]> git.proxmox.com Git - mirror_qemu.git/blame - exec.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
memory: simplify multipage/subpage registration
[mirror_qemu.git] / exec.c
CommitLineData
54936004 1/*
fd6ce8f6 2 * virtual page mapping and translated block handling
5fafdf24 3 *
54936004
FB		 4 * Copyright (c) 2003 Fabrice Bellard
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
8167ee88 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
54936004 18 */
67b915a5 19#include "config.h"
d5a8f07c
FB		 20#ifdef _WIN32
21#include <windows.h>
22#else
a98d49b1 23#include <sys/types.h>
d5a8f07c
FB		 24#include <sys/mman.h>
25#endif
54936004 26
055403b2 27#include "qemu-common.h"
6180a181 28#include "cpu.h"
b67d9a52 29#include "tcg.h"
b3c7724c 30#include "hw/hw.h"
cc9e98cb 31#include "hw/qdev.h"
74576198 32#include "osdep.h"
7ba1e619 33#include "kvm.h"
432d268c 34#include "hw/xen.h"
29e922b6 35#include "qemu-timer.h"
62152b8a
AK		 36#include "memory.h"
37#include "exec-memory.h"
53a5960a
PB		 38#if defined(CONFIG_USER_ONLY)
39#include <qemu.h>
f01576f1
JL		 40#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
41#include <sys/param.h>
42#if __FreeBSD_version >= 700104
43#define HAVE_KINFO_GETVMMAP
44#define sigqueue sigqueue_freebsd /* avoid redefinition */
45#include <sys/time.h>
46#include <sys/proc.h>
47#include <machine/profile.h>
48#define _KERNEL
49#include <sys/user.h>
50#undef _KERNEL
51#undef sigqueue
52#include <libutil.h>
53#endif
54#endif
432d268c
JN		 55#else /* !CONFIG_USER_ONLY */
56#include "xen-mapcache.h"
6506e4f9 57#include "trace.h"
53a5960a 58#endif
54936004 59
67d95c15
AK		 60#define WANT_EXEC_OBSOLETE
61#include "exec-obsolete.h"
62
fd6ce8f6 63//#define DEBUG_TB_INVALIDATE
66e85a21 64//#define DEBUG_FLUSH
9fa3e853 65//#define DEBUG_TLB
67d3b957 66//#define DEBUG_UNASSIGNED
fd6ce8f6
FB		 67
68/* make various TB consistency checks */
5fafdf24
TS		 69//#define DEBUG_TB_CHECK
70//#define DEBUG_TLB_CHECK
fd6ce8f6 71
1196be37 72//#define DEBUG_IOPORT
db7b5426 73//#define DEBUG_SUBPAGE
1196be37 74
99773bd4
PB		 75#if !defined(CONFIG_USER_ONLY)
76/* TB consistency checks only implemented for usermode emulation. */
77#undef DEBUG_TB_CHECK
78#endif
79
9fa3e853
FB		 80#define SMC_BITMAP_USE_THRESHOLD 10
81
bdaf78e0 82static TranslationBlock *tbs;
24ab68ac 83static int code_gen_max_blocks;
9fa3e853 84TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
bdaf78e0 85static int nb_tbs;
eb51d102 86/* any access to the tbs or the page table must use this lock */
c227f099 87spinlock_t tb_lock = SPIN_LOCK_UNLOCKED;
fd6ce8f6 88
141ac468
BS		 89#if defined(__arm__) || defined(__sparc_v9__)
90/* The prologue must be reachable with a direct jump. ARM and Sparc64
91 have limited branch ranges (possibly also PPC) so place it in a
d03d860b
BS		 92 section close to code segment. */
93#define code_gen_section \
94 __attribute__((__section__(".gen_code"))) \
95 __attribute__((aligned (32)))
f8e2af11
SW		 96#elif defined(_WIN32)
97/* Maximum alignment for Win32 is 16. */
98#define code_gen_section \
99 __attribute__((aligned (16)))
d03d860b
BS		 100#else
101#define code_gen_section \
102 __attribute__((aligned (32)))
103#endif
104
105uint8_t code_gen_prologue[1024] code_gen_section;
bdaf78e0
BS		 106static uint8_t *code_gen_buffer;
107static unsigned long code_gen_buffer_size;
26a5f13b 108/* threshold to flush the translated code buffer */
bdaf78e0 109static unsigned long code_gen_buffer_max_size;
24ab68ac 110static uint8_t *code_gen_ptr;
fd6ce8f6 111
e2eef170 112#if !defined(CONFIG_USER_ONLY)
9fa3e853 113int phys_ram_fd;
74576198 114static int in_migration;
94a6b54f 115
85d59fef 116RAMList ram_list = { .blocks = QLIST_HEAD_INITIALIZER(ram_list.blocks) };
62152b8a
AK		 117
118static MemoryRegion *system_memory;
309cb471 119static MemoryRegion *system_io;
62152b8a 120
0e0df1e2 121MemoryRegion io_mem_ram, io_mem_rom, io_mem_unassigned, io_mem_notdirty;
de712f94 122static MemoryRegion io_mem_subpage_ram;
0e0df1e2 123
e2eef170 124#endif
9fa3e853 125
6a00d601
FB		 126CPUState *first_cpu;
127/* current CPU in the current thread. It is only valid inside
128 cpu_exec() */
b3c4bbe5 129DEFINE_TLS(CPUState *,cpu_single_env);
2e70f6ef 130/* 0 = Do not count executed instructions.
bf20dc07 131 1 = Precise instruction counting.
2e70f6ef
PB		 132 2 = Adaptive rate instruction counting. */
133int use_icount = 0;
6a00d601 134
54936004 135typedef struct PageDesc {
92e873b9 136 /* list of TBs intersecting this ram page */
fd6ce8f6 137 TranslationBlock *first_tb;
9fa3e853
FB		 138 /* in order to optimize self modifying code, we count the number
139 of lookups we do to a given page to use a bitmap */
140 unsigned int code_write_count;
141 uint8_t *code_bitmap;
142#if defined(CONFIG_USER_ONLY)
143 unsigned long flags;
144#endif
54936004
FB		 145} PageDesc;
146
41c1b1c9 147/* In system mode we want L1_MAP to be based on ram offsets,
5cd2c5b6
RH		 148 while in user mode we want it to be based on virtual addresses. */
149#if !defined(CONFIG_USER_ONLY)
41c1b1c9
PB		 150#if HOST_LONG_BITS < TARGET_PHYS_ADDR_SPACE_BITS
151# define L1_MAP_ADDR_SPACE_BITS HOST_LONG_BITS
152#else
5cd2c5b6 153# define L1_MAP_ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS
41c1b1c9 154#endif
bedb69ea 155#else
5cd2c5b6 156# define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS
bedb69ea 157#endif
54936004 158
5cd2c5b6
RH		 159/* Size of the L2 (and L3, etc) page tables. */
160#define L2_BITS 10
54936004
FB		 161#define L2_SIZE (1 << L2_BITS)
162
3eef53df
AK		 163#define P_L2_LEVELS \
164 (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1)
165
5cd2c5b6 166/* The bits remaining after N lower levels of page tables. */
5cd2c5b6
RH		 167#define V_L1_BITS_REM \
168 ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS)
169
5cd2c5b6
RH		 170#if V_L1_BITS_REM < 4
171#define V_L1_BITS (V_L1_BITS_REM + L2_BITS)
172#else
173#define V_L1_BITS V_L1_BITS_REM
174#endif
175
5cd2c5b6
RH		 176#define V_L1_SIZE ((target_ulong)1 << V_L1_BITS)
177
5cd2c5b6
RH		 178#define V_L1_SHIFT (L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS - V_L1_BITS)
179
83fb7adf 180unsigned long qemu_real_host_page_size;
83fb7adf
FB		 181unsigned long qemu_host_page_size;
182unsigned long qemu_host_page_mask;
54936004 183
5cd2c5b6
RH		 184/* This is a multi-level map on the virtual address space.
185 The bottom level has pointers to PageDesc. */
186static void *l1_map[V_L1_SIZE];
54936004 187
e2eef170 188#if !defined(CONFIG_USER_ONLY)
4346ae3e
AK		 189typedef struct PhysPageEntry PhysPageEntry;
190
5312bd8b
AK		 191static MemoryRegionSection *phys_sections;
192static unsigned phys_sections_nb, phys_sections_nb_alloc;
193static uint16_t phys_section_unassigned;
194
4346ae3e
AK		 195struct PhysPageEntry {
196 union {
5312bd8b 197 uint16_t leaf; /* index into phys_sections */
d6f2ea22 198 uint16_t node; /* index into phys_map_nodes */
4346ae3e
AK		 199 } u;
200};
201
d6f2ea22
AK		 202/* Simple allocator for PhysPageEntry nodes */
203static PhysPageEntry (*phys_map_nodes)[L2_SIZE];
204static unsigned phys_map_nodes_nb, phys_map_nodes_nb_alloc;
205
206#define PHYS_MAP_NODE_NIL ((uint16_t)~0)
207
5cd2c5b6 208/* This is a multi-level map on the physical address space.
06ef3525 209 The bottom level has pointers to MemoryRegionSections. */
d6f2ea22 210static PhysPageEntry phys_map = { .u.node = PHYS_MAP_NODE_NIL };
6d9a1304 211
e2eef170 212static void io_mem_init(void);
62152b8a 213static void memory_map_init(void);
e2eef170 214
33417e70 215/* io memory support */
a621f38d 216MemoryRegion *io_mem_region[IO_MEM_NB_ENTRIES];
511d2b14 217static char io_mem_used[IO_MEM_NB_ENTRIES];
1ec9b909 218static MemoryRegion io_mem_watch;
6658ffb8 219#endif
33417e70 220
34865134 221/* log support */
1e8b27ca
JR		 222#ifdef WIN32
223static const char *logfilename = "qemu.log";
224#else
d9b630fd 225static const char *logfilename = "/tmp/qemu.log";
1e8b27ca 226#endif
34865134
FB		 227FILE *logfile;
228int loglevel;
e735b91c 229static int log_append = 0;
34865134 230
e3db7226 231/* statistics */
b3755a91 232#if !defined(CONFIG_USER_ONLY)
e3db7226 233static int tlb_flush_count;
b3755a91 234#endif
e3db7226
FB		 235static int tb_flush_count;
236static int tb_phys_invalidate_count;
237
7cb69cae
FB		 238#ifdef _WIN32
239static void map_exec(void *addr, long size)
240{
241 DWORD old_protect;
242 VirtualProtect(addr, size,
243 PAGE_EXECUTE_READWRITE, &old_protect);
244
245}
246#else
247static void map_exec(void *addr, long size)
248{
4369415f 249 unsigned long start, end, page_size;
7cb69cae 250
4369415f 251 page_size = getpagesize();
7cb69cae 252 start = (unsigned long)addr;
4369415f 253 start &= ~(page_size - 1);
7cb69cae
FB		 254
255 end = (unsigned long)addr + size;
4369415f
FB		 256 end += page_size - 1;
257 end &= ~(page_size - 1);
7cb69cae
FB		 258
259 mprotect((void *)start, end - start,
260 PROT_READ | PROT_WRITE | PROT_EXEC);
261}
262#endif
263
b346ff46 264static void page_init(void)
54936004 265{
83fb7adf 266 /* NOTE: we can always suppose that qemu_host_page_size >=
54936004 267 TARGET_PAGE_SIZE */
c2b48b69
AL		 268#ifdef _WIN32
269 {
270 SYSTEM_INFO system_info;
271
272 GetSystemInfo(&system_info);
273 qemu_real_host_page_size = system_info.dwPageSize;
274 }
275#else
276 qemu_real_host_page_size = getpagesize();
277#endif
83fb7adf
FB		 278 if (qemu_host_page_size == 0)
279 qemu_host_page_size = qemu_real_host_page_size;
280 if (qemu_host_page_size < TARGET_PAGE_SIZE)
281 qemu_host_page_size = TARGET_PAGE_SIZE;
83fb7adf 282 qemu_host_page_mask = ~(qemu_host_page_size - 1);
50a9569b 283
2e9a5713 284#if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
50a9569b 285 {
f01576f1
JL		 286#ifdef HAVE_KINFO_GETVMMAP
287 struct kinfo_vmentry *freep;
288 int i, cnt;
289
290 freep = kinfo_getvmmap(getpid(), &cnt);
291 if (freep) {
292 mmap_lock();
293 for (i = 0; i < cnt; i++) {
294 unsigned long startaddr, endaddr;
295
296 startaddr = freep[i].kve_start;
297 endaddr = freep[i].kve_end;
298 if (h2g_valid(startaddr)) {
299 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
300
301 if (h2g_valid(endaddr)) {
302 endaddr = h2g(endaddr);
fd436907 303 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 304 } else {
305#if TARGET_ABI_BITS <= L1_MAP_ADDR_SPACE_BITS
306 endaddr = ~0ul;
fd436907 307 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
f01576f1
JL		 308#endif
309 }
310 }
311 }
312 free(freep);
313 mmap_unlock();
314 }
315#else
50a9569b 316 FILE *f;
50a9569b 317
0776590d 318 last_brk = (unsigned long)sbrk(0);
5cd2c5b6 319
fd436907 320 f = fopen("/compat/linux/proc/self/maps", "r");
50a9569b 321 if (f) {
5cd2c5b6
RH		 322 mmap_lock();
323
50a9569b 324 do {
5cd2c5b6
RH		 325 unsigned long startaddr, endaddr;
326 int n;
327
328 n = fscanf (f, "%lx-%lx %*[^\n]\n", &startaddr, &endaddr);
329
330 if (n == 2 && h2g_valid(startaddr)) {
331 startaddr = h2g(startaddr) & TARGET_PAGE_MASK;
332
333 if (h2g_valid(endaddr)) {
334 endaddr = h2g(endaddr);
335 } else {
336 endaddr = ~0ul;
337 }
338 page_set_flags(startaddr, endaddr, PAGE_RESERVED);
50a9569b
AZ		 339 }
340 } while (!feof(f));
5cd2c5b6 341
50a9569b 342 fclose(f);
5cd2c5b6 343 mmap_unlock();
50a9569b 344 }
f01576f1 345#endif
50a9569b
AZ		 346 }
347#endif
54936004
FB		 348}
349
41c1b1c9 350static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc)
54936004 351{
41c1b1c9
PB		 352 PageDesc *pd;
353 void **lp;
354 int i;
355
5cd2c5b6 356#if defined(CONFIG_USER_ONLY)
7267c094 357 /* We can't use g_malloc because it may recurse into a locked mutex. */
5cd2c5b6
RH		 358# define ALLOC(P, SIZE) \
359 do { \
360 P = mmap(NULL, SIZE, PROT_READ | PROT_WRITE, \
361 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \
5cd2c5b6
RH		 362 } while (0)
363#else
364# define ALLOC(P, SIZE) \
7267c094 365 do { P = g_malloc0(SIZE); } while (0)
17e2377a 366#endif
434929bf 367
5cd2c5b6
RH		 368 /* Level 1. Always allocated. */
369 lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1));
370
371 /* Level 2..N-1. */
372 for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) {
373 void **p = *lp;
374
375 if (p == NULL) {
376 if (!alloc) {
377 return NULL;
378 }
379 ALLOC(p, sizeof(void *) * L2_SIZE);
380 *lp = p;
17e2377a 381 }
5cd2c5b6
RH		 382
383 lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1));
384 }
385
386 pd = *lp;
387 if (pd == NULL) {
388 if (!alloc) {
389 return NULL;
390 }
391 ALLOC(pd, sizeof(PageDesc) * L2_SIZE);
392 *lp = pd;
54936004 393 }
5cd2c5b6
RH		 394
395#undef ALLOC
5cd2c5b6
RH		 396
397 return pd + (index & (L2_SIZE - 1));
54936004
FB		 398}
399
41c1b1c9 400static inline PageDesc *page_find(tb_page_addr_t index)
54936004 401{
5cd2c5b6 402 return page_find_alloc(index, 0);
fd6ce8f6
FB		 403}
404
6d9a1304 405#if !defined(CONFIG_USER_ONLY)
d6f2ea22
AK		 406
407static PhysPageEntry *phys_map_node_alloc(uint16_t *ptr)
408{
409 unsigned i;
410 uint16_t ret;
411
412 /* Assign early to avoid the pointer being invalidated by g_renew() */
413 *ptr = ret = phys_map_nodes_nb++;
414 assert(ret != PHYS_MAP_NODE_NIL);
415 if (ret == phys_map_nodes_nb_alloc) {
416 typedef PhysPageEntry Node[L2_SIZE];
417 phys_map_nodes_nb_alloc = MAX(phys_map_nodes_nb_alloc * 2, 16);
418 phys_map_nodes = g_renew(Node, phys_map_nodes,
419 phys_map_nodes_nb_alloc);
420 }
421 for (i = 0; i < L2_SIZE; ++i) {
422 phys_map_nodes[ret][i].u.node = PHYS_MAP_NODE_NIL;
423 }
424 return phys_map_nodes[ret];
425}
426
427static void phys_map_nodes_reset(void)
428{
429 phys_map_nodes_nb = 0;
430}
431
5312bd8b 432static uint16_t *phys_page_find_alloc(target_phys_addr_t index, int alloc)
92e873b9 433{
4346ae3e
AK		 434 PhysPageEntry *lp, *p;
435 int i, j;
92e873b9 436
3eef53df 437 lp = &phys_map;
108c49b8 438
4346ae3e
AK		 439 /* Level 1..N. */
440 for (i = P_L2_LEVELS - 1; i >= 0; i--) {
d6f2ea22 441 if (lp->u.node == PHYS_MAP_NODE_NIL) {
5cd2c5b6
RH		 442 if (!alloc) {
443 return NULL;
444 }
d6f2ea22 445 p = phys_map_node_alloc(&lp->u.node);
4346ae3e 446 if (i == 0) {
4346ae3e 447 for (j = 0; j < L2_SIZE; j++) {
5312bd8b 448 p[j].u.leaf = phys_section_unassigned;
4346ae3e
AK		 449 }
450 }
d6f2ea22
AK		 451 } else {
452 p = phys_map_nodes[lp->u.node];
67c4d23c 453 }
d6f2ea22 454 lp = &p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
92e873b9 455 }
5cd2c5b6 456
4346ae3e 457 return &lp->u.leaf;
92e873b9
FB		 458}
459
06ef3525 460static MemoryRegionSection phys_page_find(target_phys_addr_t index)
92e873b9 461{
31ab2b4a
AK		 462 PhysPageEntry lp = phys_map;
463 PhysPageEntry *p;
464 int i;
06ef3525
AK		 465 MemoryRegionSection section;
466 target_phys_addr_t delta;
31ab2b4a 467 uint16_t s_index = phys_section_unassigned;
f1f6e3b8 468
31ab2b4a
AK		 469 for (i = P_L2_LEVELS - 1; i >= 0; i--) {
470 if (lp.u.node == PHYS_MAP_NODE_NIL) {
471 goto not_found;
472 }
473 p = phys_map_nodes[lp.u.node];
474 lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)];
5312bd8b 475 }
31ab2b4a
AK		 476
477 s_index = lp.u.leaf;
478not_found:
06ef3525 479 section = phys_sections[s_index];
5312bd8b 480 index <<= TARGET_PAGE_BITS;
06ef3525
AK		 481 assert(section.offset_within_address_space <= index
482 && index <= section.offset_within_address_space + section.size-1);
483 delta = index - section.offset_within_address_space;
484 section.offset_within_address_space += delta;
485 section.offset_within_region += delta;
486 section.size -= delta;
487 return section;
92e873b9
FB		 488}
489
c227f099
AL		 490static void tlb_protect_code(ram_addr_t ram_addr);
491static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 492 target_ulong vaddr);
c8a706fe
PB		 493#define mmap_lock() do { } while(0)
494#define mmap_unlock() do { } while(0)
9fa3e853 495#endif
fd6ce8f6 496
4369415f
FB		 497#define DEFAULT_CODE_GEN_BUFFER_SIZE (32 * 1024 * 1024)
498
499#if defined(CONFIG_USER_ONLY)
ccbb4d44 500/* Currently it is not recommended to allocate big chunks of data in
4369415f
FB		 501 user mode. It will change when a dedicated libc will be used */
502#define USE_STATIC_CODE_GEN_BUFFER
503#endif
504
505#ifdef USE_STATIC_CODE_GEN_BUFFER
ebf50fb3
AJ		 506static uint8_t static_code_gen_buffer[DEFAULT_CODE_GEN_BUFFER_SIZE]
507 __attribute__((aligned (CODE_GEN_ALIGN)));
4369415f
FB		 508#endif
509
8fcd3692 510static void code_gen_alloc(unsigned long tb_size)
26a5f13b 511{
4369415f
FB		 512#ifdef USE_STATIC_CODE_GEN_BUFFER
513 code_gen_buffer = static_code_gen_buffer;
514 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
515 map_exec(code_gen_buffer, code_gen_buffer_size);
516#else
26a5f13b
FB		 517 code_gen_buffer_size = tb_size;
518 if (code_gen_buffer_size == 0) {
4369415f 519#if defined(CONFIG_USER_ONLY)
4369415f
FB		 520 code_gen_buffer_size = DEFAULT_CODE_GEN_BUFFER_SIZE;
521#else
ccbb4d44 522 /* XXX: needs adjustments */
94a6b54f 523 code_gen_buffer_size = (unsigned long)(ram_size / 4);
4369415f 524#endif
26a5f13b
FB		 525 }
526 if (code_gen_buffer_size < MIN_CODE_GEN_BUFFER_SIZE)
527 code_gen_buffer_size = MIN_CODE_GEN_BUFFER_SIZE;
528 /* The code gen buffer location may have constraints depending on
529 the host cpu and OS */
530#if defined(__linux__)
531 {
532 int flags;
141ac468
BS		 533 void *start = NULL;
534
26a5f13b
FB		 535 flags = MAP_PRIVATE | MAP_ANONYMOUS;
536#if defined(__x86_64__)
537 flags |= MAP_32BIT;
538 /* Cannot map more than that */
539 if (code_gen_buffer_size > (800 * 1024 * 1024))
540 code_gen_buffer_size = (800 * 1024 * 1024);
141ac468
BS		 541#elif defined(__sparc_v9__)
542 // Map the buffer below 2G, so we can use direct calls and branches
543 flags |= MAP_FIXED;
544 start = (void *) 0x60000000UL;
545 if (code_gen_buffer_size > (512 * 1024 * 1024))
546 code_gen_buffer_size = (512 * 1024 * 1024);
1cb0661e 547#elif defined(__arm__)
5c84bd90 548 /* Keep the buffer no bigger than 16MB to branch between blocks */
1cb0661e
AZ		 549 if (code_gen_buffer_size > 16 * 1024 * 1024)
550 code_gen_buffer_size = 16 * 1024 * 1024;
eba0b893
RH		 551#elif defined(__s390x__)
552 /* Map the buffer so that we can use direct calls and branches. */
553 /* We have a +- 4GB range on the branches; leave some slop. */
554 if (code_gen_buffer_size > (3ul * 1024 * 1024 * 1024)) {
555 code_gen_buffer_size = 3ul * 1024 * 1024 * 1024;
556 }
557 start = (void *)0x90000000UL;
26a5f13b 558#endif
141ac468
BS		 559 code_gen_buffer = mmap(start, code_gen_buffer_size,
560 PROT_WRITE | PROT_READ | PROT_EXEC,
26a5f13b
FB		 561 flags, -1, 0);
562 if (code_gen_buffer == MAP_FAILED) {
563 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
564 exit(1);
565 }
566 }
cbb608a5 567#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
9f4b09a4
TN		 568 || defined(__DragonFly__) || defined(__OpenBSD__) \
569 || defined(__NetBSD__)
06e67a82
AL		 570 {
571 int flags;
572 void *addr = NULL;
573 flags = MAP_PRIVATE | MAP_ANONYMOUS;
574#if defined(__x86_64__)
575 /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
576 * 0x40000000 is free */
577 flags |= MAP_FIXED;
578 addr = (void *)0x40000000;
579 /* Cannot map more than that */
580 if (code_gen_buffer_size > (800 * 1024 * 1024))
581 code_gen_buffer_size = (800 * 1024 * 1024);
4cd31ad2
BS		 582#elif defined(__sparc_v9__)
583 // Map the buffer below 2G, so we can use direct calls and branches
584 flags |= MAP_FIXED;
585 addr = (void *) 0x60000000UL;
586 if (code_gen_buffer_size > (512 * 1024 * 1024)) {
587 code_gen_buffer_size = (512 * 1024 * 1024);
588 }
06e67a82
AL		 589#endif
590 code_gen_buffer = mmap(addr, code_gen_buffer_size,
591 PROT_WRITE | PROT_READ | PROT_EXEC,
592 flags, -1, 0);
593 if (code_gen_buffer == MAP_FAILED) {
594 fprintf(stderr, "Could not allocate dynamic translator buffer\n");
595 exit(1);
596 }
597 }
26a5f13b 598#else
7267c094 599 code_gen_buffer = g_malloc(code_gen_buffer_size);
26a5f13b
FB		 600 map_exec(code_gen_buffer, code_gen_buffer_size);
601#endif
4369415f 602#endif /* !USE_STATIC_CODE_GEN_BUFFER */
26a5f13b 603 map_exec(code_gen_prologue, sizeof(code_gen_prologue));
a884da8a
PM		 604 code_gen_buffer_max_size = code_gen_buffer_size -
605 (TCG_MAX_OP_SIZE * OPC_BUF_SIZE);
26a5f13b 606 code_gen_max_blocks = code_gen_buffer_size / CODE_GEN_AVG_BLOCK_SIZE;
7267c094 607 tbs = g_malloc(code_gen_max_blocks * sizeof(TranslationBlock));
26a5f13b
FB		 608}
609
610/* Must be called before using the QEMU cpus. 'tb_size' is the size
611 (in bytes) allocated to the translation buffer. Zero means default
612 size. */
d5ab9713 613void tcg_exec_init(unsigned long tb_size)
26a5f13b 614{
26a5f13b
FB		 615 cpu_gen_init();
616 code_gen_alloc(tb_size);
617 code_gen_ptr = code_gen_buffer;
4369415f 618 page_init();
9002ec79
RH		 619#if !defined(CONFIG_USER_ONLY) || !defined(CONFIG_USE_GUEST_BASE)
620 /* There's no guest base to take into account, so go ahead and
621 initialize the prologue now. */
622 tcg_prologue_init(&tcg_ctx);
623#endif
26a5f13b
FB		 624}
625
d5ab9713
JK		 626bool tcg_enabled(void)
627{
628 return code_gen_buffer != NULL;
629}
630
631void cpu_exec_init_all(void)
632{
633#if !defined(CONFIG_USER_ONLY)
634 memory_map_init();
635 io_mem_init();
636#endif
637}
638
9656f324
PB		 639#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
640
e59fb374 641static int cpu_common_post_load(void *opaque, int version_id)
e7f4eff7
JQ		 642{
643 CPUState *env = opaque;
9656f324 644
3098dba0
AJ		 645 /* 0x01 was CPU_INTERRUPT_EXIT. This line can be removed when the
646 version_id is increased. */
647 env->interrupt_request &= ~0x01;
9656f324
PB		 648 tlb_flush(env, 1);
649
650 return 0;
651}
e7f4eff7
JQ		 652
653static const VMStateDescription vmstate_cpu_common = {
654 .name = "cpu_common",
655 .version_id = 1,
656 .minimum_version_id = 1,
657 .minimum_version_id_old = 1,
e7f4eff7
JQ		 658 .post_load = cpu_common_post_load,
659 .fields = (VMStateField []) {
660 VMSTATE_UINT32(halted, CPUState),
661 VMSTATE_UINT32(interrupt_request, CPUState),
662 VMSTATE_END_OF_LIST()
663 }
664};
9656f324
PB		 665#endif
666
950f1472
GC		 667CPUState *qemu_get_cpu(int cpu)
668{
669 CPUState *env = first_cpu;
670
671 while (env) {
672 if (env->cpu_index == cpu)
673 break;
674 env = env->next_cpu;
675 }
676
677 return env;
678}
679
6a00d601 680void cpu_exec_init(CPUState *env)
fd6ce8f6 681{
6a00d601
FB		 682 CPUState **penv;
683 int cpu_index;
684
c2764719
PB		 685#if defined(CONFIG_USER_ONLY)
686 cpu_list_lock();
687#endif
6a00d601
FB		 688 env->next_cpu = NULL;
689 penv = &first_cpu;
690 cpu_index = 0;
691 while (*penv != NULL) {
1e9fa730 692 penv = &(*penv)->next_cpu;
6a00d601
FB		 693 cpu_index++;
694 }
695 env->cpu_index = cpu_index;
268a362c 696 env->numa_node = 0;
72cf2d4f
BS		 697 QTAILQ_INIT(&env->breakpoints);
698 QTAILQ_INIT(&env->watchpoints);
dc7a09cf
JK		 699#ifndef CONFIG_USER_ONLY
700 env->thread_id = qemu_get_thread_id();
701#endif
6a00d601 702 *penv = env;
c2764719
PB		 703#if defined(CONFIG_USER_ONLY)
704 cpu_list_unlock();
705#endif
b3c7724c 706#if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
0be71e32
AW		 707 vmstate_register(NULL, cpu_index, &vmstate_cpu_common, env);
708 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
b3c7724c
PB		 709 cpu_save, cpu_load, env);
710#endif
fd6ce8f6
FB		 711}
712
d1a1eb74
TG		 713/* Allocate a new translation block. Flush the translation buffer if
714 too many translation blocks or too much generated code. */
715static TranslationBlock *tb_alloc(target_ulong pc)
716{
717 TranslationBlock *tb;
718
719 if (nb_tbs >= code_gen_max_blocks ||
720 (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
721 return NULL;
722 tb = &tbs[nb_tbs++];
723 tb->pc = pc;
724 tb->cflags = 0;
725 return tb;
726}
727
728void tb_free(TranslationBlock *tb)
729{
730 /* In practice this is mostly used for single use temporary TB
731 Ignore the hard cases and just back up if this TB happens to
732 be the last one generated. */
733 if (nb_tbs > 0 && tb == &tbs[nb_tbs - 1]) {
734 code_gen_ptr = tb->tc_ptr;
735 nb_tbs--;
736 }
737}
738
9fa3e853
FB		 739static inline void invalidate_page_bitmap(PageDesc *p)
740{
741 if (p->code_bitmap) {
7267c094 742 g_free(p->code_bitmap);
9fa3e853
FB		 743 p->code_bitmap = NULL;
744 }
745 p->code_write_count = 0;
746}
747
5cd2c5b6
RH		 748/* Set to NULL all the 'first_tb' fields in all PageDescs. */
749
750static void page_flush_tb_1 (int level, void **lp)
fd6ce8f6 751{
5cd2c5b6 752 int i;
fd6ce8f6 753
5cd2c5b6
RH		 754 if (*lp == NULL) {
755 return;
756 }
757 if (level == 0) {
758 PageDesc *pd = *lp;
7296abac 759 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 760 pd[i].first_tb = NULL;
761 invalidate_page_bitmap(pd + i);
fd6ce8f6 762 }
5cd2c5b6
RH		 763 } else {
764 void **pp = *lp;
7296abac 765 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 766 page_flush_tb_1 (level - 1, pp + i);
767 }
768 }
769}
770
771static void page_flush_tb(void)
772{
773 int i;
774 for (i = 0; i < V_L1_SIZE; i++) {
775 page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i);
fd6ce8f6
FB		 776 }
777}
778
779/* flush all the translation blocks */
d4e8164f 780/* XXX: tb_flush is currently not thread safe */
6a00d601 781void tb_flush(CPUState *env1)
fd6ce8f6 782{
6a00d601 783 CPUState *env;
0124311e 784#if defined(DEBUG_FLUSH)
ab3d1727
BS		 785 printf("qemu: flush code_size=%ld nb_tbs=%d avg_tb_size=%ld\n",
786 (unsigned long)(code_gen_ptr - code_gen_buffer),
787 nb_tbs, nb_tbs > 0 ?
788 ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
fd6ce8f6 789#endif
26a5f13b 790 if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
a208e54a
PB		 791 cpu_abort(env1, "Internal error: code buffer overflow\n");
792
fd6ce8f6 793 nb_tbs = 0;
3b46e624 794
6a00d601
FB		 795 for(env = first_cpu; env != NULL; env = env->next_cpu) {
796 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
797 }
9fa3e853 798
8a8a608f 799 memset (tb_phys_hash, 0, CODE_GEN_PHYS_HASH_SIZE * sizeof (void *));
fd6ce8f6 800 page_flush_tb();
9fa3e853 801
fd6ce8f6 802 code_gen_ptr = code_gen_buffer;
d4e8164f
FB		 803 /* XXX: flush processor icache at this point if cache flush is
804 expensive */
e3db7226 805 tb_flush_count++;
fd6ce8f6
FB		 806}
807
808#ifdef DEBUG_TB_CHECK
809
bc98a7ef 810static void tb_invalidate_check(target_ulong address)
fd6ce8f6
FB		 811{
812 TranslationBlock *tb;
813 int i;
814 address &= TARGET_PAGE_MASK;
99773bd4
PB		 815 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
816 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 817 if (!(address + TARGET_PAGE_SIZE <= tb->pc ||
818 address >= tb->pc + tb->size)) {
0bf9e31a
BS		 819 printf("ERROR invalidate: address=" TARGET_FMT_lx
820 " PC=%08lx size=%04x\n",
99773bd4 821 address, (long)tb->pc, tb->size);
fd6ce8f6
FB		 822 }
823 }
824 }
825}
826
827/* verify that all the pages have correct rights for code */
828static void tb_page_check(void)
829{
830 TranslationBlock *tb;
831 int i, flags1, flags2;
3b46e624 832
99773bd4
PB		 833 for(i = 0;i < CODE_GEN_PHYS_HASH_SIZE; i++) {
834 for(tb = tb_phys_hash[i]; tb != NULL; tb = tb->phys_hash_next) {
fd6ce8f6
FB		 835 flags1 = page_get_flags(tb->pc);
836 flags2 = page_get_flags(tb->pc + tb->size - 1);
837 if ((flags1 & PAGE_WRITE) || (flags2 & PAGE_WRITE)) {
838 printf("ERROR page flags: PC=%08lx size=%04x f1=%x f2=%x\n",
99773bd4 839 (long)tb->pc, tb->size, flags1, flags2);
fd6ce8f6
FB		 840 }
841 }
842 }
843}
844
845#endif
846
847/* invalidate one TB */
848static inline void tb_remove(TranslationBlock **ptb, TranslationBlock *tb,
849 int next_offset)
850{
851 TranslationBlock *tb1;
852 for(;;) {
853 tb1 = *ptb;
854 if (tb1 == tb) {
855 *ptb = *(TranslationBlock **)((char *)tb1 + next_offset);
856 break;
857 }
858 ptb = (TranslationBlock **)((char *)tb1 + next_offset);
859 }
860}
861
9fa3e853
FB		 862static inline void tb_page_remove(TranslationBlock **ptb, TranslationBlock *tb)
863{
864 TranslationBlock *tb1;
865 unsigned int n1;
866
867 for(;;) {
868 tb1 = *ptb;
869 n1 = (long)tb1 & 3;
870 tb1 = (TranslationBlock *)((long)tb1 & ~3);
871 if (tb1 == tb) {
872 *ptb = tb1->page_next[n1];
873 break;
874 }
875 ptb = &tb1->page_next[n1];
876 }
877}
878
d4e8164f
FB		 879static inline void tb_jmp_remove(TranslationBlock *tb, int n)
880{
881 TranslationBlock *tb1, **ptb;
882 unsigned int n1;
883
884 ptb = &tb->jmp_next[n];
885 tb1 = *ptb;
886 if (tb1) {
887 /* find tb(n) in circular list */
888 for(;;) {
889 tb1 = *ptb;
890 n1 = (long)tb1 & 3;
891 tb1 = (TranslationBlock *)((long)tb1 & ~3);
892 if (n1 == n && tb1 == tb)
893 break;
894 if (n1 == 2) {
895 ptb = &tb1->jmp_first;
896 } else {
897 ptb = &tb1->jmp_next[n1];
898 }
899 }
900 /* now we can suppress tb(n) from the list */
901 *ptb = tb->jmp_next[n];
902
903 tb->jmp_next[n] = NULL;
904 }
905}
906
907/* reset the jump entry 'n' of a TB so that it is not chained to
908 another TB */
909static inline void tb_reset_jump(TranslationBlock *tb, int n)
910{
911 tb_set_jmp_target(tb, n, (unsigned long)(tb->tc_ptr + tb->tb_next_offset[n]));
912}
913
41c1b1c9 914void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr)
fd6ce8f6 915{
6a00d601 916 CPUState *env;
8a40a180 917 PageDesc *p;
d4e8164f 918 unsigned int h, n1;
41c1b1c9 919 tb_page_addr_t phys_pc;
8a40a180 920 TranslationBlock *tb1, *tb2;
3b46e624 921
8a40a180
FB		 922 /* remove the TB from the hash list */
923 phys_pc = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
924 h = tb_phys_hash_func(phys_pc);
5fafdf24 925 tb_remove(&tb_phys_hash[h], tb,
8a40a180
FB		 926 offsetof(TranslationBlock, phys_hash_next));
927
928 /* remove the TB from the page list */
929 if (tb->page_addr[0] != page_addr) {
930 p = page_find(tb->page_addr[0] >> TARGET_PAGE_BITS);
931 tb_page_remove(&p->first_tb, tb);
932 invalidate_page_bitmap(p);
933 }
934 if (tb->page_addr[1] != -1 && tb->page_addr[1] != page_addr) {
935 p = page_find(tb->page_addr[1] >> TARGET_PAGE_BITS);
936 tb_page_remove(&p->first_tb, tb);
937 invalidate_page_bitmap(p);
938 }
939
36bdbe54 940 tb_invalidated_flag = 1;
59817ccb 941
fd6ce8f6 942 /* remove the TB from the hash list */
8a40a180 943 h = tb_jmp_cache_hash_func(tb->pc);
6a00d601
FB		 944 for(env = first_cpu; env != NULL; env = env->next_cpu) {
945 if (env->tb_jmp_cache[h] == tb)
946 env->tb_jmp_cache[h] = NULL;
947 }
d4e8164f
FB		 948
949 /* suppress this TB from the two jump lists */
950 tb_jmp_remove(tb, 0);
951 tb_jmp_remove(tb, 1);
952
953 /* suppress any remaining jumps to this TB */
954 tb1 = tb->jmp_first;
955 for(;;) {
956 n1 = (long)tb1 & 3;
957 if (n1 == 2)
958 break;
959 tb1 = (TranslationBlock *)((long)tb1 & ~3);
960 tb2 = tb1->jmp_next[n1];
961 tb_reset_jump(tb1, n1);
962 tb1->jmp_next[n1] = NULL;
963 tb1 = tb2;
964 }
965 tb->jmp_first = (TranslationBlock *)((long)tb | 2); /* fail safe */
9fa3e853 966
e3db7226 967 tb_phys_invalidate_count++;
9fa3e853
FB		 968}
969
970static inline void set_bits(uint8_t *tab, int start, int len)
971{
972 int end, mask, end1;
973
974 end = start + len;
975 tab += start >> 3;
976 mask = 0xff << (start & 7);
977 if ((start & ~7) == (end & ~7)) {
978 if (start < end) {
979 mask &= ~(0xff << (end & 7));
980 *tab |= mask;
981 }
982 } else {
983 *tab++ |= mask;
984 start = (start + 8) & ~7;
985 end1 = end & ~7;
986 while (start < end1) {
987 *tab++ = 0xff;
988 start += 8;
989 }
990 if (start < end) {
991 mask = ~(0xff << (end & 7));
992 *tab |= mask;
993 }
994 }
995}
996
997static void build_page_bitmap(PageDesc *p)
998{
999 int n, tb_start, tb_end;
1000 TranslationBlock *tb;
3b46e624 1001
7267c094 1002 p->code_bitmap = g_malloc0(TARGET_PAGE_SIZE / 8);
9fa3e853
FB		 1003
1004 tb = p->first_tb;
1005 while (tb != NULL) {
1006 n = (long)tb & 3;
1007 tb = (TranslationBlock *)((long)tb & ~3);
1008 /* NOTE: this is subtle as a TB may span two physical pages */
1009 if (n == 0) {
1010 /* NOTE: tb_end may be after the end of the page, but
1011 it is not a problem */
1012 tb_start = tb->pc & ~TARGET_PAGE_MASK;
1013 tb_end = tb_start + tb->size;
1014 if (tb_end > TARGET_PAGE_SIZE)
1015 tb_end = TARGET_PAGE_SIZE;
1016 } else {
1017 tb_start = 0;
1018 tb_end = ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1019 }
1020 set_bits(p->code_bitmap, tb_start, tb_end - tb_start);
1021 tb = tb->page_next[n];
1022 }
1023}
1024
2e70f6ef
PB		 1025TranslationBlock *tb_gen_code(CPUState *env,
1026 target_ulong pc, target_ulong cs_base,
1027 int flags, int cflags)
d720b93d
FB		 1028{
1029 TranslationBlock *tb;
1030 uint8_t *tc_ptr;
41c1b1c9
PB		 1031 tb_page_addr_t phys_pc, phys_page2;
1032 target_ulong virt_page2;
d720b93d
FB		 1033 int code_gen_size;
1034
41c1b1c9 1035 phys_pc = get_page_addr_code(env, pc);
c27004ec 1036 tb = tb_alloc(pc);
d720b93d
FB		 1037 if (!tb) {
1038 /* flush must be done */
1039 tb_flush(env);
1040 /* cannot fail at this point */
c27004ec 1041 tb = tb_alloc(pc);
2e70f6ef
PB		 1042 /* Don't forget to invalidate previous TB info. */
1043 tb_invalidated_flag = 1;
d720b93d
FB		 1044 }
1045 tc_ptr = code_gen_ptr;
1046 tb->tc_ptr = tc_ptr;
1047 tb->cs_base = cs_base;
1048 tb->flags = flags;
1049 tb->cflags = cflags;
d07bde88 1050 cpu_gen_code(env, tb, &code_gen_size);
d720b93d 1051 code_gen_ptr = (void *)(((unsigned long)code_gen_ptr + code_gen_size + CODE_GEN_ALIGN - 1) & ~(CODE_GEN_ALIGN - 1));
3b46e624 1052
d720b93d 1053 /* check next page if needed */
c27004ec 1054 virt_page2 = (pc + tb->size - 1) & TARGET_PAGE_MASK;
d720b93d 1055 phys_page2 = -1;
c27004ec 1056 if ((pc & TARGET_PAGE_MASK) != virt_page2) {
41c1b1c9 1057 phys_page2 = get_page_addr_code(env, virt_page2);
d720b93d 1058 }
41c1b1c9 1059 tb_link_page(tb, phys_pc, phys_page2);
2e70f6ef 1060 return tb;
d720b93d 1061}
3b46e624 1062
9fa3e853
FB		 1063/* invalidate all TBs which intersect with the target physical page
1064 starting in range [start;end[. NOTE: start and end must refer to
d720b93d
FB		 1065 the same physical page. 'is_cpu_write_access' should be true if called
1066 from a real cpu write access: the virtual CPU will exit the current
1067 TB if code is modified inside this TB. */
41c1b1c9 1068void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
d720b93d
FB		 1069 int is_cpu_write_access)
1070{
6b917547 1071 TranslationBlock *tb, *tb_next, *saved_tb;
d720b93d 1072 CPUState *env = cpu_single_env;
41c1b1c9 1073 tb_page_addr_t tb_start, tb_end;
6b917547
AL		 1074 PageDesc *p;
1075 int n;
1076#ifdef TARGET_HAS_PRECISE_SMC
1077 int current_tb_not_found = is_cpu_write_access;
1078 TranslationBlock *current_tb = NULL;
1079 int current_tb_modified = 0;
1080 target_ulong current_pc = 0;
1081 target_ulong current_cs_base = 0;
1082 int current_flags = 0;
1083#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1084
1085 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1086 if (!p)
9fa3e853 1087 return;
5fafdf24 1088 if (!p->code_bitmap &&
d720b93d
FB		 1089 ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
1090 is_cpu_write_access) {
9fa3e853
FB		 1091 /* build code bitmap */
1092 build_page_bitmap(p);
1093 }
1094
1095 /* we remove all the TBs in the range [start, end[ */
1096 /* XXX: see if in some cases it could be faster to invalidate all the code */
1097 tb = p->first_tb;
1098 while (tb != NULL) {
1099 n = (long)tb & 3;
1100 tb = (TranslationBlock *)((long)tb & ~3);
1101 tb_next = tb->page_next[n];
1102 /* NOTE: this is subtle as a TB may span two physical pages */
1103 if (n == 0) {
1104 /* NOTE: tb_end may be after the end of the page, but
1105 it is not a problem */
1106 tb_start = tb->page_addr[0] + (tb->pc & ~TARGET_PAGE_MASK);
1107 tb_end = tb_start + tb->size;
1108 } else {
1109 tb_start = tb->page_addr[1];
1110 tb_end = tb_start + ((tb->pc + tb->size) & ~TARGET_PAGE_MASK);
1111 }
1112 if (!(tb_end <= start || tb_start >= end)) {
d720b93d
FB		 1113#ifdef TARGET_HAS_PRECISE_SMC
1114 if (current_tb_not_found) {
1115 current_tb_not_found = 0;
1116 current_tb = NULL;
2e70f6ef 1117 if (env->mem_io_pc) {
d720b93d 1118 /* now we have a real cpu fault */
2e70f6ef 1119 current_tb = tb_find_pc(env->mem_io_pc);
d720b93d
FB		 1120 }
1121 }
1122 if (current_tb == tb &&
2e70f6ef 1123 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1124 /* If we are modifying the current TB, we must stop
1125 its execution. We could be more precise by checking
1126 that the modification is after the current PC, but it
1127 would require a specialized function to partially
1128 restore the CPU state */
3b46e624 1129
d720b93d 1130 current_tb_modified = 1;
618ba8e6 1131 cpu_restore_state(current_tb, env, env->mem_io_pc);
6b917547
AL		 1132 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1133 &current_flags);
d720b93d
FB		 1134 }
1135#endif /* TARGET_HAS_PRECISE_SMC */
6f5a9f7e
FB		 1136 /* we need to do that to handle the case where a signal
1137 occurs while doing tb_phys_invalidate() */
1138 saved_tb = NULL;
1139 if (env) {
1140 saved_tb = env->current_tb;
1141 env->current_tb = NULL;
1142 }
9fa3e853 1143 tb_phys_invalidate(tb, -1);
6f5a9f7e
FB		 1144 if (env) {
1145 env->current_tb = saved_tb;
1146 if (env->interrupt_request && env->current_tb)
1147 cpu_interrupt(env, env->interrupt_request);
1148 }
9fa3e853
FB		 1149 }
1150 tb = tb_next;
1151 }
1152#if !defined(CONFIG_USER_ONLY)
1153 /* if no code remaining, no need to continue to use slow writes */
1154 if (!p->first_tb) {
1155 invalidate_page_bitmap(p);
d720b93d 1156 if (is_cpu_write_access) {
2e70f6ef 1157 tlb_unprotect_code_phys(env, start, env->mem_io_vaddr);
d720b93d
FB		 1158 }
1159 }
1160#endif
1161#ifdef TARGET_HAS_PRECISE_SMC
1162 if (current_tb_modified) {
1163 /* we generate a block containing just the instruction
1164 modifying the memory. It will ensure that it cannot modify
1165 itself */
ea1c1802 1166 env->current_tb = NULL;
2e70f6ef 1167 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d 1168 cpu_resume_from_signal(env, NULL);
9fa3e853 1169 }
fd6ce8f6 1170#endif
9fa3e853 1171}
fd6ce8f6 1172
9fa3e853 1173/* len must be <= 8 and start must be a multiple of len */
41c1b1c9 1174static inline void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len)
9fa3e853
FB		 1175{
1176 PageDesc *p;
1177 int offset, b;
59817ccb 1178#if 0
a4193c8a 1179 if (1) {
93fcfe39
AL		 1180 qemu_log("modifying code at 0x%x size=%d EIP=%x PC=%08x\n",
1181 cpu_single_env->mem_io_vaddr, len,
1182 cpu_single_env->eip,
1183 cpu_single_env->eip + (long)cpu_single_env->segs[R_CS].base);
59817ccb
FB		 1184 }
1185#endif
9fa3e853 1186 p = page_find(start >> TARGET_PAGE_BITS);
5fafdf24 1187 if (!p)
9fa3e853
FB		 1188 return;
1189 if (p->code_bitmap) {
1190 offset = start & ~TARGET_PAGE_MASK;
1191 b = p->code_bitmap[offset >> 3] >> (offset & 7);
1192 if (b & ((1 << len) - 1))
1193 goto do_invalidate;
1194 } else {
1195 do_invalidate:
d720b93d 1196 tb_invalidate_phys_page_range(start, start + len, 1);
9fa3e853
FB		 1197 }
1198}
1199
9fa3e853 1200#if !defined(CONFIG_SOFTMMU)
41c1b1c9 1201static void tb_invalidate_phys_page(tb_page_addr_t addr,
d720b93d 1202 unsigned long pc, void *puc)
9fa3e853 1203{
6b917547 1204 TranslationBlock *tb;
9fa3e853 1205 PageDesc *p;
6b917547 1206 int n;
d720b93d 1207#ifdef TARGET_HAS_PRECISE_SMC
6b917547 1208 TranslationBlock *current_tb = NULL;
d720b93d 1209 CPUState *env = cpu_single_env;
6b917547
AL		 1210 int current_tb_modified = 0;
1211 target_ulong current_pc = 0;
1212 target_ulong current_cs_base = 0;
1213 int current_flags = 0;
d720b93d 1214#endif
9fa3e853
FB		 1215
1216 addr &= TARGET_PAGE_MASK;
1217 p = page_find(addr >> TARGET_PAGE_BITS);
5fafdf24 1218 if (!p)
9fa3e853
FB		 1219 return;
1220 tb = p->first_tb;
d720b93d
FB		 1221#ifdef TARGET_HAS_PRECISE_SMC
1222 if (tb && pc != 0) {
1223 current_tb = tb_find_pc(pc);
1224 }
1225#endif
9fa3e853
FB		 1226 while (tb != NULL) {
1227 n = (long)tb & 3;
1228 tb = (TranslationBlock *)((long)tb & ~3);
d720b93d
FB		 1229#ifdef TARGET_HAS_PRECISE_SMC
1230 if (current_tb == tb &&
2e70f6ef 1231 (current_tb->cflags & CF_COUNT_MASK) != 1) {
d720b93d
FB		 1232 /* If we are modifying the current TB, we must stop
1233 its execution. We could be more precise by checking
1234 that the modification is after the current PC, but it
1235 would require a specialized function to partially
1236 restore the CPU state */
3b46e624 1237
d720b93d 1238 current_tb_modified = 1;
618ba8e6 1239 cpu_restore_state(current_tb, env, pc);
6b917547
AL		 1240 cpu_get_tb_cpu_state(env, &current_pc, &current_cs_base,
1241 &current_flags);
d720b93d
FB		 1242 }
1243#endif /* TARGET_HAS_PRECISE_SMC */
9fa3e853
FB		 1244 tb_phys_invalidate(tb, addr);
1245 tb = tb->page_next[n];
1246 }
fd6ce8f6 1247 p->first_tb = NULL;
d720b93d
FB		 1248#ifdef TARGET_HAS_PRECISE_SMC
1249 if (current_tb_modified) {
1250 /* we generate a block containing just the instruction
1251 modifying the memory. It will ensure that it cannot modify
1252 itself */
ea1c1802 1253 env->current_tb = NULL;
2e70f6ef 1254 tb_gen_code(env, current_pc, current_cs_base, current_flags, 1);
d720b93d
FB		 1255 cpu_resume_from_signal(env, puc);
1256 }
1257#endif
fd6ce8f6 1258}
9fa3e853 1259#endif
fd6ce8f6
FB		 1260
1261/* add the tb in the target page and protect it if necessary */
5fafdf24 1262static inline void tb_alloc_page(TranslationBlock *tb,
41c1b1c9 1263 unsigned int n, tb_page_addr_t page_addr)
fd6ce8f6
FB		 1264{
1265 PageDesc *p;
4429ab44
JQ		 1266#ifndef CONFIG_USER_ONLY
1267 bool page_already_protected;
1268#endif
9fa3e853
FB		 1269
1270 tb->page_addr[n] = page_addr;
5cd2c5b6 1271 p = page_find_alloc(page_addr >> TARGET_PAGE_BITS, 1);
9fa3e853 1272 tb->page_next[n] = p->first_tb;
4429ab44
JQ		 1273#ifndef CONFIG_USER_ONLY
1274 page_already_protected = p->first_tb != NULL;
1275#endif
9fa3e853
FB		 1276 p->first_tb = (TranslationBlock *)((long)tb | n);
1277 invalidate_page_bitmap(p);
fd6ce8f6 1278
107db443 1279#if defined(TARGET_HAS_SMC) || 1
d720b93d 1280
9fa3e853 1281#if defined(CONFIG_USER_ONLY)
fd6ce8f6 1282 if (p->flags & PAGE_WRITE) {
53a5960a
PB		 1283 target_ulong addr;
1284 PageDesc *p2;
9fa3e853
FB		 1285 int prot;
1286
fd6ce8f6
FB		 1287 /* force the host page as non writable (writes will have a
1288 page fault + mprotect overhead) */
53a5960a 1289 page_addr &= qemu_host_page_mask;
fd6ce8f6 1290 prot = 0;
53a5960a
PB		 1291 for(addr = page_addr; addr < page_addr + qemu_host_page_size;
1292 addr += TARGET_PAGE_SIZE) {
1293
1294 p2 = page_find (addr >> TARGET_PAGE_BITS);
1295 if (!p2)
1296 continue;
1297 prot |= p2->flags;
1298 p2->flags &= ~PAGE_WRITE;
53a5960a 1299 }
5fafdf24 1300 mprotect(g2h(page_addr), qemu_host_page_size,
fd6ce8f6
FB		 1301 (prot & PAGE_BITS) & ~PAGE_WRITE);
1302#ifdef DEBUG_TB_INVALIDATE
ab3d1727 1303 printf("protecting code page: 0x" TARGET_FMT_lx "\n",
53a5960a 1304 page_addr);
fd6ce8f6 1305#endif
fd6ce8f6 1306 }
9fa3e853
FB		 1307#else
1308 /* if some code is already present, then the pages are already
1309 protected. So we handle the case where only the first TB is
1310 allocated in a physical page */
4429ab44 1311 if (!page_already_protected) {
6a00d601 1312 tlb_protect_code(page_addr);
9fa3e853
FB		 1313 }
1314#endif
d720b93d
FB		 1315
1316#endif /* TARGET_HAS_SMC */
fd6ce8f6
FB		 1317}
1318
9fa3e853
FB		 1319/* add a new TB and link it to the physical page tables. phys_page2 is
1320 (-1) to indicate that only one page contains the TB. */
41c1b1c9
PB		 1321void tb_link_page(TranslationBlock *tb,
1322 tb_page_addr_t phys_pc, tb_page_addr_t phys_page2)
d4e8164f 1323{
9fa3e853
FB		 1324 unsigned int h;
1325 TranslationBlock **ptb;
1326
c8a706fe
PB		 1327 /* Grab the mmap lock to stop another thread invalidating this TB
1328 before we are done. */
1329 mmap_lock();
9fa3e853
FB		 1330 /* add in the physical hash table */
1331 h = tb_phys_hash_func(phys_pc);
1332 ptb = &tb_phys_hash[h];
1333 tb->phys_hash_next = *ptb;
1334 *ptb = tb;
fd6ce8f6
FB		 1335
1336 /* add in the page list */
9fa3e853
FB		 1337 tb_alloc_page(tb, 0, phys_pc & TARGET_PAGE_MASK);
1338 if (phys_page2 != -1)
1339 tb_alloc_page(tb, 1, phys_page2);
1340 else
1341 tb->page_addr[1] = -1;
9fa3e853 1342
d4e8164f
FB		 1343 tb->jmp_first = (TranslationBlock *)((long)tb | 2);
1344 tb->jmp_next[0] = NULL;
1345 tb->jmp_next[1] = NULL;
1346
1347 /* init original jump addresses */
1348 if (tb->tb_next_offset[0] != 0xffff)
1349 tb_reset_jump(tb, 0);
1350 if (tb->tb_next_offset[1] != 0xffff)
1351 tb_reset_jump(tb, 1);
8a40a180
FB		 1352
1353#ifdef DEBUG_TB_CHECK
1354 tb_page_check();
1355#endif
c8a706fe 1356 mmap_unlock();
fd6ce8f6
FB		 1357}
1358
9fa3e853
FB		 1359/* find the TB 'tb' such that tb[0].tc_ptr <= tc_ptr <
1360 tb[1].tc_ptr. Return NULL if not found */
1361TranslationBlock *tb_find_pc(unsigned long tc_ptr)
fd6ce8f6 1362{
9fa3e853
FB		 1363 int m_min, m_max, m;
1364 unsigned long v;
1365 TranslationBlock *tb;
a513fe19
FB		 1366
1367 if (nb_tbs <= 0)
1368 return NULL;
1369 if (tc_ptr < (unsigned long)code_gen_buffer ||
1370 tc_ptr >= (unsigned long)code_gen_ptr)
1371 return NULL;
1372 /* binary search (cf Knuth) */
1373 m_min = 0;
1374 m_max = nb_tbs - 1;
1375 while (m_min <= m_max) {
1376 m = (m_min + m_max) >> 1;
1377 tb = &tbs[m];
1378 v = (unsigned long)tb->tc_ptr;
1379 if (v == tc_ptr)
1380 return tb;
1381 else if (tc_ptr < v) {
1382 m_max = m - 1;
1383 } else {
1384 m_min = m + 1;
1385 }
5fafdf24 1386 }
a513fe19
FB		 1387 return &tbs[m_max];
1388}
7501267e 1389
ea041c0e
FB		 1390static void tb_reset_jump_recursive(TranslationBlock *tb);
1391
1392static inline void tb_reset_jump_recursive2(TranslationBlock *tb, int n)
1393{
1394 TranslationBlock *tb1, *tb_next, **ptb;
1395 unsigned int n1;
1396
1397 tb1 = tb->jmp_next[n];
1398 if (tb1 != NULL) {
1399 /* find head of list */
1400 for(;;) {
1401 n1 = (long)tb1 & 3;
1402 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1403 if (n1 == 2)
1404 break;
1405 tb1 = tb1->jmp_next[n1];
1406 }
1407 /* we are now sure now that tb jumps to tb1 */
1408 tb_next = tb1;
1409
1410 /* remove tb from the jmp_first list */
1411 ptb = &tb_next->jmp_first;
1412 for(;;) {
1413 tb1 = *ptb;
1414 n1 = (long)tb1 & 3;
1415 tb1 = (TranslationBlock *)((long)tb1 & ~3);
1416 if (n1 == n && tb1 == tb)
1417 break;
1418 ptb = &tb1->jmp_next[n1];
1419 }
1420 *ptb = tb->jmp_next[n];
1421 tb->jmp_next[n] = NULL;
3b46e624 1422
ea041c0e
FB		 1423 /* suppress the jump to next tb in generated code */
1424 tb_reset_jump(tb, n);
1425
0124311e 1426 /* suppress jumps in the tb on which we could have jumped */
ea041c0e
FB		 1427 tb_reset_jump_recursive(tb_next);
1428 }
1429}
1430
1431static void tb_reset_jump_recursive(TranslationBlock *tb)
1432{
1433 tb_reset_jump_recursive2(tb, 0);
1434 tb_reset_jump_recursive2(tb, 1);
1435}
1436
1fddef4b 1437#if defined(TARGET_HAS_ICE)
94df27fd
PB		 1438#if defined(CONFIG_USER_ONLY)
1439static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1440{
1441 tb_invalidate_phys_page_range(pc, pc + 1, 0);
1442}
1443#else
d720b93d
FB		 1444static void breakpoint_invalidate(CPUState *env, target_ulong pc)
1445{
c227f099 1446 target_phys_addr_t addr;
c227f099 1447 ram_addr_t ram_addr;
06ef3525 1448 MemoryRegionSection section;
d720b93d 1449
c2f07f81 1450 addr = cpu_get_phys_page_debug(env, pc);
06ef3525
AK		 1451 section = phys_page_find(addr >> TARGET_PAGE_BITS);
1452 if (!(memory_region_is_ram(section.mr)
1453 || (section.mr->rom_device && section.mr->readable))) {
1454 return;
1455 }
1456 ram_addr = (memory_region_get_ram_addr(section.mr)
1457 + section.offset_within_region) & TARGET_PAGE_MASK;
1458 ram_addr |= (pc & ~TARGET_PAGE_MASK);
706cd4b5 1459 tb_invalidate_phys_page_range(ram_addr, ram_addr + 1, 0);
d720b93d 1460}
c27004ec 1461#endif
94df27fd 1462#endif /* TARGET_HAS_ICE */
d720b93d 1463
c527ee8f
PB		 1464#if defined(CONFIG_USER_ONLY)
1465void cpu_watchpoint_remove_all(CPUState *env, int mask)
1466
1467{
1468}
1469
1470int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1471 int flags, CPUWatchpoint **watchpoint)
1472{
1473 return -ENOSYS;
1474}
1475#else
6658ffb8 1476/* Add a watchpoint. */
a1d1bb31
AL		 1477int cpu_watchpoint_insert(CPUState *env, target_ulong addr, target_ulong len,
1478 int flags, CPUWatchpoint **watchpoint)
6658ffb8 1479{
b4051334 1480 target_ulong len_mask = ~(len - 1);
c0ce998e 1481 CPUWatchpoint *wp;
6658ffb8 1482
b4051334
AL		 1483 /* sanity checks: allow power-of-2 lengths, deny unaligned watchpoints */
1484 if ((len != 1 && len != 2 && len != 4 && len != 8) || (addr & ~len_mask)) {
1485 fprintf(stderr, "qemu: tried to set invalid watchpoint at "
1486 TARGET_FMT_lx ", len=" TARGET_FMT_lu "\n", addr, len);
1487 return -EINVAL;
1488 }
7267c094 1489 wp = g_malloc(sizeof(*wp));
a1d1bb31
AL		 1490
1491 wp->vaddr = addr;
b4051334 1492 wp->len_mask = len_mask;
a1d1bb31
AL		 1493 wp->flags = flags;
1494
2dc9f411 1495 /* keep all GDB-injected watchpoints in front */
c0ce998e 1496 if (flags & BP_GDB)
72cf2d4f 1497 QTAILQ_INSERT_HEAD(&env->watchpoints, wp, entry);
c0ce998e 1498 else
72cf2d4f 1499 QTAILQ_INSERT_TAIL(&env->watchpoints, wp, entry);
6658ffb8 1500
6658ffb8 1501 tlb_flush_page(env, addr);
a1d1bb31
AL		 1502
1503 if (watchpoint)
1504 *watchpoint = wp;
1505 return 0;
6658ffb8
PB		 1506}
1507
a1d1bb31
AL		 1508/* Remove a specific watchpoint. */
1509int cpu_watchpoint_remove(CPUState *env, target_ulong addr, target_ulong len,
1510 int flags)
6658ffb8 1511{
b4051334 1512 target_ulong len_mask = ~(len - 1);
a1d1bb31 1513 CPUWatchpoint *wp;
6658ffb8 1514
72cf2d4f 1515 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334 1516 if (addr == wp->vaddr && len_mask == wp->len_mask
6e140f28 1517 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
a1d1bb31 1518 cpu_watchpoint_remove_by_ref(env, wp);
6658ffb8
PB		 1519 return 0;
1520 }
1521 }
a1d1bb31 1522 return -ENOENT;
6658ffb8
PB		 1523}
1524
a1d1bb31
AL		 1525/* Remove a specific watchpoint by reference. */
1526void cpu_watchpoint_remove_by_ref(CPUState *env, CPUWatchpoint *watchpoint)
1527{
72cf2d4f 1528 QTAILQ_REMOVE(&env->watchpoints, watchpoint, entry);
7d03f82f 1529
a1d1bb31
AL		 1530 tlb_flush_page(env, watchpoint->vaddr);
1531
7267c094 1532 g_free(watchpoint);
a1d1bb31
AL		 1533}
1534
1535/* Remove all matching watchpoints. */
1536void cpu_watchpoint_remove_all(CPUState *env, int mask)
1537{
c0ce998e 1538 CPUWatchpoint *wp, *next;
a1d1bb31 1539
72cf2d4f 1540 QTAILQ_FOREACH_SAFE(wp, &env->watchpoints, entry, next) {
a1d1bb31
AL		 1541 if (wp->flags & mask)
1542 cpu_watchpoint_remove_by_ref(env, wp);
c0ce998e 1543 }
7d03f82f 1544}
c527ee8f 1545#endif
7d03f82f 1546
a1d1bb31
AL		 1547/* Add a breakpoint. */
1548int cpu_breakpoint_insert(CPUState *env, target_ulong pc, int flags,
1549 CPUBreakpoint **breakpoint)
4c3a88a2 1550{
1fddef4b 1551#if defined(TARGET_HAS_ICE)
c0ce998e 1552 CPUBreakpoint *bp;
3b46e624 1553
7267c094 1554 bp = g_malloc(sizeof(*bp));
4c3a88a2 1555
a1d1bb31
AL		 1556 bp->pc = pc;
1557 bp->flags = flags;
1558
2dc9f411 1559 /* keep all GDB-injected breakpoints in front */
c0ce998e 1560 if (flags & BP_GDB)
72cf2d4f 1561 QTAILQ_INSERT_HEAD(&env->breakpoints, bp, entry);
c0ce998e 1562 else
72cf2d4f 1563 QTAILQ_INSERT_TAIL(&env->breakpoints, bp, entry);
3b46e624 1564
d720b93d 1565 breakpoint_invalidate(env, pc);
a1d1bb31
AL		 1566
1567 if (breakpoint)
1568 *breakpoint = bp;
4c3a88a2
FB		 1569 return 0;
1570#else
a1d1bb31 1571 return -ENOSYS;
4c3a88a2
FB		 1572#endif
1573}
1574
a1d1bb31
AL		 1575/* Remove a specific breakpoint. */
1576int cpu_breakpoint_remove(CPUState *env, target_ulong pc, int flags)
1577{
7d03f82f 1578#if defined(TARGET_HAS_ICE)
a1d1bb31
AL		 1579 CPUBreakpoint *bp;
1580
72cf2d4f 1581 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
a1d1bb31
AL		 1582 if (bp->pc == pc && bp->flags == flags) {
1583 cpu_breakpoint_remove_by_ref(env, bp);
1584 return 0;
1585 }
7d03f82f 1586 }
a1d1bb31
AL		 1587 return -ENOENT;
1588#else
1589 return -ENOSYS;
7d03f82f
EI		 1590#endif
1591}
1592
a1d1bb31
AL		 1593/* Remove a specific breakpoint by reference. */
1594void cpu_breakpoint_remove_by_ref(CPUState *env, CPUBreakpoint *breakpoint)
4c3a88a2 1595{
1fddef4b 1596#if defined(TARGET_HAS_ICE)
72cf2d4f 1597 QTAILQ_REMOVE(&env->breakpoints, breakpoint, entry);
d720b93d 1598
a1d1bb31
AL		 1599 breakpoint_invalidate(env, breakpoint->pc);
1600
7267c094 1601 g_free(breakpoint);
a1d1bb31
AL		 1602#endif
1603}
1604
1605/* Remove all matching breakpoints. */
1606void cpu_breakpoint_remove_all(CPUState *env, int mask)
1607{
1608#if defined(TARGET_HAS_ICE)
c0ce998e 1609 CPUBreakpoint *bp, *next;
a1d1bb31 1610
72cf2d4f 1611 QTAILQ_FOREACH_SAFE(bp, &env->breakpoints, entry, next) {
a1d1bb31
AL		 1612 if (bp->flags & mask)
1613 cpu_breakpoint_remove_by_ref(env, bp);
c0ce998e 1614 }
4c3a88a2
FB		 1615#endif
1616}
1617
c33a346e
FB		 1618/* enable or disable single step mode. EXCP_DEBUG is returned by the
1619 CPU loop after each instruction */
1620void cpu_single_step(CPUState *env, int enabled)
1621{
1fddef4b 1622#if defined(TARGET_HAS_ICE)
c33a346e
FB		 1623 if (env->singlestep_enabled != enabled) {
1624 env->singlestep_enabled = enabled;
e22a25c9
AL		 1625 if (kvm_enabled())
1626 kvm_update_guest_debug(env, 0);
1627 else {
ccbb4d44 1628 /* must flush all the translated code to avoid inconsistencies */
e22a25c9
AL		 1629 /* XXX: only flush what is necessary */
1630 tb_flush(env);
1631 }
c33a346e
FB		 1632 }
1633#endif
1634}
1635
34865134
FB		 1636/* enable or disable low levels log */
1637void cpu_set_log(int log_flags)
1638{
1639 loglevel = log_flags;
1640 if (loglevel && !logfile) {
11fcfab4 1641 logfile = fopen(logfilename, log_append ? "a" : "w");
34865134
FB		 1642 if (!logfile) {
1643 perror(logfilename);
1644 _exit(1);
1645 }
9fa3e853
FB		 1646#if !defined(CONFIG_SOFTMMU)
1647 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
1648 {
b55266b5 1649 static char logfile_buf[4096];
9fa3e853
FB		 1650 setvbuf(logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
1651 }
daf767b1
SW		 1652#elif defined(_WIN32)
1653 /* Win32 doesn't support line-buffering, so use unbuffered output. */
1654 setvbuf(logfile, NULL, _IONBF, 0);
1655#else
34865134 1656 setvbuf(logfile, NULL, _IOLBF, 0);
9fa3e853 1657#endif
e735b91c
PB		 1658 log_append = 1;
1659 }
1660 if (!loglevel && logfile) {
1661 fclose(logfile);
1662 logfile = NULL;
34865134
FB		 1663 }
1664}
1665
1666void cpu_set_log_filename(const char *filename)
1667{
1668 logfilename = strdup(filename);
e735b91c
PB		 1669 if (logfile) {
1670 fclose(logfile);
1671 logfile = NULL;
1672 }
1673 cpu_set_log(loglevel);
34865134 1674}
c33a346e 1675
3098dba0 1676static void cpu_unlink_tb(CPUState *env)
ea041c0e 1677{
3098dba0
AJ		 1678 /* FIXME: TB unchaining isn't SMP safe. For now just ignore the
1679 problem and hope the cpu will stop of its own accord. For userspace
1680 emulation this often isn't actually as bad as it sounds. Often
1681 signals are used primarily to interrupt blocking syscalls. */
ea041c0e 1682 TranslationBlock *tb;
c227f099 1683 static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;
59817ccb 1684
cab1b4bd 1685 spin_lock(&interrupt_lock);
3098dba0
AJ		 1686 tb = env->current_tb;
1687 /* if the cpu is currently executing code, we must unlink it and
1688 all the potentially executing TB */
f76cfe56 1689 if (tb) {
3098dba0
AJ		 1690 env->current_tb = NULL;
1691 tb_reset_jump_recursive(tb);
be214e6c 1692 }
cab1b4bd 1693 spin_unlock(&interrupt_lock);
3098dba0
AJ		 1694}
1695
97ffbd8d 1696#ifndef CONFIG_USER_ONLY
3098dba0 1697/* mask must never be zero, except for A20 change call */
ec6959d0 1698static void tcg_handle_interrupt(CPUState *env, int mask)
3098dba0
AJ		 1699{
1700 int old_mask;
be214e6c 1701
2e70f6ef 1702 old_mask = env->interrupt_request;
68a79315 1703 env->interrupt_request |= mask;
3098dba0 1704
8edac960
AL		 1705 /*
1706 * If called from iothread context, wake the target cpu in
1707 * case its halted.
1708 */
b7680cb6 1709 if (!qemu_cpu_is_self(env)) {
8edac960
AL		 1710 qemu_cpu_kick(env);
1711 return;
1712 }
8edac960 1713
2e70f6ef 1714 if (use_icount) {
266910c4 1715 env->icount_decr.u16.high = 0xffff;
2e70f6ef 1716 if (!can_do_io(env)
be214e6c 1717 && (mask & ~old_mask) != 0) {
2e70f6ef
PB		 1718 cpu_abort(env, "Raised interrupt while not in I/O function");
1719 }
2e70f6ef 1720 } else {
3098dba0 1721 cpu_unlink_tb(env);
ea041c0e
FB		 1722 }
1723}
1724
ec6959d0
JK		 1725CPUInterruptHandler cpu_interrupt_handler = tcg_handle_interrupt;
1726
97ffbd8d
JK		 1727#else /* CONFIG_USER_ONLY */
1728
1729void cpu_interrupt(CPUState *env, int mask)
1730{
1731 env->interrupt_request |= mask;
1732 cpu_unlink_tb(env);
1733}
1734#endif /* CONFIG_USER_ONLY */
1735
b54ad049
FB		 1736void cpu_reset_interrupt(CPUState *env, int mask)
1737{
1738 env->interrupt_request &= ~mask;
1739}
1740
3098dba0
AJ		 1741void cpu_exit(CPUState *env)
1742{
1743 env->exit_request = 1;
1744 cpu_unlink_tb(env);
1745}
1746
c7cd6a37 1747const CPULogItem cpu_log_items[] = {
5fafdf24 1748 { CPU_LOG_TB_OUT_ASM, "out_asm",
f193c797
FB		 1749 "show generated host assembly code for each compiled TB" },
1750 { CPU_LOG_TB_IN_ASM, "in_asm",
1751 "show target assembly code for each compiled TB" },
5fafdf24 1752 { CPU_LOG_TB_OP, "op",
57fec1fe 1753 "show micro ops for each compiled TB" },
f193c797 1754 { CPU_LOG_TB_OP_OPT, "op_opt",
e01a1157
BS		 1755 "show micro ops "
1756#ifdef TARGET_I386
1757 "before eflags optimization and "
f193c797 1758#endif
e01a1157 1759 "after liveness analysis" },
f193c797
FB		 1760 { CPU_LOG_INT, "int",
1761 "show interrupts/exceptions in short format" },
1762 { CPU_LOG_EXEC, "exec",
1763 "show trace before each executed TB (lots of logs)" },
9fddaa0c 1764 { CPU_LOG_TB_CPU, "cpu",
e91c8a77 1765 "show CPU state before block translation" },
f193c797
FB		 1766#ifdef TARGET_I386
1767 { CPU_LOG_PCALL, "pcall",
1768 "show protected mode far calls/returns/exceptions" },
eca1bdf4
AL		 1769 { CPU_LOG_RESET, "cpu_reset",
1770 "show CPU state before CPU resets" },
f193c797 1771#endif
8e3a9fd2 1772#ifdef DEBUG_IOPORT
fd872598
FB		 1773 { CPU_LOG_IOPORT, "ioport",
1774 "show all i/o ports accesses" },
8e3a9fd2 1775#endif
f193c797
FB		 1776 { 0, NULL, NULL },
1777};
1778
1779static int cmp1(const char *s1, int n, const char *s2)
1780{
1781 if (strlen(s2) != n)
1782 return 0;
1783 return memcmp(s1, s2, n) == 0;
1784}
3b46e624 1785
f193c797
FB		 1786/* takes a comma separated list of log masks. Return 0 if error. */
1787int cpu_str_to_log_mask(const char *str)
1788{
c7cd6a37 1789 const CPULogItem *item;
f193c797
FB		 1790 int mask;
1791 const char *p, *p1;
1792
1793 p = str;
1794 mask = 0;
1795 for(;;) {
1796 p1 = strchr(p, ',');
1797 if (!p1)
1798 p1 = p + strlen(p);
9742bf26
YT		 1799 if(cmp1(p,p1-p,"all")) {
1800 for(item = cpu_log_items; item->mask != 0; item++) {
1801 mask |= item->mask;
1802 }
1803 } else {
1804 for(item = cpu_log_items; item->mask != 0; item++) {
1805 if (cmp1(p, p1 - p, item->name))
1806 goto found;
1807 }
1808 return 0;
f193c797 1809 }
f193c797
FB		 1810 found:
1811 mask |= item->mask;
1812 if (*p1 != ',')
1813 break;
1814 p = p1 + 1;
1815 }
1816 return mask;
1817}
ea041c0e 1818
7501267e
FB		 1819void cpu_abort(CPUState *env, const char *fmt, ...)
1820{
1821 va_list ap;
493ae1f0 1822 va_list ap2;
7501267e
FB		 1823
1824 va_start(ap, fmt);
493ae1f0 1825 va_copy(ap2, ap);
7501267e
FB		 1826 fprintf(stderr, "qemu: fatal: ");
1827 vfprintf(stderr, fmt, ap);
1828 fprintf(stderr, "\n");
1829#ifdef TARGET_I386
7fe48483
FB		 1830 cpu_dump_state(env, stderr, fprintf, X86_DUMP_FPU | X86_DUMP_CCOP);
1831#else
1832 cpu_dump_state(env, stderr, fprintf, 0);
7501267e 1833#endif
93fcfe39
AL		 1834 if (qemu_log_enabled()) {
1835 qemu_log("qemu: fatal: ");
1836 qemu_log_vprintf(fmt, ap2);
1837 qemu_log("\n");
f9373291 1838#ifdef TARGET_I386
93fcfe39 1839 log_cpu_state(env, X86_DUMP_FPU | X86_DUMP_CCOP);
f9373291 1840#else
93fcfe39 1841 log_cpu_state(env, 0);
f9373291 1842#endif
31b1a7b4 1843 qemu_log_flush();
93fcfe39 1844 qemu_log_close();
924edcae 1845 }
493ae1f0 1846 va_end(ap2);
f9373291 1847 va_end(ap);
fd052bf6
RV		 1848#if defined(CONFIG_USER_ONLY)
1849 {
1850 struct sigaction act;
1851 sigfillset(&act.sa_mask);
1852 act.sa_handler = SIG_DFL;
1853 sigaction(SIGABRT, &act, NULL);
1854 }
1855#endif
7501267e
FB		 1856 abort();
1857}
1858
c5be9f08
TS		 1859CPUState *cpu_copy(CPUState *env)
1860{
01ba9816 1861 CPUState *new_env = cpu_init(env->cpu_model_str);
c5be9f08
TS		 1862 CPUState *next_cpu = new_env->next_cpu;
1863 int cpu_index = new_env->cpu_index;
5a38f081
AL		 1864#if defined(TARGET_HAS_ICE)
1865 CPUBreakpoint *bp;
1866 CPUWatchpoint *wp;
1867#endif
1868
c5be9f08 1869 memcpy(new_env, env, sizeof(CPUState));
5a38f081
AL		 1870
1871 /* Preserve chaining and index. */
c5be9f08
TS		 1872 new_env->next_cpu = next_cpu;
1873 new_env->cpu_index = cpu_index;
5a38f081
AL		 1874
1875 /* Clone all break/watchpoints.
1876 Note: Once we support ptrace with hw-debug register access, make sure
1877 BP_CPU break/watchpoints are handled correctly on clone. */
72cf2d4f
BS		 1878 QTAILQ_INIT(&env->breakpoints);
1879 QTAILQ_INIT(&env->watchpoints);
5a38f081 1880#if defined(TARGET_HAS_ICE)
72cf2d4f 1881 QTAILQ_FOREACH(bp, &env->breakpoints, entry) {
5a38f081
AL		 1882 cpu_breakpoint_insert(new_env, bp->pc, bp->flags, NULL);
1883 }
72cf2d4f 1884 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
5a38f081
AL		 1885 cpu_watchpoint_insert(new_env, wp->vaddr, (~wp->len_mask) + 1,
1886 wp->flags, NULL);
1887 }
1888#endif
1889
c5be9f08
TS		 1890 return new_env;
1891}
1892
0124311e
FB		 1893#if !defined(CONFIG_USER_ONLY)
1894
5c751e99
EI		 1895static inline void tlb_flush_jmp_cache(CPUState *env, target_ulong addr)
1896{
1897 unsigned int i;
1898
1899 /* Discard jump cache entries for any tb which might potentially
1900 overlap the flushed page. */
1901 i = tb_jmp_cache_hash_page(addr - TARGET_PAGE_SIZE);
1902 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1903 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1904
1905 i = tb_jmp_cache_hash_page(addr);
1906 memset (&env->tb_jmp_cache[i], 0,
9742bf26 1907 TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
5c751e99
EI		 1908}
1909
08738984
IK		 1910static CPUTLBEntry s_cputlb_empty_entry = {
1911 .addr_read = -1,
1912 .addr_write = -1,
1913 .addr_code = -1,
1914 .addend = -1,
1915};
1916
771124e1
PM		 1917/* NOTE:
1918 * If flush_global is true (the usual case), flush all tlb entries.
1919 * If flush_global is false, flush (at least) all tlb entries not
1920 * marked global.
1921 *
1922 * Since QEMU doesn't currently implement a global/not-global flag
1923 * for tlb entries, at the moment tlb_flush() will also flush all
1924 * tlb entries in the flush_global == false case. This is OK because
1925 * CPU architectures generally permit an implementation to drop
1926 * entries from the TLB at any time, so flushing more entries than
1927 * required is only an efficiency issue, not a correctness issue.
1928 */
ee8b7021 1929void tlb_flush(CPUState *env, int flush_global)
33417e70 1930{
33417e70 1931 int i;
0124311e 1932
9fa3e853
FB		 1933#if defined(DEBUG_TLB)
1934 printf("tlb_flush:\n");
1935#endif
0124311e
FB		 1936 /* must reset current TB so that interrupts cannot modify the
1937 links while we are modifying them */
1938 env->current_tb = NULL;
1939
33417e70 1940 for(i = 0; i < CPU_TLB_SIZE; i++) {
cfde4bd9
IY		 1941 int mmu_idx;
1942 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
08738984 1943 env->tlb_table[mmu_idx][i] = s_cputlb_empty_entry;
cfde4bd9 1944 }
33417e70 1945 }
9fa3e853 1946
8a40a180 1947 memset (env->tb_jmp_cache, 0, TB_JMP_CACHE_SIZE * sizeof (void *));
9fa3e853 1948
d4c430a8
PB		 1949 env->tlb_flush_addr = -1;
1950 env->tlb_flush_mask = 0;
e3db7226 1951 tlb_flush_count++;
33417e70
FB		 1952}
1953
274da6b2 1954static inline void tlb_flush_entry(CPUTLBEntry *tlb_entry, target_ulong addr)
61382a50 1955{
5fafdf24 1956 if (addr == (tlb_entry->addr_read &
84b7b8e7 1957 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1958 addr == (tlb_entry->addr_write &
84b7b8e7 1959 (TARGET_PAGE_MASK | TLB_INVALID_MASK)) ||
5fafdf24 1960 addr == (tlb_entry->addr_code &
84b7b8e7 1961 (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {
08738984 1962 *tlb_entry = s_cputlb_empty_entry;
84b7b8e7 1963 }
61382a50
FB		 1964}
1965
2e12669a 1966void tlb_flush_page(CPUState *env, target_ulong addr)
33417e70 1967{
8a40a180 1968 int i;
cfde4bd9 1969 int mmu_idx;
0124311e 1970
9fa3e853 1971#if defined(DEBUG_TLB)
108c49b8 1972 printf("tlb_flush_page: " TARGET_FMT_lx "\n", addr);
9fa3e853 1973#endif
d4c430a8
PB		 1974 /* Check if we need to flush due to large pages. */
1975 if ((addr & env->tlb_flush_mask) == env->tlb_flush_addr) {
1976#if defined(DEBUG_TLB)
1977 printf("tlb_flush_page: forced full flush ("
1978 TARGET_FMT_lx "/" TARGET_FMT_lx ")\n",
1979 env->tlb_flush_addr, env->tlb_flush_mask);
1980#endif
1981 tlb_flush(env, 1);
1982 return;
1983 }
0124311e
FB		 1984 /* must reset current TB so that interrupts cannot modify the
1985 links while we are modifying them */
1986 env->current_tb = NULL;
61382a50
FB		 1987
1988 addr &= TARGET_PAGE_MASK;
1989 i = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 1990 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
1991 tlb_flush_entry(&env->tlb_table[mmu_idx][i], addr);
0124311e 1992
5c751e99 1993 tlb_flush_jmp_cache(env, addr);
9fa3e853
FB		 1994}
1995
9fa3e853
FB		 1996/* update the TLBs so that writes to code in the virtual page 'addr'
1997 can be detected */
c227f099 1998static void tlb_protect_code(ram_addr_t ram_addr)
9fa3e853 1999{
5fafdf24 2000 cpu_physical_memory_reset_dirty(ram_addr,
6a00d601
FB		 2001 ram_addr + TARGET_PAGE_SIZE,
2002 CODE_DIRTY_FLAG);
9fa3e853
FB		 2003}
2004
9fa3e853 2005/* update the TLB so that writes in physical page 'phys_addr' are no longer
3a7d929e 2006 tested for self modifying code */
c227f099 2007static void tlb_unprotect_code_phys(CPUState *env, ram_addr_t ram_addr,
3a7d929e 2008 target_ulong vaddr)
9fa3e853 2009{
f7c11b53 2010 cpu_physical_memory_set_dirty_flags(ram_addr, CODE_DIRTY_FLAG);
1ccde1cb
FB		 2011}
2012
5fafdf24 2013static inline void tlb_reset_dirty_range(CPUTLBEntry *tlb_entry,
1ccde1cb
FB		 2014 unsigned long start, unsigned long length)
2015{
2016 unsigned long addr;
0e0df1e2 2017 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
84b7b8e7 2018 addr = (tlb_entry->addr_write & TARGET_PAGE_MASK) + tlb_entry->addend;
1ccde1cb 2019 if ((addr - start) < length) {
0f459d16 2020 tlb_entry->addr_write = (tlb_entry->addr_write & TARGET_PAGE_MASK) | TLB_NOTDIRTY;
1ccde1cb
FB		 2021 }
2022 }
2023}
2024
5579c7f3 2025/* Note: start and end must be within the same ram block. */
c227f099 2026void cpu_physical_memory_reset_dirty(ram_addr_t start, ram_addr_t end,
0a962c02 2027 int dirty_flags)
1ccde1cb
FB		 2028{
2029 CPUState *env;
4f2ac237 2030 unsigned long length, start1;
f7c11b53 2031 int i;
1ccde1cb
FB		 2032
2033 start &= TARGET_PAGE_MASK;
2034 end = TARGET_PAGE_ALIGN(end);
2035
2036 length = end - start;
2037 if (length == 0)
2038 return;
f7c11b53 2039 cpu_physical_memory_mask_dirty_range(start, length, dirty_flags);
f23db169 2040
1ccde1cb
FB		 2041 /* we modify the TLB cache so that the dirty bit will be set again
2042 when accessing the range */
b2e0a138 2043 start1 = (unsigned long)qemu_safe_ram_ptr(start);
a57d23e4 2044 /* Check that we don't span multiple blocks - this breaks the
5579c7f3 2045 address comparisons below. */
b2e0a138 2046 if ((unsigned long)qemu_safe_ram_ptr(end - 1) - start1
5579c7f3
PB		 2047 != (end - 1) - start) {
2048 abort();
2049 }
2050
6a00d601 2051 for(env = first_cpu; env != NULL; env = env->next_cpu) {
cfde4bd9
IY		 2052 int mmu_idx;
2053 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2054 for(i = 0; i < CPU_TLB_SIZE; i++)
2055 tlb_reset_dirty_range(&env->tlb_table[mmu_idx][i],
2056 start1, length);
2057 }
6a00d601 2058 }
1ccde1cb
FB		 2059}
2060
74576198
AL		 2061int cpu_physical_memory_set_dirty_tracking(int enable)
2062{
f6f3fbca 2063 int ret = 0;
74576198 2064 in_migration = enable;
f6f3fbca 2065 return ret;
74576198
AL		 2066}
2067
3a7d929e
FB		 2068static inline void tlb_update_dirty(CPUTLBEntry *tlb_entry)
2069{
c227f099 2070 ram_addr_t ram_addr;
5579c7f3 2071 void *p;
3a7d929e 2072
0e0df1e2 2073 if ((tlb_entry->addr_write & ~TARGET_PAGE_MASK) == io_mem_ram.ram_addr) {
5579c7f3
PB		 2074 p = (void *)(unsigned long)((tlb_entry->addr_write & TARGET_PAGE_MASK)
2075 + tlb_entry->addend);
e890261f 2076 ram_addr = qemu_ram_addr_from_host_nofail(p);
3a7d929e 2077 if (!cpu_physical_memory_is_dirty(ram_addr)) {
0f459d16 2078 tlb_entry->addr_write |= TLB_NOTDIRTY;
3a7d929e
FB		 2079 }
2080 }
2081}
2082
2083/* update the TLB according to the current state of the dirty bits */
2084void cpu_tlb_update_dirty(CPUState *env)
2085{
2086 int i;
cfde4bd9
IY		 2087 int mmu_idx;
2088 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++) {
2089 for(i = 0; i < CPU_TLB_SIZE; i++)
2090 tlb_update_dirty(&env->tlb_table[mmu_idx][i]);
2091 }
3a7d929e
FB		 2092}
2093
0f459d16 2094static inline void tlb_set_dirty1(CPUTLBEntry *tlb_entry, target_ulong vaddr)
1ccde1cb 2095{
0f459d16
PB		 2096 if (tlb_entry->addr_write == (vaddr | TLB_NOTDIRTY))
2097 tlb_entry->addr_write = vaddr;
1ccde1cb
FB		 2098}
2099
0f459d16
PB		 2100/* update the TLB corresponding to virtual page vaddr
2101 so that it is no longer dirty */
2102static inline void tlb_set_dirty(CPUState *env, target_ulong vaddr)
1ccde1cb 2103{
1ccde1cb 2104 int i;
cfde4bd9 2105 int mmu_idx;
1ccde1cb 2106
0f459d16 2107 vaddr &= TARGET_PAGE_MASK;
1ccde1cb 2108 i = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
cfde4bd9
IY		 2109 for (mmu_idx = 0; mmu_idx < NB_MMU_MODES; mmu_idx++)
2110 tlb_set_dirty1(&env->tlb_table[mmu_idx][i], vaddr);
9fa3e853
FB		 2111}
2112
d4c430a8
PB		 2113/* Our TLB does not support large pages, so remember the area covered by
2114 large pages and trigger a full TLB flush if these are invalidated. */
2115static void tlb_add_large_page(CPUState *env, target_ulong vaddr,
2116 target_ulong size)
2117{
2118 target_ulong mask = ~(size - 1);
2119
2120 if (env->tlb_flush_addr == (target_ulong)-1) {
2121 env->tlb_flush_addr = vaddr & mask;
2122 env->tlb_flush_mask = mask;
2123 return;
2124 }
2125 /* Extend the existing region to include the new page.
2126 This is a compromise between unnecessary flushes and the cost
2127 of maintaining a full variable size TLB. */
2128 mask &= env->tlb_flush_mask;
2129 while (((env->tlb_flush_addr ^ vaddr) & mask) != 0) {
2130 mask <<= 1;
2131 }
2132 env->tlb_flush_addr &= mask;
2133 env->tlb_flush_mask = mask;
2134}
2135
06ef3525 2136static bool is_ram_rom(MemoryRegionSection *s)
1d393fa2 2137{
06ef3525 2138 return memory_region_is_ram(s->mr);
1d393fa2
AK		 2139}
2140
06ef3525 2141static bool is_romd(MemoryRegionSection *s)
75c578dc 2142{
06ef3525 2143 MemoryRegion *mr = s->mr;
75c578dc 2144
75c578dc
AK		 2145 return mr->rom_device && mr->readable;
2146}
2147
06ef3525 2148static bool is_ram_rom_romd(MemoryRegionSection *s)
1d393fa2 2149{
06ef3525 2150 return is_ram_rom(s) || is_romd(s);
1d393fa2
AK		 2151}
2152
d4c430a8
PB		 2153/* Add a new TLB entry. At most one entry for a given virtual address
2154 is permitted. Only a single TARGET_PAGE_SIZE region is mapped, the
2155 supplied size is only used by tlb_flush_page. */
2156void tlb_set_page(CPUState *env, target_ulong vaddr,
2157 target_phys_addr_t paddr, int prot,
2158 int mmu_idx, target_ulong size)
9fa3e853 2159{
06ef3525 2160 MemoryRegionSection section;
9fa3e853 2161 unsigned int index;
4f2ac237 2162 target_ulong address;
0f459d16 2163 target_ulong code_address;
355b1943 2164 unsigned long addend;
84b7b8e7 2165 CPUTLBEntry *te;
a1d1bb31 2166 CPUWatchpoint *wp;
c227f099 2167 target_phys_addr_t iotlb;
9fa3e853 2168
d4c430a8
PB		 2169 assert(size >= TARGET_PAGE_SIZE);
2170 if (size != TARGET_PAGE_SIZE) {
2171 tlb_add_large_page(env, vaddr, size);
2172 }
06ef3525 2173 section = phys_page_find(paddr >> TARGET_PAGE_BITS);
9fa3e853 2174#if defined(DEBUG_TLB)
7fd3f494
SW		 2175 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
2176 " prot=%x idx=%d pd=0x%08lx\n",
2177 vaddr, paddr, prot, mmu_idx, pd);
9fa3e853
FB		 2178#endif
2179
0f459d16 2180 address = vaddr;
06ef3525 2181 if (!is_ram_rom_romd(&section)) {
0f459d16
PB		 2182 /* IO memory case (romd handled later) */
2183 address |= TLB_MMIO;
2184 }
06ef3525
AK		 2185 if (is_ram_rom_romd(&section)) {
2186 addend = (unsigned long)(memory_region_get_ram_ptr(section.mr)
2187 + section.offset_within_region);
2188 } else {
2189 addend = 0;
2190 }
2191 if (is_ram_rom(&section)) {
0f459d16 2192 /* Normal RAM. */
06ef3525
AK		 2193 iotlb = (memory_region_get_ram_addr(section.mr)
2194 + section.offset_within_region) & TARGET_PAGE_MASK;
2195 if (!section.readonly)
0e0df1e2 2196 iotlb |= io_mem_notdirty.ram_addr;
0f459d16 2197 else
0e0df1e2 2198 iotlb |= io_mem_rom.ram_addr;
0f459d16 2199 } else {
ccbb4d44 2200 /* IO handlers are currently passed a physical address.
0f459d16
PB		 2201 It would be nice to pass an offset from the base address
2202 of that region. This would avoid having to special case RAM,
2203 and avoid full address decoding in every device.
2204 We can't use the high bits of pd for this because
2205 IO_MEM_ROMD uses these as a ram address. */
06ef3525
AK		 2206 iotlb = memory_region_get_ram_addr(section.mr) & ~TARGET_PAGE_MASK;
2207 iotlb += section.offset_within_region;
0f459d16
PB		 2208 }
2209
2210 code_address = address;
2211 /* Make accesses to pages with watchpoints go via the
2212 watchpoint trap routines. */
72cf2d4f 2213 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
a1d1bb31 2214 if (vaddr == (wp->vaddr & TARGET_PAGE_MASK)) {
bf298f83
JK		 2215 /* Avoid trapping reads of pages with a write breakpoint. */
2216 if ((prot & PAGE_WRITE) || (wp->flags & BP_MEM_READ)) {
1ec9b909 2217 iotlb = io_mem_watch.ram_addr + paddr;
bf298f83
JK		 2218 address |= TLB_MMIO;
2219 break;
2220 }
6658ffb8 2221 }
0f459d16 2222 }
d79acba4 2223
0f459d16
PB		 2224 index = (vaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
2225 env->iotlb[mmu_idx][index] = iotlb - vaddr;
2226 te = &env->tlb_table[mmu_idx][index];
2227 te->addend = addend - vaddr;
2228 if (prot & PAGE_READ) {
2229 te->addr_read = address;
2230 } else {
2231 te->addr_read = -1;
2232 }
5c751e99 2233
0f459d16
PB		 2234 if (prot & PAGE_EXEC) {
2235 te->addr_code = code_address;
2236 } else {
2237 te->addr_code = -1;
2238 }
2239 if (prot & PAGE_WRITE) {
06ef3525
AK		 2240 if ((memory_region_is_ram(section.mr) && section.readonly)
2241 || is_romd(&section)) {
0f459d16
PB		 2242 /* Write access calls the I/O callback. */
2243 te->addr_write = address | TLB_MMIO;
06ef3525
AK		 2244 } else if (memory_region_is_ram(section.mr)
2245 && !cpu_physical_memory_is_dirty(
2246 section.mr->ram_addr
2247 + section.offset_within_region)) {
0f459d16 2248 te->addr_write = address | TLB_NOTDIRTY;
9fa3e853 2249 } else {
0f459d16 2250 te->addr_write = address;
9fa3e853 2251 }
0f459d16
PB		 2252 } else {
2253 te->addr_write = -1;
9fa3e853 2254 }
9fa3e853
FB		 2255}
2256
0124311e
FB		 2257#else
2258
ee8b7021 2259void tlb_flush(CPUState *env, int flush_global)
0124311e
FB		 2260{
2261}
2262
2e12669a 2263void tlb_flush_page(CPUState *env, target_ulong addr)
0124311e
FB		 2264{
2265}
2266
edf8e2af
MW		 2267/*
2268 * Walks guest process memory "regions" one by one
2269 * and calls callback function 'fn' for each region.
2270 */
5cd2c5b6
RH		 2271
2272struct walk_memory_regions_data
2273{
2274 walk_memory_regions_fn fn;
2275 void *priv;
2276 unsigned long start;
2277 int prot;
2278};
2279
2280static int walk_memory_regions_end(struct walk_memory_regions_data *data,
b480d9b7 2281 abi_ulong end, int new_prot)
5cd2c5b6
RH		 2282{
2283 if (data->start != -1ul) {
2284 int rc = data->fn(data->priv, data->start, end, data->prot);
2285 if (rc != 0) {
2286 return rc;
2287 }
2288 }
2289
2290 data->start = (new_prot ? end : -1ul);
2291 data->prot = new_prot;
2292
2293 return 0;
2294}
2295
2296static int walk_memory_regions_1(struct walk_memory_regions_data *data,
b480d9b7 2297 abi_ulong base, int level, void **lp)
5cd2c5b6 2298{
b480d9b7 2299 abi_ulong pa;
5cd2c5b6
RH		 2300 int i, rc;
2301
2302 if (*lp == NULL) {
2303 return walk_memory_regions_end(data, base, 0);
2304 }
2305
2306 if (level == 0) {
2307 PageDesc *pd = *lp;
7296abac 2308 for (i = 0; i < L2_SIZE; ++i) {
5cd2c5b6
RH		 2309 int prot = pd[i].flags;
2310
2311 pa = base | (i << TARGET_PAGE_BITS);
2312 if (prot != data->prot) {
2313 rc = walk_memory_regions_end(data, pa, prot);
2314 if (rc != 0) {
2315 return rc;
9fa3e853 2316 }
9fa3e853 2317 }
5cd2c5b6
RH		 2318 }
2319 } else {
2320 void **pp = *lp;
7296abac 2321 for (i = 0; i < L2_SIZE; ++i) {
b480d9b7
PB		 2322 pa = base | ((abi_ulong)i <<
2323 (TARGET_PAGE_BITS + L2_BITS * level));
5cd2c5b6
RH		 2324 rc = walk_memory_regions_1(data, pa, level - 1, pp + i);
2325 if (rc != 0) {
2326 return rc;
2327 }
2328 }
2329 }
2330
2331 return 0;
2332}
2333
2334int walk_memory_regions(void *priv, walk_memory_regions_fn fn)
2335{
2336 struct walk_memory_regions_data data;
2337 unsigned long i;
2338
2339 data.fn = fn;
2340 data.priv = priv;
2341 data.start = -1ul;
2342 data.prot = 0;
2343
2344 for (i = 0; i < V_L1_SIZE; i++) {
b480d9b7 2345 int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT,
5cd2c5b6
RH		 2346 V_L1_SHIFT / L2_BITS - 1, l1_map + i);
2347 if (rc != 0) {
2348 return rc;
9fa3e853 2349 }
33417e70 2350 }
5cd2c5b6
RH		 2351
2352 return walk_memory_regions_end(&data, 0, 0);
edf8e2af
MW		 2353}
2354
b480d9b7
PB		 2355static int dump_region(void *priv, abi_ulong start,
2356 abi_ulong end, unsigned long prot)
edf8e2af
MW		 2357{
2358 FILE *f = (FILE *)priv;
2359
b480d9b7
PB		 2360 (void) fprintf(f, TARGET_ABI_FMT_lx"-"TARGET_ABI_FMT_lx
2361 " "TARGET_ABI_FMT_lx" %c%c%c\n",
edf8e2af
MW		 2362 start, end, end - start,
2363 ((prot & PAGE_READ) ? 'r' : '-'),
2364 ((prot & PAGE_WRITE) ? 'w' : '-'),
2365 ((prot & PAGE_EXEC) ? 'x' : '-'));
2366
2367 return (0);
2368}
2369
2370/* dump memory mappings */
2371void page_dump(FILE *f)
2372{
2373 (void) fprintf(f, "%-8s %-8s %-8s %s\n",
2374 "start", "end", "size", "prot");
2375 walk_memory_regions(f, dump_region);
33417e70
FB		 2376}
2377
53a5960a 2378int page_get_flags(target_ulong address)
33417e70 2379{
9fa3e853
FB		 2380 PageDesc *p;
2381
2382 p = page_find(address >> TARGET_PAGE_BITS);
33417e70 2383 if (!p)
9fa3e853
FB		 2384 return 0;
2385 return p->flags;
2386}
2387
376a7909
RH		 2388/* Modify the flags of a page and invalidate the code if necessary.
2389 The flag PAGE_WRITE_ORG is positioned automatically depending
2390 on PAGE_WRITE. The mmap_lock should already be held. */
53a5960a 2391void page_set_flags(target_ulong start, target_ulong end, int flags)
9fa3e853 2392{
376a7909
RH		 2393 target_ulong addr, len;
2394
2395 /* This function should never be called with addresses outside the
2396 guest address space. If this assert fires, it probably indicates
2397 a missing call to h2g_valid. */
b480d9b7
PB		 2398#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2399 assert(end < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2400#endif
2401 assert(start < end);
9fa3e853
FB		 2402
2403 start = start & TARGET_PAGE_MASK;
2404 end = TARGET_PAGE_ALIGN(end);
376a7909
RH		 2405
2406 if (flags & PAGE_WRITE) {
9fa3e853 2407 flags |= PAGE_WRITE_ORG;
376a7909
RH		 2408 }
2409
2410 for (addr = start, len = end - start;
2411 len != 0;
2412 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
2413 PageDesc *p = page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
2414
2415 /* If the write protection bit is set, then we invalidate
2416 the code inside. */
5fafdf24 2417 if (!(p->flags & PAGE_WRITE) &&
9fa3e853
FB		 2418 (flags & PAGE_WRITE) &&
2419 p->first_tb) {
d720b93d 2420 tb_invalidate_phys_page(addr, 0, NULL);
9fa3e853
FB		 2421 }
2422 p->flags = flags;
2423 }
33417e70
FB		 2424}
2425
3d97b40b
TS		 2426int page_check_range(target_ulong start, target_ulong len, int flags)
2427{
2428 PageDesc *p;
2429 target_ulong end;
2430 target_ulong addr;
2431
376a7909
RH		 2432 /* This function should never be called with addresses outside the
2433 guest address space. If this assert fires, it probably indicates
2434 a missing call to h2g_valid. */
338e9e6c
BS		 2435#if TARGET_ABI_BITS > L1_MAP_ADDR_SPACE_BITS
2436 assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
376a7909
RH		 2437#endif
2438
3e0650a9
RH		 2439 if (len == 0) {
2440 return 0;
2441 }
376a7909
RH		 2442 if (start + len - 1 < start) {
2443 /* We've wrapped around. */
55f280c9 2444 return -1;
376a7909 2445 }
55f280c9 2446
3d97b40b
TS		 2447 end = TARGET_PAGE_ALIGN(start+len); /* must do before we loose bits in the next step */
2448 start = start & TARGET_PAGE_MASK;
2449
376a7909
RH		 2450 for (addr = start, len = end - start;
2451 len != 0;
2452 len -= TARGET_PAGE_SIZE, addr += TARGET_PAGE_SIZE) {
3d97b40b
TS		 2453 p = page_find(addr >> TARGET_PAGE_BITS);
2454 if( !p )
2455 return -1;
2456 if( !(p->flags & PAGE_VALID) )
2457 return -1;
2458
dae3270c 2459 if ((flags & PAGE_READ) && !(p->flags & PAGE_READ))
3d97b40b 2460 return -1;
dae3270c
FB		 2461 if (flags & PAGE_WRITE) {
2462 if (!(p->flags & PAGE_WRITE_ORG))
2463 return -1;
2464 /* unprotect the page if it was put read-only because it
2465 contains translated code */
2466 if (!(p->flags & PAGE_WRITE)) {
2467 if (!page_unprotect(addr, 0, NULL))
2468 return -1;
2469 }
2470 return 0;
2471 }
3d97b40b
TS		 2472 }
2473 return 0;
2474}
2475
9fa3e853 2476/* called from signal handler: invalidate the code and unprotect the
ccbb4d44 2477 page. Return TRUE if the fault was successfully handled. */
53a5960a 2478int page_unprotect(target_ulong address, unsigned long pc, void *puc)
9fa3e853 2479{
45d679d6
AJ		 2480 unsigned int prot;
2481 PageDesc *p;
53a5960a 2482 target_ulong host_start, host_end, addr;
9fa3e853 2483
c8a706fe
PB		 2484 /* Technically this isn't safe inside a signal handler. However we
2485 know this only ever happens in a synchronous SEGV handler, so in
2486 practice it seems to be ok. */
2487 mmap_lock();
2488
45d679d6
AJ		 2489 p = page_find(address >> TARGET_PAGE_BITS);
2490 if (!p) {
c8a706fe 2491 mmap_unlock();
9fa3e853 2492 return 0;
c8a706fe 2493 }
45d679d6 2494
9fa3e853
FB		 2495 /* if the page was really writable, then we change its
2496 protection back to writable */
45d679d6
AJ		 2497 if ((p->flags & PAGE_WRITE_ORG) && !(p->flags & PAGE_WRITE)) {
2498 host_start = address & qemu_host_page_mask;
2499 host_end = host_start + qemu_host_page_size;
2500
2501 prot = 0;
2502 for (addr = host_start ; addr < host_end ; addr += TARGET_PAGE_SIZE) {
2503 p = page_find(addr >> TARGET_PAGE_BITS);
2504 p->flags |= PAGE_WRITE;
2505 prot |= p->flags;
2506
9fa3e853
FB		 2507 /* and since the content will be modified, we must invalidate
2508 the corresponding translated code. */
45d679d6 2509 tb_invalidate_phys_page(addr, pc, puc);
9fa3e853 2510#ifdef DEBUG_TB_CHECK
45d679d6 2511 tb_invalidate_check(addr);
9fa3e853 2512#endif
9fa3e853 2513 }
45d679d6
AJ		 2514 mprotect((void *)g2h(host_start), qemu_host_page_size,
2515 prot & PAGE_BITS);
2516
2517 mmap_unlock();
2518 return 1;
9fa3e853 2519 }
c8a706fe 2520 mmap_unlock();
9fa3e853
FB		 2521 return 0;
2522}
2523
6a00d601
FB		 2524static inline void tlb_set_dirty(CPUState *env,
2525 unsigned long addr, target_ulong vaddr)
1ccde1cb
FB		 2526{
2527}
9fa3e853
FB		 2528#endif /* defined(CONFIG_USER_ONLY) */
2529
e2eef170 2530#if !defined(CONFIG_USER_ONLY)
8da3ff18 2531
c04b2b78
PB		 2532#define SUBPAGE_IDX(addr) ((addr) & ~TARGET_PAGE_MASK)
2533typedef struct subpage_t {
70c68e44 2534 MemoryRegion iomem;
c04b2b78 2535 target_phys_addr_t base;
5312bd8b 2536 uint16_t sub_section[TARGET_PAGE_SIZE];
c04b2b78
PB		 2537} subpage_t;
2538
c227f099 2539static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 2540 uint16_t section);
0f0cb164 2541static subpage_t *subpage_init(target_phys_addr_t base);
5312bd8b 2542static void destroy_page_desc(uint16_t section_index)
54688b1e 2543{
5312bd8b
AK		 2544 MemoryRegionSection *section = &phys_sections[section_index];
2545 MemoryRegion *mr = section->mr;
54688b1e
AK		 2546
2547 if (mr->subpage) {
2548 subpage_t *subpage = container_of(mr, subpage_t, iomem);
2549 memory_region_destroy(&subpage->iomem);
2550 g_free(subpage);
2551 }
2552}
2553
4346ae3e 2554static void destroy_l2_mapping(PhysPageEntry *lp, unsigned level)
54688b1e
AK		 2555{
2556 unsigned i;
d6f2ea22 2557 PhysPageEntry *p;
54688b1e 2558
d6f2ea22 2559 if (lp->u.node == PHYS_MAP_NODE_NIL) {
54688b1e
AK		 2560 return;
2561 }
2562
d6f2ea22 2563 p = phys_map_nodes[lp->u.node];
4346ae3e
AK		 2564 for (i = 0; i < L2_SIZE; ++i) {
2565 if (level > 0) {
54688b1e 2566 destroy_l2_mapping(&p[i], level - 1);
4346ae3e
AK		 2567 } else {
2568 destroy_page_desc(p[i].u.leaf);
54688b1e 2569 }
54688b1e 2570 }
d6f2ea22 2571 lp->u.node = PHYS_MAP_NODE_NIL;
54688b1e
AK		 2572}
2573
2574static void destroy_all_mappings(void)
2575{
3eef53df 2576 destroy_l2_mapping(&phys_map, P_L2_LEVELS - 1);
d6f2ea22 2577 phys_map_nodes_reset();
54688b1e
AK		 2578}
2579
5312bd8b
AK		 2580static uint16_t phys_section_add(MemoryRegionSection *section)
2581{
2582 if (phys_sections_nb == phys_sections_nb_alloc) {
2583 phys_sections_nb_alloc = MAX(phys_sections_nb_alloc * 2, 16);
2584 phys_sections = g_renew(MemoryRegionSection, phys_sections,
2585 phys_sections_nb_alloc);
2586 }
2587 phys_sections[phys_sections_nb] = *section;
2588 return phys_sections_nb++;
2589}
2590
2591static void phys_sections_clear(void)
2592{
2593 phys_sections_nb = 0;
2594}
2595
8f2498f9
MT		 2596/* register physical memory.
2597 For RAM, 'size' must be a multiple of the target page size.
2598 If (phys_offset & ~TARGET_PAGE_MASK) != 0, then it is an
8da3ff18
PB		 2599 io memory page. The address used when calling the IO function is
2600 the offset from the start of the region, plus region_offset. Both
ccbb4d44 2601 start_addr and region_offset are rounded down to a page boundary
8da3ff18
PB		 2602 before calculating this offset. This should not be a problem unless
2603 the low bits of start_addr and region_offset differ. */
0f0cb164
AK		 2604static void register_subpage(MemoryRegionSection *section)
2605{
2606 subpage_t *subpage;
2607 target_phys_addr_t base = section->offset_within_address_space
2608 & TARGET_PAGE_MASK;
2609 MemoryRegionSection existing = phys_page_find(base >> TARGET_PAGE_BITS);
2610 MemoryRegionSection subsection = {
2611 .offset_within_address_space = base,
2612 .size = TARGET_PAGE_SIZE,
2613 };
2614 uint16_t *ptr;
2615 target_phys_addr_t start, end;
2616
2617 assert(existing.mr->subpage || existing.mr == &io_mem_unassigned);
2618
2619 if (!(existing.mr->subpage)) {
2620 subpage = subpage_init(base);
2621 subsection.mr = &subpage->iomem;
2622 ptr = phys_page_find_alloc(base >> TARGET_PAGE_BITS, 1);
2623 *ptr = phys_section_add(&subsection);
2624 } else {
2625 subpage = container_of(existing.mr, subpage_t, iomem);
2626 }
2627 start = section->offset_within_address_space & ~TARGET_PAGE_MASK;
2628 end = start + section->size;
2629 subpage_register(subpage, start, end, phys_section_add(section));
2630}
2631
2632
2633static void register_multipage(MemoryRegionSection *section)
33417e70 2634{
dd81124b
AK		 2635 target_phys_addr_t start_addr = section->offset_within_address_space;
2636 ram_addr_t size = section->size;
c227f099 2637 target_phys_addr_t addr, end_addr;
5312bd8b 2638 uint16_t section_index = phys_section_add(section);
dd81124b 2639
3b8e6a2d 2640 assert(size);
f6f3fbca 2641
c227f099 2642 end_addr = start_addr + (target_phys_addr_t)size;
3b8e6a2d
EI		 2643
2644 addr = start_addr;
2645 do {
717cb7b2 2646 uint16_t *p = phys_page_find_alloc(addr >> TARGET_PAGE_BITS, 1);
0f0cb164
AK		 2647 assert(*p == phys_section_unassigned);
2648 *p = section_index;
3b8e6a2d
EI		 2649 addr += TARGET_PAGE_SIZE;
2650 } while (addr != end_addr);
33417e70
FB		 2651}
2652
0f0cb164
AK		 2653void cpu_register_physical_memory_log(MemoryRegionSection *section,
2654 bool readonly)
2655{
2656 MemoryRegionSection now = *section, remain = *section;
2657
2658 if ((now.offset_within_address_space & ~TARGET_PAGE_MASK)
2659 || (now.size < TARGET_PAGE_SIZE)) {
2660 now.size = MIN(TARGET_PAGE_ALIGN(now.offset_within_address_space)
2661 - now.offset_within_address_space,
2662 now.size);
2663 register_subpage(&now);
2664 remain.size -= now.size;
2665 remain.offset_within_address_space += now.size;
2666 remain.offset_within_region += now.size;
2667 }
2668 now = remain;
2669 now.size &= TARGET_PAGE_MASK;
2670 if (now.size) {
2671 register_multipage(&now);
2672 remain.size -= now.size;
2673 remain.offset_within_address_space += now.size;
2674 remain.offset_within_region += now.size;
2675 }
2676 now = remain;
2677 if (now.size) {
2678 register_subpage(&now);
2679 }
2680}
2681
2682
c227f099 2683void qemu_register_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2684{
2685 if (kvm_enabled())
2686 kvm_coalesce_mmio_region(addr, size);
2687}
2688
c227f099 2689void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size)
f65ed4c1
AL		 2690{
2691 if (kvm_enabled())
2692 kvm_uncoalesce_mmio_region(addr, size);
2693}
2694
62a2744c
SY		 2695void qemu_flush_coalesced_mmio_buffer(void)
2696{
2697 if (kvm_enabled())
2698 kvm_flush_coalesced_mmio_buffer();
2699}
2700
c902760f
MT		 2701#if defined(__linux__) && !defined(TARGET_S390X)
2702
2703#include <sys/vfs.h>
2704
2705#define HUGETLBFS_MAGIC 0x958458f6
2706
2707static long gethugepagesize(const char *path)
2708{
2709 struct statfs fs;
2710 int ret;
2711
2712 do {
9742bf26 2713 ret = statfs(path, &fs);
c902760f
MT		 2714 } while (ret != 0 && errno == EINTR);
2715
2716 if (ret != 0) {
9742bf26
YT		 2717 perror(path);
2718 return 0;
c902760f
MT		 2719 }
2720
2721 if (fs.f_type != HUGETLBFS_MAGIC)
9742bf26 2722 fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
c902760f
MT		 2723
2724 return fs.f_bsize;
2725}
2726
04b16653
AW		 2727static void *file_ram_alloc(RAMBlock *block,
2728 ram_addr_t memory,
2729 const char *path)
c902760f
MT		 2730{
2731 char *filename;
2732 void *area;
2733 int fd;
2734#ifdef MAP_POPULATE
2735 int flags;
2736#endif
2737 unsigned long hpagesize;
2738
2739 hpagesize = gethugepagesize(path);
2740 if (!hpagesize) {
9742bf26 2741 return NULL;
c902760f
MT		 2742 }
2743
2744 if (memory < hpagesize) {
2745 return NULL;
2746 }
2747
2748 if (kvm_enabled() && !kvm_has_sync_mmu()) {
2749 fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
2750 return NULL;
2751 }
2752
2753 if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
9742bf26 2754 return NULL;
c902760f
MT		 2755 }
2756
2757 fd = mkstemp(filename);
2758 if (fd < 0) {
9742bf26
YT		 2759 perror("unable to create backing store for hugepages");
2760 free(filename);
2761 return NULL;
c902760f
MT		 2762 }
2763 unlink(filename);
2764 free(filename);
2765
2766 memory = (memory+hpagesize-1) & ~(hpagesize-1);
2767
2768 /*
2769 * ftruncate is not supported by hugetlbfs in older
2770 * hosts, so don't bother bailing out on errors.
2771 * If anything goes wrong with it under other filesystems,
2772 * mmap will fail.
2773 */
2774 if (ftruncate(fd, memory))
9742bf26 2775 perror("ftruncate");
c902760f
MT		 2776
2777#ifdef MAP_POPULATE
2778 /* NB: MAP_POPULATE won't exhaustively alloc all phys pages in the case
2779 * MAP_PRIVATE is requested. For mem_prealloc we mmap as MAP_SHARED
2780 * to sidestep this quirk.
2781 */
2782 flags = mem_prealloc ? MAP_POPULATE | MAP_SHARED : MAP_PRIVATE;
2783 area = mmap(0, memory, PROT_READ | PROT_WRITE, flags, fd, 0);
2784#else
2785 area = mmap(0, memory, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
2786#endif
2787 if (area == MAP_FAILED) {
9742bf26
YT		 2788 perror("file_ram_alloc: can't mmap RAM pages");
2789 close(fd);
2790 return (NULL);
c902760f 2791 }
04b16653 2792 block->fd = fd;
c902760f
MT		 2793 return area;
2794}
2795#endif
2796
d17b5288 2797static ram_addr_t find_ram_offset(ram_addr_t size)
04b16653
AW		 2798{
2799 RAMBlock *block, *next_block;
3e837b2c 2800 ram_addr_t offset = RAM_ADDR_MAX, mingap = RAM_ADDR_MAX;
04b16653
AW		 2801
2802 if (QLIST_EMPTY(&ram_list.blocks))
2803 return 0;
2804
2805 QLIST_FOREACH(block, &ram_list.blocks, next) {
f15fbc4b 2806 ram_addr_t end, next = RAM_ADDR_MAX;
04b16653
AW		 2807
2808 end = block->offset + block->length;
2809
2810 QLIST_FOREACH(next_block, &ram_list.blocks, next) {
2811 if (next_block->offset >= end) {
2812 next = MIN(next, next_block->offset);
2813 }
2814 }
2815 if (next - end >= size && next - end < mingap) {
3e837b2c 2816 offset = end;
04b16653
AW		 2817 mingap = next - end;
2818 }
2819 }
3e837b2c
AW		 2820
2821 if (offset == RAM_ADDR_MAX) {
2822 fprintf(stderr, "Failed to find gap of requested size: %" PRIu64 "\n",
2823 (uint64_t)size);
2824 abort();
2825 }
2826
04b16653
AW		 2827 return offset;
2828}
2829
2830static ram_addr_t last_ram_offset(void)
d17b5288
AW		 2831{
2832 RAMBlock *block;
2833 ram_addr_t last = 0;
2834
2835 QLIST_FOREACH(block, &ram_list.blocks, next)
2836 last = MAX(last, block->offset + block->length);
2837
2838 return last;
2839}
2840
c5705a77 2841void qemu_ram_set_idstr(ram_addr_t addr, const char *name, DeviceState *dev)
84b89d78
CM		 2842{
2843 RAMBlock *new_block, *block;
2844
c5705a77
AK		 2845 new_block = NULL;
2846 QLIST_FOREACH(block, &ram_list.blocks, next) {
2847 if (block->offset == addr) {
2848 new_block = block;
2849 break;
2850 }
2851 }
2852 assert(new_block);
2853 assert(!new_block->idstr[0]);
84b89d78
CM		 2854
2855 if (dev && dev->parent_bus && dev->parent_bus->info->get_dev_path) {
2856 char *id = dev->parent_bus->info->get_dev_path(dev);
2857 if (id) {
2858 snprintf(new_block->idstr, sizeof(new_block->idstr), "%s/", id);
7267c094 2859 g_free(id);
84b89d78
CM		 2860 }
2861 }
2862 pstrcat(new_block->idstr, sizeof(new_block->idstr), name);
2863
2864 QLIST_FOREACH(block, &ram_list.blocks, next) {
c5705a77 2865 if (block != new_block && !strcmp(block->idstr, new_block->idstr)) {
84b89d78
CM		 2866 fprintf(stderr, "RAMBlock \"%s\" already registered, abort!\n",
2867 new_block->idstr);
2868 abort();
2869 }
2870 }
c5705a77
AK		 2871}
2872
2873ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
2874 MemoryRegion *mr)
2875{
2876 RAMBlock *new_block;
2877
2878 size = TARGET_PAGE_ALIGN(size);
2879 new_block = g_malloc0(sizeof(*new_block));
84b89d78 2880
7c637366 2881 new_block->mr = mr;
432d268c 2882 new_block->offset = find_ram_offset(size);
6977dfe6
YT		 2883 if (host) {
2884 new_block->host = host;
cd19cfa2 2885 new_block->flags |= RAM_PREALLOC_MASK;
6977dfe6
YT		 2886 } else {
2887 if (mem_path) {
c902760f 2888#if defined (__linux__) && !defined(TARGET_S390X)
6977dfe6
YT		 2889 new_block->host = file_ram_alloc(new_block, size, mem_path);
2890 if (!new_block->host) {
2891 new_block->host = qemu_vmalloc(size);
e78815a5 2892 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2893 }
c902760f 2894#else
6977dfe6
YT		 2895 fprintf(stderr, "-mem-path option unsupported\n");
2896 exit(1);
c902760f 2897#endif
6977dfe6 2898 } else {
6b02494d 2899#if defined(TARGET_S390X) && defined(CONFIG_KVM)
ff83678a
CB		 2900 /* S390 KVM requires the topmost vma of the RAM to be smaller than
2901 an system defined value, which is at least 256GB. Larger systems
2902 have larger values. We put the guest between the end of data
2903 segment (system break) and this value. We use 32GB as a base to
2904 have enough room for the system break to grow. */
2905 new_block->host = mmap((void*)0x800000000, size,
6977dfe6 2906 PROT_EXEC|PROT_READ|PROT_WRITE,
ff83678a 2907 MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
fb8b2735
AG		 2908 if (new_block->host == MAP_FAILED) {
2909 fprintf(stderr, "Allocating RAM failed\n");
2910 abort();
2911 }
6b02494d 2912#else
868bb33f 2913 if (xen_enabled()) {
fce537d4 2914 xen_ram_alloc(new_block->offset, size, mr);
432d268c
JN		 2915 } else {
2916 new_block->host = qemu_vmalloc(size);
2917 }
6b02494d 2918#endif
e78815a5 2919 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
6977dfe6 2920 }
c902760f 2921 }
94a6b54f
PB		 2922 new_block->length = size;
2923
f471a17e 2924 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
94a6b54f 2925
7267c094 2926 ram_list.phys_dirty = g_realloc(ram_list.phys_dirty,
04b16653 2927 last_ram_offset() >> TARGET_PAGE_BITS);
d17b5288 2928 memset(ram_list.phys_dirty + (new_block->offset >> TARGET_PAGE_BITS),
94a6b54f
PB		 2929 0xff, size >> TARGET_PAGE_BITS);
2930
6f0437e8
JK		 2931 if (kvm_enabled())
2932 kvm_setup_guest_memory(new_block->host, size);
2933
94a6b54f
PB		 2934 return new_block->offset;
2935}
e9a1ab19 2936
c5705a77 2937ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
6977dfe6 2938{
c5705a77 2939 return qemu_ram_alloc_from_ptr(size, NULL, mr);
6977dfe6
YT		 2940}
2941
1f2e98b6
AW		 2942void qemu_ram_free_from_ptr(ram_addr_t addr)
2943{
2944 RAMBlock *block;
2945
2946 QLIST_FOREACH(block, &ram_list.blocks, next) {
2947 if (addr == block->offset) {
2948 QLIST_REMOVE(block, next);
7267c094 2949 g_free(block);
1f2e98b6
AW		 2950 return;
2951 }
2952 }
2953}
2954
c227f099 2955void qemu_ram_free(ram_addr_t addr)
e9a1ab19 2956{
04b16653
AW		 2957 RAMBlock *block;
2958
2959 QLIST_FOREACH(block, &ram_list.blocks, next) {
2960 if (addr == block->offset) {
2961 QLIST_REMOVE(block, next);
cd19cfa2
HY		 2962 if (block->flags & RAM_PREALLOC_MASK) {
2963 ;
2964 } else if (mem_path) {
04b16653
AW		 2965#if defined (__linux__) && !defined(TARGET_S390X)
2966 if (block->fd) {
2967 munmap(block->host, block->length);
2968 close(block->fd);
2969 } else {
2970 qemu_vfree(block->host);
2971 }
fd28aa13
JK		 2972#else
2973 abort();
04b16653
AW		 2974#endif
2975 } else {
2976#if defined(TARGET_S390X) && defined(CONFIG_KVM)
2977 munmap(block->host, block->length);
2978#else
868bb33f 2979 if (xen_enabled()) {
e41d7c69 2980 xen_invalidate_map_cache_entry(block->host);
432d268c
JN		 2981 } else {
2982 qemu_vfree(block->host);
2983 }
04b16653
AW		 2984#endif
2985 }
7267c094 2986 g_free(block);
04b16653
AW		 2987 return;
2988 }
2989 }
2990
e9a1ab19
FB		 2991}
2992
cd19cfa2
HY		 2993#ifndef _WIN32
2994void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
2995{
2996 RAMBlock *block;
2997 ram_addr_t offset;
2998 int flags;
2999 void *area, *vaddr;
3000
3001 QLIST_FOREACH(block, &ram_list.blocks, next) {
3002 offset = addr - block->offset;
3003 if (offset < block->length) {
3004 vaddr = block->host + offset;
3005 if (block->flags & RAM_PREALLOC_MASK) {
3006 ;
3007 } else {
3008 flags = MAP_FIXED;
3009 munmap(vaddr, length);
3010 if (mem_path) {
3011#if defined(__linux__) && !defined(TARGET_S390X)
3012 if (block->fd) {
3013#ifdef MAP_POPULATE
3014 flags |= mem_prealloc ? MAP_POPULATE | MAP_SHARED :
3015 MAP_PRIVATE;
3016#else
3017 flags |= MAP_PRIVATE;
3018#endif
3019 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3020 flags, block->fd, offset);
3021 } else {
3022 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3023 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3024 flags, -1, 0);
3025 }
fd28aa13
JK		 3026#else
3027 abort();
cd19cfa2
HY		 3028#endif
3029 } else {
3030#if defined(TARGET_S390X) && defined(CONFIG_KVM)
3031 flags |= MAP_SHARED | MAP_ANONYMOUS;
3032 area = mmap(vaddr, length, PROT_EXEC|PROT_READ|PROT_WRITE,
3033 flags, -1, 0);
3034#else
3035 flags |= MAP_PRIVATE | MAP_ANONYMOUS;
3036 area = mmap(vaddr, length, PROT_READ | PROT_WRITE,
3037 flags, -1, 0);
3038#endif
3039 }
3040 if (area != vaddr) {
f15fbc4b
AP		 3041 fprintf(stderr, "Could not remap addr: "
3042 RAM_ADDR_FMT "@" RAM_ADDR_FMT "\n",
cd19cfa2
HY		 3043 length, addr);
3044 exit(1);
3045 }
3046 qemu_madvise(vaddr, length, QEMU_MADV_MERGEABLE);
3047 }
3048 return;
3049 }
3050 }
3051}
3052#endif /* !_WIN32 */
3053
dc828ca1 3054/* Return a host pointer to ram allocated with qemu_ram_alloc.
5579c7f3
PB		 3055 With the exception of the softmmu code in this file, this should
3056 only be used for local memory (e.g. video ram) that the device owns,
3057 and knows it isn't going to access beyond the end of the block.
3058
3059 It should not be used for general purpose DMA.
3060 Use cpu_physical_memory_map/cpu_physical_memory_rw instead.
3061 */
c227f099 3062void *qemu_get_ram_ptr(ram_addr_t addr)
dc828ca1 3063{
94a6b54f
PB		 3064 RAMBlock *block;
3065
f471a17e
AW		 3066 QLIST_FOREACH(block, &ram_list.blocks, next) {
3067 if (addr - block->offset < block->length) {
7d82af38
VP		 3068 /* Move this entry to to start of the list. */
3069 if (block != QLIST_FIRST(&ram_list.blocks)) {
3070 QLIST_REMOVE(block, next);
3071 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
3072 }
868bb33f 3073 if (xen_enabled()) {
432d268c
JN		 3074 /* We need to check if the requested address is in the RAM
3075 * because we don't want to map the entire memory in QEMU.
712c2b41 3076 * In that case just map until the end of the page.
432d268c
JN		 3077 */
3078 if (block->offset == 0) {
e41d7c69 3079 return xen_map_cache(addr, 0, 0);
432d268c 3080 } else if (block->host == NULL) {
e41d7c69
JK		 3081 block->host =
3082 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3083 }
3084 }
f471a17e
AW		 3085 return block->host + (addr - block->offset);
3086 }
94a6b54f 3087 }
f471a17e
AW		 3088
3089 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3090 abort();
3091
3092 return NULL;
dc828ca1
PB		 3093}
3094
b2e0a138
MT		 3095/* Return a host pointer to ram allocated with qemu_ram_alloc.
3096 * Same as qemu_get_ram_ptr but avoid reordering ramblocks.
3097 */
3098void *qemu_safe_ram_ptr(ram_addr_t addr)
3099{
3100 RAMBlock *block;
3101
3102 QLIST_FOREACH(block, &ram_list.blocks, next) {
3103 if (addr - block->offset < block->length) {
868bb33f 3104 if (xen_enabled()) {
432d268c
JN		 3105 /* We need to check if the requested address is in the RAM
3106 * because we don't want to map the entire memory in QEMU.
712c2b41 3107 * In that case just map until the end of the page.
432d268c
JN		 3108 */
3109 if (block->offset == 0) {
e41d7c69 3110 return xen_map_cache(addr, 0, 0);
432d268c 3111 } else if (block->host == NULL) {
e41d7c69
JK		 3112 block->host =
3113 xen_map_cache(block->offset, block->length, 1);
432d268c
JN		 3114 }
3115 }
b2e0a138
MT		 3116 return block->host + (addr - block->offset);
3117 }
3118 }
3119
3120 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3121 abort();
3122
3123 return NULL;
3124}
3125
38bee5dc
SS		 3126/* Return a host pointer to guest's ram. Similar to qemu_get_ram_ptr
3127 * but takes a size argument */
8ab934f9 3128void *qemu_ram_ptr_length(ram_addr_t addr, ram_addr_t *size)
38bee5dc 3129{
8ab934f9
SS		 3130 if (*size == 0) {
3131 return NULL;
3132 }
868bb33f 3133 if (xen_enabled()) {
e41d7c69 3134 return xen_map_cache(addr, *size, 1);
868bb33f 3135 } else {
38bee5dc
SS		 3136 RAMBlock *block;
3137
3138 QLIST_FOREACH(block, &ram_list.blocks, next) {
3139 if (addr - block->offset < block->length) {
3140 if (addr - block->offset + *size > block->length)
3141 *size = block->length - addr + block->offset;
3142 return block->host + (addr - block->offset);
3143 }
3144 }
3145
3146 fprintf(stderr, "Bad ram offset %" PRIx64 "\n", (uint64_t)addr);
3147 abort();
38bee5dc
SS		 3148 }
3149}
3150
050a0ddf
AP		 3151void qemu_put_ram_ptr(void *addr)
3152{
3153 trace_qemu_put_ram_ptr(addr);
050a0ddf
AP		 3154}
3155
e890261f 3156int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
5579c7f3 3157{
94a6b54f
PB		 3158 RAMBlock *block;
3159 uint8_t *host = ptr;
3160
868bb33f 3161 if (xen_enabled()) {
e41d7c69 3162 *ram_addr = xen_ram_addr_from_mapcache(ptr);
712c2b41
SS		 3163 return 0;
3164 }
3165
f471a17e 3166 QLIST_FOREACH(block, &ram_list.blocks, next) {
432d268c
JN		 3167 /* This case append when the block is not mapped. */
3168 if (block->host == NULL) {
3169 continue;
3170 }
f471a17e 3171 if (host - block->host < block->length) {
e890261f
MT		 3172 *ram_addr = block->offset + (host - block->host);
3173 return 0;
f471a17e 3174 }
94a6b54f 3175 }
432d268c 3176
e890261f
MT		 3177 return -1;
3178}
f471a17e 3179
e890261f
MT		 3180/* Some of the softmmu routines need to translate from a host pointer
3181 (typically a TLB entry) back to a ram offset. */
3182ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr)
3183{
3184 ram_addr_t ram_addr;
f471a17e 3185
e890261f
MT		 3186 if (qemu_ram_addr_from_host(ptr, &ram_addr)) {
3187 fprintf(stderr, "Bad ram pointer %p\n", ptr);
3188 abort();
3189 }
3190 return ram_addr;
5579c7f3
PB		 3191}
3192
0e0df1e2
AK		 3193static uint64_t unassigned_mem_read(void *opaque, target_phys_addr_t addr,
3194 unsigned size)
e18231a3
BS		 3195{
3196#ifdef DEBUG_UNASSIGNED
3197 printf("Unassigned mem read " TARGET_FMT_plx "\n", addr);
3198#endif
5b450407 3199#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3200 cpu_unassigned_access(cpu_single_env, addr, 0, 0, 0, size);
e18231a3
BS		 3201#endif
3202 return 0;
3203}
3204
0e0df1e2
AK		 3205static void unassigned_mem_write(void *opaque, target_phys_addr_t addr,
3206 uint64_t val, unsigned size)
e18231a3
BS		 3207{
3208#ifdef DEBUG_UNASSIGNED
0e0df1e2 3209 printf("Unassigned mem write " TARGET_FMT_plx " = 0x%"PRIx64"\n", addr, val);
e18231a3 3210#endif
5b450407 3211#if defined(TARGET_ALPHA) || defined(TARGET_SPARC) || defined(TARGET_MICROBLAZE)
0e0df1e2 3212 cpu_unassigned_access(cpu_single_env, addr, 1, 0, 0, size);
67d3b957 3213#endif
33417e70
FB		 3214}
3215
0e0df1e2
AK		 3216static const MemoryRegionOps unassigned_mem_ops = {
3217 .read = unassigned_mem_read,
3218 .write = unassigned_mem_write,
3219 .endianness = DEVICE_NATIVE_ENDIAN,
3220};
e18231a3 3221
0e0df1e2
AK		 3222static uint64_t error_mem_read(void *opaque, target_phys_addr_t addr,
3223 unsigned size)
e18231a3 3224{
0e0df1e2 3225 abort();
e18231a3
BS		 3226}
3227
0e0df1e2
AK		 3228static void error_mem_write(void *opaque, target_phys_addr_t addr,
3229 uint64_t value, unsigned size)
e18231a3 3230{
0e0df1e2 3231 abort();
33417e70
FB		 3232}
3233
0e0df1e2
AK		 3234static const MemoryRegionOps error_mem_ops = {
3235 .read = error_mem_read,
3236 .write = error_mem_write,
3237 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3238};
3239
0e0df1e2
AK		 3240static const MemoryRegionOps rom_mem_ops = {
3241 .read = error_mem_read,
3242 .write = unassigned_mem_write,
3243 .endianness = DEVICE_NATIVE_ENDIAN,
33417e70
FB		 3244};
3245
0e0df1e2
AK		 3246static void notdirty_mem_write(void *opaque, target_phys_addr_t ram_addr,
3247 uint64_t val, unsigned size)
9fa3e853 3248{
3a7d929e 3249 int dirty_flags;
f7c11b53 3250 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
3a7d929e 3251 if (!(dirty_flags & CODE_DIRTY_FLAG)) {
9fa3e853 3252#if !defined(CONFIG_USER_ONLY)
0e0df1e2 3253 tb_invalidate_phys_page_fast(ram_addr, size);
f7c11b53 3254 dirty_flags = cpu_physical_memory_get_dirty_flags(ram_addr);
9fa3e853 3255#endif
3a7d929e 3256 }
0e0df1e2
AK		 3257 switch (size) {
3258 case 1:
3259 stb_p(qemu_get_ram_ptr(ram_addr), val);
3260 break;
3261 case 2:
3262 stw_p(qemu_get_ram_ptr(ram_addr), val);
3263 break;
3264 case 4:
3265 stl_p(qemu_get_ram_ptr(ram_addr), val);
3266 break;
3267 default:
3268 abort();
3a7d929e 3269 }
f23db169 3270 dirty_flags |= (0xff & ~CODE_DIRTY_FLAG);
f7c11b53 3271 cpu_physical_memory_set_dirty_flags(ram_addr, dirty_flags);
f23db169
FB		 3272 /* we remove the notdirty callback only if the code has been
3273 flushed */
3274 if (dirty_flags == 0xff)
2e70f6ef 3275 tlb_set_dirty(cpu_single_env, cpu_single_env->mem_io_vaddr);
9fa3e853
FB		 3276}
3277
0e0df1e2
AK		 3278static const MemoryRegionOps notdirty_mem_ops = {
3279 .read = error_mem_read,
3280 .write = notdirty_mem_write,
3281 .endianness = DEVICE_NATIVE_ENDIAN,
1ccde1cb
FB		 3282};
3283
0f459d16 3284/* Generate a debug exception if a watchpoint has been hit. */
b4051334 3285static void check_watchpoint(int offset, int len_mask, int flags)
0f459d16
PB		 3286{
3287 CPUState *env = cpu_single_env;
06d55cc1
AL		 3288 target_ulong pc, cs_base;
3289 TranslationBlock *tb;
0f459d16 3290 target_ulong vaddr;
a1d1bb31 3291 CPUWatchpoint *wp;
06d55cc1 3292 int cpu_flags;
0f459d16 3293
06d55cc1
AL		 3294 if (env->watchpoint_hit) {
3295 /* We re-entered the check after replacing the TB. Now raise
3296 * the debug interrupt so that is will trigger after the
3297 * current instruction. */
3298 cpu_interrupt(env, CPU_INTERRUPT_DEBUG);
3299 return;
3300 }
2e70f6ef 3301 vaddr = (env->mem_io_vaddr & TARGET_PAGE_MASK) + offset;
72cf2d4f 3302 QTAILQ_FOREACH(wp, &env->watchpoints, entry) {
b4051334
AL		 3303 if ((vaddr == (wp->vaddr & len_mask) ||
3304 (vaddr & wp->len_mask) == wp->vaddr) && (wp->flags & flags)) {
6e140f28
AL		 3305 wp->flags |= BP_WATCHPOINT_HIT;
3306 if (!env->watchpoint_hit) {
3307 env->watchpoint_hit = wp;
3308 tb = tb_find_pc(env->mem_io_pc);
3309 if (!tb) {
3310 cpu_abort(env, "check_watchpoint: could not find TB for "
3311 "pc=%p", (void *)env->mem_io_pc);
3312 }
618ba8e6 3313 cpu_restore_state(tb, env, env->mem_io_pc);
6e140f28
AL		 3314 tb_phys_invalidate(tb, -1);
3315 if (wp->flags & BP_STOP_BEFORE_ACCESS) {
3316 env->exception_index = EXCP_DEBUG;
3317 } else {
3318 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
3319 tb_gen_code(env, pc, cs_base, cpu_flags, 1);
3320 }
3321 cpu_resume_from_signal(env, NULL);
06d55cc1 3322 }
6e140f28
AL		 3323 } else {
3324 wp->flags &= ~BP_WATCHPOINT_HIT;
0f459d16
PB		 3325 }
3326 }
3327}
3328
6658ffb8
PB		 3329/* Watchpoint access routines. Watchpoints are inserted using TLB tricks,
3330 so these check for a hit then pass through to the normal out-of-line
3331 phys routines. */
1ec9b909
AK		 3332static uint64_t watch_mem_read(void *opaque, target_phys_addr_t addr,
3333 unsigned size)
6658ffb8 3334{
1ec9b909
AK		 3335 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_READ);
3336 switch (size) {
3337 case 1: return ldub_phys(addr);
3338 case 2: return lduw_phys(addr);
3339 case 4: return ldl_phys(addr);
3340 default: abort();
3341 }
6658ffb8
PB		 3342}
3343
1ec9b909
AK		 3344static void watch_mem_write(void *opaque, target_phys_addr_t addr,
3345 uint64_t val, unsigned size)
6658ffb8 3346{
1ec9b909
AK		 3347 check_watchpoint(addr & ~TARGET_PAGE_MASK, ~(size - 1), BP_MEM_WRITE);
3348 switch (size) {
3349 case 1: stb_phys(addr, val);
3350 case 2: stw_phys(addr, val);
3351 case 4: stl_phys(addr, val);
3352 default: abort();
3353 }
6658ffb8
PB		 3354}
3355
1ec9b909
AK		 3356static const MemoryRegionOps watch_mem_ops = {
3357 .read = watch_mem_read,
3358 .write = watch_mem_write,
3359 .endianness = DEVICE_NATIVE_ENDIAN,
6658ffb8 3360};
6658ffb8 3361
70c68e44
AK		 3362static uint64_t subpage_read(void *opaque, target_phys_addr_t addr,
3363 unsigned len)
db7b5426 3364{
70c68e44 3365 subpage_t *mmio = opaque;
f6405247 3366 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3367 MemoryRegionSection *section;
db7b5426
BS		 3368#if defined(DEBUG_SUBPAGE)
3369 printf("%s: subpage %p len %d addr " TARGET_FMT_plx " idx %d\n", __func__,
3370 mmio, len, addr, idx);
3371#endif
db7b5426 3372
5312bd8b
AK		 3373 section = &phys_sections[mmio->sub_section[idx]];
3374 addr += mmio->base;
3375 addr -= section->offset_within_address_space;
3376 addr += section->offset_within_region;
3377 return io_mem_read(section->mr->ram_addr, addr, len);
db7b5426
BS		 3378}
3379
70c68e44
AK		 3380static void subpage_write(void *opaque, target_phys_addr_t addr,
3381 uint64_t value, unsigned len)
db7b5426 3382{
70c68e44 3383 subpage_t *mmio = opaque;
f6405247 3384 unsigned int idx = SUBPAGE_IDX(addr);
5312bd8b 3385 MemoryRegionSection *section;
db7b5426 3386#if defined(DEBUG_SUBPAGE)
70c68e44
AK		 3387 printf("%s: subpage %p len %d addr " TARGET_FMT_plx
3388 " idx %d value %"PRIx64"\n",
f6405247 3389 __func__, mmio, len, addr, idx, value);
db7b5426 3390#endif
f6405247 3391
5312bd8b
AK		 3392 section = &phys_sections[mmio->sub_section[idx]];
3393 addr += mmio->base;
3394 addr -= section->offset_within_address_space;
3395 addr += section->offset_within_region;
3396 io_mem_write(section->mr->ram_addr, addr, value, len);
db7b5426
BS		 3397}
3398
70c68e44
AK		 3399static const MemoryRegionOps subpage_ops = {
3400 .read = subpage_read,
3401 .write = subpage_write,
3402 .endianness = DEVICE_NATIVE_ENDIAN,
db7b5426
BS		 3403};
3404
de712f94
AK		 3405static uint64_t subpage_ram_read(void *opaque, target_phys_addr_t addr,
3406 unsigned size)
56384e8b
AF		 3407{
3408 ram_addr_t raddr = addr;
3409 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3410 switch (size) {
3411 case 1: return ldub_p(ptr);
3412 case 2: return lduw_p(ptr);
3413 case 4: return ldl_p(ptr);
3414 default: abort();
3415 }
56384e8b
AF		 3416}
3417
de712f94
AK		 3418static void subpage_ram_write(void *opaque, target_phys_addr_t addr,
3419 uint64_t value, unsigned size)
56384e8b
AF		 3420{
3421 ram_addr_t raddr = addr;
3422 void *ptr = qemu_get_ram_ptr(raddr);
de712f94
AK		 3423 switch (size) {
3424 case 1: return stb_p(ptr, value);
3425 case 2: return stw_p(ptr, value);
3426 case 4: return stl_p(ptr, value);
3427 default: abort();
3428 }
56384e8b
AF		 3429}
3430
de712f94
AK		 3431static const MemoryRegionOps subpage_ram_ops = {
3432 .read = subpage_ram_read,
3433 .write = subpage_ram_write,
3434 .endianness = DEVICE_NATIVE_ENDIAN,
56384e8b
AF		 3435};
3436
c227f099 3437static int subpage_register (subpage_t *mmio, uint32_t start, uint32_t end,
5312bd8b 3438 uint16_t section)
db7b5426
BS		 3439{
3440 int idx, eidx;
3441
3442 if (start >= TARGET_PAGE_SIZE || end >= TARGET_PAGE_SIZE)
3443 return -1;
3444 idx = SUBPAGE_IDX(start);
3445 eidx = SUBPAGE_IDX(end);
3446#if defined(DEBUG_SUBPAGE)
0bf9e31a 3447 printf("%s: %p start %08x end %08x idx %08x eidx %08x mem %ld\n", __func__,
db7b5426
BS		 3448 mmio, start, end, idx, eidx, memory);
3449#endif
5312bd8b
AK		 3450 if (memory_region_is_ram(phys_sections[section].mr)) {
3451 MemoryRegionSection new_section = phys_sections[section];
3452 new_section.mr = &io_mem_subpage_ram;
3453 section = phys_section_add(&new_section);
56384e8b 3454 }
db7b5426 3455 for (; idx <= eidx; idx++) {
5312bd8b 3456 mmio->sub_section[idx] = section;
db7b5426
BS		 3457 }
3458
3459 return 0;
3460}
3461
0f0cb164 3462static subpage_t *subpage_init(target_phys_addr_t base)
db7b5426 3463{
c227f099 3464 subpage_t *mmio;
db7b5426 3465
7267c094 3466 mmio = g_malloc0(sizeof(subpage_t));
1eec614b
AL		 3467
3468 mmio->base = base;
70c68e44
AK		 3469 memory_region_init_io(&mmio->iomem, &subpage_ops, mmio,
3470 "subpage", TARGET_PAGE_SIZE);
b3b00c78 3471 mmio->iomem.subpage = true;
db7b5426 3472#if defined(DEBUG_SUBPAGE)
1eec614b
AL		 3473 printf("%s: %p base " TARGET_FMT_plx " len %08x %d\n", __func__,
3474 mmio, base, TARGET_PAGE_SIZE, subpage_memory);
db7b5426 3475#endif
0f0cb164 3476 subpage_register(mmio, 0, TARGET_PAGE_SIZE-1, phys_section_unassigned);
db7b5426
BS		 3477
3478 return mmio;
3479}
3480
88715657
AL		 3481static int get_free_io_mem_idx(void)
3482{
3483 int i;
3484
3485 for (i = 0; i<IO_MEM_NB_ENTRIES; i++)
3486 if (!io_mem_used[i]) {
3487 io_mem_used[i] = 1;
3488 return i;
3489 }
c6703b47 3490 fprintf(stderr, "RAN out out io_mem_idx, max %d !\n", IO_MEM_NB_ENTRIES);
88715657
AL		 3491 return -1;
3492}
3493
33417e70
FB		 3494/* mem_read and mem_write are arrays of functions containing the
3495 function to access byte (index 0), word (index 1) and dword (index
0b4e6e3e 3496 2). Functions can be omitted with a NULL function pointer.
3ee89922 3497 If io_index is non zero, the corresponding io zone is
4254fab8
BS		 3498 modified. If it is zero, a new io zone is allocated. The return
3499 value can be used with cpu_register_physical_memory(). (-1) is
3500 returned if error. */
a621f38d 3501static int cpu_register_io_memory_fixed(int io_index, MemoryRegion *mr)
33417e70 3502{
33417e70 3503 if (io_index <= 0) {
88715657
AL		 3504 io_index = get_free_io_mem_idx();
3505 if (io_index == -1)
3506 return io_index;
33417e70
FB		 3507 } else {
3508 if (io_index >= IO_MEM_NB_ENTRIES)
3509 return -1;
3510 }
b5ff1b31 3511
a621f38d 3512 io_mem_region[io_index] = mr;
f6405247 3513
11c7ef0c 3514 return io_index;
33417e70 3515}
61382a50 3516
a621f38d 3517int cpu_register_io_memory(MemoryRegion *mr)
1eed09cb 3518{
a621f38d 3519 return cpu_register_io_memory_fixed(0, mr);
1eed09cb
AK		 3520}
3521
11c7ef0c 3522void cpu_unregister_io_memory(int io_index)
88715657 3523{
a621f38d 3524 io_mem_region[io_index] = NULL;
88715657
AL		 3525 io_mem_used[io_index] = 0;
3526}
3527
5312bd8b
AK		 3528static uint16_t dummy_section(MemoryRegion *mr)
3529{
3530 MemoryRegionSection section = {
3531 .mr = mr,
3532 .offset_within_address_space = 0,
3533 .offset_within_region = 0,
3534 .size = UINT64_MAX,
3535 };
3536
3537 return phys_section_add(&section);
3538}
3539
e9179ce1
AK		 3540static void io_mem_init(void)
3541{
3542 int i;
3543
0e0df1e2
AK		 3544 /* Must be first: */
3545 memory_region_init_io(&io_mem_ram, &error_mem_ops, NULL, "ram", UINT64_MAX);
3546 assert(io_mem_ram.ram_addr == 0);
3547 memory_region_init_io(&io_mem_rom, &rom_mem_ops, NULL, "rom", UINT64_MAX);
3548 memory_region_init_io(&io_mem_unassigned, &unassigned_mem_ops, NULL,
3549 "unassigned", UINT64_MAX);
3550 memory_region_init_io(&io_mem_notdirty, &notdirty_mem_ops, NULL,
3551 "notdirty", UINT64_MAX);
de712f94
AK		 3552 memory_region_init_io(&io_mem_subpage_ram, &subpage_ram_ops, NULL,
3553 "subpage-ram", UINT64_MAX);
e9179ce1
AK		 3554 for (i=0; i<5; i++)
3555 io_mem_used[i] = 1;
3556
1ec9b909
AK		 3557 memory_region_init_io(&io_mem_watch, &watch_mem_ops, NULL,
3558 "watch", UINT64_MAX);
e9179ce1
AK		 3559}
3560
50c1e149
AK		 3561static void core_begin(MemoryListener *listener)
3562{
54688b1e 3563 destroy_all_mappings();
5312bd8b 3564 phys_sections_clear();
d6f2ea22 3565 phys_map.u.node = PHYS_MAP_NODE_NIL;
5312bd8b 3566 phys_section_unassigned = dummy_section(&io_mem_unassigned);
50c1e149
AK		 3567}
3568
3569static void core_commit(MemoryListener *listener)
3570{
117712c3
AK		 3571 CPUState *env;
3572
3573 /* since each CPU stores ram addresses in its TLB cache, we must
3574 reset the modified entries */
3575 /* XXX: slow ! */
3576 for(env = first_cpu; env != NULL; env = env->next_cpu) {
3577 tlb_flush(env, 1);
3578 }
50c1e149
AK		 3579}
3580
93632747
AK		 3581static void core_region_add(MemoryListener *listener,
3582 MemoryRegionSection *section)
3583{
4855d41a 3584 cpu_register_physical_memory_log(section, section->readonly);
93632747
AK		 3585}
3586
3587static void core_region_del(MemoryListener *listener,
3588 MemoryRegionSection *section)
3589{
93632747
AK		 3590}
3591
50c1e149
AK		 3592static void core_region_nop(MemoryListener *listener,
3593 MemoryRegionSection *section)
3594{
54688b1e 3595 cpu_register_physical_memory_log(section, section->readonly);
50c1e149
AK		 3596}
3597
93632747
AK		 3598static void core_log_start(MemoryListener *listener,
3599 MemoryRegionSection *section)
3600{
3601}
3602
3603static void core_log_stop(MemoryListener *listener,
3604 MemoryRegionSection *section)
3605{
3606}
3607
3608static void core_log_sync(MemoryListener *listener,
3609 MemoryRegionSection *section)
3610{
3611}
3612
3613static void core_log_global_start(MemoryListener *listener)
3614{
3615 cpu_physical_memory_set_dirty_tracking(1);
3616}
3617
3618static void core_log_global_stop(MemoryListener *listener)
3619{
3620 cpu_physical_memory_set_dirty_tracking(0);
3621}
3622
3623static void core_eventfd_add(MemoryListener *listener,
3624 MemoryRegionSection *section,
3625 bool match_data, uint64_t data, int fd)
3626{
3627}
3628
3629static void core_eventfd_del(MemoryListener *listener,
3630 MemoryRegionSection *section,
3631 bool match_data, uint64_t data, int fd)
3632{
3633}
3634
50c1e149
AK		 3635static void io_begin(MemoryListener *listener)
3636{
3637}
3638
3639static void io_commit(MemoryListener *listener)
3640{
3641}
3642
4855d41a
AK		 3643static void io_region_add(MemoryListener *listener,
3644 MemoryRegionSection *section)
3645{
3646 iorange_init(&section->mr->iorange, &memory_region_iorange_ops,
3647 section->offset_within_address_space, section->size);
3648 ioport_register(&section->mr->iorange);
3649}
3650
3651static void io_region_del(MemoryListener *listener,
3652 MemoryRegionSection *section)
3653{
3654 isa_unassign_ioport(section->offset_within_address_space, section->size);
3655}
3656
50c1e149
AK		 3657static void io_region_nop(MemoryListener *listener,
3658 MemoryRegionSection *section)
3659{
3660}
3661
4855d41a
AK		 3662static void io_log_start(MemoryListener *listener,
3663 MemoryRegionSection *section)
3664{
3665}
3666
3667static void io_log_stop(MemoryListener *listener,
3668 MemoryRegionSection *section)
3669{
3670}
3671
3672static void io_log_sync(MemoryListener *listener,
3673 MemoryRegionSection *section)
3674{
3675}
3676
3677static void io_log_global_start(MemoryListener *listener)
3678{
3679}
3680
3681static void io_log_global_stop(MemoryListener *listener)
3682{
3683}
3684
3685static void io_eventfd_add(MemoryListener *listener,
3686 MemoryRegionSection *section,
3687 bool match_data, uint64_t data, int fd)
3688{
3689}
3690
3691static void io_eventfd_del(MemoryListener *listener,
3692 MemoryRegionSection *section,
3693 bool match_data, uint64_t data, int fd)
3694{
3695}
3696
93632747 3697static MemoryListener core_memory_listener = {
50c1e149
AK		 3698 .begin = core_begin,
3699 .commit = core_commit,
93632747
AK		 3700 .region_add = core_region_add,
3701 .region_del = core_region_del,
50c1e149 3702 .region_nop = core_region_nop,
93632747
AK		 3703 .log_start = core_log_start,
3704 .log_stop = core_log_stop,
3705 .log_sync = core_log_sync,
3706 .log_global_start = core_log_global_start,
3707 .log_global_stop = core_log_global_stop,
3708 .eventfd_add = core_eventfd_add,
3709 .eventfd_del = core_eventfd_del,
3710 .priority = 0,
3711};
3712
4855d41a 3713static MemoryListener io_memory_listener = {
50c1e149
AK		 3714 .begin = io_begin,
3715 .commit = io_commit,
4855d41a
AK		 3716 .region_add = io_region_add,
3717 .region_del = io_region_del,
50c1e149 3718 .region_nop = io_region_nop,
4855d41a
AK		 3719 .log_start = io_log_start,
3720 .log_stop = io_log_stop,
3721 .log_sync = io_log_sync,
3722 .log_global_start = io_log_global_start,
3723 .log_global_stop = io_log_global_stop,
3724 .eventfd_add = io_eventfd_add,
3725 .eventfd_del = io_eventfd_del,
3726 .priority = 0,
3727};
3728
62152b8a
AK		 3729static void memory_map_init(void)
3730{
7267c094 3731 system_memory = g_malloc(sizeof(*system_memory));
8417cebf 3732 memory_region_init(system_memory, "system", INT64_MAX);
62152b8a 3733 set_system_memory_map(system_memory);
309cb471 3734
7267c094 3735 system_io = g_malloc(sizeof(*system_io));
309cb471
AK		 3736 memory_region_init(system_io, "io", 65536);
3737 set_system_io_map(system_io);
93632747 3738
4855d41a
AK		 3739 memory_listener_register(&core_memory_listener, system_memory);
3740 memory_listener_register(&io_memory_listener, system_io);
62152b8a
AK		 3741}
3742
3743MemoryRegion *get_system_memory(void)
3744{
3745 return system_memory;
3746}
3747
309cb471
AK		 3748MemoryRegion *get_system_io(void)
3749{
3750 return system_io;
3751}
3752
e2eef170
PB		 3753#endif /* !defined(CONFIG_USER_ONLY) */
3754
13eb76e0
FB		 3755/* physical memory access (slow version, mainly for debug) */
3756#if defined(CONFIG_USER_ONLY)
a68fe89c
PB		 3757int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
3758 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 3759{
3760 int l, flags;
3761 target_ulong page;
53a5960a 3762 void * p;
13eb76e0
FB		 3763
3764 while (len > 0) {
3765 page = addr & TARGET_PAGE_MASK;
3766 l = (page + TARGET_PAGE_SIZE) - addr;
3767 if (l > len)
3768 l = len;
3769 flags = page_get_flags(page);
3770 if (!(flags & PAGE_VALID))
a68fe89c 3771 return -1;
13eb76e0
FB		 3772 if (is_write) {
3773 if (!(flags & PAGE_WRITE))
a68fe89c 3774 return -1;
579a97f7 3775 /* XXX: this code should not depend on lock_user */
72fb7daa 3776 if (!(p = lock_user(VERIFY_WRITE, addr, l, 0)))
a68fe89c 3777 return -1;
72fb7daa
AJ		 3778 memcpy(p, buf, l);
3779 unlock_user(p, addr, l);
13eb76e0
FB		 3780 } else {
3781 if (!(flags & PAGE_READ))
a68fe89c 3782 return -1;
579a97f7 3783 /* XXX: this code should not depend on lock_user */
72fb7daa 3784 if (!(p = lock_user(VERIFY_READ, addr, l, 1)))
a68fe89c 3785 return -1;
72fb7daa 3786 memcpy(buf, p, l);
5b257578 3787 unlock_user(p, addr, 0);
13eb76e0
FB		 3788 }
3789 len -= l;
3790 buf += l;
3791 addr += l;
3792 }
a68fe89c 3793 return 0;
13eb76e0 3794}
8df1cd07 3795
13eb76e0 3796#else
c227f099 3797void cpu_physical_memory_rw(target_phys_addr_t addr, uint8_t *buf,
13eb76e0
FB		 3798 int len, int is_write)
3799{
3800 int l, io_index;
3801 uint8_t *ptr;
3802 uint32_t val;
c227f099 3803 target_phys_addr_t page;
06ef3525 3804 MemoryRegionSection section;
3b46e624 3805
13eb76e0
FB		 3806 while (len > 0) {
3807 page = addr & TARGET_PAGE_MASK;
3808 l = (page + TARGET_PAGE_SIZE) - addr;
3809 if (l > len)
3810 l = len;
06ef3525 3811 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3812
13eb76e0 3813 if (is_write) {
06ef3525 3814 if (!memory_region_is_ram(section.mr)) {
f1f6e3b8 3815 target_phys_addr_t addr1;
06ef3525
AK		 3816 io_index = memory_region_get_ram_addr(section.mr)
3817 & (IO_MEM_NB_ENTRIES - 1);
3818 addr1 = (addr & ~TARGET_PAGE_MASK)
3819 + section.offset_within_region;
6a00d601
FB		 3820 /* XXX: could force cpu_single_env to NULL to avoid
3821 potential bugs */
6c2934db 3822 if (l >= 4 && ((addr1 & 3) == 0)) {
1c213d19 3823 /* 32 bit write access */
c27004ec 3824 val = ldl_p(buf);
acbbec5d 3825 io_mem_write(io_index, addr1, val, 4);
13eb76e0 3826 l = 4;
6c2934db 3827 } else if (l >= 2 && ((addr1 & 1) == 0)) {
1c213d19 3828 /* 16 bit write access */
c27004ec 3829 val = lduw_p(buf);
acbbec5d 3830 io_mem_write(io_index, addr1, val, 2);
13eb76e0
FB		 3831 l = 2;
3832 } else {
1c213d19 3833 /* 8 bit write access */
c27004ec 3834 val = ldub_p(buf);
acbbec5d 3835 io_mem_write(io_index, addr1, val, 1);
13eb76e0
FB		 3836 l = 1;
3837 }
06ef3525 3838 } else if (!section.readonly) {
8ca5692d 3839 ram_addr_t addr1;
06ef3525
AK		 3840 addr1 = (memory_region_get_ram_addr(section.mr)
3841 + section.offset_within_region)
3842 | (addr & ~TARGET_PAGE_MASK);
13eb76e0 3843 /* RAM case */
5579c7f3 3844 ptr = qemu_get_ram_ptr(addr1);
13eb76e0 3845 memcpy(ptr, buf, l);
3a7d929e
FB		 3846 if (!cpu_physical_memory_is_dirty(addr1)) {
3847 /* invalidate code */
3848 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
3849 /* set dirty bit */
f7c11b53
YT		 3850 cpu_physical_memory_set_dirty_flags(
3851 addr1, (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 3852 }
050a0ddf 3853 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3854 }
3855 } else {
06ef3525 3856 if (!is_ram_rom_romd(&section)) {
f1f6e3b8 3857 target_phys_addr_t addr1;
13eb76e0 3858 /* I/O case */
06ef3525
AK		 3859 io_index = memory_region_get_ram_addr(section.mr)
3860 & (IO_MEM_NB_ENTRIES - 1);
3861 addr1 = (addr & ~TARGET_PAGE_MASK)
3862 + section.offset_within_region;
6c2934db 3863 if (l >= 4 && ((addr1 & 3) == 0)) {
13eb76e0 3864 /* 32 bit read access */
acbbec5d 3865 val = io_mem_read(io_index, addr1, 4);
c27004ec 3866 stl_p(buf, val);
13eb76e0 3867 l = 4;
6c2934db 3868 } else if (l >= 2 && ((addr1 & 1) == 0)) {
13eb76e0 3869 /* 16 bit read access */
acbbec5d 3870 val = io_mem_read(io_index, addr1, 2);
c27004ec 3871 stw_p(buf, val);
13eb76e0
FB		 3872 l = 2;
3873 } else {
1c213d19 3874 /* 8 bit read access */
acbbec5d 3875 val = io_mem_read(io_index, addr1, 1);
c27004ec 3876 stb_p(buf, val);
13eb76e0
FB		 3877 l = 1;
3878 }
3879 } else {
3880 /* RAM case */
06ef3525
AK		 3881 ptr = qemu_get_ram_ptr(section.mr->ram_addr
3882 + section.offset_within_region);
050a0ddf
AP		 3883 memcpy(buf, ptr + (addr & ~TARGET_PAGE_MASK), l);
3884 qemu_put_ram_ptr(ptr);
13eb76e0
FB		 3885 }
3886 }
3887 len -= l;
3888 buf += l;
3889 addr += l;
3890 }
3891}
8df1cd07 3892
d0ecd2aa 3893/* used for ROM loading : can write in RAM and ROM */
c227f099 3894void cpu_physical_memory_write_rom(target_phys_addr_t addr,
d0ecd2aa
FB		 3895 const uint8_t *buf, int len)
3896{
3897 int l;
3898 uint8_t *ptr;
c227f099 3899 target_phys_addr_t page;
06ef3525 3900 MemoryRegionSection section;
3b46e624 3901
d0ecd2aa
FB		 3902 while (len > 0) {
3903 page = addr & TARGET_PAGE_MASK;
3904 l = (page + TARGET_PAGE_SIZE) - addr;
3905 if (l > len)
3906 l = len;
06ef3525 3907 section = phys_page_find(page >> TARGET_PAGE_BITS);
3b46e624 3908
06ef3525 3909 if (!is_ram_rom_romd(&section)) {
d0ecd2aa
FB		 3910 /* do nothing */
3911 } else {
3912 unsigned long addr1;
06ef3525
AK		 3913 addr1 = (memory_region_get_ram_addr(section.mr)
3914 + section.offset_within_region)
3915 + (addr & ~TARGET_PAGE_MASK);
d0ecd2aa 3916 /* ROM/RAM case */
5579c7f3 3917 ptr = qemu_get_ram_ptr(addr1);
d0ecd2aa 3918 memcpy(ptr, buf, l);
050a0ddf 3919 qemu_put_ram_ptr(ptr);
d0ecd2aa
FB		 3920 }
3921 len -= l;
3922 buf += l;
3923 addr += l;
3924 }
3925}
3926
6d16c2f8
AL		 3927typedef struct {
3928 void *buffer;
c227f099
AL		 3929 target_phys_addr_t addr;
3930 target_phys_addr_t len;
6d16c2f8
AL		 3931} BounceBuffer;
3932
3933static BounceBuffer bounce;
3934
ba223c29
AL		 3935typedef struct MapClient {
3936 void *opaque;
3937 void (*callback)(void *opaque);
72cf2d4f 3938 QLIST_ENTRY(MapClient) link;
ba223c29
AL		 3939} MapClient;
3940
72cf2d4f
BS		 3941static QLIST_HEAD(map_client_list, MapClient) map_client_list
3942 = QLIST_HEAD_INITIALIZER(map_client_list);
ba223c29
AL		 3943
3944void *cpu_register_map_client(void *opaque, void (*callback)(void *opaque))
3945{
7267c094 3946 MapClient *client = g_malloc(sizeof(*client));
ba223c29
AL		 3947
3948 client->opaque = opaque;
3949 client->callback = callback;
72cf2d4f 3950 QLIST_INSERT_HEAD(&map_client_list, client, link);
ba223c29
AL		 3951 return client;
3952}
3953
3954void cpu_unregister_map_client(void *_client)
3955{
3956 MapClient *client = (MapClient *)_client;
3957
72cf2d4f 3958 QLIST_REMOVE(client, link);
7267c094 3959 g_free(client);
ba223c29
AL		 3960}
3961
3962static void cpu_notify_map_clients(void)
3963{
3964 MapClient *client;
3965
72cf2d4f
BS		 3966 while (!QLIST_EMPTY(&map_client_list)) {
3967 client = QLIST_FIRST(&map_client_list);
ba223c29 3968 client->callback(client->opaque);
34d5e948 3969 cpu_unregister_map_client(client);
ba223c29
AL		 3970 }
3971}
3972
6d16c2f8
AL		 3973/* Map a physical memory region into a host virtual address.
3974 * May map a subset of the requested range, given by and returned in *plen.
3975 * May return NULL if resources needed to perform the mapping are exhausted.
3976 * Use only for reads OR writes - not for read-modify-write operations.
ba223c29
AL		 3977 * Use cpu_register_map_client() to know when retrying the map operation is
3978 * likely to succeed.
6d16c2f8 3979 */
c227f099
AL		 3980void *cpu_physical_memory_map(target_phys_addr_t addr,
3981 target_phys_addr_t *plen,
6d16c2f8
AL		 3982 int is_write)
3983{
c227f099 3984 target_phys_addr_t len = *plen;
38bee5dc 3985 target_phys_addr_t todo = 0;
6d16c2f8 3986 int l;
c227f099 3987 target_phys_addr_t page;
06ef3525 3988 MemoryRegionSection section;
f15fbc4b 3989 ram_addr_t raddr = RAM_ADDR_MAX;
8ab934f9
SS		 3990 ram_addr_t rlen;
3991 void *ret;
6d16c2f8
AL		 3992
3993 while (len > 0) {
3994 page = addr & TARGET_PAGE_MASK;
3995 l = (page + TARGET_PAGE_SIZE) - addr;
3996 if (l > len)
3997 l = len;
06ef3525 3998 section = phys_page_find(page >> TARGET_PAGE_BITS);
6d16c2f8 3999
06ef3525 4000 if (!(memory_region_is_ram(section.mr) && !section.readonly)) {
38bee5dc 4001 if (todo || bounce.buffer) {
6d16c2f8
AL		 4002 break;
4003 }
4004 bounce.buffer = qemu_memalign(TARGET_PAGE_SIZE, TARGET_PAGE_SIZE);
4005 bounce.addr = addr;
4006 bounce.len = l;
4007 if (!is_write) {
54f7b4a3 4008 cpu_physical_memory_read(addr, bounce.buffer, l);
6d16c2f8 4009 }
38bee5dc
SS		 4010
4011 *plen = l;
4012 return bounce.buffer;
6d16c2f8 4013 }
8ab934f9 4014 if (!todo) {
06ef3525
AK		 4015 raddr = memory_region_get_ram_addr(section.mr)
4016 + section.offset_within_region
4017 + (addr & ~TARGET_PAGE_MASK);
8ab934f9 4018 }
6d16c2f8
AL		 4019
4020 len -= l;
4021 addr += l;
38bee5dc 4022 todo += l;
6d16c2f8 4023 }
8ab934f9
SS		 4024 rlen = todo;
4025 ret = qemu_ram_ptr_length(raddr, &rlen);
4026 *plen = rlen;
4027 return ret;
6d16c2f8
AL		 4028}
4029
4030/* Unmaps a memory region previously mapped by cpu_physical_memory_map().
4031 * Will also mark the memory as dirty if is_write == 1. access_len gives
4032 * the amount of memory that was actually read or written by the caller.
4033 */
c227f099
AL		 4034void cpu_physical_memory_unmap(void *buffer, target_phys_addr_t len,
4035 int is_write, target_phys_addr_t access_len)
6d16c2f8
AL		 4036{
4037 if (buffer != bounce.buffer) {
4038 if (is_write) {
e890261f 4039 ram_addr_t addr1 = qemu_ram_addr_from_host_nofail(buffer);
6d16c2f8
AL		 4040 while (access_len) {
4041 unsigned l;
4042 l = TARGET_PAGE_SIZE;
4043 if (l > access_len)
4044 l = access_len;
4045 if (!cpu_physical_memory_is_dirty(addr1)) {
4046 /* invalidate code */
4047 tb_invalidate_phys_page_range(addr1, addr1 + l, 0);
4048 /* set dirty bit */
f7c11b53
YT		 4049 cpu_physical_memory_set_dirty_flags(
4050 addr1, (0xff & ~CODE_DIRTY_FLAG));
6d16c2f8
AL		 4051 }
4052 addr1 += l;
4053 access_len -= l;
4054 }
4055 }
868bb33f 4056 if (xen_enabled()) {
e41d7c69 4057 xen_invalidate_map_cache_entry(buffer);
050a0ddf 4058 }
6d16c2f8
AL		 4059 return;
4060 }
4061 if (is_write) {
4062 cpu_physical_memory_write(bounce.addr, bounce.buffer, access_len);
4063 }
f8a83245 4064 qemu_vfree(bounce.buffer);
6d16c2f8 4065 bounce.buffer = NULL;
ba223c29 4066 cpu_notify_map_clients();
6d16c2f8 4067}
d0ecd2aa 4068
8df1cd07 4069/* warning: addr must be aligned */
1e78bcc1
AG		 4070static inline uint32_t ldl_phys_internal(target_phys_addr_t addr,
4071 enum device_endian endian)
8df1cd07
FB		 4072{
4073 int io_index;
4074 uint8_t *ptr;
4075 uint32_t val;
06ef3525 4076 MemoryRegionSection section;
8df1cd07 4077
06ef3525 4078 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4079
06ef3525 4080 if (!is_ram_rom_romd(&section)) {
8df1cd07 4081 /* I/O case */
06ef3525
AK		 4082 io_index = memory_region_get_ram_addr(section.mr)
4083 & (IO_MEM_NB_ENTRIES - 1);
4084 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
acbbec5d 4085 val = io_mem_read(io_index, addr, 4);
1e78bcc1
AG		 4086#if defined(TARGET_WORDS_BIGENDIAN)
4087 if (endian == DEVICE_LITTLE_ENDIAN) {
4088 val = bswap32(val);
4089 }
4090#else
4091 if (endian == DEVICE_BIG_ENDIAN) {
4092 val = bswap32(val);
4093 }
4094#endif
8df1cd07
FB		 4095 } else {
4096 /* RAM case */
06ef3525
AK		 4097 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4098 & TARGET_PAGE_MASK)
4099 + section.offset_within_region) +
8df1cd07 4100 (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4101 switch (endian) {
4102 case DEVICE_LITTLE_ENDIAN:
4103 val = ldl_le_p(ptr);
4104 break;
4105 case DEVICE_BIG_ENDIAN:
4106 val = ldl_be_p(ptr);
4107 break;
4108 default:
4109 val = ldl_p(ptr);
4110 break;
4111 }
8df1cd07
FB		 4112 }
4113 return val;
4114}
4115
1e78bcc1
AG		 4116uint32_t ldl_phys(target_phys_addr_t addr)
4117{
4118 return ldl_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4119}
4120
4121uint32_t ldl_le_phys(target_phys_addr_t addr)
4122{
4123 return ldl_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4124}
4125
4126uint32_t ldl_be_phys(target_phys_addr_t addr)
4127{
4128 return ldl_phys_internal(addr, DEVICE_BIG_ENDIAN);
4129}
4130
84b7b8e7 4131/* warning: addr must be aligned */
1e78bcc1
AG		 4132static inline uint64_t ldq_phys_internal(target_phys_addr_t addr,
4133 enum device_endian endian)
84b7b8e7
FB		 4134{
4135 int io_index;
4136 uint8_t *ptr;
4137 uint64_t val;
06ef3525 4138 MemoryRegionSection section;
84b7b8e7 4139
06ef3525 4140 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4141
06ef3525 4142 if (!is_ram_rom_romd(&section)) {
84b7b8e7 4143 /* I/O case */
06ef3525
AK		 4144 io_index = memory_region_get_ram_addr(section.mr)
4145 & (IO_MEM_NB_ENTRIES - 1);
4146 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
1e78bcc1
AG		 4147
4148 /* XXX This is broken when device endian != cpu endian.
4149 Fix and add "endian" variable check */
84b7b8e7 4150#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4151 val = io_mem_read(io_index, addr, 4) << 32;
4152 val |= io_mem_read(io_index, addr + 4, 4);
84b7b8e7 4153#else
acbbec5d
AK		 4154 val = io_mem_read(io_index, addr, 4);
4155 val |= io_mem_read(io_index, addr + 4, 4) << 32;
84b7b8e7
FB		 4156#endif
4157 } else {
4158 /* RAM case */
06ef3525
AK		 4159 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4160 & TARGET_PAGE_MASK)
4161 + section.offset_within_region)
4162 + (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4163 switch (endian) {
4164 case DEVICE_LITTLE_ENDIAN:
4165 val = ldq_le_p(ptr);
4166 break;
4167 case DEVICE_BIG_ENDIAN:
4168 val = ldq_be_p(ptr);
4169 break;
4170 default:
4171 val = ldq_p(ptr);
4172 break;
4173 }
84b7b8e7
FB		 4174 }
4175 return val;
4176}
4177
1e78bcc1
AG		 4178uint64_t ldq_phys(target_phys_addr_t addr)
4179{
4180 return ldq_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4181}
4182
4183uint64_t ldq_le_phys(target_phys_addr_t addr)
4184{
4185 return ldq_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4186}
4187
4188uint64_t ldq_be_phys(target_phys_addr_t addr)
4189{
4190 return ldq_phys_internal(addr, DEVICE_BIG_ENDIAN);
4191}
4192
aab33094 4193/* XXX: optimize */
c227f099 4194uint32_t ldub_phys(target_phys_addr_t addr)
aab33094
FB		 4195{
4196 uint8_t val;
4197 cpu_physical_memory_read(addr, &val, 1);
4198 return val;
4199}
4200
733f0b02 4201/* warning: addr must be aligned */
1e78bcc1
AG		 4202static inline uint32_t lduw_phys_internal(target_phys_addr_t addr,
4203 enum device_endian endian)
aab33094 4204{
733f0b02
MT		 4205 int io_index;
4206 uint8_t *ptr;
4207 uint64_t val;
06ef3525 4208 MemoryRegionSection section;
733f0b02 4209
06ef3525 4210 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4211
06ef3525 4212 if (!is_ram_rom_romd(&section)) {
733f0b02 4213 /* I/O case */
06ef3525
AK		 4214 io_index = memory_region_get_ram_addr(section.mr)
4215 & (IO_MEM_NB_ENTRIES - 1);
4216 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
acbbec5d 4217 val = io_mem_read(io_index, addr, 2);
1e78bcc1
AG		 4218#if defined(TARGET_WORDS_BIGENDIAN)
4219 if (endian == DEVICE_LITTLE_ENDIAN) {
4220 val = bswap16(val);
4221 }
4222#else
4223 if (endian == DEVICE_BIG_ENDIAN) {
4224 val = bswap16(val);
4225 }
4226#endif
733f0b02
MT		 4227 } else {
4228 /* RAM case */
06ef3525
AK		 4229 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4230 & TARGET_PAGE_MASK)
4231 + section.offset_within_region)
4232 + (addr & ~TARGET_PAGE_MASK);
1e78bcc1
AG		 4233 switch (endian) {
4234 case DEVICE_LITTLE_ENDIAN:
4235 val = lduw_le_p(ptr);
4236 break;
4237 case DEVICE_BIG_ENDIAN:
4238 val = lduw_be_p(ptr);
4239 break;
4240 default:
4241 val = lduw_p(ptr);
4242 break;
4243 }
733f0b02
MT		 4244 }
4245 return val;
aab33094
FB		 4246}
4247
1e78bcc1
AG		 4248uint32_t lduw_phys(target_phys_addr_t addr)
4249{
4250 return lduw_phys_internal(addr, DEVICE_NATIVE_ENDIAN);
4251}
4252
4253uint32_t lduw_le_phys(target_phys_addr_t addr)
4254{
4255 return lduw_phys_internal(addr, DEVICE_LITTLE_ENDIAN);
4256}
4257
4258uint32_t lduw_be_phys(target_phys_addr_t addr)
4259{
4260 return lduw_phys_internal(addr, DEVICE_BIG_ENDIAN);
4261}
4262
8df1cd07
FB		 4263/* warning: addr must be aligned. The ram page is not masked as dirty
4264 and the code inside is not invalidated. It is useful if the dirty
4265 bits are used to track modified PTEs */
c227f099 4266void stl_phys_notdirty(target_phys_addr_t addr, uint32_t val)
8df1cd07
FB		 4267{
4268 int io_index;
4269 uint8_t *ptr;
06ef3525 4270 MemoryRegionSection section;
8df1cd07 4271
06ef3525 4272 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4273
06ef3525
AK		 4274 if (!memory_region_is_ram(section.mr) || section.readonly) {
4275 if (memory_region_is_ram(section.mr)) {
4276 io_index = io_mem_rom.ram_addr;
4277 } else {
4278 io_index = memory_region_get_ram_addr(section.mr);
4279 }
4280 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
acbbec5d 4281 io_mem_write(io_index, addr, val, 4);
8df1cd07 4282 } else {
06ef3525
AK		 4283 unsigned long addr1 = (memory_region_get_ram_addr(section.mr)
4284 & TARGET_PAGE_MASK)
4285 + section.offset_within_region
4286 + (addr & ~TARGET_PAGE_MASK);
5579c7f3 4287 ptr = qemu_get_ram_ptr(addr1);
8df1cd07 4288 stl_p(ptr, val);
74576198
AL		 4289
4290 if (unlikely(in_migration)) {
4291 if (!cpu_physical_memory_is_dirty(addr1)) {
4292 /* invalidate code */
4293 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4294 /* set dirty bit */
f7c11b53
YT		 4295 cpu_physical_memory_set_dirty_flags(
4296 addr1, (0xff & ~CODE_DIRTY_FLAG));
74576198
AL		 4297 }
4298 }
8df1cd07
FB		 4299 }
4300}
4301
c227f099 4302void stq_phys_notdirty(target_phys_addr_t addr, uint64_t val)
bc98a7ef
JM		 4303{
4304 int io_index;
4305 uint8_t *ptr;
06ef3525 4306 MemoryRegionSection section;
bc98a7ef 4307
06ef3525 4308 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4309
06ef3525
AK		 4310 if (!memory_region_is_ram(section.mr) || section.readonly) {
4311 if (memory_region_is_ram(section.mr)) {
4312 io_index = io_mem_rom.ram_addr;
4313 } else {
4314 io_index = memory_region_get_ram_addr(section.mr)
4315 & (IO_MEM_NB_ENTRIES - 1);
4316 }
4317 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
bc98a7ef 4318#ifdef TARGET_WORDS_BIGENDIAN
acbbec5d
AK		 4319 io_mem_write(io_index, addr, val >> 32, 4);
4320 io_mem_write(io_index, addr + 4, (uint32_t)val, 4);
bc98a7ef 4321#else
acbbec5d
AK		 4322 io_mem_write(io_index, addr, (uint32_t)val, 4);
4323 io_mem_write(io_index, addr + 4, val >> 32, 4);
bc98a7ef
JM		 4324#endif
4325 } else {
06ef3525
AK		 4326 ptr = qemu_get_ram_ptr((memory_region_get_ram_addr(section.mr)
4327 & TARGET_PAGE_MASK)
4328 + section.offset_within_region)
4329 + (addr & ~TARGET_PAGE_MASK);
bc98a7ef
JM		 4330 stq_p(ptr, val);
4331 }
4332}
4333
8df1cd07 4334/* warning: addr must be aligned */
1e78bcc1
AG		 4335static inline void stl_phys_internal(target_phys_addr_t addr, uint32_t val,
4336 enum device_endian endian)
8df1cd07
FB		 4337{
4338 int io_index;
4339 uint8_t *ptr;
06ef3525 4340 MemoryRegionSection section;
8df1cd07 4341
06ef3525 4342 section = phys_page_find(addr >> TARGET_PAGE_BITS);
3b46e624 4343
06ef3525
AK		 4344 if (!memory_region_is_ram(section.mr) || section.readonly) {
4345 if (memory_region_is_ram(section.mr)) {
4346 io_index = io_mem_rom.ram_addr;
4347 } else {
4348 io_index = memory_region_get_ram_addr(section.mr)
4349 & (IO_MEM_NB_ENTRIES - 1);
4350 }
4351 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
1e78bcc1
AG		 4352#if defined(TARGET_WORDS_BIGENDIAN)
4353 if (endian == DEVICE_LITTLE_ENDIAN) {
4354 val = bswap32(val);
4355 }
4356#else
4357 if (endian == DEVICE_BIG_ENDIAN) {
4358 val = bswap32(val);
4359 }
4360#endif
acbbec5d 4361 io_mem_write(io_index, addr, val, 4);
8df1cd07
FB		 4362 } else {
4363 unsigned long addr1;
06ef3525
AK		 4364 addr1 = (memory_region_get_ram_addr(section.mr) & TARGET_PAGE_MASK)
4365 + section.offset_within_region
4366 + (addr & ~TARGET_PAGE_MASK);
8df1cd07 4367 /* RAM case */
5579c7f3 4368 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4369 switch (endian) {
4370 case DEVICE_LITTLE_ENDIAN:
4371 stl_le_p(ptr, val);
4372 break;
4373 case DEVICE_BIG_ENDIAN:
4374 stl_be_p(ptr, val);
4375 break;
4376 default:
4377 stl_p(ptr, val);
4378 break;
4379 }
3a7d929e
FB		 4380 if (!cpu_physical_memory_is_dirty(addr1)) {
4381 /* invalidate code */
4382 tb_invalidate_phys_page_range(addr1, addr1 + 4, 0);
4383 /* set dirty bit */
f7c11b53
YT		 4384 cpu_physical_memory_set_dirty_flags(addr1,
4385 (0xff & ~CODE_DIRTY_FLAG));
3a7d929e 4386 }
8df1cd07
FB		 4387 }
4388}
4389
1e78bcc1
AG		 4390void stl_phys(target_phys_addr_t addr, uint32_t val)
4391{
4392 stl_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4393}
4394
4395void stl_le_phys(target_phys_addr_t addr, uint32_t val)
4396{
4397 stl_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4398}
4399
4400void stl_be_phys(target_phys_addr_t addr, uint32_t val)
4401{
4402 stl_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4403}
4404
aab33094 4405/* XXX: optimize */
c227f099 4406void stb_phys(target_phys_addr_t addr, uint32_t val)
aab33094
FB		 4407{
4408 uint8_t v = val;
4409 cpu_physical_memory_write(addr, &v, 1);
4410}
4411
733f0b02 4412/* warning: addr must be aligned */
1e78bcc1
AG		 4413static inline void stw_phys_internal(target_phys_addr_t addr, uint32_t val,
4414 enum device_endian endian)
aab33094 4415{
733f0b02
MT		 4416 int io_index;
4417 uint8_t *ptr;
06ef3525 4418 MemoryRegionSection section;
733f0b02 4419
06ef3525 4420 section = phys_page_find(addr >> TARGET_PAGE_BITS);
733f0b02 4421
06ef3525
AK		 4422 if (!memory_region_is_ram(section.mr) || section.readonly) {
4423 if (memory_region_is_ram(section.mr)) {
4424 io_index = io_mem_rom.ram_addr;
4425 } else {
4426 io_index = memory_region_get_ram_addr(section.mr)
4427 & (IO_MEM_NB_ENTRIES - 1);
4428 }
4429 addr = (addr & ~TARGET_PAGE_MASK) + section.offset_within_region;
1e78bcc1
AG		 4430#if defined(TARGET_WORDS_BIGENDIAN)
4431 if (endian == DEVICE_LITTLE_ENDIAN) {
4432 val = bswap16(val);
4433 }
4434#else
4435 if (endian == DEVICE_BIG_ENDIAN) {
4436 val = bswap16(val);
4437 }
4438#endif
acbbec5d 4439 io_mem_write(io_index, addr, val, 2);
733f0b02
MT		 4440 } else {
4441 unsigned long addr1;
06ef3525
AK		 4442 addr1 = (memory_region_get_ram_addr(section.mr) & TARGET_PAGE_MASK)
4443 + section.offset_within_region + (addr & ~TARGET_PAGE_MASK);
733f0b02
MT		 4444 /* RAM case */
4445 ptr = qemu_get_ram_ptr(addr1);
1e78bcc1
AG		 4446 switch (endian) {
4447 case DEVICE_LITTLE_ENDIAN:
4448 stw_le_p(ptr, val);
4449 break;
4450 case DEVICE_BIG_ENDIAN:
4451 stw_be_p(ptr, val);
4452 break;
4453 default:
4454 stw_p(ptr, val);
4455 break;
4456 }
733f0b02
MT		 4457 if (!cpu_physical_memory_is_dirty(addr1)) {
4458 /* invalidate code */
4459 tb_invalidate_phys_page_range(addr1, addr1 + 2, 0);
4460 /* set dirty bit */
4461 cpu_physical_memory_set_dirty_flags(addr1,
4462 (0xff & ~CODE_DIRTY_FLAG));
4463 }
4464 }
aab33094
FB		 4465}
4466
1e78bcc1
AG		 4467void stw_phys(target_phys_addr_t addr, uint32_t val)
4468{
4469 stw_phys_internal(addr, val, DEVICE_NATIVE_ENDIAN);
4470}
4471
4472void stw_le_phys(target_phys_addr_t addr, uint32_t val)
4473{
4474 stw_phys_internal(addr, val, DEVICE_LITTLE_ENDIAN);
4475}
4476
4477void stw_be_phys(target_phys_addr_t addr, uint32_t val)
4478{
4479 stw_phys_internal(addr, val, DEVICE_BIG_ENDIAN);
4480}
4481
aab33094 4482/* XXX: optimize */
c227f099 4483void stq_phys(target_phys_addr_t addr, uint64_t val)
aab33094
FB		 4484{
4485 val = tswap64(val);
71d2b725 4486 cpu_physical_memory_write(addr, &val, 8);
aab33094
FB		 4487}
4488
1e78bcc1
AG		 4489void stq_le_phys(target_phys_addr_t addr, uint64_t val)
4490{
4491 val = cpu_to_le64(val);
4492 cpu_physical_memory_write(addr, &val, 8);
4493}
4494
4495void stq_be_phys(target_phys_addr_t addr, uint64_t val)
4496{
4497 val = cpu_to_be64(val);
4498 cpu_physical_memory_write(addr, &val, 8);
4499}
4500
5e2972fd 4501/* virtual memory access for debug (includes writing to ROM) */
5fafdf24 4502int cpu_memory_rw_debug(CPUState *env, target_ulong addr,
b448f2f3 4503 uint8_t *buf, int len, int is_write)
13eb76e0
FB		 4504{
4505 int l;
c227f099 4506 target_phys_addr_t phys_addr;
9b3c35e0 4507 target_ulong page;
13eb76e0
FB		 4508
4509 while (len > 0) {
4510 page = addr & TARGET_PAGE_MASK;
4511 phys_addr = cpu_get_phys_page_debug(env, page);
4512 /* if no physical page mapped, return an error */
4513 if (phys_addr == -1)
4514 return -1;
4515 l = (page + TARGET_PAGE_SIZE) - addr;
4516 if (l > len)
4517 l = len;
5e2972fd 4518 phys_addr += (addr & ~TARGET_PAGE_MASK);
5e2972fd
AL		 4519 if (is_write)
4520 cpu_physical_memory_write_rom(phys_addr, buf, l);
4521 else
5e2972fd 4522 cpu_physical_memory_rw(phys_addr, buf, l, is_write);
13eb76e0
FB		 4523 len -= l;
4524 buf += l;
4525 addr += l;
4526 }
4527 return 0;
4528}
a68fe89c 4529#endif
13eb76e0 4530
2e70f6ef
PB		 4531/* in deterministic execution mode, instructions doing device I/Os
4532 must be at the end of the TB */
4533void cpu_io_recompile(CPUState *env, void *retaddr)
4534{
4535 TranslationBlock *tb;
4536 uint32_t n, cflags;
4537 target_ulong pc, cs_base;
4538 uint64_t flags;
4539
4540 tb = tb_find_pc((unsigned long)retaddr);
4541 if (!tb) {
4542 cpu_abort(env, "cpu_io_recompile: could not find TB for pc=%p",
4543 retaddr);
4544 }
4545 n = env->icount_decr.u16.low + tb->icount;
618ba8e6 4546 cpu_restore_state(tb, env, (unsigned long)retaddr);
2e70f6ef 4547 /* Calculate how many instructions had been executed before the fault
bf20dc07 4548 occurred. */
2e70f6ef
PB		 4549 n = n - env->icount_decr.u16.low;
4550 /* Generate a new TB ending on the I/O insn. */
4551 n++;
4552 /* On MIPS and SH, delay slot instructions can only be restarted if
4553 they were already the first instruction in the TB. If this is not
bf20dc07 4554 the first instruction in a TB then re-execute the preceding
2e70f6ef
PB		 4555 branch. */
4556#if defined(TARGET_MIPS)
4557 if ((env->hflags & MIPS_HFLAG_BMASK) != 0 && n > 1) {
4558 env->active_tc.PC -= 4;
4559 env->icount_decr.u16.low++;
4560 env->hflags &= ~MIPS_HFLAG_BMASK;
4561 }
4562#elif defined(TARGET_SH4)
4563 if ((env->flags & ((DELAY_SLOT | DELAY_SLOT_CONDITIONAL))) != 0
4564 && n > 1) {
4565 env->pc -= 2;
4566 env->icount_decr.u16.low++;
4567 env->flags &= ~(DELAY_SLOT | DELAY_SLOT_CONDITIONAL);
4568 }
4569#endif
4570 /* This should never happen. */
4571 if (n > CF_COUNT_MASK)
4572 cpu_abort(env, "TB too big during recompile");
4573
4574 cflags = n | CF_LAST_IO;
4575 pc = tb->pc;
4576 cs_base = tb->cs_base;
4577 flags = tb->flags;
4578 tb_phys_invalidate(tb, -1);
4579 /* FIXME: In theory this could raise an exception. In practice
4580 we have already translated the block once so it's probably ok. */
4581 tb_gen_code(env, pc, cs_base, flags, cflags);
bf20dc07 4582 /* TODO: If env->pc != tb->pc (i.e. the faulting instruction was not
2e70f6ef
PB		 4583 the first in the TB) then we end up generating a whole new TB and
4584 repeating the fault, which is horribly inefficient.
4585 Better would be to execute just this insn uncached, or generate a
4586 second new TB. */
4587 cpu_resume_from_signal(env, NULL);
4588}
4589
b3755a91
PB		 4590#if !defined(CONFIG_USER_ONLY)
4591
055403b2 4592void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
e3db7226
FB		 4593{
4594 int i, target_code_size, max_target_code_size;
4595 int direct_jmp_count, direct_jmp2_count, cross_page;
4596 TranslationBlock *tb;
3b46e624 4597
e3db7226
FB		 4598 target_code_size = 0;
4599 max_target_code_size = 0;
4600 cross_page = 0;
4601 direct_jmp_count = 0;
4602 direct_jmp2_count = 0;
4603 for(i = 0; i < nb_tbs; i++) {
4604 tb = &tbs[i];
4605 target_code_size += tb->size;
4606 if (tb->size > max_target_code_size)
4607 max_target_code_size = tb->size;
4608 if (tb->page_addr[1] != -1)
4609 cross_page++;
4610 if (tb->tb_next_offset[0] != 0xffff) {
4611 direct_jmp_count++;
4612 if (tb->tb_next_offset[1] != 0xffff) {
4613 direct_jmp2_count++;
4614 }
4615 }
4616 }
4617 /* XXX: avoid using doubles ? */
57fec1fe 4618 cpu_fprintf(f, "Translation buffer state:\n");
055403b2 4619 cpu_fprintf(f, "gen code size %td/%ld\n",
26a5f13b
FB		 4620 code_gen_ptr - code_gen_buffer, code_gen_buffer_max_size);
4621 cpu_fprintf(f, "TB count %d/%d\n",
4622 nb_tbs, code_gen_max_blocks);
5fafdf24 4623 cpu_fprintf(f, "TB avg target size %d max=%d bytes\n",
e3db7226
FB		 4624 nb_tbs ? target_code_size / nb_tbs : 0,
4625 max_target_code_size);
055403b2 4626 cpu_fprintf(f, "TB avg host size %td bytes (expansion ratio: %0.1f)\n",
e3db7226
FB		 4627 nb_tbs ? (code_gen_ptr - code_gen_buffer) / nb_tbs : 0,
4628 target_code_size ? (double) (code_gen_ptr - code_gen_buffer) / target_code_size : 0);
5fafdf24
TS		 4629 cpu_fprintf(f, "cross page TB count %d (%d%%)\n",
4630 cross_page,
e3db7226
FB		 4631 nb_tbs ? (cross_page * 100) / nb_tbs : 0);
4632 cpu_fprintf(f, "direct jump count %d (%d%%) (2 jumps=%d %d%%)\n",
5fafdf24 4633 direct_jmp_count,
e3db7226
FB		 4634 nb_tbs ? (direct_jmp_count * 100) / nb_tbs : 0,
4635 direct_jmp2_count,
4636 nb_tbs ? (direct_jmp2_count * 100) / nb_tbs : 0);
57fec1fe 4637 cpu_fprintf(f, "\nStatistics:\n");
e3db7226
FB		 4638 cpu_fprintf(f, "TB flush count %d\n", tb_flush_count);
4639 cpu_fprintf(f, "TB invalidate count %d\n", tb_phys_invalidate_count);
4640 cpu_fprintf(f, "TLB flush count %d\n", tlb_flush_count);
b67d9a52 4641 tcg_dump_info(f, cpu_fprintf);
e3db7226
FB		 4642}
4643
d39e8222
AK		 4644/* NOTE: this function can trigger an exception */
4645/* NOTE2: the returned address is not exactly the physical address: it
4646 is the offset relative to phys_ram_base */
4647tb_page_addr_t get_page_addr_code(CPUState *env1, target_ulong addr)
4648{
4649 int mmu_idx, page_index, pd;
4650 void *p;
4651
4652 page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
4653 mmu_idx = cpu_mmu_index(env1);
4654 if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
4655 (addr & TARGET_PAGE_MASK))) {
4656 ldub_code(addr);
4657 }
4658 pd = env1->tlb_table[mmu_idx][page_index].addr_code & ~TARGET_PAGE_MASK;
0e0df1e2 4659 if (pd != io_mem_ram.ram_addr && pd != io_mem_rom.ram_addr
06ef3525 4660 && !io_mem_region[pd]->rom_device) {
d39e8222
AK		 4661#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_SPARC)
4662 cpu_unassigned_access(env1, addr, 0, 1, 0, 4);
4663#else
4664 cpu_abort(env1, "Trying to execute code outside RAM or ROM at 0x" TARGET_FMT_lx "\n", addr);
4665#endif
4666 }
4667 p = (void *)((uintptr_t)addr + env1->tlb_table[mmu_idx][page_index].addend);
4668 return qemu_ram_addr_from_host_nofail(p);
4669}
4670
82afa586
BH		 4671/*
4672 * A helper function for the _utterly broken_ virtio device model to find out if
4673 * it's running on a big endian machine. Don't do this at home kids!
4674 */
4675bool virtio_is_big_endian(void);
4676bool virtio_is_big_endian(void)
4677{
4678#if defined(TARGET_WORDS_BIGENDIAN)
4679 return true;
4680#else
4681 return false;
4682#endif
4683}
4684
61382a50 4685#define MMUSUFFIX _cmmu
3917149d 4686#undef GETPC
61382a50
FB		 4687#define GETPC() NULL
4688#define env cpu_single_env
b769d8fe 4689#define SOFTMMU_CODE_ACCESS
61382a50
FB		 4690
4691#define SHIFT 0
4692#include "softmmu_template.h"
4693
4694#define SHIFT 1
4695#include "softmmu_template.h"
4696
4697#define SHIFT 2
4698#include "softmmu_template.h"
4699
4700#define SHIFT 3
4701#include "softmmu_template.h"
4702
4703#undef env
4704
4705#endif
QEMU mirror