]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
virtio: decrement vq->inuse in virtqueue_discard()
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
5b6dd868 2 * Virtual page mapping
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
7b31bbc2 19#include "qemu/osdep.h"
da34e65c 20#include "qapi/error.h"
777872e5 21#ifndef _WIN32
d5a8f07c 22#endif
54936004 23
f348b6d1 24#include "qemu/cutils.h"
6180a181 25#include "cpu.h"
63c91552 26#include "exec/exec-all.h"
b67d9a52 27#include "tcg.h"
741da0d3 28#include "hw/qdev-core.h"
4485bd26 29#if !defined(CONFIG_USER_ONLY)
47c8ca53 30#include "hw/boards.h"
33c11879 31#include "hw/xen/xen.h"
4485bd26 32#endif
9c17d615 33#include "sysemu/kvm.h"
2ff3de68 34#include "sysemu/sysemu.h"
1de7afc9
PB		 35#include "qemu/timer.h"
36#include "qemu/config-file.h"
75a34036 37#include "qemu/error-report.h"
53a5960a 38#if defined(CONFIG_USER_ONLY)
a9c94277 39#include "qemu.h"
432d268c 40#else /* !CONFIG_USER_ONLY */
741da0d3
PB		 41#include "hw/hw.h"
42#include "exec/memory.h"
df43d49c 43#include "exec/ioport.h"
741da0d3
PB		 44#include "sysemu/dma.h"
45#include "exec/address-spaces.h"
9c17d615 46#include "sysemu/xen-mapcache.h"
6506e4f9 47#include "trace.h"
53a5960a 48#endif
0d6d3c87 49#include "exec/cpu-all.h"
0dc3f44a 50#include "qemu/rcu_queue.h"
4840f10e 51#include "qemu/main-loop.h"
5b6dd868 52#include "translate-all.h"
7615936e 53#include "sysemu/replay.h"
0cac1b66 54
022c62cb 55#include "exec/memory-internal.h"
220c3ebd 56#include "exec/ram_addr.h"
508127e2 57#include "exec/log.h"
67d95c15 58
9dfeca7c
BR		 59#include "migration/vmstate.h"
60
b35ba30f 61#include "qemu/range.h"
794e8f30
MT		 62#ifndef _WIN32
63#include "qemu/mmap-alloc.h"
64#endif
b35ba30f 65
db7b5426 66//#define DEBUG_SUBPAGE
1196be37 67
e2eef170 68#if !defined(CONFIG_USER_ONLY)
0dc3f44a
MD		 69/* ram_list is read under rcu_read_lock()/rcu_read_unlock(). Writes
70 * are protected by the ramlist lock.
71 */
0d53d9fe 72RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 73
74static MemoryRegion *system_memory;
309cb471 75static MemoryRegion *system_io;
62152b8a 76
f6790af6
AK		 77AddressSpace address_space_io;
78AddressSpace address_space_memory;
2673a5da 79
0844e007 80MemoryRegion io_mem_rom, io_mem_notdirty;
acc9d80b 81static MemoryRegion io_mem_unassigned;
0e0df1e2 82
7bd4f430
PB		 83/* RAM is pre-allocated and passed into qemu_ram_alloc_from_ptr */
84#define RAM_PREALLOC (1 << 0)
85
dbcb8981
PB		 86/* RAM is mmap-ed with MAP_SHARED */
87#define RAM_SHARED (1 << 1)
88
62be4e3a
MT		 89/* Only a portion of RAM (used_length) is actually used, and migrated.
90 * This used_length size can change across reboots.
91 */
92#define RAM_RESIZEABLE (1 << 2)
93
e2eef170 94#endif
9fa3e853 95
bdc44640 96struct CPUTailQ cpus = QTAILQ_HEAD_INITIALIZER(cpus);
6a00d601
FB		 97/* current CPU in the current thread. It is only valid inside
98 cpu_exec() */
f240eb6f 99__thread CPUState *current_cpu;
2e70f6ef 100/* 0 = Do not count executed instructions.
bf20dc07 101 1 = Precise instruction counting.
2e70f6ef 102 2 = Adaptive rate instruction counting. */
5708fc66 103int use_icount;
6a00d601 104
e2eef170 105#if !defined(CONFIG_USER_ONLY)
4346ae3e 106
1db8abb1
PB		 107typedef struct PhysPageEntry PhysPageEntry;
108
109struct PhysPageEntry {
9736e55b 110 /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */
8b795765 111 uint32_t skip : 6;
9736e55b 112 /* index into phys_sections (!skip) or phys_map_nodes (skip) */
8b795765 113 uint32_t ptr : 26;
1db8abb1
PB		 114};
115
8b795765
MT		 116#define PHYS_MAP_NODE_NIL (((uint32_t)~0) >> 6)
117
03f49957 118/* Size of the L2 (and L3, etc) page tables. */
57271d63 119#define ADDR_SPACE_BITS 64
03f49957 120
026736ce 121#define P_L2_BITS 9
03f49957
PB		 122#define P_L2_SIZE (1 << P_L2_BITS)
123
124#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1)
125
126typedef PhysPageEntry Node[P_L2_SIZE];
0475d94f 127
53cb28cb 128typedef struct PhysPageMap {
79e2b9ae
PB		 129 struct rcu_head rcu;
130
53cb28cb
MA		 131 unsigned sections_nb;
132 unsigned sections_nb_alloc;
133 unsigned nodes_nb;
134 unsigned nodes_nb_alloc;
135 Node *nodes;
136 MemoryRegionSection *sections;
137} PhysPageMap;
138
1db8abb1 139struct AddressSpaceDispatch {
79e2b9ae
PB		 140 struct rcu_head rcu;
141
729633c2 142 MemoryRegionSection *mru_section;
1db8abb1
PB		 143 /* This is a multi-level map on the physical address space.
144 * The bottom level has pointers to MemoryRegionSections.
145 */
146 PhysPageEntry phys_map;
53cb28cb 147 PhysPageMap map;
acc9d80b 148 AddressSpace *as;
1db8abb1
PB		 149};
150
90260c6c
JK		 151#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
152typedef struct subpage_t {
153 MemoryRegion iomem;
acc9d80b 154 AddressSpace *as;
90260c6c
JK		 155 hwaddr base;
156 uint16_t sub_section[TARGET_PAGE_SIZE];
157} subpage_t;
158
b41aac4f
LPF		 159#define PHYS_SECTION_UNASSIGNED 0
160#define PHYS_SECTION_NOTDIRTY 1
161#define PHYS_SECTION_ROM 2
162#define PHYS_SECTION_WATCH 3
5312bd8b 163
e2eef170 164static void io_mem_init(void);
62152b8a 165static void memory_map_init(void);
09daed84 166static void tcg_commit(MemoryListener *listener);
e2eef170 167
1ec9b909 168static MemoryRegion io_mem_watch;
32857f4d
PM		 169
170/**
171 * CPUAddressSpace: all the information a CPU needs about an AddressSpace
172 * @cpu: the CPU whose AddressSpace this is
173 * @as: the AddressSpace itself
174 * @memory_dispatch: its dispatch pointer (cached, RCU protected)
175 * @tcg_as_listener: listener for tracking changes to the AddressSpace
176 */
177struct CPUAddressSpace {
178 CPUState *cpu;
179 AddressSpace *as;
180 struct AddressSpaceDispatch *memory_dispatch;
181 MemoryListener tcg_as_listener;
182};
183
6658ffb8 184#endif
fd6ce8f6 185
6d9a1304 186#if !defined(CONFIG_USER_ONLY)
d6f2ea22 187
53cb28cb 188static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes)
d6f2ea22 189{
101420b8 190 static unsigned alloc_hint = 16;
53cb28cb 191 if (map->nodes_nb + nodes > map->nodes_nb_alloc) {
101420b8 192 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, alloc_hint);
53cb28cb
MA		 193 map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes);
194 map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc);
101420b8 195 alloc_hint = map->nodes_nb_alloc;
d6f2ea22 196 }
f7bf5461
AK		 197}
198
db94604b 199static uint32_t phys_map_node_alloc(PhysPageMap *map, bool leaf)
f7bf5461
AK		 200{
201 unsigned i;
8b795765 202 uint32_t ret;
db94604b
PB		 203 PhysPageEntry e;
204 PhysPageEntry *p;
f7bf5461 205
53cb28cb 206 ret = map->nodes_nb++;
db94604b 207 p = map->nodes[ret];
f7bf5461 208 assert(ret != PHYS_MAP_NODE_NIL);
53cb28cb 209 assert(ret != map->nodes_nb_alloc);
db94604b
PB		 210
211 e.skip = leaf ? 0 : 1;
212 e.ptr = leaf ? PHYS_SECTION_UNASSIGNED : PHYS_MAP_NODE_NIL;
03f49957 213 for (i = 0; i < P_L2_SIZE; ++i) {
db94604b 214 memcpy(&p[i], &e, sizeof(e));
d6f2ea22 215 }
f7bf5461 216 return ret;
d6f2ea22
AK		 217}
218
53cb28cb
MA		 219static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp,
220 hwaddr *index, hwaddr *nb, uint16_t leaf,
2999097b 221 int level)
f7bf5461
AK		 222{
223 PhysPageEntry *p;
03f49957 224 hwaddr step = (hwaddr)1 << (level * P_L2_BITS);
108c49b8 225
9736e55b 226 if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) {
db94604b 227 lp->ptr = phys_map_node_alloc(map, level == 0);
92e873b9 228 }
db94604b 229 p = map->nodes[lp->ptr];
03f49957 230 lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)];
f7bf5461 231
03f49957 232 while (*nb && lp < &p[P_L2_SIZE]) {
07f07b31 233 if ((*index & (step - 1)) == 0 && *nb >= step) {
9736e55b 234 lp->skip = 0;
c19e8800 235 lp->ptr = leaf;
07f07b31
AK		 236 *index += step;
237 *nb -= step;
2999097b 238 } else {
53cb28cb 239 phys_page_set_level(map, lp, index, nb, leaf, level - 1);
2999097b
AK		 240 }
241 ++lp;
f7bf5461
AK		 242 }
243}
244
ac1970fb 245static void phys_page_set(AddressSpaceDispatch *d,
a8170e5e 246 hwaddr index, hwaddr nb,
2999097b 247 uint16_t leaf)
f7bf5461 248{
2999097b 249 /* Wildly overreserve - it doesn't matter much. */
53cb28cb 250 phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS);
5cd2c5b6 251
53cb28cb 252 phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1);
92e873b9
FB		 253}
254
b35ba30f
MT		 255/* Compact a non leaf page entry. Simply detect that the entry has a single child,
256 * and update our entry so we can skip it and go directly to the destination.
257 */
258static void phys_page_compact(PhysPageEntry *lp, Node *nodes, unsigned long *compacted)
259{
260 unsigned valid_ptr = P_L2_SIZE;
261 int valid = 0;
262 PhysPageEntry *p;
263 int i;
264
265 if (lp->ptr == PHYS_MAP_NODE_NIL) {
266 return;
267 }
268
269 p = nodes[lp->ptr];
270 for (i = 0; i < P_L2_SIZE; i++) {
271 if (p[i].ptr == PHYS_MAP_NODE_NIL) {
272 continue;
273 }
274
275 valid_ptr = i;
276 valid++;
277 if (p[i].skip) {
278 phys_page_compact(&p[i], nodes, compacted);
279 }
280 }
281
282 /* We can only compress if there's only one child. */
283 if (valid != 1) {
284 return;
285 }
286
287 assert(valid_ptr < P_L2_SIZE);
288
289 /* Don't compress if it won't fit in the # of bits we have. */
290 if (lp->skip + p[valid_ptr].skip >= (1 << 3)) {
291 return;
292 }
293
294 lp->ptr = p[valid_ptr].ptr;
295 if (!p[valid_ptr].skip) {
296 /* If our only child is a leaf, make this a leaf. */
297 /* By design, we should have made this node a leaf to begin with so we
298 * should never reach here.
299 * But since it's so simple to handle this, let's do it just in case we
300 * change this rule.
301 */
302 lp->skip = 0;
303 } else {
304 lp->skip += p[valid_ptr].skip;
305 }
306}
307
308static void phys_page_compact_all(AddressSpaceDispatch *d, int nodes_nb)
309{
310 DECLARE_BITMAP(compacted, nodes_nb);
311
312 if (d->phys_map.skip) {
53cb28cb 313 phys_page_compact(&d->phys_map, d->map.nodes, compacted);
b35ba30f
MT		 314 }
315}
316
29cb533d
FZ		 317static inline bool section_covers_addr(const MemoryRegionSection *section,
318 hwaddr addr)
319{
320 /* Memory topology clips a memory region to [0, 2^64); size.hi > 0 means
321 * the section must cover the entire address space.
322 */
323 return section->size.hi ||
324 range_covers_byte(section->offset_within_address_space,
325 section->size.lo, addr);
326}
327
97115a8d 328static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr,
9affd6fc 329 Node *nodes, MemoryRegionSection *sections)
92e873b9 330{
31ab2b4a 331 PhysPageEntry *p;
97115a8d 332 hwaddr index = addr >> TARGET_PAGE_BITS;
31ab2b4a 333 int i;
f1f6e3b8 334
9736e55b 335 for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) {
c19e8800 336 if (lp.ptr == PHYS_MAP_NODE_NIL) {
9affd6fc 337 return &sections[PHYS_SECTION_UNASSIGNED];
31ab2b4a 338 }
9affd6fc 339 p = nodes[lp.ptr];
03f49957 340 lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)];
5312bd8b 341 }
b35ba30f 342
29cb533d 343 if (section_covers_addr(&sections[lp.ptr], addr)) {
b35ba30f
MT		 344 return &sections[lp.ptr];
345 } else {
346 return &sections[PHYS_SECTION_UNASSIGNED];
347 }
f3705d53
AK		 348}
349
e5548617
BS		 350bool memory_region_is_unassigned(MemoryRegion *mr)
351{
2a8e7499 352 return mr != &io_mem_rom && mr != &io_mem_notdirty && !mr->rom_device
5b6dd868 353 && mr != &io_mem_watch;
fd6ce8f6 354}
149f54b5 355
79e2b9ae 356/* Called from RCU critical section */
c7086b4a 357static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d,
90260c6c
JK		 358 hwaddr addr,
359 bool resolve_subpage)
9f029603 360{
729633c2 361 MemoryRegionSection *section = atomic_read(&d->mru_section);
90260c6c 362 subpage_t *subpage;
729633c2 363 bool update;
90260c6c 364
729633c2
FZ		 365 if (section && section != &d->map.sections[PHYS_SECTION_UNASSIGNED] &&
366 section_covers_addr(section, addr)) {
367 update = false;
368 } else {
369 section = phys_page_find(d->phys_map, addr, d->map.nodes,
370 d->map.sections);
371 update = true;
372 }
90260c6c
JK		 373 if (resolve_subpage && section->mr->subpage) {
374 subpage = container_of(section->mr, subpage_t, iomem);
53cb28cb 375 section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]];
90260c6c 376 }
729633c2
FZ		 377 if (update) {
378 atomic_set(&d->mru_section, section);
379 }
90260c6c 380 return section;
9f029603
JK		 381}
382
79e2b9ae 383/* Called from RCU critical section */
90260c6c 384static MemoryRegionSection *
c7086b4a 385address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *xlat,
90260c6c 386 hwaddr *plen, bool resolve_subpage)
149f54b5
PB		 387{
388 MemoryRegionSection *section;
965eb2fc 389 MemoryRegion *mr;
a87f3954 390 Int128 diff;
149f54b5 391
c7086b4a 392 section = address_space_lookup_region(d, addr, resolve_subpage);
149f54b5
PB		 393 /* Compute offset within MemoryRegionSection */
394 addr -= section->offset_within_address_space;
395
396 /* Compute offset within MemoryRegion */
397 *xlat = addr + section->offset_within_region;
398
965eb2fc 399 mr = section->mr;
b242e0e0
PB		 400
401 /* MMIO registers can be expected to perform full-width accesses based only
402 * on their address, without considering adjacent registers that could
403 * decode to completely different MemoryRegions. When such registers
404 * exist (e.g. I/O ports 0xcf8 and 0xcf9 on most PC chipsets), MMIO
405 * regions overlap wildly. For this reason we cannot clamp the accesses
406 * here.
407 *
408 * If the length is small (as is the case for address_space_ldl/stl),
409 * everything works fine. If the incoming length is large, however,
410 * the caller really has to do the clamping through memory_access_size.
411 */
965eb2fc 412 if (memory_region_is_ram(mr)) {
e4a511f8 413 diff = int128_sub(section->size, int128_make64(addr));
965eb2fc
PB		 414 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
415 }
149f54b5
PB		 416 return section;
417}
90260c6c 418
41063e1e 419/* Called from RCU critical section */
5c8a00ce
PB		 420MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr,
421 hwaddr *xlat, hwaddr *plen,
422 bool is_write)
90260c6c 423{
30951157
AK		 424 IOMMUTLBEntry iotlb;
425 MemoryRegionSection *section;
426 MemoryRegion *mr;
30951157
AK		 427
428 for (;;) {
79e2b9ae
PB		 429 AddressSpaceDispatch *d = atomic_rcu_read(&as->dispatch);
430 section = address_space_translate_internal(d, addr, &addr, plen, true);
30951157
AK		 431 mr = section->mr;
432
433 if (!mr->iommu_ops) {
434 break;
435 }
436
8d7b8cb9 437 iotlb = mr->iommu_ops->translate(mr, addr, is_write);
30951157
AK		 438 addr = ((iotlb.translated_addr & ~iotlb.addr_mask)
439 | (addr & iotlb.addr_mask));
23820dbf 440 *plen = MIN(*plen, (addr | iotlb.addr_mask) - addr + 1);
30951157
AK		 441 if (!(iotlb.perm & (1 << is_write))) {
442 mr = &io_mem_unassigned;
443 break;
444 }
445
446 as = iotlb.target_as;
447 }
448
fe680d0d 449 if (xen_enabled() && memory_access_is_direct(mr, is_write)) {
a87f3954 450 hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr;
23820dbf 451 *plen = MIN(page, *plen);
a87f3954
PB		 452 }
453
30951157
AK		 454 *xlat = addr;
455 return mr;
90260c6c
JK		 456}
457
79e2b9ae 458/* Called from RCU critical section */
90260c6c 459MemoryRegionSection *
d7898cda 460address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
9d82b5a7 461 hwaddr *xlat, hwaddr *plen)
90260c6c 462{
30951157 463 MemoryRegionSection *section;
d7898cda
PM		 464 AddressSpaceDispatch *d = cpu->cpu_ases[asidx].memory_dispatch;
465
466 section = address_space_translate_internal(d, addr, xlat, plen, false);
30951157
AK		 467
468 assert(!section->mr->iommu_ops);
469 return section;
90260c6c 470}
5b6dd868 471#endif
fd6ce8f6 472
b170fce3 473#if !defined(CONFIG_USER_ONLY)
5b6dd868
BS		 474
475static int cpu_common_post_load(void *opaque, int version_id)
fd6ce8f6 476{
259186a7 477 CPUState *cpu = opaque;
a513fe19 478
5b6dd868
BS		 479 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
480 version_id is increased. */
259186a7 481 cpu->interrupt_request &= ~0x01;
c01a71c1 482 tlb_flush(cpu, 1);
5b6dd868
BS		 483
484 return 0;
a513fe19 485}
7501267e 486
6c3bff0e
PD		 487static int cpu_common_pre_load(void *opaque)
488{
489 CPUState *cpu = opaque;
490
adee6424 491 cpu->exception_index = -1;
6c3bff0e
PD		 492
493 return 0;
494}
495
496static bool cpu_common_exception_index_needed(void *opaque)
497{
498 CPUState *cpu = opaque;
499
adee6424 500 return tcg_enabled() && cpu->exception_index != -1;
6c3bff0e
PD		 501}
502
503static const VMStateDescription vmstate_cpu_common_exception_index = {
504 .name = "cpu_common/exception_index",
505 .version_id = 1,
506 .minimum_version_id = 1,
5cd8cada 507 .needed = cpu_common_exception_index_needed,
6c3bff0e
PD		 508 .fields = (VMStateField[]) {
509 VMSTATE_INT32(exception_index, CPUState),
510 VMSTATE_END_OF_LIST()
511 }
512};
513
bac05aa9
AS		 514static bool cpu_common_crash_occurred_needed(void *opaque)
515{
516 CPUState *cpu = opaque;
517
518 return cpu->crash_occurred;
519}
520
521static const VMStateDescription vmstate_cpu_common_crash_occurred = {
522 .name = "cpu_common/crash_occurred",
523 .version_id = 1,
524 .minimum_version_id = 1,
525 .needed = cpu_common_crash_occurred_needed,
526 .fields = (VMStateField[]) {
527 VMSTATE_BOOL(crash_occurred, CPUState),
528 VMSTATE_END_OF_LIST()
529 }
530};
531
1a1562f5 532const VMStateDescription vmstate_cpu_common = {
5b6dd868
BS		 533 .name = "cpu_common",
534 .version_id = 1,
535 .minimum_version_id = 1,
6c3bff0e 536 .pre_load = cpu_common_pre_load,
5b6dd868 537 .post_load = cpu_common_post_load,
35d08458 538 .fields = (VMStateField[]) {
259186a7
AF		 539 VMSTATE_UINT32(halted, CPUState),
540 VMSTATE_UINT32(interrupt_request, CPUState),
5b6dd868 541 VMSTATE_END_OF_LIST()
6c3bff0e 542 },
5cd8cada
JQ		 543 .subsections = (const VMStateDescription*[]) {
544 &vmstate_cpu_common_exception_index,
bac05aa9 545 &vmstate_cpu_common_crash_occurred,
5cd8cada 546 NULL
5b6dd868
BS		 547 }
548};
1a1562f5 549
5b6dd868 550#endif
ea041c0e 551
38d8f5c8 552CPUState *qemu_get_cpu(int index)
ea041c0e 553{
bdc44640 554 CPUState *cpu;
ea041c0e 555
bdc44640 556 CPU_FOREACH(cpu) {
55e5c285 557 if (cpu->cpu_index == index) {
bdc44640 558 return cpu;
55e5c285 559 }
ea041c0e 560 }
5b6dd868 561
bdc44640 562 return NULL;
ea041c0e
FB		 563}
564
09daed84 565#if !defined(CONFIG_USER_ONLY)
56943e8c 566void cpu_address_space_init(CPUState *cpu, AddressSpace *as, int asidx)
09daed84 567{
12ebc9a7
PM		 568 CPUAddressSpace *newas;
569
570 /* Target code should have set num_ases before calling us */
571 assert(asidx < cpu->num_ases);
572
56943e8c
PM		 573 if (asidx == 0) {
574 /* address space 0 gets the convenience alias */
575 cpu->as = as;
576 }
577
12ebc9a7
PM		 578 /* KVM cannot currently support multiple address spaces. */
579 assert(asidx == 0 || !kvm_enabled());
09daed84 580
12ebc9a7
PM		 581 if (!cpu->cpu_ases) {
582 cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
09daed84 583 }
32857f4d 584
12ebc9a7
PM		 585 newas = &cpu->cpu_ases[asidx];
586 newas->cpu = cpu;
587 newas->as = as;
56943e8c 588 if (tcg_enabled()) {
12ebc9a7
PM		 589 newas->tcg_as_listener.commit = tcg_commit;
590 memory_listener_register(&newas->tcg_as_listener, as);
56943e8c 591 }
09daed84 592}
651a5bc0
PM		 593
594AddressSpace *cpu_get_address_space(CPUState *cpu, int asidx)
595{
596 /* Return the AddressSpace corresponding to the specified index */
597 return cpu->cpu_ases[asidx].as;
598}
09daed84
EI		 599#endif
600
a07f953e 601static int cpu_get_free_index(void)
b7bca733
BR		 602{
603 CPUState *some_cpu;
604 int cpu_index = 0;
605
606 CPU_FOREACH(some_cpu) {
607 cpu_index++;
608 }
609 return cpu_index;
610}
611
1c59eb39
BR		 612void cpu_exec_exit(CPUState *cpu)
613{
9dfeca7c
BR		 614 CPUClass *cc = CPU_GET_CLASS(cpu);
615
1c59eb39 616 cpu_list_lock();
8b1b8350
IM		 617 if (cpu->node.tqe_prev == NULL) {
618 /* there is nothing to undo since cpu_exec_init() hasn't been called */
1c59eb39 619 cpu_list_unlock();
1c59eb39
BR		 620 return;
621 }
622
623 QTAILQ_REMOVE(&cpus, cpu, node);
8b1b8350 624 cpu->node.tqe_prev = NULL;
a07f953e 625 cpu->cpu_index = UNASSIGNED_CPU_INDEX;
1c59eb39 626 cpu_list_unlock();
9dfeca7c
BR		 627
628 if (cc->vmsd != NULL) {
629 vmstate_unregister(NULL, cc->vmsd, cpu);
630 }
631 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
632 vmstate_unregister(NULL, &vmstate_cpu_common, cpu);
633 }
1c59eb39
BR		 634}
635
4bad9e39 636void cpu_exec_init(CPUState *cpu, Error **errp)
ea041c0e 637{
1bc7e522 638 CPUClass *cc ATTRIBUTE_UNUSED = CPU_GET_CLASS(cpu);
a07f953e 639 Error *local_err ATTRIBUTE_UNUSED = NULL;
5b6dd868 640
56943e8c 641 cpu->as = NULL;
12ebc9a7 642 cpu->num_ases = 0;
56943e8c 643
291135b5 644#ifndef CONFIG_USER_ONLY
291135b5 645 cpu->thread_id = qemu_get_thread_id();
6731d864
PC		 646
647 /* This is a softmmu CPU object, so create a property for it
648 * so users can wire up its memory. (This can't go in qom/cpu.c
649 * because that file is compiled only once for both user-mode
650 * and system builds.) The default if no link is set up is to use
651 * the system address space.
652 */
653 object_property_add_link(OBJECT(cpu), "memory", TYPE_MEMORY_REGION,
654 (Object **)&cpu->memory,
655 qdev_prop_allow_set_link_before_realize,
656 OBJ_PROP_LINK_UNREF_ON_RELEASE,
657 &error_abort);
658 cpu->memory = system_memory;
659 object_ref(OBJECT(cpu->memory));
291135b5
EH		 660#endif
661
5b6dd868 662 cpu_list_lock();
a07f953e
IM		 663 if (cpu->cpu_index == UNASSIGNED_CPU_INDEX) {
664 cpu->cpu_index = cpu_get_free_index();
665 assert(cpu->cpu_index != UNASSIGNED_CPU_INDEX);
5b6dd868 666 }
bdc44640 667 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
5b6dd868 668 cpu_list_unlock();
1bc7e522
IM		 669
670#ifndef CONFIG_USER_ONLY
e0d47944 671 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
741da0d3 672 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
e0d47944 673 }
b170fce3 674 if (cc->vmsd != NULL) {
741da0d3 675 vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
b170fce3 676 }
741da0d3 677#endif
ea041c0e
FB		 678}
679
94df27fd 680#if defined(CONFIG_USER_ONLY)
00b941e5 681static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
94df27fd
PB		 682{
683 tb_invalidate_phys_page_range(pc, pc + 1, 0);
684}
685#else
00b941e5 686static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
1e7855a5 687{
5232e4c7
PM		 688 MemTxAttrs attrs;
689 hwaddr phys = cpu_get_phys_page_attrs_debug(cpu, pc, &attrs);
690 int asidx = cpu_asidx_from_attrs(cpu, attrs);
e8262a1b 691 if (phys != -1) {
5232e4c7 692 tb_invalidate_phys_addr(cpu->cpu_ases[asidx].as,
29d8ec7b 693 phys | (pc & ~TARGET_PAGE_MASK));
e8262a1b 694 }
1e7855a5 695}
c27004ec 696#endif
d720b93d 697
c527ee8f 698#if defined(CONFIG_USER_ONLY)
75a34036 699void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
c527ee8f
PB		 700
701{
702}
703
3ee887e8
PM		 704int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
705 int flags)
706{
707 return -ENOSYS;
708}
709
710void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
711{
712}
713
75a34036 714int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
c527ee8f
PB		 715 int flags, CPUWatchpoint **watchpoint)
716{
717 return -ENOSYS;
718}
719#else
6658ffb8 720/* Add a watchpoint. */
75a34036 721int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 722 int flags, CPUWatchpoint **watchpoint)
6658ffb8 723{
c0ce998e 724 CPUWatchpoint *wp;
6658ffb8 725
05068c0d 726 /* forbid ranges which are empty or run off the end of the address space */
07e2863d 727 if (len == 0 || (addr + len - 1) < addr) {
75a34036
AF		 728 error_report("tried to set invalid watchpoint at %"
729 VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
b4051334
AL		 730 return -EINVAL;
731 }
7267c094 732 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 733
734 wp->vaddr = addr;
05068c0d 735 wp->len = len;
a1d1bb31
AL		 736 wp->flags = flags;
737
2dc9f411 738 /* keep all GDB-injected watchpoints in front */
ff4700b0
AF		 739 if (flags & BP_GDB) {
740 QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
741 } else {
742 QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
743 }
6658ffb8 744
31b030d4 745 tlb_flush_page(cpu, addr);
a1d1bb31
AL		 746
747 if (watchpoint)
748 *watchpoint = wp;
749 return 0;
6658ffb8
PB		 750}
751
a1d1bb31 752/* Remove a specific watchpoint. */
75a34036 753int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
a1d1bb31 754 int flags)
6658ffb8 755{
a1d1bb31 756 CPUWatchpoint *wp;
6658ffb8 757
ff4700b0 758 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 759 if (addr == wp->vaddr && len == wp->len
6e140f28 760 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
75a34036 761 cpu_watchpoint_remove_by_ref(cpu, wp);
6658ffb8
PB		 762 return 0;
763 }
764 }
a1d1bb31 765 return -ENOENT;
6658ffb8
PB		 766}
767
a1d1bb31 768/* Remove a specific watchpoint by reference. */
75a34036 769void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
a1d1bb31 770{
ff4700b0 771 QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
7d03f82f 772
31b030d4 773 tlb_flush_page(cpu, watchpoint->vaddr);
a1d1bb31 774
7267c094 775 g_free(watchpoint);
a1d1bb31
AL		 776}
777
778/* Remove all matching watchpoints. */
75a34036 779void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 780{
c0ce998e 781 CPUWatchpoint *wp, *next;
a1d1bb31 782
ff4700b0 783 QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
75a34036
AF		 784 if (wp->flags & mask) {
785 cpu_watchpoint_remove_by_ref(cpu, wp);
786 }
c0ce998e 787 }
7d03f82f 788}
05068c0d
PM		 789
790/* Return true if this watchpoint address matches the specified
791 * access (ie the address range covered by the watchpoint overlaps
792 * partially or completely with the address range covered by the
793 * access).
794 */
795static inline bool cpu_watchpoint_address_matches(CPUWatchpoint *wp,
796 vaddr addr,
797 vaddr len)
798{
799 /* We know the lengths are non-zero, but a little caution is
800 * required to avoid errors in the case where the range ends
801 * exactly at the top of the address space and so addr + len
802 * wraps round to zero.
803 */
804 vaddr wpend = wp->vaddr + wp->len - 1;
805 vaddr addrend = addr + len - 1;
806
807 return !(addr > wpend || wp->vaddr > addrend);
808}
809
c527ee8f 810#endif
7d03f82f 811
a1d1bb31 812/* Add a breakpoint. */
b3310ab3 813int cpu_breakpoint_insert(CPUState *cpu, vaddr pc, int flags,
a1d1bb31 814 CPUBreakpoint **breakpoint)
4c3a88a2 815{
c0ce998e 816 CPUBreakpoint *bp;
3b46e624 817
7267c094 818 bp = g_malloc(sizeof(*bp));
4c3a88a2 819
a1d1bb31
AL		 820 bp->pc = pc;
821 bp->flags = flags;
822
2dc9f411 823 /* keep all GDB-injected breakpoints in front */
00b941e5 824 if (flags & BP_GDB) {
f0c3c505 825 QTAILQ_INSERT_HEAD(&cpu->breakpoints, bp, entry);
00b941e5 826 } else {
f0c3c505 827 QTAILQ_INSERT_TAIL(&cpu->breakpoints, bp, entry);
00b941e5 828 }
3b46e624 829
f0c3c505 830 breakpoint_invalidate(cpu, pc);
a1d1bb31 831
00b941e5 832 if (breakpoint) {
a1d1bb31 833 *breakpoint = bp;
00b941e5 834 }
4c3a88a2 835 return 0;
4c3a88a2
FB		 836}
837
a1d1bb31 838/* Remove a specific breakpoint. */
b3310ab3 839int cpu_breakpoint_remove(CPUState *cpu, vaddr pc, int flags)
a1d1bb31 840{
a1d1bb31
AL		 841 CPUBreakpoint *bp;
842
f0c3c505 843 QTAILQ_FOREACH(bp, &cpu->breakpoints, entry) {
a1d1bb31 844 if (bp->pc == pc && bp->flags == flags) {
b3310ab3 845 cpu_breakpoint_remove_by_ref(cpu, bp);
a1d1bb31
AL		 846 return 0;
847 }
7d03f82f 848 }
a1d1bb31 849 return -ENOENT;
7d03f82f
EI		 850}
851
a1d1bb31 852/* Remove a specific breakpoint by reference. */
b3310ab3 853void cpu_breakpoint_remove_by_ref(CPUState *cpu, CPUBreakpoint *breakpoint)
4c3a88a2 854{
f0c3c505
AF		 855 QTAILQ_REMOVE(&cpu->breakpoints, breakpoint, entry);
856
857 breakpoint_invalidate(cpu, breakpoint->pc);
a1d1bb31 858
7267c094 859 g_free(breakpoint);
a1d1bb31
AL		 860}
861
862/* Remove all matching breakpoints. */
b3310ab3 863void cpu_breakpoint_remove_all(CPUState *cpu, int mask)
a1d1bb31 864{
c0ce998e 865 CPUBreakpoint *bp, *next;
a1d1bb31 866
f0c3c505 867 QTAILQ_FOREACH_SAFE(bp, &cpu->breakpoints, entry, next) {
b3310ab3
AF		 868 if (bp->flags & mask) {
869 cpu_breakpoint_remove_by_ref(cpu, bp);
870 }
c0ce998e 871 }
4c3a88a2
FB		 872}
873
c33a346e
FB		 874/* enable or disable single step mode. EXCP_DEBUG is returned by the
875 CPU loop after each instruction */
3825b28f 876void cpu_single_step(CPUState *cpu, int enabled)
c33a346e 877{
ed2803da
AF		 878 if (cpu->singlestep_enabled != enabled) {
879 cpu->singlestep_enabled = enabled;
880 if (kvm_enabled()) {
38e478ec 881 kvm_update_guest_debug(cpu, 0);
ed2803da 882 } else {
ccbb4d44 883 /* must flush all the translated code to avoid inconsistencies */
e22a25c9 884 /* XXX: only flush what is necessary */
bbd77c18 885 tb_flush(cpu);
e22a25c9 886 }
c33a346e 887 }
c33a346e
FB		 888}
889
a47dddd7 890void cpu_abort(CPUState *cpu, const char *fmt, ...)
7501267e
FB		 891{
892 va_list ap;
493ae1f0 893 va_list ap2;
7501267e
FB		 894
895 va_start(ap, fmt);
493ae1f0 896 va_copy(ap2, ap);
7501267e
FB		 897 fprintf(stderr, "qemu: fatal: ");
898 vfprintf(stderr, fmt, ap);
899 fprintf(stderr, "\n");
878096ee 900 cpu_dump_state(cpu, stderr, fprintf, CPU_DUMP_FPU | CPU_DUMP_CCOP);
013a2942 901 if (qemu_log_separate()) {
93fcfe39
AL		 902 qemu_log("qemu: fatal: ");
903 qemu_log_vprintf(fmt, ap2);
904 qemu_log("\n");
a0762859 905 log_cpu_state(cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
31b1a7b4 906 qemu_log_flush();
93fcfe39 907 qemu_log_close();
924edcae 908 }
493ae1f0 909 va_end(ap2);
f9373291 910 va_end(ap);
7615936e 911 replay_finish();
fd052bf6
RV		 912#if defined(CONFIG_USER_ONLY)
913 {
914 struct sigaction act;
915 sigfillset(&act.sa_mask);
916 act.sa_handler = SIG_DFL;
917 sigaction(SIGABRT, &act, NULL);
918 }
919#endif
7501267e
FB		 920 abort();
921}
922
0124311e 923#if !defined(CONFIG_USER_ONLY)
0dc3f44a 924/* Called from RCU critical section */
041603fe
PB		 925static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
926{
927 RAMBlock *block;
928
43771539 929 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 930 if (block && addr - block->offset < block->max_length) {
68851b98 931 return block;
041603fe 932 }
0dc3f44a 933 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
9b8424d5 934 if (addr - block->offset < block->max_length) {
041603fe
PB		 935 goto found;
936 }
937 }
938
939 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
940 abort();
941
942found:
43771539
PB		 943 /* It is safe to write mru_block outside the iothread lock. This
944 * is what happens:
945 *
946 * mru_block = xxx
947 * rcu_read_unlock()
948 * xxx removed from list
949 * rcu_read_lock()
950 * read mru_block
951 * mru_block = NULL;
952 * call_rcu(reclaim_ramblock, xxx);
953 * rcu_read_unlock()
954 *
955 * atomic_rcu_set is not needed here. The block was already published
956 * when it was placed into the list. Here we're just making an extra
957 * copy of the pointer.
958 */
041603fe
PB		 959 ram_list.mru_block = block;
960 return block;
961}
962
a2f4d5be 963static void tlb_reset_dirty_range_all(ram_addr_t start, ram_addr_t length)
d24981d3 964{
9a13565d 965 CPUState *cpu;
041603fe 966 ram_addr_t start1;
a2f4d5be
JQ		 967 RAMBlock *block;
968 ram_addr_t end;
969
970 end = TARGET_PAGE_ALIGN(start + length);
971 start &= TARGET_PAGE_MASK;
d24981d3 972
0dc3f44a 973 rcu_read_lock();
041603fe
PB		 974 block = qemu_get_ram_block(start);
975 assert(block == qemu_get_ram_block(end - 1));
1240be24 976 start1 = (uintptr_t)ramblock_ptr(block, start - block->offset);
9a13565d
PC		 977 CPU_FOREACH(cpu) {
978 tlb_reset_dirty(cpu, start1, length);
979 }
0dc3f44a 980 rcu_read_unlock();
d24981d3
JQ		 981}
982
5579c7f3 983/* Note: start and end must be within the same ram block. */
03eebc9e
SH		 984bool cpu_physical_memory_test_and_clear_dirty(ram_addr_t start,
985 ram_addr_t length,
986 unsigned client)
1ccde1cb 987{
5b82b703 988 DirtyMemoryBlocks *blocks;
03eebc9e 989 unsigned long end, page;
5b82b703 990 bool dirty = false;
03eebc9e
SH		 991
992 if (length == 0) {
993 return false;
994 }
f23db169 995
03eebc9e
SH		 996 end = TARGET_PAGE_ALIGN(start + length) >> TARGET_PAGE_BITS;
997 page = start >> TARGET_PAGE_BITS;
5b82b703
SH		 998
999 rcu_read_lock();
1000
1001 blocks = atomic_rcu_read(&ram_list.dirty_memory[client]);
1002
1003 while (page < end) {
1004 unsigned long idx = page / DIRTY_MEMORY_BLOCK_SIZE;
1005 unsigned long offset = page % DIRTY_MEMORY_BLOCK_SIZE;
1006 unsigned long num = MIN(end - page, DIRTY_MEMORY_BLOCK_SIZE - offset);
1007
1008 dirty |= bitmap_test_and_clear_atomic(blocks->blocks[idx],
1009 offset, num);
1010 page += num;
1011 }
1012
1013 rcu_read_unlock();
03eebc9e
SH		 1014
1015 if (dirty && tcg_enabled()) {
a2f4d5be 1016 tlb_reset_dirty_range_all(start, length);
5579c7f3 1017 }
03eebc9e
SH		 1018
1019 return dirty;
1ccde1cb
FB		 1020}
1021
79e2b9ae 1022/* Called from RCU critical section */
bb0e627a 1023hwaddr memory_region_section_get_iotlb(CPUState *cpu,
149f54b5
PB		 1024 MemoryRegionSection *section,
1025 target_ulong vaddr,
1026 hwaddr paddr, hwaddr xlat,
1027 int prot,
1028 target_ulong *address)
e5548617 1029{
a8170e5e 1030 hwaddr iotlb;
e5548617
BS		 1031 CPUWatchpoint *wp;
1032
cc5bea60 1033 if (memory_region_is_ram(section->mr)) {
e5548617 1034 /* Normal RAM. */
e4e69794 1035 iotlb = memory_region_get_ram_addr(section->mr) + xlat;
e5548617 1036 if (!section->readonly) {
b41aac4f 1037 iotlb |= PHYS_SECTION_NOTDIRTY;
e5548617 1038 } else {
b41aac4f 1039 iotlb |= PHYS_SECTION_ROM;
e5548617
BS		 1040 }
1041 } else {
0b8e2c10
PM		 1042 AddressSpaceDispatch *d;
1043
1044 d = atomic_rcu_read(&section->address_space->dispatch);
1045 iotlb = section - d->map.sections;
149f54b5 1046 iotlb += xlat;
e5548617
BS		 1047 }
1048
1049 /* Make accesses to pages with watchpoints go via the
1050 watchpoint trap routines. */
ff4700b0 1051 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d 1052 if (cpu_watchpoint_address_matches(wp, vaddr, TARGET_PAGE_SIZE)) {
e5548617
BS		 1053 /* Avoid trapping reads of pages with a write breakpoint. */
1054 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
b41aac4f 1055 iotlb = PHYS_SECTION_WATCH + paddr;
e5548617
BS		 1056 *address |= TLB_MMIO;
1057 break;
1058 }
1059 }
1060 }
1061
1062 return iotlb;
1063}
9fa3e853
FB		 1064#endif /* defined(CONFIG_USER_ONLY) */
1065
e2eef170 1066#if !defined(CONFIG_USER_ONLY)
8da3ff18 1067
c227f099 1068static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 1069 uint16_t section);
acc9d80b 1070static subpage_t *subpage_init(AddressSpace *as, hwaddr base);
54688b1e 1071
a2b257d6
IM		 1072static void *(*phys_mem_alloc)(size_t size, uint64_t *align) =
1073 qemu_anon_ram_alloc;
91138037
MA		 1074
1075/*
1076 * Set a custom physical guest memory alloator.
1077 * Accelerators with unusual needs may need this. Hopefully, we can
1078 * get rid of it eventually.
1079 */
a2b257d6 1080void phys_mem_set_alloc(void *(*alloc)(size_t, uint64_t *align))
91138037
MA		 1081{
1082 phys_mem_alloc = alloc;
1083}
1084
53cb28cb
MA		 1085static uint16_t phys_section_add(PhysPageMap *map,
1086 MemoryRegionSection *section)
5312bd8b 1087{
68f3f65b
PB		 1088 /* The physical section number is ORed with a page-aligned
1089 * pointer to produce the iotlb entries. Thus it should
1090 * never overflow into the page-aligned value.
1091 */
53cb28cb 1092 assert(map->sections_nb < TARGET_PAGE_SIZE);
68f3f65b 1093
53cb28cb
MA		 1094 if (map->sections_nb == map->sections_nb_alloc) {
1095 map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16);
1096 map->sections = g_renew(MemoryRegionSection, map->sections,
1097 map->sections_nb_alloc);
5312bd8b 1098 }
53cb28cb 1099 map->sections[map->sections_nb] = *section;
dfde4e6e 1100 memory_region_ref(section->mr);
53cb28cb 1101 return map->sections_nb++;
5312bd8b
AK		 1102}
1103
058bc4b5
PB		 1104static void phys_section_destroy(MemoryRegion *mr)
1105{
55b4e80b
DS		 1106 bool have_sub_page = mr->subpage;
1107
dfde4e6e
PB		 1108 memory_region_unref(mr);
1109
55b4e80b 1110 if (have_sub_page) {
058bc4b5 1111 subpage_t *subpage = container_of(mr, subpage_t, iomem);
b4fefef9 1112 object_unref(OBJECT(&subpage->iomem));
058bc4b5
PB		 1113 g_free(subpage);
1114 }
1115}
1116
6092666e 1117static void phys_sections_free(PhysPageMap *map)
5312bd8b 1118{
9affd6fc
PB		 1119 while (map->sections_nb > 0) {
1120 MemoryRegionSection *section = &map->sections[--map->sections_nb];
058bc4b5
PB		 1121 phys_section_destroy(section->mr);
1122 }
9affd6fc
PB		 1123 g_free(map->sections);
1124 g_free(map->nodes);
5312bd8b
AK		 1125}
1126
ac1970fb 1127static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section)
0f0cb164
AK		 1128{
1129 subpage_t *subpage;
a8170e5e 1130 hwaddr base = section->offset_within_address_space
0f0cb164 1131 & TARGET_PAGE_MASK;
97115a8d 1132 MemoryRegionSection *existing = phys_page_find(d->phys_map, base,
53cb28cb 1133 d->map.nodes, d->map.sections);
0f0cb164
AK		 1134 MemoryRegionSection subsection = {
1135 .offset_within_address_space = base,
052e87b0 1136 .size = int128_make64(TARGET_PAGE_SIZE),
0f0cb164 1137 };
a8170e5e 1138 hwaddr start, end;
0f0cb164 1139
f3705d53 1140 assert(existing->mr->subpage || existing->mr == &io_mem_unassigned);
0f0cb164 1141
f3705d53 1142 if (!(existing->mr->subpage)) {
acc9d80b 1143 subpage = subpage_init(d->as, base);
3be91e86 1144 subsection.address_space = d->as;
0f0cb164 1145 subsection.mr = &subpage->iomem;
ac1970fb 1146 phys_page_set(d, base >> TARGET_PAGE_BITS, 1,
53cb28cb 1147 phys_section_add(&d->map, &subsection));
0f0cb164 1148 } else {
f3705d53 1149 subpage = container_of(existing->mr, subpage_t, iomem);
0f0cb164
AK		 1150 }
1151 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
052e87b0 1152 end = start + int128_get64(section->size) - 1;
53cb28cb
MA		 1153 subpage_register(subpage, start, end,
1154 phys_section_add(&d->map, section));
0f0cb164
AK		 1155}
1156
1157
052e87b0
PB		 1158static void register_multipage(AddressSpaceDispatch *d,
1159 MemoryRegionSection *section)
33417e70 1160{
a8170e5e 1161 hwaddr start_addr = section->offset_within_address_space;
53cb28cb 1162 uint16_t section_index = phys_section_add(&d->map, section);
052e87b0
PB		 1163 uint64_t num_pages = int128_get64(int128_rshift(section->size,
1164 TARGET_PAGE_BITS));
dd81124b 1165
733d5ef5
PB		 1166 assert(num_pages);
1167 phys_page_set(d, start_addr >> TARGET_PAGE_BITS, num_pages, section_index);
33417e70
FB		 1168}
1169
ac1970fb 1170static void mem_add(MemoryListener *listener, MemoryRegionSection *section)
0f0cb164 1171{
89ae337a 1172 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
00752703 1173 AddressSpaceDispatch *d = as->next_dispatch;
99b9cc06 1174 MemoryRegionSection now = *section, remain = *section;
052e87b0 1175 Int128 page_size = int128_make64(TARGET_PAGE_SIZE);
0f0cb164 1176
733d5ef5
PB		 1177 if (now.offset_within_address_space & ~TARGET_PAGE_MASK) {
1178 uint64_t left = TARGET_PAGE_ALIGN(now.offset_within_address_space)
1179 - now.offset_within_address_space;
1180
052e87b0 1181 now.size = int128_min(int128_make64(left), now.size);
ac1970fb 1182 register_subpage(d, &now);
733d5ef5 1183 } else {
052e87b0 1184 now.size = int128_zero();
733d5ef5 1185 }
052e87b0
PB		 1186 while (int128_ne(remain.size, now.size)) {
1187 remain.size = int128_sub(remain.size, now.size);
1188 remain.offset_within_address_space += int128_get64(now.size);
1189 remain.offset_within_region += int128_get64(now.size);
69b67646 1190 now = remain;
052e87b0 1191 if (int128_lt(remain.size, page_size)) {
733d5ef5 1192 register_subpage(d, &now);
88266249 1193 } else if (remain.offset_within_address_space & ~TARGET_PAGE_MASK) {
052e87b0 1194 now.size = page_size;
ac1970fb 1195 register_subpage(d, &now);
69b67646 1196 } else {
052e87b0 1197 now.size = int128_and(now.size, int128_neg(page_size));
ac1970fb 1198 register_multipage(d, &now);
69b67646 1199 }
0f0cb164
AK		 1200 }
1201}
1202
62a2744c
SY		 1203void qemu_flush_coalesced_mmio_buffer(void)
1204{
1205 if (kvm_enabled())
1206 kvm_flush_coalesced_mmio_buffer();
1207}
1208
b2a8658e
UD		 1209void qemu_mutex_lock_ramlist(void)
1210{
1211 qemu_mutex_lock(&ram_list.mutex);
1212}
1213
1214void qemu_mutex_unlock_ramlist(void)
1215{
1216 qemu_mutex_unlock(&ram_list.mutex);
1217}
1218
e1e84ba0 1219#ifdef __linux__
04b16653
AW		 1220static void *file_ram_alloc(RAMBlock *block,
1221 ram_addr_t memory,
7f56e740
PB		 1222 const char *path,
1223 Error **errp)
c902760f 1224{
fd97fd44 1225 bool unlink_on_error = false;
c902760f 1226 char *filename;
8ca761f6
PF		 1227 char *sanitized_name;
1228 char *c;
056b68af 1229 void *area = MAP_FAILED;
5c3ece79 1230 int fd = -1;
e1fb6471 1231 int64_t page_size;
c902760f
MT		 1232
1233 if (kvm_enabled() && !kvm_has_sync_mmu()) {
7f56e740
PB		 1234 error_setg(errp,
1235 "host lacks kvm mmu notifiers, -mem-path unsupported");
fd97fd44 1236 return NULL;
c902760f
MT		 1237 }
1238
fd97fd44
MA		 1239 for (;;) {
1240 fd = open(path, O_RDWR);
1241 if (fd >= 0) {
1242 /* @path names an existing file, use it */
1243 break;
8d31d6b6 1244 }
fd97fd44
MA		 1245 if (errno == ENOENT) {
1246 /* @path names a file that doesn't exist, create it */
1247 fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
1248 if (fd >= 0) {
1249 unlink_on_error = true;
1250 break;
1251 }
1252 } else if (errno == EISDIR) {
1253 /* @path names a directory, create a file there */
1254 /* Make name safe to use with mkstemp by replacing '/' with '_'. */
1255 sanitized_name = g_strdup(memory_region_name(block->mr));
1256 for (c = sanitized_name; *c != '\0'; c++) {
1257 if (*c == '/') {
1258 *c = '_';
1259 }
1260 }
8ca761f6 1261
fd97fd44
MA		 1262 filename = g_strdup_printf("%s/qemu_back_mem.%s.XXXXXX", path,
1263 sanitized_name);
1264 g_free(sanitized_name);
8d31d6b6 1265
fd97fd44
MA		 1266 fd = mkstemp(filename);
1267 if (fd >= 0) {
1268 unlink(filename);
1269 g_free(filename);
1270 break;
1271 }
1272 g_free(filename);
8d31d6b6 1273 }
fd97fd44
MA		 1274 if (errno != EEXIST && errno != EINTR) {
1275 error_setg_errno(errp, errno,
1276 "can't open backing store %s for guest RAM",
1277 path);
1278 goto error;
1279 }
1280 /*
1281 * Try again on EINTR and EEXIST. The latter happens when
1282 * something else creates the file between our two open().
1283 */
8d31d6b6 1284 }
c902760f 1285
e1fb6471 1286 page_size = qemu_fd_getpagesize(fd);
d2f39add 1287 block->mr->align = MAX(page_size, QEMU_VMALLOC_ALIGN);
fd97fd44 1288
e1fb6471 1289 if (memory < page_size) {
fd97fd44
MA		 1290 error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
1291 "or larger than page size 0x%" PRIx64,
e1fb6471 1292 memory, page_size);
f9a49dfa 1293 goto error;
c902760f 1294 }
c902760f 1295
e1fb6471 1296 memory = ROUND_UP(memory, page_size);
c902760f
MT		 1297
1298 /*
1299 * ftruncate is not supported by hugetlbfs in older
1300 * hosts, so don't bother bailing out on errors.
1301 * If anything goes wrong with it under other filesystems,
1302 * mmap will fail.
1303 */
7f56e740 1304 if (ftruncate(fd, memory)) {
9742bf26 1305 perror("ftruncate");
7f56e740 1306 }
c902760f 1307
d2f39add
DD		 1308 area = qemu_ram_mmap(fd, memory, block->mr->align,
1309 block->flags & RAM_SHARED);
c902760f 1310 if (area == MAP_FAILED) {
7f56e740 1311 error_setg_errno(errp, errno,
fd97fd44 1312 "unable to map backing store for guest RAM");
f9a49dfa 1313 goto error;
c902760f 1314 }
ef36fa14
MT		 1315
1316 if (mem_prealloc) {
056b68af
IM		 1317 os_mem_prealloc(fd, area, memory, errp);
1318 if (errp && *errp) {
1319 goto error;
1320 }
ef36fa14
MT		 1321 }
1322
04b16653 1323 block->fd = fd;
c902760f 1324 return area;
f9a49dfa
MT		 1325
1326error:
056b68af
IM		 1327 if (area != MAP_FAILED) {
1328 qemu_ram_munmap(area, memory);
1329 }
fd97fd44
MA		 1330 if (unlink_on_error) {
1331 unlink(path);
1332 }
5c3ece79
PB		 1333 if (fd != -1) {
1334 close(fd);
1335 }
f9a49dfa 1336 return NULL;
c902760f
MT		 1337}
1338#endif
1339
0dc3f44a 1340/* Called with the ramlist lock held. */
d17b5288 1341static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 1342{
1343 RAMBlock *block, *next_block;
3e837b2c 1344 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653 1345
49cd9ac6
SH		 1346 assert(size != 0); /* it would hand out same offset multiple times */
1347
0dc3f44a 1348 if (QLIST_EMPTY_RCU(&ram_list.blocks)) {
04b16653 1349 return 0;
0d53d9fe 1350 }
04b16653 1351
0dc3f44a 1352 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
f15fbc4b 1353 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653 1354
62be4e3a 1355 end = block->offset + block->max_length;
04b16653 1356
0dc3f44a 1357 QLIST_FOREACH_RCU(next_block, &ram_list.blocks, next) {
04b16653
AW		 1358 if (next_block->offset >= end) {
1359 next = MIN(next, next_block->offset);
1360 }
1361 }
1362 if (next - end >= size && next - end < mingap) {
3e837b2c 1363 offset = end;
04b16653
AW		 1364 mingap = next - end;
1365 }
1366 }
3e837b2c
AW		 1367
1368 if (offset == RAM_ADDR_MAX) {
1369 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
1370 (uint64_t)size);
1371 abort();
1372 }
1373
04b16653
AW		 1374 return offset;
1375}
1376
652d7ec2 1377ram_addr_t last_ram_offset(void)
d17b5288
AW		 1378{
1379 RAMBlock *block;
1380 ram_addr_t last = 0;
1381
0dc3f44a
MD		 1382 rcu_read_lock();
1383 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
62be4e3a 1384 last = MAX(last, block->offset + block->max_length);
0d53d9fe 1385 }
0dc3f44a 1386 rcu_read_unlock();
d17b5288
AW		 1387 return last;
1388}
1389
ddb97f1d
JB		 1390static void qemu_ram_setup_dump(void *addr, ram_addr_t size)
1391{
1392 int ret;
ddb97f1d
JB		 1393
1394 /* Use MADV_DONTDUMP, if user doesn't want the guest memory in the core */
47c8ca53 1395 if (!machine_dump_guest_core(current_machine)) {
ddb97f1d
JB		 1396 ret = qemu_madvise(addr, size, QEMU_MADV_DONTDUMP);
1397 if (ret) {
1398 perror("qemu_madvise");
1399 fprintf(stderr, "madvise doesn't support MADV_DONTDUMP, "
1400 "but dump_guest_core=off specified\n");
1401 }
1402 }
1403}
1404
422148d3
DDAG		 1405const char *qemu_ram_get_idstr(RAMBlock *rb)
1406{
1407 return rb->idstr;
1408}
1409
ae3a7047 1410/* Called with iothread lock held. */
fa53a0e5 1411void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
20cfe881 1412{
fa53a0e5 1413 RAMBlock *block;
20cfe881 1414
c5705a77
AK		 1415 assert(new_block);
1416 assert(!new_block->idstr[0]);
84b89d78 1417
09e5ab63
AL		 1418 if (dev) {
1419 char *id = qdev_get_dev_path(dev);
84b89d78
CM		 1420 if (id) {
1421 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 1422 g_free(id);
84b89d78
CM		 1423 }
1424 }
1425 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
1426
ab0a9956 1427 rcu_read_lock();
0dc3f44a 1428 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
fa53a0e5
GA		 1429 if (block != new_block &&
1430 !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 1431 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
1432 new_block->idstr);
1433 abort();
1434 }
1435 }
0dc3f44a 1436 rcu_read_unlock();
c5705a77
AK		 1437}
1438
ae3a7047 1439/* Called with iothread lock held. */
fa53a0e5 1440void qemu_ram_unset_idstr(RAMBlock *block)
20cfe881 1441{
ae3a7047
MD		 1442 /* FIXME: arch_init.c assumes that this is not called throughout
1443 * migration. Ignore the problem since hot-unplug during migration
1444 * does not work anyway.
1445 */
20cfe881
HT		 1446 if (block) {
1447 memset(block->idstr, 0, sizeof(block->idstr));
1448 }
1449}
1450
8490fc78
LC		 1451static int memory_try_enable_merging(void *addr, size_t len)
1452{
75cc7f01 1453 if (!machine_mem_merge(current_machine)) {
8490fc78
LC		 1454 /* disabled by the user */
1455 return 0;
1456 }
1457
1458 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
1459}
1460
62be4e3a
MT		 1461/* Only legal before guest might have detected the memory size: e.g. on
1462 * incoming migration, or right after reset.
1463 *
1464 * As memory core doesn't know how is memory accessed, it is up to
1465 * resize callback to update device state and/or add assertions to detect
1466 * misuse, if necessary.
1467 */
fa53a0e5 1468int qemu_ram_resize(RAMBlock *block, ram_addr_t newsize, Error **errp)
62be4e3a 1469{
62be4e3a
MT		 1470 assert(block);
1471
4ed023ce 1472 newsize = HOST_PAGE_ALIGN(newsize);
129ddaf3 1473
62be4e3a
MT		 1474 if (block->used_length == newsize) {
1475 return 0;
1476 }
1477
1478 if (!(block->flags & RAM_RESIZEABLE)) {
1479 error_setg_errno(errp, EINVAL,
1480 "Length mismatch: %s: 0x" RAM_ADDR_FMT
1481 " in != 0x" RAM_ADDR_FMT, block->idstr,
1482 newsize, block->used_length);
1483 return -EINVAL;
1484 }
1485
1486 if (block->max_length < newsize) {
1487 error_setg_errno(errp, EINVAL,
1488 "Length too large: %s: 0x" RAM_ADDR_FMT
1489 " > 0x" RAM_ADDR_FMT, block->idstr,
1490 newsize, block->max_length);
1491 return -EINVAL;
1492 }
1493
1494 cpu_physical_memory_clear_dirty_range(block->offset, block->used_length);
1495 block->used_length = newsize;
58d2707e
PB		 1496 cpu_physical_memory_set_dirty_range(block->offset, block->used_length,
1497 DIRTY_CLIENTS_ALL);
62be4e3a
MT		 1498 memory_region_set_size(block->mr, newsize);
1499 if (block->resized) {
1500 block->resized(block->idstr, newsize, block->host);
1501 }
1502 return 0;
1503}
1504
5b82b703
SH		 1505/* Called with ram_list.mutex held */
1506static void dirty_memory_extend(ram_addr_t old_ram_size,
1507 ram_addr_t new_ram_size)
1508{
1509 ram_addr_t old_num_blocks = DIV_ROUND_UP(old_ram_size,
1510 DIRTY_MEMORY_BLOCK_SIZE);
1511 ram_addr_t new_num_blocks = DIV_ROUND_UP(new_ram_size,
1512 DIRTY_MEMORY_BLOCK_SIZE);
1513 int i;
1514
1515 /* Only need to extend if block count increased */
1516 if (new_num_blocks <= old_num_blocks) {
1517 return;
1518 }
1519
1520 for (i = 0; i < DIRTY_MEMORY_NUM; i++) {
1521 DirtyMemoryBlocks *old_blocks;
1522 DirtyMemoryBlocks *new_blocks;
1523 int j;
1524
1525 old_blocks = atomic_rcu_read(&ram_list.dirty_memory[i]);
1526 new_blocks = g_malloc(sizeof(*new_blocks) +
1527 sizeof(new_blocks->blocks[0]) * new_num_blocks);
1528
1529 if (old_num_blocks) {
1530 memcpy(new_blocks->blocks, old_blocks->blocks,
1531 old_num_blocks * sizeof(old_blocks->blocks[0]));
1532 }
1533
1534 for (j = old_num_blocks; j < new_num_blocks; j++) {
1535 new_blocks->blocks[j] = bitmap_new(DIRTY_MEMORY_BLOCK_SIZE);
1536 }
1537
1538 atomic_rcu_set(&ram_list.dirty_memory[i], new_blocks);
1539
1540 if (old_blocks) {
1541 g_free_rcu(old_blocks, rcu);
1542 }
1543 }
1544}
1545
528f46af 1546static void ram_block_add(RAMBlock *new_block, Error **errp)
c5705a77 1547{
e1c57ab8 1548 RAMBlock *block;
0d53d9fe 1549 RAMBlock *last_block = NULL;
2152f5ca 1550 ram_addr_t old_ram_size, new_ram_size;
37aa7a0e 1551 Error *err = NULL;
2152f5ca
JQ		 1552
1553 old_ram_size = last_ram_offset() >> TARGET_PAGE_BITS;
c5705a77 1554
b2a8658e 1555 qemu_mutex_lock_ramlist();
9b8424d5 1556 new_block->offset = find_ram_offset(new_block->max_length);
e1c57ab8
PB		 1557
1558 if (!new_block->host) {
1559 if (xen_enabled()) {
9b8424d5 1560 xen_ram_alloc(new_block->offset, new_block->max_length,
37aa7a0e
MA		 1561 new_block->mr, &err);
1562 if (err) {
1563 error_propagate(errp, err);
1564 qemu_mutex_unlock_ramlist();
39c350ee 1565 return;
37aa7a0e 1566 }
e1c57ab8 1567 } else {
9b8424d5 1568 new_block->host = phys_mem_alloc(new_block->max_length,
a2b257d6 1569 &new_block->mr->align);
39228250 1570 if (!new_block->host) {
ef701d7b
HT		 1571 error_setg_errno(errp, errno,
1572 "cannot set up guest memory '%s'",
1573 memory_region_name(new_block->mr));
1574 qemu_mutex_unlock_ramlist();
39c350ee 1575 return;
39228250 1576 }
9b8424d5 1577 memory_try_enable_merging(new_block->host, new_block->max_length);
6977dfe6 1578 }
c902760f 1579 }
94a6b54f 1580
dd631697
LZ		 1581 new_ram_size = MAX(old_ram_size,
1582 (new_block->offset + new_block->max_length) >> TARGET_PAGE_BITS);
1583 if (new_ram_size > old_ram_size) {
1584 migration_bitmap_extend(old_ram_size, new_ram_size);
5b82b703 1585 dirty_memory_extend(old_ram_size, new_ram_size);
dd631697 1586 }
0d53d9fe
MD		 1587 /* Keep the list sorted from biggest to smallest block. Unlike QTAILQ,
1588 * QLIST (which has an RCU-friendly variant) does not have insertion at
1589 * tail, so save the last element in last_block.
1590 */
0dc3f44a 1591 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
0d53d9fe 1592 last_block = block;
9b8424d5 1593 if (block->max_length < new_block->max_length) {
abb26d63
PB		 1594 break;
1595 }
1596 }
1597 if (block) {
0dc3f44a 1598 QLIST_INSERT_BEFORE_RCU(block, new_block, next);
0d53d9fe 1599 } else if (last_block) {
0dc3f44a 1600 QLIST_INSERT_AFTER_RCU(last_block, new_block, next);
0d53d9fe 1601 } else { /* list is empty */
0dc3f44a 1602 QLIST_INSERT_HEAD_RCU(&ram_list.blocks, new_block, next);
abb26d63 1603 }
0d6d3c87 1604 ram_list.mru_block = NULL;
94a6b54f 1605
0dc3f44a
MD		 1606 /* Write list before version */
1607 smp_wmb();
f798b07f 1608 ram_list.version++;
b2a8658e 1609 qemu_mutex_unlock_ramlist();
f798b07f 1610
9b8424d5 1611 cpu_physical_memory_set_dirty_range(new_block->offset,
58d2707e
PB		 1612 new_block->used_length,
1613 DIRTY_CLIENTS_ALL);
94a6b54f 1614
a904c911
PB		 1615 if (new_block->host) {
1616 qemu_ram_setup_dump(new_block->host, new_block->max_length);
1617 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_HUGEPAGE);
1618 qemu_madvise(new_block->host, new_block->max_length, QEMU_MADV_DONTFORK);
1619 if (kvm_enabled()) {
1620 kvm_setup_guest_memory(new_block->host, new_block->max_length);
1621 }
e1c57ab8 1622 }
94a6b54f 1623}
e9a1ab19 1624
0b183fc8 1625#ifdef __linux__
528f46af
FZ		 1626RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
1627 bool share, const char *mem_path,
1628 Error **errp)
e1c57ab8
PB		 1629{
1630 RAMBlock *new_block;
ef701d7b 1631 Error *local_err = NULL;
e1c57ab8
PB		 1632
1633 if (xen_enabled()) {
7f56e740 1634 error_setg(errp, "-mem-path not supported with Xen");
528f46af 1635 return NULL;
e1c57ab8
PB		 1636 }
1637
1638 if (phys_mem_alloc != qemu_anon_ram_alloc) {
1639 /*
1640 * file_ram_alloc() needs to allocate just like
1641 * phys_mem_alloc, but we haven't bothered to provide
1642 * a hook there.
1643 */
7f56e740
PB		 1644 error_setg(errp,
1645 "-mem-path not supported with this accelerator");
528f46af 1646 return NULL;
e1c57ab8
PB		 1647 }
1648
4ed023ce 1649 size = HOST_PAGE_ALIGN(size);
e1c57ab8
PB		 1650 new_block = g_malloc0(sizeof(*new_block));
1651 new_block->mr = mr;
9b8424d5
MT		 1652 new_block->used_length = size;
1653 new_block->max_length = size;
dbcb8981 1654 new_block->flags = share ? RAM_SHARED : 0;
7f56e740
PB		 1655 new_block->host = file_ram_alloc(new_block, size,
1656 mem_path, errp);
1657 if (!new_block->host) {
1658 g_free(new_block);
528f46af 1659 return NULL;
7f56e740
PB		 1660 }
1661
528f46af 1662 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1663 if (local_err) {
1664 g_free(new_block);
1665 error_propagate(errp, local_err);
528f46af 1666 return NULL;
ef701d7b 1667 }
528f46af 1668 return new_block;
e1c57ab8 1669}
0b183fc8 1670#endif
e1c57ab8 1671
62be4e3a 1672static
528f46af
FZ		 1673RAMBlock *qemu_ram_alloc_internal(ram_addr_t size, ram_addr_t max_size,
1674 void (*resized)(const char*,
1675 uint64_t length,
1676 void *host),
1677 void *host, bool resizeable,
1678 MemoryRegion *mr, Error **errp)
e1c57ab8
PB		 1679{
1680 RAMBlock *new_block;
ef701d7b 1681 Error *local_err = NULL;
e1c57ab8 1682
4ed023ce
DDAG		 1683 size = HOST_PAGE_ALIGN(size);
1684 max_size = HOST_PAGE_ALIGN(max_size);
e1c57ab8
PB		 1685 new_block = g_malloc0(sizeof(*new_block));
1686 new_block->mr = mr;
62be4e3a 1687 new_block->resized = resized;
9b8424d5
MT		 1688 new_block->used_length = size;
1689 new_block->max_length = max_size;
62be4e3a 1690 assert(max_size >= size);
e1c57ab8
PB		 1691 new_block->fd = -1;
1692 new_block->host = host;
1693 if (host) {
7bd4f430 1694 new_block->flags |= RAM_PREALLOC;
e1c57ab8 1695 }
62be4e3a
MT		 1696 if (resizeable) {
1697 new_block->flags |= RAM_RESIZEABLE;
1698 }
528f46af 1699 ram_block_add(new_block, &local_err);
ef701d7b
HT		 1700 if (local_err) {
1701 g_free(new_block);
1702 error_propagate(errp, local_err);
528f46af 1703 return NULL;
ef701d7b 1704 }
528f46af 1705 return new_block;
e1c57ab8
PB		 1706}
1707
528f46af 1708RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
62be4e3a
MT		 1709 MemoryRegion *mr, Error **errp)
1710{
1711 return qemu_ram_alloc_internal(size, size, NULL, host, false, mr, errp);
1712}
1713
528f46af 1714RAMBlock *qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
6977dfe6 1715{
62be4e3a
MT		 1716 return qemu_ram_alloc_internal(size, size, NULL, NULL, false, mr, errp);
1717}
1718
528f46af 1719RAMBlock *qemu_ram_alloc_resizeable(ram_addr_t size, ram_addr_t maxsz,
62be4e3a
MT		 1720 void (*resized)(const char*,
1721 uint64_t length,
1722 void *host),
1723 MemoryRegion *mr, Error **errp)
1724{
1725 return qemu_ram_alloc_internal(size, maxsz, resized, NULL, true, mr, errp);
6977dfe6
YT		 1726}
1727
43771539
PB		 1728static void reclaim_ramblock(RAMBlock *block)
1729{
1730 if (block->flags & RAM_PREALLOC) {
1731 ;
1732 } else if (xen_enabled()) {
1733 xen_invalidate_map_cache_entry(block->host);
1734#ifndef _WIN32
1735 } else if (block->fd >= 0) {
2f3a2bb1 1736 qemu_ram_munmap(block->host, block->max_length);
43771539
PB		 1737 close(block->fd);
1738#endif
1739 } else {
1740 qemu_anon_ram_free(block->host, block->max_length);
1741 }
1742 g_free(block);
1743}
1744
f1060c55 1745void qemu_ram_free(RAMBlock *block)
e9a1ab19 1746{
85bc2a15
MAL		 1747 if (!block) {
1748 return;
1749 }
1750
b2a8658e 1751 qemu_mutex_lock_ramlist();
f1060c55
FZ		 1752 QLIST_REMOVE_RCU(block, next);
1753 ram_list.mru_block = NULL;
1754 /* Write list before version */
1755 smp_wmb();
1756 ram_list.version++;
1757 call_rcu(block, reclaim_ramblock, rcu);
b2a8658e 1758 qemu_mutex_unlock_ramlist();
e9a1ab19
FB		 1759}
1760
cd19cfa2
HY		 1761#ifndef _WIN32
1762void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
1763{
1764 RAMBlock *block;
1765 ram_addr_t offset;
1766 int flags;
1767 void *area, *vaddr;
1768
0dc3f44a 1769 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
cd19cfa2 1770 offset = addr - block->offset;
9b8424d5 1771 if (offset < block->max_length) {
1240be24 1772 vaddr = ramblock_ptr(block, offset);
7bd4f430 1773 if (block->flags & RAM_PREALLOC) {
cd19cfa2 1774 ;
dfeaf2ab
MA		 1775 } else if (xen_enabled()) {
1776 abort();
cd19cfa2
HY		 1777 } else {
1778 flags = MAP_FIXED;
3435f395 1779 if (block->fd >= 0) {
dbcb8981
PB		 1780 flags |= (block->flags & RAM_SHARED ?
1781 MAP_SHARED : MAP_PRIVATE);
3435f395
MA		 1782 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1783 flags, block->fd, offset);
cd19cfa2 1784 } else {
2eb9fbaa
MA		 1785 /*
1786 * Remap needs to match alloc. Accelerators that
1787 * set phys_mem_alloc never remap. If they did,
1788 * we'd need a remap hook here.
1789 */
1790 assert(phys_mem_alloc == qemu_anon_ram_alloc);
1791
cd19cfa2
HY		 1792 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
1793 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
1794 flags, -1, 0);
cd19cfa2
HY		 1795 }
1796 if (area != vaddr) {
f15fbc4b
AP		 1797 fprintf(stderr, "Could not remap addr: "
1798 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 1799 length, addr);
1800 exit(1);
1801 }
8490fc78 1802 memory_try_enable_merging(vaddr, length);
ddb97f1d 1803 qemu_ram_setup_dump(vaddr, length);
cd19cfa2 1804 }
cd19cfa2
HY		 1805 }
1806 }
1807}
1808#endif /* !_WIN32 */
1809
1b5ec234 1810/* Return a host pointer to ram allocated with qemu_ram_alloc.
ae3a7047
MD		 1811 * This should not be used for general purpose DMA. Use address_space_map
1812 * or address_space_rw instead. For local memory (e.g. video ram) that the
1813 * device owns, use memory_region_get_ram_ptr.
0dc3f44a 1814 *
49b24afc 1815 * Called within RCU critical section.
1b5ec234 1816 */
0878d0e1 1817void *qemu_map_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
1b5ec234 1818{
3655cb9c
GA		 1819 RAMBlock *block = ram_block;
1820
1821 if (block == NULL) {
1822 block = qemu_get_ram_block(addr);
0878d0e1 1823 addr -= block->offset;
3655cb9c 1824 }
ae3a7047
MD		 1825
1826 if (xen_enabled() && block->host == NULL) {
0d6d3c87
PB		 1827 /* We need to check if the requested address is in the RAM
1828 * because we don't want to map the entire memory in QEMU.
1829 * In that case just map until the end of the page.
1830 */
1831 if (block->offset == 0) {
49b24afc 1832 return xen_map_cache(addr, 0, 0);
0d6d3c87 1833 }
ae3a7047
MD		 1834
1835 block->host = xen_map_cache(block->offset, block->max_length, 1);
0d6d3c87 1836 }
0878d0e1 1837 return ramblock_ptr(block, addr);
dc828ca1
PB		 1838}
1839
0878d0e1 1840/* Return a host pointer to guest's ram. Similar to qemu_map_ram_ptr
ae3a7047 1841 * but takes a size argument.
0dc3f44a 1842 *
e81bcda5 1843 * Called within RCU critical section.
ae3a7047 1844 */
3655cb9c
GA		 1845static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
1846 hwaddr *size)
38bee5dc 1847{
3655cb9c 1848 RAMBlock *block = ram_block;
8ab934f9
SS		 1849 if (*size == 0) {
1850 return NULL;
1851 }
e81bcda5 1852
3655cb9c
GA		 1853 if (block == NULL) {
1854 block = qemu_get_ram_block(addr);
0878d0e1 1855 addr -= block->offset;
3655cb9c 1856 }
0878d0e1 1857 *size = MIN(*size, block->max_length - addr);
e81bcda5
PB		 1858
1859 if (xen_enabled() && block->host == NULL) {
1860 /* We need to check if the requested address is in the RAM
1861 * because we don't want to map the entire memory in QEMU.
1862 * In that case just map the requested area.
1863 */
1864 if (block->offset == 0) {
1865 return xen_map_cache(addr, *size, 1);
38bee5dc
SS		 1866 }
1867
e81bcda5 1868 block->host = xen_map_cache(block->offset, block->max_length, 1);
38bee5dc 1869 }
e81bcda5 1870
0878d0e1 1871 return ramblock_ptr(block, addr);
38bee5dc
SS		 1872}
1873
422148d3
DDAG		 1874/*
1875 * Translates a host ptr back to a RAMBlock, a ram_addr and an offset
1876 * in that RAMBlock.
1877 *
1878 * ptr: Host pointer to look up
1879 * round_offset: If true round the result offset down to a page boundary
1880 * *ram_addr: set to result ram_addr
1881 * *offset: set to result offset within the RAMBlock
1882 *
1883 * Returns: RAMBlock (or NULL if not found)
ae3a7047
MD		 1884 *
1885 * By the time this function returns, the returned pointer is not protected
1886 * by RCU anymore. If the caller is not within an RCU critical section and
1887 * does not hold the iothread lock, it must have other means of protecting the
1888 * pointer, such as a reference to the region that includes the incoming
1889 * ram_addr_t.
1890 */
422148d3 1891RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
422148d3 1892 ram_addr_t *offset)
5579c7f3 1893{
94a6b54f
PB		 1894 RAMBlock *block;
1895 uint8_t *host = ptr;
1896
868bb33f 1897 if (xen_enabled()) {
f615f396 1898 ram_addr_t ram_addr;
0dc3f44a 1899 rcu_read_lock();
f615f396
PB		 1900 ram_addr = xen_ram_addr_from_mapcache(ptr);
1901 block = qemu_get_ram_block(ram_addr);
422148d3 1902 if (block) {
d6b6aec4 1903 *offset = ram_addr - block->offset;
422148d3 1904 }
0dc3f44a 1905 rcu_read_unlock();
422148d3 1906 return block;
712c2b41
SS		 1907 }
1908
0dc3f44a
MD		 1909 rcu_read_lock();
1910 block = atomic_rcu_read(&ram_list.mru_block);
9b8424d5 1911 if (block && block->host && host - block->host < block->max_length) {
23887b79
PB		 1912 goto found;
1913 }
1914
0dc3f44a 1915 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
432d268c
JN		 1916 /* This case append when the block is not mapped. */
1917 if (block->host == NULL) {
1918 continue;
1919 }
9b8424d5 1920 if (host - block->host < block->max_length) {
23887b79 1921 goto found;
f471a17e 1922 }
94a6b54f 1923 }
432d268c 1924
0dc3f44a 1925 rcu_read_unlock();
1b5ec234 1926 return NULL;
23887b79
PB		 1927
1928found:
422148d3
DDAG		 1929 *offset = (host - block->host);
1930 if (round_offset) {
1931 *offset &= TARGET_PAGE_MASK;
1932 }
0dc3f44a 1933 rcu_read_unlock();
422148d3
DDAG		 1934 return block;
1935}
1936
e3dd7493
DDAG		 1937/*
1938 * Finds the named RAMBlock
1939 *
1940 * name: The name of RAMBlock to find
1941 *
1942 * Returns: RAMBlock (or NULL if not found)
1943 */
1944RAMBlock *qemu_ram_block_by_name(const char *name)
1945{
1946 RAMBlock *block;
1947
1948 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
1949 if (!strcmp(name, block->idstr)) {
1950 return block;
1951 }
1952 }
1953
1954 return NULL;
1955}
1956
422148d3
DDAG		 1957/* Some of the softmmu routines need to translate from a host pointer
1958 (typically a TLB entry) back to a ram offset. */
07bdaa41 1959ram_addr_t qemu_ram_addr_from_host(void *ptr)
422148d3
DDAG		 1960{
1961 RAMBlock *block;
f615f396 1962 ram_addr_t offset;
422148d3 1963
f615f396 1964 block = qemu_ram_block_from_host(ptr, false, &offset);
422148d3 1965 if (!block) {
07bdaa41 1966 return RAM_ADDR_INVALID;
422148d3
DDAG		 1967 }
1968
07bdaa41 1969 return block->offset + offset;
e890261f 1970}
f471a17e 1971
49b24afc 1972/* Called within RCU critical section. */
a8170e5e 1973static void notdirty_mem_write(void *opaque, hwaddr ram_addr,
0e0df1e2 1974 uint64_t val, unsigned size)
9fa3e853 1975{
52159192 1976 if (!cpu_physical_memory_get_dirty_flag(ram_addr, DIRTY_MEMORY_CODE)) {
0e0df1e2 1977 tb_invalidate_phys_page_fast(ram_addr, size);
3a7d929e 1978 }
0e0df1e2
AK		 1979 switch (size) {
1980 case 1:
0878d0e1 1981 stb_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1982 break;
1983 case 2:
0878d0e1 1984 stw_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1985 break;
1986 case 4:
0878d0e1 1987 stl_p(qemu_map_ram_ptr(NULL, ram_addr), val);
0e0df1e2
AK		 1988 break;
1989 default:
1990 abort();
3a7d929e 1991 }
58d2707e
PB		 1992 /* Set both VGA and migration bits for simplicity and to remove
1993 * the notdirty callback faster.
1994 */
1995 cpu_physical_memory_set_dirty_range(ram_addr, size,
1996 DIRTY_CLIENTS_NOCODE);
f23db169
FB		 1997 /* we remove the notdirty callback only if the code has been
1998 flushed */
a2cd8c85 1999 if (!cpu_physical_memory_is_clean(ram_addr)) {
bcae01e4 2000 tlb_set_dirty(current_cpu, current_cpu->mem_io_vaddr);
4917cf44 2001 }
9fa3e853
FB		 2002}
2003
b018ddf6
PB		 2004static bool notdirty_mem_accepts(void *opaque, hwaddr addr,
2005 unsigned size, bool is_write)
2006{
2007 return is_write;
2008}
2009
0e0df1e2 2010static const MemoryRegionOps notdirty_mem_ops = {
0e0df1e2 2011 .write = notdirty_mem_write,
b018ddf6 2012 .valid.accepts = notdirty_mem_accepts,
0e0df1e2 2013 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 2014};
2015
0f459d16 2016/* Generate a debug exception if a watchpoint has been hit. */
66b9b43c 2017static void check_watchpoint(int offset, int len, MemTxAttrs attrs, int flags)
0f459d16 2018{
93afeade 2019 CPUState *cpu = current_cpu;
568496c0 2020 CPUClass *cc = CPU_GET_CLASS(cpu);
93afeade 2021 CPUArchState *env = cpu->env_ptr;
06d55cc1 2022 target_ulong pc, cs_base;
0f459d16 2023 target_ulong vaddr;
a1d1bb31 2024 CPUWatchpoint *wp;
89fee74a 2025 uint32_t cpu_flags;
0f459d16 2026
ff4700b0 2027 if (cpu->watchpoint_hit) {
06d55cc1
AL		 2028 /* We re-entered the check after replacing the TB. Now raise
2029 * the debug interrupt so that is will trigger after the
2030 * current instruction. */
93afeade 2031 cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
06d55cc1
AL		 2032 return;
2033 }
93afeade 2034 vaddr = (cpu->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
ff4700b0 2035 QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
05068c0d
PM		 2036 if (cpu_watchpoint_address_matches(wp, vaddr, len)
2037 && (wp->flags & flags)) {
08225676
PM		 2038 if (flags == BP_MEM_READ) {
2039 wp->flags |= BP_WATCHPOINT_HIT_READ;
2040 } else {
2041 wp->flags |= BP_WATCHPOINT_HIT_WRITE;
2042 }
2043 wp->hitaddr = vaddr;
66b9b43c 2044 wp->hitattrs = attrs;
ff4700b0 2045 if (!cpu->watchpoint_hit) {
568496c0
SF		 2046 if (wp->flags & BP_CPU &&
2047 !cc->debug_check_watchpoint(cpu, wp)) {
2048 wp->flags &= ~BP_WATCHPOINT_HIT;
2049 continue;
2050 }
ff4700b0 2051 cpu->watchpoint_hit = wp;
239c51a5 2052 tb_check_watchpoint(cpu);
6e140f28 2053 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
27103424 2054 cpu->exception_index = EXCP_DEBUG;
5638d180 2055 cpu_loop_exit(cpu);
6e140f28
AL		 2056 } else {
2057 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
648f034c 2058 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
6886b980 2059 cpu_loop_exit_noexc(cpu);
6e140f28 2060 }
06d55cc1 2061 }
6e140f28
AL		 2062 } else {
2063 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 2064 }
2065 }
2066}
2067
6658ffb8
PB		 2068/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
2069 so these check for a hit then pass through to the normal out-of-line
2070 phys routines. */
66b9b43c
PM		 2071static MemTxResult watch_mem_read(void *opaque, hwaddr addr, uint64_t *pdata,
2072 unsigned size, MemTxAttrs attrs)
6658ffb8 2073{
66b9b43c
PM		 2074 MemTxResult res;
2075 uint64_t data;
79ed0416
PM		 2076 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2077 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2078
2079 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_READ);
1ec9b909 2080 switch (size) {
66b9b43c 2081 case 1:
79ed0416 2082 data = address_space_ldub(as, addr, attrs, &res);
66b9b43c
PM		 2083 break;
2084 case 2:
79ed0416 2085 data = address_space_lduw(as, addr, attrs, &res);
66b9b43c
PM		 2086 break;
2087 case 4:
79ed0416 2088 data = address_space_ldl(as, addr, attrs, &res);
66b9b43c 2089 break;
1ec9b909
AK		 2090 default: abort();
2091 }
66b9b43c
PM		 2092 *pdata = data;
2093 return res;
6658ffb8
PB		 2094}
2095
66b9b43c
PM		 2096static MemTxResult watch_mem_write(void *opaque, hwaddr addr,
2097 uint64_t val, unsigned size,
2098 MemTxAttrs attrs)
6658ffb8 2099{
66b9b43c 2100 MemTxResult res;
79ed0416
PM		 2101 int asidx = cpu_asidx_from_attrs(current_cpu, attrs);
2102 AddressSpace *as = current_cpu->cpu_ases[asidx].as;
66b9b43c
PM		 2103
2104 check_watchpoint(addr & ~TARGET_PAGE_MASK, size, attrs, BP_MEM_WRITE);
1ec9b909 2105 switch (size) {
67364150 2106 case 1:
79ed0416 2107 address_space_stb(as, addr, val, attrs, &res);
67364150
MF		 2108 break;
2109 case 2:
79ed0416 2110 address_space_stw(as, addr, val, attrs, &res);
67364150
MF		 2111 break;
2112 case 4:
79ed0416 2113 address_space_stl(as, addr, val, attrs, &res);
67364150 2114 break;
1ec9b909
AK		 2115 default: abort();
2116 }
66b9b43c 2117 return res;
6658ffb8
PB		 2118}
2119
1ec9b909 2120static const MemoryRegionOps watch_mem_ops = {
66b9b43c
PM		 2121 .read_with_attrs = watch_mem_read,
2122 .write_with_attrs = watch_mem_write,
1ec9b909 2123 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 2124};
6658ffb8 2125
f25a49e0
PM		 2126static MemTxResult subpage_read(void *opaque, hwaddr addr, uint64_t *data,
2127 unsigned len, MemTxAttrs attrs)
db7b5426 2128{
acc9d80b 2129 subpage_t *subpage = opaque;
ff6cff75 2130 uint8_t buf[8];
5c9eb028 2131 MemTxResult res;
791af8c8 2132
db7b5426 2133#if defined(DEBUG_SUBPAGE)
016e9d62 2134 printf("%s: subpage %p len %u addr " TARGET_FMT_plx "\n", __func__,
acc9d80b 2135 subpage, len, addr);
db7b5426 2136#endif
5c9eb028
PM		 2137 res = address_space_read(subpage->as, addr + subpage->base,
2138 attrs, buf, len);
2139 if (res) {
2140 return res;
f25a49e0 2141 }
acc9d80b
JK		 2142 switch (len) {
2143 case 1:
f25a49e0
PM		 2144 *data = ldub_p(buf);
2145 return MEMTX_OK;
acc9d80b 2146 case 2:
f25a49e0
PM		 2147 *data = lduw_p(buf);
2148 return MEMTX_OK;
acc9d80b 2149 case 4:
f25a49e0
PM		 2150 *data = ldl_p(buf);
2151 return MEMTX_OK;
ff6cff75 2152 case 8:
f25a49e0
PM		 2153 *data = ldq_p(buf);
2154 return MEMTX_OK;
acc9d80b
JK		 2155 default:
2156 abort();
2157 }
db7b5426
BS		 2158}
2159
f25a49e0
PM		 2160static MemTxResult subpage_write(void *opaque, hwaddr addr,
2161 uint64_t value, unsigned len, MemTxAttrs attrs)
db7b5426 2162{
acc9d80b 2163 subpage_t *subpage = opaque;
ff6cff75 2164 uint8_t buf[8];
acc9d80b 2165
db7b5426 2166#if defined(DEBUG_SUBPAGE)
016e9d62 2167 printf("%s: subpage %p len %u addr " TARGET_FMT_plx
acc9d80b
JK		 2168 " value %"PRIx64"\n",
2169 __func__, subpage, len, addr, value);
db7b5426 2170#endif
acc9d80b
JK		 2171 switch (len) {
2172 case 1:
2173 stb_p(buf, value);
2174 break;
2175 case 2:
2176 stw_p(buf, value);
2177 break;
2178 case 4:
2179 stl_p(buf, value);
2180 break;
ff6cff75
PB		 2181 case 8:
2182 stq_p(buf, value);
2183 break;
acc9d80b
JK		 2184 default:
2185 abort();
2186 }
5c9eb028
PM		 2187 return address_space_write(subpage->as, addr + subpage->base,
2188 attrs, buf, len);
db7b5426
BS		 2189}
2190
c353e4cc 2191static bool subpage_accepts(void *opaque, hwaddr addr,
016e9d62 2192 unsigned len, bool is_write)
c353e4cc 2193{
acc9d80b 2194 subpage_t *subpage = opaque;
c353e4cc 2195#if defined(DEBUG_SUBPAGE)
016e9d62 2196 printf("%s: subpage %p %c len %u addr " TARGET_FMT_plx "\n",
acc9d80b 2197 __func__, subpage, is_write ? 'w' : 'r', len, addr);
c353e4cc
PB		 2198#endif
2199
acc9d80b 2200 return address_space_access_valid(subpage->as, addr + subpage->base,
016e9d62 2201 len, is_write);
c353e4cc
PB		 2202}
2203
70c68e44 2204static const MemoryRegionOps subpage_ops = {
f25a49e0
PM		 2205 .read_with_attrs = subpage_read,
2206 .write_with_attrs = subpage_write,
ff6cff75
PB		 2207 .impl.min_access_size = 1,
2208 .impl.max_access_size = 8,
2209 .valid.min_access_size = 1,
2210 .valid.max_access_size = 8,
c353e4cc 2211 .valid.accepts = subpage_accepts,
70c68e44 2212 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 2213};
2214
c227f099 2215static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2216 uint16_t section)
db7b5426
BS		 2217{
2218 int idx, eidx;
2219
2220 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
2221 return -1;
2222 idx = SUBPAGE_IDX(start);
2223 eidx = SUBPAGE_IDX(end);
2224#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2225 printf("%s: %p start %08x end %08x idx %08x eidx %08x section %d\n",
2226 __func__, mmio, start, end, idx, eidx, section);
db7b5426 2227#endif
db7b5426 2228 for (; idx <= eidx; idx++) {
5312bd8b 2229 mmio->sub_section[idx] = section;
db7b5426
BS		 2230 }
2231
2232 return 0;
2233}
2234
acc9d80b 2235static subpage_t *subpage_init(AddressSpace *as, hwaddr base)
db7b5426 2236{
c227f099 2237 subpage_t *mmio;
db7b5426 2238
7267c094 2239 mmio = g_malloc0(sizeof(subpage_t));
1eec614b 2240
acc9d80b 2241 mmio->as = as;
1eec614b 2242 mmio->base = base;
2c9b15ca 2243 memory_region_init_io(&mmio->iomem, NULL, &subpage_ops, mmio,
b4fefef9 2244 NULL, TARGET_PAGE_SIZE);
b3b00c78 2245 mmio->iomem.subpage = true;
db7b5426 2246#if defined(DEBUG_SUBPAGE)
016e9d62
AK		 2247 printf("%s: %p base " TARGET_FMT_plx " len %08x\n", __func__,
2248 mmio, base, TARGET_PAGE_SIZE);
db7b5426 2249#endif
b41aac4f 2250 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, PHYS_SECTION_UNASSIGNED);
db7b5426
BS		 2251
2252 return mmio;
2253}
2254
a656e22f
PC		 2255static uint16_t dummy_section(PhysPageMap *map, AddressSpace *as,
2256 MemoryRegion *mr)
5312bd8b 2257{
a656e22f 2258 assert(as);
5312bd8b 2259 MemoryRegionSection section = {
a656e22f 2260 .address_space = as,
5312bd8b
AK		 2261 .mr = mr,
2262 .offset_within_address_space = 0,
2263 .offset_within_region = 0,
052e87b0 2264 .size = int128_2_64(),
5312bd8b
AK		 2265 };
2266
53cb28cb 2267 return phys_section_add(map, &section);
5312bd8b
AK		 2268}
2269
a54c87b6 2270MemoryRegion *iotlb_to_region(CPUState *cpu, hwaddr index, MemTxAttrs attrs)
aa102231 2271{
a54c87b6
PM		 2272 int asidx = cpu_asidx_from_attrs(cpu, attrs);
2273 CPUAddressSpace *cpuas = &cpu->cpu_ases[asidx];
32857f4d 2274 AddressSpaceDispatch *d = atomic_rcu_read(&cpuas->memory_dispatch);
79e2b9ae 2275 MemoryRegionSection *sections = d->map.sections;
9d82b5a7
PB		 2276
2277 return sections[index & ~TARGET_PAGE_MASK].mr;
aa102231
AK		 2278}
2279
e9179ce1
AK		 2280static void io_mem_init(void)
2281{
1f6245e5 2282 memory_region_init_io(&io_mem_rom, NULL, &unassigned_mem_ops, NULL, NULL, UINT64_MAX);
2c9b15ca 2283 memory_region_init_io(&io_mem_unassigned, NULL, &unassigned_mem_ops, NULL,
1f6245e5 2284 NULL, UINT64_MAX);
2c9b15ca 2285 memory_region_init_io(&io_mem_notdirty, NULL, &notdirty_mem_ops, NULL,
1f6245e5 2286 NULL, UINT64_MAX);
2c9b15ca 2287 memory_region_init_io(&io_mem_watch, NULL, &watch_mem_ops, NULL,
1f6245e5 2288 NULL, UINT64_MAX);
e9179ce1
AK		 2289}
2290
ac1970fb 2291static void mem_begin(MemoryListener *listener)
00752703
PB		 2292{
2293 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
53cb28cb
MA		 2294 AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1);
2295 uint16_t n;
2296
a656e22f 2297 n = dummy_section(&d->map, as, &io_mem_unassigned);
53cb28cb 2298 assert(n == PHYS_SECTION_UNASSIGNED);
a656e22f 2299 n = dummy_section(&d->map, as, &io_mem_notdirty);
53cb28cb 2300 assert(n == PHYS_SECTION_NOTDIRTY);
a656e22f 2301 n = dummy_section(&d->map, as, &io_mem_rom);
53cb28cb 2302 assert(n == PHYS_SECTION_ROM);
a656e22f 2303 n = dummy_section(&d->map, as, &io_mem_watch);
53cb28cb 2304 assert(n == PHYS_SECTION_WATCH);
00752703 2305
9736e55b 2306 d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 };
00752703
PB		 2307 d->as = as;
2308 as->next_dispatch = d;
2309}
2310
79e2b9ae
PB		 2311static void address_space_dispatch_free(AddressSpaceDispatch *d)
2312{
2313 phys_sections_free(&d->map);
2314 g_free(d);
2315}
2316
00752703 2317static void mem_commit(MemoryListener *listener)
ac1970fb 2318{
89ae337a 2319 AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener);
0475d94f
PB		 2320 AddressSpaceDispatch *cur = as->dispatch;
2321 AddressSpaceDispatch *next = as->next_dispatch;
2322
53cb28cb 2323 phys_page_compact_all(next, next->map.nodes_nb);
b35ba30f 2324
79e2b9ae 2325 atomic_rcu_set(&as->dispatch, next);
53cb28cb 2326 if (cur) {
79e2b9ae 2327 call_rcu(cur, address_space_dispatch_free, rcu);
53cb28cb 2328 }
9affd6fc
PB		 2329}
2330
1d71148e 2331static void tcg_commit(MemoryListener *listener)
50c1e149 2332{
32857f4d
PM		 2333 CPUAddressSpace *cpuas;
2334 AddressSpaceDispatch *d;
117712c3
AK		 2335
2336 /* since each CPU stores ram addresses in its TLB cache, we must
2337 reset the modified entries */
32857f4d
PM		 2338 cpuas = container_of(listener, CPUAddressSpace, tcg_as_listener);
2339 cpu_reloading_memory_map();
2340 /* The CPU and TLB are protected by the iothread lock.
2341 * We reload the dispatch pointer now because cpu_reloading_memory_map()
2342 * may have split the RCU critical section.
2343 */
2344 d = atomic_rcu_read(&cpuas->as->dispatch);
2345 cpuas->memory_dispatch = d;
2346 tlb_flush(cpuas->cpu, 1);
50c1e149
AK		 2347}
2348
ac1970fb
AK		 2349void address_space_init_dispatch(AddressSpace *as)
2350{
00752703 2351 as->dispatch = NULL;
89ae337a 2352 as->dispatch_listener = (MemoryListener) {
ac1970fb 2353 .begin = mem_begin,
00752703 2354 .commit = mem_commit,
ac1970fb
AK		 2355 .region_add = mem_add,
2356 .region_nop = mem_add,
2357 .priority = 0,
2358 };
89ae337a 2359 memory_listener_register(&as->dispatch_listener, as);
ac1970fb
AK		 2360}
2361
6e48e8f9
PB		 2362void address_space_unregister(AddressSpace *as)
2363{
2364 memory_listener_unregister(&as->dispatch_listener);
2365}
2366
83f3c251
AK		 2367void address_space_destroy_dispatch(AddressSpace *as)
2368{
2369 AddressSpaceDispatch *d = as->dispatch;
2370
79e2b9ae
PB		 2371 atomic_rcu_set(&as->dispatch, NULL);
2372 if (d) {
2373 call_rcu(d, address_space_dispatch_free, rcu);
2374 }
83f3c251
AK		 2375}
2376
62152b8a
AK		 2377static void memory_map_init(void)
2378{
7267c094 2379 system_memory = g_malloc(sizeof(*system_memory));
03f49957 2380
57271d63 2381 memory_region_init(system_memory, NULL, "system", UINT64_MAX);
7dca8043 2382 address_space_init(&address_space_memory, system_memory, "memory");
309cb471 2383
7267c094 2384 system_io = g_malloc(sizeof(*system_io));
3bb28b72
JK		 2385 memory_region_init_io(system_io, NULL, &unassigned_io_ops, NULL, "io",
2386 65536);
7dca8043 2387 address_space_init(&address_space_io, system_io, "I/O");
62152b8a
AK		 2388}
2389
2390MemoryRegion *get_system_memory(void)
2391{
2392 return system_memory;
2393}
2394
309cb471
AK		 2395MemoryRegion *get_system_io(void)
2396{
2397 return system_io;
2398}
2399
e2eef170
PB		 2400#endif /* !defined(CONFIG_USER_ONLY) */
2401
13eb76e0
FB		 2402/* physical memory access (slow version, mainly for debug) */
2403#if defined(CONFIG_USER_ONLY)
f17ec444 2404int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
a68fe89c 2405 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 2406{
2407 int l, flags;
2408 target_ulong page;
53a5960a 2409 void * p;
13eb76e0
FB		 2410
2411 while (len > 0) {
2412 page = addr & TARGET_PAGE_MASK;
2413 l = (page + TARGET_PAGE_SIZE) - addr;
2414 if (l > len)
2415 l = len;
2416 flags = page_get_flags(page);
2417 if (!(flags & PAGE_VALID))
a68fe89c 2418 return -1;
13eb76e0
FB		 2419 if (is_write) {
2420 if (!(flags & PAGE_WRITE))
a68fe89c 2421 return -1;
579a97f7 2422 /* XXX: this code should not depend on lock_user */
72fb7daa 2423 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 2424 return -1;
72fb7daa
AJ		 2425 memcpy(p, buf, l);
2426 unlock_user(p, addr, l);
13eb76e0
FB		 2427 } else {
2428 if (!(flags & PAGE_READ))
a68fe89c 2429 return -1;
579a97f7 2430 /* XXX: this code should not depend on lock_user */
72fb7daa 2431 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 2432 return -1;
72fb7daa 2433 memcpy(buf, p, l);
5b257578 2434 unlock_user(p, addr, 0);
13eb76e0
FB		 2435 }
2436 len -= l;
2437 buf += l;
2438 addr += l;
2439 }
a68fe89c 2440 return 0;
13eb76e0 2441}
8df1cd07 2442
13eb76e0 2443#else
51d7a9eb 2444
845b6214 2445static void invalidate_and_set_dirty(MemoryRegion *mr, hwaddr addr,
a8170e5e 2446 hwaddr length)
51d7a9eb 2447{
e87f7778 2448 uint8_t dirty_log_mask = memory_region_get_dirty_log_mask(mr);
0878d0e1
PB		 2449 addr += memory_region_get_ram_addr(mr);
2450
e87f7778
PB		 2451 /* No early return if dirty_log_mask is or becomes 0, because
2452 * cpu_physical_memory_set_dirty_range will still call
2453 * xen_modified_memory.
2454 */
2455 if (dirty_log_mask) {
2456 dirty_log_mask =
2457 cpu_physical_memory_range_includes_clean(addr, length, dirty_log_mask);
2458 }
2459 if (dirty_log_mask & (1 << DIRTY_MEMORY_CODE)) {
2460 tb_invalidate_phys_range(addr, addr + length);
2461 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
51d7a9eb 2462 }
e87f7778 2463 cpu_physical_memory_set_dirty_range(addr, length, dirty_log_mask);
51d7a9eb
AP		 2464}
2465
23326164 2466static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr)
82f2563f 2467{
e1622f4b 2468 unsigned access_size_max = mr->ops->valid.max_access_size;
23326164
RH		 2469
2470 /* Regions are assumed to support 1-4 byte accesses unless
2471 otherwise specified. */
23326164
RH		 2472 if (access_size_max == 0) {
2473 access_size_max = 4;
2474 }
2475
2476 /* Bound the maximum access by the alignment of the address. */
2477 if (!mr->ops->impl.unaligned) {
2478 unsigned align_size_max = addr & -addr;
2479 if (align_size_max != 0 && align_size_max < access_size_max) {
2480 access_size_max = align_size_max;
2481 }
82f2563f 2482 }
23326164
RH		 2483
2484 /* Don't attempt accesses larger than the maximum. */
2485 if (l > access_size_max) {
2486 l = access_size_max;
82f2563f 2487 }
6554f5c0 2488 l = pow2floor(l);
23326164
RH		 2489
2490 return l;
82f2563f
PB		 2491}
2492
4840f10e 2493static bool prepare_mmio_access(MemoryRegion *mr)
125b3806 2494{
4840f10e
JK		 2495 bool unlocked = !qemu_mutex_iothread_locked();
2496 bool release_lock = false;
2497
2498 if (unlocked && mr->global_locking) {
2499 qemu_mutex_lock_iothread();
2500 unlocked = false;
2501 release_lock = true;
2502 }
125b3806 2503 if (mr->flush_coalesced_mmio) {
4840f10e
JK		 2504 if (unlocked) {
2505 qemu_mutex_lock_iothread();
2506 }
125b3806 2507 qemu_flush_coalesced_mmio_buffer();
4840f10e
JK		 2508 if (unlocked) {
2509 qemu_mutex_unlock_iothread();
2510 }
125b3806 2511 }
4840f10e
JK		 2512
2513 return release_lock;
125b3806
PB		 2514}
2515
a203ac70
PB		 2516/* Called within RCU critical section. */
2517static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
2518 MemTxAttrs attrs,
2519 const uint8_t *buf,
2520 int len, hwaddr addr1,
2521 hwaddr l, MemoryRegion *mr)
13eb76e0 2522{
13eb76e0 2523 uint8_t *ptr;
791af8c8 2524 uint64_t val;
3b643495 2525 MemTxResult result = MEMTX_OK;
4840f10e 2526 bool release_lock = false;
3b46e624 2527
a203ac70 2528 for (;;) {
eb7eeb88
PB		 2529 if (!memory_access_is_direct(mr, true)) {
2530 release_lock |= prepare_mmio_access(mr);
2531 l = memory_access_size(mr, l, addr1);
2532 /* XXX: could force current_cpu to NULL to avoid
2533 potential bugs */
2534 switch (l) {
2535 case 8:
2536 /* 64 bit write access */
2537 val = ldq_p(buf);
2538 result |= memory_region_dispatch_write(mr, addr1, val, 8,
2539 attrs);
2540 break;
2541 case 4:
2542 /* 32 bit write access */
2543 val = ldl_p(buf);
2544 result |= memory_region_dispatch_write(mr, addr1, val, 4,
2545 attrs);
2546 break;
2547 case 2:
2548 /* 16 bit write access */
2549 val = lduw_p(buf);
2550 result |= memory_region_dispatch_write(mr, addr1, val, 2,
2551 attrs);
2552 break;
2553 case 1:
2554 /* 8 bit write access */
2555 val = ldub_p(buf);
2556 result |= memory_region_dispatch_write(mr, addr1, val, 1,
2557 attrs);
2558 break;
2559 default:
2560 abort();
13eb76e0
FB		 2561 }
2562 } else {
eb7eeb88 2563 /* RAM case */
0878d0e1 2564 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2565 memcpy(ptr, buf, l);
2566 invalidate_and_set_dirty(mr, addr1, l);
13eb76e0 2567 }
4840f10e
JK		 2568
2569 if (release_lock) {
2570 qemu_mutex_unlock_iothread();
2571 release_lock = false;
2572 }
2573
13eb76e0
FB		 2574 len -= l;
2575 buf += l;
2576 addr += l;
a203ac70
PB		 2577
2578 if (!len) {
2579 break;
2580 }
2581
2582 l = len;
2583 mr = address_space_translate(as, addr, &addr1, &l, true);
13eb76e0 2584 }
fd8aaa76 2585
3b643495 2586 return result;
13eb76e0 2587}
8df1cd07 2588
a203ac70
PB		 2589MemTxResult address_space_write(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2590 const uint8_t *buf, int len)
ac1970fb 2591{
eb7eeb88 2592 hwaddr l;
eb7eeb88
PB		 2593 hwaddr addr1;
2594 MemoryRegion *mr;
2595 MemTxResult result = MEMTX_OK;
eb7eeb88 2596
a203ac70
PB		 2597 if (len > 0) {
2598 rcu_read_lock();
eb7eeb88 2599 l = len;
a203ac70
PB		 2600 mr = address_space_translate(as, addr, &addr1, &l, true);
2601 result = address_space_write_continue(as, addr, attrs, buf, len,
2602 addr1, l, mr);
2603 rcu_read_unlock();
2604 }
2605
2606 return result;
2607}
2608
2609/* Called within RCU critical section. */
2610MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
2611 MemTxAttrs attrs, uint8_t *buf,
2612 int len, hwaddr addr1, hwaddr l,
2613 MemoryRegion *mr)
2614{
2615 uint8_t *ptr;
2616 uint64_t val;
2617 MemTxResult result = MEMTX_OK;
2618 bool release_lock = false;
eb7eeb88 2619
a203ac70 2620 for (;;) {
eb7eeb88
PB		 2621 if (!memory_access_is_direct(mr, false)) {
2622 /* I/O case */
2623 release_lock |= prepare_mmio_access(mr);
2624 l = memory_access_size(mr, l, addr1);
2625 switch (l) {
2626 case 8:
2627 /* 64 bit read access */
2628 result |= memory_region_dispatch_read(mr, addr1, &val, 8,
2629 attrs);
2630 stq_p(buf, val);
2631 break;
2632 case 4:
2633 /* 32 bit read access */
2634 result |= memory_region_dispatch_read(mr, addr1, &val, 4,
2635 attrs);
2636 stl_p(buf, val);
2637 break;
2638 case 2:
2639 /* 16 bit read access */
2640 result |= memory_region_dispatch_read(mr, addr1, &val, 2,
2641 attrs);
2642 stw_p(buf, val);
2643 break;
2644 case 1:
2645 /* 8 bit read access */
2646 result |= memory_region_dispatch_read(mr, addr1, &val, 1,
2647 attrs);
2648 stb_p(buf, val);
2649 break;
2650 default:
2651 abort();
2652 }
2653 } else {
2654 /* RAM case */
0878d0e1 2655 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
eb7eeb88
PB		 2656 memcpy(buf, ptr, l);
2657 }
2658
2659 if (release_lock) {
2660 qemu_mutex_unlock_iothread();
2661 release_lock = false;
2662 }
2663
2664 len -= l;
2665 buf += l;
2666 addr += l;
a203ac70
PB		 2667
2668 if (!len) {
2669 break;
2670 }
2671
2672 l = len;
2673 mr = address_space_translate(as, addr, &addr1, &l, false);
2674 }
2675
2676 return result;
2677}
2678
3cc8f884
PB		 2679MemTxResult address_space_read_full(AddressSpace *as, hwaddr addr,
2680 MemTxAttrs attrs, uint8_t *buf, int len)
a203ac70
PB		 2681{
2682 hwaddr l;
2683 hwaddr addr1;
2684 MemoryRegion *mr;
2685 MemTxResult result = MEMTX_OK;
2686
2687 if (len > 0) {
2688 rcu_read_lock();
2689 l = len;
2690 mr = address_space_translate(as, addr, &addr1, &l, false);
2691 result = address_space_read_continue(as, addr, attrs, buf, len,
2692 addr1, l, mr);
2693 rcu_read_unlock();
eb7eeb88 2694 }
eb7eeb88
PB		 2695
2696 return result;
ac1970fb
AK		 2697}
2698
eb7eeb88
PB		 2699MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
2700 uint8_t *buf, int len, bool is_write)
2701{
2702 if (is_write) {
2703 return address_space_write(as, addr, attrs, (uint8_t *)buf, len);
2704 } else {
2705 return address_space_read(as, addr, attrs, (uint8_t *)buf, len);
2706 }
2707}
ac1970fb 2708
a8170e5e 2709void cpu_physical_memory_rw(hwaddr addr, uint8_t *buf,
ac1970fb
AK		 2710 int len, int is_write)
2711{
5c9eb028
PM		 2712 address_space_rw(&address_space_memory, addr, MEMTXATTRS_UNSPECIFIED,
2713 buf, len, is_write);
ac1970fb
AK		 2714}
2715
582b55a9
AG		 2716enum write_rom_type {
2717 WRITE_DATA,
2718 FLUSH_CACHE,
2719};
2720
2a221651 2721static inline void cpu_physical_memory_write_rom_internal(AddressSpace *as,
582b55a9 2722 hwaddr addr, const uint8_t *buf, int len, enum write_rom_type type)
d0ecd2aa 2723{
149f54b5 2724 hwaddr l;
d0ecd2aa 2725 uint8_t *ptr;
149f54b5 2726 hwaddr addr1;
5c8a00ce 2727 MemoryRegion *mr;
3b46e624 2728
41063e1e 2729 rcu_read_lock();
d0ecd2aa 2730 while (len > 0) {
149f54b5 2731 l = len;
2a221651 2732 mr = address_space_translate(as, addr, &addr1, &l, true);
3b46e624 2733
5c8a00ce
PB		 2734 if (!(memory_region_is_ram(mr) ||
2735 memory_region_is_romd(mr))) {
b242e0e0 2736 l = memory_access_size(mr, l, addr1);
d0ecd2aa 2737 } else {
d0ecd2aa 2738 /* ROM/RAM case */
0878d0e1 2739 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
582b55a9
AG		 2740 switch (type) {
2741 case WRITE_DATA:
2742 memcpy(ptr, buf, l);
845b6214 2743 invalidate_and_set_dirty(mr, addr1, l);
582b55a9
AG		 2744 break;
2745 case FLUSH_CACHE:
2746 flush_icache_range((uintptr_t)ptr, (uintptr_t)ptr + l);
2747 break;
2748 }
d0ecd2aa
FB		 2749 }
2750 len -= l;
2751 buf += l;
2752 addr += l;
2753 }
41063e1e 2754 rcu_read_unlock();
d0ecd2aa
FB		 2755}
2756
582b55a9 2757/* used for ROM loading : can write in RAM and ROM */
2a221651 2758void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
582b55a9
AG		 2759 const uint8_t *buf, int len)
2760{
2a221651 2761 cpu_physical_memory_write_rom_internal(as, addr, buf, len, WRITE_DATA);
582b55a9
AG		 2762}
2763
2764void cpu_flush_icache_range(hwaddr start, int len)
2765{
2766 /*
2767 * This function should do the same thing as an icache flush that was
2768 * triggered from within the guest. For TCG we are always cache coherent,
2769 * so there is no need to flush anything. For KVM / Xen we need to flush
2770 * the host's instruction cache at least.
2771 */
2772 if (tcg_enabled()) {
2773 return;
2774 }
2775
2a221651
EI		 2776 cpu_physical_memory_write_rom_internal(&address_space_memory,
2777 start, NULL, len, FLUSH_CACHE);
582b55a9
AG		 2778}
2779
6d16c2f8 2780typedef struct {
d3e71559 2781 MemoryRegion *mr;
6d16c2f8 2782 void *buffer;
a8170e5e
AK		 2783 hwaddr addr;
2784 hwaddr len;
c2cba0ff 2785 bool in_use;
6d16c2f8
AL		 2786} BounceBuffer;
2787
2788static BounceBuffer bounce;
2789
ba223c29 2790typedef struct MapClient {
e95205e1 2791 QEMUBH *bh;
72cf2d4f 2792 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 2793} MapClient;
2794
38e047b5 2795QemuMutex map_client_list_lock;
72cf2d4f
BS		 2796static QLIST_HEAD(map_client_list, MapClient) map_client_list
2797 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29 2798
e95205e1
FZ		 2799static void cpu_unregister_map_client_do(MapClient *client)
2800{
2801 QLIST_REMOVE(client, link);
2802 g_free(client);
2803}
2804
33b6c2ed
FZ		 2805static void cpu_notify_map_clients_locked(void)
2806{
2807 MapClient *client;
2808
2809 while (!QLIST_EMPTY(&map_client_list)) {
2810 client = QLIST_FIRST(&map_client_list);
e95205e1
FZ		 2811 qemu_bh_schedule(client->bh);
2812 cpu_unregister_map_client_do(client);
33b6c2ed
FZ		 2813 }
2814}
2815
e95205e1 2816void cpu_register_map_client(QEMUBH *bh)
ba223c29 2817{
7267c094 2818 MapClient *client = g_malloc(sizeof(*client));
ba223c29 2819
38e047b5 2820 qemu_mutex_lock(&map_client_list_lock);
e95205e1 2821 client->bh = bh;
72cf2d4f 2822 QLIST_INSERT_HEAD(&map_client_list, client, link);
33b6c2ed
FZ		 2823 if (!atomic_read(&bounce.in_use)) {
2824 cpu_notify_map_clients_locked();
2825 }
38e047b5 2826 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2827}
2828
38e047b5 2829void cpu_exec_init_all(void)
ba223c29 2830{
38e047b5 2831 qemu_mutex_init(&ram_list.mutex);
38e047b5 2832 io_mem_init();
680a4783 2833 memory_map_init();
38e047b5 2834 qemu_mutex_init(&map_client_list_lock);
ba223c29
AL		 2835}
2836
e95205e1 2837void cpu_unregister_map_client(QEMUBH *bh)
ba223c29
AL		 2838{
2839 MapClient *client;
2840
e95205e1
FZ		 2841 qemu_mutex_lock(&map_client_list_lock);
2842 QLIST_FOREACH(client, &map_client_list, link) {
2843 if (client->bh == bh) {
2844 cpu_unregister_map_client_do(client);
2845 break;
2846 }
ba223c29 2847 }
e95205e1 2848 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2849}
2850
2851static void cpu_notify_map_clients(void)
2852{
38e047b5 2853 qemu_mutex_lock(&map_client_list_lock);
33b6c2ed 2854 cpu_notify_map_clients_locked();
38e047b5 2855 qemu_mutex_unlock(&map_client_list_lock);
ba223c29
AL		 2856}
2857
51644ab7
PB		 2858bool address_space_access_valid(AddressSpace *as, hwaddr addr, int len, bool is_write)
2859{
5c8a00ce 2860 MemoryRegion *mr;
51644ab7
PB		 2861 hwaddr l, xlat;
2862
41063e1e 2863 rcu_read_lock();
51644ab7
PB		 2864 while (len > 0) {
2865 l = len;
5c8a00ce
PB		 2866 mr = address_space_translate(as, addr, &xlat, &l, is_write);
2867 if (!memory_access_is_direct(mr, is_write)) {
2868 l = memory_access_size(mr, l, addr);
2869 if (!memory_region_access_valid(mr, xlat, l, is_write)) {
51644ab7
PB		 2870 return false;
2871 }
2872 }
2873
2874 len -= l;
2875 addr += l;
2876 }
41063e1e 2877 rcu_read_unlock();
51644ab7
PB		 2878 return true;
2879}
2880
6d16c2f8
AL		 2881/* Map a physical memory region into a host virtual address.
2882 * May map a subset of the requested range, given by and returned in *plen.
2883 * May return NULL if resources needed to perform the mapping are exhausted.
2884 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 2885 * Use cpu_register_map_client() to know when retrying the map operation is
2886 * likely to succeed.
6d16c2f8 2887 */
ac1970fb 2888void *address_space_map(AddressSpace *as,
a8170e5e
AK		 2889 hwaddr addr,
2890 hwaddr *plen,
ac1970fb 2891 bool is_write)
6d16c2f8 2892{
a8170e5e 2893 hwaddr len = *plen;
e3127ae0
PB		 2894 hwaddr done = 0;
2895 hwaddr l, xlat, base;
2896 MemoryRegion *mr, *this_mr;
e81bcda5 2897 void *ptr;
6d16c2f8 2898
e3127ae0
PB		 2899 if (len == 0) {
2900 return NULL;
2901 }
38bee5dc 2902
e3127ae0 2903 l = len;
41063e1e 2904 rcu_read_lock();
e3127ae0 2905 mr = address_space_translate(as, addr, &xlat, &l, is_write);
41063e1e 2906
e3127ae0 2907 if (!memory_access_is_direct(mr, is_write)) {
c2cba0ff 2908 if (atomic_xchg(&bounce.in_use, true)) {
41063e1e 2909 rcu_read_unlock();
e3127ae0 2910 return NULL;
6d16c2f8 2911 }
e85d9db5
KW		 2912 /* Avoid unbounded allocations */
2913 l = MIN(l, TARGET_PAGE_SIZE);
2914 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, l);
e3127ae0
PB		 2915 bounce.addr = addr;
2916 bounce.len = l;
d3e71559
PB		 2917
2918 memory_region_ref(mr);
2919 bounce.mr = mr;
e3127ae0 2920 if (!is_write) {
5c9eb028
PM		 2921 address_space_read(as, addr, MEMTXATTRS_UNSPECIFIED,
2922 bounce.buffer, l);
8ab934f9 2923 }
6d16c2f8 2924
41063e1e 2925 rcu_read_unlock();
e3127ae0
PB		 2926 *plen = l;
2927 return bounce.buffer;
2928 }
2929
2930 base = xlat;
e3127ae0
PB		 2931
2932 for (;;) {
6d16c2f8
AL		 2933 len -= l;
2934 addr += l;
e3127ae0
PB		 2935 done += l;
2936 if (len == 0) {
2937 break;
2938 }
2939
2940 l = len;
2941 this_mr = address_space_translate(as, addr, &xlat, &l, is_write);
2942 if (this_mr != mr || xlat != base + done) {
2943 break;
2944 }
6d16c2f8 2945 }
e3127ae0 2946
d3e71559 2947 memory_region_ref(mr);
e3127ae0 2948 *plen = done;
0878d0e1 2949 ptr = qemu_ram_ptr_length(mr->ram_block, base, plen);
e81bcda5
PB		 2950 rcu_read_unlock();
2951
2952 return ptr;
6d16c2f8
AL		 2953}
2954
ac1970fb 2955/* Unmaps a memory region previously mapped by address_space_map().
6d16c2f8
AL		 2956 * Will also mark the memory as dirty if is_write == 1. access_len gives
2957 * the amount of memory that was actually read or written by the caller.
2958 */
a8170e5e
AK		 2959void address_space_unmap(AddressSpace *as, void *buffer, hwaddr len,
2960 int is_write, hwaddr access_len)
6d16c2f8
AL		 2961{
2962 if (buffer != bounce.buffer) {
d3e71559
PB		 2963 MemoryRegion *mr;
2964 ram_addr_t addr1;
2965
07bdaa41 2966 mr = memory_region_from_host(buffer, &addr1);
d3e71559 2967 assert(mr != NULL);
6d16c2f8 2968 if (is_write) {
845b6214 2969 invalidate_and_set_dirty(mr, addr1, access_len);
6d16c2f8 2970 }
868bb33f 2971 if (xen_enabled()) {
e41d7c69 2972 xen_invalidate_map_cache_entry(buffer);
050a0ddf 2973 }
d3e71559 2974 memory_region_unref(mr);
6d16c2f8
AL		 2975 return;
2976 }
2977 if (is_write) {
5c9eb028
PM		 2978 address_space_write(as, bounce.addr, MEMTXATTRS_UNSPECIFIED,
2979 bounce.buffer, access_len);
6d16c2f8 2980 }
f8a83245 2981 qemu_vfree(bounce.buffer);
6d16c2f8 2982 bounce.buffer = NULL;
d3e71559 2983 memory_region_unref(bounce.mr);
c2cba0ff 2984 atomic_mb_set(&bounce.in_use, false);
ba223c29 2985 cpu_notify_map_clients();
6d16c2f8 2986}
d0ecd2aa 2987
a8170e5e
AK		 2988void *cpu_physical_memory_map(hwaddr addr,
2989 hwaddr *plen,
ac1970fb
AK		 2990 int is_write)
2991{
2992 return address_space_map(&address_space_memory, addr, plen, is_write);
2993}
2994
a8170e5e
AK		 2995void cpu_physical_memory_unmap(void *buffer, hwaddr len,
2996 int is_write, hwaddr access_len)
ac1970fb
AK		 2997{
2998 return address_space_unmap(&address_space_memory, buffer, len, is_write, access_len);
2999}
3000
8df1cd07 3001/* warning: addr must be aligned */
50013115
PM		 3002static inline uint32_t address_space_ldl_internal(AddressSpace *as, hwaddr addr,
3003 MemTxAttrs attrs,
3004 MemTxResult *result,
3005 enum device_endian endian)
8df1cd07 3006{
8df1cd07 3007 uint8_t *ptr;
791af8c8 3008 uint64_t val;
5c8a00ce 3009 MemoryRegion *mr;
149f54b5
PB		 3010 hwaddr l = 4;
3011 hwaddr addr1;
50013115 3012 MemTxResult r;
4840f10e 3013 bool release_lock = false;
8df1cd07 3014
41063e1e 3015 rcu_read_lock();
fdfba1a2 3016 mr = address_space_translate(as, addr, &addr1, &l, false);
5c8a00ce 3017 if (l < 4 || !memory_access_is_direct(mr, false)) {
4840f10e 3018 release_lock |= prepare_mmio_access(mr);
125b3806 3019
8df1cd07 3020 /* I/O case */
50013115 3021 r = memory_region_dispatch_read(mr, addr1, &val, 4, attrs);
1e78bcc1
AG		 3022#if defined(TARGET_WORDS_BIGENDIAN)
3023 if (endian == DEVICE_LITTLE_ENDIAN) {
3024 val = bswap32(val);
3025 }
3026#else
3027 if (endian == DEVICE_BIG_ENDIAN) {
3028 val = bswap32(val);
3029 }
3030#endif
8df1cd07
FB		 3031 } else {
3032 /* RAM case */
0878d0e1 3033 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3034 switch (endian) {
3035 case DEVICE_LITTLE_ENDIAN:
3036 val = ldl_le_p(ptr);
3037 break;
3038 case DEVICE_BIG_ENDIAN:
3039 val = ldl_be_p(ptr);
3040 break;
3041 default:
3042 val = ldl_p(ptr);
3043 break;
3044 }
50013115
PM		 3045 r = MEMTX_OK;
3046 }
3047 if (result) {
3048 *result = r;
8df1cd07 3049 }
4840f10e
JK		 3050 if (release_lock) {
3051 qemu_mutex_unlock_iothread();
3052 }
41063e1e 3053 rcu_read_unlock();
8df1cd07
FB		 3054 return val;
3055}
3056
50013115
PM		 3057uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
3058 MemTxAttrs attrs, MemTxResult *result)
3059{
3060 return address_space_ldl_internal(as, addr, attrs, result,
3061 DEVICE_NATIVE_ENDIAN);
3062}
3063
3064uint32_t address_space_ldl_le(AddressSpace *as, hwaddr addr,
3065 MemTxAttrs attrs, MemTxResult *result)
3066{
3067 return address_space_ldl_internal(as, addr, attrs, result,
3068 DEVICE_LITTLE_ENDIAN);
3069}
3070
3071uint32_t address_space_ldl_be(AddressSpace *as, hwaddr addr,
3072 MemTxAttrs attrs, MemTxResult *result)
3073{
3074 return address_space_ldl_internal(as, addr, attrs, result,
3075 DEVICE_BIG_ENDIAN);
3076}
3077
fdfba1a2 3078uint32_t ldl_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3079{
50013115 3080 return address_space_ldl(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3081}
3082
fdfba1a2 3083uint32_t ldl_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3084{
50013115 3085 return address_space_ldl_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3086}
3087
fdfba1a2 3088uint32_t ldl_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3089{
50013115 3090 return address_space_ldl_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3091}
3092
84b7b8e7 3093/* warning: addr must be aligned */
50013115
PM		 3094static inline uint64_t address_space_ldq_internal(AddressSpace *as, hwaddr addr,
3095 MemTxAttrs attrs,
3096 MemTxResult *result,
3097 enum device_endian endian)
84b7b8e7 3098{
84b7b8e7
FB		 3099 uint8_t *ptr;
3100 uint64_t val;
5c8a00ce 3101 MemoryRegion *mr;
149f54b5
PB		 3102 hwaddr l = 8;
3103 hwaddr addr1;
50013115 3104 MemTxResult r;
4840f10e 3105 bool release_lock = false;
84b7b8e7 3106
41063e1e 3107 rcu_read_lock();
2c17449b 3108 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3109 false);
3110 if (l < 8 || !memory_access_is_direct(mr, false)) {
4840f10e 3111 release_lock |= prepare_mmio_access(mr);
125b3806 3112
84b7b8e7 3113 /* I/O case */
50013115 3114 r = memory_region_dispatch_read(mr, addr1, &val, 8, attrs);
968a5627
PB		 3115#if defined(TARGET_WORDS_BIGENDIAN)
3116 if (endian == DEVICE_LITTLE_ENDIAN) {
3117 val = bswap64(val);
3118 }
3119#else
3120 if (endian == DEVICE_BIG_ENDIAN) {
3121 val = bswap64(val);
3122 }
84b7b8e7
FB		 3123#endif
3124 } else {
3125 /* RAM case */
0878d0e1 3126 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3127 switch (endian) {
3128 case DEVICE_LITTLE_ENDIAN:
3129 val = ldq_le_p(ptr);
3130 break;
3131 case DEVICE_BIG_ENDIAN:
3132 val = ldq_be_p(ptr);
3133 break;
3134 default:
3135 val = ldq_p(ptr);
3136 break;
3137 }
50013115
PM		 3138 r = MEMTX_OK;
3139 }
3140 if (result) {
3141 *result = r;
84b7b8e7 3142 }
4840f10e
JK		 3143 if (release_lock) {
3144 qemu_mutex_unlock_iothread();
3145 }
41063e1e 3146 rcu_read_unlock();
84b7b8e7
FB		 3147 return val;
3148}
3149
50013115
PM		 3150uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
3151 MemTxAttrs attrs, MemTxResult *result)
3152{
3153 return address_space_ldq_internal(as, addr, attrs, result,
3154 DEVICE_NATIVE_ENDIAN);
3155}
3156
3157uint64_t address_space_ldq_le(AddressSpace *as, hwaddr addr,
3158 MemTxAttrs attrs, MemTxResult *result)
3159{
3160 return address_space_ldq_internal(as, addr, attrs, result,
3161 DEVICE_LITTLE_ENDIAN);
3162}
3163
3164uint64_t address_space_ldq_be(AddressSpace *as, hwaddr addr,
3165 MemTxAttrs attrs, MemTxResult *result)
3166{
3167 return address_space_ldq_internal(as, addr, attrs, result,
3168 DEVICE_BIG_ENDIAN);
3169}
3170
2c17449b 3171uint64_t ldq_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3172{
50013115 3173 return address_space_ldq(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3174}
3175
2c17449b 3176uint64_t ldq_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3177{
50013115 3178 return address_space_ldq_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3179}
3180
2c17449b 3181uint64_t ldq_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3182{
50013115 3183 return address_space_ldq_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3184}
3185
aab33094 3186/* XXX: optimize */
50013115
PM		 3187uint32_t address_space_ldub(AddressSpace *as, hwaddr addr,
3188 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3189{
3190 uint8_t val;
50013115
PM		 3191 MemTxResult r;
3192
3193 r = address_space_rw(as, addr, attrs, &val, 1, 0);
3194 if (result) {
3195 *result = r;
3196 }
aab33094
FB		 3197 return val;
3198}
3199
50013115
PM		 3200uint32_t ldub_phys(AddressSpace *as, hwaddr addr)
3201{
3202 return address_space_ldub(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
3203}
3204
733f0b02 3205/* warning: addr must be aligned */
50013115
PM		 3206static inline uint32_t address_space_lduw_internal(AddressSpace *as,
3207 hwaddr addr,
3208 MemTxAttrs attrs,
3209 MemTxResult *result,
3210 enum device_endian endian)
aab33094 3211{
733f0b02
MT		 3212 uint8_t *ptr;
3213 uint64_t val;
5c8a00ce 3214 MemoryRegion *mr;
149f54b5
PB		 3215 hwaddr l = 2;
3216 hwaddr addr1;
50013115 3217 MemTxResult r;
4840f10e 3218 bool release_lock = false;
733f0b02 3219
41063e1e 3220 rcu_read_lock();
41701aa4 3221 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3222 false);
3223 if (l < 2 || !memory_access_is_direct(mr, false)) {
4840f10e 3224 release_lock |= prepare_mmio_access(mr);
125b3806 3225
733f0b02 3226 /* I/O case */
50013115 3227 r = memory_region_dispatch_read(mr, addr1, &val, 2, attrs);
1e78bcc1
AG		 3228#if defined(TARGET_WORDS_BIGENDIAN)
3229 if (endian == DEVICE_LITTLE_ENDIAN) {
3230 val = bswap16(val);
3231 }
3232#else
3233 if (endian == DEVICE_BIG_ENDIAN) {
3234 val = bswap16(val);
3235 }
3236#endif
733f0b02
MT		 3237 } else {
3238 /* RAM case */
0878d0e1 3239 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3240 switch (endian) {
3241 case DEVICE_LITTLE_ENDIAN:
3242 val = lduw_le_p(ptr);
3243 break;
3244 case DEVICE_BIG_ENDIAN:
3245 val = lduw_be_p(ptr);
3246 break;
3247 default:
3248 val = lduw_p(ptr);
3249 break;
3250 }
50013115
PM		 3251 r = MEMTX_OK;
3252 }
3253 if (result) {
3254 *result = r;
733f0b02 3255 }
4840f10e
JK		 3256 if (release_lock) {
3257 qemu_mutex_unlock_iothread();
3258 }
41063e1e 3259 rcu_read_unlock();
733f0b02 3260 return val;
aab33094
FB		 3261}
3262
50013115
PM		 3263uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
3264 MemTxAttrs attrs, MemTxResult *result)
3265{
3266 return address_space_lduw_internal(as, addr, attrs, result,
3267 DEVICE_NATIVE_ENDIAN);
3268}
3269
3270uint32_t address_space_lduw_le(AddressSpace *as, hwaddr addr,
3271 MemTxAttrs attrs, MemTxResult *result)
3272{
3273 return address_space_lduw_internal(as, addr, attrs, result,
3274 DEVICE_LITTLE_ENDIAN);
3275}
3276
3277uint32_t address_space_lduw_be(AddressSpace *as, hwaddr addr,
3278 MemTxAttrs attrs, MemTxResult *result)
3279{
3280 return address_space_lduw_internal(as, addr, attrs, result,
3281 DEVICE_BIG_ENDIAN);
3282}
3283
41701aa4 3284uint32_t lduw_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3285{
50013115 3286 return address_space_lduw(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3287}
3288
41701aa4 3289uint32_t lduw_le_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3290{
50013115 3291 return address_space_lduw_le(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3292}
3293
41701aa4 3294uint32_t lduw_be_phys(AddressSpace *as, hwaddr addr)
1e78bcc1 3295{
50013115 3296 return address_space_lduw_be(as, addr, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3297}
3298
8df1cd07
FB		 3299/* warning: addr must be aligned. The ram page is not masked as dirty
3300 and the code inside is not invalidated. It is useful if the dirty
3301 bits are used to track modified PTEs */
50013115
PM		 3302void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
3303 MemTxAttrs attrs, MemTxResult *result)
8df1cd07 3304{
8df1cd07 3305 uint8_t *ptr;
5c8a00ce 3306 MemoryRegion *mr;
149f54b5
PB		 3307 hwaddr l = 4;
3308 hwaddr addr1;
50013115 3309 MemTxResult r;
845b6214 3310 uint8_t dirty_log_mask;
4840f10e 3311 bool release_lock = false;
8df1cd07 3312
41063e1e 3313 rcu_read_lock();
2198a121 3314 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3315 true);
3316 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3317 release_lock |= prepare_mmio_access(mr);
125b3806 3318
50013115 3319 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3320 } else {
0878d0e1 3321 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
8df1cd07 3322 stl_p(ptr, val);
74576198 3323
845b6214
PB		 3324 dirty_log_mask = memory_region_get_dirty_log_mask(mr);
3325 dirty_log_mask &= ~(1 << DIRTY_MEMORY_CODE);
0878d0e1
PB		 3326 cpu_physical_memory_set_dirty_range(memory_region_get_ram_addr(mr) + addr,
3327 4, dirty_log_mask);
50013115
PM		 3328 r = MEMTX_OK;
3329 }
3330 if (result) {
3331 *result = r;
8df1cd07 3332 }
4840f10e
JK		 3333 if (release_lock) {
3334 qemu_mutex_unlock_iothread();
3335 }
41063e1e 3336 rcu_read_unlock();
8df1cd07
FB		 3337}
3338
50013115
PM		 3339void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val)
3340{
3341 address_space_stl_notdirty(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3342}
3343
8df1cd07 3344/* warning: addr must be aligned */
50013115
PM		 3345static inline void address_space_stl_internal(AddressSpace *as,
3346 hwaddr addr, uint32_t val,
3347 MemTxAttrs attrs,
3348 MemTxResult *result,
3349 enum device_endian endian)
8df1cd07 3350{
8df1cd07 3351 uint8_t *ptr;
5c8a00ce 3352 MemoryRegion *mr;
149f54b5
PB		 3353 hwaddr l = 4;
3354 hwaddr addr1;
50013115 3355 MemTxResult r;
4840f10e 3356 bool release_lock = false;
8df1cd07 3357
41063e1e 3358 rcu_read_lock();
ab1da857 3359 mr = address_space_translate(as, addr, &addr1, &l,
5c8a00ce
PB		 3360 true);
3361 if (l < 4 || !memory_access_is_direct(mr, true)) {
4840f10e 3362 release_lock |= prepare_mmio_access(mr);
125b3806 3363
1e78bcc1
AG		 3364#if defined(TARGET_WORDS_BIGENDIAN)
3365 if (endian == DEVICE_LITTLE_ENDIAN) {
3366 val = bswap32(val);
3367 }
3368#else
3369 if (endian == DEVICE_BIG_ENDIAN) {
3370 val = bswap32(val);
3371 }
3372#endif
50013115 3373 r = memory_region_dispatch_write(mr, addr1, val, 4, attrs);
8df1cd07 3374 } else {
8df1cd07 3375 /* RAM case */
0878d0e1 3376 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3377 switch (endian) {
3378 case DEVICE_LITTLE_ENDIAN:
3379 stl_le_p(ptr, val);
3380 break;
3381 case DEVICE_BIG_ENDIAN:
3382 stl_be_p(ptr, val);
3383 break;
3384 default:
3385 stl_p(ptr, val);
3386 break;
3387 }
845b6214 3388 invalidate_and_set_dirty(mr, addr1, 4);
50013115
PM		 3389 r = MEMTX_OK;
3390 }
3391 if (result) {
3392 *result = r;
8df1cd07 3393 }
4840f10e
JK		 3394 if (release_lock) {
3395 qemu_mutex_unlock_iothread();
3396 }
41063e1e 3397 rcu_read_unlock();
8df1cd07
FB		 3398}
3399
50013115
PM		 3400void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
3401 MemTxAttrs attrs, MemTxResult *result)
3402{
3403 address_space_stl_internal(as, addr, val, attrs, result,
3404 DEVICE_NATIVE_ENDIAN);
3405}
3406
3407void address_space_stl_le(AddressSpace *as, hwaddr addr, uint32_t val,
3408 MemTxAttrs attrs, MemTxResult *result)
3409{
3410 address_space_stl_internal(as, addr, val, attrs, result,
3411 DEVICE_LITTLE_ENDIAN);
3412}
3413
3414void address_space_stl_be(AddressSpace *as, hwaddr addr, uint32_t val,
3415 MemTxAttrs attrs, MemTxResult *result)
3416{
3417 address_space_stl_internal(as, addr, val, attrs, result,
3418 DEVICE_BIG_ENDIAN);
3419}
3420
ab1da857 3421void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3422{
50013115 3423 address_space_stl(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3424}
3425
ab1da857 3426void stl_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3427{
50013115 3428 address_space_stl_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3429}
3430
ab1da857 3431void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3432{
50013115 3433 address_space_stl_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3434}
3435
aab33094 3436/* XXX: optimize */
50013115
PM		 3437void address_space_stb(AddressSpace *as, hwaddr addr, uint32_t val,
3438 MemTxAttrs attrs, MemTxResult *result)
aab33094
FB		 3439{
3440 uint8_t v = val;
50013115
PM		 3441 MemTxResult r;
3442
3443 r = address_space_rw(as, addr, attrs, &v, 1, 1);
3444 if (result) {
3445 *result = r;
3446 }
3447}
3448
3449void stb_phys(AddressSpace *as, hwaddr addr, uint32_t val)
3450{
3451 address_space_stb(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
aab33094
FB		 3452}
3453
733f0b02 3454/* warning: addr must be aligned */
50013115
PM		 3455static inline void address_space_stw_internal(AddressSpace *as,
3456 hwaddr addr, uint32_t val,
3457 MemTxAttrs attrs,
3458 MemTxResult *result,
3459 enum device_endian endian)
aab33094 3460{
733f0b02 3461 uint8_t *ptr;
5c8a00ce 3462 MemoryRegion *mr;
149f54b5
PB		 3463 hwaddr l = 2;
3464 hwaddr addr1;
50013115 3465 MemTxResult r;
4840f10e 3466 bool release_lock = false;
733f0b02 3467
41063e1e 3468 rcu_read_lock();
5ce5944d 3469 mr = address_space_translate(as, addr, &addr1, &l, true);
5c8a00ce 3470 if (l < 2 || !memory_access_is_direct(mr, true)) {
4840f10e 3471 release_lock |= prepare_mmio_access(mr);
125b3806 3472
1e78bcc1
AG		 3473#if defined(TARGET_WORDS_BIGENDIAN)
3474 if (endian == DEVICE_LITTLE_ENDIAN) {
3475 val = bswap16(val);
3476 }
3477#else
3478 if (endian == DEVICE_BIG_ENDIAN) {
3479 val = bswap16(val);
3480 }
3481#endif
50013115 3482 r = memory_region_dispatch_write(mr, addr1, val, 2, attrs);
733f0b02 3483 } else {
733f0b02 3484 /* RAM case */
0878d0e1 3485 ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
1e78bcc1
AG		 3486 switch (endian) {
3487 case DEVICE_LITTLE_ENDIAN:
3488 stw_le_p(ptr, val);
3489 break;
3490 case DEVICE_BIG_ENDIAN:
3491 stw_be_p(ptr, val);
3492 break;
3493 default:
3494 stw_p(ptr, val);
3495 break;
3496 }
845b6214 3497 invalidate_and_set_dirty(mr, addr1, 2);
50013115
PM		 3498 r = MEMTX_OK;
3499 }
3500 if (result) {
3501 *result = r;
733f0b02 3502 }
4840f10e
JK		 3503 if (release_lock) {
3504 qemu_mutex_unlock_iothread();
3505 }
41063e1e 3506 rcu_read_unlock();
aab33094
FB		 3507}
3508
50013115
PM		 3509void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
3510 MemTxAttrs attrs, MemTxResult *result)
3511{
3512 address_space_stw_internal(as, addr, val, attrs, result,
3513 DEVICE_NATIVE_ENDIAN);
3514}
3515
3516void address_space_stw_le(AddressSpace *as, hwaddr addr, uint32_t val,
3517 MemTxAttrs attrs, MemTxResult *result)
3518{
3519 address_space_stw_internal(as, addr, val, attrs, result,
3520 DEVICE_LITTLE_ENDIAN);
3521}
3522
3523void address_space_stw_be(AddressSpace *as, hwaddr addr, uint32_t val,
3524 MemTxAttrs attrs, MemTxResult *result)
3525{
3526 address_space_stw_internal(as, addr, val, attrs, result,
3527 DEVICE_BIG_ENDIAN);
3528}
3529
5ce5944d 3530void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3531{
50013115 3532 address_space_stw(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3533}
3534
5ce5944d 3535void stw_le_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3536{
50013115 3537 address_space_stw_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3538}
3539
5ce5944d 3540void stw_be_phys(AddressSpace *as, hwaddr addr, uint32_t val)
1e78bcc1 3541{
50013115 3542 address_space_stw_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3543}
3544
aab33094 3545/* XXX: optimize */
50013115
PM		 3546void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
3547 MemTxAttrs attrs, MemTxResult *result)
aab33094 3548{
50013115 3549 MemTxResult r;
aab33094 3550 val = tswap64(val);
50013115
PM		 3551 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3552 if (result) {
3553 *result = r;
3554 }
aab33094
FB		 3555}
3556
50013115
PM		 3557void address_space_stq_le(AddressSpace *as, hwaddr addr, uint64_t val,
3558 MemTxAttrs attrs, MemTxResult *result)
1e78bcc1 3559{
50013115 3560 MemTxResult r;
1e78bcc1 3561 val = cpu_to_le64(val);
50013115
PM		 3562 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3563 if (result) {
3564 *result = r;
3565 }
3566}
3567void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
3568 MemTxAttrs attrs, MemTxResult *result)
3569{
3570 MemTxResult r;
3571 val = cpu_to_be64(val);
3572 r = address_space_rw(as, addr, attrs, (void *) &val, 8, 1);
3573 if (result) {
3574 *result = r;
3575 }
3576}
3577
3578void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3579{
3580 address_space_stq(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
3581}
3582
3583void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val)
3584{
3585 address_space_stq_le(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3586}
3587
f606604f 3588void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val)
1e78bcc1 3589{
50013115 3590 address_space_stq_be(as, addr, val, MEMTXATTRS_UNSPECIFIED, NULL);
1e78bcc1
AG		 3591}
3592
5e2972fd 3593/* virtual memory access for debug (includes writing to ROM) */
f17ec444 3594int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr,
b448f2f3 3595 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3596{
3597 int l;
a8170e5e 3598 hwaddr phys_addr;
9b3c35e0 3599 target_ulong page;
13eb76e0
FB		 3600
3601 while (len > 0) {
5232e4c7
PM		 3602 int asidx;
3603 MemTxAttrs attrs;
3604
13eb76e0 3605 page = addr & TARGET_PAGE_MASK;
5232e4c7
PM		 3606 phys_addr = cpu_get_phys_page_attrs_debug(cpu, page, &attrs);
3607 asidx = cpu_asidx_from_attrs(cpu, attrs);
13eb76e0
FB		 3608 /* if no physical page mapped, return an error */
3609 if (phys_addr == -1)
3610 return -1;
3611 l = (page + TARGET_PAGE_SIZE) - addr;
3612 if (l > len)
3613 l = len;
5e2972fd 3614 phys_addr += (addr & ~TARGET_PAGE_MASK);
2e38847b 3615 if (is_write) {
5232e4c7
PM		 3616 cpu_physical_memory_write_rom(cpu->cpu_ases[asidx].as,
3617 phys_addr, buf, l);
2e38847b 3618 } else {
5232e4c7
PM		 3619 address_space_rw(cpu->cpu_ases[asidx].as, phys_addr,
3620 MEMTXATTRS_UNSPECIFIED,
5c9eb028 3621 buf, l, 0);
2e38847b 3622 }
13eb76e0
FB		 3623 len -= l;
3624 buf += l;
3625 addr += l;
3626 }
3627 return 0;
3628}
038629a6
DDAG		 3629
3630/*
3631 * Allows code that needs to deal with migration bitmaps etc to still be built
3632 * target independent.
3633 */
3634size_t qemu_target_page_bits(void)
3635{
3636 return TARGET_PAGE_BITS;
3637}
3638
a68fe89c 3639#endif
13eb76e0 3640
8e4a424b
BS		 3641/*
3642 * A helper function for the _utterly broken_ virtio device model to find out if
3643 * it's running on a big endian machine. Don't do this at home kids!
3644 */
98ed8ecf
GK		 3645bool target_words_bigendian(void);
3646bool target_words_bigendian(void)
8e4a424b
BS		 3647{
3648#if defined(TARGET_WORDS_BIGENDIAN)
3649 return true;
3650#else
3651 return false;
3652#endif
3653}
3654
76f35538 3655#ifndef CONFIG_USER_ONLY
a8170e5e 3656bool cpu_physical_memory_is_io(hwaddr phys_addr)
76f35538 3657{
5c8a00ce 3658 MemoryRegion*mr;
149f54b5 3659 hwaddr l = 1;
41063e1e 3660 bool res;
76f35538 3661
41063e1e 3662 rcu_read_lock();
5c8a00ce
PB		 3663 mr = address_space_translate(&address_space_memory,
3664 phys_addr, &phys_addr, &l, false);
76f35538 3665
41063e1e
PB		 3666 res = !(memory_region_is_ram(mr) || memory_region_is_romd(mr));
3667 rcu_read_unlock();
3668 return res;
76f35538 3669}
bd2fa51f 3670
e3807054 3671int qemu_ram_foreach_block(RAMBlockIterFunc func, void *opaque)
bd2fa51f
MH		 3672{
3673 RAMBlock *block;
e3807054 3674 int ret = 0;
bd2fa51f 3675
0dc3f44a
MD		 3676 rcu_read_lock();
3677 QLIST_FOREACH_RCU(block, &ram_list.blocks, next) {
e3807054
DDAG		 3678 ret = func(block->idstr, block->host, block->offset,
3679 block->used_length, opaque);
3680 if (ret) {
3681 break;
3682 }
bd2fa51f 3683 }
0dc3f44a 3684 rcu_read_unlock();
e3807054 3685 return ret;
bd2fa51f 3686}
ec3f8c99 3687#endif
QEMU mirror