (len > 0) {
3478 page = addr & TARGET_PAGE_MASK;
3479 phys_addr = cpu_get_phys_page_debug(cpu, page);
3480 /* if no physical page mapped, return an error */
3481 if (phys_addr == -1)
3482 return -1;
3483 l = (page + TARGET_PAGE_SIZE) - addr;
3484 if (l > len)
3485 l = len;
3486 phys_addr += (addr & ~TARGET_PAGE_MASK);
3487 if (is_write) {
3488 cpu_physical_memory_write_rom(cpu->as, phys_addr, buf, l);
3489 } else {
3490 address_space_rw(cpu->as, phys_addr, MEMTXATTRS_UNSPECIFIED,
3491 buf, l, 0);
3492 }
3493 len -= l;
3494 buf += l;
3495 addr += l;
3496 }
3497 return 0;
3498 }
3499 #endif
3500
3501 /*
3502 * A helper function for the _utterly broken_ virtio device model to find out if
3503 * it's running on a big endian machine. Don't do this at home kids!
3504 */
3505 bool target_words_bigendian(void);
3506 bool target_words_bigendian(void)
3507 {
3508 #if defined(TARGET_WORDS_BIGENDIAN)
3509 return true;
3510 #else
3511 return false;
3512 #endif
3513 }
3514
3515 #ifndef CONFIG_USER_ONLY
3516 bool cpu_physical_memory_is_io(hwaddr phys_addr)
3517 {
3518 MemoryRegion*mr;
3519 hwaddr l = 1;
3520 bool res;
3521
3522 rcu_read_lock();
3523 mr = address_space_translate(&address_space_memory,
3524 phys_addr, &phys_addr, &l, false);
3525
3526 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3527 rcu_read_unlock();
3528 return res;
3529 }
3530
3531 int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
3532 {
3533 RAMBlock *block;
3534 int ret = 0;
3535
3536 rcu_read_lock();
3537 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
3538 ret = func(block->idstr, block->host, block->offset,
3539 block->used_length, opaque);
3540 if (ret) {
3541 break;
3542 }
3543 }
3544 rcu_read_unlock();
3545 return ret;
3546 }
3547 #endif
QEMU mirror